3471a1 - 9.5.1b1 release (CVE-2008-1447)

Authored and Committed by Adam Tkac 16 years ago
    - 9.5.1b1 release (CVE-2008-1447)
    - dropped bind-9.5-recv-race.patch because upstream doesn't want it
    
        
file modified
+1 -1
.cvsignore CHANGED
@@ -1,4 +1,4 @@
1
1
bind-chroot.tar.bz2
2
2
config-4.tar.bz2
3
3
libbind-man.tar.gz
4
- bind-9.5.0.tar.gz
4
+ bind-9.5.1b1.tar.gz
file modified
+19 -33
bind-9.5-dlz-64bit.patch CHANGED
@@ -1,6 +1,6 @@
1
- diff -up bind-9.5.0a5/contrib/dlz/config.dlz.in.64bit bind-9.5.0a5/contrib/dlz/config.dlz.in
2
- --- bind-9.5.0a5/contrib/dlz/config.dlz.in.64bit 2006-06-07 04:21:50.000000000 +0200
3
- +++ bind-9.5.0a5/contrib/dlz/config.dlz.in 2007-07-23 11:18:54.000000000 +0200
1
+ diff -up bind-9.5.1b1/contrib/dlz/config.dlz.in.64bit bind-9.5.1b1/contrib/dlz/config.dlz.in
2
+ --- bind-9.5.1b1/contrib/dlz/config.dlz.in.64bit 2008-06-17 06:03:31.000000000 +0200
3
+ +++ bind-9.5.1b1/contrib/dlz/config.dlz.in 2008-07-11 12:08:43.000000000 +0200
4
4
@@ -17,6 +17,13 @@
5
5
#
6
6
dlzdir='${DLZ_DRIVER_DIR}'
@@ -15,29 +15,19 @@ diff -up bind-9.5.0a5/contrib/dlz/config.dlz.in.64bit bind-9.5.0a5/contrib/dlz/c
15
15
#
16
16
# Private autoconf macro to simplify configuring drivers:
17
17
#
18
- @@ -83,7 +90,7 @@ then
18
+ @@ -135,9 +142,9 @@ then
19
- if test -f $d/include/libpq-fe.h
20
19
then
21
- use_dlz_postgres=$d/include
22
- - use_dlz_postgres_lib=$d/lib
23
- + use_dlz_postgres_lib=$d/${target_lib}
24
- break
25
- fi
26
- done
27
- @@ -151,10 +158,10 @@ case "$use_dlz_mysql" in
28
- *)
29
- DLZ_ADD_DRIVER(MYSQL, dlz_mysql_driver,
30
- [-I$use_dlz_mysql/include/mysql],
31
- - [-L$use_dlz_mysql/lib/mysql -lmysqlclient -lz -lcrypt -lm])
20
+ use_dlz_mysql=$d
21
+ mysql_include=$d/include/mysql
22
+ - if test -d $d/lib/mysql
23
+ + if test -d $d/${target_lib}/mysql
24
+ then
25
+ - mysql_lib=$d/lib/mysql
26
+ + mysql_lib=$d/${target_lib}/mysql
27
+ else
28
+ mysql_lib=$d/lib
29
+ fi
30
+ @@ -274,11 +281,11 @@ case "$use_dlz_bdb" in
32
- + [-L$use_dlz_mysql/${target_lib}/mysql -lmysqlclient -lz -lcrypt -lm])
33
-
34
- AC_MSG_RESULT(
35
- -[using mysql from $use_dlz_mysql/lib/mysql and $use_dlz_mysql/include/mysql])
36
- +[using mysql from $use_dlz_mysql/${target_lib}/mysql and $use_dlz_mysql/include/mysql])
37
- ;;
38
- esac
39
-
40
- @@ -232,11 +239,11 @@ case "$use_dlz_bdb" in
41
31
bdb_libnames="db42 db-4.2 db41 db-4.1 db"
42
32
for d in $bdb_libnames
43
33
do
@@ -51,7 +41,7 @@ diff -up bind-9.5.0a5/contrib/dlz/config.dlz.in.64bit bind-9.5.0a5/contrib/dlz/c
51
41
else
52
42
dlz_bdb_libs=""
53
43
fi
54
- @@ -341,10 +348,10 @@ case "$use_dlz_ldap" in
44
+ @@ -383,7 +390,7 @@ case "$use_dlz_ldap" in
55
45
*)
56
46
DLZ_ADD_DRIVER(LDAP, dlz_ldap_driver,
57
47
[-I$use_dlz_ldap/include],
@@ -59,12 +49,8 @@ diff -up bind-9.5.0a5/contrib/dlz/config.dlz.in.64bit bind-9.5.0a5/contrib/dlz/c
59
49
+ [-L$use_dlz_ldap/${target_lib} -lldap -llber])
60
50
61
51
AC_MSG_RESULT(
62
- -[using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include])
63
- +[using LDAP from $use_dlz_ldap/${target_lib} and $use_dlz_ldap/include])
52
+ [using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include])
53
+ @@ -407,7 +414,7 @@ then
64
- ;;
65
- esac
66
-
67
- @@ -365,7 +372,7 @@ then
68
54
odbcdirs="/usr /usr/local /usr/pkg"
69
55
for d in $odbcdirs
70
56
do
@@ -73,7 +59,7 @@ diff -up bind-9.5.0a5/contrib/dlz/config.dlz.in.64bit bind-9.5.0a5/contrib/dlz/c
73
59
then
74
60
use_dlz_odbc=$d
75
61
break
76
- @@ -385,7 +392,7 @@ case "$use_dlz_odbc" in
62
+ @@ -427,7 +434,7 @@ case "$use_dlz_odbc" in
77
63
*)
78
64
DLZ_ADD_DRIVER(ODBC, dlz_odbc_driver,
79
65
[-I$use_dlz_odbc/include],
file removed
-172
bind-9.5-recv-race.patch DELETED
@@ -1,172 +0,0 @@
1
- diff -up bind-9.5.0b2/lib/isc/unix/socket.c.recv bind-9.5.0b2/lib/isc/unix/socket.c
2
- --- bind-9.5.0b2/lib/isc/unix/socket.c.recv 2008-04-10 16:45:33.000000000 +0200
3
- +++ bind-9.5.0b2/lib/isc/unix/socket.c 2008-04-10 17:00:46.000000000 +0200
4
- @@ -261,10 +261,10 @@ static isc_result_t allocate_socket(isc_
5
- static void destroy(isc_socket_t **);
6
- static void internal_accept(isc_task_t *, isc_event_t *);
7
- static void internal_connect(isc_task_t *, isc_event_t *);
8
- -static void internal_recv(isc_task_t *, isc_event_t *);
9
- +static void internal_recv(isc_event_t *);
10
- static void internal_send(isc_task_t *, isc_event_t *);
11
- static void internal_fdwatch_write(isc_task_t *, isc_event_t *);
12
- -static void internal_fdwatch_read(isc_task_t *, isc_event_t *);
13
- +static void internal_fdwatch_read(isc_event_t *);
14
- static void process_cmsg(isc_socket_t *, struct msghdr *, isc_socketevent_t *);
15
- static void build_msghdr_send(isc_socket_t *, isc_socketevent_t *,
16
- struct msghdr *, struct iovec *, size_t *);
17
- @@ -1830,7 +1830,7 @@ isc_socket_detach(isc_socket_t **socketp
18
- *
19
- * The socket and manager must be locked before calling this function.
20
- */
21
- -static void
22
- +static isc_boolean_t
23
- dispatch_recv(isc_socket_t *sock) {
24
- intev_t *iev;
25
- isc_socketevent_t *ev;
26
- @@ -1841,7 +1841,7 @@ dispatch_recv(isc_socket_t *sock) {
27
- if (sock->type != isc_sockettype_fdwatch) {
28
- ev = ISC_LIST_HEAD(sock->recv_list);
29
- if (ev == NULL)
30
- - return;
31
- + return ISC_FALSE;
32
- socket_log(sock, NULL, EVENT, NULL, 0, 0,
33
- "dispatch_recv: event %p -> task %p",
34
- ev, ev->ev_sender);
35
- @@ -1855,13 +1855,16 @@ dispatch_recv(isc_socket_t *sock) {
36
-
37
- sock->references++;
38
- iev->ev_sender = sock;
39
- + iev->ev_arg = sock;
40
- if (sock->type == isc_sockettype_fdwatch)
41
- - iev->ev_action = internal_fdwatch_read;
42
- + internal_fdwatch_read (iev);
43
- else
44
- - iev->ev_action = internal_recv;
45
- - iev->ev_arg = sock;
46
- + internal_recv (iev);
47
-
48
- - isc_task_send(sender, (isc_event_t **)&iev);
49
- + if (sock->references == 0)
50
- + return ISC_TRUE;
51
- +
52
- + return ISC_FALSE;
53
- }
54
-
55
- static void
56
- @@ -2228,7 +2231,7 @@ internal_accept(isc_task_t *me, isc_even
57
- }
58
-
59
- static void
60
- -internal_recv(isc_task_t *me, isc_event_t *ev) {
61
- +internal_recv(isc_event_t *ev) {
62
- isc_socketevent_t *dev;
63
- isc_socket_t *sock;
64
-
65
- @@ -2237,21 +2240,13 @@ internal_recv(isc_task_t *me, isc_event_
66
- sock = ev->ev_sender;
67
- INSIST(VALID_SOCKET(sock));
68
-
69
- - LOCK(&sock->lock);
70
- - socket_log(sock, NULL, IOEVENT,
71
- - isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_INTERNALRECV,
72
- - "internal_recv: task %p got event %p", me, ev);
73
- -
74
- INSIST(sock->pending_recv == 1);
75
- sock->pending_recv = 0;
76
-
77
- INSIST(sock->references > 0);
78
- sock->references--; /* the internal event is done with this socket */
79
- - if (sock->references == 0) {
80
- - UNLOCK(&sock->lock);
81
- - destroy(&sock);
82
- + if (sock->references == 0)
83
- return;
84
- - }
85
-
86
- /*
87
- * Try to do as much I/O as possible on this socket. There are no
88
- @@ -2289,7 +2284,6 @@ internal_recv(isc_task_t *me, isc_event_
89
- if (!ISC_LIST_EMPTY(sock->recv_list))
90
- select_poke(sock->manager, sock->fd, SELECT_POKE_READ);
91
-
92
- - UNLOCK(&sock->lock);
93
- }
94
-
95
- static void
96
- @@ -2388,7 +2382,7 @@ internal_fdwatch_write(isc_task_t *me, i
97
- }
98
-
99
- static void
100
- -internal_fdwatch_read(isc_task_t *me, isc_event_t *ev) {
101
- +internal_fdwatch_read(isc_event_t *ev) {
102
- isc_socket_t *sock;
103
- int more_data;
104
-
105
- @@ -2400,31 +2394,19 @@ internal_fdwatch_read(isc_task_t *me, is
106
- sock = (isc_socket_t *)ev->ev_sender;
107
- INSIST(VALID_SOCKET(sock));
108
-
109
- - LOCK(&sock->lock);
110
- - socket_log(sock, NULL, IOEVENT,
111
- - isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_INTERNALRECV,
112
- - "internal_fdwatch_read: task %p got event %p", me, ev);
113
- -
114
- INSIST(sock->pending_recv == 1);
115
-
116
- - UNLOCK(&sock->lock);
117
- - more_data = (sock->fdwatchcb)(me, sock, sock->fdwatcharg);
118
- - LOCK(&sock->lock);
119
- + INSIST(0); /* We should not be here */
120
-
121
- sock->pending_recv = 0;
122
-
123
- INSIST(sock->references > 0);
124
- sock->references--; /* the internal event is done with this socket */
125
- - if (sock->references == 0) {
126
- - UNLOCK(&sock->lock);
127
- - destroy(&sock);
128
- + if (sock->references == 0)
129
- return;
130
- - }
131
-
132
- if (more_data)
133
- select_poke(sock->manager, sock->fd, SELECT_POKE_READ);
134
- -
135
- - UNLOCK(&sock->lock);
136
- }
137
-
138
- static void
139
- @@ -2434,6 +2416,7 @@ process_fds(isc_socketmgr_t *manager, in
140
- int i;
141
- isc_socket_t *sock;
142
- isc_boolean_t unlock_sock;
143
- + isc_boolean_t destroy_sock;
144
-
145
- REQUIRE(maxfd <= (int)FD_SETSIZE);
146
-
147
- @@ -2462,6 +2445,7 @@ process_fds(isc_socketmgr_t *manager, in
148
-
149
- sock = manager->fds[i];
150
- unlock_sock = ISC_FALSE;
151
- + destroy_sock = ISC_FALSE;
152
- if (FD_ISSET(i, readfds)) {
153
- if (sock == NULL) {
154
- FD_CLR(i, &manager->read_fds);
155
- @@ -2473,7 +2457,7 @@ process_fds(isc_socketmgr_t *manager, in
156
- if (sock->listener)
157
- dispatch_accept(sock);
158
- else
159
- - dispatch_recv(sock);
160
- + destroy_sock = dispatch_recv(sock);
161
- }
162
- FD_CLR(i, &manager->read_fds);
163
- }
164
- @@ -2497,6 +2481,8 @@ process_fds(isc_socketmgr_t *manager, in
165
- }
166
- if (unlock_sock)
167
- UNLOCK(&sock->lock);
168
- + if (destroy_sock)
169
- + destroy(&sock);
170
- }
171
- }
172
-
file modified
+10 -6
bind.spec CHANGED
@@ -2,6 +2,8 @@
2
2
# Red Hat BIND package .spec file
3
3
#
4
4
5
+ %define PREVER b1
6
+
5
7
%{?!SDB: %define SDB 1}
6
8
%{?!LIBBIND: %define LIBBIND 1}
7
9
%{?!test: %define test 0}
@@ -15,14 +17,14 @@
15
17
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
16
18
Name: bind
17
19
License: ISC
18
- Version: 9.5.0
19
- Release: 37.1%{?dist}
20
+ Version: 9.5.1
21
+ Release: 0.1.%{PREVER}%{?dist}
20
22
Epoch: 32
21
23
Url: http://www.isc.org/products/BIND/
22
24
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
23
25
Group: System Environment/Daemons
24
26
#
25
- Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz
27
+ Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}%{PREVER}.tar.gz
26
28
Source1: named.sysconfig
27
29
Source2: named.init
28
30
Source3: named.logrotate
@@ -54,7 +56,6 @@ Patch63: bind-9.4.0-dnssec-directory.patch
54
56
Patch71: bind-9.5-overflow.patch
55
57
Patch72: bind-9.5-dlz-64bit.patch
56
58
Patch87: bind-9.5-parallel-build.patch
57
- Patch89: bind-9.5-recv-race.patch
58
59
Patch90: bind-9.5-edns.patch
59
60
Patch91: bind95-rh450995.patch
60
61
@@ -173,7 +174,7 @@ chroot(2) jail for the named(8) program from the BIND package.
173
174
Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
174
175
175
176
%prep
176
- %setup -q
177
+ %setup -q -n %{name}-%{version}%{PREVER}
177
178
178
179
# Common patches
179
180
%patch -p1 -b .varrun
@@ -237,7 +238,6 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named
237
238
%patch83 -p1 -b .libidn2
238
239
%patch85 -p1 -b .libidn3
239
240
%patch87 -p1 -b .parallel
240
- %patch89 -p1 -b .recv-race
241
241
%patch90 -p1 -b .edns
242
242
%patch91 -p1 -b .rh450995
243
243
:;
@@ -636,6 +636,10 @@ rm -rf ${RPM_BUILD_ROOT}
636
636
%{_sbindir}/bind-chroot-admin
637
637
638
638
%changelog
639
+ * Tue Jul 08 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.1.b1
640
+ - 9.5.1b1 release (CVE-2008-1447)
641
+ - dropped bind-9.5-recv-race.patch because upstream doesn't want it
642
+
639
643
* Mon Jun 30 2008 Adam Tkac <atkac redhat com> 32:9.5.0-37.1
640
644
- update default named.conf statements (#452708)
641
645
file modified
+1 -1
sources CHANGED
@@ -1,4 +1,4 @@
1
1
4faa4395b955e5f8a3d50f308b9fabc8 bind-chroot.tar.bz2
2
2
de68e10e91e05ab100be879b5bcaa6cb config-4.tar.bz2
3
3
13fef79f99fcefebb51d84b08805de51 libbind-man.tar.gz
4
- 066484717db1d1b1b4092ddcf5d0eb6e bind-9.5.0.tar.gz
4
+ bbd52aadb39f76b50e8413fa165f805e bind-9.5.1b1.tar.gz