From c2566047d075183b4b2193a28dbe3b83cdfd46a5 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 10 2015 15:08:24 +0000
Subject: import bind-9.9.4-18.el7_1.1


---

diff --git a/SOURCES/bind99-CVE-2015-1349.patch b/SOURCES/bind99-CVE-2015-1349.patch
new file mode 100644
index 0000000..e484587
--- /dev/null
+++ b/SOURCES/bind99-CVE-2015-1349.patch
@@ -0,0 +1,25 @@
+diff -up bind-9.9.4/lib/dns/zone.c.CVE-2015-1349 bind-9.9.4/lib/dns/zone.c
+--- bind-9.9.4/lib/dns/zone.c.CVE-2015-1349	2015-03-02 11:18:36.138872044 +0100
++++ bind-9.9.4/lib/dns/zone.c	2015-03-02 11:20:15.941032102 +0100
+@@ -8456,6 +8456,12 @@ keyfetch_done(isc_task_t *task, isc_even
+ 					     namebuf, tag);
+ 				trustkey = ISC_TRUE;
+ 			}
++		} else {
++			/*
++			 * No previously known key, and the key is not
++			 * secure, so skip it.
++			 */
++			continue;
+ 		}
+ 
+ 		/* Delete old version */
+@@ -8504,7 +8510,7 @@ keyfetch_done(isc_task_t *task, isc_even
+ 			trust_key(zone, keyname, &dnskey, mctx);
+ 		}
+ 
+-		if (!deletekey)
++		if (secure && !deletekey)
+ 			set_refreshkeytimer(zone, &keydata, now);
+ 	}
+ 
diff --git a/SPECS/bind.spec b/SPECS/bind.spec
index 1f0f345..62c42f0 100644
--- a/SPECS/bind.spec
+++ b/SPECS/bind.spec
@@ -29,7 +29,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.9.4
-Release:  18%{?PATCHVER}%{?PREVER}%{?dist}
+Release:  18%{?PATCHVER}%{?PREVER}%{?dist}.1
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -97,6 +97,7 @@ Patch144:bind99-rh1067424.patch
 Patch145:bind99-rh1072379.patch
 Patch146:bind99-rh1098959.patch
 Patch147:bind99-CVE-2014-8500.patch
+Patch148:bind99-CVE-2015-1349.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -323,6 +324,7 @@ popd
 %patch145 -p1 -b .rh1072379
 %patch146 -p1 -b .rh1098959
 %patch147 -p1 -b .CVE-2014-8500
+%patch148 -p1 -b .CVE-2015-1349
 
 %if %{SDB}
 %patch101 -p1 -b .old-api
@@ -942,6 +944,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Mon Mar 02 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-18.1
+- Fix CVE-2015-1349
+
 * Wed Dec 10 2014 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-18
 - Fix CVE-2014-8500 (#1171976)