From e506594fee26538e70a55d2fff1db61cda1a261e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 27 2016 11:25:25 +0000 Subject: import bind-9.9.4-29.el7_2.2 --- diff --git a/SOURCES/bind99-CVE-2015-8704.patch b/SOURCES/bind99-CVE-2015-8704.patch new file mode 100644 index 0000000..4aa41f2 --- /dev/null +++ b/SOURCES/bind99-CVE-2015-8704.patch @@ -0,0 +1,22 @@ +diff --git a/lib/dns/rdata/in_1/apl_42.c b/lib/dns/rdata/in_1/apl_42.c +index eb927b9..df35025 100644 +--- a/lib/dns/rdata/in_1/apl_42.c ++++ b/lib/dns/rdata/in_1/apl_42.c +@@ -116,7 +116,7 @@ totext_in_apl(ARGS_TOTEXT) { + isc_uint8_t len; + isc_boolean_t neg; + unsigned char buf[16]; +- char txt[sizeof(" !64000")]; ++ char txt[sizeof(" !64000:")]; + const char *sep = ""; + int n; + +@@ -140,7 +140,7 @@ totext_in_apl(ARGS_TOTEXT) { + isc_region_consume(&sr, 1); + INSIST(len <= sr.length); + n = snprintf(txt, sizeof(txt), "%s%s%u:", sep, +- neg ? "!": "", afi); ++ neg ? "!" : "", afi); + INSIST(n < (int)sizeof(txt)); + RETERR(str_totext(txt, target)); + switch (afi) { diff --git a/SPECS/bind.spec b/SPECS/bind.spec index c58e297..f10e986 100644 --- a/SPECS/bind.spec +++ b/SPECS/bind.spec @@ -25,7 +25,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.9.4 -Release: 29%{?PATCHVER}%{?PREVER}%{?dist}.1 +Release: 29%{?PATCHVER}%{?PREVER}%{?dist}.2 Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -102,6 +102,7 @@ Patch157:bind99-CVE-2015-5477.patch Patch158:bind-99-socket-maxevents.patch Patch159:bind99-CVE-2015-5722.patch Patch160:bind99-CVE-2015-8000.patch +Patch161:bind99-CVE-2015-8704.patch # Native PKCS#11 functionality from 9.10 Patch150:bind-9.9-allow_external_dnskey.patch @@ -377,6 +378,7 @@ popd %patch158 -p1 -b .sock-maxevents %patch159 -p1 -b .CVE-2015-5722 %patch160 -p1 -b .CVE-2015-8000 +%patch161 -p1 -b .CVE-2015-8704 %if %{PKCS11} cp -r bin/named{,-pkcs11} @@ -1057,6 +1059,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Mon Jan 18 2016 Tomas Hozza - 32:9.9.4-29.2 +- Fix CVE-2015-8704 + * Mon Dec 14 2015 Tomas Hozza - 32:9.9.4-29.1 - Fix CVE-2015-8000