* Wed May 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-2

- Applied patch for CVE-2011-1922 DoS vulnerability

unbound-CVE-2011-1922.patch

@@ -0,0 +1,11 @@
+diff -Naur unbound-1.4.9/daemon/worker.c unbound-1.4.9-CVE-2011-1922/daemon/worker.c
+--- unbound-1.4.9/daemon/worker.c	2010-11-04 08:35:39.000000000 -0400
++++ unbound-1.4.9-CVE-2011-1922/daemon/worker.c	2011-05-25 15:14:04.888288236 -0400
+@@ -777,6 +777,7 @@
+ 		qinfo.qtype == LDNS_RR_TYPE_IXFR) {
+ 		verbose(VERB_ALGO, "worker request: refused zone transfer.");
+ 		log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
++		ldns_buffer_rewind(c->buffer);
+ 		LDNS_QR_SET(ldns_buffer_begin(c->buffer));
+ 		LDNS_RCODE_SET(ldns_buffer_begin(c->buffer), 
+ 			LDNS_RCODE_REFUSED);

unbound.spec

@@ -9,7 +9,7 @@
 Summary: Validating, recursive, and caching DNS(SEC) resolver
 Name: unbound
 Version: 1.4.9
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/unbound/
 Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -20,6 +20,7 @@ Source4: unbound_munin_
 Source5: root.key
 Source6: dlv.isc.org.key
 Patch1: unbound-1.2-glob.patch
+Patch2: unbound-CVE-2011-1922.patch
 
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -93,6 +94,7 @@ Python modules and extensions for unbound
 %prep
 %setup -q 
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure  --with-ldns= --with-libevent --with-pthreads --with-ssl \
@@ -199,6 +201,9 @@ fi
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Wed May 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-2
+- Applied patch for CVE-2011-1922 DoS vulnerability
+
 * Sun Mar 27 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-1
 - Updated to 1.4.9