Accepting request 243329 from home:lmuelle:branches:network

- Package dnssec-checkds and dnssec-coverage binaries and man pages only on post-11.1 systems. - Update to version 9.9.5P1 Various bugfixes and some feature fixes. (see CHANGES files) Security and maintenance issues: - [bug] Don't call qsort with a null pointer. [RT #35968] - [bug] Disable GCC 4.9 "delete null pointer check". [RT #35968] - [port] linux: libcap support: declare curval at start of block. [RT #35387] - Update to version 9.9.5 Various bugfixes and some feature fixes. (see CHANGES files) - Updated to current rpz patch from·http://ss.vix.su/~vjs/rrlrpz.html - rpz2-9.9.4.patch + rpz2+rl-9.9.5.patch OBS-URL: https://build.opensuse.org/request/show/243329 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=144
2014-08-01 11:43:42 +00:00 · 2014-08-01 11:43:42 +00:00 · ed559646e6
commit ed559646e6
parent 03789a4890
13 changed files with 355 additions and 320 deletions
--- a/Makefile.in.diff
+++ b/Makefile.in.diff
@ -2,7 +2,7 @@ Index: bind-9.9.3-P1/bin/named/Makefile.in
 ===================================================================
 --- bind-9.9.3-P1.orig/bin/named/Makefile.in
 +++ bind-9.9.3-P1/bin/named/Makefile.in
-@@ -175,9 +175,7 @@ installdirs:
+@@ -176,9 +176,7 @@ installdirs:
 install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
 	(cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@)
--- a/bind-9.9.4-P2.tar.gz
+++ b/bind-9.9.4-P2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:50f3c6431e26d3f322b69092a49c92e163e73029fe4a1933ce532dc97ec40a89
-size 7513077
--- a/bind-9.9.4-P2.tar.gz.asc
+++ b/bind-9.9.4-P2.tar.gz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.12 (NetBSD)
-
-iQEcBAABAgAGBQJSxzKdAAoJEEWseFcYnNvFBRMH+QE4AkJ4CoZPcO0PcE6+2AFA
-BEXCJJSyMfZr3R0Wblb+lhWehnnWpxqV8FCwM9gecFXn0J44aJ+U8nh3WA8ROAas
-5NfXjll34YDDo8UU9wGZ7XmPpzUnn6DoncVz1BeV1VwqLIADv6WkoSx0HasYQ4Vf
-bHwGJI1cFCLDpy8XhjLAb4iUkdE9NSmvJ+6OZJ0ZtgYymnnNWI2YvHn95DM3DQbS
-lURMaiqiwNmhuk4Q4qzoAPrbpEqRG/PmFxRiZWk9irPhBsSoJKU/wbOFyTD+iJAv
-+pugh+S9lXkqR5bWLKzR8rpW4ydV9KVuxo6jW4dT4kR7QbU+zdMC6CAW/99duqQ=
-=F/NG
-----END PGP SIGNATURE-----
--- a/bind-9.9.5-P1.tar.gz
+++ b/bind-9.9.5-P1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a41f7813f3a6eb0dcae961651ec93896fd82074929bc6c1d8c90b04a2417b850
+size 7730150
--- a/bind-9.9.5-P1.tar.gz.asc
+++ b/bind-9.9.5-P1.tar.gz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (NetBSD)
+
+iQEcBAABAgAGBQJTldadAAoJEEWseFcYnNvFsLAH/iepQdJvNgfZ5inZ//Kp8QeO
+5dv6f7a6UvfHZiD5wh8p9MCiIKVgxdeVV5HsSOsu8UpnzXRsmC2aH3etdxhlIsqu
+QTGfJzLiIY1Y+/xnSqUXHfKdJ4aCsHQqXiGqFi8oAW26DIQgjHDRfLhYkEWBeXss
+KjhCiI0FDjxvEqQ3orFWwUBV6RfHyIwTL186R/57r9xTtzJZFapvXMvV4TJjYAvU
+8UqPwP36mD7sdQEjg6PCOnrDtCheHLwF1q5m3a1rsuKmV3W3a2BZvTA2mW1xdrHb
+oo0Vbvt6GfzmFJHhs2G2VEj4405ALOmqLGejxs7pSbcZ1yyPlU/L/pcn+s1iB/Q=
+=zuFR
+-----END PGP SIGNATURE-----
--- a/bind-sdb-ldap.patch
+++ b/bind-sdb-ldap.patch
@ -27,7 +27,7 @@ Index: bin/named/main.c
 
 #ifdef CONTRIB_DLZ
 /*
-@@ -904,6 +905,7 @@
+@@ -922,6 +923,7 @@
 	 * Add calls to register sdb drivers here.
 	 */
 	/* xxdb_init(); */
@ -35,7 +35,7 @@ Index: bin/named/main.c
 
 #ifdef ISC_DLZ_DLOPEN
 	/*
-@@ -940,6 +942,7 @@
+@@ -958,6 +960,7 @@
 	 * Add calls to unregister sdb drivers here.
 	 */
 	/* xxdb_clear(); */
--- a/bind.changes
+++ b/bind.changes
@ -1,3 +1,129 @@
+-------------------------------------------------------------------
+Thu Jul 31 21:40:49 UTC 2014 - lmuelle@suse.com
+
+- Package dnssec-checkds and dnssec-coverage binaries and man pages only on
+  post-11.1 systems.
+
+-------------------------------------------------------------------
+Thu Jul 31 17:20:38 UTC 2014 - lmuelle@suse.com
+
+- Update to version 9.9.5P1
+  Various bugfixes and some feature fixes. (see CHANGES files)
+  Security and maintenance issues:
+
+  - [bug] Don't call qsort with a null pointer. [RT #35968]
+  - [bug] Disable GCC 4.9 "delete null pointer check". [RT #35968]
+  - [port] linux: libcap support: declare curval at start of block. [RT #35387]
+
+- Update to version 9.9.5
+  - [bug] Address double dns_zone_detach when switching to using automatic
+    empty zones from regular zones. [RT #35177]
+  - [port] Use built-in versions of strptime() and timegm() on all platforms
+    to avoid portability issues. [RT #35183]
+  - [bug] Address a portentry locking issue in dispatch.c. [RT #35128]
+  - [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND on a missing
+    resolv.conf file and initializes the structure as if it had been
+    configured with  nameserver ::1 nameserver 127.0.0.1  [RT #35194]
+  - [contrib] queryperf: Fixed a possible integer overflow when printing
+    results. [RT #35182]
+  - [protocol] Accept integer timestamps in RRSIG records. [RT #35185]
+  - [func] named-checkconf can now obscure shared secrets when printing by
+    specifying '-x'. [RT #34465]
+  - [bug] Improvements to statistics channel XSL stylesheet: the stylesheet can
+    now be cached by the browser; section headers are omitted from the stats
+    display when there is no data in those sections to be displayed; counters
+    are now right-justified for easier readability. (Only available with
+    configure --enable-newstats.) [RT #35117]
+  - [cleanup] Replaced all uses of memcpy() with memmove(). [RT #35120]
+  - [bug] Handle "." as a search list element when IDN support is enabled.
+    [RT #35133]
+  - [bug] dig failed to handle AXFR style IXFR responses which span multiple
+    messages. [RT #35137]
+  - [bug] Address a possible race in dispatch.c. [RT #35107]
+  - [bug] Warn when a key-directory is configured for a zone, but does not
+    exist or is not a directory. [RT #35108]
+  - [security] memcpy was incorrectly called with overlapping ranges resulting
+    in malformed names being generated on some platforms.  This could cause
+    INSIST failures when serving NSEC3 signed zones (CVE-2014-0591).
+    [RT #35120]
+  - [bug] Two calls to dns_db_getoriginnode were fatal if there was no data at
+    the node. [RT #35080]
+  - [bug] Iterative responses could be missed when the source port for an
+    upstream query was the same as the listener port (53). [RT #34925]
+  - [bug] Fixed a bug causing an insecure delegation from one static-stub zone
+    to another to fail with a broken trust chain. [RT #35081]
+  - [bug] loadnode could return a freed node on out of memory. [RT #35106]
+  - [bug] Address null pointer dereference in zone_xfrdone. [RT #35042]
+  - [func] "dnssec-signzone -Q" drops signatures from keys that are still
+    published but no longer active. [RT #34990]
+  - [bug] "rndc refresh" didn't work correctly with slave zones usingi
+    inline-signing. [RT #35105]
+  - [cleanup] Add a more detailed "not found" message to rndc commands which
+    specify a zone name. [RT #35059]
+  - [bug] Correct the behavior of rndc retransfer to allow inline-signing slave
+    zones to retain NSEC3 parameters instead of reverting to NSEC. [RT #34745]
+  - [port] Update the Windows build system to support feature selection and
+    WIN64 builds.  This is a work in progress. [RT #34160]
+  - [bug] dig could fail to clean up TCP sockets still waiting on connect().
+    [RT #35074]
+  - [port] Update config.guess and config.sub. [RT #35060]
+  - [bug] 'nsupdate' leaked memory if 'realm' was used multiple times.
+    [RT #35073]
+  - [bug] "named-checkconf -z" now checks zones of type hint and redirect as
+    well as master. [RT #35046]
+  - [misc] Provide a place for third parties to add version information for
+    their extensions in the version file by setting the EXTENSIONS variable.
+  - [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026]
+  - [func] Local address can now be specified when using dns_client API.
+    [RT #34811]
+  - [bug] Don't allow dnssec-importkey overwrite a existing non-imported
+    private key.
+  - [bug] Address read after free in server side of lwres_getrrsetbyname.
+    [RT #29075]
+  - [bug] Fix cast in lex.c which could see 0xff treated as eof. [RT #34993]
+  - [bug] Failure to release lock on error in receive_secure_db. [RT #34944]
+  - [bug] Updated OpenSSL PKCS#11 patches to fix active list locking and other
+    bugs. [RT #34855]
+  - [bug] Address bugs in dns_rdata_fromstruct and dns_rdata_tostruct for WKS
+    and ISDN types. [RT #34910]
+  - [bug] 'host' could die if a UDP query timed out. [RT #34870]
+  - [bug] Address lock order reversal deadlock with inline zones. [RT #34856]
+  - [cleanup] Changed the name of "isc-config.sh" to "bind9-config".
+    [RT #23825]
+  - [port] linux: Address platform specific compilation issue when libcap-devel
+    is installed. [RT #34838]
+  - [port] Some readline clones don't accept NULL pointers when calling
+    add_history. [RT #34842]
+  - [cleanup] Simplify TCP message processing when requesting a zone transfer.
+    [RT #34825]
+  - [bug] Address race condition with manual notify requests. [RT #34806]
+  - [func] Create delegations for all "children" of empty zones except
+    "forward first". [RT #34826]
+  - [tuning] Adjust when a master server is deemed unreachable. [RT #27075]
+  - [tuning] Use separate rate limiting queues for refresh and notify
+    requests. [RT #30589]
+  - [cleanup] Include a comment in .nzf files, giving the name of the
+    associated view. [RT #34765]
+  - [bug] Address a race condition when shutting down a zone. [RT #34750]
+  - [bug] Journal filename string could be set incorrectly, causing garbage in
+    log messages. [RT #34738]
+  - [protocol] Use case sensitive compression when responding to queries.
+    [RT #34737]
+  - [protocol] Check that EDNS subnet client options are well formed.
+    [RT #34718]
+  - [func] Allow externally generated DNSKEY to be imported into the DNSKEY
+    management framework.  A new tool dnssec-importkey is used to do this.
+    [RT #34698]
+  - [bug] Handle changes to sig-validity-interval settings better. [RT #34625]
+  - [bug] ndots was not being checked when searching.  Only continue searching
+    on NXDOMAIN responses.  Add the ability to specify ndots to nslookup.
+    [RT #34711]
+  - [bug] Treat type 65533 (KEYDATA) as opaque except when used in a key zone.
+    [RT #34238]
+- Updated to current rpz patch from·http://ss.vix.su/~vjs/rrlrpz.html
+  - rpz2-9.9.4.patch
+  + rpz2+rl-9.9.5.patch
+
 -------------------------------------------------------------------
 Sun Jun  1 13:30:10 UTC 2014 - chris@computersalat.de

--- a/bind.spec
+++ b/bind.spec
@ -18,7 +18,7 @@

 Name:           bind
 %define pkg_name bind
-%define pkg_vers 9.9.4-P2
+%define pkg_vers 9.9.5-P1
 BuildRequires:  krb5-devel
 BuildRequires:  libcap
 BuildRequires:  libcap-devel
@ -33,7 +33,7 @@ BuildRequires:  update-desktop-files
 Summary:        Domain Name System (DNS) Server (named)
 License:        ISC
 Group:          Productivity/Networking/DNS/Servers
-Version:        9.9.4P2
+Version:        9.9.5P1
 Release:        0
 Provides:       bind8
 Provides:       bind9
@ -66,8 +66,8 @@ BuildRequires:  gpg-offline

 # Rate limiting patch by Paul Vixie et.al. for reflection DoS protection
 # see http://www.redbarn.org/dns/ratelimits
-#Patch200:       http://ss.vix.su/~vjs/rpz2-9.9.4.patch
-Patch200:       rpz2-9.9.4.patch
+#Patch200:       http://ss.vix.su/~vjs/rpz2+rl-9.9.5.patch
+Patch200:       rpz2+rl-9.9.5.patch

 Source60:       dlz-schema.txt
 %if %ul_version >= 1
@ -589,11 +589,13 @@ fi
 %attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include
 %attr(0640,root,named) %ghost %config(noreplace) /%{_sysconfdir}/rndc.key
 %config /%{_sysconfdir}/init.d/named
+%{_bindir}/bind9-config
 %{_sbindir}/rcnamed
 %{_sbindir}/named
 %{_sbindir}/named-checkconf
 %{_sbindir}/named-checkzone
 %{_sbindir}/named-compilezone
+%doc %{_mandir}/man1/bind9-config.1.gz
 %doc %{_mandir}/man5/named.conf.5.gz
 %doc %{_mandir}/man8/named-checkconf.8.gz
 %doc %{_mandir}/man8/named-checkzone.8.gz
@ -688,9 +690,12 @@ fi
 %{_bindir}/runidn
 %{_sbindir}/arpaname
 %{_sbindir}/ddns-confgen
+%if 0%{?suse_version} > 1110
 %{_sbindir}/dnssec-checkds
 %{_sbindir}/dnssec-coverage
+%endif
 %{_sbindir}/dnssec-dsfromkey
+%{_sbindir}/dnssec-importkey
 %{_sbindir}/dnssec-keyfromlabel
 %{_sbindir}/dnssec-keygen
 %{_sbindir}/dnssec-revoke
@ -715,8 +720,10 @@ fi
 %doc %{_mandir}/man1/nsupdate.1.gz
 %doc %{_mandir}/man5/rndc.conf.5.gz
 %doc %{_mandir}/man8/ddns-confgen.8.gz
+%if 0%{?suse_version} > 1110
 %doc %{_mandir}/man8/dnssec-checkds.8.gz
 %doc %{_mandir}/man8/dnssec-coverage.8.gz
+%endif
 %doc %{_mandir}/man8/dnssec-dsfromkey.8.gz
 %doc %{_mandir}/man8/dnssec-keyfromlabel.8.gz
 %doc %{_mandir}/man8/dnssec-keygen.8.gz
--- a/configure.in.diff
+++ b/configure.in.diff
@ -2,7 +2,7 @@ Index: bind-9.9.4-P2/configure.in
 ===================================================================
 --- bind-9.9.4-P2.orig/configure.in	2013-12-20 01:28:28.000000000 +0100
 +++ bind-9.9.4-P2/configure.in	2014-01-21 17:55:51.063395215 +0100
-@@ -3142,7 +3142,7 @@
+@@ -3172,7 +3172,7 @@
 # empty).  The variable VARIABLE will be substituted into output files.
 #
 
--- a/named-bootconf.diff
+++ b/named-bootconf.diff
@ -2,7 +2,7 @@ Index: contrib/named-bootconf/named-bootconf.sh
 ===================================================================
 --- contrib/named-bootconf/named-bootconf.sh.orig
 +++ contrib/named-bootconf/named-bootconf.sh
-@@ -54,7 +54,8 @@
+@@ -47,7 +47,8 @@
 # POSSIBILITY OF SUCH DAMAGE.
 
 if [ ${OPTIONFILE-X} = X ]; then
@ -12,7 +12,7 @@ Index: contrib/named-bootconf/named-bootconf.sh
 	( umask 077 ; mkdir $WORKDIR ) || {
 		echo "unable to create work directory '$WORKDIR'" >&2 
 		exit 1
-@@ -308,7 +309,7 @@ if [ $DUMP -eq 1 ]; then
+@@ -301,7 +302,7 @@ if [ $DUMP -eq 1 ]; then
 	cat $ZONEFILE $COMMENTFILE
 
 	rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE
--- a/pid-path.diff
+++ b/pid-path.diff
@ -2,7 +2,7 @@ Index: bin/named/include/named/globals.h
 ===================================================================
 --- bin/named/include/named/globals.h.orig	2013-07-17 00:13:06.000000000 +0200
 +++ bin/named/include/named/globals.h	2013-08-05 14:14:28.152275375 +0200
-@@ -139,9 +139,9 @@
+@@ -140,9 +140,9 @@
 							     "lwresd.pid");
 #else
 EXTERN const char *		ns_g_defaultpidfile 	INIT(NS_LOCALSTATEDIR
--- a/pie_compile.diff
+++ b/pie_compile.diff
@ -124,7 +124,7 @@ Index: bin/nsupdate/Makefile.in
 ===================================================================
 --- bin/nsupdate/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
 +++ bin/nsupdate/Makefile.in	2013-08-06 12:08:19.493457729 +0200
-@@ -66,8 +66,12 @@
+@@ -68,8 +68,12 @@
 
 MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
--- a/rpz2+rl-9.9.5.patch
+++ b/rpz2+rl-9.9.5.patch