[bind/f20] Include fix for CVE-2015-1349

Tomas Hozza thozza at fedoraproject.org
Mon Feb 23 09:56:30 UTC 2015 

commit 0d06cccfeeed7001a537e9efe76459042cc0a1e0
Author: Tomas Hozza <thozza at redhat.com>
Date:   Mon Feb 23 10:18:40 2015 +0100

    Include fix for CVE-2015-1349
    
    Signed-off-by: Tomas Hozza <thozza at redhat.com>

 bind.spec                  |  7 ++++++-
 bind99-CVE-2015-1349.patch | 25 +++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)
---
diff --git a/bind.spec b/bind.spec
index d4065cf..5c5712d 100644
--- a/bind.spec
+++ b/bind.spec
@@ -27,7 +27,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.9.4
-Release:  17.%{?PATCHVER}%{?PREVER}%{?dist}
+Release:  18.%{?PATCHVER}%{?PREVER}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -96,6 +96,7 @@ Patch143:bind-99-ISC-Bugs-35495.patch
 # [ISC-Bugs #35385]
 Patch144:bind-99-ISC-Bugs-35385.patch
 Patch145:bind99-CVE-2014-8500.patch
+Patch146:bind99-CVE-2015-1349.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -303,6 +304,7 @@ popd
 %patch143 -p1 -b .dlz_segfault
 %patch144 -p1 -b .fetch_race_cond
 %patch145 -p1 -b .CVE-2014-8500
+%patch146 -p1 -b .CVE-2015-1349
 
 %if %{SDB}
 %patch101 -p1 -b .old-api
@@ -825,6 +827,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Mon Feb 23 2015 Tomas Hozza <thozza at redhat.com> 32:9.9.4-18.P2
+- Include fix for CVE-2015-1349
+
 * Wed Dec 10 2014 Tomas Hozza <thozza at redhat.com> 32:9.9.4-17.P2
 - Fix CVE-2014-8500 (#1171913)
 
diff --git a/bind99-CVE-2015-1349.patch b/bind99-CVE-2015-1349.patch
new file mode 100644
index 0000000..36a3e4a
--- /dev/null
+++ b/bind99-CVE-2015-1349.patch
@@ -0,0 +1,25 @@
+diff -up bind-9.9.4-P2/lib/dns/zone.c.CVE-2015-1349 bind-9.9.4-P2/lib/dns/zone.c
+--- bind-9.9.4-P2/lib/dns/zone.c.CVE-2015-1349	2013-12-20 01:28:28.000000000 +0100
++++ bind-9.9.4-P2/lib/dns/zone.c	2015-02-23 10:28:03.495089085 +0100
+@@ -8456,6 +8456,12 @@ keyfetch_done(isc_task_t *task, isc_even
+ 					     namebuf, tag);
+ 				trustkey = ISC_TRUE;
+ 			}
++		} else {
++			/*
++			 * No previously known key, and the key is not
++			 * secure, so skip it.
++			 */
++			continue;
+ 		}
+ 
+ 		/* Delete old version */
+@@ -8504,7 +8510,7 @@ keyfetch_done(isc_task_t *task, isc_even
+ 			trust_key(zone, keyname, &dnskey, mctx);
+ 		}
+ 
+-		if (!deletekey)
++		if (secure && !deletekey)
+ 			set_refreshkeytimer(zone, &keydata, now);
+ 	}
+

More information about the scm-commits mailing list