From bcea1af279df306eef420fd8f47839e58a43349b Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac@fedoraproject.org>
Date: Dec 03 2008 12:20:45 +0000
Subject: - fixed rare use-after-free problem in host utility (#452060)


---

diff --git a/bind-95-rh452060.patch b/bind-95-rh452060.patch
new file mode 100644
index 0000000..58808b0
--- /dev/null
+++ b/bind-95-rh452060.patch
@@ -0,0 +1,40 @@
+diff -up bind-9.5.0-P2/bin/dig/dighost.c.rh452060 bind-9.5.0-P2/bin/dig/dighost.c
+--- bind-9.5.0-P2/bin/dig/dighost.c.rh452060	2008-12-01 22:30:01.000000000 +0100
++++ bind-9.5.0-P2/bin/dig/dighost.c	2008-12-01 22:30:07.000000000 +0100
+@@ -1280,6 +1280,12 @@ clear_query(dig_query_t *query) {
+ 
+ 	debug("clear_query(%p)", query);
+ 
++	if (query->waiting_senddone) {
++		debug("send_done not yet called");
++		query->pending_free = ISC_TRUE;
++		return;
++	}
++
+ 	lookup = query->lookup;
+ 
+ 	if (lookup->current_query == query)
+@@ -1301,10 +1307,7 @@ clear_query(dig_query_t *query) {
+ 	isc_mempool_put(commctx, query->recvspace);
+ 	isc_buffer_invalidate(&query->recvbuf);
+ 	isc_buffer_invalidate(&query->lengthbuf);
+-	if (query->waiting_senddone)
+-		query->pending_free = ISC_TRUE;
+-	else
+-		isc_mem_free(mctx, query);
++	isc_mem_free(mctx, query);
+ }
+ 
+ /*%
+@@ -2175,9 +2178,9 @@ send_done(isc_task_t *_task, isc_event_t
+ 	isc_event_free(&event);
+ 
+ 	if (query->pending_free)
+-		isc_mem_free(mctx, query);
++		clear_query(query);
+ 
+-	check_if_done();
++	check_next_lookup(l);
+ 	UNLOCK_LOOKUP;
+ }
+ 
diff --git a/bind.spec b/bind.spec
index 0d9909d..efb5208 100644
--- a/bind.spec
+++ b/bind.spec
@@ -2,7 +2,7 @@
 # Red Hat BIND package .spec file
 #
 
-%define PREVER b3
+%define PREVER rc1
 %define VERSION %{version}%{PREVER}
 
 %{?!SDB:       %define SDB       1}
@@ -19,7 +19,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.5.1
-Release:  0.9.1.%{PREVER}%{?dist}
+Release:  0.9.2.%{PREVER}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -58,6 +58,7 @@ Patch72: bind-9.5-dlz-64bit.patch
 Patch87: bind-9.5-parallel-build.patch
 Patch95: bind-95-sdlz-include.patch
 Patch96: bind-95-rh469440.patch
+Patch97: bind-95-rh452060.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -239,6 +240,7 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named
 %patch94 -p1 -b .rh461409
 %patch95 -p1 -b .includes
 %patch96 -p1 -b .rh469440
+%patch97 -p1 -b .rh452060
 
 # Sparc and s390 arches need to use -fPIE
 %ifarch sparcv9 sparc64 s390 s390x
@@ -636,6 +638,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_sbindir}/bind-chroot-admin
 
 %changelog
+* Tue Dec 02 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.9.2.b3
+- fixed rare use-after-free problem in host utility (#452060)
+
 * Mon Dec 01 2008 Adam Tkac <atkac redhat com> 32:9.5.1-0.9.1.b3
 - improved sample config file (#473586)