Accepting request 963527 from home:jmoellers:branches:network

OBS-URL: https://build.opensuse.org/request/show/963527 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=338
2022-03-31 09:30:02 +00:00 · 2022-03-31 09:30:02 +00:00 · a049546ee4
commit a049546ee4
parent a6a277bcef
7 changed files with 73 additions and 50 deletions
--- a/bind-9.18.0.tar.xz
+++ b/bind-9.18.0.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:56525bf5caf01fd8fd9d90910880cc0f8a90a27a97d169187d651d4ecf0c411c
 size 5292320
--- a/bind-9.18.0.tar.xz.sha512.asc
+++ b/bind-9.18.0.tar.xz.sha512.asc
@ -1,17 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Comment: GPGTools - https://gpgtools.org
 iQIzBAABCgAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAmHv4ucACgkQxbTukxqf
 nf133g//c/DzUcbtmssrr13B2vPO0LKa/iGolgUqx5F8jdG6L6j68z9zxAGqGYe3
 FzWgkWfh1oHfdEjgu5ta7Orz3j+KnaAuZhGBCzYlSIGNcOjlopuQdZwFPpQKkT9n
 Ww/66FMN3QIWN9N7a7Ru6zBl0RwaYrIlmKY6tHIGUsjnXM9tUjxdz0YEhIfMkG6i
 HROIJxOhKqAu6Ty5VBHXs/Pede3wLik5dMGJoQ/hZC/vOXF5fjfUiy82HLIKYy+g
 2rkBFpUf32Oir3Aei2rJavaHOrtr5DX9F9pTtbW2Ga6XTPB6cEf1IkFPtMHtJswV
 NPZqCthQujyYknjDo7cZU25uUfmh4c6G9fPu4Xr9j4OVUC+1cdpNBzxf2SQ+PHGf
 Vq3WneoPSA5XfJ2M/5ebX+vFSbwQ2kmawee8g4OruZi8kAFx5ejhwm4LZTqe/tna
 Padejt1UE3YVhB5DyoZxMO55KU3W66ah6xhDJnoCFAXriAWO1dsL1AvI9kAtkrWT
 UJ3wFGGIqQAJO3wtvT3OC0LvaoF1Dv8riQfDVQ3UAFSdib919iGUK5uk9kadDccq
 hcVO4dDn/txM9ffZpUEdvy1wofLhDyVSZSknzuqmpoLVPYhzLAEztF6Y6TowXz7S
 yFjFtEgYrwnjPd1zPD9SusoptzxPrctz4gsHzkE3Gn6SBH07uBM=
 =gmx/
 -----END PGP SIGNATURE-----
--- a/bind-9.18.1.tar.xz
+++ b/bind-9.18.1.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:57c7afd871694d615cb4defb1c1bd6ed023350943d7458414db8d493ef560427
 size 5059456
--- a/bind-9.18.1.tar.xz.sha512.asc
+++ b/bind-9.18.1.tar.xz.sha512.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP SIGNATURE-----
 Comment: GPGTools - https://gpgtools.org
 iQIzBAABCgAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAmInMmEACgkQxbTukxqf
 nf0KDhAAzQav7F0ouTLcDFz3NsTsLhodaofSFPPfBnFrq0Dxj2bInrbc8XVgQWQh
 9jkqjyjIiT45/uvlcxmuuLK9mJa95Nr+DieZgyQkam8pb6pNhqNYgmzNdn1/qVuO
 xNL5anl/or3FD1cnYU7Xa6K8AFWt0izNmUFmKz4lCir4tJbQxXIIY0yk7lS05OHl
 +hYNvWsdtM7ry1dcixaOwY76vkFbK1H4zCLI+LM/5oDjmj/24VlZi+i4TRCfvTHG
 Iss15gI+UuLtYnj/DRLjamZGWKhBqPHj/Vo2jzlhy5ID3OJ43m6QxmXZeOFUW1rr
 GnL/cGKvi5aq7TcmVVY+w34kdPtdACjw9eZ/MjlTuAb0DtsI/EH4sux1/TNRwcVT
 +Ojohd+QvU4f2uXjdC3iVHsuD4txaZBb096uXCk26/IQgWgWbbcJYtWqOj7Rnh5C
 YUWUhYDoyL5GbwqJ7BYf6X/wIqPmugBX1DtZpS7lJnVhOckpQNVPc2mjltw5LrI4
 2nkaDsZN7JR707JiTI8gFe4czBXzCY5FYNaAAZPjLI7FvfRQIRmxkrWr6e0PYKWE
 xyhrk73t0iacZfoO5uQr7lNIsrFPar7udFW3tfPCzFLfIcfUkFzeBY8ZStlSf33N
 axYFNmzB8iCH/MUgfRQc+9pkWHNEQqnOUNJGl0mewoNnp+qIgcQ=
 =f5BI
 -----END PGP SIGNATURE-----
--- a/bind-define-missing-threads.patch
+++ b/bind-define-missing-threads.patch
@ -1,10 +0,0 @@
 --- bind-9.18.0.orig/contrib/dlz/modules/include/dlz_pthread.h	2022-01-24 09:28:57.521507091 +0100
 +++ bind-9.18.0/contrib/dlz/modules/include/dlz_pthread.h	2022-02-08 12:19:14.177179130 +0100
@@ -18,6 +18,7 @@
 #pragma once
 +# define PTHREADS 1
 #include <pthread.h>
 #define dlz_mutex_t	  pthread_mutex_t
 #define dlz_mutex_init	  pthread_mutex_init
--- a/bind.changes
+++ b/bind.changes
@ -1,3 +1,49 @@
 -------------------------------------------------------------------
 Thu Mar 17 07:28:25 UTC 2022 - Josef Möllers <josef.moellers@suse.com>
 - * When using forwarders, bogus NS records supplied by, or via, those
    forwarders may be cached and used by named if it needs to recurse
    for any reason, causing it to obtain and pass on potentially
    incorrect answers. [CVE-2021-25220]
  * TCP connection slots may be consumed for an indefinite time frame
    via a specifically crafted TCP stream sent from a client.
    This issue can only be triggered on BIND servers which have
    keep-response-order enabled, which is not the default configuration.
    The keep-response-order option is an ACL block, and as such, any
    hosts specified within it will be able to trigger this issue on
    affected versions. [CVE-2022-0396]
  * The RFC 8198 Aggressive Use of DNSSEC-Validated Cache feature
    (synth-from-dnssec) had been refactored and the default has been
    changed so that is now automatically enabled for dnssec-validating
    resolvers. Subsequently it was found that repeated patterns of
    specific queries to servers with this feature enabled could cause
    an INSIST failure in query.c:query_dname which causes named to
    terminate unexpectedly.
    The vulnerability affects BIND resolvers running 9.18.0 that have
    both dnssec-validation and synth-from-dnssec enabled. (Note that
    dnssec-validation auto; is the default setting unless configured
    otherwise in named.conf and that enabling dnssec-validation
    automatically enables synth-from-dnssec unless explicitly disabled)
    [CVE-2022-0635]
  * The refactoring of the recursive client code introduced a
    "backstop lifetime timer."
    While BIND is processing a request for a DS record that needs to be
    forwarded, it waits until this processing is complete or until the
    backstop lifetime timer has timed out. When the resume_dslookup() function
    is called as a result of such a timeout, the function does not test
    whether the fetch has previously been shut down. This introduces the
    possibility of triggering an assertion failure, which could cause the BIND
    process to terminate. [CVE-2022-0667]
  * Reset client TCP connection when data received cannot
    be parsed as a valid DNS request.
  For a complete list of changes, see
  * Bind Release Notes
    https://downloads.isc.org/isc/bind9/9.18.1/doc/arm/html/notes.html
  * The CHANGES file in the source RPM
  This obsoletes bind-define-missing-threads.patch
  [bind-9.18.1.tar.xz, bind-9.18.1.tar.xz.sha512.asc,
   bind-define-missing-threads.patch]
 -------------------------------------------------------------------
 Mon Jan 31 13:49:51 UTC 2022 - Josef Möllers <josef.moellers@suse.com>
--- a/bind.spec
+++ b/bind.spec
@ -56,7 +56,7 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.18.0
+Version:        9.18.1
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0
@ -75,8 +75,6 @@ Source70:       bind.conf
 # configuation file for systemd-sysusers
 Source72:       named.conf
 Patch56:        bind-ldapdump-use-valid-host.patch
 # Fix typos in the source code (that will be fixed in th next minor release)
 Patch57:        bind-define-missing-threads.patch
 BuildRequires:  libcap-devel
 BuildRequires:  libopenssl-devel
 BuildRequires:  libtool
@ -150,16 +148,6 @@ test and query the Domain Name System (DNS) and also the libraries rquired
 for the base "bind" package. The Berkeley Internet
 Name Domain (BIND) DNS server is found in the package named bind.
 # 9.18.0 %package -n python3-bind
 # 9.18.0 Summary:        A module allowing rndc commands to be sent from Python programs
 # 9.18.0 Group:          Development/Languages/Python
 # 9.18.0 Requires:       python3
 # 9.18.0 Requires:       python3-ply
 # 9.18.0 BuildArch:      noarch
 # 9.18.0 %description -n python3-bind
 # 9.18.0 This package provides a module which allows commands to be sent to rndc directly from Python programs.
 %if %{with_modules_perl}
 %package modules-perl
 Summary:        A dynamically loadable zone (DLZ) plugin embedding a Perl interpreter in BIND
@ -174,7 +162,7 @@ to be written to integrate with BIND and serve DNS data.
 %if %{with_modules_mysql}
 %package modules-mysql
-Summary:        DLZ (dynamically loadable zone) modules which store zone data in a MySQL database
+Summary:        DLZ modules which store zone data in a MySQL database
 Group:          Productivity/Networking/DNS/Servers
 BuildRequires:  libmysqlclient-devel
@ -190,7 +178,7 @@ sends DNS NOTIFY packets to other name servers when appropriate.
 %if %{with_modules_ldap}
 %package modules-ldap
-Summary:        A DLZ (dynamically loadable zone) module which stores zone data in an LDAP directory
+Summary:        A DLZ module which stores zone data in an LDAP directory
 Group:          Productivity/Networking/DNS/Servers
 BuildRequires:  openldap2-devel
@ -201,7 +189,7 @@ update support
 %if %{with_modules_bdbhpt}
 %package modules-bdbhpt
-Summary:        A DLZ (dynamically loadable zone) module which stores zone data in a BerkeleyDB
+Summary:        A DLZ module which stores zone data in a BerkeleyDB
 Group:          Productivity/Networking/DNS/Servers
 BuildRequires:  libdb-4_8-devel
@ -212,7 +200,7 @@ update support
 %if %{with_modules_sqlite3}
 %package modules-sqlite3
-Summary:        A DLZ (dynamically loadable zone) module which stores zone data in an sqlite3 db
+Summary:        A DLZ module which stores zone data in an sqlite3 db
 Group:          Productivity/Networking/DNS/Servers
 BuildRequires:  sqlite3-devel
@ -223,7 +211,7 @@ update support.
 %if %{with_modules_generic}
 %package modules-generic
-Summary:        DLZ (dynamically loadable zone) module which store zone data in plain files
+Summary:        DLZ module which store zone data in plain files
 Group:          Productivity/Networking/DNS/Servers
 %description modules-generic
@ -337,7 +325,6 @@ mkdir -p \
 mkdir -p %{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
 %endif
 %make_install
 # install -m 0644 .clang-format.headers %{buildroot}/%{_defaultdocdir}/bind
 # remove useless .h files
 rm -rf %{buildroot}%{_includedir}
@ -557,7 +544,7 @@ fi
 %if %{with_modules_generic}
 %files modules-generic
 %{_libdir}/bind-plugins/dlz_filesystem_dynamic.so
-/usr/lib64/bind-plugins/dlz_wildcard_dynamic.so
+%{_libdir}/bind-plugins/dlz_wildcard_dynamic.so
 %endif
 %files doc -f filelist-bind-doc