On Tue, Oct 11, 2022 at 6:11 AM vkumbhar <vkumb...@mvista.com> wrote: > > Source: > https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d > MR: 122537 > Type: Security Fix > Disposition: Backport from > https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d > ChangeID: f93f9a7755124934083d77cf9334fffb32a0c220 > Description: > CVE-2022-38178 bind: Free ctx on invalid siglen > > Signed-off-by: Vivek Kumbhar <vkumb...@mvista.com> > --- > .../bind/bind/0001-CVE-2022-38178.patch | 28 +++++++++++++++++++ > .../recipes-connectivity/bind/bind_9.11.22.bb | 1 + > 2 files changed, 29 insertions(+) > create mode 100644 > meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch
Same issue with filename and internal mvista tags. > > diff --git a/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch > b/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch > new file mode 100644 > index 0000000000..bf48dd69a1 > --- /dev/null > +++ b/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch > @@ -0,0 +1,28 @@ > +From cedf585da4809d1bde70cfe800d0f15e3cdccb58 Mon Sep 17 00:00:00 2001 > +From: Vivek Kumbhar <vkumb...@mvista.com> > +Date: Sun, 9 Oct 2022 19:54:32 +0530 > +Subject: [PATCH] CVE-2022-38178 > + > +Upstream-Status: > https://gitlab.isc.org/isc-projects/bind9/-/commit/7c0028cfad2ae5fdf82c4d02d3b8b3a1e96dc6ec > +CVE: CVE-2022-38178 > +Signed-off-by: Vivek Kumbhar <vkumb...@mvista.com> > +--- > + lib/dns/openssleddsa_link.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c > +index 76c7737..295f08e 100644 > +--- a/lib/dns/openssleddsa_link.c > ++++ b/lib/dns/openssleddsa_link.c > +@@ -325,7 +325,7 @@ openssleddsa_verify(dst_context_t *dctx, const > isc_region_t *sig) { > + siglen = DNS_SIG_ED448SIZE; > + > + if (sig->length != siglen) > +- return (DST_R_VERIFYFAILURE); > ++ DST_RET(DST_R_VERIFYFAILURE); > + > + isc_buffer_usedregion(buf, &tbsreg); > + > +-- > +2.25.1 > + > diff --git a/meta/recipes-connectivity/bind/bind_9.11.22.bb > b/meta/recipes-connectivity/bind/bind_9.11.22.bb > index 3b4a299b36..b075d01e2b 100644 > --- a/meta/recipes-connectivity/bind/bind_9.11.22.bb > +++ b/meta/recipes-connectivity/bind/bind_9.11.22.bb > @@ -18,6 +18,7 @@ SRC_URI = > "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ > file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ > file://0001-named-lwresd-V-and-start-log-hide-build-options.patch > \ > file://0001-avoid-start-failure-with-bind-user.patch \ > + file://0001-CVE-2022-38178.patch \ And again, patch won't apply because you aren't using the current dunfell head. Please rebase and send a V2 Thanks! Steve > " > > SRC_URI[sha256sum] = > "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9" > -- > 2.25.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#171642): https://lists.openembedded.org/g/openembedded-core/message/171642 Mute This Topic: https://lists.openembedded.org/mt/94262351/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
