Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2018-01-26 13:37:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Fri Jan 26 13:37:51 2018 rev:130 rq:568772 version:9.11.2 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2018-01-13 21:37:02.347739119 +0100 +++ /work/SRC/openSUSE:Factory/.bind.new/bind.changes 2018-01-26 13:37:52.677838854 +0100 @@ -1,0 +2,5 @@ +Tue Jan 23 21:59:24 UTC 2018 - [email protected] + +- Apply bind-CVE-2017-3145.patch to fix CVE-2017-3145 (bsc#1076118) + +------------------------------------------------------------------- New: ---- bind-CVE-2017-3145.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.IfD09Z/_old 2018-01-26 13:37:53.745788974 +0100 +++ /var/tmp/diff_new_pack.IfD09Z/_new 2018-01-26 13:37:53.749788787 +0100 @@ -1,7 +1,7 @@ # # spec file for package bind # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -72,6 +72,7 @@ Patch51: pie_compile.diff Patch52: named-bootconf.diff Patch53: bind-sdb-ldap.patch +Patch54: bind-CVE-2017-3145.patch BuildRequires: libcap-devel BuildRequires: libmysqlclient-devel BuildRequires: libopenssl-devel @@ -299,6 +300,7 @@ %patch51 %patch52 %patch53 +%patch54 -p1 # use the year from source gzip header instead of current one to make reproducible rpms year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0}) ++++++ bind-CVE-2017-3145.patch ++++++ diff --git a/CHANGES b/CHANGES index 5aa5053..32f920d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,9 @@ + --- 9.11.2-P1 released --- + +4858. [security] Addresses could be referenced after being freed + in resolver.c, causing an assertion failure. + (CVE-2017-3145) [RT #46839] + --- 9.11.2 released --- --- 9.11.2rc2 released --- diff --git a/lib/dns/api b/lib/dns/api index 711bfd8..eadd740 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -9,5 +9,5 @@ # 9.11: 160-169 # 9.12: 1200-1299 LIBINTERFACE = 169 -LIBREVISION = 1 +LIBREVISION = 2 LIBAGE = 0 diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 8eb1d97..eb1ebcf 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -831,7 +831,7 @@ fctx_stoptimer(fetchctx_t *fctx) { * cannot fail in that case. */ result = isc_timer_reset(fctx->timer, isc_timertype_inactive, - NULL, NULL, ISC_TRUE); + NULL, NULL, ISC_TRUE); if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_timer_reset(): %s", @@ -839,7 +839,6 @@ fctx_stoptimer(fetchctx_t *fctx) { } } - static inline isc_result_t fctx_startidletimer(fetchctx_t *fctx, isc_interval_t *interval) { /* @@ -1116,7 +1115,8 @@ fctx_cleanupfinds(fetchctx_t *fctx) { for (find = ISC_LIST_HEAD(fctx->finds); find != NULL; - find = next_find) { + find = next_find) + { next_find = ISC_LIST_NEXT(find, publink); ISC_LIST_UNLINK(fctx->finds, find, publink); dns_adb_destroyfind(&find); @@ -1132,7 +1132,8 @@ fctx_cleanupaltfinds(fetchctx_t *fctx) { for (find = ISC_LIST_HEAD(fctx->altfinds); find != NULL; - find = next_find) { + find = next_find) + { next_find = ISC_LIST_NEXT(find, publink); ISC_LIST_UNLINK(fctx->altfinds, find, publink); dns_adb_destroyfind(&find); @@ -1148,7 +1149,8 @@ fctx_cleanupforwaddrs(fetchctx_t *fctx) { for (addr = ISC_LIST_HEAD(fctx->forwaddrs); addr != NULL; - addr = next_addr) { + addr = next_addr) + { next_addr = ISC_LIST_NEXT(addr, publink); ISC_LIST_UNLINK(fctx->forwaddrs, addr, publink); dns_adb_freeaddrinfo(fctx->adb, &addr); @@ -1163,7 +1165,8 @@ fctx_cleanupaltaddrs(fetchctx_t *fctx) { for (addr = ISC_LIST_HEAD(fctx->altaddrs); addr != NULL; - addr = next_addr) { + addr = next_addr) + { next_addr = ISC_LIST_NEXT(addr, publink); ISC_LIST_UNLINK(fctx->altaddrs, addr, publink); dns_adb_freeaddrinfo(fctx->adb, &addr); @@ -1171,16 +1174,20 @@ fctx_cleanupaltaddrs(fetchctx_t *fctx) { } static inline void -fctx_stopeverything(fetchctx_t *fctx, isc_boolean_t no_response, - isc_boolean_t age_untried) +fctx_stopqueries(fetchctx_t *fctx, isc_boolean_t no_response, + isc_boolean_t age_untried) { - FCTXTRACE("stopeverything"); + FCTXTRACE("stopqueries"); fctx_cancelqueries(fctx, no_response, age_untried); + fctx_stoptimer(fctx); +} + +static inline void +fctx_cleanupall(fetchctx_t *fctx) { fctx_cleanupfinds(fctx); fctx_cleanupaltfinds(fctx); fctx_cleanupforwaddrs(fctx); fctx_cleanupaltaddrs(fctx); - fctx_stoptimer(fctx); } static void @@ -1431,7 +1438,8 @@ fctx_done(fetchctx_t *fctx, isc_result_t result, int line) { age_untried = ISC_TRUE; fctx->reason = NULL; - fctx_stopeverything(fctx, no_response, age_untried); + + fctx_stopqueries(fctx, no_response, age_untried); LOCK(&res->buckets[fctx->bucketnum].lock); @@ -4022,11 +4030,12 @@ fctx_doshutdown(isc_task_t *task, isc_event_t *event) { dns_resolver_cancelfetch(fctx->nsfetch); /* - * Shut down anything that is still running on behalf of this - * fetch. To avoid deadlock with the ADB, we must do this - * before we lock the bucket lock. + * Shut down anything still running on behalf of this + * fetch, and clean up finds and addresses. To avoid deadlock + * with the ADB, we must do this before we lock the bucket lock. */ - fctx_stopeverything(fctx, ISC_FALSE, ISC_FALSE); + fctx_stopqueries(fctx, ISC_FALSE, ISC_FALSE); + fctx_cleanupall(fctx); LOCK(&res->buckets[bucketnum].lock);
