svn commit: r278971 - in vendor/bind9/dist: . lib/dns
Xin LI
delphij at FreeBSD.org
Wed Feb 18 22:18:51 UTC 2015
Author: delphij
Date: Wed Feb 18 22:18:49 2015
New Revision: 278971
URL: https://svnweb.freebsd.org/changeset/base/278971
Log:
Apply vendor patch for CVE-2015-1349.
Modified:
vendor/bind9/dist/CHANGES
vendor/bind9/dist/lib/dns/zone.c
Modified: vendor/bind9/dist/CHANGES
==============================================================================
--- vendor/bind9/dist/CHANGES Wed Feb 18 20:33:00 2015 (r278970)
+++ vendor/bind9/dist/CHANGES Wed Feb 18 22:18:49 2015 (r278971)
@@ -1,3 +1,10 @@
+ --- 9.9.6-P2 released ---
+
+4053. [security] Revoking a managed trust anchor and supplying
+ an untrusted replacement could cause named
+ to crash with an assertion failure.
+ (CVE-2015-1349) [RT #38344]
+
--- 9.9.6-P1 released ---
4006. [security] A flaw in delegation handling could be exploited
Modified: vendor/bind9/dist/lib/dns/zone.c
==============================================================================
--- vendor/bind9/dist/lib/dns/zone.c Wed Feb 18 20:33:00 2015 (r278970)
+++ vendor/bind9/dist/lib/dns/zone.c Wed Feb 18 22:18:49 2015 (r278971)
@@ -8508,6 +8508,12 @@ keyfetch_done(isc_task_t *task, isc_even
namebuf, tag);
trustkey = ISC_TRUE;
}
+ } else {
+ /*
+ * No previously known key, and the key is not
+ * secure, so skip it.
+ */
+ continue;
}
/* Delete old version */
@@ -8556,7 +8562,7 @@ keyfetch_done(isc_task_t *task, isc_even
trust_key(zone, keyname, &dnskey, mctx);
}
- if (!deletekey) {
+ if (secure && !deletekey) {
INSIST(newkey || updatekey);
set_refreshkeytimer(zone, &keydata, now);
}
More information about the svn-src-vendor
mailing list