[bind/f20] Include fix for CVE-2015-1349
Tomas Hozza
thozza at fedoraproject.org
Mon Feb 23 09:56:30 UTC 2015
commit 0d06cccfeeed7001a537e9efe76459042cc0a1e0
Author: Tomas Hozza <thozza at redhat.com>
Date: Mon Feb 23 10:18:40 2015 +0100
Include fix for CVE-2015-1349
Signed-off-by: Tomas Hozza <thozza at redhat.com>
bind.spec | 7 ++++++-
bind99-CVE-2015-1349.patch | 25 +++++++++++++++++++++++++
2 files changed, 31 insertions(+), 1 deletion(-)
---
diff --git a/bind.spec b/bind.spec
index d4065cf..5c5712d 100644
--- a/bind.spec
+++ b/bind.spec
@@ -27,7 +27,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: ISC
Version: 9.9.4
-Release: 17.%{?PATCHVER}%{?PREVER}%{?dist}
+Release: 18.%{?PATCHVER}%{?PREVER}%{?dist}
Epoch: 32
Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -96,6 +96,7 @@ Patch143:bind-99-ISC-Bugs-35495.patch
# [ISC-Bugs #35385]
Patch144:bind-99-ISC-Bugs-35385.patch
Patch145:bind99-CVE-2014-8500.patch
+Patch146:bind99-CVE-2015-1349.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -303,6 +304,7 @@ popd
%patch143 -p1 -b .dlz_segfault
%patch144 -p1 -b .fetch_race_cond
%patch145 -p1 -b .CVE-2014-8500
+%patch146 -p1 -b .CVE-2015-1349
%if %{SDB}
%patch101 -p1 -b .old-api
@@ -825,6 +827,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
+* Mon Feb 23 2015 Tomas Hozza <thozza at redhat.com> 32:9.9.4-18.P2
+- Include fix for CVE-2015-1349
+
* Wed Dec 10 2014 Tomas Hozza <thozza at redhat.com> 32:9.9.4-17.P2
- Fix CVE-2014-8500 (#1171913)
diff --git a/bind99-CVE-2015-1349.patch b/bind99-CVE-2015-1349.patch
new file mode 100644
index 0000000..36a3e4a
--- /dev/null
+++ b/bind99-CVE-2015-1349.patch
@@ -0,0 +1,25 @@
+diff -up bind-9.9.4-P2/lib/dns/zone.c.CVE-2015-1349 bind-9.9.4-P2/lib/dns/zone.c
+--- bind-9.9.4-P2/lib/dns/zone.c.CVE-2015-1349 2013-12-20 01:28:28.000000000 +0100
++++ bind-9.9.4-P2/lib/dns/zone.c 2015-02-23 10:28:03.495089085 +0100
+@@ -8456,6 +8456,12 @@ keyfetch_done(isc_task_t *task, isc_even
+ namebuf, tag);
+ trustkey = ISC_TRUE;
+ }
++ } else {
++ /*
++ * No previously known key, and the key is not
++ * secure, so skip it.
++ */
++ continue;
+ }
+
+ /* Delete old version */
+@@ -8504,7 +8510,7 @@ keyfetch_done(isc_task_t *task, isc_even
+ trust_key(zone, keyname, &dnskey, mctx);
+ }
+
+- if (!deletekey)
++ if (secure && !deletekey)
+ set_refreshkeytimer(zone, &keydata, now);
+ }
+
More information about the scm-commits
mailing list