Thu May 3 18:32:02 2012 UTC ()

Pullup ticket #3764 - requested by taca
net/bind97: security patch

Revisions pulled up:
- net/bind97/Makefile                                           1.13
- net/bind97/distinfo                                           1.12
- net/bind97/patches/patch-lib_dns_resolver.c                   1.1

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue May  1 02:48:58 UTC 2012

   Modified Files:
   	pkgsrc/net/bind97: Makefile distinfo
   Added Files:
   	pkgsrc/net/bind97/patches: patch-lib_dns_resolver.c

   Log Message:
   Add fix to a race condition in the resolver code that can cause a recursive
   nameserver: <https://kb.isc.org/article/AA-00664>.

   Bump PKGREVISION.


(tron)

diff -r1.12 -r1.12.2.1 pkgsrc/net/bind97/Makefile
diff -r1.11 -r1.11.2.1 pkgsrc/net/bind97/distinfo
diff -r0 -r1.1.2.2 pkgsrc/net/bind97/patches/patch-lib_dns_resolver.c

--- pkgsrc/net/bind97/Attic/Makefile 2012/04/05 00:40:09 1.12
+++ pkgsrc/net/bind97/Attic/Makefile 2012/05/03 18:32:02 1.12.2.1

 @@ -1,17 +1,18 @@
-# $NetBSD: Makefile,v 1.12 2012/04/05 00:40:09 taca Exp $
+# $NetBSD: Makefile,v 1.12.2.1 2012/05/03 18:32:02 tron Exp $
 DISTNAME=	bind-${BIND_VERSION}
 PKGNAME=	${DISTNAME:S/-P/pl/}
 PKGREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \
 		http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.isc.org/software/bind
 COMMENT=	Version 9 of the Berkeley Internet Name Daemon, implementation of DNS
 CONFLICTS+=	bind<9.7.0
 PKG_DESTDIR_SUPPORT=	user-destdir
 MAKE_JOBS_SAFE=	no

--- pkgsrc/net/bind97/Attic/distinfo 2012/04/05 00:40:09 1.11
+++ pkgsrc/net/bind97/Attic/distinfo 2012/05/03 18:32:02 1.11.2.1

 @@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.11 2012/04/05 00:40:09 taca Exp $
+$NetBSD: distinfo,v 1.11.2.1 2012/05/03 18:32:02 tron Exp $
 SHA1 (bind-9.7.5.tar.gz) = d66705bb898340de88653892a75e0038c3dec86e
 RMD160 (bind-9.7.5.tar.gz) = 0186557e4d20b06c45939988b47dbf2cf600ae9b
 Size (bind-9.7.5.tar.gz) = 6848848 bytes
 SHA1 (patch-aa) = 6cec876c8caa7082f97365863f3f88c4f168da48
 SHA1 (patch-ab) = 9585a26a376d32f80ac8266eb7967c00b433f14d
 SHA1 (patch-ac) = ee4ca3d200b3d3f93b8ccfa2c6e51ab005b35a01
 SHA1 (patch-ad) = 29fb5c24ff3558f1621e93ea16419e32dbc695b7
 SHA1 (patch-ae) = 68b8155daa8f75081b6f8fd70ca23fda60506c64
 SHA1 (patch-lib_dns_resolver.c) = 1c0bc26a159219f65dc59429d395f7796a5165f6

$NetBSD: patch-lib_dns_resolver.c,v 1.1.2.2 2012/05/03 18:32:02 tron Exp $

Prevent segmentation fault in resolver.c: https://kb.isc.org/article/AA-00664

--- lib/dns/resolver.c.orig	2012-03-22 19:14:04.000000000 +0000
+++ lib/dns/resolver.c
@@ -2157,7 +2157,6 @@ fctx_finddone(isc_task_t *task, isc_even
 	isc_boolean_t want_try = ISC_FALSE;
 	isc_boolean_t want_done = ISC_FALSE;
 	isc_boolean_t bucket_empty = ISC_FALSE;
-	isc_boolean_t destroy = ISC_FALSE;
 	unsigned int bucketnum;
 
 	find = event->ev_sender;
@@ -2196,17 +2195,12 @@ fctx_finddone(isc_task_t *task, isc_even
 		}
 	} else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
 		   fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) {
-		/*
-		 * Note that we had to wait until we had the lock before
-		 * looking at fctx->references.
-		 */
+
 		if (fctx->references == 0)
-			destroy = ISC_TRUE;
+			bucket_empty = fctx_destroy(fctx);
 	}
 	UNLOCK(&res->buckets[bucketnum].lock);
 
-	if (destroy)
-		bucket_empty = fctx_destroy(fctx);
 	isc_event_free(&event);
 	dns_adb_destroyfind(&find);