- Update to version 9.10.2-P2

- An uninitialized value in validator.c could result in an assertion failure.
    (CVE-2015-4620) [RT #39795]
- Update to version 9.10.2-P1
  - Include client-ip rules when logging the number of RPZ rules of each type.
    [RT #39670]
  - Addressed further problems with reloading RPZ zones. [RT #39649]
  - Addressed a regression introduced in change #4121. [RT #39611]
  - The server could match a shorter prefix than what was available in
    CLIENT-IP policy triggers, and so, an unexpected action could be taken.
    This has been corrected. [RT #39481]
  - On servers with one or more policy zones configured as slaves, if a policy
    zone updated during regular operation (rather than at startup) using a full
    zone reload, such as via AXFR, a bug could allow the RPZ summary data to
    fall out of sync, potentially leading to an assertion failure in rpz.c when
    further incremental updates were made to the zone, such as via IXFR.
    [RT #39567]
  - A bug in RPZ could cause the server to crash if policy zones were updated
    while recursion was pending for RPZ processing of an active query.
    [RT #39415]
  - Fix a bug in RPZ that could cause some policy zones that did not
    specifically require recursion to be treated as if they did; consequently,
    setting qname-wait-recurse no; was sometimes ineffective. [RT #39229]
  - Asynchronous zone loads were not handled correctly when the zone load was
    already in progress; this could trigger a crash in zt.c. [RT #37573]
  - Fix an out-of-bounds read in RPZ code. If the read succeeded, it doesn't
    result in a bug during operation. If the read failed, named could segfault.
    [RT #38559]

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=172
This commit is contained in:
Lars Müller 2015-07-10 20:54:40 +00:00 committed by Git OBS Bridge
parent 2d26a35729
commit 5693887a0c
9 changed files with 66 additions and 34 deletions

View File

@ -1,5 +1,5 @@
libbind9-140 libbind9-140
libdns160 libdns161
libidnkit1 libidnkit1
libidnkitlite1 libidnkitlite1
libidnkitres1 libidnkitres1
@ -13,13 +13,13 @@ liblwres141
bind-devel bind-devel
requires -bind-<targettype> requires -bind-<targettype>
requires "libbind9-140-<targettype> = <version>" requires "libbind9-140-<targettype> = <version>"
requires "libdns160-<targettype> = <version>" requires "libdns161-<targettype> = <version>"
requires "libirs141-<targettype> = <version>" requires "libirs141-<targettype> = <version>"
requires "libisc148-<targettype> = <version>" requires "libisc148-<targettype> = <version>"
requires "libisccc140-<targettype> = <version>" requires "libisccc140-<targettype> = <version>"
requires "libisccfg140-<targettype> = <version>" requires "libisccfg140-<targettype> = <version>"
requires "liblwres141-<targettype> = <version>" requires "liblwres141-<targettype> = <version>"
idnkit-devel idnkit-devel
requires "libdns160-<targettype> = <version>" requires "libdns161-<targettype> = <version>"
requires "libidnkit1-<targettype> = <version>" requires "libidnkit1-<targettype> = <version>"
requires "libidnkitlite1-<targettype> = <version>" requires "libidnkitlite1-<targettype> = <version>"

3
bind-9.10.2-P2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b1e6f0af88634aaf48fb9d06bbf82968264f49b8e2685f061dd3fd4c1ab76c5f
size 8469608

11
bind-9.10.2-P2.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (NetBSD)
iQEcBAABAgAGBQJViUjjAAoJEG+m68mRGkwCiNkH/3bVmB4iAOCK6wXU+K4OmQ/h
IbOIMwCqkhbuBguDnw8sO9IiKfOEuQUbW2DrBJUiDPEROnW9xe2G7AppfpVEpMuV
ORJOgW4z5UwF3pwONbO7f9bSJzSYbbvDM/QMVjyaQoq2yjd9QEsVYE385C6vZ6y3
JXWMzO2Y+XgZgeGNJItQFSaJf4IwCb3Cj+BwpZwyU9rVsTX50YkW/D4yQxKkH7r6
pmHb3iZuytcM60A+cxsMraCAnui9Yn9mDSoozaE2W+ohisF4ifQLqsHwhYYW5VrG
I3/ujBBPj3VokaLs/l/GBTFYBVm/RitDgily6p8rCvbiIKA6bZOTsKhVgaflVwE=
=Gq06
-----END PGP SIGNATURE-----

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6f9bb7908aa45c1edfa391e356fc0afc1ded175386cdefb6cf9e1289f7457a98
size 8481111

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAABAgAGBQJU7cGfAAoJEG+m68mRGkwCjI4H/2wkIzyXFeRtDiqZbci94llj
7ecXQjx3OFya/eu5bqcR3ov55KcDcu/OjR9sagiLoBlenmX9ITHKyGMWPjvUjBrD
ZaSE89seWg8e3Gq0bODv5IMi3rnlxdGSUE+8bSJu8mhlDywc77KLMpvj/6wJAgNs
M56N9KGTPUkvpxJVUGPzIFIn6tWpeZJh/hu9Tw/cXtHcpQajunnWufX5jVFZXoPz
5Dp/02jJ9JMWTua1URDAE5rITa5KwFajdz+epocoaI+9/athoK9xNAeIzYxMl78L
hT9FDi1SNpOO+zBaGiMUEOnzK457ljwA0z9OFlBSYtzXBPIhwxDbYIkNqcaoKT8=
=eKOZ
-----END PGP SIGNATURE-----

View File

@ -19,7 +19,7 @@ Index: bin/named/main.c
=================================================================== ===================================================================
--- bin/named/main.c.orig 2013-12-20 01:28:28.000000000 +0100 --- bin/named/main.c.orig 2013-12-20 01:28:28.000000000 +0100
+++ bin/named/main.c 2014-01-23 18:45:19.059680008 +0100 +++ bin/named/main.c 2014-01-23 18:45:19.059680008 +0100
@@ -85,6 +85,7 @@ @@ -91,6 +91,7 @@
* Include header files for database drivers here. * Include header files for database drivers here.
*/ */
/* #include "xxdb.h" */ /* #include "xxdb.h" */
@ -27,7 +27,7 @@ Index: bin/named/main.c
#ifdef CONTRIB_DLZ #ifdef CONTRIB_DLZ
/* /*
@@ -1016,6 +1017,7 @@ @@ -1064,6 +1065,7 @@
* Add calls to register sdb drivers here. * Add calls to register sdb drivers here.
*/ */
/* xxdb_init(); */ /* xxdb_init(); */
@ -35,7 +35,7 @@ Index: bin/named/main.c
#ifdef ISC_DLZ_DLOPEN #ifdef ISC_DLZ_DLOPEN
/* /*
@@ -1056,6 +1058,7 @@ @@ -1104,6 +1106,7 @@
* Add calls to unregister sdb drivers here. * Add calls to unregister sdb drivers here.
*/ */
/* xxdb_clear(); */ /* xxdb_clear(); */

View File

@ -1,3 +1,35 @@
-------------------------------------------------------------------
Fri Jul 10 18:02:41 UTC 2015 - lmuelle@suse.com
- Update to version 9.10.2-P2
- An uninitialized value in validator.c could result in an assertion failure.
(CVE-2015-4620) [RT #39795]
- Update to version 9.10.2-P1
- Include client-ip rules when logging the number of RPZ rules of each type.
[RT #39670]
- Addressed further problems with reloading RPZ zones. [RT #39649]
- Addressed a regression introduced in change #4121. [RT #39611]
- The server could match a shorter prefix than what was available in
CLIENT-IP policy triggers, and so, an unexpected action could be taken.
This has been corrected. [RT #39481]
- On servers with one or more policy zones configured as slaves, if a policy
zone updated during regular operation (rather than at startup) using a full
zone reload, such as via AXFR, a bug could allow the RPZ summary data to
fall out of sync, potentially leading to an assertion failure in rpz.c when
further incremental updates were made to the zone, such as via IXFR.
[RT #39567]
- A bug in RPZ could cause the server to crash if policy zones were updated
while recursion was pending for RPZ processing of an active query.
[RT #39415]
- Fix a bug in RPZ that could cause some policy zones that did not
specifically require recursion to be treated as if they did; consequently,
setting qname-wait-recurse no; was sometimes ineffective. [RT #39229]
- Asynchronous zone loads were not handled correctly when the zone load was
already in progress; this could trigger a crash in zt.c. [RT #37573]
- Fix an out-of-bounds read in RPZ code. If the read succeeded, it doesn't
result in a bug during operation. If the read failed, named could segfault.
[RT #38559]
------------------------------------------------------------------- -------------------------------------------------------------------
Wed May 13 09:35:40 UTC 2015 - hguo@suse.com Wed May 13 09:35:40 UTC 2015 - hguo@suse.com

View File

@ -18,8 +18,8 @@
Name: bind Name: bind
%define pkg_name bind %define pkg_name bind
%define pkg_vers 9.10.2 %define pkg_vers 9.10.2-P2
%define rpm_vers 9.10.2 %define rpm_vers 9.10.2P2
%define idn_vers 1.0 %define idn_vers 1.0
Summary: Domain Name System (DNS) Server (named) Summary: Domain Name System (DNS) Server (named)
License: ISC License: ISC
@ -140,13 +140,13 @@ Release: 0
This library contains a few utility functions used by the BIND This library contains a few utility functions used by the BIND
server and utilities. server and utilities.
%package -n libdns160 %package -n libdns161
Summary: DNS library used by BIND Summary: DNS library used by BIND
Group: System/Libraries Group: System/Libraries
Version: %rpm_vers Version: %rpm_vers
Release: 0 Release: 0
%description -n libdns160 %description -n libdns161
This subpackage contains the "DNS client" module. This is a higher This subpackage contains the "DNS client" module. This is a higher
level API that provides an interface to name resolution, single DNS level API that provides an interface to name resolution, single DNS
transaction with a particular server, and dynamic update. Regarding transaction with a particular server, and dynamic update. Regarding
@ -297,7 +297,7 @@ Group: Development/Libraries/C and C++
Version: %rpm_vers Version: %rpm_vers
Release: 0 Release: 0
Requires: libbind9-140 = %version Requires: libbind9-140 = %version
Requires: libdns160 = %version Requires: libdns161 = %version
Requires: libirs141 = %version Requires: libirs141 = %version
Requires: libisc148 = %version Requires: libisc148 = %version
Requires: libisccc140 = %version Requires: libisccc140 = %version
@ -726,8 +726,8 @@ fi
%post -n libbind9-140 -p /sbin/ldconfig %post -n libbind9-140 -p /sbin/ldconfig
%postun -n libbind9-140 -p /sbin/ldconfig %postun -n libbind9-140 -p /sbin/ldconfig
%post -n libdns160 -p /sbin/ldconfig %post -n libdns161 -p /sbin/ldconfig
%postun -n libdns160 -p /sbin/ldconfig %postun -n libdns161 -p /sbin/ldconfig
%post -n libidnkit1 -p /sbin/ldconfig %post -n libidnkit1 -p /sbin/ldconfig
%postun -n libidnkit1 -p /sbin/ldconfig %postun -n libidnkit1 -p /sbin/ldconfig
%post -n libidnkitlite1 -p /sbin/ldconfig %post -n libidnkitlite1 -p /sbin/ldconfig
@ -865,9 +865,9 @@ fi
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/libbind9.so.140* %_libdir/libbind9.so.140*
%files -n libdns160 %files -n libdns161
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/libdns.so.160* %_libdir/libdns.so.161*
%files -n libidnkit1 %files -n libidnkit1
%defattr(-,root,root) %defattr(-,root,root)

View File

@ -102,7 +102,7 @@ diff -rupN bind-9.10.1-P1-orig/bin/named/server.c bind-9.10.1-P1-patched/bin/nam
disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) { disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
isc_result_t result; isc_result_t result;
const cfg_obj_t *algorithms; const cfg_obj_t *algorithms;
@@ -2329,6 +2396,7 @@ configure_view(dns_view_t *view, dns_vie @@ -2335,6 +2402,7 @@ configure_view(dns_view_t *view, dns_vie
const cfg_obj_t *dlz; const cfg_obj_t *dlz;
unsigned int dlzargc; unsigned int dlzargc;
char **dlzargv; char **dlzargv;
@ -110,7 +110,7 @@ diff -rupN bind-9.10.1-P1-orig/bin/named/server.c bind-9.10.1-P1-patched/bin/nam
const cfg_obj_t *disabled; const cfg_obj_t *disabled;
const cfg_obj_t *obj; const cfg_obj_t *obj;
const cfg_listelt_t *element; const cfg_listelt_t *element;
@@ -2605,6 +2673,8 @@ configure_view(dns_view_t *view, dns_vie @@ -2611,6 +2679,8 @@ configure_view(dns_view_t *view, dns_vie
} }
} }
@ -119,7 +119,7 @@ diff -rupN bind-9.10.1-P1-orig/bin/named/server.c bind-9.10.1-P1-patched/bin/nam
/* /*
* Obtain configuration parameters that affect the decision of whether * Obtain configuration parameters that affect the decision of whether
* we can reuse/share an existing cache. * we can reuse/share an existing cache.
@@ -3607,6 +3677,37 @@ configure_view(dns_view_t *view, dns_vie @@ -3613,6 +3683,37 @@ configure_view(dns_view_t *view, dns_vie
dns_view_setrootdelonly(view, ISC_FALSE); dns_view_setrootdelonly(view, ISC_FALSE);
/* /*
@ -157,7 +157,7 @@ diff -rupN bind-9.10.1-P1-orig/bin/named/server.c bind-9.10.1-P1-patched/bin/nam
* Setup automatic empty zones. If recursion is off then * Setup automatic empty zones. If recursion is off then
* they are disabled by default. * they are disabled by default.
*/ */
@@ -5349,6 +5450,7 @@ load_configuration(const char *filename, @@ -5355,6 +5456,7 @@ load_configuration(const char *filename,
cfg_aclconfctx_detach(&ns_g_aclconfctx); cfg_aclconfctx_detach(&ns_g_aclconfctx);
CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx)); CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx));
@ -165,7 +165,7 @@ diff -rupN bind-9.10.1-P1-orig/bin/named/server.c bind-9.10.1-P1-patched/bin/nam
/* /*
* Parse the global default pseudo-config file. * Parse the global default pseudo-config file.
*/ */
@@ -6556,6 +6658,8 @@ shutdown_server(isc_task_t *task, isc_ev @@ -6562,6 +6664,8 @@ shutdown_server(isc_task_t *task, isc_ev
dns_view_detach(&view); dns_view_detach(&view);
} }