[AUTOPATCHER-CORE] Upgrade bind to 9.16.44 Fix CVE-2023-3341 (#6296)

* Upgrade bind to 9.16.44 Fix CVE-2023-3341 * Remove patch for old CVE --------- Co-authored-by: Rakshaa Viswanathan <rviswanathan@microsoft.com>
2023-09-28 10:48:23 -07:00 · 2023-09-28 10:48:23 -07:00 · d7f79b6fed
parent 3a3d4b24c2
commit d7f79b6fed
4 changed files with 9 additions and 179 deletions
--- a/SPECS/bind/CVE-2023-2828.patch
+++ b/SPECS/bind/CVE-2023-2828.patch
@ -1,171 +0,0 @@
-From 011a1a2425eaf914f5470f9dd6cfd98b7bd5f340 Mon Sep 17 00:00:00 2001
-From: Suresh Thelkar <sthelkar@microsoft.com>
-Date: Wed, 26 Jul 2023 11:15:57 +0530
-Subject: [PATCH] patch for CVE-2023-2828
-
-Backported by @suresh-thelkar from upstream on 2023-07-26
-Upstream patch is available at https://downloads.isc.org/isc/bind9/9.16.42/patches/0001-CVE-2023-2828.patch
-Applies on 9.16.33 cleanly
---
- lib/dns/rbtdb.c | 105 ++++++++++++++++++++++++++++++------------------
- 1 file changed, 65 insertions(+), 40 deletions(-)
-
-diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
-index 75832e3..cc026a6 100644
--- a/lib/dns/rbtdb.c
-+++ b/lib/dns/rbtdb.c
-@@ -599,7 +599,7 @@ static void
- expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, bool tree_locked,
- 	      expire_t reason);
- static void
-overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, isc_stdtime_t now,
-+overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, size_t purgesize,
- 	      bool tree_locked);
- static void
- resign_insert(dns_rbtdb_t *rbtdb, int idx, rdatasetheader_t *newheader);
-@@ -6756,6 +6756,16 @@ cleanup:
- 
- static dns_dbmethods_t zone_methods;
- 
-+static size_t
-+rdataset_size(rdatasetheader_t *header) {
-+	if (!NONEXISTENT(header)) {
-+		return (dns_rdataslab_size((unsigned char *)header,
-+					   sizeof(*header)));
-+	}
-+
-+	return (sizeof(*header));
-+}
-+
- static isc_result_t
- addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
- 	    isc_stdtime_t now, dns_rdataset_t *rdataset, unsigned int options,
-@@ -6919,7 +6929,8 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
- 	}
- 
- 	if (cache_is_overmem) {
-		overmem_purge(rbtdb, rbtnode->locknum, now, tree_locked);
-+		overmem_purge(rbtdb, rbtnode->locknum, rdataset_size(newheader),
-+			      tree_locked);
- 	}
- 
- 	NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
-@@ -6938,10 +6949,18 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
- 		}
- 
- 		header = isc_heap_element(rbtdb->heaps[rbtnode->locknum], 1);
-		if (header != NULL && header->rdh_ttl + rbtdb->serve_stale_ttl <
-					      now - RBTDB_VIRTUAL)
-		{
-			expire_header(rbtdb, header, tree_locked, expire_ttl);
-+		if (header != NULL) {
-+			dns_ttl_t rdh_ttl = header->rdh_ttl;
-+
-+			/* Only account for stale TTL if cache is not overmem */
-+			if (!cache_is_overmem) {
-+				rdh_ttl += rbtdb->serve_stale_ttl;
-+			}
-+
-+			if (rdh_ttl < now - RBTDB_VIRTUAL) {
-+				expire_header(rbtdb, header, tree_locked,
-+					      expire_ttl);
-+			}
- 		}
- 
- 		/*
-@@ -10420,52 +10439,58 @@ update_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, isc_stdtime_t now) {
- 	ISC_LIST_PREPEND(rbtdb->rdatasets[header->node->locknum], header, link);
- }
- 
-+static size_t
-+expire_lru_headers(dns_rbtdb_t *rbtdb, unsigned int locknum, size_t purgesize,
-+		   bool tree_locked) {
-+	rdatasetheader_t *header, *header_prev;
-+	size_t purged = 0;
-+
-+	for (header = ISC_LIST_TAIL(rbtdb->rdatasets[locknum]);
-+	     header != NULL && purged <= purgesize; header = header_prev)
-+	{
-+		header_prev = ISC_LIST_PREV(header, link);
-+		/*
-+		 * Unlink the entry at this point to avoid checking it
-+		 * again even if it's currently used someone else and
-+		 * cannot be purged at this moment.  This entry won't be
-+		 * referenced any more (so unlinking is safe) since the
-+		 * TTL was reset to 0.
-+		 */
-+		ISC_LIST_UNLINK(rbtdb->rdatasets[locknum], header, link);
-+		size_t header_size = rdataset_size(header);
-+		expire_header(rbtdb, header, tree_locked, expire_lru);
-+		purged += header_size;
-+	}
-+
-+	return (purged);
-+}
-+
- /*%
- * Purge some expired and/or stale (i.e. unused for some period) cache entries
- * under an overmem condition.  To recover from this condition quickly, up to
- * 2 entries will be purged.  This process is triggered while adding a new
- * entry, and we specifically avoid purging entries in the same LRU bucket as
- * the one to which the new entry will belong.  Otherwise, we might purge
- * entries of the same name of different RR types while adding RRsets from a
- * single response (consider the case where we're adding A and AAAA glue records
- * of the same NS name).
-+ * Purge some stale (i.e. unused for some period - LRU based cleaning) cache
-+ * entries under the overmem condition.  To recover from this condition quickly,
-+ * we cleanup entries up to the size of newly added rdata (passed as purgesize).
-+ *
-+ * This process is triggered while adding a new entry, and we specifically avoid
-+ * purging entries in the same LRU bucket as the one to which the new entry will
-+ * belong.  Otherwise, we might purge entries of the same name of different RR
-+ * types while adding RRsets from a single response (consider the case where
-+ * we're adding A and AAAA glue records of the same NS name).
-  */
- static void
-overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, isc_stdtime_t now,
-+overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, size_t purgesize,
- 	      bool tree_locked) {
-	rdatasetheader_t *header, *header_prev;
- 	unsigned int locknum;
-	int purgecount = 2;
-+	size_t purged = 0;
- 
- 	for (locknum = (locknum_start + 1) % rbtdb->node_lock_count;
-	     locknum != locknum_start && purgecount > 0;
-+	     locknum != locknum_start && purged <= purgesize;
- 	     locknum = (locknum + 1) % rbtdb->node_lock_count)
- 	{
- 		NODE_LOCK(&rbtdb->node_locks[locknum].lock,
- 			  isc_rwlocktype_write);
- 
-		header = isc_heap_element(rbtdb->heaps[locknum], 1);
-		if (header && header->rdh_ttl < now - RBTDB_VIRTUAL) {
-			expire_header(rbtdb, header, tree_locked, expire_ttl);
-			purgecount--;
-		}
-
-		for (header = ISC_LIST_TAIL(rbtdb->rdatasets[locknum]);
-		     header != NULL && purgecount > 0; header = header_prev)
-		{
-			header_prev = ISC_LIST_PREV(header, link);
-			/*
-			 * Unlink the entry at this point to avoid checking it
-			 * again even if it's currently used someone else and
-			 * cannot be purged at this moment.  This entry won't be
-			 * referenced any more (so unlinking is safe) since the
-			 * TTL was reset to 0.
-			 */
-			ISC_LIST_UNLINK(rbtdb->rdatasets[locknum], header,
-					link);
-			expire_header(rbtdb, header, tree_locked, expire_lru);
-			purgecount--;
-		}
-+		purged += expire_lru_headers(rbtdb, locknum, purgesize - purged,
-+					     tree_locked);
- 
- 		NODE_UNLOCK(&rbtdb->node_locks[locknum].lock,
- 			    isc_rwlocktype_write);
-- 
-2.38.1
-
--- a/SPECS/bind/bind.signatures.json
+++ b/SPECS/bind/bind.signatures.json
@ -14,6 +14,6 @@
    "named.sysconfig": "8f8eff846667b7811358e289e9fe594de17d0e47f2b8cebf7840ad8db7f34816",
    "setup-named-chroot.sh": "786fbc88c7929fadf217cf2286f2eb03b6fba14843e5da40ad43c0022dd71c3a",
    "setup-named-softhsm.sh": "3b243d9e48577acb95a08ae5dd7288c5eec4830bc02bd29b1f1724c497d12864",
-    "bind-9.16.37.tar.xz": "0e4661d522a2fe1f111c1f0685e7d6993d657f81dae24e7a75dbd8db3ef2e2ab"
+    "bind-9.16.44.tar.xz": "cfaa953c36d5ca42d9584fcf9653d07c85527b59687e7c4d4cb8071272db6754"
  }
 }
--- a/SPECS/bind/bind.spec
+++ b/SPECS/bind/bind.spec
@ -9,8 +9,8 @@

 Summary:        Domain Name System software
 Name:           bind
-Version:        9.16.37
-Release:        2%{?dist}
+Version:        9.16.44
+Release:        1%{?dist}
 License:        ISC
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@ -33,7 +33,6 @@ Source14:       setup-named-softhsm.sh
 Source15:       named-chroot.files
 Patch9:         bind-9.14-config-pkcs11.patch
 Patch10:        bind-9.10-dist-native-pkcs11.patch
-Patch11:        CVE-2023-2828.patch

 BuildRequires:  gcc
 BuildRequires:  json-c-devel
@ -235,7 +234,6 @@ cp -r bin/dnssec{,-pkcs11}
 cp -r lib/dns{,-pkcs11}
 cp -r lib/ns{,-pkcs11}
 %patch10 -p1 -b .dist_pkcs11
-%patch11 -p1

 libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f

@ -615,6 +613,9 @@ fi;
 %{_mandir}/man8/named-nzd2nzf.8*

 %changelog
+* Wed Sep 27 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 9.16.44-1
+- Auto-upgrade to 9.16.44 - Fix CVE-2023-3341
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 9.16.37-2
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)

--- a/cgmanifest.json
+++ b/cgmanifest.json
@ -1087,8 +1087,8 @@
        "type": "other",
        "other": {
          "name": "bind",
-          "version": "9.16.37",
-          "downloadUrl": "https://ftp.isc.org/isc/bind9/9.16.37/bind-9.16.37.tar.xz"
+          "version": "9.16.44",
+          "downloadUrl": "https://ftp.isc.org/isc/bind9/9.16.44/bind-9.16.44.tar.xz"
        }
      }
    },
@ -30897,4 +30897,4 @@
    }
  ],
  "Version": 1
-}
+}