diff --git a/SOURCES/bind-9.11-CVE-2020-8622.patch b/SOURCES/bind-9.11-CVE-2020-8622.patch new file mode 100644 index 0000000..74e8225 --- /dev/null +++ b/SOURCES/bind-9.11-CVE-2020-8622.patch @@ -0,0 +1,57 @@ +From c5a9fd85a19a63f88a5f17c7e6d074ee22364093 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Tue, 18 Aug 2020 10:53:33 +0200 +Subject: [PATCH] Fix CVE-2020-8622 + +5476. [security] It was possible to trigger an assertion failure when + verifying the response to a TSIG-signed request. + (CVE-2020-8622) [GL #2028] +--- + lib/dns/message.c | 24 +++++++++++++----------- + 1 file changed, 13 insertions(+), 11 deletions(-) + +diff --git a/lib/dns/message.c b/lib/dns/message.c +index d9e341a..7c813a5 100644 +--- a/lib/dns/message.c ++++ b/lib/dns/message.c +@@ -1712,6 +1712,19 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source, + msg->header_ok = 0; + msg->question_ok = 0; + ++ if ((options & DNS_MESSAGEPARSE_CLONEBUFFER) == 0) { ++ isc_buffer_usedregion(&origsource, &msg->saved); ++ } else { ++ msg->saved.length = isc_buffer_usedlength(&origsource); ++ msg->saved.base = isc_mem_get(msg->mctx, msg->saved.length); ++ if (msg->saved.base == NULL) { ++ return (ISC_R_NOMEMORY); ++ } ++ memmove(msg->saved.base, isc_buffer_base(&origsource), ++ msg->saved.length); ++ msg->free_saved = 1; ++ } ++ + isc_buffer_remainingregion(source, &r); + if (r.length < DNS_MESSAGE_HEADERLEN) + return (ISC_R_UNEXPECTEDEND); +@@ -1787,17 +1800,6 @@ dns_message_parse(dns_message_t *msg, isc_buffer_t *source, + } + + truncated: +- if ((options & DNS_MESSAGEPARSE_CLONEBUFFER) == 0) +- isc_buffer_usedregion(&origsource, &msg->saved); +- else { +- msg->saved.length = isc_buffer_usedlength(&origsource); +- msg->saved.base = isc_mem_get(msg->mctx, msg->saved.length); +- if (msg->saved.base == NULL) +- return (ISC_R_NOMEMORY); +- memmove(msg->saved.base, isc_buffer_base(&origsource), +- msg->saved.length); +- msg->free_saved = 1; +- } + + if (ret == ISC_R_UNEXPECTEDEND && ignore_tc) + return (DNS_R_RECOVERABLE); +-- +2.26.2 + diff --git a/SOURCES/bind-9.11-CVE-2020-8623.patch b/SOURCES/bind-9.11-CVE-2020-8623.patch new file mode 100644 index 0000000..c076b0a --- /dev/null +++ b/SOURCES/bind-9.11-CVE-2020-8623.patch @@ -0,0 +1,399 @@ +From df11c6cb80238fb43c4a5994161cc2e70521ffb4 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Tue, 18 Aug 2020 10:54:39 +0200 +Subject: [PATCH] Fix CVE-2020-8623 + +5480. [security] When BIND 9 was compiled with native PKCS#11 support, it + was possible to trigger an assertion failure in code + determining the number of bits in the PKCS#11 RSA public + key with a specially crafted packet. (CVE-2020-8623) + [GL #2037] +--- + lib/dns/pkcs11dh_link.c | 15 ++++++- + lib/dns/pkcs11dsa_link.c | 8 +++- + lib/dns/pkcs11rsa_link.c | 79 +++++++++++++++++++++++++-------- + lib/isc/include/pk11/internal.h | 3 +- + lib/isc/pk11.c | 60 ++++++++++++++++--------- + 5 files changed, 121 insertions(+), 44 deletions(-) + +diff --git a/lib/dns/pkcs11dh_link.c b/lib/dns/pkcs11dh_link.c +index c192b53..49ff58d 100644 +--- a/lib/dns/pkcs11dh_link.c ++++ b/lib/dns/pkcs11dh_link.c +@@ -747,6 +747,7 @@ pkcs11dh_fromdns(dst_key_t *key, isc_buffer_t *data) { + CK_BYTE *prime = NULL, *base = NULL, *pub = NULL; + CK_ATTRIBUTE *attr; + int special = 0; ++ unsigned int bits; + isc_result_t result; + + isc_buffer_remainingregion(data, &r); +@@ -851,7 +852,11 @@ pkcs11dh_fromdns(dst_key_t *key, isc_buffer_t *data) { + pub = r.base; + isc_region_consume(&r, publen); + +- key->key_size = pk11_numbits(prime, plen_); ++ result = pk11_numbits(prime, plen_, &bits); ++ if (result != ISC_R_SUCCESS) { ++ goto cleanup; ++ } ++ key->key_size = bits; + + dh->repr = (CK_ATTRIBUTE *) isc_mem_get(key->mctx, sizeof(*attr) * 3); + if (dh->repr == NULL) +@@ -1011,6 +1016,7 @@ pkcs11dh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { + dst_private_t priv; + isc_result_t ret; + int i; ++ unsigned int bits; + pk11_object_t *dh = NULL; + CK_ATTRIBUTE *attr; + isc_mem_t *mctx; +@@ -1081,7 +1087,12 @@ pkcs11dh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { + + attr = pk11_attribute_bytype(dh, CKA_PRIME); + INSIST(attr != NULL); +- key->key_size = pk11_numbits(attr->pValue, attr->ulValueLen); ++ ++ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); ++ if (ret != ISC_R_SUCCESS) { ++ goto err; ++ } ++ key->key_size = bits; + + return (ISC_R_SUCCESS); + +diff --git a/lib/dns/pkcs11dsa_link.c b/lib/dns/pkcs11dsa_link.c +index 8d0fc62..3a8a0bb 100644 +--- a/lib/dns/pkcs11dsa_link.c ++++ b/lib/dns/pkcs11dsa_link.c +@@ -982,6 +982,7 @@ pkcs11dsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { + dst_private_t priv; + isc_result_t ret; + int i; ++ unsigned int bits; + pk11_object_t *dsa = NULL; + CK_ATTRIBUTE *attr; + isc_mem_t *mctx = key->mctx; +@@ -1071,7 +1072,12 @@ pkcs11dsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { + + attr = pk11_attribute_bytype(dsa, CKA_PRIME); + INSIST(attr != NULL); +- key->key_size = pk11_numbits(attr->pValue, attr->ulValueLen); ++ ++ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); ++ if (ret != ISC_R_SUCCESS) { ++ goto err; ++ } ++ key->key_size = bits; + + return (ISC_R_SUCCESS); + +diff --git a/lib/dns/pkcs11rsa_link.c b/lib/dns/pkcs11rsa_link.c +index af6008d..9a736dd 100644 +--- a/lib/dns/pkcs11rsa_link.c ++++ b/lib/dns/pkcs11rsa_link.c +@@ -333,6 +333,7 @@ pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits, + key->key_alg == DST_ALG_RSASHA256 || + key->key_alg == DST_ALG_RSASHA512); + #endif ++ REQUIRE(maxbits <= RSA_MAX_PUBEXP_BITS); + + /* + * Reject incorrect RSA key lengths. +@@ -376,6 +377,7 @@ pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits, + for (attr = pk11_attribute_first(rsa); + attr != NULL; + attr = pk11_attribute_next(rsa, attr)) ++ { + switch (attr->type) { + case CKA_MODULUS: + INSIST(keyTemplate[5].type == attr->type); +@@ -396,12 +398,16 @@ pkcs11rsa_createctx_verify(dst_key_t *key, unsigned int maxbits, + memmove(keyTemplate[6].pValue, attr->pValue, + attr->ulValueLen); + keyTemplate[6].ulValueLen = attr->ulValueLen; +- if (pk11_numbits(attr->pValue, +- attr->ulValueLen) > maxbits && +- maxbits != 0) ++ unsigned int bits; ++ ret = pk11_numbits(attr->pValue, attr->ulValueLen, ++ &bits); ++ if (ret != ISC_R_SUCCESS || ++ (bits > maxbits && maxbits != 0)) { + DST_RET(DST_R_VERIFYFAILURE); ++ } + break; + } ++ } + pk11_ctx->object = CK_INVALID_HANDLE; + pk11_ctx->ontoken = ISC_FALSE; + PK11_RET(pkcs_C_CreateObject, +@@ -1075,6 +1081,7 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) { + keyTemplate[5].ulValueLen = attr->ulValueLen; + break; + case CKA_PUBLIC_EXPONENT: ++ unsigned int bits; + INSIST(keyTemplate[6].type == attr->type); + keyTemplate[6].pValue = isc_mem_get(dctx->mctx, + attr->ulValueLen); +@@ -1083,10 +1090,12 @@ pkcs11rsa_verify(dst_context_t *dctx, const isc_region_t *sig) { + memmove(keyTemplate[6].pValue, attr->pValue, + attr->ulValueLen); + keyTemplate[6].ulValueLen = attr->ulValueLen; +- if (pk11_numbits(attr->pValue, +- attr->ulValueLen) +- > RSA_MAX_PUBEXP_BITS) ++ ret = pk11_numbits(attr->pValue, attr->ulValueLen, ++ &bits); ++ if (ret != ISC_R_SUCCESS || bits > RSA_MAX_PUBEXP_BITS) ++ { + DST_RET(DST_R_VERIFYFAILURE); ++ } + break; + } + pk11_ctx->object = CK_INVALID_HANDLE; +@@ -1463,6 +1472,8 @@ pkcs11rsa_fromdns(dst_key_t *key, isc_buffer_t *data) { + CK_BYTE *exponent = NULL, *modulus = NULL; + CK_ATTRIBUTE *attr; + unsigned int length; ++ unsigned int bits; ++ isc_result_t ret = ISC_R_SUCCESS; + + isc_buffer_remainingregion(data, &r); + if (r.length == 0) +@@ -1480,9 +1491,7 @@ pkcs11rsa_fromdns(dst_key_t *key, isc_buffer_t *data) { + + if (e_bytes == 0) { + if (r.length < 2) { +- isc_safe_memwipe(rsa, sizeof(*rsa)); +- isc_mem_put(key->mctx, rsa, sizeof(*rsa)); +- return (DST_R_INVALIDPUBLICKEY); ++ DST_RET(DST_R_INVALIDPUBLICKEY); + } + e_bytes = (*r.base) << 8; + isc_region_consume(&r, 1); +@@ -1491,16 +1500,18 @@ pkcs11rsa_fromdns(dst_key_t *key, isc_buffer_t *data) { + } + + if (r.length < e_bytes) { +- isc_safe_memwipe(rsa, sizeof(*rsa)); +- isc_mem_put(key->mctx, rsa, sizeof(*rsa)); +- return (DST_R_INVALIDPUBLICKEY); ++ DST_RET(DST_R_INVALIDPUBLICKEY); + } + exponent = r.base; + isc_region_consume(&r, e_bytes); + modulus = r.base; + mod_bytes = r.length; + +- key->key_size = pk11_numbits(modulus, mod_bytes); ++ ret = pk11_numbits(modulus, mod_bytes, &bits); ++ if (ret != ISC_R_SUCCESS) { ++ goto err; ++ } ++ key->key_size = bits; + + isc_buffer_forward(data, length); + +@@ -1550,9 +1561,12 @@ pkcs11rsa_fromdns(dst_key_t *key, isc_buffer_t *data) { + rsa->repr, + rsa->attrcnt * sizeof(*attr)); + } ++ ret = ISC_R_NOMEMORY; ++ ++ err: + isc_safe_memwipe(rsa, sizeof(*rsa)); + isc_mem_put(key->mctx, rsa, sizeof(*rsa)); +- return (ISC_R_NOMEMORY); ++ return (ret); + } + + static isc_result_t +@@ -1731,6 +1745,7 @@ pkcs11rsa_fetch(dst_key_t *key, const char *engine, const char *label, + pk11_object_t *pubrsa; + pk11_context_t *pk11_ctx = NULL; + isc_result_t ret; ++ unsigned int bits; + + if (label == NULL) + return (DST_R_NOENGINE); +@@ -1815,7 +1830,11 @@ pkcs11rsa_fetch(dst_key_t *key, const char *engine, const char *label, + + attr = pk11_attribute_bytype(rsa, CKA_MODULUS); + INSIST(attr != NULL); +- key->key_size = pk11_numbits(attr->pValue, attr->ulValueLen); ++ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); ++ if (ret != ISC_R_SUCCESS) { ++ goto err; ++ } ++ key->key_size = bits; + + return (ISC_R_SUCCESS); + +@@ -1901,6 +1920,7 @@ pkcs11rsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { + CK_ATTRIBUTE *attr; + isc_mem_t *mctx = key->mctx; + const char *engine = NULL, *label = NULL; ++ unsigned int bits; + + /* read private key file */ + ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv); +@@ -2044,12 +2064,22 @@ pkcs11rsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { + + attr = pk11_attribute_bytype(rsa, CKA_MODULUS); + INSIST(attr != NULL); +- key->key_size = pk11_numbits(attr->pValue, attr->ulValueLen); ++ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); ++ if (ret != ISC_R_SUCCESS) { ++ goto err; ++ } ++ key->key_size = bits; + + attr = pk11_attribute_bytype(rsa, CKA_PUBLIC_EXPONENT); + INSIST(attr != NULL); +- if (pk11_numbits(attr->pValue, attr->ulValueLen) > RSA_MAX_PUBEXP_BITS) ++ ++ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); ++ if (ret != ISC_R_SUCCESS) { ++ goto err; ++ } ++ if (bits > RSA_MAX_PUBEXP_BITS) { + DST_RET(ISC_R_RANGE); ++ } + + dst__privstruct_free(&priv, mctx); + isc_safe_memwipe(&priv, sizeof(priv)); +@@ -2084,6 +2114,7 @@ pkcs11rsa_fromlabel(dst_key_t *key, const char *engine, const char *label, + pk11_context_t *pk11_ctx = NULL; + isc_result_t ret; + unsigned int i; ++ unsigned int bits; + + UNUSED(pin); + +@@ -2178,12 +2209,22 @@ pkcs11rsa_fromlabel(dst_key_t *key, const char *engine, const char *label, + + attr = pk11_attribute_bytype(rsa, CKA_PUBLIC_EXPONENT); + INSIST(attr != NULL); +- if (pk11_numbits(attr->pValue, attr->ulValueLen) > RSA_MAX_PUBEXP_BITS) ++ ++ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); ++ if (ret != ISC_R_SUCCESS) { ++ goto err; ++ } ++ if (bits > RSA_MAX_PUBEXP_BITS) { + DST_RET(ISC_R_RANGE); ++ } + + attr = pk11_attribute_bytype(rsa, CKA_MODULUS); + INSIST(attr != NULL); +- key->key_size = pk11_numbits(attr->pValue, attr->ulValueLen); ++ ret = pk11_numbits(attr->pValue, attr->ulValueLen, &bits); ++ if (ret != ISC_R_SUCCESS) { ++ goto err; ++ } ++ key->key_size = bits; + + pk11_return_session(pk11_ctx); + isc_safe_memwipe(pk11_ctx, sizeof(*pk11_ctx)); +diff --git a/lib/isc/include/pk11/internal.h b/lib/isc/include/pk11/internal.h +index 603712a..b9680bc 100644 +--- a/lib/isc/include/pk11/internal.h ++++ b/lib/isc/include/pk11/internal.h +@@ -27,7 +27,8 @@ void pk11_mem_put(void *ptr, size_t size); + + CK_SLOT_ID pk11_get_best_token(pk11_optype_t optype); + +-unsigned int pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt); ++isc_result_t ++pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt, unsigned int *bits); + + CK_ATTRIBUTE *pk11_attribute_first(const pk11_object_t *obj); + +diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c +index 48e1031..792b2e3 100644 +--- a/lib/isc/pk11.c ++++ b/lib/isc/pk11.c +@@ -985,13 +985,15 @@ pk11_get_best_token(pk11_optype_t optype) { + return (token->slotid); + } + +-unsigned int +-pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt) { ++isc_result_t ++pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt, unsigned int *bits) { + unsigned int bitcnt, i; + CK_BYTE top; + +- if (bytecnt == 0) +- return (0); ++ if (bytecnt == 0) { ++ *bits = 0; ++ return (ISC_R_SUCCESS); ++ } + bitcnt = bytecnt * 8; + for (i = 0; i < bytecnt; i++) { + top = data[i]; +@@ -999,25 +1001,41 @@ pk11_numbits(CK_BYTE_PTR data, unsigned int bytecnt) { + bitcnt -= 8; + continue; + } +- if (top & 0x80) +- return (bitcnt); +- if (top & 0x40) +- return (bitcnt - 1); +- if (top & 0x20) +- return (bitcnt - 2); +- if (top & 0x10) +- return (bitcnt - 3); +- if (top & 0x08) +- return (bitcnt - 4); +- if (top & 0x04) +- return (bitcnt - 5); +- if (top & 0x02) +- return (bitcnt - 6); +- if (top & 0x01) +- return (bitcnt - 7); ++ if (top & 0x80) { ++ *bits = bitcnt; ++ return (ISC_R_SUCCESS); ++ } ++ if (top & 0x40) { ++ *bits = bitcnt - 1; ++ return (ISC_R_SUCCESS); ++ } ++ if (top & 0x20) { ++ *bits = bitcnt - 2; ++ return (ISC_R_SUCCESS); ++ } ++ if (top & 0x10) { ++ *bits = bitcnt - 3; ++ return (ISC_R_SUCCESS); ++ } ++ if (top & 0x08) { ++ *bits = bitcnt - 4; ++ return (ISC_R_SUCCESS); ++ } ++ if (top & 0x04) { ++ *bits = bitcnt - 5; ++ return (ISC_R_SUCCESS); ++ } ++ if (top & 0x02) { ++ *bits = bitcnt - 6; ++ return (ISC_R_SUCCESS); ++ } ++ if (top & 0x01) { ++ *bits = bitcnt - 7; ++ return (ISC_R_SUCCESS); ++ } + break; + } +- INSIST(0); ++ return (ISC_R_RANGE); + } + + CK_ATTRIBUTE * +-- +2.26.2 + diff --git a/SOURCES/bind-9.11-CVE-2020-8624.patch b/SOURCES/bind-9.11-CVE-2020-8624.patch new file mode 100644 index 0000000..ff70e81 --- /dev/null +++ b/SOURCES/bind-9.11-CVE-2020-8624.patch @@ -0,0 +1,32 @@ +From ba28f7a158f7b7f3f16a75270cee0b71059e7e79 Mon Sep 17 00:00:00 2001 +From: Petr Mensik +Date: Tue, 18 Aug 2020 10:55:50 +0200 +Subject: [PATCH] Fix CVE-2020-8624 + +5481. [security] "update-policy" rules of type "subdomain" were + incorrectly treated as "zonesub" rules, which allowed + keys used in "subdomain" rules to update names outside + of the specified subdomains. The problem was fixed by + making sure "subdomain" rules are again processed as + described in the ARM. (CVE-2020-8624) [GL #2055] +--- + bin/named/zoneconf.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c +index 9bf5bfe..3aee3d2 100644 +--- a/bin/named/zoneconf.c ++++ b/bin/named/zoneconf.c +@@ -234,7 +234,8 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone, + + str = cfg_obj_asstring(matchtype); + CHECK(dns_ssu_mtypefromstring(str, &mtype)); +- if (mtype == dns_ssumatchtype_subdomain) { ++ if (mtype == dns_ssumatchtype_subdomain && ++ strcasecmp(str, "zonesub") == 0) { + usezone = ISC_TRUE; + } + +-- +2.26.2 + diff --git a/SOURCES/bind98-rh1769876.patch b/SOURCES/bind98-rh1769876.patch new file mode 100644 index 0000000..00c6a57 --- /dev/null +++ b/SOURCES/bind98-rh1769876.patch @@ -0,0 +1,64 @@ +From 02b8356a19b119d895d611c9ce17f24a207faa6d Mon Sep 17 00:00:00 2001 +From: Mark Andrews +Date: Tue, 23 Jun 2020 10:26:01 +1000 +Subject: [PATCH] The validator could fail when select_signing_key/get_dst_key + failed + +to select the signing key because the algorithm was not supported +and the loop was prematurely aborted. + +(cherry picked from commit d475f3aeedbb0dff940ff5bd25c71fcfc3a71f95) +--- + lib/dns/validator.c | 33 ++++++++++++++++----------------- + 1 file changed, 16 insertions(+), 17 deletions(-) + +diff --git a/lib/dns/validator.c b/lib/dns/validator.c +index 864301ba1b..092de65172 100644 +--- a/lib/dns/validator.c ++++ b/lib/dns/validator.c +@@ -1651,26 +1651,25 @@ get_dst_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo, + INSIST(val->key == NULL); + result = dst_key_fromdns(&siginfo->signer, rdata.rdclass, &b, + val->view->mctx, &val->key); +- if (result != ISC_R_SUCCESS) +- goto failure; +- if (siginfo->algorithm == +- (dns_secalg_t)dst_key_alg(val->key) && +- siginfo->keyid == +- (dns_keytag_t)dst_key_id(val->key) && +- dst_key_iszonekey(val->key)) +- { +- if (foundold) +- /* +- * This is the key we're looking for. +- */ +- return (ISC_R_SUCCESS); +- else if (dst_key_compare(oldkey, val->key) == ISC_TRUE) ++ if (result == ISC_R_SUCCESS) { ++ if (siginfo->algorithm == ++ (dns_secalg_t)dst_key_alg(val->key) && ++ siginfo->keyid == ++ (dns_keytag_t)dst_key_id(val->key) && ++ dst_key_iszonekey(val->key)) + { +- foundold = ISC_TRUE; +- dst_key_free(&oldkey); ++ if (foundold) { ++ /* ++ * This is the key we're looking for. ++ */ ++ return (ISC_R_SUCCESS); ++ } else if (dst_key_compare(oldkey, val->key)) { ++ foundold = ISC_TRUE; ++ dst_key_free(&oldkey); ++ } + } ++ dst_key_free(&val->key); + } +- dst_key_free(&val->key); + dns_rdata_reset(&rdata); + result = dns_rdataset_next(rdataset); + } while (result == ISC_R_SUCCESS); +-- +2.26.2 + diff --git a/SPECS/bind.spec b/SPECS/bind.spec index 7aad09a..b3c535a 100644 --- a/SPECS/bind.spec +++ b/SPECS/bind.spec @@ -64,7 +64,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.11.4 -Release: 26%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Release: 26%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}.2 Epoch: 32 Url: http://www.isc.org/products/BIND/ # @@ -172,6 +172,10 @@ Patch185: bind-9.11-CVE-2020-8616-test.patch Patch186: bind-9.11-CVE-2020-8617-test.patch Patch187: bind-9.11-rh1832812.patch Patch188: bind-9.11-edns512-tcp-loops.patch +Patch189: bind-9.11-CVE-2020-8622.patch +Patch190: bind-9.11-CVE-2020-8623.patch +Patch191: bind-9.11-CVE-2020-8624.patch +Patch192: bind98-rh1769876.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -537,6 +541,10 @@ are used for building ISC DHCP. %patch186 -p1 -b .CVE-2020-8616-test %patch187 -p1 -b .rh1832812 %patch188 -p1 -b .edns512-loops +%patch189 -p1 -b .CVE-2020-8622 +%patch190 -p1 -b .CVE-2020-8623 +%patch191 -p1 -b .CVE-2020-8624 +%patch192 -p1 -b .rh1769876 # Override upstream builtin keys cp -fp %{SOURCE29} bind.keys @@ -1518,6 +1526,14 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Fri Oct 02 2020 Tomas Korbar - 32:9.11.4-26.P2.2 +- Fix unsupported algorithms validation (#rh1769876) + +* Wed Aug 26 2020 Petr Menšík - 32:9.11.4-26.P2.1 +- Fix tsig-request verify (CVE-2020-8622) +- Prevent PKCS11 daemon crash on crafted packet (CVE-2020-8623) +- Correct update-policy type subdomain to match documentation (CVE-2020-8624) + * Fri May 29 2020 Artem Egorenkov - 32:9.11.4-26.P2 - Fix EDNS512 loops on broken servers