Accepting request 611520 from network

OBS-URL: https://build.opensuse.org/request/show/611520 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=135
2018-05-23 14:08:09 +00:00 · 2018-05-23 14:08:09 +00:00 · 28ed4dee3a
commit 28ed4dee3a
parent d7e40ae27a 34d201c2e7
4 changed files with 70 additions and 24 deletions
--- a/bind.changes
+++ b/bind.changes
@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Mon May 21 11:57:47 UTC 2018 - scabrero@suse.de
+
+- Add bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
+  Fixes dynamic DNS updates against samba and Microsoft DNS servers
+  (bsc#1094236).
+
+-------------------------------------------------------------------
+Thu May 17 14:28:29 UTC 2018 - navin.kukreja@suse.com
+
+- Move chroot related files from bind to bind-chrootenv 
+  (bsc#1093338) 
+
+-------------------------------------------------------------------
+Wed May 16 10:22:25 UTC 2018 - navin.kukreja@suse.com
+
+- Remove rndc.key generation from bind.spec file because bind
+  should create it on first boot (bsc#1092283)
+- Add misisng rndc.key check and generation code is lwresd.init
+  script
+
 -------------------------------------------------------------------
 Mon Feb 26 19:26:17 UTC 2018 - sweet_f_a@gmx.de

--- a/bind.spec
+++ b/bind.spec
@ -78,6 +78,7 @@ Patch51:        pie_compile.diff
 Patch52:        named-bootconf.diff
 Patch53:        bind-sdb-ldap.patch
 Patch54:        bind-CVE-2017-3145.patch
+Patch55:        bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
 BuildRequires:  libcap-devel
 BuildRequires:  libmysqlclient-devel
 BuildRequires:  libopenssl-devel
@ -308,6 +309,7 @@ This package provides a module which allows commands to be sent to rndc directly
 %patch52
 %patch53
 %patch54 -p1
+%patch55 -p1

 # use the year from source gzip header instead of current one to make reproducible rpms
 year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})
@ -394,7 +396,7 @@ rm -f %{buildroot}/%{_libdir}/lib*.{la,a}
 mv vendor-files/config/named.conf %{buildroot}/%{_sysconfdir}
 mv vendor-files/config/bind.reg %{buildroot}/%{_sysconfdir}/slp.reg.d
 mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d
-for file in lwresd.conf named.conf.include rndc.key; do
+for file in lwresd.conf named.conf.include; do
 	touch %{buildroot}/%{_sysconfdir}/${file}
 done

@ -486,11 +488,6 @@ echo "NAMED_RUN_CHROOTED=\"${NAMED_RUN_CHROOTED}\"" >${TEMP_SYSCONFIG_FILE}
 %{fillup_and_insserv -nf named}
 %endif
 %{fillup_only -nsa named named}
-if [ ! -f etc/rndc.key ]; then
-	usr/sbin/rndc-confgen -a -b 512 -r dev/urandom
-	chmod 0640 etc/rndc.key
-	chown root:named etc/rndc.key
-fi
 TEMP_SYSCONFIG_FILE="var/adm/named-chroot"
 # Are we in update mode?
 if [ ${FIRST_ARG:-0} -gt 1 ]; then
@ -645,12 +642,6 @@ fi
 %endif

 %post lwresd
-# Create a key if usr/sbin/rndc-confgen is installed.
-if [ -x usr/sbin/rndc-confgen -a ! -f etc/rndc.key ]; then
-	usr/sbin/rndc-confgen -a -b 512 -r dev/urandom
-	chmod 0640 etc/rndc.key
-	chown root:named etc/rndc.key
-fi
 # delete an emtpy lwresd.conf file
 if [ ! -s etc/lwresd.conf ]; then
    rm -f etc/lwresd.conf
@ -680,19 +671,12 @@ fi
 %endif

 %post utils
-# Create a key if lwresd is installed.
-if [ -x %{_sbindir}/lwresd -a ! -f %{_sysconfdir}/rndc.key ]; then
-	%{_sbindir}/rndc-confgen -a -b 512 -r dev/urandom
-	chmod 0640 %{_sysconfdir}/rndc.key
-	chown root:named %{_sysconfdir}/rndc.key
-fi

 %files
 %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/named.conf
 %dir %{_sysconfdir}/slp.reg.d
 %attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/bind.reg
 %attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include
-%attr(0640,root,named) %ghost %config(noreplace) /%{_sysconfdir}/rndc.key
 %if %{with_systemd}
 %config %{_unitdir}/named.service
 %{_sbindir}/named.init
@ -726,9 +710,6 @@ fi
 %config %{_var}/lib/named/127.0.0.zone
 %config %{_var}/lib/named/localhost.zone
 %config %{_var}/lib/named/named.root.key
-%ghost %{_var}/lib/named%{_sysconfdir}/localtime
-%attr(0644,root,named) %ghost %{_var}/lib/named%{_sysconfdir}/named.conf.include
-%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/named
 %dir %{_libexecdir}/bind

 %files -n %{libbind9}
@ -773,6 +754,9 @@ fi
 %{_var}/lib/named%{_localstatedir}/log
 %{_fillupdir}/sysconfig.named-common
 %{_fillupdir}/sysconfig.syslog-named
+%ghost %{_var}/lib/named%{_sysconfdir}/localtime
+%attr(0644,root,named) %ghost %{_var}/lib/named%{_sysconfdir}/named.conf.include
+%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/named

 %files devel
 %dir %{_includedir}/isc
--- a/bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
+++ b/bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
@ -0,0 +1,41 @@
+From 4985b5001d4f2f64bbee7e9d6ee32058caf67252 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Fri, 1 Sep 2017 11:17:59 +1000
+Subject: [PATCH] 4697.   [bug]           Restore workaround for Microsoft
+ Windows TSIG hash                         computation bug. [RT #45854]
+
+(cherry picked from commit a8a20462b516b0cc39e9b1fb1a8dd514eb1aed29)
+(cherry picked from commit b301c4293c082fcce4ec26218e6fad346976eb9e)
+---
+ CHANGES            | 3 +++
+ lib/dns/rdataset.c | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/CHANGES b/CHANGES
+index 5aa505345c..13b60473b5 100644
+--- a/CHANGES
+++ b/CHANGES
+@@ -1,3 +1,6 @@
+4697.	[bug]		Restore workaround for Microsoft Windows TSIG hash
+			computation bug. [RT #45854]
+
+ 	--- 9.11.2-P1 released ---
+ 
+ 4858.	[security]	Addresses could be referenced after being freed
+diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c
+index a8e75d6caf..7eb394c8c4 100644
+--- a/lib/dns/rdataset.c
+++ b/lib/dns/rdataset.c
+@@ -467,6 +467,9 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
+ 	dns_name_copy(owner_name, name, NULL);
+ 	dns_rdataset_getownercase(rdataset, name);
+ 
+	if ((owner_name->attributes & DNS_NAMEATTR_NOCOMPRESS) != 0)
+		name->attributes |= DNS_NAMEATTR_NOCOMPRESS;
+
+ 	do {
+ 		/*
+ 		 * Copy out the name, type, class, ttl.
+-- 
+2.16.3
+
--- a/vendor-files.tar.bz2
+++ b/vendor-files.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fe5609bed079427793fef2bdc22a16d397b2dd358fd986e7e5315f567de2dc1e
-size 23552
+oid sha256:c2fb9236d4a9a16da076a8843be35378e7749f210548ea4e5d33e7f872e01775
+size 23419