- Update to version 9.10.2-P2
- An uninitialized value in validator.c could result in an assertion failure. (CVE-2015-4620) [RT #39795] - Update to version 9.10.2-P1 - Include client-ip rules when logging the number of RPZ rules of each type. [RT #39670] - Addressed further problems with reloading RPZ zones. [RT #39649] - Addressed a regression introduced in change #4121. [RT #39611] - The server could match a shorter prefix than what was available in CLIENT-IP policy triggers, and so, an unexpected action could be taken. This has been corrected. [RT #39481] - On servers with one or more policy zones configured as slaves, if a policy zone updated during regular operation (rather than at startup) using a full zone reload, such as via AXFR, a bug could allow the RPZ summary data to fall out of sync, potentially leading to an assertion failure in rpz.c when further incremental updates were made to the zone, such as via IXFR. [RT #39567] - A bug in RPZ could cause the server to crash if policy zones were updated while recursion was pending for RPZ processing of an active query. [RT #39415] - Fix a bug in RPZ that could cause some policy zones that did not specifically require recursion to be treated as if they did; consequently, setting qname-wait-recurse no; was sometimes ineffective. [RT #39229] - Asynchronous zone loads were not handled correctly when the zone load was already in progress; this could trigger a crash in zt.c. [RT #37573] - Fix an out-of-bounds read in RPZ code. If the read succeeded, it doesn't result in a bug during operation. If the read failed, named could segfault. [RT #38559] OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=172
This commit is contained in:
parent
2d26a35729
commit
5693887a0c
@ -1,5 +1,5 @@
|
|||||||
libbind9-140
|
libbind9-140
|
||||||
libdns160
|
libdns161
|
||||||
libidnkit1
|
libidnkit1
|
||||||
libidnkitlite1
|
libidnkitlite1
|
||||||
libidnkitres1
|
libidnkitres1
|
||||||
@ -13,13 +13,13 @@ liblwres141
|
|||||||
bind-devel
|
bind-devel
|
||||||
requires -bind-<targettype>
|
requires -bind-<targettype>
|
||||||
requires "libbind9-140-<targettype> = <version>"
|
requires "libbind9-140-<targettype> = <version>"
|
||||||
requires "libdns160-<targettype> = <version>"
|
requires "libdns161-<targettype> = <version>"
|
||||||
requires "libirs141-<targettype> = <version>"
|
requires "libirs141-<targettype> = <version>"
|
||||||
requires "libisc148-<targettype> = <version>"
|
requires "libisc148-<targettype> = <version>"
|
||||||
requires "libisccc140-<targettype> = <version>"
|
requires "libisccc140-<targettype> = <version>"
|
||||||
requires "libisccfg140-<targettype> = <version>"
|
requires "libisccfg140-<targettype> = <version>"
|
||||||
requires "liblwres141-<targettype> = <version>"
|
requires "liblwres141-<targettype> = <version>"
|
||||||
idnkit-devel
|
idnkit-devel
|
||||||
requires "libdns160-<targettype> = <version>"
|
requires "libdns161-<targettype> = <version>"
|
||||||
requires "libidnkit1-<targettype> = <version>"
|
requires "libidnkit1-<targettype> = <version>"
|
||||||
requires "libidnkitlite1-<targettype> = <version>"
|
requires "libidnkitlite1-<targettype> = <version>"
|
||||||
|
3
bind-9.10.2-P2.tar.gz
Normal file
3
bind-9.10.2-P2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:b1e6f0af88634aaf48fb9d06bbf82968264f49b8e2685f061dd3fd4c1ab76c5f
|
||||||
|
size 8469608
|
11
bind-9.10.2-P2.tar.gz.asc
Normal file
11
bind-9.10.2-P2.tar.gz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1.4.12 (NetBSD)
|
||||||
|
|
||||||
|
iQEcBAABAgAGBQJViUjjAAoJEG+m68mRGkwCiNkH/3bVmB4iAOCK6wXU+K4OmQ/h
|
||||||
|
IbOIMwCqkhbuBguDnw8sO9IiKfOEuQUbW2DrBJUiDPEROnW9xe2G7AppfpVEpMuV
|
||||||
|
ORJOgW4z5UwF3pwONbO7f9bSJzSYbbvDM/QMVjyaQoq2yjd9QEsVYE385C6vZ6y3
|
||||||
|
JXWMzO2Y+XgZgeGNJItQFSaJf4IwCb3Cj+BwpZwyU9rVsTX50YkW/D4yQxKkH7r6
|
||||||
|
pmHb3iZuytcM60A+cxsMraCAnui9Yn9mDSoozaE2W+ohisF4ifQLqsHwhYYW5VrG
|
||||||
|
I3/ujBBPj3VokaLs/l/GBTFYBVm/RitDgily6p8rCvbiIKA6bZOTsKhVgaflVwE=
|
||||||
|
=Gq06
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:6f9bb7908aa45c1edfa391e356fc0afc1ded175386cdefb6cf9e1289f7457a98
|
|
||||||
size 8481111
|
|
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1.4.11 (GNU/Linux)
|
|
||||||
|
|
||||||
iQEcBAABAgAGBQJU7cGfAAoJEG+m68mRGkwCjI4H/2wkIzyXFeRtDiqZbci94llj
|
|
||||||
7ecXQjx3OFya/eu5bqcR3ov55KcDcu/OjR9sagiLoBlenmX9ITHKyGMWPjvUjBrD
|
|
||||||
ZaSE89seWg8e3Gq0bODv5IMi3rnlxdGSUE+8bSJu8mhlDywc77KLMpvj/6wJAgNs
|
|
||||||
M56N9KGTPUkvpxJVUGPzIFIn6tWpeZJh/hu9Tw/cXtHcpQajunnWufX5jVFZXoPz
|
|
||||||
5Dp/02jJ9JMWTua1URDAE5rITa5KwFajdz+epocoaI+9/athoK9xNAeIzYxMl78L
|
|
||||||
hT9FDi1SNpOO+zBaGiMUEOnzK457ljwA0z9OFlBSYtzXBPIhwxDbYIkNqcaoKT8=
|
|
||||||
=eKOZ
|
|
||||||
-----END PGP SIGNATURE-----
|
|
@ -19,7 +19,7 @@ Index: bin/named/main.c
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- bin/named/main.c.orig 2013-12-20 01:28:28.000000000 +0100
|
--- bin/named/main.c.orig 2013-12-20 01:28:28.000000000 +0100
|
||||||
+++ bin/named/main.c 2014-01-23 18:45:19.059680008 +0100
|
+++ bin/named/main.c 2014-01-23 18:45:19.059680008 +0100
|
||||||
@@ -85,6 +85,7 @@
|
@@ -91,6 +91,7 @@
|
||||||
* Include header files for database drivers here.
|
* Include header files for database drivers here.
|
||||||
*/
|
*/
|
||||||
/* #include "xxdb.h" */
|
/* #include "xxdb.h" */
|
||||||
@ -27,7 +27,7 @@ Index: bin/named/main.c
|
|||||||
|
|
||||||
#ifdef CONTRIB_DLZ
|
#ifdef CONTRIB_DLZ
|
||||||
/*
|
/*
|
||||||
@@ -1016,6 +1017,7 @@
|
@@ -1064,6 +1065,7 @@
|
||||||
* Add calls to register sdb drivers here.
|
* Add calls to register sdb drivers here.
|
||||||
*/
|
*/
|
||||||
/* xxdb_init(); */
|
/* xxdb_init(); */
|
||||||
@ -35,7 +35,7 @@ Index: bin/named/main.c
|
|||||||
|
|
||||||
#ifdef ISC_DLZ_DLOPEN
|
#ifdef ISC_DLZ_DLOPEN
|
||||||
/*
|
/*
|
||||||
@@ -1056,6 +1058,7 @@
|
@@ -1104,6 +1106,7 @@
|
||||||
* Add calls to unregister sdb drivers here.
|
* Add calls to unregister sdb drivers here.
|
||||||
*/
|
*/
|
||||||
/* xxdb_clear(); */
|
/* xxdb_clear(); */
|
||||||
|
32
bind.changes
32
bind.changes
@ -1,3 +1,35 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 10 18:02:41 UTC 2015 - lmuelle@suse.com
|
||||||
|
|
||||||
|
- Update to version 9.10.2-P2
|
||||||
|
- An uninitialized value in validator.c could result in an assertion failure.
|
||||||
|
(CVE-2015-4620) [RT #39795]
|
||||||
|
- Update to version 9.10.2-P1
|
||||||
|
- Include client-ip rules when logging the number of RPZ rules of each type.
|
||||||
|
[RT #39670]
|
||||||
|
- Addressed further problems with reloading RPZ zones. [RT #39649]
|
||||||
|
- Addressed a regression introduced in change #4121. [RT #39611]
|
||||||
|
- The server could match a shorter prefix than what was available in
|
||||||
|
CLIENT-IP policy triggers, and so, an unexpected action could be taken.
|
||||||
|
This has been corrected. [RT #39481]
|
||||||
|
- On servers with one or more policy zones configured as slaves, if a policy
|
||||||
|
zone updated during regular operation (rather than at startup) using a full
|
||||||
|
zone reload, such as via AXFR, a bug could allow the RPZ summary data to
|
||||||
|
fall out of sync, potentially leading to an assertion failure in rpz.c when
|
||||||
|
further incremental updates were made to the zone, such as via IXFR.
|
||||||
|
[RT #39567]
|
||||||
|
- A bug in RPZ could cause the server to crash if policy zones were updated
|
||||||
|
while recursion was pending for RPZ processing of an active query.
|
||||||
|
[RT #39415]
|
||||||
|
- Fix a bug in RPZ that could cause some policy zones that did not
|
||||||
|
specifically require recursion to be treated as if they did; consequently,
|
||||||
|
setting qname-wait-recurse no; was sometimes ineffective. [RT #39229]
|
||||||
|
- Asynchronous zone loads were not handled correctly when the zone load was
|
||||||
|
already in progress; this could trigger a crash in zt.c. [RT #37573]
|
||||||
|
- Fix an out-of-bounds read in RPZ code. If the read succeeded, it doesn't
|
||||||
|
result in a bug during operation. If the read failed, named could segfault.
|
||||||
|
[RT #38559]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 13 09:35:40 UTC 2015 - hguo@suse.com
|
Wed May 13 09:35:40 UTC 2015 - hguo@suse.com
|
||||||
|
|
||||||
|
18
bind.spec
18
bind.spec
@ -18,8 +18,8 @@
|
|||||||
|
|
||||||
Name: bind
|
Name: bind
|
||||||
%define pkg_name bind
|
%define pkg_name bind
|
||||||
%define pkg_vers 9.10.2
|
%define pkg_vers 9.10.2-P2
|
||||||
%define rpm_vers 9.10.2
|
%define rpm_vers 9.10.2P2
|
||||||
%define idn_vers 1.0
|
%define idn_vers 1.0
|
||||||
Summary: Domain Name System (DNS) Server (named)
|
Summary: Domain Name System (DNS) Server (named)
|
||||||
License: ISC
|
License: ISC
|
||||||
@ -140,13 +140,13 @@ Release: 0
|
|||||||
This library contains a few utility functions used by the BIND
|
This library contains a few utility functions used by the BIND
|
||||||
server and utilities.
|
server and utilities.
|
||||||
|
|
||||||
%package -n libdns160
|
%package -n libdns161
|
||||||
Summary: DNS library used by BIND
|
Summary: DNS library used by BIND
|
||||||
Group: System/Libraries
|
Group: System/Libraries
|
||||||
Version: %rpm_vers
|
Version: %rpm_vers
|
||||||
Release: 0
|
Release: 0
|
||||||
|
|
||||||
%description -n libdns160
|
%description -n libdns161
|
||||||
This subpackage contains the "DNS client" module. This is a higher
|
This subpackage contains the "DNS client" module. This is a higher
|
||||||
level API that provides an interface to name resolution, single DNS
|
level API that provides an interface to name resolution, single DNS
|
||||||
transaction with a particular server, and dynamic update. Regarding
|
transaction with a particular server, and dynamic update. Regarding
|
||||||
@ -297,7 +297,7 @@ Group: Development/Libraries/C and C++
|
|||||||
Version: %rpm_vers
|
Version: %rpm_vers
|
||||||
Release: 0
|
Release: 0
|
||||||
Requires: libbind9-140 = %version
|
Requires: libbind9-140 = %version
|
||||||
Requires: libdns160 = %version
|
Requires: libdns161 = %version
|
||||||
Requires: libirs141 = %version
|
Requires: libirs141 = %version
|
||||||
Requires: libisc148 = %version
|
Requires: libisc148 = %version
|
||||||
Requires: libisccc140 = %version
|
Requires: libisccc140 = %version
|
||||||
@ -726,8 +726,8 @@ fi
|
|||||||
|
|
||||||
%post -n libbind9-140 -p /sbin/ldconfig
|
%post -n libbind9-140 -p /sbin/ldconfig
|
||||||
%postun -n libbind9-140 -p /sbin/ldconfig
|
%postun -n libbind9-140 -p /sbin/ldconfig
|
||||||
%post -n libdns160 -p /sbin/ldconfig
|
%post -n libdns161 -p /sbin/ldconfig
|
||||||
%postun -n libdns160 -p /sbin/ldconfig
|
%postun -n libdns161 -p /sbin/ldconfig
|
||||||
%post -n libidnkit1 -p /sbin/ldconfig
|
%post -n libidnkit1 -p /sbin/ldconfig
|
||||||
%postun -n libidnkit1 -p /sbin/ldconfig
|
%postun -n libidnkit1 -p /sbin/ldconfig
|
||||||
%post -n libidnkitlite1 -p /sbin/ldconfig
|
%post -n libidnkitlite1 -p /sbin/ldconfig
|
||||||
@ -865,9 +865,9 @@ fi
|
|||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%_libdir/libbind9.so.140*
|
%_libdir/libbind9.so.140*
|
||||||
|
|
||||||
%files -n libdns160
|
%files -n libdns161
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%_libdir/libdns.so.160*
|
%_libdir/libdns.so.161*
|
||||||
|
|
||||||
%files -n libidnkit1
|
%files -n libidnkit1
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
|
@ -102,7 +102,7 @@ diff -rupN bind-9.10.1-P1-orig/bin/named/server.c bind-9.10.1-P1-patched/bin/nam
|
|||||||
disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
|
disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
|
||||||
isc_result_t result;
|
isc_result_t result;
|
||||||
const cfg_obj_t *algorithms;
|
const cfg_obj_t *algorithms;
|
||||||
@@ -2329,6 +2396,7 @@ configure_view(dns_view_t *view, dns_vie
|
@@ -2335,6 +2402,7 @@ configure_view(dns_view_t *view, dns_vie
|
||||||
const cfg_obj_t *dlz;
|
const cfg_obj_t *dlz;
|
||||||
unsigned int dlzargc;
|
unsigned int dlzargc;
|
||||||
char **dlzargv;
|
char **dlzargv;
|
||||||
@ -110,7 +110,7 @@ diff -rupN bind-9.10.1-P1-orig/bin/named/server.c bind-9.10.1-P1-patched/bin/nam
|
|||||||
const cfg_obj_t *disabled;
|
const cfg_obj_t *disabled;
|
||||||
const cfg_obj_t *obj;
|
const cfg_obj_t *obj;
|
||||||
const cfg_listelt_t *element;
|
const cfg_listelt_t *element;
|
||||||
@@ -2605,6 +2673,8 @@ configure_view(dns_view_t *view, dns_vie
|
@@ -2611,6 +2679,8 @@ configure_view(dns_view_t *view, dns_vie
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -119,7 +119,7 @@ diff -rupN bind-9.10.1-P1-orig/bin/named/server.c bind-9.10.1-P1-patched/bin/nam
|
|||||||
/*
|
/*
|
||||||
* Obtain configuration parameters that affect the decision of whether
|
* Obtain configuration parameters that affect the decision of whether
|
||||||
* we can reuse/share an existing cache.
|
* we can reuse/share an existing cache.
|
||||||
@@ -3607,6 +3677,37 @@ configure_view(dns_view_t *view, dns_vie
|
@@ -3613,6 +3683,37 @@ configure_view(dns_view_t *view, dns_vie
|
||||||
dns_view_setrootdelonly(view, ISC_FALSE);
|
dns_view_setrootdelonly(view, ISC_FALSE);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -157,7 +157,7 @@ diff -rupN bind-9.10.1-P1-orig/bin/named/server.c bind-9.10.1-P1-patched/bin/nam
|
|||||||
* Setup automatic empty zones. If recursion is off then
|
* Setup automatic empty zones. If recursion is off then
|
||||||
* they are disabled by default.
|
* they are disabled by default.
|
||||||
*/
|
*/
|
||||||
@@ -5349,6 +5450,7 @@ load_configuration(const char *filename,
|
@@ -5355,6 +5456,7 @@ load_configuration(const char *filename,
|
||||||
cfg_aclconfctx_detach(&ns_g_aclconfctx);
|
cfg_aclconfctx_detach(&ns_g_aclconfctx);
|
||||||
CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx));
|
CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx));
|
||||||
|
|
||||||
@ -165,7 +165,7 @@ diff -rupN bind-9.10.1-P1-orig/bin/named/server.c bind-9.10.1-P1-patched/bin/nam
|
|||||||
/*
|
/*
|
||||||
* Parse the global default pseudo-config file.
|
* Parse the global default pseudo-config file.
|
||||||
*/
|
*/
|
||||||
@@ -6556,6 +6658,8 @@ shutdown_server(isc_task_t *task, isc_ev
|
@@ -6562,6 +6664,8 @@ shutdown_server(isc_task_t *task, isc_ev
|
||||||
dns_view_detach(&view);
|
dns_view_detach(&view);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user