diff --git a/bind.changes b/bind.changes index eabd913..23f748e 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Sun Dec 7 16:54:03 UTC 2014 - jengelh@inai.de + +- Convert some hard PreReq to leaner Requires(pre). +- Typograhical and orthographic fixes to description texts. + +------------------------------------------------------------------- +Fri Dec 05 19:35:00 UTC 2014 - Led + +- Fix bashisms in the createNamedConfInclude script. +- Post scripts: remove '-e' option of 'echo' that may be unsupported + in some POSIX-compliant shells. + +------------------------------------------------------------------- +Fri Dec 5 14:54:53 UTC 2014 - lmuelle@suse.com + +- Add openssl engines to the lwresd chroot. +- Add /etc/lwresd.conf with attribute ghost to the list of files. +- Add /run/lwresd to the list of files of the lwresd package. +- Shift /run/named from the chroot sub to the main bind package. +- Drop /proc from the chroot as multi CPU systems work fine even without it. + ------------------------------------------------------------------- Thu Dec 4 18:36:41 UTC 2014 - lmuelle@suse.com @@ -23,7 +45,7 @@ Sat Nov 29 19:35:53 UTC 2014 - lmuelle@suse.com - Update to version 9.10.1 - This release addresses the security flaws described in CVE-2014-3214 and - CVE-2014-3859. + CVE-2014-3859. - Update to version 9.10.0 - DNS Response-rate limiting (DNS RRL), which blunts the impact of reflection and amplification attacks, is always compiled in and no longer @@ -180,7 +202,7 @@ Sat Nov 29 19:35:53 UTC 2014 - lmuelle@suse.com that could cause named to fail to start when configured to use more sockets than the system could accomodate. [RT #35878] - Remove merged rpz2+rl-9.9.5.patch and obsoleted rpz2+rl-9.9.5.patch -- Removed pid-path.diff +- Removed pid-path.diff patch as /run/{named,lwresd}/ are used by default. - Update baselibs.conf (added libirs and library interface version updates). ------------------------------------------------------------------- diff --git a/bind.spec b/bind.spec index 5a64195..ecbd919 100644 --- a/bind.spec +++ b/bind.spec @@ -61,7 +61,8 @@ Obsoletes: bind8 < %version Obsoletes: bind9 < %version Requires: %{name}-chrootenv Requires: %{name}-utils -PreReq: %fillup_prereq %insserv_prereq bind-utils /bin/grep /bin/sed /bin/mkdir /usr/bin/tee /bin/chmod /bin/chown /bin/mv /bin/cat /usr/bin/dirname /usr/bin/diff /usr/bin/old /usr/sbin/groupadd /usr/sbin/useradd /usr/sbin/usermod +PreReq: %fillup_prereq %insserv_prereq bind-utils /bin/grep /bin/sed /bin/mkdir /usr/bin/tee /bin/chmod /bin/chown /bin/mv /bin/cat /usr/bin/dirname /usr/bin/diff /usr/bin/old +Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd /usr/sbin/usermod Url: http://isc.org/sw/bind/ Source60: dlz-schema.txt @@ -210,7 +211,7 @@ libirs provides an interface to parse the traditional resolv.conf file and an "advanced" configuration file related to the DNS library for configuration parameters that would be beyond the capability of the resolv.conf file. Specifically, it is intended to provide DNSSEC related configuration -parameters. By default the path to this configuration file is /etc/dns.conf. +parameters. By default, the path to this configuration file is /etc/dns.conf. %package -n libirs-devel Summary: Development files for IRS @@ -226,7 +227,7 @@ parameters that would be beyond the capability of the resolv.conf file. This subpackage contains the header files needed for building programs with it. %package -n libisc142 -Summary: ISC shared library uesd by BIND +Summary: ISC shared library used by BIND Group: System/Libraries Version: %rpm_vers Release: 0 @@ -283,7 +284,7 @@ Summary: Chroot environment for BIND named and lwresd Group: Productivity/Networking/DNS/Servers Version: %rpm_vers Release: 0 -PreReq: /usr/sbin/groupadd /usr/sbin/useradd +Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd %description chrootenv This package contains all directories and files which are common to the @@ -334,7 +335,7 @@ Version: %rpm_vers Release: 0 Requires: %{name}-chrootenv Provides: dns_daemon -PreReq: /usr/sbin/groupadd /usr/sbin/useradd +Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd %if %suse_version > 1131 PreReq: sysvinit(network) sysvinit(syslog) %endif @@ -387,8 +388,8 @@ function replaceStrings() sed -e "s@__NSD__@/lib@g" \ -e "s@__BIND_PACKAGE_NAME__@%{pkg_name}@g" \ -e "s@__VENDOR__@%{VENDOR}@g" \ - "${file}" >"${file}.new" && \ - mv "${file}.new" "${file}" + -e "s@___lib__@%{_lib}@g" \ + -i "${file}" } pushd vendor-files for file in docu/README tools/createNamedConfInclude config/{README,named.conf} init/{named,lwresd} sysconfig/{named-common,named-named,syslog-named}; do @@ -484,7 +485,7 @@ mkdir -p \ ${RPM_BUILD_ROOT}/%{_datadir}/bind \ ${RPM_BUILD_ROOT}/%{_datadir}/susehelp/meta/Administration/System \ ${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind \ - ${RPM_BUILD_ROOT}/var/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/named}} \ + ${RPM_BUILD_ROOT}/var/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/{lwresd,named}}} \ ${RPM_BUILD_ROOT}%{_mandir}/{man1,man3,man5,man8} \ ${RPM_BUILD_ROOT}/var/adm/fillup-templates \ ${RPM_BUILD_ROOT}/%{_rundir} \ @@ -521,8 +522,10 @@ touch ${RPM_BUILD_ROOT}/var/lib/named/dev/log ln -s ../.. ${RPM_BUILD_ROOT}/var/lib/named/var/lib/named ln -s ../log ${RPM_BUILD_ROOT}/var/lib/named/var %if "%_rundir" == "/run" +ln -s ../var/lib/named/var/run/lwresd ${RPM_BUILD_ROOT}/run ln -s ../var/lib/named/var/run/named ${RPM_BUILD_ROOT}/run %else +ln -s ../lib/named/var/run/lwresd ${RPM_BUILD_ROOT}/var/run ln -s ../lib/named/var/run/named ${RPM_BUILD_ROOT}/var/run %endif for file in named-common named-named syslog-named; do @@ -620,7 +623,7 @@ if [ -f etc/named.conf ] && grep -qi '^[[:space:]]*directory[[:space:]]*"/var/na echo -n "Backup old /etc/named.conf to " | tee -a ${CONVLOG} oldconfig=$( old etc/named.conf) 2>/dev/null oldconfig=${oldconfig##*/} - echo -en "/etc/${oldconfig}. Conversion " | tee -a ${CONVLOG} + echo -n "/etc/${oldconfig}. Conversion " | tee -a ${CONVLOG} sed -e "s@\"/var/named\"@\"/var/lib/named\"@" "etc/${oldconfig}" > etc/named.conf 2>/dev/null conv_rc=$? if [ ${conv_rc} -eq 0 ]; then @@ -674,7 +677,8 @@ if [ -s etc/named.conf.include -a -z "${NAMED_RUN_CHROOTED}" ]; then done TMPFILE=$( mktemp /var/tmp/named.sysconfig.XXXXXX) if [ $? -ne 0 ]; then - echo -e "Can't create temp file. Please add your included files from /etc/named.conf to\nNAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named manually." + echo "Can't create temp file. Please add your included files from /etc/named.conf to" + echo "NAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named manually." return fi chmod --reference=etc/sysconfig/named ${TMPFILE} @@ -780,6 +784,7 @@ fi %attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include %attr(0640,root,named) %ghost %config(noreplace) /%{_sysconfdir}/rndc.key %config /%{_sysconfdir}/init.d/named +%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/bind %{_bindir}/bind9-config %{_sbindir}/rcnamed %{_sbindir}/named @@ -797,6 +802,7 @@ fi %dir %{_datadir}/bind %{_datadir}/bind/createNamedConfInclude %{_datadir}/bind/ldapdump +%ghost %{_rundir}/named %{_var}/adm/fillup-templates/sysconfig.named-named %dir %{_var}/lib/named/master %attr(-,named,named) %dir %{_var}/lib/named/dyn @@ -806,7 +812,7 @@ fi %config %{_var}/lib/named/localhost.zone %ghost %{_var}/lib/named/etc/localtime %attr(0644,root,named) %ghost %{_var}/lib/named/etc/named.conf.include -%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/bind +%attr(-,named,named) %dir %{_var}/lib/named/var/run/named %files -n idnkit %defattr(-,root,root) @@ -882,14 +888,12 @@ fi %dir %{_var}/lib/named/var/lib %dir %{_var}/lib/named/var/run %attr(-,named,named) %dir %{_var}/lib/named/log -%attr(-,named,named) %dir %{_var}/lib/named/var/run/named %ghost %{_var}/lib/named/etc/named.d/rndc.access.conf %ghost %{_var}/lib/named/dev/log %attr(0666, root, root) %dev(c, 1, 3) %{_var}/lib/named/dev/null %attr(0666, root, root) %dev(c, 1, 8) %{_var}/lib/named/dev/random %{_var}/lib/named/var/lib/named %{_var}/lib/named/var/log -%ghost %{_rundir}/named %{_var}/adm/fillup-templates/sysconfig.named-common %{_var}/adm/fillup-templates/sysconfig.syslog-named @@ -911,10 +915,13 @@ fi %files lwresd %defattr(-,root,root) +%ghost %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/lwresd.conf %config /etc/init.d/lwresd %{_sbindir}/rclwresd %{_sbindir}/lwresd %{_mandir}/man8/lwresd.8.gz +%ghost %{_rundir}/lwresd +%attr(-,named,named) %dir %{_var}/lib/named/var/run/lwresd %files utils %defattr(-,root,root) diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2 index a633361..5e259cb 100644 --- a/vendor-files.tar.bz2 +++ b/vendor-files.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:fb6ae69f7d5b51be2e3b1755d38c793cb6f06460ea9ef5b98a4b0c7d86976cbb -size 21545 +oid sha256:c4f97ac0bc0800e12c6f870d651d15d507f00a35968deb16f1197f4b24b27b98 +size 22288