From 55ad72d44a94298a96b8f05488ca5ed97ef04736 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 5 May 2024 20:37:15 +0200
Subject: Adding debian version 1:9.11.5.P4+dfsg-5.1+deb10u7.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/patches/0019-CVE-2020-8617.patch | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 debian/patches/0019-CVE-2020-8617.patch

(limited to 'debian/patches/0019-CVE-2020-8617.patch')

diff --git a/debian/patches/0019-CVE-2020-8617.patch b/debian/patches/0019-CVE-2020-8617.patch
new file mode 100644
index 0000000..63e84d3
--- /dev/null
+++ b/debian/patches/0019-CVE-2020-8617.patch
@@ -0,0 +1,33 @@
+From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= <ondrej@debian.org>
+Date: Thu, 14 May 2020 12:24:23 +0200
+Subject: CVE-2020-8617
+
+---
+ lib/dns/tsig.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
+index a94ec69..ff40b99 100644
+--- a/lib/dns/tsig.c
++++ b/lib/dns/tsig.c
+@@ -1422,8 +1422,9 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
+ 			goto cleanup_context;
+ 		}
+ 		msg->verified_sig = 1;
+-	} else if (tsig.error != dns_tsigerror_badsig &&
+-		   tsig.error != dns_tsigerror_badkey) {
++	} else if (!response || (tsig.error != dns_tsigerror_badsig &&
++				 tsig.error != dns_tsigerror_badkey))
++	{
+ 		tsig_log(msg->tsigkey, 2, "signature was empty");
+ 		return (DNS_R_TSIGVERIFYFAILURE);
+ 	}
+@@ -1489,7 +1490,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
+ 		}
+ 	}
+ 
+-	if (tsig.error != dns_rcode_noerror) {
++	if (response && tsig.error != dns_rcode_noerror) {
+ 		msg->tsigstatus = tsig.error;
+ 		if (tsig.error == dns_tsigerror_badtime)
+ 			ret = DNS_R_CLOCKSKEW;
-- 
cgit v1.2.3