* [gatesgarth][PATCH] bind: fix CVE-2020-8625
@ 2021-03-01 22:43 Minjae Kim
2021-03-02 6:31 ` [OE-core] " Anuj Mittal
0 siblings, 1 reply; 2+ messages in thread
From: Minjae Kim @ 2021-03-01 22:43 UTC (permalink / raw)
To: openembedded-core; +Cc: Minjae Kim
BIND Operational Notification: Zone journal (.jnl) file incompatibility
Upstream-Status: Backporting [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch]
CVE: CVE-2020-8625
Signed-off-by: Minjae Kim <flowergom@gmail.com>
---
.../bind/bind-9.16.7/CVE-2020-8625.patch | 17 +++++++++++++++++
meta/recipes-connectivity/bind/bind_9.16.7.bb | 1 +
2 files changed, 18 insertions(+)
create mode 100644 meta/recipes-connectivity/bind/bind-9.16.7/CVE-2020-8625.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/CVE-2020-8625.patch b/meta/recipes-connectivity/bind/bind-9.16.7/CVE-2020-8625.patch
new file mode 100644
index 0000000000..b0b51e7030
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.7/CVE-2020-8625.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Acepted [https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch]
+CVE: CVE-2020-8625
+Signed-off-by: Minjae Kim <flowergom@gmail.com>
+
+diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
+index e61d1c600f2..753dc8049fa 100644
+--- a/lib/dns/spnego.c
++++ b/lib/dns/spnego.c
+@@ -848,7 +848,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
+ return (ASN1_OVERRUN);
+ }
+
+- data->components = malloc(len * sizeof(*data->components));
++ data->components = malloc((len + 1) * sizeof(*data->components));
+ if (data->components == NULL) {
+ return (ENOMEM);
+ }
diff --git a/meta/recipes-connectivity/bind/bind_9.16.7.bb b/meta/recipes-connectivity/bind/bind_9.16.7.bb
index 5fc2c1d3cd..82c1bb66df 100644
--- a/meta/recipes-connectivity/bind/bind_9.16.7.bb
+++ b/meta/recipes-connectivity/bind/bind_9.16.7.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
file://0001-avoid-start-failure-with-bind-user.patch \
+ file://CVE-2020-8625.patch \
"
SRC_URI[sha256sum] = "9f7d1812ebbd26a699f62b6fa8522d5dec57e4bf43af0042a0d60d39ed8314d1"
--
2.24.3 (Apple Git-128)
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [OE-core] [gatesgarth][PATCH] bind: fix CVE-2020-8625
2021-03-01 22:43 [gatesgarth][PATCH] bind: fix CVE-2020-8625 Minjae Kim
@ 2021-03-02 6:31 ` Anuj Mittal
0 siblings, 0 replies; 2+ messages in thread
From: Anuj Mittal @ 2021-03-02 6:31 UTC (permalink / raw)
To: openembedded-core@lists.openembedded.org, flowergom@gmail.com
Hello
On Tue, 2021-03-02 at 07:43 +0900, Minjae Kim wrote:
> BIND Operational Notification: Zone journal (.jnl) file incompatibility
>
> Upstream-Status: Backporting [
> https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch
> ]
> CVE: CVE-2020-8625
This failed while applying:
ERROR: bind-9.16.7-r0 do_patch: Command Error: 'quilt --quiltrc
/home/pokybuild/yocto-worker/musl-qemux86-
64/build/build/tmp/work/core2-64-poky-linux-musl/bind/9.16.7-r0/recipe-
sysroot-native/etc/quiltrc push' exited with 0 Output:
stdout: Applying patch CVE-2020-8625.patch
patching file lib/dns/spnego.c
Hunk #1 FAILED at 848.
1 out of 1 hunk FAILED -- rejects in file lib/dns/spnego.c
Patch CVE-2020-8625.patch does not apply (enforce with -f)
Thanks,
Anuj
> Signed-off-by: Minjae Kim <flowergom@gmail.com>
> ---
> .../bind/bind-9.16.7/CVE-2020-8625.patch | 17 +++++++++++++++++
> meta/recipes-connectivity/bind/bind_9.16.7.bb | 1 +
> 2 files changed, 18 insertions(+)
> create mode 100644 meta/recipes-connectivity/bind/bind-9.16.7/CVE-
> 2020-8625.patch
>
> diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/CVE-2020-
> 8625.patch b/meta/recipes-connectivity/bind/bind-9.16.7/CVE-2020-
> 8625.patch
> new file mode 100644
> index 0000000000..b0b51e7030
> --- /dev/null
> +++ b/meta/recipes-connectivity/bind/bind-9.16.7/CVE-2020-8625.patch
> @@ -0,0 +1,17 @@
> +Upstream-Status: Acepted [
> https://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch
> ]
> +CVE: CVE-2020-8625
> +Signed-off-by: Minjae Kim <flowergom@gmail.com>
> +
> +diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
> +index e61d1c600f2..753dc8049fa 100644
> +--- a/lib/dns/spnego.c
> ++++ b/lib/dns/spnego.c
> +@@ -848,7 +848,7 @@ der_get_oid(const unsigned char *p, size_t len,
> oid *data, size_t *size) {
> + return (ASN1_OVERRUN);
> + }
> +
> +- data->components = malloc(len * sizeof(*data->components));
> ++ data->components = malloc((len + 1) * sizeof(*data-
> >components));
> + if (data->components == NULL) {
> + return (ENOMEM);
> + }
> diff --git a/meta/recipes-connectivity/bind/bind_9.16.7.bb
> b/meta/recipes-connectivity/bind/bind_9.16.7.bb
> index 5fc2c1d3cd..82c1bb66df 100644
> --- a/meta/recipes-connectivity/bind/bind_9.16.7.bb
> +++ b/meta/recipes-connectivity/bind/bind_9.16.7.bb
> @@ -17,6 +17,7 @@ SRC_URI = "
> https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
>
> file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
>
> file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
> file://0001-avoid-start-failure-with-bind-user.patch \
> + file://CVE-2020-8625.patch \
> "
>
> SRC_URI[sha256sum] =
> "9f7d1812ebbd26a699f62b6fa8522d5dec57e4bf43af0042a0d60d39ed8314d1"
>
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-02 6:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-01 22:43 [gatesgarth][PATCH] bind: fix CVE-2020-8625 Minjae Kim
2021-03-02 6:31 ` [OE-core] " Anuj Mittal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.