bind: Update to 9.9.5

Remove CVE patches that are in bind
Updated COPYRIGHT includes date changes the NetBSD Copyright
Modifies the Base BSD License to 3-Clause (removes advertising clause)w
Add patch to disable running tests on host
Add python-core to RDEPENDS for dnssec-checkds and dnssec-coverage and fix path to python

Signed-off-by: Saul Wold <sgw@linux.intel.com>

1 files changed, 141 insertions, 0 deletions

diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
new file mode 100644
index 0000000000..5dd6f69e45
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
@@ -0,0 +1,141 @@
+bind_Fix_for_CVE-2012-4244
+
+Upstream-Status: Backport
+
+Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit
+
+ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
+ and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
+cause a denial of service (assertion failure and named daemon exit) via
+a query for a long resource record.
+
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
+
+diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
+--- a/lib/dns/include/dns/rdata.h	2012-10-08 12:19:42.000000000 +0800
++++ b/lib/dns/include/dns/rdata.h	2012-10-08 11:26:43.000000000 +0800
+@@ -147,6 +147,17 @@ struct dns_rdata {
+ 	(((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0)
+ 
+ /*
++ * The maximum length of a RDATA that can be sent on the wire.
++ * Max packet size (65535) less header (12), less name (1), type (2),
++ * class (2), ttl(4), length (2).
++ *
++ * None of the defined types that support name compression can exceed
++ * this and all new types are to be sent uncompressed.
++ */
++
++#define DNS_RDATA_MAXLENGTH    65512U
++
++/*
+  * Flags affecting rdata formatting style.  Flags 0xFFFF0000
+  * are used by masterfile-level formatting and defined elsewhere.
+  * See additional comments at dns_rdata_tofmttext().
+diff -urpN a/lib/dns/master.c b/lib/dns/master.c
+--- a/lib/dns/master.c	2012-10-08 12:19:42.000000000 +0800
++++ b/lib/dns/master.c	2012-10-08 11:27:06.000000000 +0800
+@@ -75,7 +75,7 @@
+ /*%
+  * max message size - header - root - type - class - ttl - rdlen
+  */
+-#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
++#define MINTSIZ DNS_RDATA_MAXLENGTH 
+ /*%
+  * Size for tokens in the presentation format,
+  * The largest tokens are the base64 blocks in KEY and CERT records,
+diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c
+--- a/lib/dns/rdata.c	2012-10-08 12:19:42.000000000 +0800
++++ b/lib/dns/rdata.c	2012-10-08 11:27:27.000000000 +0800
+@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+ 	isc_buffer_t st;
+ 	isc_boolean_t use_default = ISC_FALSE;
+ 	isc_uint32_t activelength;
++	size_t length;
+ 
+ 	REQUIRE(dctx != NULL);
+ 	if (rdata != NULL) {
+@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+ 	}
+ 
+ 	/*
++	 * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
++	 * as we cannot transmit it.
++	 */
++	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
++	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
++		result = DNS_R_FORMERR;
++
++	/*
+ 	 * We should have consumed all of our buffer.
+ 	 */
+ 	if (result == ISC_R_SUCCESS && !buffer_empty(source))
+@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
+ 
+ 	if (rdata != NULL && result == ISC_R_SUCCESS) {
+ 		region.base = isc_buffer_used(&st);
+-		region.length = isc_buffer_usedlength(target) -
+-				isc_buffer_usedlength(&st);
++		region.length = length;
+ 		dns_rdata_fromregion(rdata, rdclass, type, &region);
+ 	}
+ 
+@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
+ 	unsigned long line;
+ 	void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
+ 	isc_result_t tresult;
++	size_t length;
+ 
+ 	REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
+ 	if (rdata != NULL) {
+@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
+ 		}
+ 	} while (1);
+ 
++	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
++	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
++		result = ISC_R_NOSPACE;
++
+ 	if (rdata != NULL && result == ISC_R_SUCCESS) {
+ 		region.base = isc_buffer_used(&st);
+-		region.length = isc_buffer_usedlength(target) -
+-				isc_buffer_usedlength(&st);
++		region.length = length;
+ 		dns_rdata_fromregion(rdata, rdclass, type, &region);
+ 	}
+ 	if (result != ISC_R_SUCCESS) {
+@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
+ 	isc_buffer_t st;
+ 	isc_region_t region;
+ 	isc_boolean_t use_default = ISC_FALSE;
++	size_t length;
+ 
+ 	REQUIRE(source != NULL);
+ 	if (rdata != NULL) {
+@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
+ 	if (use_default)
+ 		(void)NULL;
+ 
++	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
++	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
++		result = ISC_R_NOSPACE;
++
+ 	if (rdata != NULL && result == ISC_R_SUCCESS) {
+ 		region.base = isc_buffer_used(&st);
+-		region.length = isc_buffer_usedlength(target) -
+-				isc_buffer_usedlength(&st);
++		region.length = length;
+ 		dns_rdata_fromregion(rdata, rdclass, type, &region);
+ 	}
+ 	if (result != ISC_R_SUCCESS)
+diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
+--- a/lib/dns/rdataslab.c	2012-10-08 12:19:42.000000000 +0800
++++ b/lib/dns/rdataslab.c	2012-10-08 11:27:54.000000000 +0800
+@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
+ 		length = x[i].rdata.length;
+ 		if (rdataset->type == dns_rdatatype_rrsig)
+ 			length++;
++		INSIST(length <= 0xffff);
+ 		*rawbuf++ = (length & 0xff00) >> 8;
+ 		*rawbuf++ = (length & 0x00ff);
+ #if DNS_RDATASET_FIXED