Commit Graph

155 Commits

Author SHA256 Message Date
Reinhard Max
40916246e7 - Version 9.9.5P1 also fixes orphan mode (bnc#883859).
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=146
2014-09-03 11:40:39 +00:00
ed559646e6 Accepting request 243329 from home:lmuelle:branches:network
- Package dnssec-checkds and dnssec-coverage binaries and man pages only on
  post-11.1 systems.

- Update to version 9.9.5P1
  Various bugfixes and some feature fixes. (see CHANGES files)
  Security and maintenance issues:
  - [bug] Don't call qsort with a null pointer. [RT #35968]
  - [bug] Disable GCC 4.9 "delete null pointer check". [RT #35968]
  - [port] linux: libcap support: declare curval at start of block. [RT #35387]
- Update to version 9.9.5
  Various bugfixes and some feature fixes. (see CHANGES files)
- Updated to current rpz patch from·http://ss.vix.su/~vjs/rrlrpz.html
  - rpz2-9.9.4.patch
  + rpz2+rl-9.9.5.patch

OBS-URL: https://build.opensuse.org/request/show/243329
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=144
2014-08-01 11:43:42 +00:00
Sascha Peilicke
03789a4890 Accepting request 235970 from home:computersalat:devel:network
add stuff for DNSSEC validation to named.conf

OBS-URL: https://build.opensuse.org/request/show/235970
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=142
2014-06-02 09:09:36 +00:00
b25ceb6024 Accepting request 235320 from home:elvigia:branches:network
- Build with LFS_CFLAGS in 32 bit systems.

OBS-URL: https://build.opensuse.org/request/show/235320
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=141
2014-06-01 10:06:10 +00:00
Reinhard Max
8dac1c49a4 Re-sync changes file with SLE12.
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=139
2014-05-08 10:01:10 +00:00
Reinhard Max
9927c8db29 Accepting request 233009 from home:oertel:branches:network
- use %_rundir macro

OBS-URL: https://build.opensuse.org/request/show/233009
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=138
2014-05-08 09:51:15 +00:00
Reinhard Max
f40daf517b - Add the sdb-ldap backend module (fate#313216).
- Details can be found here:
  * http://bind9-ldap.bayour.com/
  * http://bind9-ldap.bayour.com/dnszonehowto.html

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=136
2014-01-24 10:15:48 +00:00
Reinhard Max
6fa65ad99d unfuzz rpz2-9.9.4.patch
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=135
2014-01-21 17:29:39 +00:00
Reinhard Max
2280b862ef - Update to version 9.9.4P2
* Fixes named crash when handling malformed NSEC3-signed zones
    (CVE-2014-0591, bnc#858639)
  * Obsoletes workaround-compile-problem.diff
- Replace rpz2+rl-9.9.3-P1.patch by rpz2-9.9.4.patch, rl is now
  supported upstream (--enable-rrl).

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=134
2014-01-21 17:09:17 +00:00
Reinhard Max
f61744ed46 Remove createNamedConfInclude~
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=132
2013-12-09 13:33:42 +00:00
Reinhard Max
c13e4cf96e Fix creation of /etc/named.conf.include .
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=131
2013-12-09 12:23:41 +00:00
Reinhard Max
e0efd1bf47 - Systemd doesn't set $TERM, and hence breaks tput (bnc#823175).
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=129
2013-08-07 15:23:09 +00:00
Reinhard Max
b255a507e5 - Systemd doesn't set $TERM, and hence breaks tput.
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=128
2013-08-07 15:21:50 +00:00
Reinhard Max
ef9b332868 - Improve pie_compile.diff (bnc#828874).
- dnssec-checkds and dnssec-coverage need python-base.
- disable rpath in libtool.

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=127
2013-08-06 13:06:41 +00:00
Reinhard Max
2e7cad6b7d dnssec-checkds and dnssec-coverage need python-base for building.
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=126
2013-08-06 09:11:23 +00:00
Reinhard Max
28ef07b698 - Update to 9.9.3P2 fixes CVE-2013-4854, bnc#831899.
* Incorrect bounds checking on private type 'keydata' can lead
    to a remotely triggerable REQUIRE failure.

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=125
2013-08-05 14:51:21 +00:00
Reinhard Max
8e89b870e6 - Remove non-working apparmor profiles (bnc#740327).
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=123
2013-07-24 15:38:10 +00:00
918e706647 - the README file is not a directory, drop the dir attribute
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=121
2013-07-17 12:09:28 +00:00
67378e3874 - moved dnssec-* helpers to bind-utils package. bnc#813911
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=119
2013-06-27 09:27:34 +00:00
7f803cee73 - Updated to current rate limiting + rpz patch from
http://ss.vix.su/~vjs/rrlrpz.html

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=118
2013-06-26 12:27:48 +00:00
306b1609e0 Security and maintenance issues:
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=117
2013-06-26 10:51:54 +00:00
7dbe78dc6a - Use updated config.guess/sub in the embedded idnkit sources
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=116
2013-06-26 10:50:57 +00:00
8591e27de2 - Updated to 9.9.3-P1
Various bugfixes and some feature fixes. (see CHANGES files)
  Security and maintenance issues: 
  -	[security]	Caching data from an incompletely signed zone could
			trigger an assertion failure in resolver.c [RT #33690]
  -	[security]	Support NAPTR regular expression validation on
			all platforms without using libregex, which
			can be vulnerable to memory exhaustion attack
			(CVE-2013-2266). [RT #32688]
  -	[security]	RPZ rules to generate A records (but not AAAA records)
			could trigger an assertion failure when used in
			conjunction with DNS64 (CVE-2012-5689). [RT #32141]
  -	[bug]		Fixed several Coverity warnings.
			Note: This change includes a fix for a bug that
			was subsequently determined to be an exploitable
			security vulnerability, CVE-2012-5688: named could
			die on specific queries with dns64 enabled.
			[RT #30996]
  -	[maint]		Added AAAA for D.ROOT-SERVERS.NET.
  -	[maint]		D.ROOT-SERVERS.NET is now 199.7.91.13.

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=115
2013-06-26 10:50:27 +00:00
e2db8fe61f Accepting request 174818 from devel:ARM:AArch64:Factory
- Use updated config.guess/sub in the embedded idnkit sources

OBS-URL: https://build.opensuse.org/request/show/174818
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=113
2013-05-08 13:45:12 +00:00
eec4a4f40d - Updated to 9.9.2-P2 (bnc#811876)
Fix for: https://kb.isc.org/article/AA-00871 CVE-2013-2266
  * Security Fixes
    Removed the check for regex.h in configure in order to disable regex
    syntax checking, as it exposes BIND to a critical flaw in libregex
    on some platforms. [RT #32688]
- added gpg key source verification

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=111
2013-03-27 12:36:47 +00:00
4d43181a2f OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=109 2012-12-06 15:46:53 +00:00
d414c6c46e OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=108 2012-12-06 15:46:13 +00:00
636c118d37 - Updated to 9.9.2-P1 (bnc#792926)
https://kb.isc.org/article/AA-00828
  * Security Fixes
    Prevents named from aborting with a require assertion failure on
    servers with DNS64 enabled.  These crashes might occur as a result of
    specific queries that are received.  (Note that this fix is a subset
    of a series of updates that will be included in full in BIND 9.8.5
    and 9.9.3 as change #3388, RT #30996).  [CVE-2012-5688] [RT #30792]
    A deliberately constructed combination of records could cause
    named to hang while populating the additional section of a
    response. [CVE-2012-5166] [RT #31090]
    Prevents a named assert (crash) when queried for a record whose
    RDATA exceeds 65535 bytes.  [CVE-2012-4244]  [RT #30416]
    Prevents a named assert (crash) when validating caused by using
    "Bad cache" data before it has been initialized. [CVE-2012-3817]
    [RT #30025]
    A condition has been corrected where improper handling of zero-length
    RDATA could cause undesirable behavior, including termination of
    the named process. [CVE-2012-1667]  [RT #29644]
    ISC_QUEUE handling for recursive clients was updated to address a race
    condition that could cause a memory leak. This rarely occurred with
    UDP clients, but could be a significant problem for a server handling
    a steady rate of TCP queries. [CVE-2012-3868]  [RT #29539 & #30233]
New Features
    Elliptic Curve Digital Signature Algorithm keys and signatures in
    DNSSEC are now supported per RFC 6605. [RT #21918]
    Introduces a new tool "dnssec-checkds" command that checks a zone to
    determine which DS records should be published in the parent zone,
    or which DLV records should be published in a DLV zone, and queries
    the DNS to ensure that it exists. (Note: This tool depends on python;

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=107
2012-12-06 08:05:49 +00:00
4161728e00 - added a ratelimiting (draft RFC) patch from Paul Vixie.
see http://www.redbarn.org/dns/ratelimits
  suggested by Stefan Schaefer <stefan@invis-server.org>

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=105
2012-11-18 18:12:17 +00:00
720e0417f1 - unfuzzed patches:
perl-path.diff
  pie_compile.diff
  workaround-compile-problem.diff

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=103
2012-11-15 09:54:51 +00:00
d0bcf798bc Accepting request 141301 from home:msmeissn:branches:network
OBS-URL: https://build.opensuse.org/request/show/141301
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=102
2012-11-14 14:01:06 +00:00
96ef1056ef freshed patches
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=101
2012-11-14 10:31:31 +00:00
d3e988aaee - updated to 9.9.2
https://kb.isc.org/article/AA-00798
  Security:
  * A deliberately constructed combination of records could cause
    named to hang while populating the additional section of a
    response. [CVE-2012-5166] [RT #31090]
  * Prevents a named assert (crash) when queried for a record whose
    RDATA exceeds 65535 bytes.  [CVE-2012-4244]  [RT #30416]
  * Prevents a named assert (crash) when validating caused by using "Bad
    cache" data before it has been initialized. [CVE-2012-3817]  [RT #30025]
  * A condition has been corrected where improper handling of zero-length
    RDATA could cause undesirable behavior, including termination of the
    named process. [CVE-2012-1667]  [RT #29644]
  * ISC_QUEUE handling for recursive clients was updated to address a race
    condition that could cause a memory leak. This rarely occurred with
    UDP clients, but could be a significant problem for a server handling
    a steady rate of TCP queries. [CVE-2012-3868]  [RT #29539 & #30233]
  New Features
  * Elliptic Curve Digital Signature Algorithm keys and signatures in
    DNSSEC are now supported per RFC 6605. [RT #21918]
  * Introduces a new tool "dnssec-checkds" command that checks a zone
    to determine which DS records should be published in the parent zone,
    or which DLV records should be published in a DLV zone, and queries
    the DNS to ensure that it exists. (Note: This tool depends on python;
    it will not be built or installed on systems that do not have a python
    interpreter.)  [RT #28099]
  * Introduces a new tool "dnssec-verify" that validates a signed zone,
    checking for the correctness of signatures and NSEC/NSEC3 chains.
    [RT #23673]
  * Adds configuration option "max-rsa-exponent-size <value>;" that can

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=100
2012-11-14 10:25:52 +00:00
c9d0046524 - Specially crafted DNS data can cause a lockup in named.
CVE-2012-5166, bnc#784602.
- 9.9.1-P4

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=98
2012-10-19 12:14:00 +00:00
a16486cc98 - Named could die on specially crafted record.
[RT #30416] (bnc#780157) CVE-2012-4244
- 9.9.1-P3
- updated dnszone-schema.txt from upstream.

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=96
2012-09-15 16:23:25 +00:00
Uwe Gansert
9d3afd5a9e security fix
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=94
2012-07-26 09:55:26 +00:00
Uwe Gansert
9aea24ec0b Accepting request 127699 from home:babelworx:ldig:branches:network
license update: ISC
ISC is generally seen as the correct license for bind

OBS-URL: https://build.opensuse.org/request/show/127699
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=93
2012-07-12 07:46:55 +00:00
Uwe Gansert
d65e10ef0f updates ldap schema
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=91
2012-06-05 14:30:53 +00:00
Uwe Gansert
878d773563 changes file was broken
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=90
2012-06-04 15:26:56 +00:00
Uwe Gansert
6b1a93e719 VUL-0: bind remote DoS via zero length rdata field
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=89
2012-06-04 15:26:08 +00:00
Uwe Gansert
8a196b5476 version 9.9.1
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=87
2012-05-22 08:08:00 +00:00
Uwe Gansert
766b6fb925 assertion failure fix added
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=85
2012-05-10 11:45:20 +00:00
Uwe Gansert
91f038d7f6 version 9.9.0
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=83
2012-05-04 15:07:18 +00:00
Uwe Gansert
a40cfc49bd Accepting request 104301 from devel:openSUSE:Factory:patch-license
patch license to follow spdx.org standard

OBS-URL: https://build.opensuse.org/request/show/104301
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=81
2012-02-13 13:54:04 +00:00
Uwe Gansert
a3097226b3 Accepting request 98618 from home:lmuelle:branches:network
- Ensure to create the required dir or sym link in /var/run; (bnc#738156).
- Cache lookup could return RRSIG data associated with nonexistent
  records, leading to an assertion failure. CVE-2011-4313; (bnc#730995).

OBS-URL: https://build.opensuse.org/request/show/98618
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=80
2012-01-03 15:16:12 +00:00
Uwe Gansert
e15a83c164 root.hint updated
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=79
2011-12-05 15:49:16 +00:00
Uwe Gansert
7fa43cec68 added managed-keys-directory to named.conf
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=78
2011-12-05 11:55:53 +00:00
Uwe Gansert
e0cc3ad3e3 fixed apparmor profile for lib and lib64 in chroot
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=77
2011-11-22 10:38:06 +00:00
Uwe Gansert
d4710ab62f Accepting request 91958 from home:fteodori:branches:network
OBS-URL: https://build.opensuse.org/request/show/91958
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=76
2011-11-17 13:46:40 +00:00
Uwe Gansert
a0157c5696 reverted last changes
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=75
2011-10-27 11:22:47 +00:00