pool/bind
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 264083 from home:lmuelle:bind

Browse Source 
- Add a versioned dependency when obsoleting packages.

- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).

- Fix gssapi_krb configure time header detection.

- Update root zone (dated Nov 5, 2014).

- Update to version 9.10.1
  - This release addresses the security flaws described in CVE-2014-3214 and
     CVE-2014-3859.
- Update to version 9.10.0
- Update to version 9.9.6

  Cf the bind changes file for all the details of 9.9.6 till 9.10.1.

- Remove merged rpz2+rl-9.9.5.patch and obsoleted rpz2+rl-9.9.5.patch
- Update baselibs.conf (added libirs and library interface version updates).

OBS-URL: https://build.opensuse.org/request/show/264083
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=153
This commit is contained in:
Marcus Meissner 2014-12-05 10:12:05 +00:00 committed by Git OBS Bridge
parent e179acbc40
commit 932f848950
15 changed files with 372 additions and 7786 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.in.diff
View File

@ -2,7 +2,7 @@ Index: bind-9.9.3-P1/bin/named/Makefile.in
===================================================================
--- bind-9.9.3-P1.orig/bin/named/Makefile.in
+++ bind-9.9.3-P1/bin/named/Makefile.in
@@ -176,9 +176,7 @@ installdirs:
@@ -173,9 +173,7 @@ installdirs:
install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
(cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@)

27
baselibs.conf
View File

@ -1,22 +1,25 @@
libbind9-90
libdns100
libbind9-140
libdns146
libidnkit1
libidnkitlite1
libidnkitres1
libisc95
libirs141
libisc142
obsoletes "bind-libs = <version>"
provides "bind-libs = <version>"
libisccc90
libisccfg90
liblwres90
libisccc140
libisccfg140
liblwres141
bind-devel
requires -bind-<targettype>
requires "libbind9-90-<targettype> = <version>"
requires "libisc95-<targettype> = <version>"
requires "libisccc90-<targettype> = <version>"
requires "libisccfg90-<targettype> = <version>"
requires "liblwres90-<targettype> = <version>"
requires "libbind9-140-<targettype> = <version>"
requires "libdns146-<targettype> = <version>"
requires "libirs141-<targettype> = <version>"
requires "libisc142-<targettype> = <version>"
requires "libisccc140-<targettype> = <version>"
requires "libisccfg140-<targettype> = <version>"
requires "liblwres141-<targettype> = <version>"
idnkit-devel
requires "libdns100-<targettype> = <version>"
requires "libdns146-<targettype> = <version>"
requires "libidnkit1-<targettype> = <version>"
requires "libidnkitlite1-<targettype> = <version>"

3
bind-9.10.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5361eca2b8b6bc0b13904b0f964336a478dfbc165711547f6cc3f8752ac60181
size 8353313

11
bind-9.10.1.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAABAgAGBQJUIAfBAAoJEEWseFcYnNvFmosIAMQn2vFb2j6iIqop7Fg4cJs5
0hR1gFdcwkBZELKbLXkpL8qGOYrF9A8Wdjraf8i2iLUwZ1qsWLSL1wMokgamacRT
8VsQnfS6o1CO/uVrB7QysWmcovuAuHNj1d4v2M6CIGnbuUneQ6sQf28u6TWG6ENW
RtKUcz418WwghvQlBmoi2BVxluR+/15im87eUMsNajWRtNPLZJc2KvFnKHiZFvTU
36ffiAUC3nL/+61pHz7JvxzpJtgjyGtgSF16unPXAI1Oyg7lZOw0+cNUOnzclYy/
UGw83PwxxtBjm9WmLPfnUqXPWKNzjCRPAiEDOvyCjEKD+HamDA7YxvV9D82aQW4=
=klq+
-----END PGP SIGNATURE-----

3
bind-9.9.5-P1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a41f7813f3a6eb0dcae961651ec93896fd82074929bc6c1d8c90b04a2417b850
size 7730150

11
bind-9.9.5-P1.tar.gz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (NetBSD)
iQEcBAABAgAGBQJTldadAAoJEEWseFcYnNvFsLAH/iepQdJvNgfZ5inZ//Kp8QeO
5dv6f7a6UvfHZiD5wh8p9MCiIKVgxdeVV5HsSOsu8UpnzXRsmC2aH3etdxhlIsqu
QTGfJzLiIY1Y+/xnSqUXHfKdJ4aCsHQqXiGqFi8oAW26DIQgjHDRfLhYkEWBeXss
KjhCiI0FDjxvEqQ3orFWwUBV6RfHyIwTL186R/57r9xTtzJZFapvXMvV4TJjYAvU
8UqPwP36mD7sdQEjg6PCOnrDtCheHLwF1q5m3a1rsuKmV3W3a2BZvTA2mW1xdrHb
oo0Vbvt6GfzmFJHhs2G2VEj4405ALOmqLGejxs7pSbcZ1yyPlU/L/pcn+s1iB/Q=
=zuFR
-----END PGP SIGNATURE-----

6
bind-sdb-ldap.patch
View File

@ -19,7 +19,7 @@ Index: bin/named/main.c
===================================================================
--- bin/named/main.c.orig 2013-12-20 01:28:28.000000000 +0100
+++ bin/named/main.c 2014-01-23 18:45:19.059680008 +0100
@@ -82,6 +82,7 @@
@@ -85,6 +85,7 @@
* Include header files for database drivers here.
*/
/* #include "xxdb.h" */
@ -27,7 +27,7 @@ Index: bin/named/main.c
#ifdef CONTRIB_DLZ
/*
@@ -922,6 +923,7 @@
@@ -1016,6 +1017,7 @@
* Add calls to register sdb drivers here.
*/
/* xxdb_init(); */
@ -35,7 +35,7 @@ Index: bin/named/main.c
#ifdef ISC_DLZ_DLOPEN
/*
@@ -958,6 +960,7 @@
@@ -1056,6 +1058,7 @@
* Add calls to unregister sdb drivers here.
*/
/* xxdb_clear(); */

184
bind.changes
View File

@ -1,3 +1,187 @@
-------------------------------------------------------------------
Thu Dec 4 18:36:41 UTC 2014 - lmuelle@suse.com
- Add a versioned dependency when obsoleting packages.
-------------------------------------------------------------------
Thu Dec 4 18:15:01 UTC 2014 - lmuelle@suse.com
- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).
-------------------------------------------------------------------
Wed Dec 3 16:58:24 UTC 2014 - lmuelle@suse.com
- Fix gssapi_krb configure time header detection.
-------------------------------------------------------------------
Sun Nov 30 13:52:44 UTC 2014 - lmuelle@suse.com
- Update root zone (dated Nov 5, 2014).
-------------------------------------------------------------------
Sat Nov 29 19:35:53 UTC 2014 - lmuelle@suse.com
- Update to version 9.10.1
- This release addresses the security flaws described in CVE-2014-3214 and
CVE-2014-3859.
- Update to version 9.10.0
- DNS Response-rate limiting (DNS RRL), which blunts the impact of
reflection and amplification attacks, is always compiled in and no longer
requires a compile-time option to enable it.
- An experimental "Source Identity Token" (SIT) EDNS option is now available.
- A new zone file format, "map", stores zone data in a
format that can be mapped directly into memory, allowing
significantly faster zone loading.
- "delv" (domain entity lookup and validation) is a new tool with dig-like
semantics for looking up DNS data and performing internal DNSSEC
validation.
- Improved EDNS(0) processing for better resolver performance
and reliability over slow or lossy connections.
- Substantial improvement in response-policy zone (RPZ) performance. Up to
32 response-policy zones can be configured with minimal performance loss.
- To improve recursive resolver performance, cache records which are still
being requested by clients can now be automatically refreshed from the
authoritative server before they expire, reducing or eliminating the time
window in which no answer is available in the cache.
- New "rpz-client-ip" triggers and drop policies allowing
response policies based on the IP address of the client.
- ACLs can now be specified based on geographic location using the MaxMind
GeoIP databases. Use "configure --with-geoip" to enable.
- Zone data can now be shared between views, allowing multiple views to serve
the same zones authoritatively without storing multiple copies in memory.
- New XML schema (version 3) for the statistics channel includes many new
statistics and uses a flattened XML tree for faster parsing. The older
schema is now deprecated.
- A new stylesheet, based on the Google Charts API, displays XML statistics
in charts and graphs on javascript-enabled browsers.
- The statistics channel can now provide data in JSON format as well as XML.
- New stats counters track TCP and UDP queries received
per zone, and EDNS options received in total.
- The internal and export versions of the BIND libraries (libisc, libdns,
etc) have been unified so that external library clients can use the same
libraries as BIND itself.
- A new compile-time option, "configure --enable-native-pkcs11", allows BIND
9 cryptography functions to use the PKCS#11 API natively, so that BIND can
drive a cryptographic hardware service module (HSM) directly instead of
using a modified OpenSSL as an intermediary.
- The new "max-zone-ttl" option enforces maximum TTLs for zones. This can
simplify the process of rolling DNSSEC keys by guaranteeing that cached
signatures will have expired within the specified amount of time.
- "dig +subnet" sends an EDNS CLIENT-SUBNET option when querying.
- "dig +expire" sends an EDNS EXPIRE option when querying.
- New "dnssec-coverage" tool to check DNSSEC key coverage for a zone and
report if a lapse in signing coverage has been inadvertently scheduled.
- Signing algorithm flexibility and other improvements
for the "rndc" control channel.
- "named-checkzone" and "named-compilezone" can now read
journal files, allowing them to process dynamic zones.
- Multiple DLZ databases can now be configured. Individual zones can be
configured to be served from a specific DLZ database. DLZ databases now
serve zones of type "master" and "redirect".
- "rndc zonestatus" reports information about a specified zone.
- "named" now listens on IPv6 as well as IPv4 interfaces by default.
- "named" now preserves the capitalization of names
when responding to queries.
- new "dnssec-importkey" command allows the use of offline
DNSSEC keys with automatic DNSKEY management.
- New "named-rrchecker" tool to verify the syntactic
correctness of individual resource records.
- When re-signing a zone, the new "dnssec-signzone -Q" option drops
signatures from keys that are still published but are no longer active.
- "named-checkconf -px" will print the contents of configuration files with
the shared secrets obscured, making it easier to share configuration (e.g.
when submitting a bug report) without revealing private information.
- "rndc scan" causes named to re-scan network interfaces for
changes in local addresses.
- On operating systems with support for routing sockets, network interfaces
are re-scanned automatically whenever they change.
- "tsig-keygen" is now available as an alternate command
name to use for "ddns-confgen".
- Update to version 9.9.6
New Features
- Support for CAA record types, as described in RFC 6844 "DNS
Certification Authority Authorization (CAA) Resource Record",
was added. [RT#36625] [RT #36737]
- Disallow "request-ixfr" from being specified in zone statements where it
is not valid (it is only valid for slave and redirect zones) [RT #36608]
- Support for CDS and CDNSKEY resource record types was added. For
details see the proposed Informational Internet-Draft "Automating
DNSSEC Delegation Trust Maintenance" at
http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14.
[RT #36333]
- Added version printing options to various BIND utilities. [RT #26057]
[RT #10686]
- Added a "no-case-compress" ACL, which causes named to use case-insensitive
compression (disabling change #3645) for specified clients. (This is useful
when dealing with broken client implementations that use case-sensitive
name comparisons, rejecting responses that fail to match the capitalization
of the query that was sent.) [RT #35300]
Feature Changes
- Adds RPZ SOA to the additional section of responses to clearly
indicate the use of RPZ in a manner that is intended to avoid
causing issues for downstream resolvers and forwarders [RT #36507]
- rndc now gives distinct error messages when an unqualified zone
name matches multiple views vs. matching no views [RT #36691]
- Improves the accuracy of dig's reported round trip times. [RT #36611]
- When an SPF record exists in a zone but no equivalent TXT record
does, a warning will be issued. The warning for the reverse
condition is no longer issued. See the check-spf option in the
documentation for details. [RT #36210]
- "named" will now log explicitly when using rndc.key to configure
command channel. [RT #35316]
- The default setting for the -U option (setting the number of UDP
listeners per interface) has been adjusted to improve performance.
[RT #35417]
- Aging of smoothed round-trip time measurements is now limited
to no more than once per second, to improve accuracy in selecting
the best name server. [RT #32909]
- DNSSEC keys that have been marked active but have no publication
date are no longer presumed to be publishable. [RT #35063]
Bug Fixes
- The Makefile in bin/python was changed to work around a bmake
bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)
- Corrected bugs in the handling of wildcard records by the DNSSEC
validator: invalid wildcard expansions could be treated as valid
if signed, and valid wildcard expansions in NSEC3 opt-out ranges
had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]
- When resigning, dnssec-signzone was removing all signatures from
delegation nodes. It now retains DS and (if applicable) NSEC
signatures. [RT #36946]
- The AD flag was being set inappopriately on RPZ responses. [RT #36833]
- Updates the URI record type to current draft standard,
draft-faltstrom-uri-08, and allows the value field to be zero
length [RT #36642] [RT #36737]
- RRSIG sets that were not loaded in a single transaction at start
up were not being correctly added to re-signing heaps. [RT #36302]
- Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]
- A race condition could cause a crash in isc_event_free during
shutdown. [RT #36720]
- Addresses a race condition issue in dispatch. [RT #36731]
- acl elements could be miscounted, causing a crash while loading
a config [RT #36675]
- Corrects a deadlock between view.c and adb.c. [RT #36341]
- liblwres wasn't properly handling link-local addresses in
nameserver clauses in resolv.conf. [RT #36039]
- Buffers in isc_print_vsnprintf were not properly initialized
leading to potential overflows when printing out quad values.
[RT #36505]
- Don't call qsort() with a null pointer, and disable the GCC 4.9
"delete null pointer check" optimizer option. This fixes problems
when using GNU GCC 4.9.0 where its compiler code optimizations
may cause crashes in BIND. For more information, see the operational
advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]
- Fixed a bug that could cause repeated resigning of records in
dynamically signed zones. [RT #35273]
- Fixed a bug that could cause an assertion failure after forwarding
was disabled. [RT #35979]
- Fixed a bug that caused SERVFAILs when using RPZ on a system
configured as a forwarder. [RT #36060]
- Worked around a limitation in Solaris's /dev/poll implementation
that could cause named to fail to start when configured to use
more sockets than the system could accomodate. [RT #35878]
- Remove merged rpz2+rl-9.9.5.patch and obsoleted rpz2+rl-9.9.5.patch
- Update baselibs.conf (added libirs and library interface version updates).
-------------------------------------------------------------------
Fri Nov 14 09:18:26 UTC 2014 - dimstar@opensuse.org

165
bind.spec
View File

@ -18,8 +18,8 @@
Name: bind
%define pkg_name bind
%define pkg_vers 9.9.5-P1
%define rpm_vers 9.9.5P1
%define pkg_vers 9.10.1
%define rpm_vers 9.10.1
%define idn_vers 1.0
Summary: Domain Name System (DNS) Server (named)
License: ISC
@ -37,7 +37,6 @@ Source9: ftp://ftp.internic.net/domain/named.root
Source40: http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt
Patch: configure.in.diff
Patch1: Makefile.in.diff
Patch2: pid-path.diff
Patch4: perl-path.diff
Patch51: pie_compile.diff
Patch52: named-bootconf.diff
@ -58,18 +57,13 @@ BuildRequires: update-desktop-files
Provides: bind8
Provides: bind9
Provides: dns_daemon
Obsoletes: bind8
Obsoletes: bind9
Obsoletes: bind8 < %version
Obsoletes: bind9 < %version
Requires: %{name}-chrootenv
Requires: %{name}-utils
PreReq: %fillup_prereq %insserv_prereq bind-utils /bin/grep /bin/sed /bin/mkdir /usr/bin/tee /bin/chmod /bin/chown /bin/mv /bin/cat /usr/bin/dirname /usr/bin/diff /usr/bin/old /usr/sbin/groupadd /usr/sbin/useradd /usr/sbin/usermod
Url: http://isc.org/sw/bind/
# Rate limiting patch by Paul Vixie et.al. for reflection DoS protection
# see http://www.redbarn.org/dns/ratelimits
#Patch200: http://ss.vix.su/~vjs/rpz2+rl-9.9.5.patch
Patch200: rpz2+rl-9.9.5.patch
Source60: dlz-schema.txt
%if %ul_version >= 1
%define VENDOR UL
@ -135,23 +129,23 @@ idnkit is a toolkit for handling internationalized domain names. This
subpackage contains the header files needed for building programs
with it.
%package -n libbind9-90
%package -n libbind9-140
Summary: BIND9 shared library used by BIND
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n libbind9-90
%description -n libbind9-140
This library contains a few utility functions used by the BIND
server and utilities.
%package -n libdns100
%package -n libdns146
Summary: DNS library uesd by BIND
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n libdns100
%description -n libdns146
This subpackage contains the "DNS client" module. This is a higher
level API that provides an interface to name resolution, single DNS
transaction with a particular server, and dynamic update. Regarding
@ -205,7 +199,33 @@ libidnkitres is a LD_PRELOAD-able library which provides a modified
version of resolver functions (gethostbyname, getaddrinfo, etc.)
which implement features for handling internationalized domain names.
%package -n libisc95
%package -n libirs141
Summary: The "IRS" (Information Retrieval System) library
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n libirs141
libirs provides an interface to parse the traditional resolv.conf file and an
"advanced" configuration file related to the DNS library for configuration
parameters that would be beyond the capability of the resolv.conf file.
Specifically, it is intended to provide DNSSEC related configuration
parameters. By default the path to this configuration file is /etc/dns.conf.
%package -n libirs-devel
Summary: Development files for IRS
Group: Development/Libraries/C and C++
Version: %rpm_vers
Release: 0
Requires: libirs141 = %rpm_vers
%description -n libirs-devel
libirs provides an interface to parse the traditional resolv.conf file and an
"advanced" configuration file related to the DNS library for configuration
parameters that would be beyond the capability of the resolv.conf file. This
subpackage contains the header files needed for building programs with it.
%package -n libisc142
Summary: ISC shared library uesd by BIND
Group: System/Libraries
Version: %rpm_vers
@ -216,39 +236,39 @@ Release: 0
Obsoletes: bind-libs = %version-%release
Provides: bind-libs < %version-%release
%description -n libisc95
%description -n libisc142
This library contains miscellaneous utility function used by the BIND
server and utilities. It includes functions for assertion handling,
balanced binary (AVL) trees, bit masks comparison, event based
programs, heap-based priority queues, memory handling, and program
logging.
%package -n libisccc90
%package -n libisccc140
Summary: Command Channel Library used by BIND
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n libisccc90
%description -n libisccc140
This library is used for communicating with BIND servers'
administrative command channel (port 953 by default).
%package -n libisccfg90
%package -n libisccfg140
Summary: Exported ISC configuration shared library
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n libisccfg90
%description -n libisccfg140
This BIND library contains the configuration file parser
%package -n liblwres90
%package -n liblwres141
Summary: Lightweight Resolver API library
Group: System/Libraries
Version: %rpm_vers
Release: 0
%description -n liblwres90
%description -n liblwres141
The BIND 9 lightweight resolver library is a name service independent
stub resolver library. It provides hostname-to-address and
address-to-hostname lookup services to applications by transmitting
@ -275,21 +295,17 @@ Summary: Development Libraries and Header Files of BIND
Group: Development/Libraries/C and C++
Version: %rpm_vers
Release: 0
Requires: libbind9-90 = %version
Requires: libdns100 = %version
Requires: libisc95 = %version
Requires: libisccc90 = %version
Requires: libisccfg90 = %version
Requires: liblwres90 = %version
Requires: libbind9-140 = %version
Requires: libdns146 = %version
Requires: libirs141 = %version
Requires: libisc142 = %version
Requires: libisccc140 = %version
Requires: libisccfg140 = %version
Requires: liblwres141 = %version
Provides: bind8-devel
Provides: bind9-devel
Obsoletes: bind8-devel
Obsoletes: bind9-devel
# bug437293
%ifarch ppc64
Obsoletes: bind-devel-64bit
%endif
#
Obsoletes: bind8-devel < %version
Obsoletes: bind9-devel < %version
%description devel
This package contains the header files, libraries, and documentation
@ -339,13 +355,8 @@ Release: 0
Provides: bind9-utils
Provides: bindutil
Provides: dns_utils
Obsoletes: bind9-utils
Obsoletes: bindutil
# bug437293
%ifarch ppc64
Obsoletes: bind-utils-64bit
%endif
#
Obsoletes: bind9-utils < %version
Obsoletes: bindutil < %version
%description utils
This package includes the utilities host, dig, and nslookup used to
@ -358,7 +369,6 @@ Name Domain (BIND) DNS server is found in the package named bind.
%setup -q -n %{pkg_name}-%{pkg_vers} -T -D -a1
%patch -p1
%patch1 -p1
%patch2 -p0
%patch4 -p0
#%patch50
%if 0%{?suse_version} >= 1000
@ -370,7 +380,6 @@ Name Domain (BIND) DNS server is found in the package named bind.
%patch100 -p1
%endif
%patch101 -p1
%patch200 -p0
# modify settings of some files regarding to OS version and vendor
function replaceStrings()
{
@ -392,7 +401,8 @@ cp contrib/sdb/ldap/ldapdb.h bin/named/include/
%build
%{?suse_update_config:%{suse_update_config -f}}
cat /usr/share/aclocal/libtool.m4 >> aclocal.m4
# gssapi/gssapi_krb5.h isn't found if aclocal.m4 gets modified this way
#cat /usr/share/aclocal/libtool.m4 >> aclocal.m4
%{__libtoolize} -f
%{__aclocal}
%{__autoconf}
@ -693,24 +703,26 @@ fi
%insserv_cleanup
%service_del_postun named
%post -n libbind9-90 -p /sbin/ldconfig
%postun -n libbind9-90 -p /sbin/ldconfig
%post -n libdns100 -p /sbin/ldconfig
%postun -n libdns100 -p /sbin/ldconfig
%post -n libbind9-140 -p /sbin/ldconfig
%postun -n libbind9-140 -p /sbin/ldconfig
%post -n libdns146 -p /sbin/ldconfig
%postun -n libdns146 -p /sbin/ldconfig
%post -n libidnkit1 -p /sbin/ldconfig
%postun -n libidnkit1 -p /sbin/ldconfig
%post -n libidnkitlite1 -p /sbin/ldconfig
%postun -n libidnkitlite1 -p /sbin/ldconfig
%post -n libidnkitres1 -p /sbin/ldconfig
%postun -n libidnkitres1 -p /sbin/ldconfig
%post -n libisc95 -p /sbin/ldconfig
%postun -n libisc95 -p /sbin/ldconfig
%post -n libisccc90 -p /sbin/ldconfig
%postun -n libisccc90 -p /sbin/ldconfig
%post -n libisccfg90 -p /sbin/ldconfig
%postun -n libisccfg90 -p /sbin/ldconfig
%post -n liblwres90 -p /sbin/ldconfig
%postun -n liblwres90 -p /sbin/ldconfig
%post -n libirs141 -p /sbin/ldconfig
%postun -n libirs141 -p /sbin/ldconfig
%post -n libisc142 -p /sbin/ldconfig
%postun -n libisc142 -p /sbin/ldconfig
%post -n libisccc140 -p /sbin/ldconfig
%postun -n libisccc140 -p /sbin/ldconfig
%post -n libisccfg140 -p /sbin/ldconfig
%postun -n libisccfg140 -p /sbin/ldconfig
%post -n liblwres141 -p /sbin/ldconfig
%postun -n liblwres141 -p /sbin/ldconfig
%pre chrootenv
%{GROUPADD_NAMED}
@ -774,7 +786,9 @@ fi
%{_sbindir}/named-checkconf
%{_sbindir}/named-checkzone
%{_sbindir}/named-compilezone
%{_sbindir}/named-rrchecker
%{_mandir}/man1/bind9-config.1.gz
%{_mandir}/man1/named-rrchecker.1.gz
%{_mandir}/man5/named.conf.5.gz
%{_mandir}/man8/named-checkconf.8.gz
%{_mandir}/man8/named-checkzone.8.gz
@ -814,13 +828,13 @@ fi
%_libdir/libidn*.so
%_mandir/man3/libidn*.3*
%files -n libbind9-90
%files -n libbind9-140
%defattr(-,root,root)
%_libdir/libbind9.so.90*
%_libdir/libbind9.so.140*
%files -n libdns100
%files -n libdns146
%defattr(-,root,root)
%_libdir/libdns.so.100*
%_libdir/libdns.so.146*
%files -n libidnkit1
%defattr(-,root,root)
@ -834,21 +848,29 @@ fi
%defattr(-,root,root)
%_libdir/libidnkitres.so.1*
%files -n libisc95
%files -n libirs141
%defattr(-,root,root)
%_libdir/libisc.so.95*
%_libdir/libirs.so.141*
%files -n libisccc90
%files -n libirs-devel
%defattr(-,root,root)
%_libdir/libisccc.so.90*
%_libdir/libirs.so
%files -n libisccfg90
%files -n libisc142
%defattr(-,root,root)
%_libdir/libisccfg.so.90*
%_libdir/libisc.so.142*
%files -n liblwres90
%files -n libisccc140
%defattr(-,root,root)
%_libdir/liblwres.so.90*
%_libdir/libisccc.so.140*
%files -n libisccfg140
%defattr(-,root,root)
%_libdir/libisccfg.so.140*
%files -n liblwres141
%defattr(-,root,root)
%_libdir/liblwres.so.141*
%files chrootenv
%defattr(-,root,root)
@ -903,6 +925,7 @@ fi
%dir %{_sysconfdir}/openldap/schema
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dnszone.schema
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dlz.schema
%{_bindir}/delv
%{_bindir}/dig
%{_bindir}/host
%{_bindir}/nslookup
@ -928,9 +951,11 @@ fi
%{_sbindir}/nsec3hash
%{_sbindir}/rndc
%{_sbindir}/rndc-confgen
%{_sbindir}/tsig-keygen
%dir %doc %{_defaultdocdir}/bind
%{_defaultdocdir}/bind/README.%{VENDOR}
%{_mandir}/man1/arpaname.1.gz
%{_mandir}/man1/delv.1.gz
%{_mandir}/man1/dig.1.gz
%{_mandir}/man1/host.1.gz
%{_mandir}/man1/isc-config.sh.1.gz
@ -943,6 +968,7 @@ fi
%{_mandir}/man8/dnssec-coverage.8.gz
%endif
%{_mandir}/man8/dnssec-dsfromkey.8.gz
%{_mandir}/man8/dnssec-importkey.8.gz
%{_mandir}/man8/dnssec-keyfromlabel.8.gz
%{_mandir}/man8/dnssec-keygen.8.gz
%{_mandir}/man8/dnssec-revoke.8.gz
@ -955,5 +981,6 @@ fi
%{_mandir}/man8/nsec3hash.8.gz
%{_mandir}/man8/rndc.8.gz
%{_mandir}/man8/rndc-confgen.8.gz
%{_mandir}/man8/tsig-keygen.8.gz
%changelog

2
configure.in.diff
View File

@ -2,7 +2,7 @@ Index: bind-9.9.4-P2/configure.in
===================================================================
--- bind-9.9.4-P2.orig/configure.in 2013-12-20 01:28:28.000000000 +0100
+++ bind-9.9.4-P2/configure.in 2014-01-21 17:55:51.063395215 +0100
@@ -3172,7 +3172,7 @@
@@ -3839,7 +3839,7 @@ AC_SUBST(DOXYGEN)
# empty). The variable VARIABLE will be substituted into output files.
#

4
named-bootconf.diff
View File

@ -1,7 +1,7 @@
Index: contrib/named-bootconf/named-bootconf.sh
===================================================================
--- contrib/named-bootconf/named-bootconf.sh.orig
+++ contrib/named-bootconf/named-bootconf.sh
--- contrib/scripts/named-bootconf.sh.orig
+++ contrib/scripts/named-bootconf.sh
@@ -47,7 +47,8 @@
# POSSIBILITY OF SUCH DAMAGE.

26
named.root
View File

@ -9,30 +9,32 @@
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 3, 2013
; related version of root zone: 2013010300
; last update: November 05, 2014
; related version of root zone: 2014110501
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
@ -43,7 +45,7 @@ E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
@ -54,25 +56,25 @@ G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
@ -84,5 +86,5 @@ L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
; End of File
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of file

29
pid-path.diff
View File

@ -1,29 +0,0 @@
Index: bin/named/include/named/globals.h
===================================================================
--- bin/named/include/named/globals.h.orig 2013-07-17 00:13:06.000000000 +0200
+++ bin/named/include/named/globals.h 2013-08-05 14:14:28.152275375 +0200
@@ -140,9 +140,9 @@
"lwresd.pid");
#else
EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR
- "/run/named.pid");
+ "/run/named/named.pid");
EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
- "/run/lwresd.pid");
+ "/run/named/lwresd.pid");
#endif
EXTERN const char * ns_g_username INIT(NULL);
Index: contrib/nanny/nanny.pl
===================================================================
--- contrib/nanny/nanny.pl.orig 2013-07-17 00:13:06.000000000 +0200
+++ contrib/nanny/nanny.pl 2013-08-05 14:14:28.153275387 +0200
@@ -19,7 +19,7 @@
# A simple nanny to make sure named stays running.
-$pid_file_location = '/var/run/named.pid';
+$pid_file_location = '/var/run/named/named.pid';
$nameserver_location = 'localhost';
$dig_program = 'dig';
$named_program = 'named';

20
pie_compile.diff
View File

@ -49,7 +49,7 @@ Index: bin/dig/Makefile.in
===================================================================
--- bin/dig/Makefile.in.orig 2013-07-17 00:13:06.000000000 +0200
+++ bin/dig/Makefile.in 2013-08-06 12:08:19.492457714 +0200
@@ -69,8 +69,12 @@
@@ -69,8 +69,12 @@ HTMLPAGES = dig.html host.html nslookup.
MANOBJS = ${MANPAGES} ${HTMLPAGES}
@ -61,12 +61,12 @@ Index: bin/dig/Makefile.in
+
dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \
${FINALBUILDCMD}
export LIBS0="${DNSLIBS}"; \
Index: bin/dnssec/Makefile.in
===================================================================
--- bin/dnssec/Makefile.in.orig 2013-07-17 00:13:06.000000000 +0200
+++ bin/dnssec/Makefile.in 2013-08-06 12:08:19.493457729 +0200
@@ -64,8 +64,12 @@
@@ -65,8 +65,12 @@
MANOBJS = ${MANPAGES} ${HTMLPAGES}
@ -96,7 +96,7 @@ Index: bin/named/Makefile.in
===================================================================
--- bin/named/Makefile.in.orig 2013-08-06 12:08:17.653432490 +0200
+++ bin/named/Makefile.in 2013-08-06 12:08:19.493457729 +0200
@@ -115,8 +115,12 @@
@@ -119,8 +119,12 @@
MANOBJS = ${MANPAGES} ${HTMLPAGES}
@ -158,8 +158,8 @@ Index: bin/tools/Makefile.in
===================================================================
--- bin/tools/Makefile.in.orig 2013-07-17 00:13:06.000000000 +0200
+++ bin/tools/Makefile.in 2013-08-06 12:08:19.493457729 +0200
@@ -53,8 +53,12 @@
genrandom.html isc-hmac-fixup.html
@@ -54,8 +54,12 @@ HTMLPAGES = arpaname.html named-journalp
nsec3hash.html genrandom.html isc-hmac-fixup.html
MANOBJS = ${MANPAGES} ${HTMLPAGES}
+EXT_CFLAGS = -fPIE -static
@ -169,8 +169,8 @@ Index: bin/tools/Makefile.in
+LDFLAGS += -pie
+
arpaname@EXEEXT@: arpaname.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ arpaname.@O@ \
${ISCLIBS} ${LIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
-o $@ arpaname.@O@ ${ISCLIBS} ${LIBS}
Index: contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in
===================================================================
--- contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in.orig 2013-07-17 00:13:06.000000000 +0200
@ -188,8 +188,8 @@ Index: contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in
OBJS = idnconv.o util.o selectiveencode.o
Index: contrib/zkt/Makefile.in
===================================================================
--- contrib/zkt/Makefile.in.orig 2013-07-17 00:13:06.000000000 +0200
+++ contrib/zkt/Makefile.in 2013-08-06 12:08:19.494457743 +0200
--- contrib/zkt-1.1.2/Makefile.in.orig 2013-07-17 00:13:06.000000000 +0200
+++ contrib/zkt-1.1.2/Makefile.in 2013-08-06 12:08:19.494457743 +0200
@@ -13,11 +13,11 @@
OPTIM = # -O3 -DNDEBUG

7601
rpz2+rl-9.9.5.patch
View File

File diff suppressed because it is too large Load Diff