174127 – critical upstream bug fixes need backporting

Bug 174127 - critical upstream bug fixes need backporting

Summary: critical upstream bug fixes need backporting

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	bind
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Jason Vas Dias
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	174129 181409
TreeView+	depends on / blocked

Reported:	2005-11-24 21:11 UTC by Jason Vas Dias
Modified:	2007-11-30 22:07 UTC (History)
CC List:	0 users
Fixed In Version:	RHBA-2006-0288
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-08-10 21:14:27 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2006:0288	0	normal	SHIPPED_LIVE	bind bug fix update	2006-08-09 04:00:00 UTC

Description Jason Vas Dias 2005-11-24 21:11:42 UTC

Description of problem:

These BIND bugs have been fixed by the upstream ISC BIND maintainers,
and the fixes have been reviewed and tested. I have selected this bare
minimum set of bug fixes from the ISC BIND 9.2.6 release, verified that
the code changes fix genuine problems in the Linux BIND source, and have
backported them to the RHEL-4 bind-9.2.4 release . 

No new features are added by these bug fixes - they fix known problems in
the BIND source code only.

New test cases have been added to the test suite and all tests pass.

        --- ISC BIND 9.2.6 fixes backported to RHEL-4 BIND 9.2.4 ---

1923.   [bug]           ns_client_detach() called too early. [RT #15499]

1895.   [bug]           A escaped character is, potentially, converted to
                        the output character set too early. [RT #14666]

1886.   [bug]           fctx_create() could return success even though it
                        failed. [RT #14993]

1883.   [bug]           dnssec-signzone, dnssec-keygen, dnssec-signkey,
                        dnssec-makekeyset: handle negative debug levels.
                        [RT #14962]

1877.   [bug]           Fix unreasonably low quantum on call to
                        dns_rbt_destroy2().  Remove unnecessay unhash_node()
                        call. [RT #14919]

1875.   [bug]           process_dhtkey() was using the wrong memory context
                        to free some memory. [RT #14890]

1871.   [bug]           dnssec_makekeyset and dnssec-signkey failed to
                        initalize the hash context. [RT #13771]

1854.   [bug]           lwres also needs to know the print format for
                        (long long).  [RT #13754]

1850.   [bug]           Memory leak in lwres_getipnodebyaddr(). [RT #14591]

1847.   [bug]           isc_ondestroy_init() is called too late in
                        dns_rbtdb_create()/dns_rbtdb64_create().
                        [RT #13661]

1844.   [bug]           inet_pton() accepted more that 4 hexadecimal digits
                        for each 16 bit piece of the IPv6 address.  The text
                        representation of a IPv6 address has been tighted
                        to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
                        [RT #5662]

1835.   [bug]           Update dnssec-signzone's usage message. [RT #13657]

1833.   [bug]           Race condition in isc_mutex_lock_profile(). [RT #13660]

1832.   [bug]           named fails to return BADKEY on unknown TSIG algorithm.
                        [RT #13620] (tsig.c)

1830.   [bug]           adb lame cache has sence of test reversed. [RT #13600]

1828.   [bug]           isc_rwlock_init() failed to properly cleanup if it
                        encountered a error. [RT #13549]

1826.   [bug]           Missing DESTROYLOCK() in isc_mem_createx() on out
                        of memory error. [RT #13537]

1825.   [bug]           Missing UNLOCK() on out of memory error from in
                        rbtdb.c:subtractrdataset(). [RT #13519]

1824.   [bug]           Memory leak on dns_zone_setdbtype() failure.
                        [RT #13510]

1823.   [bug]           Wrong macro used to check for point to point interface.

1820.   [bug]           Gracefully handle acl loops. [RT #13659]

1815.   [bug]           nsupdate triggered a REQUIRE if the server was set
                        without also setting the zone and it encountered
                        a CNAME and was using TSIG.  [RT #13086]

1807.   [bug]           When forwarding (forward only) set the active domain
                        from the forward zone name. [RT #13526]

1804.   [bug]           Ensure that if we are queried for glue that it fits
                        in the additional section or TC is set to tell the
                        client to retry using TCP. [RT #10114]


 
Version-Release number of selected component (if applicable):

bind-9.2.4-12(-)

How reproducible:
100%

Steps to Reproduce:
Expect any of the above bugs to be fixed
  
Actual results:
They are not fixed

Additional info:
Running the bind test-suite in RHTS will verify these fixes.

Comment 1 Jason Vas Dias 2005-11-24 21:14:47 UTC

These fixes have been backported in the bind-9.2.4-14_EL4 release, with
source code patch 'bind-9.2.4-9-2-6-backport.patch' .

N.B.: fix for ISC bugs: - 1825 and 1847 - should fix RHEL-4 bind bug 173961 .

Comment 2 Nalin Dahyabhai 2005-12-06 17:53:06 UTC

Adding to U3 proposed list.  Jason, the backport patch doesn't include the test
suite changes which might verify that these bugs are fixed.  Is that the intent?

Comment 6 Jason Vas Dias 2006-03-31 16:23:34 UTC

(In reply to comment #2)
> Jason, the backport patch doesn't include the test
> suite changes which might verify that these bugs are fixed. 
> Is that the intent?

Yes, the test suite will test all BIND operations affected by the patches.

Comment 8 Bob Johnson 2006-04-11 16:01:57 UTC

This issue is on Red Hat Engineering's list of planned work items 
for the upcoming Red Hat Enterprise Linux 3.8 release.  Engineering 
resources have been assigned and barring unforeseen circumstances, Red 
Hat intends to include this item in the 3.8 release.

Comment 9 Jason Vas Dias 2006-04-14 02:01:02 UTC

Status should not be "NEEDINFO_ENG" - changes were submitted, packages built,
errata raised - changing status to "MODIFIED".

Comment 12 Red Hat Bugzilla 2006-08-10 21:14:30 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0288.html

Note You need to log in before you can comment on or make changes to this bug.