1
0
forked from rpms/bind

import bind-9.11.26-3.el8

This commit is contained in:
CentOS Sources 2021-02-16 06:10:24 +00:00 committed by Andrew Lukoshko
parent 5e58c2dcaa
commit 4fce41eda1
2 changed files with 33 additions and 1 deletions

View File

@ -0,0 +1,27 @@
From 9f331a945071365ccc0cfba24241c4af6919af30 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Mon, 15 Feb 2021 12:18:14 +0100
Subject: [PATCH] CVE-2020-8625
5562. [security] Fix off-by-one bug in ISC SPNEGO implementation.
(CVE-2020-8625) [GL #2354]
---
lib/dns/spnego.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/dns/spnego.c b/lib/dns/spnego.c
index dea108b..13cf15d 100644
--- a/lib/dns/spnego.c
+++ b/lib/dns/spnego.c
@@ -877,7 +877,7 @@ der_get_oid(const unsigned char *p, size_t len, oid *data, size_t *size) {
return (ASN1_OVERRUN);
}
- data->components = malloc(len * sizeof(*data->components));
+ data->components = malloc((len + 1) * sizeof(*data->components));
if (data->components == NULL) {
return (ENOMEM);
}
--
2.26.2

View File

@ -68,7 +68,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: MPLv2.0
Version: 9.11.26
Release: 2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Release: 3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -154,6 +154,7 @@ Patch174:bind-9.11-fips-disable.patch
Patch175:bind-9.11-json-c.patch
Patch177:bind-9.11-serve-stale.patch
Patch178:bind-9.11-dhcp-time-monotonic.patch
Patch179:bind-9.11-CVE-2020-8625.patch
# SDB patches
Patch11: bind-9.3.2b2-sdbsrc.patch
@ -548,6 +549,7 @@ are used for building ISC DHCP.
%patch175 -p1 -b .json-c
%patch177 -p1 -b .serve-stale
%patch178 -p1 -b .time-monotonic
%patch179 -p1 -b .CVE-2020-8625
mkdir lib/dns/tests/testdata/dstrandom
cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@ -1599,6 +1601,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
* Mon Feb 15 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.26-3
- Fix off-by-one bug in ISC SPNEGO implementation (CVE-2020-8625)
* Tue Jan 05 2021 Petr Menšík <pemensik@redhat.com> - 32:9.11.26-2
- Add DNSTAP support (#1854148), new dnstap-read tool
- Add JSON support in statistics-channel (#1899257)