Bug#930864: marked as done (unblock: bind9/1:9.11.5.P4+dfsg-5.1)

Debian Bug Tracking System Fri, 21 Jun 2019 23:39:15 -0700

Your message dated Sat, 22 Jun 2019 08:35:21 +0200
with message-id <[email protected]>
and subject line Re: Bug#930864: unblock: bind9/1:9.11.5.P4+dfsg-5.1
has caused the Debian Bug report #930864,
regarding unblock: bind9/1:9.11.5.P4+dfsg-5.1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
930864: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930864
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock

Hi

Please unblock package bind9 (it builds udeb's so would need an ack
from kibi as well). It fixes CVE-2019-6471, #930746 ("A race condition
when discarding malformed packets can cause BIND to exit with an
assertion failure").

I realize this is very short before the last date possible for unblock
requests.

unblock bind9/1:9.11.5.P4+dfsg-5.1

Regards,
Salvatore

diff -Nru bind9-9.11.5.P4+dfsg/debian/changelog 
bind9-9.11.5.P4+dfsg/debian/changelog
--- bind9-9.11.5.P4+dfsg/debian/changelog       2019-05-03 19:44:57.000000000 
+0200
+++ bind9-9.11.5.P4+dfsg/debian/changelog       2019-06-21 11:24:31.000000000 
+0200
@@ -1,3 +1,11 @@
+bind9 (1:9.11.5.P4+dfsg-5.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * move item_out test inside lock in dns_dispatch_getnext() (CVE-2019-6471)
+    (Closes: #930746)
+
+ -- Salvatore Bonaccorso <[email protected]>  Fri, 21 Jun 2019 11:24:31 +0200
+
 bind9 (1:9.11.5.P4+dfsg-5) unstable; urgency=medium
 
   * AppArmor: Allow /var/tmp/krb5_* (owner-only) for Samba AD DLZ.
diff -Nru 
bind9-9.11.5.P4+dfsg/debian/patches/0015-move-item_out-test-inside-lock-in-dns_dispatch_getne.patch
 
bind9-9.11.5.P4+dfsg/debian/patches/0015-move-item_out-test-inside-lock-in-dns_dispatch_getne.patch
--- 
bind9-9.11.5.P4+dfsg/debian/patches/0015-move-item_out-test-inside-lock-in-dns_dispatch_getne.patch
 1970-01-01 01:00:00.000000000 +0100
+++ 
bind9-9.11.5.P4+dfsg/debian/patches/0015-move-item_out-test-inside-lock-in-dns_dispatch_getne.patch
 2019-06-21 11:24:31.000000000 +0200
@@ -0,0 +1,56 @@
+From: Mark Andrews <[email protected]>
+Date: Tue, 19 Mar 2019 14:14:21 +1100
+Subject: move item_out test inside lock in dns_dispatch_getnext()
+Origin: 
https://gitlab.isc.org/isc-projects/bind9/commit/3a9c7bb80d4a609b86427406d9dd783199920b5b
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-6471
+Bug-Debian: https://bugs.debian.org/930746
+
+(cherry picked from commit 60c42f849d520564ed42e5ed0ba46b4b69c07712)
+---
+ lib/dns/dispatch.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
+index 408beda3679d..3278db4a07c2 100644
+--- a/lib/dns/dispatch.c
++++ b/lib/dns/dispatch.c
+@@ -134,7 +134,7 @@ struct dns_dispentry {
+       isc_task_t                     *task;
+       isc_taskaction_t                action;
+       void                           *arg;
+-      bool                    item_out;
++      bool                            item_out;
+       dispsocket_t                    *dispsocket;
+       ISC_LIST(dns_dispatchevent_t)   items;
+       ISC_LINK(dns_dispentry_t)       link;
+@@ -3422,13 +3422,14 @@ dns_dispatch_getnext(dns_dispentry_t *resp, 
dns_dispatchevent_t **sockevent) {
+       disp = resp->disp;
+       REQUIRE(VALID_DISPATCH(disp));
+ 
+-      REQUIRE(resp->item_out == true);
+-      resp->item_out = false;
+-
+       ev = *sockevent;
+       *sockevent = NULL;
+ 
+       LOCK(&disp->lock);
++
++      REQUIRE(resp->item_out == true);
++      resp->item_out = false;
++
+       if (ev->buffer.base != NULL)
+               free_buffer(disp, ev->buffer.base, ev->buffer.length);
+       free_devent(disp, ev);
+@@ -3573,6 +3574,9 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp,
+               isc_task_send(disp->task[0], &disp->ctlevent);
+ }
+ 
++/*
++ * disp must be locked.
++ */
+ static void
+ do_cancel(dns_dispatch_t *disp) {
+       dns_dispatchevent_t *ev;
+-- 
+2.20.1
+
diff -Nru bind9-9.11.5.P4+dfsg/debian/patches/series 
bind9-9.11.5.P4+dfsg/debian/patches/series
--- bind9-9.11.5.P4+dfsg/debian/patches/series  2019-05-03 19:44:57.000000000 
+0200
+++ bind9-9.11.5.P4+dfsg/debian/patches/series  2019-06-21 11:24:31.000000000 
+0200
@@ -12,3 +12,4 @@
 0012-CVE-2018-5743-Limiting-simultaneous-TCP-clients-is-i.patch
 0013-Replace-atomic-operations-in-bin-named-client.c-with.patch
 0014-Disable-broken-Ed448-support.patch
+0015-move-item_out-test-inside-lock-in-dns_dispatch_getne.patch

--- End Message ---

--- Begin Message ---
Hi Salvatore,

On 21-06-2019 16:54, Salvatore Bonaccorso wrote:
> unblock bind9/1:9.11.5.P4+dfsg-5.1

Unblocked, thanks.

Paul
signature.asc
Description: OpenPGP digital signature

--- End Message ---

Bug#930864: marked as done (unblock: bind9/1:9.11.5.P4+dfsg-5.1)

Reply via email to