From 6b1a93e719f883cd5afca73be68c45d39f13763027ac66cd39cf8cde84b680a9 Mon Sep 17 00:00:00 2001
From: Uwe Gansert <ug@suse.com>
Date: Mon, 4 Jun 2012 15:26:08 +0000
Subject: [PATCH 1/3] VUL-0: bind remote DoS via zero length rdata field

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=89
---
 bind-9.9.1-P1.tar.gz |  3 +++
 bind-9.9.1.tar.gz    |  3 ---
 bind.changes         | 10 ++++++++++
 bind.spec            |  4 ++--
 4 files changed, 15 insertions(+), 5 deletions(-)
 create mode 100644 bind-9.9.1-P1.tar.gz
 delete mode 100644 bind-9.9.1.tar.gz

diff --git a/bind-9.9.1-P1.tar.gz b/bind-9.9.1-P1.tar.gz
new file mode 100644
index 0000000..8f46d44
--- /dev/null
+++ b/bind-9.9.1-P1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2dc5886b3eb6768d312b43dbe1e23a5b67b4f4dcfa1a65b1017e7710bb764627
+size 7223197
diff --git a/bind-9.9.1.tar.gz b/bind-9.9.1.tar.gz
deleted file mode 100644
index 8b10858..0000000
--- a/bind-9.9.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7599ae5a7d945707926019a6b191d06775e9657c68ced00e09af5bc751dad524
-size 7092357
diff --git a/bind.changes b/bind.changes
index 2ab516b..15bd5e1 100644
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Jun  4 17:25:27 CEST 2012 - ug@suse.de
+
+- VUL-0: bind remote DoS via zero length rdata field
+  CVE-2012-1667
+  bnc#765315
+- fixed some smaller bugs that could make bind crash
+  (see CHANGES file for more details)
+- 9.9.1-P1
+
 -------------------------------------------------------------------
 Tue May 22 10:04:42 CEST 2012 - ug@suse.de
 
diff --git a/bind.spec b/bind.spec
index c6e0399..447ca3e 100644
--- a/bind.spec
+++ b/bind.spec
@@ -19,7 +19,7 @@
 
 Name:           bind
 %define pkg_name bind
-%define pkg_vers 9.9.1
+%define pkg_vers 9.9.1-P1
 BuildRequires:  krb5-devel
 BuildRequires:  libcap
 BuildRequires:  libcap-devel
@@ -33,7 +33,7 @@ BuildRequires:  update-desktop-files
 Summary:        Domain Name System (DNS) Server (named)
 License:        BSD-3-Clause ; MIT
 Group:          Productivity/Networking/DNS/Servers
-Version:        9.9.1
+Version:        9.9.1P1
 Release:        0
 Provides:       dns_daemon bind8 bind9
 Obsoletes:      bind8 bind9

From 878d773563b96b359c3f74bca82c674b5e5a139ce8c60ddce057ff09c04fb723 Mon Sep 17 00:00:00 2001
From: Uwe Gansert <ug@suse.com>
Date: Mon, 4 Jun 2012 15:26:56 +0000
Subject: [PATCH 2/3] changes file was broken

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=90
---
 bind.changes | 2 --
 1 file changed, 2 deletions(-)

diff --git a/bind.changes b/bind.changes
index 15bd5e1..2b8b0c1 100644
--- a/bind.changes
+++ b/bind.changes
@@ -4,8 +4,6 @@ Mon Jun  4 17:25:27 CEST 2012 - ug@suse.de
 - VUL-0: bind remote DoS via zero length rdata field
   CVE-2012-1667
   bnc#765315
-- fixed some smaller bugs that could make bind crash
-  (see CHANGES file for more details)
 - 9.9.1-P1
 
 -------------------------------------------------------------------

From d65e10ef0faf99d9126f8e50a8378455869d2cb86d6cbbde3d9d1fb55263d5cd Mon Sep 17 00:00:00 2001
From: Uwe Gansert <ug@suse.com>
Date: Tue, 5 Jun 2012 14:30:53 +0000
Subject: [PATCH 3/3] updates ldap schema

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=91
---
 bind.changes       |   5 +++
 dnszone-schema.txt | 107 +++++++++++++++++++++++++++++++++++++--------
 2 files changed, 94 insertions(+), 18 deletions(-)

diff --git a/bind.changes b/bind.changes
index 2b8b0c1..754ed59 100644
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Jun  5 16:30:32 CEST 2012 - ug@suse.de
+
+- updated dnszone-schema.txt
+
 -------------------------------------------------------------------
 Mon Jun  4 17:25:27 CEST 2012 - ug@suse.de
 
diff --git a/dnszone-schema.txt b/dnszone-schema.txt
index bd969ab..cf0751d 100644
--- a/dnszone-schema.txt
+++ b/dnszone-schema.txt
@@ -1,8 +1,12 @@
 # A schema for storing DNS zones in LDAP
 #
+# ORDERING is not necessary, and some servers don't support
+# integerOrderingMatch. Omit or change if you like
+
 attributetype ( 1.3.6.1.4.1.2428.20.0.0  NAME 'dNSTTL'
 	DESC 'An integer denoting time to live'
 	EQUALITY integerMatch
+	ORDERING integerOrderingMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
 
 attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
@@ -10,14 +14,8 @@ attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
 	EQUALITY caseIgnoreIA5Match
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
-attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName'
-	DESC 'The name of a zone, i.e. the name of the highest node in the zone'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName'
-	DESC 'The starting labels of a domain name'
+attributetype ( 1.3.6.1.4.1.2428.20.1.11 NAME 'wKSRecord'
+	DESC 'a well known service description, RFC 1035'
 	EQUALITY caseIgnoreIA5Match
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
@@ -46,6 +44,18 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord'
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
+attributetype ( 1.3.6.1.4.1.2428.20.1.17 NAME 'rPRecord'
+	DESC 'for Responsible Person, RFC 1183'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord'
+	DESC 'for AFS Data Base location, RFC 1183'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
 attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord'
 	DESC 'Signature, RFC 2535'
 	EQUALITY caseIgnoreIA5Match
@@ -58,6 +68,12 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord'
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
+attributetype ( 1.3.6.1.4.1.2428.20.1.27 NAME 'gPosRecord'
+	DESC 'Geographical Position, RFC 1712'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
 attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord'
 	DESC 'IPv6 address, RFC 1886'
 	EQUALITY caseIgnoreIA5Match
@@ -112,13 +128,68 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord'
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
-objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
-        SUP top STRUCTURAL
-	MUST ( zoneName $ relativeDomainName )
-        MAY ( DNSTTL $ DNSClass $
-              ARecord $ MDRecord $ MXRecord $ NSRecord $
-	      SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
-              MINFORecord $ TXTRecord $ SIGRecord $ KEYRecord $
-              AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $
-              NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $
-              DNAMERecord ) )
+attributetype ( 1.3.6.1.4.1.2428.20.1.42 NAME 'aPLRecord'
+	DESC 'Lists of Address Prefixes, RFC 3123'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord'
+	DESC 'Delegation Signer, RFC 3658'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord'
+	DESC 'SSH Key Fingerprint, RFC 4255'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.45 NAME 'iPSecKeyRecord'
+	DESC 'SSH Key Fingerprint, RFC 4025'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord'
+	DESC 'RRSIG, RFC 3755'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord'
+	DESC 'NSEC, RFC 3755'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.48 NAME 'dNSKeyRecord'
+	DESC 'DNSKEY, RFC 3755'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.49 NAME 'dHCIDRecord'
+	DESC 'DHCID, RFC 4701'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.99 NAME 'sPFRecord'
+	DESC 'Sender Policy Framework, RFC 4408'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.2428.20.2 NAME 'dNSDomain2'
+	SUP 'dNSDomain' STRUCTURAL
+	MAY ( DNSTTL $ DNSClass $ WKSRecord $ PTRRecord $
+		HINFORecord $ MINFORecord $ TXTRecord $ RPRecord $
+		AFSDBRecord $ SIGRecord $ KEYRecord $ GPOSRecord $
+		AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $
+		NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $
+		DNAMERecord $ APLRecord $ DSRecord $ SSHFPRecord $
+		IPSECKEYRecord $ RRSIGRecord $ NSECRecord $
+		DNSKEYRecord $ DHCIDRecord $ SPFRecord
+	) )