From fb5a2ea905347ba07fd3eda72c338f563d642117 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Feb 23 2015 09:18:40 +0000
Subject: Include fix for CVE-2015-1349


Signed-off-by: Tomas Hozza <thozza@redhat.com>

---

diff --git a/bind.spec b/bind.spec
index 7f46d4c..774c2fb 100644
--- a/bind.spec
+++ b/bind.spec
@@ -24,7 +24,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.9.6
-Release:  7%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
+Release:  8%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -83,6 +83,7 @@ Patch135:bind99-rh985918.patch
 Patch136:bind-9.9-native-pkcs11.patch
 Patch137:bind-9.9-dist-native-pkcs11.patch
 Patch138:bind99-rh1184151.patch
+Patch139:bind99-CVE-2015-1349.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -321,6 +322,7 @@ popd
 %patch131 -p1 -b .multlib-conflict
 %patch136 -p1 -b .native_pkcs11
 %patch138 -p1 -b .nsupdate
+%patch139 -p1 -b .CVE-2015-1349
 
 %if %{PKCS11}
 cp -r bin/named{,-pkcs11}
@@ -1024,6 +1026,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Mon Feb 23 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-8.P1
+- Include fix for CVE-2015-1349
+
 * Mon Feb 02 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.6-7.P1
 - Fix nsupdate server auto-detection (#1184151)
 
diff --git a/bind99-CVE-2015-1349.patch b/bind99-CVE-2015-1349.patch
new file mode 100644
index 0000000..5c8bf27
--- /dev/null
+++ b/bind99-CVE-2015-1349.patch
@@ -0,0 +1,37 @@
+commit 2e9d79f169663c9aff5f0dcdc626a2cd2dbb5892
+Author: Evan Hunt <each@isc.org>
+Date:   Tue Feb 3 18:30:38 2015 -0800
+
+    [v9_9_6_patch] avoid crash due to managed-key rollover
+    
+    4053.	[security]	Revoking a managed trust anchor and supplying
+    			an untrusted replacement could cause named
+    			to crash with an assertion failure.
+    			(CVE-2015-1349) [RT #38344]
+
+diff --git a/lib/dns/zone.c b/lib/dns/zone.c
+index 7a9825b..5db2844 100644
+--- a/lib/dns/zone.c
++++ b/lib/dns/zone.c
+@@ -8508,6 +8508,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
+ 					     namebuf, tag);
+ 				trustkey = ISC_TRUE;
+ 			}
++		} else {
++			/*
++			 * No previously known key, and the key is not
++			 * secure, so skip it.
++			 */
++			continue;
+ 		}
+ 
+ 		/* Delete old version */
+@@ -8556,7 +8562,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
+ 			trust_key(zone, keyname, &dnskey, mctx);
+ 		}
+ 
+-		if (!deletekey) {
++		if (secure && !deletekey) {
+ 			INSIST(newkey || updatekey);
+ 			set_refreshkeytimer(zone, &keydata, now);
+ 		}