2 files changed, 17 insertions, 1 deletions

diff --git a/source/n/bind/bind-9.16.11.CVE-2020-8625.diff b/source/n/bind/bind-9.16.11.CVE-2020-8625.diff
new file mode 100644
index 000000000..419b5bea0
--- /dev/null
+++ b/source/n/bind/bind-9.16.11.CVE-2020-8625.diff
@@ -0,0 +1,12 @@
+diff -u -r --new-file bind-9.16.11.orig/lib/dns/spnego.c bind-9.16.11/lib/dns/spnego.c
+--- bind-9.16.11.orig/lib/dns/spnego.c	2021-01-11 07:23:31.000000000 -0600
++++ bind-9.16.11/lib/dns/spnego.c	2021-02-24 13:57:17.199873321 -0600
+@@ -848,7 +848,7 @@
+ 		return (ASN1_OVERRUN);
+ 	}
+ 
+-	data->components = malloc(len * sizeof(*data->components));
++	data->components = malloc((len + 1) * sizeof(*data->components));
+ 	if (data->components == NULL) {
+ 		return (ENOMEM);
+ 	}
diff --git a/source/n/bind/bind.SlackBuild b/source/n/bind/bind.SlackBuild
index 1b7af8957..a77c53178 100755
--- a/source/n/bind/bind.SlackBuild
+++ b/source/n/bind/bind.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=bind
 VERSION=${VERSION:-$(echo ${PKGNAM}-[0-9]*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-3}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -82,6 +82,10 @@ else
   GSSAPI=" "
 fi
 
+# Fix a security vulnerability. This is fixed in 9.16.12, but we can't use
+# that version due to other regressions.
+zcat $CWD/bind-9.16.11.CVE-2020-8625.diff.gz | patch -p1 --verbose || exit 1
+
 # Configure:
 CFLAGS="$SLKCFLAGS" \
 ./configure \