| Message ID | 20221011161059.41454-1-vkumbhar@mvista.com |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [dunfell] bind: fix CVE-2022-38178 | expand |
On Tue, Oct 11, 2022 at 6:11 AM vkumbhar <vkumbhar@mvista.com> wrote: > > Source: https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d > MR: 122537 > Type: Security Fix > Disposition: Backport from https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d > ChangeID: f93f9a7755124934083d77cf9334fffb32a0c220 > Description: > CVE-2022-38178 bind: Free ctx on invalid siglen > > Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> > --- > .../bind/bind/0001-CVE-2022-38178.patch | 28 +++++++++++++++++++ > .../recipes-connectivity/bind/bind_9.11.22.bb | 1 + > 2 files changed, 29 insertions(+) > create mode 100644 meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch Same issue with filename and internal mvista tags. > > diff --git a/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch b/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch > new file mode 100644 > index 0000000000..bf48dd69a1 > --- /dev/null > +++ b/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch > @@ -0,0 +1,28 @@ > +From cedf585da4809d1bde70cfe800d0f15e3cdccb58 Mon Sep 17 00:00:00 2001 > +From: Vivek Kumbhar <vkumbhar@mvista.com> > +Date: Sun, 9 Oct 2022 19:54:32 +0530 > +Subject: [PATCH] CVE-2022-38178 > + > +Upstream-Status: https://gitlab.isc.org/isc-projects/bind9/-/commit/7c0028cfad2ae5fdf82c4d02d3b8b3a1e96dc6ec > +CVE: CVE-2022-38178 > +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> > +--- > + lib/dns/openssleddsa_link.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c > +index 76c7737..295f08e 100644 > +--- a/lib/dns/openssleddsa_link.c > ++++ b/lib/dns/openssleddsa_link.c > +@@ -325,7 +325,7 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) { > + siglen = DNS_SIG_ED448SIZE; > + > + if (sig->length != siglen) > +- return (DST_R_VERIFYFAILURE); > ++ DST_RET(DST_R_VERIFYFAILURE); > + > + isc_buffer_usedregion(buf, &tbsreg); > + > +-- > +2.25.1 > + > diff --git a/meta/recipes-connectivity/bind/bind_9.11.22.bb b/meta/recipes-connectivity/bind/bind_9.11.22.bb > index 3b4a299b36..b075d01e2b 100644 > --- a/meta/recipes-connectivity/bind/bind_9.11.22.bb > +++ b/meta/recipes-connectivity/bind/bind_9.11.22.bb > @@ -18,6 +18,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ > file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ > file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ > file://0001-avoid-start-failure-with-bind-user.patch \ > + file://0001-CVE-2022-38178.patch \ And again, patch won't apply because you aren't using the current dunfell head. Please rebase and send a V2 Thanks! Steve > " > > SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9" > -- > 2.25.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#171632): https://lists.openembedded.org/g/openembedded-core/message/171632 > Mute This Topic: https://lists.openembedded.org/mt/94262351/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch b/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch new file mode 100644 index 0000000000..bf48dd69a1 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch @@ -0,0 +1,28 @@ +From cedf585da4809d1bde70cfe800d0f15e3cdccb58 Mon Sep 17 00:00:00 2001 +From: Vivek Kumbhar <vkumbhar@mvista.com> +Date: Sun, 9 Oct 2022 19:54:32 +0530 +Subject: [PATCH] CVE-2022-38178 + +Upstream-Status: https://gitlab.isc.org/isc-projects/bind9/-/commit/7c0028cfad2ae5fdf82c4d02d3b8b3a1e96dc6ec +CVE: CVE-2022-38178 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + lib/dns/openssleddsa_link.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c +index 76c7737..295f08e 100644 +--- a/lib/dns/openssleddsa_link.c ++++ b/lib/dns/openssleddsa_link.c +@@ -325,7 +325,7 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) { + siglen = DNS_SIG_ED448SIZE; + + if (sig->length != siglen) +- return (DST_R_VERIFYFAILURE); ++ DST_RET(DST_R_VERIFYFAILURE); + + isc_buffer_usedregion(buf, &tbsreg); + +-- +2.25.1 + diff --git a/meta/recipes-connectivity/bind/bind_9.11.22.bb b/meta/recipes-connectivity/bind/bind_9.11.22.bb index 3b4a299b36..b075d01e2b 100644 --- a/meta/recipes-connectivity/bind/bind_9.11.22.bb +++ b/meta/recipes-connectivity/bind/bind_9.11.22.bb @@ -18,6 +18,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ file://0001-avoid-start-failure-with-bind-user.patch \ + file://0001-CVE-2022-38178.patch \ " SRC_URI[sha256sum] = "afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9"
Source: https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d MR: 122537 Type: Security Fix Disposition: Backport from https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d ChangeID: f93f9a7755124934083d77cf9334fffb32a0c220 Description: CVE-2022-38178 bind: Free ctx on invalid siglen Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> --- .../bind/bind/0001-CVE-2022-38178.patch | 28 +++++++++++++++++++ .../recipes-connectivity/bind/bind_9.11.22.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-connectivity/bind/bind/0001-CVE-2022-38178.patch