Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 158664 - net-dns/bind-9.3.3 core dumps / segfaults often on hardened
Summary: net-dns/bind-9.3.3 core dumps / segfaults often on hardened
Status: RESOLVED CANTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Other
: High major (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
: 165648 166719 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-12-20 10:22 UTC by Ben XO
Modified: 2008-05-03 18:34 UTC (History)
27 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Test zone file (crashtest.zone,867 bytes, text/plain)
2007-02-27 15:08 UTC, RB
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ben XO 2006-12-20 10:22:19 UTC
Happens to me on 2 different boxes... one has 200 zones the other about 25, so the core dumping was a major PITA >_<

Bind wouldn't stay up for more than about 15 minutes.

Workaround: downgrade to 9.2.7 which appears to be stable.

info on box1:

Portage 2.1.1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.17-hardened-r1 i686)
=================================================================
System uname: 2.6.17-hardened-r1 i686 Intel(R) Pentium(R) 4 CPU 3.06GHz
Gentoo Base System version 1.12.6
Last Sync: Wed, 20 Dec 2006 12:00:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  0.4.2-r1
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer -fweb -frename-registers -funit-at-a-time"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind /var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer -fweb -frename-registers -funit-at-a-time"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache confcache distlocks parallel-fetch sandbox sfperms strict stricter userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://ftp.roedu.net/pub/mirrors/gentoo.org/ http://gentoo.inode.at/"
MAKEOPTS="-j3"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X509 acpi aim apache2 avi berkdb bzip2 cdb cli contentcache cracklib crypt ctype curl dba devmap dlloader elibc_glibc encode exif expat fam fastbuild foomaticdb force-cgi-redirect fortran ftp gd gdbm gif gmp hardened hash iconv idn imap imlib inode input_devices_keyboard input_devices_mouse ipv6 jpeg kernel_linux libg++ libwww logrotate mad maildir memlimit mhash mp3 mpeg mysql mysqli ncurses nls nptl ogg pam pcntl pcre pdflib perl pic png posix python qmail readline reflection rrdtool sdl session sharedmem simplexml slang snmp soap sockets spamassassin spell spl sqlite sse2 ssl sysvipc tcltk tcpd threads tiff tokenizer truetype truetype-fonts udev unicode userland_GNU userlocales vhosts vorbis x86 xml xml2 xorg xsl xv zip zlib zlibi"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY


info on box2:

Portage 2.1.1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.11-hardened-r14 i686)
=================================================================
System uname: 2.6.11-hardened-r14 i686 Intel(R) XEON(TM) CPU 1.80GHz
Gentoo Base System version 1.12.6
Last Sync: Wed, 20 Dec 2006 10:00:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r2, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe -funit-at-a-time -fweb -frename-registers"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -march=pentium4 -fomit-frame-pointer -pipe -funit-at-a-time -fweb -frename-registers"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks metadata-transfer parallel-fetch sandbox sfperms strict stricter userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://gentoo.blueyonder.co.uk/ http://194.117.143.69 ftp://194.117.143.69/mirrors/gentoo http://194.117.143.71 ftp://194.117.143.72/mirrors/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo"
LINGUAS="en"
MAKEOPTS="-j5"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X509 acl apache2 berkdb bzip2 cdb chroot cli crypt ctype curl dlloader elibc_glibc erandom exif extraengine fastbuild flash ftp gd glibc-omitfp gmp hardened hpn iconv idn imap inifile innodb input_devices_keyboard input_devices_mouse ipv6 java jpeg kernel_linux linguas_en logrotate maildir mcal mhash ming mpm-prefork mysql ncurses nls nptl nptlonly pam pcntl pcre perl php pic pie png python readline rrdtool sasl session sftplogging sharedext sharedmem snmp sockets spamassassin spell sqlite ssl sysvipc tcpd threads tiff tokenizer truetype unicode userland_GNU userlocales utf8 x86 xml xml2 xmlrpc xorg xsl zip zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 1 Chris Frage 2006-12-21 03:18:54 UTC
It core dumps on lookup of its own zones ...
Normal caching and forwarding is working fine.

Same problem with hardened amd64:

Portage 2.1.1-r2 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.3.6-r5, 2.6.18-hardened x86_64)
=================================================================
System uname: 2.6.18-hardened x86_64 Intel(R) Xeon(TM) CPU 2.80GHz
Gentoo Base System version 1.12.6
Last Sync: Thu, 21 Dec 2006 08:30:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=x86-64 -O2 -fomit-frame-pointer -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=x86-64 -O2 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig buildpkg candy ccache distlocks fixpackages metadata-transfer nodoc noinfo noman notitles parallel-fetch sandbox sfperms strict"
GENTOO_MIRRORS="ftp://cs.ubishops.ca/pub/gentoo ftp://pandemonium.tiscali.de/pub/gentoo ftp://ftp.heanet.ie/pub/gentoo"
MAKEOPTS="-j5"
PKGDIR="/pkgs"
PORTAGE_RSYNC_EXTRA_OPTS="--timeout=180"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage-snix"
SYNC="rsync://10.5.4.252/gentoo-portage"
USE="amd64 acpi alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol apache2 bash-completion berkdb bzip2 caps clamav crypt elibc_glibc gif hardened hardenedphp idn input_devices_keyboard input_devices_mouse ipv6 jpeg kernel_linux mbox multilib mysql ncurses nls nptl offensive pcre perl php pic png python readline sasl server sse2 ssl symlink tcpd threads tiff truetype unicode userland_GNU vhosts xml xml2 zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS
Comment 2 Ben XO 2006-12-21 04:48:59 UTC
in my report i said that downgrading to 9.2.7 worked around the problem... but it didnt.

i've cross-graded to djbdns for the mean time.
Comment 3 Paul Osmialowski 2006-12-21 06:56:23 UTC
(In reply to comment #1)
> It core dumps on lookup of its own zones ...
> Normal caching and forwarding is working fine.
> 
The same problem on my PIII, hardened profile, all packages compiled with stack protector.
Strace during lookup of its own zone:
select(27, [20 21 22 23 24], [], NULL, {21, 403998}) = 1 (in [20], left {7, 256000})
gettimeofday({1166712896, 537447}, NULL) = 0
recvmsg(20, {msg_name(16)={sa_family=AF_INET, sin_port=htons(32968), sin_addr=inet_addr("192.168.1.123")}, msg_iov(1)=[{"\270\270\1\0\0\1\0\0\0\0\0\0\4king\3net\2pl\0\0\1\0\1t"..., 4096}], msg_controllen=20, {cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=0x1d /* SCM_??? */, ...}, msg_flags=0}, 0) = 29
sendmsg(20, {msg_name(16)={sa_family=AF_INET, sin_port=htons(32968), sin_addr=inet_addr("192.168.1.123")}, msg_iov(1)=[{"\270\270\205\200\0\1\0\1\0\2\0\2\4king\3net\2pl\0\0\1\0"..., 116}], msg_controllen=0, msg_flags=0}, 0) = 116
recvmsg(20, 0xbd744620, 0)              = -1 EAGAIN (Resource temporarily unavailable)
rt_sigprocmask(SIG_BLOCK, ~[ABRT], NULL, 8) = 0
write(2, "named", 5)                    = 5
write(2, ": stack smashing attack in funct"..., 36) = 36
write(2, "query_find", 10)              = 10
write(2, "()\n", 3)                     = 3
rt_sigaction(SIGABRT, {SIG_DFL}, NULL, 8) = 0
getpid()                                = 19918
kill(19918, SIGABRT)                    = 0
--- SIGABRT (Aborted) @ 0 (0) ---
Comment 4 solar (RETIRED) gentoo-dev 2006-12-21 07:50:20 UTC
Somebody should compile this version with gcc -fbounds-checking aka USE=boundschecking or newer gcc-4.x with mudflap. This is probably another security problem showing itself in the query_find() function.
Comment 5 Ben XO 2006-12-21 08:27:34 UTC
When i try to build bind-9.3.3 with the following:

rain ~ # CFLAGS="$CFLAGS -fbounds-checking" CXXFLAGS="$CXXFLAGS -fbounds-checking"  emerge -va bind

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild     U ] net-dns/bind-9.3.3 [9.2.7] USE="berkdb threads -dlz -doc -idn -ipv6 -ldap -mysql -odbc -postgres -resolvconf% (-selinux) -ssl (-bind-mysql%)" 0 kB


... build fails as shown...:

strip: i686-pc-linux-gnu-strip --strip-unneeded
   usr/lib/libisc.so.11.1.1
   usr/lib/libisccc.so.0.2.2
   usr/lib/libdns.so.22.0.7
   usr/lib/libisccfg.so.1.0.6
   usr/lib/libbind9.so.0.0.8
   usr/lib/liblwres.so.9.1.5
   usr/sbin/named
   usr/sbin/lwresd
   usr/sbin/rndc
   usr/sbin/rndc-confgen
   usr/sbin/dnssec-keygen
   usr/sbin/dnssec-signzone
   usr/sbin/named-checkconf
   usr/sbin/named-checkzone
   usr/lib/libisc.a
   usr/lib/libisccc.a
   usr/lib/libdns.a
   usr/lib/libisccfg.a
   usr/lib/libbind9.a
   usr/lib/liblwres.a
making executable: /usr/lib/libbind9.so.0.0.8
making executable: /usr/lib/libdns.so.22.0.7
making executable: /usr/lib/libisc.so.11.1.1
making executable: /usr/lib/libisccc.so.0.2.2
making executable: /usr/lib/libisccfg.so.1.0.6
making executable: /usr/lib/liblwres.so.9.1.5

QA Notice: the following files contain runtime text relocations
 Text relocations force the dynamic linker to perform extra
 work at startup, waste system resources, and may pose a security
 risk.  On some architectures, the code may not even function
 properly, if at all.
 For more information, see http://hardened.gentoo.org/pic-fix-guide.xml
 Please include this file in your report:
 /var/tmp/portage/bind-9.3.3/temp/scanelf-textrel.log
TEXTREL usr/lib/libisc.so.11.1.1
TEXTREL usr/lib/libisccc.so.0.2.2
TEXTREL usr/lib/libdns.so.22.0.7
TEXTREL usr/lib/libisccfg.so.1.0.6
TEXTREL usr/lib/libbind9.so.0.0.8
TEXTREL usr/lib/liblwres.so.9.1.5


!!! ERROR: net-dns/bind-9.3.3 failed.
Call stack:
  misc-functions.sh, line 417:   Called install_qa_check
  misc-functions.sh, line 164:   Called die

!!! Aborting due to QA concerns:  textrels,
!!! If you need support, post the topmost build error, and the call stack if relevant.

!!! install_qa_check failed; exiting.
Comment 6 Ben XO 2006-12-21 08:28:38 UTC
p.s @ solar: you can't use gcc4 on hardened profile yet.
Comment 7 Christian Heim (RETIRED) gentoo-dev 2006-12-21 10:30:10 UTC
(In reply to comment #6)
> p.s @ solar: you can't use gcc4 on hardened profile yet.

He didn't say anything to build gcc4 on hardened. He said someone should try to emerge gcc4 with USE=mudflap :)

[ebuild   R   ] sys-devel/gcc-4.1.1-r1  USE="(-altivec) -bootstrap -build -doc -fortran -gcj -gtk (-hardened) -ip28 -ip32r10k -mudflap (-multilib) -multislot (-n32) (-n64) -nls -nocxx -objc -objc++ -objc-gc -test -vanilla"
Comment 8 Jorge Nerin 2006-12-21 12:48:00 UTC
I'm having the same problem (amd64 hardened) I have tried disabling threads to no avail, and finally I have something to tell, the error is this:

/usr/sbin/named -u named -n 1 -t /chroot/dns -g

21-Dec-2006 21:21:40.079 client 213.98.44.141#33170: view external: query: XXX IN MX +
named: stack smashing attack in function query_find()

I have tried bind 9.3.3 with and without threads and I have found a solution, you have to disable ssp, I have gcc:

# gcc --version
gcc (GCC) 3.4.6 (Gentoo Hardened 3.4.6-r1, ssp-3.4.5-1.0, pie-8.7.9)

I have tried adding this to the CFLAGS in make.conf, it works, before it died in the first query:
-fno-stack-protector-all -fno-stack-protector

I have also tried switching to x86_64-pc-linux-gnu-3.4.6-hardenednossp and it also seems to work.

I don't like to disable ssp protection, but there was no way to make bind stable using it. It seems that there is a bug in the SSP checking code of gcc 3.4.6.

I hope it helps.
Comment 9 solar (RETIRED) gentoo-dev 2006-12-21 13:32:34 UTC
(In reply to comment #8)

> I don't like to disable ssp protection, but there was no way to make bind
> stable using it. It seems that there is a bug in the SSP checking code of gcc
> 3.4.6.

Do you have a reason for thinking the bug is in SSP vs this being a valid 
case when SSP is catching a real flaw in bind? 
Comment 10 Jorge Nerin 2006-12-21 14:14:26 UTC
(In reply to comment #9)
> (In reply to comment #8)
> 
> > I don't like to disable ssp protection, but there was no way to make bind
> > stable using it. It seems that there is a bug in the SSP checking code of gcc
> > 3.4.6.
> 
> Do you have a reason for thinking the bug is in SSP vs this being a valid 
> case when SSP is catching a real flaw in bind? 
> 

No, I don't. I suspect it can be that way because there exists a bug 135265 that says gcc-3.x SSP fails with C++, bind is C, but it seems very unlikely to me that there could be a bug in bind that triggers SSP with each and every query I have tried. For me bind was able to answer exactly one query and it would die just after answering.

I had bind-9.3.2-r4 running stable since Tue Nov  7 12:58:05 2006 until it was updated to bind-9.3.3 yesterday.
Comment 11 solar (RETIRED) gentoo-dev 2006-12-21 14:39:16 UTC
Can you try to debug this with gdb? We really dont want to filter ssp on such an important service. http://www.gentoo.org/proj/en/qa/backtraces.xml
Comment 12 Christian Heim (RETIRED) gentoo-dev 2006-12-21 14:43:58 UTC
(In reply to comment #11)
> Can you try to debug this with gdb? We really dont want to filter ssp on such
> an important service. http://www.gentoo.org/proj/en/qa/backtraces.xml

I'm going to give it a try tomorrow.
Comment 13 solar (RETIRED) gentoo-dev 2006-12-21 14:45:26 UTC
In addition. http://gentoo-wiki.com/SECURITY_Debugging_with_Hardened_Gentoo
Comment 14 Jorge Nerin 2006-12-21 16:26:56 UTC
(In reply to comment #13)
> In addition. http://gentoo-wiki.com/SECURITY_Debugging_with_Hardened_Gentoo
> 

I have compiled it like this:

CFLAGS="-g3 -fno-pie -fno-stack-protector-all -nonow -norelro" LDFLAGS="-ggdb" FEATURES="nostrip keepwork keeptemp" emerge -v bind

And it does not fail, in the recommended flags in the page above there is -fno-stack-protector-all and this seems to avoid the problem.

I have recompiled bind removing flags until I get down to:
CFLAGS="-g3" LDFLAGS="-ggdb" FEATURES="nostrip keepwork keeptemp" emerge -v bind

And it does not fail, I'm almost convinced it's a bug somewhere and it doesn't seems to be in bind. CFLAGS="" FEATURES="" emerge -v bind seems stable. Only ones left are -O2 -pipe -march=athlon64, but these flags work without SSP.

SSP enabled:
CFLAGS="-O2 -pipe" fails
CFLAGS="-O -pipe" works
CFLAGS="-pipe -march=athlon64" works
CFLAGS="-O -pipe -march=athlon64" works

So far I have compiled bind 16 times and I will settle with the last one, now bind has SSP enabled and the only change has been from -O2 to -O.


Comment 15 Konstantin Arkhipov (RETIRED) gentoo-dev 2006-12-22 02:08:44 UTC
fyi: bind{,-tools}-9.{2.7,3.3} are masked now.
Comment 16 Gabe Martin-Dempesy 2007-02-07 20:04:33 UTC
I experienced similar problems with the net-dns/bind-9.3.4 that was recently released.  This *DEFINITELY* needs to get masked ASAP.  core files appeared in /chroot/dns/var/bind/core.<pid> after about 4-5 seconds of running.  

Here's my emerge --info:
# emerge --info
Portage 2.1.1-r2 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.17-hardened-r1 i686)
=================================================================
System uname: 2.6.17-hardened-r1 i686 Intel(R) Xeon(TM) CPU 3.20GHz
Gentoo Base System version 1.12.6
Last Sync: Wed, 07 Feb 2007 04:50:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -pipe -O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind /var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=pentium4 -pipe -O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://garlic.privatenet.mudbugmedia.com/gentoo-portage"
USE="x86 alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol apache2 bzip2 chroot clearpasswd cli crypt curl dlloader elibc_glibc examples expat gd hardened hpn input_devices_keyboard input_devices_mouse ipalias jpeg kernel_linux lcd_devices_bayrad lcd_devices_cfontz lcd_devices_cfontz633 lcd_devices_glk lcd_devices_hd44780 lcd_devices_lb216 lcd_devices_lcdm001 lcd_devices_mtxorb lcd_devices_ncurses lcd_devices_text midi mpm-prefork multiuser munin-apache mysql nls notlsbeforeauth nptl pam pcre pic png posix qmail readline ruby sendfile session sftplogging spamassassin ssl symlink tcpd threads unicode userland_GNU utf8 vchroot vhosts xml xorg zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS


BIND is configured chrooted for me, and serving up about 440 zones.
Comment 17 Konstantin Arkhipov (RETIRED) gentoo-dev 2007-02-08 14:34:10 UTC
reassigning to hardened. i can't fix it myself in near future, unfortunately.
Comment 18 steveb 2007-02-10 14:06:18 UTC
I have the same issue with hardened and bind 9.3.4: stack smashing attack in function query_find()

Bind 9.4.0_rc2 does not have the same issue. It just seg faults but no additional message.
Comment 19 Aidan Taniane 2007-02-11 13:25:37 UTC
I'm getting this bug as of bind-9.3.4 "stable", I couldn't figure out why my network was going insane after rebooting the box (hardware fiddling and I didn't restart any services for a day after the upgrade), anyway, after checking the status of bind I found out that bind was dead (someone should really get /etc/init.d/* status to check if $PID is still alive and well).  I ran bind in the foreground and got the above mentioned SSA kill after the first query was performed, did the same through gdb, did a query, got the same kill message, but wasn't able to get a backtrace as the stack was 'empty'.

I had a quick look at ./bin/named/query.c, but the function is about 1,000 lines long with recursions, bitwise manips, and gotos littered everywhere, no wonder SSP doesn't like that mess.

I'll try masking 9.3.4, downgrading and see what happens.
Comment 20 Aidan Taniane 2007-02-11 13:50:29 UTC
All stable on 9.3.2.
Comment 21 Konstantin Arkhipov (RETIRED) gentoo-dev 2007-02-13 20:34:50 UTC
*** Bug 166719 has been marked as a duplicate of this bug. ***
Comment 22 Jorge Nerin 2007-02-14 08:00:27 UTC
I can confirm that net-dns/bind-9.3.4 also dies after the first answer, I had to mask it and downgrade to net-dns/bind-9.3.2-r4 again.

I have not tried playing with CFLAGS as I did in Comment #14.
Comment 23 Brian Kroth 2007-02-14 14:09:08 UTC
Just another post to confirm that 9.3.2-r4 works and 9.3.4 dies (chrooted or not).

Here's my info:

bpkroth@systems2 ~ $ sudo emerge --info && sudo emerge bind -pv
Portage 2.1.2-r9 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.18-hardened i686)
=================================================================
System uname: 2.6.18-hardened i686 Intel(R) Xeon(TM) CPU 2.40GHz
Gentoo Base System version 1.12.6
Timestamp of tree: Wed, 14 Feb 2007 07:00:01 +0000
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
ccache version 2.4 [enabled]
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.4-r6
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O2 -pipe -fforce-addr"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/hotplug /etc/hotplug.d /etc/init.d /etc/revdep-rebuild /etc/terminfo /etc/udev"
CXXFLAGS="-march=pentium4 -O2 -pipe -fforce-addr"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig buildpkg ccache collision-protect distcc distlocks metadata-transfer parallel-fetch sandbox sfperms strict userfetch"
GENTOO_MIRRORS="http://gentoo.chem.wisc.edu/gentoo/ ftp://gentoo.chem.wisc.edu/gentoo/ http://gentoo.mirrors.tds.net/gentoo ftp://gentoo.mirrors.tds.net/gentoo http://gentoo.osuosl.org/ ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://distfiles.gentoo.org"
MAKEOPTS="-j5"
PKGDIR="/mnt/build/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/mnt/build/portage"
PORTDIR_OVERLAY="/mnt/build/portage-local"
SYNC="rsync://tux-mc.hslc.wisc.edu/gentoo-portage"
USE="acl acpi apache2 bash-completion berkdb bzip2 caps chroot cracklib crypt erandom fam gmp gpm hardened jpeg lm_sensors logrotate maildir mmx ncurses nls nptl pam pcre perl pic png python readline smp snmp sse sse2 ssl syslog tcpd threads vhosts x86 xattr xml xpm" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS


These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild     U ] net-dns/bind-9.3.4 [9.3.2-r4] USE="berkdb ssl threads -dlz -doc -idn -ipv6 -ldap -mysql -odbc -postgres -resolvconf% (-selinux)" 0 kB 

Total: 1 package (1 upgrade), Size of downloads: 0 kB
Comment 24 Mike Crute 2007-02-15 16:55:23 UTC
I'm seeing this with bind 9.3.4. I use -O3 which means you probably don't care but I doubt this has anything to do with my cflags. Downgrading to 9.3.2-r4 fixed everything.

Portage 2.1.2-r9 (hardened/amd64, gcc-3.4.6, glibc-2.3.6-r5, 2.6.14-hardened-r8 x86_64)
=================================================================
System uname: 2.6.14-hardened-r8 x86_64 AMD Opteron(tm) Processor 144
Gentoo Base System release 1.12.9
Timestamp of tree: Thu, 15 Feb 2007 04:30:01 +0000
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O3 -pipe -fomit-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=athlon64 -O3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig buildpkg distlocks metadata-transfer parallel-fetch sandbox sfperms strict"
GENTOO_MIRRORS=" http://mirror.datapipe.net/gentoo http://gentoo.ccccom.com ftp://212.219.56.162/sites/www.ibiblio.org/gentoo/ http://194.117.143.69"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="amd64 apache2 berkdb crypt hardened mysql ncurses pam python readline ssl tcpd vhosts" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 25 Jorge Nerin 2007-02-15 17:10:30 UTC
(In reply to comment #24)
> I'm seeing this with bind 9.3.4. I use -O3 which means you probably don't care
> but I doubt this has anything to do with my cflags. Downgrading to 9.3.2-r4
> fixed everything.
> 

If you see Comment #14 I compiled bind-9.3.3 16 times to find that downgrading from -O2 to just -O fixed it. I don't known exactly what flag is causing bind to fail, there are a bunch of them (http://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Optimize-Options.html):

-O2 turns on all optimization flags specified by -O. It also turns on the following optimization flags:
          -fforce-mem 
          -foptimize-sibling-calls 
          -fstrength-reduce 
          -fcse-follow-jumps  -fcse-skip-blocks 
          -frerun-cse-after-loop  -frerun-loop-opt 
          -fgcse  -fgcse-lm  -fgcse-sm  -fgcse-las 
          -fdelete-null-pointer-checks 
          -fexpensive-optimizations 
          -fregmove 
          -fschedule-insns  -fschedule-insns2 
          -fsched-interblock  -fsched-spec 
          -fcaller-saves 
          -fpeephole2 
          -freorder-blocks  -freorder-functions 
          -fstrict-aliasing 
          -funit-at-a-time 
          -falign-functions  -falign-jumps 
          -falign-loops  -falign-labels 
          -fcrossjumping

I did the debugging with bind 9.3.3 but the moment I saw bind 9.3.4 failing again I masked it without trying to debug it again. I'm pretty sure that this is a bug between SSP and some flag activated by -O2, you can try to change your CFLAGS from -O3 to just -O and probably (I haven't tried with bind 9.3.4) it will work fine.
Comment 26 Aidan Taniane 2007-02-16 00:18:20 UTC
(In reply to comment #25)
> (In reply to comment #24)
> > I'm seeing this with bind 9.3.4. I use -O3 which means you probably don't care
> > but I doubt this has anything to do with my cflags. Downgrading to 9.3.2-r4
> > fixed everything.
> > 
> 
> If you see Comment #14 I compiled bind-9.3.3 16 times to find that downgrading
> from -O2 to just -O fixed it. I don't known exactly what flag is causing bind
> to fail, there are a bunch of them
> (http://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Optimize-Options.html):
> 
> -O2 turns on all optimization flags specified by -O. It also turns on the
> following optimization flags:
>           -fforce-mem 
>           -foptimize-sibling-calls 
>           -fstrength-reduce 
>           -fcse-follow-jumps  -fcse-skip-blocks 
>           -frerun-cse-after-loop  -frerun-loop-opt 
>           -fgcse  -fgcse-lm  -fgcse-sm  -fgcse-las 
>           -fdelete-null-pointer-checks 
>           -fexpensive-optimizations 
>           -fregmove 
>           -fschedule-insns  -fschedule-insns2 
>           -fsched-interblock  -fsched-spec 
>           -fcaller-saves 
>           -fpeephole2 
>           -freorder-blocks  -freorder-functions 
>           -fstrict-aliasing 
>           -funit-at-a-time 
>           -falign-functions  -falign-jumps 
>           -falign-loops  -falign-labels 
>           -fcrossjumping
> 
> I did the debugging with bind 9.3.3 but the moment I saw bind 9.3.4 failing
> again I masked it without trying to debug it again. I'm pretty sure that this
> is a bug between SSP and some flag activated by -O2, you can try to change your
> CFLAGS from -O3 to just -O and probably (I haven't tried with bind 9.3.4) it
> will work fine.
> 

It's just very bad code, gcc isn't doing anything it shouldn't.

On the other note, as bind 9.3.4 has shown serious memory issues/weaknesses, I believe it should hardmasked, unmasking it was probably a bad idea (especially given that this bug is older than that event).  Just my opinion of course.
Comment 27 RB 2007-02-18 22:26:29 UTC
I'm seeing the same thing with 9.4.0rc2 (silent failure + coredump) on hardened-sources-2.6.19-r6.  However, it seems tied more to the kernel version & configs than BIND version - I ran 9.3.2-r5 happily over hardened-2.6.17-r1 for several months, then upgraded to 9.4.0-r2 with no issues.  Only when I rebooted to the 2.6.19 series (8 days later) am I seeing any issues.  Grsec reports the following: "signal 11 sent to /usr/sbin/named".  It will give one clean response for its own zones, then drops a core.

Not sure what else to add that everyone else hasn't - my PaX & Grsec options are lit up like an X-mas scan.
Comment 28 Brian Kroth 2007-02-19 21:33:10 UTC
cat /etc/portage/env/net-dns/bind-9.3.4 
CFLAGS="-march=pentium4 -pipe -fforce-addr"
CXXFLAGS="-march=pentium4 -pipe -fforce-addr"

emerge -1 =net-dns/bind-9.3.4

/etc/init.d/named restart

This is working for me right now.  I just took out the -O2 from the CFLAGS and CXXCFLAGS.  Simply -O did not work though.
Comment 29 Guillaume Castagnino 2007-02-19 22:05:25 UTC
I confirm that disabling -O2/-O3 and setting only -O cflag solves the issue with 9.3.4 and 9.4.0_rc2 bind. No more crash.
A replace-flags "-O?" "-O" should be a good thing at least as a temporary solution ? This should be a good thing since it let us solve the security issue of bind on hardened systems...
Comment 30 Cameron Brunner 2007-02-22 21:43:52 UTC
9.3.4 is evil, woke up to dns dead for no apparent reason then remembered that i had a bug with this with 9.3.3 too. 9.3.4 masked for me, back to 9.3.2-r4

Portage 2.1.2-r10 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.6-r5, 2.6.19-hardened-r5 i686)
=================================================================
System uname: 2.6.19-hardened-r5 i686 AMD Athlon(tm) XP 2400+
Gentoo Base System release 1.12.9
Timestamp of tree: Thu, 22 Feb 2007 01:47:01 +0000
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.5, 1.6.3, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-Os -march=athlon-xp -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/bind /var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-Os -march=athlon-xp -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://ftp.iinet.net.au/linux/Gentoo/ http://gentoo.osuosl.org/"
LDFLAGS="-Wl,-O1 -Wl,--enable-new-dtags -Wl,--sort-common"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/overlays/qmr-portage /usr/local/overlays/trac /usr/portage/local/layman/php-testing /usr/portage/local/layman/php-experimental /usr/portage/local/layman/postgresql-testing /usr/portage/local/layman/xeffects /usr/portage/local/layman/xeffects-experimental /usr/portage/local/layman/webapps-experimental /usr/portage/local/layman/postgresql-experimental"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="apache2 authdaemond bash-completion berkdb crypt fam glibc-omitfp graphviz hardened idea imap ithreads jpeg jpeg2k logrotate maildir midi nptl nptlonly pam pic rc5 readline ssl tcpd threads urandom valias vhosts x86 xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 31 solar (RETIRED) gentoo-dev 2007-02-26 18:56:38 UTC
Well clearly we don't want to all our filter ssp. So how about we work around this by doing something like the following in the ~arch ebuilds ?

gcc-specs-ssp && replace-flags -O[23] -O

Can somebody thats hitting this also please try with -Os
Comment 32 RB 2007-02-27 15:08:45 UTC
Created attachment 111428 [details]
Test zone file

Tested and proven on 9.4.0-rc2.  Compiled with -O2 exhibits the crashing behavior, whereas with -Os does not.  Attaching tested zone file, core is 39M.
Comment 33 RB 2007-02-27 15:18:29 UTC
PAX gave me more info this time, for whatever reason (kernel updated, different machine)...

PAX: From 127.0.0.1: execution attempt in: <NULL>, 00000000-00000000 00000000
PAX: terminating task: /usr/sbin/named(named):16119, uid/euid: 40/40, PC: 42756621, SP: 4e9e08a0
PAX: bytes at PC: ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
PAX: bytes at SP-4: 42756621 4e9e08c0 000000ff 00000000 00000000 00000000 ffffffff ffffffff 00000000 155bc5ac 4e9e87e8 00000010 153c73f1 000001fc 4ea07aa8 00000088 00000001 153d5128 4ebf089f 000109ec 4d19e008
Comment 34 Olliver Schinagl 2007-02-28 15:42:39 UTC
Don't want to be trolling or nothing, but why hasn't 9.3.4 been masked yet?

I just setup a new box (replacement for an older one) and it automagically emerged bind 9.3.4. Bind dind't work on the new box, but did on the old box, so after figuring out it was version difference, and checking here, i masked 9.3.4.

This bug appears to be really old however (2 or 3 weeks now?) so why is 9.3.4 still out there on hardened?
Comment 35 Andre Burgoyne 2007-03-06 21:42:52 UTC
I just got a crash using -Os (although it seemed to take longer than usual, but
that might just be coincidence).  I'm going to go back to just -O.
Comment 36 Konstantin Arkhipov (RETIRED) gentoo-dev 2007-03-12 18:02:49 UTC
committed 9.3.4-r2 and 9.4.0-r2 wrt comment #31
Comment 37 Konstantin Arkhipov (RETIRED) gentoo-dev 2007-03-12 18:08:58 UTC
..and 9.2.8-r2.
Comment 38 RB 2007-03-22 00:34:07 UTC
A bit slow on the uptake, but I've done some minimal testing (re-ran my test case) and this is coming up clean on 9.4.0-r2.  Tentatively clear from my POV.
Comment 39 barthek 2007-03-22 10:01:59 UTC
*** Bug 165648 has been marked as a duplicate of this bug. ***
Comment 40 Steve Arnold archtester gentoo-dev 2007-04-09 16:18:38 UTC
Not so clean with 9.3.4-r2 - I just went through this yesterday, rebuilt with this version (the one that filters flags to just -O) and it still dies.  It doesn't die right away, but after some time last night I had no more DNS (which causes incoming mail to backup, etc).  I'm going back to 9.3.2 for now, but that seems like a less than desirable work-around...
Comment 41 Cory Coager 2007-08-23 13:04:35 UTC
Any progress on this?  There are two Security Advisories for bind now, 200702-06 and 200708-13, and this is preventing me from upgrading.
Comment 42 RB 2007-08-23 13:14:03 UTC
AFAICT, since 9.4.0-r2 (comment #38) everything has been fine.  I have the 9.4.1 series running with zero issues - would say this is fixed.
Comment 43 Lenno Nagel 2007-08-29 09:37:32 UTC
I also report this to seem resolved. I'm running bind-9.4.1_p1 on 2.6.14-hardened-r6 and it does not crash anymore. I tested queries/notifies/transfers and everything seems healthy.
Comment 44 Cory Coager 2007-10-05 15:56:28 UTC
I upgraded to bind-9.4.1_p1 and can confirm that it fixed the crash issue for me also.
Comment 45 Stefan Behte (RETIRED) gentoo-dev Security 2008-02-02 01:06:50 UTC
I guess this can get closed then.
Comment 46 Tobias Scherbaum (RETIRED) gentoo-dev 2008-05-03 18:34:18 UTC
9.3.3 (and 9.2.7) have been removed.