[unbound/f15] * Wed May 25 2011 Paul Wouters <paul at xelerance.com> - 1.4.9-2 - Applied patch for CVE-2011-1922 DoS

Paul Wouters pwouters at fedoraproject.org
Wed May 25 22:51:20 UTC 2011 

commit a16ef9640f29bf80585259fc2bb548c85a736b86
Author: Paul Wouters <paul at xelerance.com>
Date:   Wed May 25 18:49:57 2011 -0400

    * Wed May 25 2011 Paul Wouters <paul at xelerance.com> - 1.4.9-2
    - Applied patch for CVE-2011-1922 DoS vulnerability
    
    Conflicts:
    
    	unbound.spec

 unbound-CVE-2011-1922.patch |   11 +++++++++++
 unbound.spec                |    8 ++++++++
 2 files changed, 19 insertions(+), 0 deletions(-)
---
diff --git a/unbound-CVE-2011-1922.patch b/unbound-CVE-2011-1922.patch
new file mode 100644
index 0000000..bdcacad
--- /dev/null
+++ b/unbound-CVE-2011-1922.patch
@@ -0,0 +1,11 @@
+diff -Naur unbound-1.4.9/daemon/worker.c unbound-1.4.9-CVE-2011-1922/daemon/worker.c
+--- unbound-1.4.9/daemon/worker.c	2010-11-04 08:35:39.000000000 -0400
++++ unbound-1.4.9-CVE-2011-1922/daemon/worker.c	2011-05-25 15:14:04.888288236 -0400
+@@ -777,6 +777,7 @@
+ 		qinfo.qtype == LDNS_RR_TYPE_IXFR) {
+ 		verbose(VERB_ALGO, "worker request: refused zone transfer.");
+ 		log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
++		ldns_buffer_rewind(c->buffer);
+ 		LDNS_QR_SET(ldns_buffer_begin(c->buffer));
+ 		LDNS_RCODE_SET(ldns_buffer_begin(c->buffer), 
+ 			LDNS_RCODE_REFUSED);
diff --git a/unbound.spec b/unbound.spec
index 5331def..5ea06a4 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -20,6 +20,7 @@ Source4: unbound_munin_
 Source5: root.key
 Source6: dlv.isc.org.key
 Patch1: unbound-1.2-glob.patch
+Patch2: unbound-CVE-2011-1922.patch
 
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -93,6 +94,7 @@ Python modules and extensions for unbound
 %prep
 %setup -q 
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure  --with-ldns= --with-libevent --with-pthreads --with-ssl \
@@ -198,9 +200,15 @@ fi
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Wed May 25 2011 Paul Wouters <paul at xelerance.com> - 1.4.8-5
+- Applied patch for CVE-2011-1922 DoS vulnerability
+
 * Mon Feb 14 2011 Paul Wouters <paul at xelerance.com> - 1.4.8-4
 - rebuilt for new libevent and EVR
 
+* Sat Feb 12 2011 Paul Wouters <paul at xelerance.com> - 1.4.8-2
+- rebuilt
+
 * Tue Jan 25 2011 Paul Wouters <paul at xelerance.com> - 1.4.8-1
 - Updated to 1.4.8
 - Enable root key for DNSSEC

More information about the scm-commits mailing list