From f51a71dea868cdc68d5fc0b1664def05b0722759 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Aug 27 2018 14:11:56 +0000
Subject: import bind-9.9.4-61.el7_5.1


---

diff --git a/SOURCES/bind99-CVE-2018-5740.patch b/SOURCES/bind99-CVE-2018-5740.patch
new file mode 100644
index 0000000..90e858a
--- /dev/null
+++ b/SOURCES/bind99-CVE-2018-5740.patch
@@ -0,0 +1,53 @@
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 252a02f..bfffb8a 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -5957,6 +5957,7 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
+ 	unsigned int nlabels;
+ 	dns_fixedname_t fixed;
+ 	dns_name_t prefix;
++	int order;
+ 
+ 	REQUIRE(rdataset != NULL);
+ 	REQUIRE(rdataset->type == dns_rdatatype_cname ||
+@@ -5979,18 +5980,26 @@ is_answertarget_allowed(fetchctx_t *fctx, dns_name_t *qname, dns_name_t *rname,
+ 		tname = &cname.cname;
+ 		break;
+ 	case dns_rdatatype_dname:
++		if (dns_name_fullcompare(qname, rname, &order, &nlabels) !=
++		    dns_namereln_subdomain)
++		{
++			return (ISC_TRUE);
++		}
+ 		result = dns_rdata_tostruct(&rdata, &dname, NULL);
+ 		RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ 		dns_name_init(&prefix, NULL);
+ 		dns_fixedname_init(&fixed);
+ 		tname = dns_fixedname_name(&fixed);
+-		nlabels = dns_name_countlabels(qname) -
+-			  dns_name_countlabels(rname);
++		nlabels = dns_name_countlabels(rname);
+ 		dns_name_split(qname, nlabels, &prefix, NULL);
+ 		result = dns_name_concatenate(&prefix, &dname.dname, tname,
+ 					      NULL);
+-		if (result == DNS_R_NAMETOOLONG)
++		if (result == DNS_R_NAMETOOLONG) {
++			if (chainingp != NULL) {
++				*chainingp = ISC_TRUE;
++			}
+ 			return (ISC_TRUE);
++		}
+ 		RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ 		break;
+ 	default:
+@@ -6719,7 +6728,9 @@ answer_response(fetchctx_t *fctx) {
+ 		}
+ 		if ((ardataset->type == dns_rdatatype_cname ||
+ 		     ardataset->type == dns_rdatatype_dname) &&
+-		     !is_answertarget_allowed(fctx, qname, aname, ardataset,
++		    type != ardataset->type &&
++		    type != dns_rdatatype_any &&
++		    !is_answertarget_allowed(fctx, qname, aname, ardataset,
+ 					      NULL))
+ 		{
+ 			return (DNS_R_SERVFAIL);
diff --git a/SPECS/bind.spec b/SPECS/bind.spec
index d7988d4..7a2eda2 100644
--- a/SPECS/bind.spec
+++ b/SPECS/bind.spec
@@ -25,7 +25,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.9.4
-Release:  61%{?PATCHVER}%{?PREVER}%{?dist}
+Release:  61%{?PATCHVER}%{?PREVER}%{?dist}.1
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -161,6 +161,7 @@ Patch188: bind99-rh1464850-2.patch
 Patch189: bind99-rh1501531.patch
 # ISC 4858
 Patch190: bind99-CVE-2017-3145.patch
+Patch191: bind99-CVE-2018-5740.patch
 
 # Native PKCS#11 functionality from 9.10
 Patch150:bind-9.9-allow_external_dnskey.patch
@@ -467,6 +468,7 @@ tar -xf %{SOURCE48} -C bin/tests/system/geoip/data
 %patch188 -p1 -b .rh1464850
 %patch189 -p1 -b .rh1501531
 %patch190 -p1 -b .CVE-2017-3145
+%patch191 -p1 -b .CVE-2018-5740
 
 # Override upstream builtin keys
 cp -fp %{SOURCE29} bind.keys
@@ -1155,6 +1157,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Thu Aug 09 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-61.1
+- Fix CVE-2018-5740
+
 * Tue Jan 16 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-61
 - Fix CVE-2017-3145