mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 13:29:49 +00:00
Code Issues Projects Releases Wiki Activity

bind: 9.11.22 -> 9.11.32

Browse Source 
updates include fixes for
CVE-2021-25214
CVE-2021-25215
CVE-2021-25216

CVE-2020-8625 fixed in 9.11.28, so drop that patch

(From OE-Core rev: d7e56f1910b7963d8b704107903ecf40e9472d3c)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>

tmp

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Lee Chee Yang
2021-06-09 16:54:48 +08:00
committed by Richard Purdie
parent 8bc7fc1f90
commit 1ed30171a6
2 changed files with 2 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-connectivity/bind/bind/CVE-2020-8625.patch
-17
View File
@@ -1,17 +0,0 @@
Upstream-Status: Backporting [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch]
CVE: CVE-2020-8625
Signed-off-by: Minjae Kim <flowergom@gmail.com>
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
index e61d1c600f2..753dc8049fa 100644
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@@ -848,7 +848,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
return (ASN1_OVERRUN);
}
- data->components = malloc(len * sizeof(*data->components));
+ data->components = malloc((len + 1) * sizeof(*data->components));
if (data->components == NULL) {
return (ENOMEM);
}
meta/recipes-connectivity/bind/bind_9.11.22.bb → meta/recipes-connectivity/bind/bind_9.11.32.bb
+2 -3
View File
@@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
SECTION = "console/network"
LICENSE = "ISC & BSD"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bf39058a7f64b2a934ce14dc9ec1dd45"
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b88e7ca5f21908e1b2720169f6807cf6"
DEPENDS = "openssl libcap zlib"
@@ -19,10 +19,9 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
file://CVE-2020-8625.patch \
"
SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9"
SRC_URI[sha256sum] = "cbf8cb4b74dd1452d97c3a2a8c625ea346df8516b4b3508ef07443121a591342"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4