Pullup ticket #3765 - requested by taca net/bind96: security patch Revisions pulled up: - net/bind96/Makefile 1.24 - net/bind96/distinfo 1.16 - net/bind96/patches/patch-lib_dns_resolver.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Tue May 1 02:49:27 UTC 2012 Modified Files: pkgsrc/net/bind96: Makefile distinfo Added Files: pkgsrc/net/bind96/patches: patch-lib_dns_resolver.c Log Message: Add fix to a race condition in the resolver code that can cause a recursive nameserver: <https://kb.isc.org/article/AA-00664>. Bump PKGREVISION.diff -r1.23 -r1.23.2.1 pkgsrc/net/bind96/Makefile
(tron)
@@ -1,17 +1,18 @@ | @@ -1,17 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.23 2012/04/05 00:41:10 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.23.2.1 2012/05/03 19:15:50 tron Exp $ | |
2 | 2 | |||
3 | DISTNAME= bind-${BIND_VERSION} | 3 | DISTNAME= bind-${BIND_VERSION} | |
4 | PKGNAME= ${DISTNAME:S/-ESV/.3.1.ESV/:S/-R/./:S/-P/pl/} | 4 | PKGNAME= ${DISTNAME:S/-ESV/.3.1.ESV/:S/-R/./:S/-P/pl/} | |
5 | PKGREVISION= 1 | |||
5 | CATEGORIES= net | 6 | CATEGORIES= net | |
6 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \ | 7 | MASTER_SITES= ftp://ftp.isc.org/isc/bind9/${BIND_VERSION}/ \ | |
7 | http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/ | 8 | http://ftp.belnet.be/pub/mirror/ftp.isc.org/isc/bind9/${BIND_VERSION}/ | |
8 | 9 | |||
9 | MAINTAINER= pkgsrc-users@NetBSD.org | 10 | MAINTAINER= pkgsrc-users@NetBSD.org | |
10 | HOMEPAGE= http://www.isc.org/software/bind | 11 | HOMEPAGE= http://www.isc.org/software/bind | |
11 | COMMENT= Version 9 of the Berkeley Internet Name Daemon, implementation of DNS | 12 | COMMENT= Version 9 of the Berkeley Internet Name Daemon, implementation of DNS | |
12 | 13 | |||
13 | CONFLICTS+= bind<9.6.0 | 14 | CONFLICTS+= bind<9.6.0 | |
14 | 15 | |||
15 | PKG_DESTDIR_SUPPORT= user-destdir | 16 | PKG_DESTDIR_SUPPORT= user-destdir | |
16 | 17 | |||
17 | MAKE_JOBS_SAFE= no | 18 | MAKE_JOBS_SAFE= no |
@@ -1,10 +1,11 @@ | @@ -1,10 +1,11 @@ | |||
1 | $NetBSD: distinfo,v 1.15 2012/04/05 00:41:10 taca Exp $ | 1 | $NetBSD: distinfo,v 1.15.2.1 2012/05/03 19:15:50 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (bind-9.6-ESV-R6.tar.gz) = 8818ba00a7503e757d9d34053b2f16beac0d0f5e | 3 | SHA1 (bind-9.6-ESV-R6.tar.gz) = 8818ba00a7503e757d9d34053b2f16beac0d0f5e | |
4 | RMD160 (bind-9.6-ESV-R6.tar.gz) = 239d70e1bc1d7e16a42d36938de8aa3ffbab0b64 | 4 | RMD160 (bind-9.6-ESV-R6.tar.gz) = 239d70e1bc1d7e16a42d36938de8aa3ffbab0b64 | |
5 | Size (bind-9.6-ESV-R6.tar.gz) = 6288288 bytes | 5 | Size (bind-9.6-ESV-R6.tar.gz) = 6288288 bytes | |
6 | SHA1 (patch-ab) = 6cec876c8caa7082f97365863f3f88c4f168da48 | 6 | SHA1 (patch-ab) = 6cec876c8caa7082f97365863f3f88c4f168da48 | |
7 | SHA1 (patch-ac) = 074649e1514870a3154c623a5f6d1507b72b5b05 | 7 | SHA1 (patch-ac) = 074649e1514870a3154c623a5f6d1507b72b5b05 | |
8 | SHA1 (patch-ad) = 3fcfac007f7823d48573459e57810f442c5b7d2f | 8 | SHA1 (patch-ad) = 3fcfac007f7823d48573459e57810f442c5b7d2f | |
9 | SHA1 (patch-ag) = ffc547b444f01f51a12a01cfa884916a9a411a88 | 9 | SHA1 (patch-ag) = ffc547b444f01f51a12a01cfa884916a9a411a88 | |
10 | SHA1 (patch-am) = a52d847354cd83b2474d5420925925e4614c966f | 10 | SHA1 (patch-am) = a52d847354cd83b2474d5420925925e4614c966f | |
11 | SHA1 (patch-lib_dns_resolver.c) = e9b7460c15df6b942b9987aeb4d223f48dec712d |
$NetBSD: patch-lib_dns_resolver.c,v 1.1.2.2 2012/05/03 19:15:51 tron Exp $
Prevent segmentation fault in resolver.c: https://kb.isc.org/article/AA-00664
--- lib/dns/resolver.c.orig 2012-03-26 16:14:28.000000000 +0000
+++ lib/dns/resolver.c
@@ -2156,7 +2156,6 @@ fctx_finddone(isc_task_t *task, isc_even
isc_boolean_t want_try = ISC_FALSE;
isc_boolean_t want_done = ISC_FALSE;
isc_boolean_t bucket_empty = ISC_FALSE;
- isc_boolean_t destroy = ISC_FALSE;
unsigned int bucketnum;
find = event->ev_sender;
@@ -2195,17 +2194,12 @@ fctx_finddone(isc_task_t *task, isc_even
}
} else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) {
- /*
- * Note that we had to wait until we had the lock before
- * looking at fctx->references.
- */
+
if (fctx->references == 0)
- destroy = ISC_TRUE;
+ bucket_empty = fctx_destroy(fctx);
}
UNLOCK(&res->buckets[bucketnum].lock);
- if (destroy)
- bucket_empty = fctx_destroy(fctx);
isc_event_free(&event);
dns_adb_destroyfind(&find);