Update to 9.11.20

Fixes CVE-2020-8619 and few more issues
This commit is contained in:
Petr Menšík 2020-06-17 09:41:25 +02:00
parent 8aa5837978
commit f82859a3a0
5 changed files with 26 additions and 20 deletions

2
.gitignore vendored
View File

@ -108,3 +108,5 @@ bind-9.7.2b1.tar.gz
/bind-9.11.18.tar.gz.asc
/bind-9.11.19.tar.gz
/bind-9.11.19.tar.gz.asc
/bind-9.11.20.tar.gz
/bind-9.11.20.tar.gz.asc

View File

@ -1,4 +1,4 @@
From 76594cba9a1e910bb36160d96fc3872349341799 Mon Sep 17 00:00:00 2001
From f27598743ab6e03271e26f23da4beba748d19c60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@sury.org>
Date: Wed, 25 Apr 2018 14:04:31 +0200
Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts
@ -24,10 +24,10 @@ Fix the isc_safe_memwipe() usage with (NULL, >0)
delete mode 100644 lib/isc/safe.c
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 6ddaebe..d921870 100644
index 6dded0c..a9c5557 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -787,7 +787,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
@@ -784,7 +784,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
static int
hashlist_comp(const void *a, const void *b) {
@ -81,7 +81,7 @@ index ad77f24..670982a 100644
/* accept_sec_context.c */
diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index 0fd0837..8ad54bb 100644
index 149552a..8529a86 100644
--- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in
@@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \
@ -91,7 +91,7 @@ index 0fd0837..8ad54bb 100644
- safe.@O@ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
+ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \
tm.@O@ timer.@O@ version.@O@ \
tm.@O@ timer.@O@ utf8.@O@ version.@O@ \
${UNIXOBJS} ${NLSOBJS} ${THREADOBJS}
@@ -79,7 +79,7 @@ SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \
netaddr.c netscope.c pool.c ondestroy.c \
@ -100,7 +100,7 @@ index 0fd0837..8ad54bb 100644
- safe.c serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
+ serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \
strtoul.c symtab.c task.c taskpool.c timer.c \
tm.c version.c
tm.c utf8.c version.c
@@ -95,10 +95,6 @@ TESTDIRS = @UNITTESTS@
@ -284,5 +284,5 @@ index 266ac75..60e9181 100644
return (cmocka_run_group_tests(tests, NULL, NULL));
--
2.20.1
2.26.2

View File

@ -65,8 +65,8 @@
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind
License: MPLv2.0
Version: 9.11.19
Release: 2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Version: 9.11.20
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -1604,6 +1604,9 @@ fi;
%changelog
* Wed Jun 17 2020 Petr Menšík <pemensik@redhat.com> - 32:9.11.20-1
- Update to 9.11.20
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 32:9.11.19-2
- Rebuilt for Python 3.9

View File

@ -1,7 +1,8 @@
diff -up bind-9.9.4rc2/lib/dns/resolver.c.rh645544 bind-9.9.4rc2/lib/dns/resolver.c
--- bind-9.9.4rc2/lib/dns/resolver.c.rh645544 2013-08-19 10:30:52.000000000 +0200
+++ bind-9.9.4rc2/lib/dns/resolver.c 2013-09-06 17:58:03.864165823 +0200
@@ -1138,7 +1138,7 @@ log_edns(fetchctx_t *fctx) {
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index ecb3ddb..f7f73cd 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -1456,7 +1456,7 @@ log_edns(fetchctx_t *fctx) {
*/
dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED,
@ -10,7 +11,7 @@ diff -up bind-9.9.4rc2/lib/dns/resolver.c.rh645544 bind-9.9.4rc2/lib/dns/resolve
"success resolving '%s' (in '%s'?) after %s",
fctx->info, domainbuf, fctx->reason);
@@ -3804,7 +3804,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrin
@@ -4667,7 +4667,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) {
dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS,
@ -19,12 +20,12 @@ diff -up bind-9.9.4rc2/lib/dns/resolver.c.rh645544 bind-9.9.4rc2/lib/dns/resolve
"lame server resolving '%s' (in '%s'?): %s",
namebuf, domainbuf, addrbuf);
}
@@ -3831,7 +3831,7 @@ log_formerr(fetchctx_t *fctx, const char
}
@@ -4685,7 +4685,7 @@ log_formerr(fetchctx_t *fctx, const char *format, ...) {
isc_sockaddr_format(&fctx->addrinfo->sockaddr, nsbuf, sizeof(nsbuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
- DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE,
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1),
"DNS format error from %s resolving %s%s%s: %s",
nsbuf, fctx->info, clmsg, clbuf, msgbuf);
"DNS format error from %s resolving %s for %s: %s",
nsbuf, fctx->info, fctx->clientstr, msgbuf);
}

View File

@ -1,2 +1,2 @@
SHA512 (bind-9.11.19.tar.gz) = 4378afcd8c72a3f1b597e180a21674e1bbfc44b8378831ab3256395bdc46dce74da31aaa855fbae29d4c93e360dad233e3c8e3e69326779ddfecddbc96511ea2
SHA512 (bind-9.11.19.tar.gz.asc) = 0cdbbe94a1b3a250dcdeb9934b6225cfda35d8646a2e0fada5485ef7b79f3c9bb831b3d19059f93aed9e01ae9ee80708c1d696eca82f01f8e6ae5523c8d3cf2e
SHA512 (bind-9.11.20.tar.gz) = 249710a35dfd340abf8d07c526fb9dd05ab3ed186641f33b697f9a59a866965f43d77e6d0c77b3690698eb6d451a15506cedc5da18aff666c9d95a864268dd25
SHA512 (bind-9.11.20.tar.gz.asc) = f8dba8b72639eefc4b3e5e5e27f28506aa3333101bb903ea7add92716ec95718a0506023a6d812c6d03b93dc634100c0463b667ce7a889e01d087a97eda903f3