diff --git a/SOURCES/bind99-CVE-2015-4620.patch b/SOURCES/bind99-CVE-2015-4620.patch new file mode 100644 index 0000000..b0468be --- /dev/null +++ b/SOURCES/bind99-CVE-2015-4620.patch @@ -0,0 +1,21 @@ +diff --git a/lib/dns/validator.c b/lib/dns/validator.c +--- a/lib/dns/validator.c ++++ b/lib/dns/validator.c +@@ -1422,7 +1422,6 @@ compute_keytag(dns_rdata_t *rdata, dns_rdata_dnskey_t *key) { + */ + static isc_boolean_t + isselfsigned(dns_validator_t *val) { +- dns_fixedname_t fixed; + dns_rdataset_t *rdataset, *sigrdataset; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_t sigrdata = DNS_RDATA_INIT; +@@ -1478,8 +1477,7 @@ isselfsigned(dns_validator_t *val) { + result = dns_dnssec_verify3(name, rdataset, dstkey, + ISC_TRUE, + val->view->maxbits, +- mctx, &sigrdata, +- dns_fixedname_name(&fixed)); ++ mctx, &sigrdata, NULL); + dst_key_free(&dstkey); + if (result != ISC_R_SUCCESS) + continue; diff --git a/SPECS/bind.spec b/SPECS/bind.spec index 62c42f0..afe9d08 100644 --- a/SPECS/bind.spec +++ b/SPECS/bind.spec @@ -29,7 +29,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.9.4 -Release: 18%{?PATCHVER}%{?PREVER}%{?dist}.1 +Release: 18%{?PATCHVER}%{?PREVER}%{?dist}.2 Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -98,6 +98,7 @@ Patch145:bind99-rh1072379.patch Patch146:bind99-rh1098959.patch Patch147:bind99-CVE-2014-8500.patch Patch148:bind99-CVE-2015-1349.patch +Patch149:bind99-CVE-2015-4620.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -325,6 +326,7 @@ popd %patch146 -p1 -b .rh1098959 %patch147 -p1 -b .CVE-2014-8500 %patch148 -p1 -b .CVE-2015-1349 +%patch149 -p1 -b .CVE-2015-4620 %if %{SDB} %patch101 -p1 -b .old-api @@ -944,6 +946,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Wed Jul 08 2015 Tomas Hozza - 32:9.9.4-18.2 +- Fix CVE-2015-4620 + * Mon Mar 02 2015 Tomas Hozza - 32:9.9.4-18.1 - Fix CVE-2015-1349