1
0
forked from rpms/bind

import bind-9.11.36-3.el8_6.1

This commit is contained in:
CentOS Sources 2022-10-04 10:33:54 -04:00 committed by Stepan Oksanichenko
parent d8d371d1e8
commit 2ce979a606
3 changed files with 64 additions and 2 deletions

View File

@ -0,0 +1,27 @@
From 0095b8a6b09173ab5eb48611dc0233d2a6337dc1 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Tue, 20 Sep 2022 11:21:45 +0200
Subject: [PATCH] Fix CVE-2022-38177
5961. [security] Fix memory leak in ECDSA verify processing.
(CVE-2022-38177) [GL #3487]
---
lib/dns/opensslecdsa_link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index 83b5b51..7576e04 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -224,7 +224,7 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
siglen = DNS_SIG_ECDSA384SIZE;
if (sig->length != siglen)
- return (DST_R_VERIFYFAILURE);
+ DST_RET(DST_R_VERIFYFAILURE);
if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen))
DST_RET (dst__openssl_toresult3(dctx->category,
--
2.37.3

View File

@ -0,0 +1,27 @@
From bb68864bf05d29df644427ec841bc3db6a336519 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Tue, 20 Sep 2022 11:22:47 +0200
Subject: [PATCH] Fix CVE-2022-38178
5962. [security] Fix memory leak in EdDSA verify processing.
(CVE-2022-38178) [GL #3487]
---
lib/dns/openssleddsa_link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/dns/openssleddsa_link.c b/lib/dns/openssleddsa_link.c
index 8b115ec..4f3c2a8 100644
--- a/lib/dns/openssleddsa_link.c
+++ b/lib/dns/openssleddsa_link.c
@@ -325,7 +325,7 @@ openssleddsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
siglen = DNS_SIG_ED448SIZE;
if (sig->length != siglen)
- return (DST_R_VERIFYFAILURE);
+ DST_RET(DST_R_VERIFYFAILURE);
isc_buffer_usedregion(buf, &tbsreg);
--
2.37.3

View File

@ -68,7 +68,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: MPLv2.0
Version: 9.11.36
Release: 3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Release: 3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}.1
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -158,6 +158,8 @@ Patch178:bind-9.11-dhcp-time-monotonic.patch
Patch183:bind-9.11-rh1980757.patch
# modified, https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3067
Patch184: bind-9.15-resolver-ntasks.patch
Patch188: bind-9.16-CVE-2022-38177.patch
Patch189: bind-9.16-CVE-2022-38178.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -553,6 +555,8 @@ are used for building ISC DHCP.
%patch178 -p1 -b .time-monotonic
%patch183 -p1 -b .rh1980757
%patch184 -p1 -b .rh2030239
%patch188 -p1 -b .CVE-2022-38177
%patch189 -p1 -b .CVE-2022-38178
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1605,7 +1609,11 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
* Thu Feb 10 2022 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-2
* Thu Sep 22 2022 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-3.1
- Fix memory leak in ECDSA verify processing (CVE-2022-38177)
- Fix memory leak in EdDSA verify processing (CVE-2022-38178)
* Thu Feb 10 2022 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-3
- Reduce memory used per-view on machine with few processors (#2030239)
* Tue Dec 21 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.36-2