head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.10 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.8 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.6 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.4 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.2 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.1.0.12 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.10 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.8 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.6 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.4 pkgsrc-2008Q1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2009.01.04.00.25.28; author adrianp; state dead; branches; next 1.1; 1.1 date 2008.05.11.00.00.57; author tonnerre; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2008.05.11.00.00.57; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2008.05.11.09.33.42; author ghen; state Exp; branches; next ; desc @@ 1.2 log @Nuke BIND 8.x as discussed on pkgsrc-users@@ @ text @$NetBSD: patch-ao,v 1.1 2008/05/11 00:00:57 tonnerre Exp $ --- src/lib/inet/inet_network.c.orig 2004-03-17 01:20:24.000000000 +0100 +++ src/lib/inet/inet_network.c @@@@ -84,9 +84,9 @@@@ again: } if (!digit) return (INADDR_NONE); + if (pp >= parts + 4 || val > 0xffU) + return (INADDR_NONE); if (*cp == '.') { - if (pp >= parts + 4 || val > 0xffU) - return (INADDR_NONE); *pp++ = val, cp++; goto again; } @ 1.1 log @Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced boundary check can be abused for implementation specific exploitation: depending on the use of libbind, this can result in denial of service or even remote code execution. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ao was added on branch pkgsrc-2008Q1 on 2008-05-11 09:33:42 +0000 @ text @d1 16 @ 1.1.2.2 log @Pullup ticket 2369 - requested by tonnerre security fix for bind 8 - pkgsrc/net/bind8/Makefile 1.40 - pkgsrc/net/bind8/distinfo 1.22 - pkgsrc/net/bind8/patches/patch-ao 1.1 Module Name: pkgsrc Committed By: tonnerre Date: Sun May 11 00:00:57 UTC 2008 Modified Files: pkgsrc/net/bind8: Makefile distinfo Added Files: pkgsrc/net/bind8/patches: patch-ao Log Message: Fix CVE-2008-0122 for libbind (as contained in bind). A misplaced boundary check can be abused for implementation specific exploitation: depending on the use of libbind, this can result in denial of service or even remote code execution. @ text @a0 16 $NetBSD$ --- src/lib/inet/inet_network.c.orig 2004-03-17 01:20:24.000000000 +0100 +++ src/lib/inet/inet_network.c @@@@ -84,9 +84,9 @@@@ again: } if (!digit) return (INADDR_NONE); + if (pp >= parts + 4 || val > 0xffU) + return (INADDR_NONE); if (*cp == '.') { - if (pp >= parts + 4 || val > 0xffU) - return (INADDR_NONE); *pp++ = val, cp++; goto again; } @