From c5512bd8f1887dcaa3d0c991e6cb5adf3cdbb885 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 23 Oct 2025 18:38:26 +0200
Subject: [PATCH] Prevent cache poisoning due to weak PRNG (CVE-2025-40780)

https://kb.isc.org/docs/cve-2025-40780

Unmodified upstrem patch

Resolves: RHEL-123329
---
 bind-9.18-CVE-2025-40780.patch | 120 +++++++++++++++++++++++++++++++++
 bind9.18.spec                  |   3 +
 2 files changed, 123 insertions(+)
 create mode 100644 bind-9.18-CVE-2025-40780.patch

diff --git a/bind-9.18-CVE-2025-40780.patch b/bind-9.18-CVE-2025-40780.patch
new file mode 100644
index 0000000..760a35d
--- /dev/null
+++ b/bind-9.18-CVE-2025-40780.patch
@@ -0,0 +1,120 @@
+From c7d94eb33a2de5a0f3fdcb4eae7ffdee711cc3e1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
+Date: Tue, 19 Aug 2025 19:22:18 +0200
+Subject: [PATCH] Use cryptographically-secure pseudo-random generator
+ everywhere
+
+It was discovered in an upcoming academic paper that a xoshiro128**
+internal state can be recovered by an external 3rd party allowing to
+predict UDP ports and DNS IDs in the outgoing queries.  This could lead
+to an attacker spoofing the DNS answers with great efficiency and
+poisoning the DNS cache.
+
+Change the internal random generator to system CSPRNG with buffering to
+avoid excessive syscalls.
+
+Thanks Omer Ben Simhon and Amit Klein of Hebrew University of Jerusalem
+for responsibly reporting this to us.  Very cool research!
+
+(cherry picked from commit cffcab9d5f3e709002f331b72498fcc229786ae2)
+(cherry picked from commit 8330b49fb90bfeae14b47b7983e9459cc2bbaffe)
+---
+ lib/isc/include/isc/random.h |  2 +-
+ lib/isc/random.c             | 14 +++++++-------
+ tests/isc/random_test.c      |  4 +++-
+ 3 files changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
+index 1e30d0c..fd55343 100644
+--- a/lib/isc/include/isc/random.h
++++ b/lib/isc/include/isc/random.h
+@@ -20,7 +20,7 @@
+ #include <isc/types.h>
+ 
+ /*! \file isc/random.h
+- * \brief Implements wrapper around a non-cryptographically secure
++ * \brief Implements wrapper around a cryptographically secure
+  * pseudo-random number generator.
+  *
+  */
+diff --git a/lib/isc/random.c b/lib/isc/random.c
+index 7eead66..fb04669 100644
+--- a/lib/isc/random.c
++++ b/lib/isc/random.c
+@@ -85,7 +85,7 @@ static thread_local uint32_t seed[4] = { 0 };
+ 
+ static uint32_t
+ rotl(const uint32_t x, int k) {
+-	return ((x << k) | (x >> (32 - k)));
++	return (x << k) | (x >> (32 - k));
+ }
+ 
+ static uint32_t
+@@ -104,7 +104,7 @@ next(void) {
+ 
+ 	seed[3] = rotl(seed[3], 11);
+ 
+-	return (result_starstar);
++	return result_starstar;
+ }
+ 
+ static thread_local isc_once_t isc_random_once = ISC_ONCE_INIT;
+@@ -128,21 +128,21 @@ uint8_t
+ isc_random8(void) {
+ 	RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) ==
+ 		      ISC_R_SUCCESS);
+-	return (next() & 0xff);
++	return next() & 0xff;
+ }
+ 
+ uint16_t
+ isc_random16(void) {
+ 	RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) ==
+ 		      ISC_R_SUCCESS);
+-	return (next() & 0xffff);
++	return next() & 0xffff;
+ }
+ 
+ uint32_t
+ isc_random32(void) {
+ 	RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) ==
+ 		      ISC_R_SUCCESS);
+-	return (next());
++	return next();
+ }
+ 
+ void
+@@ -174,7 +174,7 @@ isc_random_uniform(uint32_t upper_bound) {
+ 		      ISC_R_SUCCESS);
+ 
+ 	if (upper_bound < 2) {
+-		return (0);
++		return 0;
+ 	}
+ 
+ #if (ULONG_MAX > 0xffffffffUL)
+@@ -202,5 +202,5 @@ isc_random_uniform(uint32_t upper_bound) {
+ 		}
+ 	}
+ 
+-	return (r % upper_bound);
++	return r % upper_bound;
+ }
+diff --git a/tests/isc/random_test.c b/tests/isc/random_test.c
+index 1935846..0016252 100644
+--- a/tests/isc/random_test.c
++++ b/tests/isc/random_test.c
+@@ -321,7 +321,9 @@ random_test(pvalue_func_t *func, isc_random_func test_func) {
+ 			}
+ 			break;
+ 		case ISC_RANDOM_BYTES:
+-			isc_random_buf(values, sizeof(values));
++			for (i = 0; i < ARRAY_SIZE(values); i++) {
++				values[i] = isc_random32();
++			}
+ 			break;
+ 		case ISC_RANDOM_UNIFORM:
+ 			uniform_values = (uint16_t *)values;
+-- 
+2.51.1
+
diff --git a/bind9.18.spec b/bind9.18.spec
index 4d4901d..f045f69 100644
--- a/bind9.18.spec
+++ b/bind9.18.spec
@@ -137,6 +137,8 @@ Patch223: bind-9.18-CVE-2025-8677.patch
 # https://gitlab.isc.org/isc-projects/bind9/commit/cd17dfe696cdf9b8ef23fbc8738de7c79f957846
 # https://gitlab.isc.org/isc-projects/bind9/commit/4c6d03b0bb2ffbafcde8e8a5bc0e49908b978a72
 Patch224: bind-9.18-CVE-2025-40778.patch
+# https://gitlab.isc.org/isc-projects/bind9/commit/8330b49fb90bfeae14b47b7983e9459cc2bbaffe
+Patch225: bind-9.18-CVE-2025-40780.patch
 
 %{?systemd_ordering}
 Requires:       coreutils
@@ -987,6 +989,7 @@ fi;
 * Thu Oct 23 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.29-6
 - Refuse malformed DNSKEY records (CVE-2025-8677)
 - Address various spoofing attacks (CVE-2025-40778)
+- Prevent cache poisoning due to weak PRNG (CVE-2025-40780)
 
 * Fri Sep 12 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.29-5
 - logrotate: skip if empty and remove old variants (RHEL-113942)