diff --git a/Makefile.in.diff b/Makefile.in.diff index dd48504..7063cbc 100644 --- a/Makefile.in.diff +++ b/Makefile.in.diff @@ -1,13 +1,12 @@ -Index: bind-9.11.2/bin/named/Makefile.in +Index: bind-9.14.7/bin/named/Makefile.in =================================================================== ---- bind-9.11.2.orig/bin/named/Makefile.in 2017-07-24 07:36:50.000000000 +0200 -+++ bind-9.11.2/bin/named/Makefile.in 2017-08-15 10:27:54.263889946 +0200 -@@ -168,9 +168,7 @@ installdirs: - install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs +--- bind-9.14.7.orig/bin/named/Makefile.in ++++ bind-9.14.7/bin/named/Makefile.in +@@ -173,8 +173,7 @@ installdirs: + + install:: named@EXEEXT@ installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir} - (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@) - ${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8 -- ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5 + for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man$${m##*.}; done diff --git a/baselibs.conf b/baselibs.conf index 50c7654..0fbbda7 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,18 +1,16 @@ -libbind9-160 -libdns169 -libirs160 -libisc166 +libbind9-1302 +libdns1310 +libirs1301 +libisc1309 obsoletes "bind-libs- = " provides "bind-libs- = " -libisccc160 -libisccfg160 -liblwres160 +libisccc1302 +libisccfg1302 bind-devel requires -bind- - requires "libbind9-160- = " - requires "libdns169- = " - requires "libirs160- = " - requires "libisc166- = " - requires "libisccc160- = " - requires "libisccfg160- = " - requires "liblwres160- = " + requires "libbind9-1302- = " + requires "libdns1310- = " + requires "libirs1301- = " + requires "libisc1309- = " + requires "libisccc1302- = " + requires "libisccfg1302- = " diff --git a/bind-9.11.2.tar.gz b/bind-9.11.2.tar.gz deleted file mode 100644 index 7ad4be6..0000000 --- a/bind-9.11.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a -size 9782180 diff --git a/bind-9.11.2.tar.gz.asc b/bind-9.11.2.tar.gz.asc deleted file mode 100644 index 8a48e52..0000000 --- a/bind-9.11.2.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJZea3wAAoJEPGxG/Bc8C5Xh2oP/R1iUkk2l5Gp67xfitJLaFM6 -uA5t+pezactdPzwQkP30R5DxC05h3LHV1jBwC39Y9AzAcq4TNXqg4yClQmGSFfoS -JTM5LXguCw2LLqd1VzQgSTAb6Urmk+1HToasN5ct6u/gTi1W6l7Hg8aZrqPYKtov -0bI7wmo6z+vH+vgbl0hHoHBxdZaamt8VTIhBF/JP59WkxJHalf90VrDK/Ivx+lZY -9d0QjqCJsQZpZ9tGn01WW73NQQxtitrT0RoKfPWNp218QnJUZgebXvxxzxxarC/N -4HI8+vQTDQMWq6DS64ipZ0PhJofnQKHuTWg3qX/PTGNuDkrqRGAPBsEsbPv4Flqi -ieaf50ky+68ghBcGDS8DyFFXhZjjnIGQKgE5j3xlxqEqvmE944kMx/ty5/7rUCI4 -50zHJE6zfrsDaRAAOtudzw3nmI6lpetEk67k9u67rojZL36BVXrZPiUPldpToD9s -sJpep6KuEVG//Xcc5DVrmfYvxUASVa7uAPOfyvgSlW2f4xb7x2ZAS5t3H8/M5CiT -S+fiGzcGQAzckylwqOlVM/JfWkM19z56uE4kShMR8bj0oHE/zOFpfqFWpQ/jhxy6 -fIGrBFLAbm1wGOOhntN7833+OkOeucVqrBRTZ+HE4sRI4P0t2sZFtStYRV89TDPu -TwWLWtNVQ8rHKTKNAdkn -=q9OM ------END PGP SIGNATURE----- diff --git a/bind-9.14.7.tar.gz b/bind-9.14.7.tar.gz new file mode 100644 index 0000000..9960504 --- /dev/null +++ b/bind-9.14.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cea0f54e5908f77ffd21eb312ee9dd4f3f8f93ca312c6118f27d6c0fba45291d +size 6320994 diff --git a/bind-9.14.7.tar.gz.sha512.asc b/bind-9.14.7.tar.gz.sha512.asc new file mode 100644 index 0000000..5c7ebb2 --- /dev/null +++ b/bind-9.14.7.tar.gz.sha512.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEErj+seWcR7Fn8AHqkdLtrmky7PTgFAl2WMpIACgkQdLtrmky7 +PTiglA/9FQ7Czm80oOJhb+MW/V6q0bZKYRdB0YWjS3IT6GHcERYuRulKJ6Wq+9WN ++tmBfUXED5whO2irUocCjMv8dehK96pGGMpf5k6rKniFH4QG7RwUgGaNHpD66idv +3z5l/lMX7Av4mFFKyutJZQ3Uxjvc1tMqtGxRwNLNnRFzsHBYLZlsgXGwtjR52zO+ +yx6G68vKL5dwdOBMAlxslP4A/JNXI/1jx4TDPmFc2X8klgPJXXKa81a/r6lI73gm +G2r22+I1qMdHC1XenuNmEpulQCE01WUJvqu3jjnDmF4F/icborfWQRV/+WH27SPW +++5x6jHLXVZRcCpYH3bd/Fr6qsMLKUnLlnleH73aEEGpwty+9nmXJQ9Fie6eRLCX +hYy05cmXdvo3CwYA2XcTbW6qv0RM4NJJiWwlBX7zobm+KmAnHMveHa02XEyIN8JB +ARt24PeZVGrviTNFLik52Hpf7bJeaUBLFyStzrhJQikpJJpHFXh77r2c1IclpF63 +mfSgAGuhGFmYwJfUenH3hpQvv77Ckeqjrg/s4/UyDt+3dkTlSG2SjwVKXPyQMK8d +tGlSrtJ+MQCg+O89SLtdEASmFaBnJ8kjJki8OghH107gwfw2xKt/DL0Mbmh5nJ+o +hIJi/SAWfb0bXJdDnd9G45lz2mFuvXY3ImNmul/Hb73OU7ZTOSc= +=iobW +-----END PGP SIGNATURE----- diff --git a/bind-99-libidn.patch b/bind-99-libidn.patch deleted file mode 100644 index df2125d..0000000 --- a/bind-99-libidn.patch +++ /dev/null @@ -1,297 +0,0 @@ -diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in -index bd219c5..f71685b 100644 ---- a/bin/dig/Makefile.in -+++ b/bin/dig/Makefile.in -@@ -38,10 +38,10 @@ DEPLIBS = ${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} \ - ${ISCCFGDEPLIBS} ${LWRESDEPLIBS} - - LIBS = ${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ -- ${ISCLIBS} @IDNLIBS@ @LIBS@ -+ ${ISCLIBS} @IDNLIBS@ @LIBS@ -lidn - - NOSYMLIBS = ${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \ -- ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -+ ${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@ -lidn - - SUBDIRS = - -@@ -59,6 +59,8 @@ HTMLPAGES = dig.html host.html nslookup.html - - MANOBJS = ${MANPAGES} ${HTMLPAGES} - -+EXT_CFLAGS = -DWITH_LIBIDN -+ - @BIND9_MAKE_RULES@ - - dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS} -diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook -index 7a7e8e4..b36047f 100644 ---- a/bin/dig/dig.docbook -+++ b/bin/dig/dig.docbook -@@ -1251,8 +1251,8 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr - dig appropriately converts character encoding of - domain name before sending a request to DNS server or displaying a - reply from the server. -- If you'd like to turn off the IDN support for some reason, defines -- the IDN_DISABLE environment variable. -+ If you'd like to turn off the IDN support for some reason, define -+ the CHARSET=ASCII environment variable. - The IDN support is disabled if the variable is set when - dig runs. - -diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index 1f8bcf2..f657c30 100644 ---- a/bin/dig/dighost.c -+++ b/bin/dig/dighost.c -@@ -33,6 +33,11 @@ - #include - #endif - -+#ifdef WITH_LIBIDN -+#include -+#include -+#endif -+ - #include - #ifdef DIG_SIGCHASE - #include -@@ -158,6 +163,14 @@ static void idn_check_result(idn_result_t r, const char *msg); - int idnoptions = 0; - #endif - -+#ifdef WITH_LIBIDN -+static isc_result_t libidn_locale_to_utf8 (const char* from, char *to); -+static isc_result_t libidn_utf8_to_ascii (const char* from, char *to); -+static isc_result_t output_filter (isc_buffer_t *buffer, -+ unsigned int used_org, -+ isc_boolean_t absolute); -+#endif -+ - isc_socket_t *keep = NULL; - isc_sockaddr_t keepaddr; - -@@ -1448,8 +1461,15 @@ setup_system(isc_boolean_t ipv4only, isc_boolean_t ipv6only) { - - #ifdef WITH_IDN - initialize_idn(); -+ -+#endif -+#ifdef WITH_LIBIDN -+ result = dns_name_settotextfilter(output_filter); -+ check_result(result, "dns_name_settotextfilter"); -+#ifdef HAVE_SETLOCALE -+ setlocale (LC_ALL, ""); -+#endif - #endif -- - if (keyfile[0] != 0) - setup_file_key(); - else if (keysecret[0] != 0) -@@ -2231,8 +2251,11 @@ setup_lookup(dig_lookup_t *lookup) { - idn_result_t mr; - char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME]; - #endif -+#ifdef WITH_LIBIDN -+ char utf8_str[MXNAME], utf8_name[MXNAME], ascii_name[MXNAME]; -+#endif - --#ifdef WITH_IDN -+#if defined (WITH_IDN) || defined (WITH_LIBIDN) - result = dns_name_settotextfilter(lookup->idnout ? - output_filter : NULL); - check_result(result, "dns_name_settotextfilter"); -@@ -2274,6 +2297,14 @@ setup_lookup(dig_lookup_t *lookup) { - mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname, - utf8_textname, sizeof(utf8_textname)); - idn_check_result(mr, "convert textname to UTF-8"); -+#elif defined (WITH_LIBIDN) -+ result = libidn_locale_to_utf8 (lookup->textname, utf8_str); -+ check_result (result, "convert textname to UTF-8"); -+ len = strlen (utf8_str); -+ if (len < MXNAME) -+ (void) strcpy (utf8_name, utf8_str); -+ else -+ fatal ("Too long name"); - #endif - - /* -@@ -2286,15 +2317,11 @@ setup_lookup(dig_lookup_t *lookup) { - if (lookup->new_search) { - #ifdef WITH_IDN - if ((count_dots(utf8_textname) >= ndots) || !usesearch) { -- lookup->origin = NULL; /* Force abs lookup */ -- lookup->done_as_is = ISC_TRUE; -- lookup->need_search = usesearch; -- } else if (lookup->origin == NULL && usesearch) { -- lookup->origin = ISC_LIST_HEAD(search_list); -- lookup->need_search = ISC_FALSE; -- } -+#elif defined (WITH_LIBIDN) -+ if ((count_dots(utf8_name) >= ndots) || !usesearch) { - #else - if ((count_dots(lookup->textname) >= ndots) || !usesearch) { -+#endif - lookup->origin = NULL; /* Force abs lookup */ - lookup->done_as_is = ISC_TRUE; - lookup->need_search = usesearch; -@@ -2302,7 +2329,6 @@ setup_lookup(dig_lookup_t *lookup) { - lookup->origin = ISC_LIST_HEAD(search_list); - lookup->need_search = ISC_FALSE; - } --#endif - } - - #ifdef WITH_IDN -@@ -2319,6 +2345,20 @@ setup_lookup(dig_lookup_t *lookup) { - IDN_IDNCONV | IDN_LENCHECK, utf8_textname, - idn_textname, sizeof(idn_textname)); - idn_check_result(mr, "convert UTF-8 textname to IDN encoding"); -+#elif defined (WITH_LIBIDN) -+ if (lookup->origin != NULL) { -+ result = libidn_locale_to_utf8 (lookup->origin->origin, utf8_str); -+ check_result (result, "convert origin to UTF-8"); -+ if (len > 0 && utf8_name[len - 1] != '.') { -+ utf8_name[len++] = '.'; -+ if (len + strlen (utf8_str) < MXNAME) -+ (void) strcpy (utf8_name + len, utf8_str); -+ else -+ fatal ("Too long name + origin"); -+ } -+ } -+ -+ result = libidn_utf8_to_ascii (utf8_name, ascii_name); - #else - if (lookup->origin != NULL) { - debug("trying origin %s", lookup->origin->origin); -@@ -2389,6 +2429,13 @@ setup_lookup(dig_lookup_t *lookup) { - result = dns_name_fromtext(lookup->name, &b, - dns_rootname, 0, - &lookup->namebuf); -+#elif defined (WITH_LIBIDN) -+ len = strlen (ascii_name); -+ isc_buffer_init(&b, ascii_name, len); -+ isc_buffer_add(&b, len); -+ result = dns_name_fromtext(lookup->name, &b, -+ dns_rootname, 0, -+ &lookup->namebuf); - #else - len = (unsigned int) strlen(lookup->textname); - isc_buffer_init(&b, lookup->textname, len); -@@ -4377,7 +4424,7 @@ destroy_libs(void) { - void * ptr; - dig_message_t *chase_msg; - #endif --#ifdef WITH_IDN -+#if defined (WITH_IDN) || defined (WITH_LIBIDN) - isc_result_t result; - #endif - -@@ -4418,6 +4465,10 @@ destroy_libs(void) { - result = dns_name_settotextfilter(NULL); - check_result(result, "dns_name_settotextfilter"); - #endif -+#ifdef WITH_LIBIDN -+ result = dns_name_settotextfilter (NULL); -+ check_result(result, "clearing dns_name_settotextfilter"); -+#endif - dns_name_destroy(); - - if (commctx != NULL) { -@@ -4603,6 +4654,97 @@ idn_check_result(idn_result_t r, const char *msg) { - } - } - #endif /* WITH_IDN */ -+#ifdef WITH_LIBIDN -+static isc_result_t -+libidn_locale_to_utf8 (const char *from, char *to) { -+ char *utf8_str; -+ -+ debug ("libidn_locale_to_utf8"); -+ utf8_str = stringprep_locale_to_utf8 (from); -+ if (utf8_str != NULL) { -+ (void) strcpy (to, utf8_str); -+ free (utf8_str); -+ return ISC_R_SUCCESS; -+ } -+ -+ debug ("libidn_locale_to_utf8: failure"); -+ return ISC_R_FAILURE; -+} -+static isc_result_t -+libidn_utf8_to_ascii (const char *from, char *to) { -+ char *ascii; -+ int iresult; -+ -+ debug ("libidn_utf8_to_ascii"); -+ iresult = idna_to_ascii_8z (from, &ascii, 0); -+ if (iresult != IDNA_SUCCESS) { -+ debug ("idna_to_ascii_8z: %s", idna_strerror (iresult)); -+ return ISC_R_FAILURE; -+ } -+ -+ (void) strcpy (to, ascii); -+ free (ascii); -+ return ISC_R_SUCCESS; -+} -+ -+static isc_result_t -+output_filter (isc_buffer_t *buffer, unsigned int used_org, -+ isc_boolean_t absolute) { -+ -+ char tmp1[MXNAME], *tmp2; -+ size_t fromlen, tolen; -+ isc_boolean_t end_with_dot; -+ int iresult; -+ -+ debug ("output_filter"); -+ -+ fromlen = isc_buffer_usedlength (buffer) - used_org; -+ if (fromlen >= MXNAME) -+ return ISC_R_SUCCESS; -+ memcpy (tmp1, (char *) isc_buffer_base (buffer) + used_org, fromlen); -+ end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE; -+ if (absolute && !end_with_dot) { -+ fromlen++; -+ if (fromlen >= MXNAME) -+ return ISC_R_SUCCESS; -+ tmp1[fromlen - 1] = '.'; -+ } -+ tmp1[fromlen] = '\0'; -+ -+ iresult = idna_to_unicode_8z8z (tmp1, &tmp2, 0); -+ if (iresult != IDNA_SUCCESS) { -+ debug ("output_filter: %s", idna_strerror (iresult)); -+ return ISC_R_SUCCESS; -+ } -+ -+ (void) strcpy (tmp1, tmp2); -+ free (tmp2); -+ -+ tmp2 = stringprep_utf8_to_locale (tmp1); -+ if (tmp2 == NULL) { -+ debug ("output_filter: stringprep_utf8_to_locale failed"); -+ return ISC_R_SUCCESS; -+ } -+ -+ (void) strcpy (tmp1, tmp2); -+ free (tmp2); -+ -+ tolen = strlen (tmp1); -+ if (absolute && !end_with_dot && tmp1[tolen - 1] == '.') -+ tolen--; -+ -+ if (isc_buffer_length (buffer) < used_org + tolen) -+ return ISC_R_NOSPACE; -+ -+ debug ("%s", tmp1); -+ -+ isc_buffer_subtract (buffer, isc_buffer_usedlength (buffer) - used_org); -+ memcpy (isc_buffer_used (buffer), tmp1, tolen); -+ isc_buffer_add (buffer, tolen); -+ -+ return ISC_R_SUCCESS; -+} -+#endif /* WITH_LIBIDN*/ - - #ifdef DIG_SIGCHASE - void diff --git a/bind-CVE-2017-3145.patch b/bind-CVE-2017-3145.patch deleted file mode 100644 index 0751c1a..0000000 --- a/bind-CVE-2017-3145.patch +++ /dev/null @@ -1,138 +0,0 @@ -diff --git a/CHANGES b/CHANGES -index 5aa5053..32f920d 100644 ---- a/CHANGES -+++ b/CHANGES -@@ -1,3 +1,9 @@ -+ --- 9.11.2-P1 released --- -+ -+4858. [security] Addresses could be referenced after being freed -+ in resolver.c, causing an assertion failure. -+ (CVE-2017-3145) [RT #46839] -+ - --- 9.11.2 released --- - - --- 9.11.2rc2 released --- -diff --git a/lib/dns/api b/lib/dns/api -index 711bfd8..eadd740 100644 ---- a/lib/dns/api -+++ b/lib/dns/api -@@ -9,5 +9,5 @@ - # 9.11: 160-169 - # 9.12: 1200-1299 - LIBINTERFACE = 169 --LIBREVISION = 1 -+LIBREVISION = 2 - LIBAGE = 0 -diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index 8eb1d97..eb1ebcf 100644 ---- a/lib/dns/resolver.c -+++ b/lib/dns/resolver.c -@@ -831,7 +831,7 @@ fctx_stoptimer(fetchctx_t *fctx) { - * cannot fail in that case. - */ - result = isc_timer_reset(fctx->timer, isc_timertype_inactive, -- NULL, NULL, ISC_TRUE); -+ NULL, NULL, ISC_TRUE); - if (result != ISC_R_SUCCESS) { - UNEXPECTED_ERROR(__FILE__, __LINE__, - "isc_timer_reset(): %s", -@@ -839,7 +839,6 @@ fctx_stoptimer(fetchctx_t *fctx) { - } - } - -- - static inline isc_result_t - fctx_startidletimer(fetchctx_t *fctx, isc_interval_t *interval) { - /* -@@ -1116,7 +1115,8 @@ fctx_cleanupfinds(fetchctx_t *fctx) { - - for (find = ISC_LIST_HEAD(fctx->finds); - find != NULL; -- find = next_find) { -+ find = next_find) -+ { - next_find = ISC_LIST_NEXT(find, publink); - ISC_LIST_UNLINK(fctx->finds, find, publink); - dns_adb_destroyfind(&find); -@@ -1132,7 +1132,8 @@ fctx_cleanupaltfinds(fetchctx_t *fctx) { - - for (find = ISC_LIST_HEAD(fctx->altfinds); - find != NULL; -- find = next_find) { -+ find = next_find) -+ { - next_find = ISC_LIST_NEXT(find, publink); - ISC_LIST_UNLINK(fctx->altfinds, find, publink); - dns_adb_destroyfind(&find); -@@ -1148,7 +1149,8 @@ fctx_cleanupforwaddrs(fetchctx_t *fctx) { - - for (addr = ISC_LIST_HEAD(fctx->forwaddrs); - addr != NULL; -- addr = next_addr) { -+ addr = next_addr) -+ { - next_addr = ISC_LIST_NEXT(addr, publink); - ISC_LIST_UNLINK(fctx->forwaddrs, addr, publink); - dns_adb_freeaddrinfo(fctx->adb, &addr); -@@ -1163,7 +1165,8 @@ fctx_cleanupaltaddrs(fetchctx_t *fctx) { - - for (addr = ISC_LIST_HEAD(fctx->altaddrs); - addr != NULL; -- addr = next_addr) { -+ addr = next_addr) -+ { - next_addr = ISC_LIST_NEXT(addr, publink); - ISC_LIST_UNLINK(fctx->altaddrs, addr, publink); - dns_adb_freeaddrinfo(fctx->adb, &addr); -@@ -1171,16 +1174,20 @@ fctx_cleanupaltaddrs(fetchctx_t *fctx) { - } - - static inline void --fctx_stopeverything(fetchctx_t *fctx, isc_boolean_t no_response, -- isc_boolean_t age_untried) -+fctx_stopqueries(fetchctx_t *fctx, isc_boolean_t no_response, -+ isc_boolean_t age_untried) - { -- FCTXTRACE("stopeverything"); -+ FCTXTRACE("stopqueries"); - fctx_cancelqueries(fctx, no_response, age_untried); -+ fctx_stoptimer(fctx); -+} -+ -+static inline void -+fctx_cleanupall(fetchctx_t *fctx) { - fctx_cleanupfinds(fctx); - fctx_cleanupaltfinds(fctx); - fctx_cleanupforwaddrs(fctx); - fctx_cleanupaltaddrs(fctx); -- fctx_stoptimer(fctx); - } - - static void -@@ -1431,7 +1438,8 @@ fctx_done(fetchctx_t *fctx, isc_result_t result, int line) { - age_untried = ISC_TRUE; - - fctx->reason = NULL; -- fctx_stopeverything(fctx, no_response, age_untried); -+ -+ fctx_stopqueries(fctx, no_response, age_untried); - - LOCK(&res->buckets[fctx->bucketnum].lock); - -@@ -4022,11 +4030,12 @@ fctx_doshutdown(isc_task_t *task, isc_event_t *event) { - dns_resolver_cancelfetch(fctx->nsfetch); - - /* -- * Shut down anything that is still running on behalf of this -- * fetch. To avoid deadlock with the ADB, we must do this -- * before we lock the bucket lock. -+ * Shut down anything still running on behalf of this -+ * fetch, and clean up finds and addresses. To avoid deadlock -+ * with the ADB, we must do this before we lock the bucket lock. - */ -- fctx_stopeverything(fctx, ISC_FALSE, ISC_FALSE); -+ fctx_stopqueries(fctx, ISC_FALSE, ISC_FALSE); -+ fctx_cleanupall(fctx); - - LOCK(&res->buckets[bucketnum].lock); - diff --git a/bind-fix-fips.patch b/bind-fix-fips.patch deleted file mode 100644 index 4d548cd..0000000 --- a/bind-fix-fips.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: bind-9.11.2/lib/dns/opensslgost_link.c -=================================================================== ---- bind-9.11.2.orig/lib/dns/opensslgost_link.c -+++ bind-9.11.2/lib/dns/opensslgost_link.c -@@ -578,9 +578,16 @@ dst__opensslgost_init(dst_func_t **funcp - - /* check if the gost engine works properly */ - e = ENGINE_by_id("gost"); -- if (e == NULL) -+ if (e == NULL) { -+ /* In FIPS mode we cannot get the gost engine, even if -+ * openssl and bind was originally built with it. */ -+#if 0 - return (dst__openssl_toresult2("ENGINE_by_id", - DST_R_OPENSSLFAILURE)); -+#endif -+ return (ISC_R_SUCCESS); -+ } -+ - if (ENGINE_init(e) <= 0) { - ENGINE_free(e); - e = NULL; diff --git a/bind-sdb-ldap.patch b/bind-sdb-ldap.patch deleted file mode 100644 index f67a745..0000000 --- a/bind-sdb-ldap.patch +++ /dev/null @@ -1,45 +0,0 @@ -Index: bin/named/Makefile.in -=================================================================== ---- bin/named/Makefile.in.orig 2014-01-23 18:42:24.479609343 +0100 -+++ bin/named/Makefile.in 2014-01-24 10:11:54.234471728 +0100 -@@ -34,9 +34,9 @@ - # - # Add database drivers here. - # --DBDRIVER_OBJS = --DBDRIVER_SRCS = --DBDRIVER_INCLUDES = -+DBDRIVER_OBJS = ldapdb.@O@ -+DBDRIVER_SRCS = ldapdb.c -+DBDRIVER_INCLUDES = -DLDAP_DEPRECATED - DBDRIVER_LIBS = - - DLZ_DRIVER_DIR = ${top_srcdir}/contrib/dlz/drivers -Index: bin/named/main.c -=================================================================== ---- bin/named/main.c.orig 2013-12-20 01:28:28.000000000 +0100 -+++ bin/named/main.c 2014-01-23 18:45:19.059680008 +0100 -@@ -91,6 +91,7 @@ - * Include header files for database drivers here. - */ - /* #include "xxdb.h" */ -+#include - - #ifdef CONTRIB_DLZ - /* -@@ -1064,6 +1065,7 @@ - * Add calls to register sdb drivers here. - */ - /* xxdb_init(); */ -+ ldapdb_init(); - - #ifdef ISC_DLZ_DLOPEN - /* -@@ -1104,6 +1106,7 @@ - * Add calls to unregister sdb drivers here. - */ - /* xxdb_clear(); */ -+ ldapdb_clear(); - - #ifdef CONTRIB_DLZ - /* diff --git a/bind.changes b/bind.changes index 68228d1..5a26b34 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Fri Nov 8 12:50:00 UTC 2019 - Josef Möllers + +- Upgrade to version 9.14.7 + * removed dnsperf, idn, nslint, perftcpdns, query-loc-0.4.0, + queryperf, sdb, zkt from contrib as they are not supported + any more + * Added support for the GeoIP2 API from MaxMind + * See CHANGES file in the source RPM. + [bsc#1111722, bsc#1156205, CVE-2019-6476, CVE-2019-6475, + CVE-2019-6471, CVE-2018-5743, CVE-2019-6467, CVE-2019-6465, + CVE-2018-5745, CVE-2018-5744, CVE-2018-5740, CVE-2018-5738, + CVE-2018-5737, CVE-2018-5736, CVE-2017-3145, + configure.in.diff, bind-99-libidn.patch, perl-path.diff, + bind-sdb-ldap.patch, bind-CVE-2017-3145.patch, + bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch, + bind-fix-fips.patch] + ------------------------------------------------------------------- Fri Jul 12 08:43:29 UTC 2019 - matthias.gerstner@suse.com diff --git a/bind.spec b/bind.spec index fbb8dac..1c0382e 100644 --- a/bind.spec +++ b/bind.spec @@ -12,25 +12,25 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # Don't forget to update the package names also in baselibs.conf -%define bind9_sonum 160 +%define bind9_sonum 1302 %define libbind9 libbind9-%{bind9_sonum} -%define dns_sonum 169 +%define dns_sonum 1310 %define libdns libdns%{dns_sonum} -%define irs_sonum 160 +%define irs_sonum 1301 %define libirs libirs%{irs_sonum} -%define isc_sonum 166 +%define isc_sonum 1309 %define libisc libisc%{isc_sonum} -%define isccc_sonum 160 +%define isccc_sonum 1302 %define libisccc libisccc%{isccc_sonum} -%define isccfg_sonum 160 +%define isccfg_sonum 1302 %define libisccfg libisccfg%{isccfg_sonum} -%define lwres_sonum 160 -%define liblwres liblwres%{lwres_sonum} +%define libns_sonum 1307 + %define VENDOR SUSE # Defines for user and group add %define NAMED_UID 44 @@ -45,8 +45,10 @@ %define USERMOD_NAMED getent passwd %{NAMED_UID_NAME} >/dev/null || %{_sbindir}/usermod -s %{NAMED_SHELL} -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME} %if 0%{?suse_version} >= 1500 %define with_systemd 1 +%define with_geoip 0 %else %define with_systemd 0 +%define with_geoip 1 %endif %if 0%{?suse_version} < 1315 %define with_sfw2 1 @@ -59,7 +61,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.11.2 +Version: 9.14.7 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 @@ -68,27 +70,19 @@ Url: http://isc.org/sw/bind/ Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz Source1: vendor-files.tar.bz2 Source2: baselibs.conf -Source3: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz.asc +Source3: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz.sha512.asc # from http://www.isc.org/about/openpgp/ ... changes yearly apparently. Source4: %{name}.keyring Source9: ftp://ftp.internic.net/domain/named.root -# url http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt no longer exists... Source40: dnszone-schema.txt Source60: dlz-schema.txt # configuation files for systemd-tmpfiles Source70: bind.conf Source71: bind-chrootenv.conf -Patch0: configure.in.diff Patch1: Makefile.in.diff -Patch2: bind-99-libidn.patch -Patch4: perl-path.diff Patch51: pie_compile.diff Patch52: named-bootconf.diff -Patch53: bind-sdb-ldap.patch -Patch54: bind-CVE-2017-3145.patch -Patch55: bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch Patch56: bind-ldapdump-use-valid-host.patch -Patch57: bind-fix-fips.patch BuildRequires: libcap-devel BuildRequires: libmysqlclient-devel BuildRequires: libopenssl-devel @@ -99,10 +93,14 @@ BuildRequires: pkgconfig BuildRequires: python3 BuildRequires: python3-ply BuildRequires: update-desktop-files -BuildRequires: pkgconfig(geoip) BuildRequires: pkgconfig(json) BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(libidn) +%if %{with_geoip} +BuildRequires: pkgconfig(geoip) +%else +BuildRequires: pkgconfig(libmaxminddb) +%endif BuildRequires: pkgconfig(libxml-2.0) Requires: %{name}-chrootenv Requires: %{name}-utils @@ -110,8 +108,8 @@ Requires(post): %fillup_prereq Requires(post): bind-utils Requires(post): coreutils Requires(pre): shadow -Provides: bind8 -Provides: bind9 +Provides: bind8 = %{version} +Provides: bind9 = %{version} Provides: dns_daemon Obsoletes: bind8 < %{version} Obsoletes: bind9 < %{version} @@ -156,7 +154,7 @@ internal database function for both nominated and all zones. SDB allows a user-written driver to supply zone data either from alternate data sources (for instance, a relational database) or using specialized algorithms (for instance, for load-balancing). -[Book links for SDB: "Pro DNS and BIND 10", R. Aitchison, Apress] +[Book links for SDB: "Pro DNS and BIND 10", R. Aitchison, Apress] %package -n %{libirs} Summary: The BIND Information Retrieval System library @@ -208,28 +206,14 @@ Group: System/Libraries %description -n %{libisccfg} This BIND library contains the configuration file parser. -%package -n %{liblwres} -Summary: Lightweight Resolver API library -Group: System/Libraries - -%description -n %{liblwres} -The BIND 9 lightweight resolver library is a name service independent -stub resolver library. It provides hostname-to-address and -address-to-hostname lookup services to applications by transmitting -lookup requests to a resolver daemon, lwresd, running on the local -host. The resover daemon performs the lookup using the DNS or -possibly other name service protocols, and returns the results to the -application through the library. The library and resolver daemon -communicate using a UDP-based protocol. - %package chrootenv -Summary: Chroot environment for BIND named and lwresd +Summary: Chroot environment for BIND named Group: Productivity/Networking/DNS/Servers Requires(pre): shadow %description chrootenv This package contains all directories and files which are common to the -chroot environment of BIND named and lwresd. Most is part of the +chroot environment of BIND named. Most is part of the structure below %{_localstatedir}/lib/named. %package devel @@ -241,7 +225,6 @@ Requires: %{libirs} = %{version} Requires: %{libisccc} = %{version} Requires: %{libisccfg} = %{version} Requires: %{libisc} = %{version} -Requires: %{liblwres} = %{version} Provides: bind8-devel Provides: bind9-devel Obsoletes: bind8-devel < %{version} @@ -263,26 +246,6 @@ Documentation of the Berkeley Internet Name Domain (BIND) Domain Name System implementation of the Domain Name System (DNS) protocols. This includes also the BIND Administrator Reference Manual (ARM). -%package lwresd -Summary: Lightweight Resolver Daemon -Group: Productivity/Networking/DNS/Utilities -Requires: %{name}-chrootenv -Requires(pre): shadow -Requires(pre): sysvinit(network) -Requires(pre): sysvinit(syslog) -Provides: dns_daemon -%if !%{with_systemd} -Requires(post): %insserv_prereq -%endif - -%description lwresd -Bind-lwresd provides resolution services to local clients using a -combination of the lightweight resolver library liblwres and the -resolver daemon process lwresd running on the local host. These -communicate using a simple UDP-based protocol, the "lightweight -resolver protocol" that is distinct from and simpler than the full DNS -protocol. - %package utils Summary: Utilities to query and test DNS # Needed for dnssec parts @@ -311,17 +274,10 @@ This package provides a module which allows commands to be sent to rndc directly %prep %setup -q -a1 -%patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch4 -%patch51 -%patch52 -%patch53 -%patch54 -p1 -%patch55 -p1 +%patch51 -p1 +%patch52 -p1 %patch56 -p1 -%patch57 -p1 # use the year from source gzip header instead of current one to make reproducible rpms year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0}) @@ -338,16 +294,14 @@ function replaceStrings() -i "${file}" } pushd vendor-files -for file in docu/README tools/createNamedConfInclude config/{README,named.conf} init/{named,lwresd} system/{named.init,lwresd.init} sysconfig/{named-common,named-named,syslog-named}; do +for file in docu/README tools/createNamedConfInclude config/{README,named.conf} init/named system/named.init sysconfig/{named-common,named-named,syslog-named}; do replaceStrings ${file} done popd -cp contrib/sdb/ldap/ldapdb.c bin/named/ -cp contrib/sdb/ldap/ldapdb.h bin/named/include/ %build autoreconf -fvi -export CFLAGS="%{optflags}" +export CFLAGS="%{optflags} -DNO_VERSION_DATE" %configure \ --with-python=%{_bindir}/python3 \ --includedir=%{_includedir}/bind \ @@ -364,7 +318,12 @@ export CFLAGS="%{optflags}" --with-pic \ --disable-openssl-version-check \ --with-tuning=large \ +%if %{with_geoip} --with-geoip \ +%else + --without-geoip \ + --with-geoip2 \ +%endif --with-dlopen \ --with-gssapi=yes \ --disable-isc-spnego \ @@ -391,7 +350,7 @@ mkdir -p \ %{buildroot}/%{_datadir}/bind \ %{buildroot}/%{_datadir}/susehelp/meta/Administration/System \ %{buildroot}/%{_defaultdocdir}/bind \ - %{buildroot}%{_localstatedir}/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/{lwresd,named}}} \ + %{buildroot}%{_localstatedir}/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/named}} \ %{buildroot}%{_mandir}/{man1,man3,man5,man8} \ %{buildroot}%{_fillupdir} \ %{buildroot}/%{_rundir} \ @@ -410,12 +369,12 @@ rm -f %{buildroot}/%{_libdir}/lib*.{la,a} mv vendor-files/config/named.conf %{buildroot}/%{_sysconfdir} mv vendor-files/config/bind.reg %{buildroot}/%{_sysconfdir}/slp.reg.d mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d -for file in lwresd.conf named.conf.include; do +for file in named.conf.include; do touch %{buildroot}/%{_sysconfdir}/${file} done %if %{with_systemd} - for file in lwresd named; do + for file in named; do install -D -m 0644 vendor-files/system/${file}.service %{buildroot}%{_unitdir}/${file}.service install -m 0755 vendor-files/system/${file}.init %{buildroot}/usr/sbin/${file}.init ln -s /sbin/service %{buildroot}%{_sbindir}/rc${file} @@ -426,7 +385,7 @@ done install -m 0644 vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named install -m 0644 bind.keys %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/named.root.key %else - for file in lwresd named; do + for file in named; do install -m 0754 vendor-files/init/${file} %{buildroot}%{_initddir}/${file} ln -sf %{_initddir}/${file} %{buildroot}%{_sbindir}/rc${file} done @@ -444,7 +403,6 @@ touch %{buildroot}%{_localstatedir}/lib/named%{_sysconfdir}/{localtime,named.con touch %{buildroot}%{_localstatedir}/lib/named/dev/log ln -s ../.. %{buildroot}%{_localstatedir}/lib/named%{_localstatedir}/lib/named ln -s ../log %{buildroot}%{_localstatedir}/lib/named%{_localstatedir} -ln -s ..%{_localstatedir}/lib/named%{_localstatedir}/run/lwresd %{buildroot}/run ln -s ..%{_localstatedir}/lib/named%{_localstatedir}/run/named %{buildroot}/run for file in named-common named-named syslog-named; do install -m 0644 vendor-files/sysconfig/${file} %{buildroot}%{_fillupdir}/sysconfig.${file} @@ -457,10 +415,9 @@ rm doc/misc/Makefile* find doc/arm -type f ! -name '*.html' -print0 | xargs -0 rm -f # Create doc as we want it in bind and not bind-doc cp -a vendor-files/docu/README %{buildroot}/%{_defaultdocdir}/bind/README.%{VENDOR} -cp -a vendor-files/docu/dnszonehowto.html contrib/sdb/ldap/ mkdir -p vendor-files/config/ISC-examples cp -a bin/tests/*.conf* vendor-files/config/ISC-examples -for file in CHANGES COPYRIGHT README version contrib doc/{arm,misc} vendor-files/config contrib/sdb/ldap/INSTALL.ldap; do +for file in CHANGES COPYRIGHT README version contrib doc/{arm,misc} vendor-files/config; do basename=$( basename ${file}) cp -a ${file} %{buildroot}/%{_defaultdocdir}/bind/${basename} echo "%doc %{_defaultdocdir}/bind/${basename}" >>filelist-bind-doc @@ -520,8 +477,6 @@ fi %postun -n %{libisccc} -p /sbin/ldconfig %post -n %{libisccfg} -p /sbin/ldconfig %postun -n %{libisccfg} -p /sbin/ldconfig -%post -n %{liblwres} -p /sbin/ldconfig -%postun -n %{liblwres} -p /sbin/ldconfig %pre chrootenv %{GROUPADD_NAMED} %{USERADD_NAMED} @@ -533,49 +488,13 @@ fi %tmpfiles_create bind-chrootenv.conf %endif -%pre lwresd -%{GROUPADD_NAMED} -%{USERADD_NAMED} -%if %{with_systemd} -%service_add_pre lwresd.service -%endif - -%post lwresd -# delete an emtpy lwresd.conf file -if [ ! -s etc/lwresd.conf ]; then - rm -f etc/lwresd.conf -fi -%if %{with_systemd} -%service_add_post lwresd.service -%else -if [ $1 -le 1 ]; then - %{fillup_and_insserv -fy lwresd} -fi -%endif - -%preun lwresd -%stop_on_removal lwresd -%if %{with_systemd} -%service_del_preun lwresd.service -%else -%stop_on_removal lwresd -%endif - -%postun lwresd -%if %{with_systemd} -%service_del_postun lwresd.service -%else -%restart_on_update lwresd -%insserv_cleanup -%endif - %post utils %files %license LICENSE %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/named.conf %dir %{_sysconfdir}/slp.reg.d -%attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/bind.reg +%attr(0644,root,root) %config /%{_sysconfdir}/slp.reg.d/bind.reg %attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include %if %{with_systemd} %config %{_unitdir}/named.service @@ -595,6 +514,8 @@ fi %{_sbindir}/named-checkconf %{_sbindir}/named-checkzone %{_sbindir}/named-compilezone +%dir %{_libdir}/named +%{_libdir}/named/filter-aaaa.so %{_mandir}/man1/bind9-config.1%{ext_man} %{_mandir}/man1/named-rrchecker.1%{ext_man} %{_mandir}/man5/named.conf.5%{ext_man} @@ -602,6 +523,7 @@ fi %{_mandir}/man8/named-checkzone.8%{ext_man} %{_mandir}/man8/named.8%{ext_man} %{_mandir}/man8/named-compilezone.8%{ext_man} +%{_mandir}/man8/filter-aaaa.8%{ext_man} %dir %{_datadir}/bind %{_datadir}/bind/createNamedConfInclude %{_datadir}/bind/ldapdump @@ -630,6 +552,7 @@ fi %files -n %{libisc} %{_libdir}/libisc.so.%{isc_sonum}* +%{_libdir}/libns.so.%{libns_sonum}* %files -n %{libisccc} %{_libdir}/libisccc.so.%{isccc_sonum}* @@ -637,9 +560,6 @@ fi %files -n %{libisccfg} %{_libdir}/libisccfg.so.%{isccfg_sonum}* -%files -n %{liblwres} -%{_libdir}/liblwres.so.%{lwres_sonum}* - %files chrootenv %if %{with_systemd} %{_prefix}/lib/tmpfiles.d/bind-chrootenv.conf @@ -672,28 +592,13 @@ fi %{_libdir}/libbind9.so %{_libdir}/libdns.so %{_libdir}/libisc*.so -%{_libdir}/liblwres.so +%{_libdir}/libns.so %{_includedir}/bind -%{_mandir}/man3/lwres*.3* %files doc -f filelist-bind-doc %dir %doc %{_defaultdocdir}/bind %doc %{_datadir}/susehelp -%files lwresd -%ghost %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/lwresd.conf -%if %{with_systemd} -%config %{_unitdir}/lwresd.service -%{_sbindir}/lwresd.init -%else -%config %{_initddir}/lwresd -%endif -%{_sbindir}/rclwresd -%{_sbindir}/lwresd -%{_mandir}/man8/lwresd.8%{ext_man} -%ghost %{_rundir}/lwresd -%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/lwresd - %files utils %dir %{_sysconfdir}/named.d %config(noreplace) %{_sysconfdir}/named.d/rndc-access.conf @@ -722,8 +627,9 @@ fi %{_sbindir}/dnssec-checkds %{_sbindir}/dnssec-coverage %{_sbindir}/dnssec-keymgr -%{_sbindir}/genrandom -%{_sbindir}/isc-hmac-fixup +%{_sbindir}/dnssec-cds +# %%{_sbindir}/genrandom +# %%{_sbindir}/isc-hmac-fixup %{_sbindir}/named-journalprint %{_sbindir}/nsec3hash %{_sbindir}/rndc @@ -752,8 +658,9 @@ fi %{_mandir}/man8/dnssec-checkds.8%{ext_man} %{_mandir}/man8/dnssec-coverage.8%{ext_man} %{_mandir}/man8/dnssec-keymgr.8%{ext_man} -%{_mandir}/man8/genrandom.8%{ext_man} -%{_mandir}/man8/isc-hmac-fixup.8%{ext_man} +%{_mandir}/man8/dnssec-cds.8%{ext_man} +# %%{_mandir}/man8/genrandom.8%%{ext_man} +# %%{_mandir}/man8/isc-hmac-fixup.8%%{ext_man} %{_mandir}/man8/named-journalprint.8%{ext_man} %{_mandir}/man8/nsec3hash.8%{ext_man} %{_mandir}/man8/rndc.8%{ext_man} diff --git a/bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch b/bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch deleted file mode 100644 index 965263e..0000000 --- a/bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 4985b5001d4f2f64bbee7e9d6ee32058caf67252 Mon Sep 17 00:00:00 2001 -From: Mark Andrews -Date: Fri, 1 Sep 2017 11:17:59 +1000 -Subject: [PATCH] 4697. [bug] Restore workaround for Microsoft - Windows TSIG hash computation bug. [RT #45854] - -(cherry picked from commit a8a20462b516b0cc39e9b1fb1a8dd514eb1aed29) -(cherry picked from commit b301c4293c082fcce4ec26218e6fad346976eb9e) ---- - CHANGES | 3 +++ - lib/dns/rdataset.c | 3 +++ - 2 files changed, 6 insertions(+) - -diff --git a/CHANGES b/CHANGES -index 5aa505345c..13b60473b5 100644 ---- a/CHANGES -+++ b/CHANGES -@@ -1,3 +1,6 @@ -+4697. [bug] Restore workaround for Microsoft Windows TSIG hash -+ computation bug. [RT #45854] -+ - --- 9.11.2-P1 released --- - - 4858. [security] Addresses could be referenced after being freed -diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c -index a8e75d6caf..7eb394c8c4 100644 ---- a/lib/dns/rdataset.c -+++ b/lib/dns/rdataset.c -@@ -467,6 +467,9 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, - dns_name_copy(owner_name, name, NULL); - dns_rdataset_getownercase(rdataset, name); - -+ if ((owner_name->attributes & DNS_NAMEATTR_NOCOMPRESS) != 0) -+ name->attributes |= DNS_NAMEATTR_NOCOMPRESS; -+ - do { - /* - * Copy out the name, type, class, ttl. --- -2.16.3 - diff --git a/configure.in.diff b/configure.in.diff deleted file mode 100644 index 3d17a5f..0000000 --- a/configure.in.diff +++ /dev/null @@ -1,13 +0,0 @@ -Index: bind-9.9.4-P2/configure.in -=================================================================== ---- bind-9.9.4-P2.orig/configure.in 2013-12-20 01:28:28.000000000 +0100 -+++ bind-9.9.4-P2/configure.in 2014-01-21 17:55:51.063395215 +0100 -@@ -3914,7 +3914,7 @@ AC_SUBST(DOXYGEN) - # empty). The variable VARIABLE will be substituted into output files. - # - --AC_DEFUN(NOM_PATH_FILE, [ -+AC_DEFUN([NOM_PATH_FILE], [ - $1="" - AC_MSG_CHECKING(for $2) - for d in $3 diff --git a/named-bootconf.diff b/named-bootconf.diff index 45d6a76..0653528 100644 --- a/named-bootconf.diff +++ b/named-bootconf.diff @@ -1,18 +1,18 @@ -Index: contrib/scripts/named-bootconf.sh +Index: bind-9.14.7/contrib/scripts/named-bootconf.sh =================================================================== ---- contrib/scripts/named-bootconf.sh.orig 2017-08-15 13:08:41.636256254 +0200 -+++ contrib/scripts/named-bootconf.sh 2017-08-15 13:08:42.516270950 +0200 -@@ -38,7 +38,8 @@ +--- bind-9.14.7.orig/contrib/scripts/named-bootconf.sh ++++ bind-9.14.7/contrib/scripts/named-bootconf.sh +@@ -39,7 +39,8 @@ # POSSIBILITY OF SUCH DAMAGE. if [ ${OPTIONFILE-X} = X ]; then - WORKDIR=/tmp/`date +%s`.$$ -+ TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1 -+ WORKDIR=$TMPDIR/`date +%s`.$$ ++ TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1 ++ WORKDIR=$TMPDIR/`date +%s`.$$ ( umask 077 ; mkdir $WORKDIR ) || { echo "unable to create work directory '$WORKDIR'" >&2 exit 1 -@@ -292,7 +293,7 @@ if [ $DUMP -eq 1 ]; then +@@ -293,7 +294,7 @@ if [ $DUMP -eq 1 ]; then cat $ZONEFILE $COMMENTFILE rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE diff --git a/perl-path.diff b/perl-path.diff deleted file mode 100644 index e273760..0000000 --- a/perl-path.diff +++ /dev/null @@ -1,30 +0,0 @@ -Index: bin/tests/t_api.pl -=================================================================== ---- bin/tests/t_api.pl.orig 2017-07-24 07:36:50.000000000 +0200 -+++ bin/tests/t_api.pl 2017-08-15 10:29:56.969817140 +0200 -@@ -1,4 +1,4 @@ --#!/usr/local/bin/perl -+#!/usr/bin/perl - # - # Copyright (C) 1999-2001, 2004, 2007, 2012, 2016 Internet Systems Consortium, Inc. ("ISC") - # -Index: contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl -=================================================================== ---- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl.orig 2017-07-24 07:36:50.000000000 +0200 -+++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl 2017-08-15 10:29:56.969817140 +0200 -@@ -1,4 +1,4 @@ --#! /usr/local/bin/perl -w -+#! /usr/bin/perl -w - # $Id: generate_nameprep_data.pl,v 1.1 2003/06/04 00:27:54 marka Exp $ - # - # Copyright (c) 2001 Japan Network Information Center. All rights reserved. -Index: contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl -=================================================================== ---- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl.orig 2017-07-24 07:36:50.000000000 +0200 -+++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl 2017-08-15 10:29:56.969817140 +0200 -@@ -1,4 +1,4 @@ --#! /usr/local/bin/perl -w -+#! /usr/bin/perl -w - # $Id: generate_normalize_data.pl,v 1.1 2003/06/04 00:27:55 marka Exp $ - # - # Copyright (c) 2000,2001 Japan Network Information Center. diff --git a/pie_compile.diff b/pie_compile.diff index a65ae7b..3e9f791 100644 --- a/pie_compile.diff +++ b/pie_compile.diff @@ -1,8 +1,21 @@ -Index: bin/check/Makefile.in +Index: bind-9.14.7/bin/Makefile.in =================================================================== ---- bin/check/Makefile.in.orig -+++ bin/check/Makefile.in -@@ -48,8 +48,12 @@ HTMLPAGES = named-checkconf.html named-c +--- bind-9.14.7.orig/bin/Makefile.in ++++ bind-9.14.7/bin/Makefile.in +@@ -15,4 +15,8 @@ SUBDIRS = named rndc dig delv dnssec too + @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests + TARGETS = + ++EXT_CFLAGS = -fPIE -static ++ + @BIND9_MAKE_RULES@ ++ ++LDFLAGS += -pie +Index: bind-9.14.7/bin/check/Makefile.in +=================================================================== +--- bind-9.14.7.orig/bin/check/Makefile.in ++++ bind-9.14.7/bin/check/Makefile.in +@@ -51,8 +51,12 @@ HTMLPAGES = named-checkconf.html named-c MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -15,11 +28,11 @@ Index: bin/check/Makefile.in named-checkconf.@O@: named-checkconf.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ -Index: bin/confgen/Makefile.in +Index: bind-9.14.7/bin/confgen/Makefile.in =================================================================== ---- bin/confgen/Makefile.in.orig -+++ bin/confgen/Makefile.in -@@ -56,8 +56,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +--- bind-9.14.7.orig/bin/confgen/Makefile.in ++++ bind-9.14.7/bin/confgen/Makefile.in +@@ -61,8 +61,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} UOBJS = unix/os.@O@ @@ -32,11 +45,11 @@ Index: bin/confgen/Makefile.in rndc-confgen.@O@: rndc-confgen.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \ -Index: bin/confgen/unix/Makefile.in +Index: bind-9.14.7/bin/confgen/unix/Makefile.in =================================================================== ---- bin/confgen/unix/Makefile.in.orig -+++ bin/confgen/unix/Makefile.in -@@ -24,4 +24,8 @@ SRCS = os.c +--- bind-9.14.7.orig/bin/confgen/unix/Makefile.in ++++ bind-9.14.7/bin/confgen/unix/Makefile.in +@@ -25,4 +25,8 @@ SRCS = os.c TARGETS = ${OBJS} @@ -45,28 +58,30 @@ Index: bin/confgen/unix/Makefile.in @BIND9_MAKE_RULES@ + +LDFLAGS += -pie -Index: bin/dig/Makefile.in +Index: bind-9.14.7/bin/dig/Makefile.in =================================================================== ---- bin/dig/Makefile.in.orig -+++ bin/dig/Makefile.in -@@ -61,8 +61,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +--- bind-9.14.7.orig/bin/dig/Makefile.in ++++ bind-9.14.7/bin/dig/Makefile.in +@@ -62,10 +62,14 @@ HTMLPAGES = dig.html host.html nslookup. - EXT_CFLAGS = -DWITH_LIBIDN + MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE -static + @BIND9_MAKE_RULES@ + LDFLAGS = @LDFLAGS@ @LIBIDN2_LDFLAGS@ + +LDFLAGS += -pie + dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS} export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \ - export LIBS0="${DNSLIBS}"; \ -Index: bin/dnssec/Makefile.in + export LIBS0="${DNSLIBS} ${IRSLIBS}"; \ +Index: bind-9.14.7/bin/dnssec/Makefile.in =================================================================== ---- bin/dnssec/Makefile.in.orig -+++ bin/dnssec/Makefile.in -@@ -56,8 +56,12 @@ HTMLPAGES = dnssec-dsfromkey.html dnssec +--- bind-9.14.7.orig/bin/dnssec/Makefile.in ++++ bind-9.14.7/bin/dnssec/Makefile.in +@@ -59,8 +59,12 @@ HTMLPAGES = dnssec-cds.html dnssec-dsfro MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -76,27 +91,14 @@ Index: bin/dnssec/Makefile.in +LDFLAGS += -pie + - dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS} - export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \ + dnssec-cds@EXEEXT@: dnssec-cds.@O@ ${OBJS} ${DEPLIBS} + export BASEOBJS="dnssec-cds.@O@ ${OBJS}"; \ ${FINALBUILDCMD} -Index: bin/Makefile.in +Index: bind-9.14.7/bin/named/Makefile.in =================================================================== ---- bin/Makefile.in.orig -+++ bin/Makefile.in -@@ -14,4 +14,8 @@ SUBDIRS = named rndc dig delv dnssec too - check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ - TARGETS = - -+EXT_CFLAGS = -fPIE -static -+ - @BIND9_MAKE_RULES@ -+ -+LDFLAGS += -pie -Index: bin/named/Makefile.in -=================================================================== ---- bin/named/Makefile.in.orig -+++ bin/named/Makefile.in -@@ -108,8 +108,12 @@ HTMLPAGES = named.html lwresd.html named +--- bind-9.14.7.orig/bin/named/Makefile.in ++++ bind-9.14.7/bin/named/Makefile.in +@@ -117,8 +117,12 @@ HTMLPAGES = named.html named.conf.html MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -109,22 +111,24 @@ Index: bin/named/Makefile.in main.@O@: main.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ -Index: bin/named/unix/Makefile.in +Index: bind-9.14.7/bin/named/unix/Makefile.in =================================================================== ---- bin/named/unix/Makefile.in.orig -+++ bin/named/unix/Makefile.in -@@ -25,4 +25,6 @@ SRCS = os.c dlz_dlopen_driver.c +--- bind-9.14.7.orig/bin/named/unix/Makefile.in ++++ bind-9.14.7/bin/named/unix/Makefile.in +@@ -26,4 +26,8 @@ SRCS = os.c dlz_dlopen_driver.c TARGETS = ${OBJS} +EXT_CFLAGS = -fPIE -static + @BIND9_MAKE_RULES@ -Index: bin/nsupdate/Makefile.in ++ ++LDFLAGS += -pie +Index: bind-9.14.7/bin/nsupdate/Makefile.in =================================================================== ---- bin/nsupdate/Makefile.in.orig -+++ bin/nsupdate/Makefile.in -@@ -60,8 +60,12 @@ HTMLPAGES = nsupdate.html +--- bind-9.14.7.orig/bin/nsupdate/Makefile.in ++++ bind-9.14.7/bin/nsupdate/Makefile.in +@@ -64,8 +64,12 @@ HTMLPAGES = nsupdate.html MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -137,11 +141,11 @@ Index: bin/nsupdate/Makefile.in nsupdate.@O@: nsupdate.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DSESSION_KEYFILE=\"${localstatedir}/run/named/session.key\" \ -Index: bin/rndc/Makefile.in +Index: bind-9.14.7/bin/rndc/Makefile.in =================================================================== ---- bin/rndc/Makefile.in.orig -+++ bin/rndc/Makefile.in -@@ -50,8 +50,12 @@ HTMLPAGES = rndc.html rndc.conf.html +--- bind-9.14.7.orig/bin/rndc/Makefile.in ++++ bind-9.14.7/bin/rndc/Makefile.in +@@ -51,8 +51,12 @@ HTMLPAGES = rndc.html rndc.conf.html MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -154,11 +158,11 @@ Index: bin/rndc/Makefile.in rndc.@O@: rndc.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ -Index: bin/tools/Makefile.in +Index: bind-9.14.7/bin/tools/Makefile.in =================================================================== ---- bin/tools/Makefile.in.orig -+++ bin/tools/Makefile.in -@@ -60,8 +60,12 @@ HTMLPAGES = arpaname.html dnstap-read.ht +--- bind-9.14.7.orig/bin/tools/Makefile.in ++++ bind-9.14.7/bin/tools/Makefile.in +@@ -61,8 +61,12 @@ HTMLPAGES = arpaname.html dnstap-read.ht MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -171,36 +175,3 @@ Index: bin/tools/Makefile.in arpaname@EXEEXT@: arpaname.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ -o $@ arpaname.@O@ ${ISCLIBS} ${LIBS} -Index: contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in -=================================================================== ---- contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in.orig -+++ contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in -@@ -68,8 +68,8 @@ IDNLIB = ../../lib/libidnkit.la - INCS = -I$(srcdir) -I$(srcdir)/../../include -I../../include $(ICONVINC) - DEFS = - --CFLAGS = $(INCS) $(DEFS) @CPPFLAGS@ @CFLAGS@ --LDFLAGS = @LDFLAGS@ -+CFLAGS = $(INCS) $(DEFS) @CPPFLAGS@ @CFLAGS@ -fPIE -+LDFLAGS = @LDFLAGS@ -pie - - SRCS = idnconv.c util.c selectiveencode.c - OBJS = idnconv.o util.o selectiveencode.o -Index: contrib/zkt-1.1.3/Makefile.in -=================================================================== ---- contrib/zkt-1.1.3/Makefile.in.orig -+++ contrib/zkt-1.1.3/Makefile.in -@@ -13,11 +13,11 @@ PROFILE = # -pg - OPTIM = # -O3 -DNDEBUG - - #CFLAGS ?= @CFLAGS@ @DEFS@ -I@top_srcdir@ --CFLAGS += -g @DEFS@ -I@top_srcdir@ -+CFLAGS += -g @DEFS@ -I@top_srcdir@ -fPIE - CFLAGS += -Wall #-DDBG - CFLAGS += -Wmissing-prototypes - CFLAGS += $(PROFILE) $(OPTIM) --LDFLAGS += $(PROFILE) -+LDFLAGS += $(PROFILE) -fPIE -pie - LIBS = @LIBS@ - - PROJECT = @PACKAGE_TARNAME@