diff options
| author | mat <mat@FreeBSD.org> | 2015-02-19 05:56:08 +0800 |
|---|---|---|
| committer | mat <mat@FreeBSD.org> | 2015-02-19 05:56:08 +0800 |
| commit | 7bf8687591e0159558961d2fa9e1b745b2ae6355 (patch) | |
| tree | c35860718e04d0fdd79be1e5791f7502f31208db /dns/bind910 | |
| parent | dbce4c2074f90b0521090699675dd14a0d7ed762 (diff) | |
| download | freebsd-ports-gnome-7bf8687591e0159558961d2fa9e1b745b2ae6355.tar.gz freebsd-ports-gnome-7bf8687591e0159558961d2fa9e1b745b2ae6355.tar.zst freebsd-ports-gnome-7bf8687591e0159558961d2fa9e1b745b2ae6355.zip | |
Add a patch for CVE-2015-1349 while I work on updating both ports to the new version.
Security: CVE-2015-1349
Sponsored by: Absolight
Diffstat (limited to 'dns/bind910')
| -rw-r--r-- | dns/bind910/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind910/files/patch-CVE-2015-1349 | 52 |
2 files changed, 53 insertions, 1 deletions
diff --git a/dns/bind910/Makefile b/dns/bind910/Makefile index 478d8695a344..bc9c25835f45 100644 --- a/dns/bind910/Makefile +++ b/dns/bind910/Makefile @@ -7,7 +7,7 @@ PORTVERSION= ${ISCVERSION:S/-P/P/} PORTREVISION= 1 .else # dns/bind910 here -PORTREVISION= 1 +PORTREVISION= 2 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} diff --git a/dns/bind910/files/patch-CVE-2015-1349 b/dns/bind910/files/patch-CVE-2015-1349 new file mode 100644 index 000000000000..4eb553a7a479 --- /dev/null +++ b/dns/bind910/files/patch-CVE-2015-1349 @@ -0,0 +1,52 @@ +commit 12df718c23e29b16fcb5c12eace4b4a924de104d +Author: Evan Hunt <each@isc.org> +Date: Tue Feb 3 18:32:05 2015 -0800 + + [v9_10_1_patch] avoid crash due to managed-key rollover + + 4053. [security] Revoking a managed trust anchor and supplying + an untrusted replacement could cause named + to crash with an assertion failure. + (CVE-2015-1349) [RT #38344] + +diff --git a/CHANGES b/CHANGES +index 1234469..fc58de7 100644 +--- CHANGES ++++ CHANGES +@@ -1,3 +1,10 @@ ++ --- 9.10.1-P2 released --- ++ ++4053. [security] Revoking a managed trust anchor and supplying ++ an untrusted replacement could cause named ++ to crash with an assertion failure. ++ (CVE-2015-1349) [RT #38344] ++ + --- 9.10.1-P1 released --- + + 4006. [security] A flaw in delegation handling could be exploited +diff --git a/lib/dns/zone.c b/lib/dns/zone.c +index ef60454..2c4558e 100644 +--- lib/dns/zone.c ++++ lib/dns/zone.c +@@ -8946,6 +8946,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { + namebuf, tag); + trustkey = ISC_TRUE; + } ++ } else { ++ /* ++ * No previously known key, and the key is not ++ * secure, so skip it. ++ */ ++ continue; + } + + /* Delete old version */ +@@ -8994,7 +9000,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { + trust_key(zone, keyname, &dnskey, mctx); + } + +- if (!deletekey) { ++ if (secure && !deletekey) { + INSIST(newkey || updatekey); + set_refreshkeytimer(zone, &keydata, now); + } |