diff options
| -rw-r--r-- | dns/bind910/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind910/files/patch-CVE-2015-1349 | 52 | ||||
| -rw-r--r-- | dns/bind99/Makefile | 2 | ||||
| -rw-r--r-- | dns/bind99/files/patch-CVE-2015-1349 | 52 |
4 files changed, 106 insertions, 2 deletions
diff --git a/dns/bind910/Makefile b/dns/bind910/Makefile index 478d8695a344..bc9c25835f45 100644 --- a/dns/bind910/Makefile +++ b/dns/bind910/Makefile @@ -7,7 +7,7 @@ PORTVERSION= ${ISCVERSION:S/-P/P/} PORTREVISION= 1 .else # dns/bind910 here -PORTREVISION= 1 +PORTREVISION= 2 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} diff --git a/dns/bind910/files/patch-CVE-2015-1349 b/dns/bind910/files/patch-CVE-2015-1349 new file mode 100644 index 000000000000..4eb553a7a479 --- /dev/null +++ b/dns/bind910/files/patch-CVE-2015-1349 @@ -0,0 +1,52 @@ +commit 12df718c23e29b16fcb5c12eace4b4a924de104d +Author: Evan Hunt <each@isc.org> +Date: Tue Feb 3 18:32:05 2015 -0800 + + [v9_10_1_patch] avoid crash due to managed-key rollover + + 4053. [security] Revoking a managed trust anchor and supplying + an untrusted replacement could cause named + to crash with an assertion failure. + (CVE-2015-1349) [RT #38344] + +diff --git a/CHANGES b/CHANGES +index 1234469..fc58de7 100644 +--- CHANGES ++++ CHANGES +@@ -1,3 +1,10 @@ ++ --- 9.10.1-P2 released --- ++ ++4053. [security] Revoking a managed trust anchor and supplying ++ an untrusted replacement could cause named ++ to crash with an assertion failure. ++ (CVE-2015-1349) [RT #38344] ++ + --- 9.10.1-P1 released --- + + 4006. [security] A flaw in delegation handling could be exploited +diff --git a/lib/dns/zone.c b/lib/dns/zone.c +index ef60454..2c4558e 100644 +--- lib/dns/zone.c ++++ lib/dns/zone.c +@@ -8946,6 +8946,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { + namebuf, tag); + trustkey = ISC_TRUE; + } ++ } else { ++ /* ++ * No previously known key, and the key is not ++ * secure, so skip it. ++ */ ++ continue; + } + + /* Delete old version */ +@@ -8994,7 +9000,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { + trust_key(zone, keyname, &dnskey, mctx); + } + +- if (!deletekey) { ++ if (secure && !deletekey) { + INSIST(newkey || updatekey); + set_refreshkeytimer(zone, &keydata, now); + } diff --git a/dns/bind99/Makefile b/dns/bind99/Makefile index b64d25234324..35d06ad0e736 100644 --- a/dns/bind99/Makefile +++ b/dns/bind99/Makefile @@ -2,7 +2,7 @@ PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/} -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} PKGNAMESUFFIX= 99 diff --git a/dns/bind99/files/patch-CVE-2015-1349 b/dns/bind99/files/patch-CVE-2015-1349 new file mode 100644 index 000000000000..0f7794bc3a04 --- /dev/null +++ b/dns/bind99/files/patch-CVE-2015-1349 @@ -0,0 +1,52 @@ +commit 2e9d79f169663c9aff5f0dcdc626a2cd2dbb5892 +Author: Evan Hunt <each@isc.org> +Date: Tue Feb 3 18:30:38 2015 -0800 + + [v9_9_6_patch] avoid crash due to managed-key rollover + + 4053. [security] Revoking a managed trust anchor and supplying + an untrusted replacement could cause named + to crash with an assertion failure. + (CVE-2015-1349) [RT #38344] + +diff --git a/CHANGES b/CHANGES +index e8d75ea..b45be6d 100644 +--- CHANGES ++++ CHANGES +@@ -1,3 +1,10 @@ ++ --- 9.9.6-P2 released --- ++ ++4053. [security] Revoking a managed trust anchor and supplying ++ an untrusted replacement could cause named ++ to crash with an assertion failure. ++ (CVE-2015-1349) [RT #38344] ++ + --- 9.9.6-P1 released --- + + 4006. [security] A flaw in delegation handling could be exploited +diff --git a/lib/dns/zone.c b/lib/dns/zone.c +index 7a9825b..5db2844 100644 +--- lib/dns/zone.c ++++ lib/dns/zone.c +@@ -8508,6 +8508,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { + namebuf, tag); + trustkey = ISC_TRUE; + } ++ } else { ++ /* ++ * No previously known key, and the key is not ++ * secure, so skip it. ++ */ ++ continue; + } + + /* Delete old version */ +@@ -8556,7 +8562,7 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) { + trust_key(zone, keyname, &dnskey, mctx); + } + +- if (!deletekey) { ++ if (secure && !deletekey) { + INSIST(newkey || updatekey); + set_refreshkeytimer(zone, &keydata, now); + } |