ldns: fix CVE-2017-100231 CVE-2017-100232

srcpkgs/ldns/patches/CVE-2017-1000231.patch

@@ -0,0 +1,29 @@
+From c8391790c96d4c8a2c10f9ab1460fda83b509fc2 Mon Sep 17 00:00:00 2001
+From: Willem Toorop <willem@nlnetlabs.nl>
+Date: Thu, 27 Apr 2017 00:14:58 +0200
+Subject: Check parse limit before t increment
+
+Thanks Stephan Zeisberg
+---
+ parse.c   | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/parse.c b/parse.c
+index e68627c..947dbb8 100644
+--- a/parse.c
++++ b/parse.c
+@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
+ 			if (line_nr) {
+ 				*line_nr = *line_nr + 1;
+ 			}
++			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
++				*t = '\0';
++				return -1;
++			}
+ 			*t++ = ' ';
+ 			prev_c = c;
+ 			continue;
+-- 
+cgit v1.1
+
+

srcpkgs/ldns/patches/CVE-2017-1000232.patch

@@ -0,0 +1,31 @@
+From 3bdeed02505c9bbacb3b64a97ddcb1de967153b7 Mon Sep 17 00:00:00 2001
+From: Willem Toorop <willem@nlnetlabs.nl>
+Date: Thu, 27 Apr 2017 00:25:20 +0200
+Subject: bugfix #1257: Free after reallocing to 0 size
+
+Thanks Stephan Zeisberg
+---
+ str2host.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/str2host.c b/str2host.c
+index b274b17..f2a317b 100644
+--- a/str2host.c
++++ b/str2host.c
+@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str)
+ 	if (! str) {
+ 		return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
+ 	}
+-	length = (size_t)(dp - data);
+-
++	if (!(length = (size_t)(dp - data))) {
++		LDNS_FREE(data);
++		return LDNS_STATUS_SYNTAX_EMPTY;
++	}
+ 	/* Lose the overmeasure */
+ 	data = LDNS_XREALLOC(dp = data, uint8_t, length);
+ 	if (! data) {
+-- 
+cgit v1.1
+
+

srcpkgs/ldns/template

@@ -1,7 +1,8 @@
 # Template file for 'ldns'
 pkgname=ldns
 version=1.7.0
-revision=6
+revision=7
+patch_args="-Np1"
 build_style=gnu-configure
 configure_args="--with-drill --with-examples --disable-dane-ta-usage
  --with-trust-anchor=/etc/dns/root.key