openembedded-core.git/meta/recipes-connectivity/bind, branch dizzy Mirror of openembedded-core bind: CVE-2015-8000 2016-01-30T12:02:29+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-12-21T11:35:20+00:00 c9c42b0ec2c7b9b3e613f68db06230ebc6e2711c Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. [YOCTO #8838] References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Fixes a denial of service in BIND.

An error in the parsing of incoming responses allows some
records with an incorrect class to be accepted by BIND
instead of being rejected as malformed. This can trigger
a REQUIRE assertion failure when those records are subsequently
cached.

[YOCTO #8838]

References:
http://www.openwall.com/lists/oss-security/2015/12/15/14
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
https://bugzilla.redhat.com/attachment.cgi?id=1105581

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722 2015-09-19T10:52:57+00:00 Armin Kuster akuster@mvista.com 2015-09-12T22:17:26+00:00 d3af844b05e566c2188fc3145e66a9826fed0ec8 three security fixes. Signed-off-by: Armin Kuster <akuster@mvista.com> 
three security fixes.

Signed-off-by: Armin Kuster <akuster@mvista.com>
bind9.9.5: CVE-2015-5477 2015-09-01T20:27:51+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-07-30T11:48:55+00:00 18a01db3f2430095a4e6966aed5afd738dbc112e Fixed a flaw in the way BIND handled requests for TKEY DNS resource records. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477 https://kb.isc.org/article/AA-01272 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Fixed a flaw in the way BIND handled requests for TKEY
DNS resource records.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
https://kb.isc.org/article/AA-01272

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
bind: fix typo chown->chmod 2015-02-11T17:39:51+00:00 Ting Liu ting.liu@freescale.com 2015-01-22T02:39:59+00:00 43cf6cd3b282226ce379a03a0d1fd5670c303648 (From OE-Core rev: a6ee74222b43d0bb7fe9ef0072ede78f82a5e446) Signed-off-by: Ting Liu <ting.liu@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
(From OE-Core rev: a6ee74222b43d0bb7fe9ef0072ede78f82a5e446)

Signed-off-by: Ting Liu <ting.liu@freescale.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
bind: fix for CVE-2014-8500 2015-01-06T14:13:07+00:00 Sona Sarmadi sona.sarmadi@enea.com 2014-12-29T09:10:33+00:00 10128cd331af0c4378cac4fbac80a7cd11869bd3 [From upstream commit: 603a0e2637b35a2da820bc807f69bcf09c682dce] [YOCTO #7098] External References: =================== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500 (From OE-Core rev: 7225d6e0c82f264057de40c04b31655f2b0e0c96) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
[From upstream commit: 603a0e2637b35a2da820bc807f69bcf09c682dce]

[YOCTO #7098]

External References:
===================
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500

(From OE-Core rev: 7225d6e0c82f264057de40c04b31655f2b0e0c96)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
bind: clean host path in isc-config.sh 2014-12-31T10:17:28+00:00 Shiqun Lin Shiqun.Lin@windriver.com 2014-10-21T08:12:51+00:00 f8385a94ef915c3905c50ab3c774c2dd9d89ba47 * /usr/bin/isc-config.sh * /usr/bin/bind9-config - hardlink to isc-config.sh (From OE-Core rev: c2332d304a2c872e97653c980b090efa2181123b) Signed-off-by: Shiqun Lin <Shiqun.Lin@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
* /usr/bin/isc-config.sh
* /usr/bin/bind9-config - hardlink to isc-config.sh

(From OE-Core rev: c2332d304a2c872e97653c980b090efa2181123b)

Signed-off-by: Shiqun Lin <Shiqun.Lin@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
bind: use PACKAGE_BEFORE_PN instead of PACKAGES_prepend 2014-12-31T10:17:24+00:00 Ross Burton ross.burton@intel.com 2014-11-13T14:08:20+00:00 0475d37cde09d62667b3edf0a928c563ed7efc50 Appending or prepending to PACKAGES breaks when the package is built natively, so use PACKAGE_BEFORE_PN instead. (From OE-Core rev: 23d7223a21582edefc4e30d76f94f8e81a543af9) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Appending or prepending to PACKAGES breaks when the package is built natively,
so use PACKAGE_BEFORE_PN instead.

(From OE-Core rev: 23d7223a21582edefc4e30d76f94f8e81a543af9)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
bind: fix to use correct environment file in service file 2014-12-31T10:17:08+00:00 Chen Qi Qi.Chen@windriver.com 2014-10-26T12:03:44+00:00 3de15ae4cc8a561859e6761ab6e6b8c45eaad646 Use /etc/default/bind9 as the environment file in named.service. (From OE-Core rev: 0ee1fa68a4d749585c43fc706c8da6e849d10857) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Use /etc/default/bind9 as the environment file in named.service.

(From OE-Core rev: 0ee1fa68a4d749585c43fc706c8da6e849d10857)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
bind: refer ubuntu/redhat to add bind user/group 2014-08-23T22:01:35+00:00 Hongxu Jia hongxu.jia@windriver.com 2014-08-19T10:04:42+00:00 e37841faf746895f41627130623196c0bebe0740 We refer what ubuntu/redhat did, gave bind a user/group Here is the example in ubuntu 14.04: $ ps -eo user,group,cmd | grep "named" ... bind bind /usr/sbin/named -u bind ... $vim bind9_1%3a9.9.5.dfsg-3_amd64.deb/postinst ... # lets give them a bind user/group in all cases. getent group bind >/dev/null 2>&1 || addgroup --system bind getent passwd bind >/dev/null 2>&1 || adduser --system --home /var/cache/bind --no-create-home \ --disabled-password --ingroup bind bind ... Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
We refer what ubuntu/redhat did, gave bind a user/group

Here is the example in ubuntu 14.04:

$ ps -eo user,group,cmd | grep "named"
...
bind     bind     /usr/sbin/named -u bind
...

$vim bind9_1%3a9.9.5.dfsg-3_amd64.deb/postinst
...
    # lets give them a bind user/group in all cases.
    getent group bind >/dev/null 2>&1 || addgroup --system bind
    getent passwd bind >/dev/null 2>&1 ||
    adduser --system --home /var/cache/bind --no-create-home \
        --disabled-password --ingroup bind bind
...

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream-Status Cleanups 2014-04-25T16:18:46+00:00 Saul Wold sgw@linux.intel.com 2014-04-23T16:42:39+00:00 ea438b58c9a90e4c3147f99d63a9afc66963c5a1 Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>