diff --git a/bind-9.5-CVE-2008-0122.patch b/bind-9.5-CVE-2008-0122.patch new file mode 100644 index 0000000..38e0a4b --- /dev/null +++ b/bind-9.5-CVE-2008-0122.patch @@ -0,0 +1,20 @@ +Index: lib/bind/inet/inet_network.c +=================================================================== +RCS file: /var/snap/bind9/lib/bind/inet/inet_network.c,v +retrieving revision 1.5 +retrieving revision 1.6 +diff -u -r1.5 -r1.6 +--- lib/bind/inet/inet_network.c 27 Apr 2005 04:56:21 -0000 1.5 ++++ lib/bind/inet/inet_network.c 15 Jan 2008 04:02:01 -0000 1.6 +@@ -84,9 +84,9 @@ + } + if (!digit) + return (INADDR_NONE); ++ if (pp >= parts + 4 || val > 0xffU) ++ return (INADDR_NONE); + if (*cp == '.') { +- if (pp >= parts + 4 || val > 0xffU) +- return (INADDR_NONE); + *pp++ = val, cp++; + goto again; + } diff --git a/bind.spec b/bind.spec index 8ddd71a..d448d9a 100644 --- a/bind.spec +++ b/bind.spec @@ -20,7 +20,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.5.0 -Release: 22.%{RELEASEVER}%{?dist} +Release: 23.%{RELEASEVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -63,6 +63,7 @@ Patch71: bind-9.5-overflow.patch Patch72: bind-9.5-dlz-64bit.patch Patch80: bind-9.5-edns.patch Patch84: bind-9.5-gssapi-header.patch +Patch86: bind-9.5-CVE-2008-0122.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -252,6 +253,7 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named %patch83 -p1 -b .libidn2 %patch84 -p1 -b .gssapi-header %patch85 -p1 -b .libidn3 +%patch86 -p0 -b .CVE-2008-0122 :; @@ -408,7 +410,7 @@ for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.int echo '@ in soa localhost. root 1 3H 15M 1W 1D ns localhost.' > sample/var/named/$f; done -/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.238 2007/12/27 15:16:08 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ +/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.239 2008/01/21 10:05:57 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ *\ * NOTE: you only need to create this file if it is to\ * differ from the following default contents: @@ -668,6 +670,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_sbindir}/bind-chroot-admin %changelog +* Mon Jan 21 2008 Adam Tkac 32:9.5.0-23.b1 +- CVE-2008-0122 + * Thu Dec 27 2007 Adam Tkac 32:9.5.0-22.b1 - fixed initscript wait loop (#426382) - removed dependency on policycoreutils and libselinux (#426515)