1 files changed, 0 insertions, 97 deletions
diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2911.patch b/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2911.patch
deleted file mode 100644
index 8e9a358dee..0000000000
--- a/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2911.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From ff5bacf17c2451e9d48c78a5ef96ec0c376ff33d Mon Sep 17 00:00:00 2001
-From: Matthijs Mekking <matthijs@isc.org>
-Date: Thu, 1 Jun 2023 10:03:48 +0200
-Subject: [PATCH] Fix serve-stale hang at shutdown
-The 'refresh_rrset' variable is used to determine if we can detach from
-the client. This can cause a hang on shutdown. To fix this, move setting
-of the 'nodetach' variable up to where 'refresh_rrset' is set (in
-query_lookup(), and thus not in ns_query_done()), and set it to false
-when actually refreshing the RRset, so that when this lookup is
-completed, the client will be detached.
-Patch taken from :https://downloads.isc.org/isc/bind9/9.18.16/patches/0003-CVE-2023-2911.patch
-Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/-/commit/240caa32b9cab90a38ab863fd64e6becf5d1393c && https://gitlab.isc.org/isc-projects/bind9/-/commit/ff5bacf17c2451e9d48c78a5ef96ec0c376ff33d]
-CVE: CVE-2023-2911
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
- lib/ns/query.c | 30 ++++++++++++++++++++++--------
- 1 file changed, 22 insertions(+), 8 deletions(-)
-diff --git a/lib/ns/query.c b/lib/ns/query.c
-index 0d2ba6b..8945dd4 100644
--- a/lib/ns/query.c
-+++ b/lib/ns/query.c
-@@ -5824,6 +5824,7 @@ query_refresh_rrset(query_ctx_t *orig_qctx) {
-        qctx.client->query.dboptions &= ~(DNS_DBFIND_STALETIMEOUT |
-                                          DNS_DBFIND_STALEOK |
-                                          DNS_DBFIND_STALEENABLED);
-+       qctx.client->nodetach = false;
- 
-        /*
-         * We'll need some resources...
-@@ -6076,7 +6077,14 @@ query_lookup(query_ctx_t *qctx) {
-                                        "%s stale answer used, an attempt to "
-                                        "refresh the RRset will still be made",
-                                        namebuf);
-+
-                                qctx->refresh_rrset = STALE(qctx->rdataset);
-+                               /*
-+                                * If we are refreshing the RRSet, we must not
-+                                * detach from the client in query_send().
-+                                */
-+                               qctx->client->nodetach = qctx->refresh_rrset;
-+
-                                ns_client_extendederror(
-                                        qctx->client, ede,
-                                        "stale data prioritized over lookup");
-@@ -6503,7 +6511,7 @@ ns_query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
-        if (recparam_match(&client->query.recparam, qtype, qname, qdomain)) {
-                ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_QUERY,
-                              ISC_LOG_INFO, "recursion loop detected");
-               return (ISC_R_FAILURE);
-+               return (ISC_R_ALREADYRUNNING);
-        }
- 
-        recparam_update(&client->query.recparam, qtype, qname, qdomain);
-@@ -7620,10 +7628,21 @@ query_usestale(query_ctx_t *qctx, isc_result_t result) {
-                return (false);
-        }
- 
-       if (result == DNS_R_DUPLICATE || result == DNS_R_DROP) {
-+       if (qctx->refresh_rrset) {
-+               /*
-+                * This is a refreshing query, we have already prioritized
-+                * stale data, so don't enable serve-stale again.
-+                */
-+               return (false);
-+       }
-+
-+       if (result == DNS_R_DUPLICATE || result == DNS_R_DROP ||
-+           result == ISC_R_ALREADYRUNNING)
-+       {
-                /*
-                 * Don't enable serve-stale if the result signals a duplicate
-                * query or query that is being dropped.
-+                * query or a query that is being dropped or can't proceed
-+                * because of a recursion loop.
-                 */
-                return (false);
-        }
-@@ -11927,12 +11946,7 @@ ns_query_done(query_ctx_t *qctx) {
-        /*
-         * Client may have been detached after query_send(), so
-         * we test and store the flag state here, for safety.
-        * If we are refreshing the RRSet, we must not detach from the client
-        * in the query_send(), so we need to override the flag.
-         */
-       if (qctx->refresh_rrset) {
-               qctx->client->nodetach = true;
-       }
-        nodetach = qctx->client->nodetach;
-        query_send(qctx->client);
- 
-- 
-2.25.1

diff --git a/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2911.patch b/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2911.patch deleted file mode 100644 index 8e9a358dee..0000000000 --- a/meta/recipes-connectivity/bind/bind-9.18.11/CVE-2023-2911.patch +++ /dev/null
@@ -1,97 +0,0 @@
1	From ff5bacf17c2451e9d48c78a5ef96ec0c376ff33d Mon Sep 17 00:00:00 2001
2	From: Matthijs Mekking <matthijs@isc.org>
3	Date: Thu, 1 Jun 2023 10:03:48 +0200
4	Subject: [PATCH] Fix serve-stale hang at shutdown
5
6	The 'refresh_rrset' variable is used to determine if we can detach from
7	the client. This can cause a hang on shutdown. To fix this, move setting
8	of the 'nodetach' variable up to where 'refresh_rrset' is set (in
9	query_lookup(), and thus not in ns_query_done()), and set it to false
10	when actually refreshing the RRset, so that when this lookup is
11	completed, the client will be detached.
12
13	Patch taken from :https://downloads.isc.org/isc/bind9/9.18.16/patches/0003-CVE-2023-2911.patch
14
15	Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/-/commit/240caa32b9cab90a38ab863fd64e6becf5d1393c && https://gitlab.isc.org/isc-projects/bind9/-/commit/ff5bacf17c2451e9d48c78a5ef96ec0c376ff33d]
16	CVE: CVE-2023-2911
17	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
18	---
19	lib/ns/query.c \| 30 ++++++++++++++++++++++--------
20	1 file changed, 22 insertions(+), 8 deletions(-)
21
22	diff --git a/lib/ns/query.c b/lib/ns/query.c
23	index 0d2ba6b..8945dd4 100644
24	--- a/lib/ns/query.c
25	+++ b/lib/ns/query.c
26	@@ -5824,6 +5824,7 @@ query_refresh_rrset(query_ctx_t *orig_qctx) {
27	qctx.client->query.dboptions &= ~(DNS_DBFIND_STALETIMEOUT \|
28	DNS_DBFIND_STALEOK \|
29	DNS_DBFIND_STALEENABLED);
30	+ qctx.client->nodetach = false;
31
32	/*
33	* We'll need some resources...
34	@@ -6076,7 +6077,14 @@ query_lookup(query_ctx_t *qctx) {
35	"%s stale answer used, an attempt to "
36	"refresh the RRset will still be made",
37	namebuf);
38	+
39	qctx->refresh_rrset = STALE(qctx->rdataset);
40	+ /*
41	+ * If we are refreshing the RRSet, we must not
42	+ * detach from the client in query_send().
43	+ */
44	+ qctx->client->nodetach = qctx->refresh_rrset;
45	+
46	ns_client_extendederror(
47	qctx->client, ede,
48	"stale data prioritized over lookup");
49	@@ -6503,7 +6511,7 @@ ns_query_recurse(ns_client_t client, dns_rdatatype_t qtype, dns_name_t qname,
50	if (recparam_match(&client->query.recparam, qtype, qname, qdomain)) {
51	ns_client_log(client, NS_LOGCATEGORY_CLIENT, NS_LOGMODULE_QUERY,
52	ISC_LOG_INFO, "recursion loop detected");
53	- return (ISC_R_FAILURE);
54	+ return (ISC_R_ALREADYRUNNING);
55	}
56
57	recparam_update(&client->query.recparam, qtype, qname, qdomain);
58	@@ -7620,10 +7628,21 @@ query_usestale(query_ctx_t *qctx, isc_result_t result) {
59	return (false);
60	}
61
62	- if (result == DNS_R_DUPLICATE \|\| result == DNS_R_DROP) {
63	+ if (qctx->refresh_rrset) {
64	+ /*
65	+ * This is a refreshing query, we have already prioritized
66	+ * stale data, so don't enable serve-stale again.
67	+ */
68	+ return (false);
69	+ }
70	+
71	+ if (result == DNS_R_DUPLICATE \|\| result == DNS_R_DROP \|\|
72	+ result == ISC_R_ALREADYRUNNING)
73	+ {
74	/*
75	* Don't enable serve-stale if the result signals a duplicate
76	- * query or query that is being dropped.
77	+ * query or a query that is being dropped or can't proceed
78	+ * because of a recursion loop.
79	*/
80	return (false);
81	}
82	@@ -11927,12 +11946,7 @@ ns_query_done(query_ctx_t *qctx) {
83	/*
84	* Client may have been detached after query_send(), so
85	* we test and store the flag state here, for safety.
86	- * If we are refreshing the RRSet, we must not detach from the client
87	- * in the query_send(), so we need to override the flag.
88	*/
89	- if (qctx->refresh_rrset) {
90	- qctx->client->nodetach = true;
91	- }
92	nodetach = qctx->client->nodetach;
93	query_send(qctx->client);
94
95	--
96	2.25.1
97