From d7e82d3e752b302f3e2659b9ce0151d69ea2a76f Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac@fedoraproject.org>
Date: Jan 13 2010 10:01:46 +0000
Subject: - fix occasional crash in keytable.c (#549284)


---

diff --git a/bind.spec b/bind.spec
index 39860ac..cb47c00 100644
--- a/bind.spec
+++ b/bind.spec
@@ -20,7 +20,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.6.1
-Release:  7.%{PATCHVER}%{?dist}
+Release:  8.%{PATCHVER}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -54,6 +54,7 @@ Patch101:bind-96-old-api.patch
 Patch102:bind-95-rh452060.patch
 Patch106:bind93-rh490837.patch
 Patch107:bind96-rh507469.patch
+Patch108:bind96-rh549284.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -220,6 +221,7 @@ mkdir m4
 %patch102 -p1 -b .rh452060
 %patch106 -p0 -b .rh490837
 %patch107 -p1 -b .rh507469
+%patch108 -p1 -b .rh549284
 
 # Sparc and s390 arches need to use -fPIE
 %ifarch sparcv9 sparc64 s390 s390x
@@ -588,6 +590,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %ghost %{chroot_prefix}/etc/localtime
 
 %changelog
+* Wed Jan 13 2010 Adam Tkac <atkac redhat com> 32:9.6.1-8.P2
+- fix occasional crash in keytable.c (#549284)
+
 * Wed Nov 25 2009 Adam Tkac <atkac redhat com> 32:9.6.1-7.P2
 - update to 9.6.1-P2 (CVE-2009-4022)
 
diff --git a/bind96-rh549284.patch b/bind96-rh549284.patch
new file mode 100644
index 0000000..aef18f7
--- /dev/null
+++ b/bind96-rh549284.patch
@@ -0,0 +1,19 @@
+--- bind-9.6.1-P2/lib/dns/validator.c.rh549284	2010-01-11 11:40:26.480893127 +0100
++++ bind-9.6.1-P2/lib/dns/validator.c	2010-01-11 11:40:57.730892953 +0100
+@@ -2161,7 +2161,7 @@ validatezonekey(dns_validator_t *val) {
+ 		     result == ISC_R_SUCCESS;
+ 		     result = dns_rdataset_next(val->event->sigrdataset))
+ 		{
+-			dns_keynode_t *keynode = NULL, *nextnode = NULL;
++			dns_keynode_t *keynode = NULL;
+ 
+ 			dns_rdata_reset(&sigrdata);
+ 			dns_rdataset_current(val->event->sigrdataset,
+@@ -2181,6 +2181,7 @@ validatezonekey(dns_validator_t *val) {
+ 			    result == ISC_R_SUCCESS)
+ 				atsep = ISC_TRUE;
+ 			while (result == ISC_R_SUCCESS) {
++				dns_keynode_t *nextnode = NULL;
+ 				dstkey = dns_keynode_key(keynode);
+ 				result = verify(val, dstkey, &sigrdata,
+ 						sig.keyid);