Description of problem: These BIND bugs have been fixed by the upstream ISC BIND maintainers, and the fixes have been reviewed and tested. I have selected this bare minimum set of bug fixes from the ISC BIND 9.2.6 release, verified that the code changes fix genuine problems in the Linux BIND source, and have backported them to the RHEL-4 bind-9.2.4 release . No new features are added by these bug fixes - they fix known problems in the BIND source code only. New test cases have been added to the test suite and all tests pass. --- ISC BIND 9.2.6 fixes backported to RHEL-4 BIND 9.2.4 --- 1923. [bug] ns_client_detach() called too early. [RT #15499] 1895. [bug] A escaped character is, potentially, converted to the output character set too early. [RT #14666] 1886. [bug] fctx_create() could return success even though it failed. [RT #14993] 1883. [bug] dnssec-signzone, dnssec-keygen, dnssec-signkey, dnssec-makekeyset: handle negative debug levels. [RT #14962] 1877. [bug] Fix unreasonably low quantum on call to dns_rbt_destroy2(). Remove unnecessay unhash_node() call. [RT #14919] 1875. [bug] process_dhtkey() was using the wrong memory context to free some memory. [RT #14890] 1871. [bug] dnssec_makekeyset and dnssec-signkey failed to initalize the hash context. [RT #13771] 1854. [bug] lwres also needs to know the print format for (long long). [RT #13754] 1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591] 1847. [bug] isc_ondestroy_init() is called too late in dns_rbtdb_create()/dns_rbtdb64_create(). [RT #13661] 1844. [bug] inet_pton() accepted more that 4 hexadecimal digits for each 16 bit piece of the IPv6 address. The text representation of a IPv6 address has been tighted to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt). [RT #5662] 1835. [bug] Update dnssec-signzone's usage message. [RT #13657] 1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660] 1832. [bug] named fails to return BADKEY on unknown TSIG algorithm. [RT #13620] (tsig.c) 1830. [bug] adb lame cache has sence of test reversed. [RT #13600] 1828. [bug] isc_rwlock_init() failed to properly cleanup if it encountered a error. [RT #13549] 1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out of memory error. [RT #13537] 1825. [bug] Missing UNLOCK() on out of memory error from in rbtdb.c:subtractrdataset(). [RT #13519] 1824. [bug] Memory leak on dns_zone_setdbtype() failure. [RT #13510] 1823. [bug] Wrong macro used to check for point to point interface. 1820. [bug] Gracefully handle acl loops. [RT #13659] 1815. [bug] nsupdate triggered a REQUIRE if the server was set without also setting the zone and it encountered a CNAME and was using TSIG. [RT #13086] 1807. [bug] When forwarding (forward only) set the active domain from the forward zone name. [RT #13526] 1804. [bug] Ensure that if we are queried for glue that it fits in the additional section or TC is set to tell the client to retry using TCP. [RT #10114] Version-Release number of selected component (if applicable): bind-9.2.4-12(-) How reproducible: 100% Steps to Reproduce: Expect any of the above bugs to be fixed Actual results: They are not fixed Additional info: Running the bind test-suite in RHTS will verify these fixes.
These fixes have been backported in the bind-9.2.4-14_EL4 release, with source code patch 'bind-9.2.4-9-2-6-backport.patch' . N.B.: fix for ISC bugs: - 1825 and 1847 - should fix RHEL-4 bind bug 173961 .
Adding to U3 proposed list. Jason, the backport patch doesn't include the test suite changes which might verify that these bugs are fixed. Is that the intent?
(In reply to comment #2) > Jason, the backport patch doesn't include the test > suite changes which might verify that these bugs are fixed. > Is that the intent? Yes, the test suite will test all BIND operations affected by the patches.
This issue is on Red Hat Engineering's list of planned work items for the upcoming Red Hat Enterprise Linux 3.8 release. Engineering resources have been assigned and barring unforeseen circumstances, Red Hat intends to include this item in the 3.8 release.
Status should not be "NEEDINFO_ENG" - changes were submitted, packages built, errata raised - changing status to "MODIFIED".
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0288.html