Accepting request 161413 from network

- Updated to 9.9.2-P2 (bnc#811876) Fix for: https://kb.isc.org/article/AA-00871 CVE-2013-2266 * Security Fixes Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [RT #32688] - added gpg key source verification OBS-URL: https://build.opensuse.org/request/show/161413 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=88
2013-03-28 12:09:59 +00:00 · 2013-03-28 12:09:59 +00:00 · 65bfa5b3d2
commit 65bfa5b3d2
parent 00ba642f3d eec4a4f40d
7 changed files with 73 additions and 8 deletions
--- a/bind-9.9.2-P1.tar.gz
+++ b/bind-9.9.2-P1.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:4bce7c020402623333b655be5167ae8c52f30a6bfe9750caa3ab70da7d90219c
 size 7277498
--- a/bind-9.9.2-P2.tar.gz
+++ b/bind-9.9.2-P2.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:ff822734e3550969251411e20f6f7397d14a912613a42af423752e93fdb565d2
 size 7277958
--- a/bind-9.9.2-P2.tar.gz.asc
+++ b/bind-9.9.2-P2.tar.gz.asc
@ -0,0 +1,12 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 iQEcBAABAgAGBQJRTKtMAAoJEEWseFcYnNvF8/MH/iumeUL6oxa6oVk/RaBj+J0T
 /ETUPoUoMGsz92bK7PgpvR/R9i0PVrA+79j3VLgsoXFEVPtZfBQeVXW08tWkeWdD
 S2asvEdEHxPla6pIQ9jOrevXwt7vdTjWgXpqXcSXsJ2SXOYYYUMIjTW7IFa5vyaL
 VUVirJpxTwxaw7rdYTGMGdD86DYpWi+hlFUdXuc+tbcUpEJrEiJhRoV9dwMsHOuS
 7APlB06WAnfluWzmjUk5Q0vl9XiXDRqagDUl3Ovas3ceHgEucqh0kMOtwLHBjQ0U
 n8C2+EpdLCnDThpwJ2IZdKomM6QoFLBbsTmBWUxONjqGwMpICZIbrxHoNfGEv0E=
 =vmRC
 -----END PGP SIGNATURE-----
--- a/bind.changes
+++ b/bind.changes
@ -1,3 +1,16 @@
 -------------------------------------------------------------------
 Wed Mar 27 12:33:34 UTC 2013 - meissner@suse.com
 - Updated to 9.9.2-P2 (bnc#811876)
  Fix for: https://kb.isc.org/article/AA-00871 CVE-2013-2266
  * Security Fixes
    Removed the check for regex.h in configure in order to disable regex
    syntax checking, as it exposes BIND to a critical flaw in libregex
    on some platforms. [RT #32688]
 - added gpg key source verification
 -------------------------------------------------------------------
 Thu Dec  6 08:00:31 UTC 2012 - meissner@suse.com
--- a/bind.keyring
+++ b/bind.keyring
@ -0,0 +1,31 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v1.4.12 (NetBSD)
 mQENBFEKeFYBCADaN83gsb0VDjlGZkYra0PPlHz/eczKBU+/6I/VBq/FcsFEc27/
 O8IE05rIID10rXLjZ0k8y4ydvhI40eVZfxwaFvQEX/StVtU1ie3F7TS02ZuJ1yal
 YRtU29hhnZ5icDdiJ98gcZSH2WKhIWLRpmc60Lja/sTsO0lkLPJe9x2MDuzkQu9M
 Z7hlMgqZxZ1I/mQ/KsjT3oUt8euwyntg8/w/cpY8H0EVjyBnZWV2yejsLnbCo947
 hbjvUMSluGs7AZP0d+yqpGNsgRQ9iHy0NiL3ELdBqD22cqGRGTkX76KcLoXvqLVY
 450bBtXsI2uUXy5iL/eUkUP2JgWQybjju/M3ABEBAAG0SEludGVybmV0IFN5c3Rl
 bXMgQ29uc29ydGl1bSwgSW5jLiAoU2lnbmluZyBrZXksIDIwMTMpIDxjb2Rlc2ln
 bkBpc2Mub3JnPokBPgQTAQIAKAUCUQp4VgIbAwUJA8JnAAYLCQgHAwIGFQgCCQoL
 BBYCAwECHgECF4AACgkQRax4Vxic28XzIQf6AwLblJ98KI6l8gWqKVHMErYgl9+Q
 RiIxrqJtyn4OjeZHX9diVjv2HlsRjnTpNl5MiSB9tXvq+GX696w6dtpoqYjZEQoP
 ZCwE2USR6XO71eYO3rxLBnc0ymRvQm4zB2YKqworQDym0+wE8xiGBO8LyyVDfS5G
 aGWXl0YJkfNYXzhEp6toIiLwRE0uP0TarHcHCo2CboVBgODvDZqwSBfT+i6dT+Gy
 6nVEh3j7XnqgjCQ25cGev9sHR3hobT/fxG0F2YZ7sMwpWj9q0Y/dOlY7SV/ZGSs+
 ubKQ55BWsTjJRrNqyDX8QLb8oVic5q/yQkV+RTs1sP5s6JSs0KqQdyR3ZbkBDQRR
 CnhWAQgApxtu688JKcr6NXWOneWXn1Pti2jRhdVKNlNkGgLJ76vQTVdMmmTDwEty
 YQM6C9qjIXj8cEwz+LGRUXoCXOX9Yokf5oOjNpQutn4KVS+IRvWMYaK0qsTaa/c0
 FaIiFWvswyGucXAX/q9H5IoK8uYKXv5ww7+x3l1etg9/QdDQ/CANyMQbjBn38Wfn
 Fy/zoUl+mMZLfqs+3NwT5C+m/4M99SoyC7XQLaZt3PBO4rVjUnMkCgiXsNdDIZnv
 0XgUKyzSgrdPZcqKEG3yj8v5aTOC2k60Ffw1/ytA3hyfxLmdxxsyGyNQ4ZY8ZxmB
 Z6AyUWVK95bL4oQqUCqfzSscHpWokQARAQABiQElBBgBAgAPBQJRCnhWAhsMBQkD
 wmcAAAoJEEWseFcYnNvF4JAH/0MlU+Iwu5k6II3KufE2agMsRD2hk1VkpZcC08qi
 LfHxX/4HrCZd7jcViLpFeK+I5JaDM2G21Co9jBMoPh+EUDnalG3eglXgeNEbUfAZ
 pM7c9UejTNVmrw6crcgeUhKS2l0oBu9gRRlcSJEYY8XngfKJHBscCrsafp3RMVkO
 m4Ti4CcxOot3uQ10U8GojjtWp7bgqIaFBF8aV8vugXJLl9IHqgVEtvo9miM+0Tfi
 evOzuZMrgVY4zI2ZiLcrVM1KuIeZ2nIKbNWkJpDH2ZwUfsIx/KTxjpqld+NStzGQ
 B9v1wazIBDHQU4hq5ddOlk0lrLDAmMJzHbavlduWmFRkuv4=
 =bGLP
 -----END PGP PUBLIC KEY BLOCK-----
--- a/bind.spec
+++ b/bind.spec
@ -1,7 +1,7 @@
 #
 # spec file for package bind
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@
 Name:           bind
 %define pkg_name bind
-%define pkg_vers 9.9.2-P1
+%define pkg_vers 9.9.2-P2
 BuildRequires:  krb5-devel
 BuildRequires:  libcap
 BuildRequires:  libcap-devel
@ -44,6 +44,9 @@ Requires:       %{name}-utils
 PreReq:         %fillup_prereq %insserv_prereq bind-utils /bin/grep /bin/sed /bin/mkdir /usr/bin/tee /bin/chmod /bin/chown /bin/mv /bin/cat /usr/bin/dirname /usr/bin/diff /usr/bin/old /usr/sbin/groupadd /usr/sbin/useradd /usr/sbin/usermod
 Url:            http://isc.org/sw/bind/
 Source:         ftp://ftp.isc.org/isc/bind9/%{pkg_vers}/bind-%{pkg_vers}.tar.gz
 Source3:        ftp://ftp.isc.org/isc/bind9/%{pkg_vers}/bind-%{pkg_vers}.tar.gz.asc
 # from http://www.isc.org/about/openpgp/ ... changes yearly apparently.
 Source4:        %name.keyring
 Source1:        vendor-files.tar.bz2
 Source2:        baselibs.conf
 Source9:        ftp://ftp.internic.net/domain/named.root
@ -56,6 +59,9 @@ Patch51:        pie_compile.diff
 Patch52:        named-bootconf.diff
 Patch100:       configure.in.diff2
 Patch110:       workaround-compile-problem.diff
 %if 0%{?suse_version} > 1220
 BuildRequires:  gpg-offline
 %endif
 # Rate limiting patch by Paul Vixie et.al. for reflection DoS protection
 # see http://www.redbarn.org/dns/ratelimits
@ -185,6 +191,9 @@ test and query the Domain Name System (DNS).  The Berkeley Internet
 Name Domain (BIND) DNS server is found in the package named bind.
 %prep
 %if 0%{?suse_version} > 1220
 %gpg_verify %{S:3}
 %endif
 %setup -q -n %{pkg_name}-%{pkg_vers}
 #%setup -n %{pkg_name}-%{version} -T -D -a1 -a50
 %setup -q -n %{pkg_name}-%{pkg_vers} -T -D -a1
--- a/named.root
+++ b/named.root
@ -9,8 +9,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ;
-;       last update:    Jun 8, 2011
+;       last update:    Jan 3, 2013
-;       related version of root zone:   2011060800
+;       related version of root zone:   2013010300
 ;
 ; formerly NS.INTERNIC.NET
 ;
@ -31,7 +31,7 @@ C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
 ; FORMERLY TERP.UMD.EDU
 ;
 .                        3600000      NS    D.ROOT-SERVERS.NET.
-D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
 D.ROOT-SERVERS.NET.	 3600000      AAAA  2001:500:2D::D
 ;
 ; FORMERLY NS.NASA.GOV