Accepting request 181326 from network

- Updated to 9.9.3-P1 Various bugfixes and some feature fixes. (see CHANGES files) Security and maintenance issues: - [security] Caching data from an incompletely signed zone could trigger an assertion failure in resolver.c [RT #33690] - [security] Support NAPTR regular expression validation on all platforms without using libregex, which can be vulnerable to memory exhaustion attack (CVE-2013-2266). [RT #32688] - [security] RPZ rules to generate A records (but not AAAA records) could trigger an assertion failure when used in conjunction with DNS64 (CVE-2012-5689). [RT #32141] - [bug] Fixed several Coverity warnings. Note: This change includes a fix for a bug that was subsequently determined to be an exploitable security vulnerability, CVE-2012-5688: named could die on specific queries with dns64 enabled. [RT #30996] - [maint] Added AAAA for D.ROOT-SERVERS.NET. - [maint] D.ROOT-SERVERS.NET is now 199.7.91.13. - Updated to current rate limiting + rpz patch from http://ss.vix.su/~vjs/rrlrpz.html - moved dnssec-* helpers to bind-utils package. bnc#813911 OBS-URL: https://build.opensuse.org/request/show/181326 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=90
2013-07-02 04:44:24 +00:00 · 2013-07-02 04:44:24 +00:00 · 0d294dc7c6
commit 0d294dc7c6
parent adb3422044 67378e3874
10 changed files with 10525 additions and 3020 deletions
--- a/Makefile.in.diff
+++ b/Makefile.in.diff
@ -1,8 +1,8 @@
-Index: bind-9.8.1-P1/bin/named/Makefile.in
+Index: bind-9.9.3-P1/bin/named/Makefile.in
 ===================================================================
--- bind-9.8.1-P1.orig/bin/named/Makefile.in
-+++ bind-9.8.1-P1/bin/named/Makefile.in
-@@ -162,8 +162,6 @@ installdirs:
+--- bind-9.9.3-P1.orig/bin/named/Makefile.in
+++ bind-9.9.3-P1/bin/named/Makefile.in
+@@ -175,9 +175,7 @@ installdirs:
 install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
 	(cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@)
@ -12,3 +12,4 @@ Index: bind-9.8.1-P1/bin/named/Makefile.in
 +	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man$${m##*.}; done
 
 @DLZ_DRIVER_RULES@
+ 
--- a/bind-9.9.2-P2.tar.gz
+++ b/bind-9.9.2-P2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ff822734e3550969251411e20f6f7397d14a912613a42af423752e93fdb565d2
-size 7277958
--- a/bind-9.9.2-P2.tar.gz.asc
+++ b/bind-9.9.2-P2.tar.gz.asc
@ -1,12 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
-Comment: GPGTools - http://gpgtools.org
-
-iQEcBAABAgAGBQJRTKtMAAoJEEWseFcYnNvF8/MH/iumeUL6oxa6oVk/RaBj+J0T
-/ETUPoUoMGsz92bK7PgpvR/R9i0PVrA+79j3VLgsoXFEVPtZfBQeVXW08tWkeWdD
-S2asvEdEHxPla6pIQ9jOrevXwt7vdTjWgXpqXcSXsJ2SXOYYYUMIjTW7IFa5vyaL
-VUVirJpxTwxaw7rdYTGMGdD86DYpWi+hlFUdXuc+tbcUpEJrEiJhRoV9dwMsHOuS
-7APlB06WAnfluWzmjUk5Q0vl9XiXDRqagDUl3Ovas3ceHgEucqh0kMOtwLHBjQ0U
-n8C2+EpdLCnDThpwJ2IZdKomM6QoFLBbsTmBWUxONjqGwMpICZIbrxHoNfGEv0E=
-=vmRC
-----END PGP SIGNATURE-----
--- a/bind-9.9.3-P1.tar.gz
+++ b/bind-9.9.3-P1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1baa22e47c3b307c5fcc7aaf6700dd5953b5b9b7737d1e36117545af7bdbb435
+size 7459819
--- a/bind-9.9.3-P1.tar.gz.asc
+++ b/bind-9.9.3-P1.tar.gz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (NetBSD)
+
+iQEcBAABAgAGBQJRrkT/AAoJEEWseFcYnNvF10kH/2hDHZitnJyuJNbmdgxn76vt
+2LLzT+OQwMaq1owbyQHrY3jsKWNgGpB0toRApAyC6y0AJUgNjpNS7xvZcMaZXqam
+YQAyib+tGthCtIGOAQxYQae/lhuykip87Xi31jGwZzRnCSwUOHoPJ3iWk8XbM34c
+lKzAvsOimnpU8MxAyFPTO792A4INffiuH0UtnmBjSPACguO3/Nx+EJFxgtq7nx+e
+NXMKENI0UYxTuwL8MfMnweB69gTQyJOuYUznRfm+CeX3BdhslLzDvWlaVSngaXbP
+YTFxLaH/QuXHri1anKWMP8++rWhsNn1n0DvOmiu8DpOslZ4+UmHXyTpGXB3JwYw=
+=eKF8
+-----END PGP SIGNATURE-----
--- a/bind.changes
+++ b/bind.changes
@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Mon Jun 24 13:17:11 UTC 2013 - meissner@suse.com
+
+- Updated to 9.9.3-P1
+  Various bugfixes and some feature fixes. (see CHANGES files)
+  Security and maintenance issues:
+
+  -	[security]	Caching data from an incompletely signed zone could
+			trigger an assertion failure in resolver.c [RT #33690]
+  -	[security]	Support NAPTR regular expression validation on
+			all platforms without using libregex, which
+			can be vulnerable to memory exhaustion attack
+			(CVE-2013-2266). [RT #32688]
+  -	[security]	RPZ rules to generate A records (but not AAAA records)
+			could trigger an assertion failure when used in
+			conjunction with DNS64 (CVE-2012-5689). [RT #32141]
+  -	[bug]		Fixed several Coverity warnings.
+			Note: This change includes a fix for a bug that
+			was subsequently determined to be an exploitable
+			security vulnerability, CVE-2012-5688: named could
+			die on specific queries with dns64 enabled.
+			[RT #30996]
+
+  -	[maint]		Added AAAA for D.ROOT-SERVERS.NET.
+  -	[maint]		D.ROOT-SERVERS.NET is now 199.7.91.13.
+- Updated to current rate limiting + rpz patch from 
+  http://ss.vix.su/~vjs/rrlrpz.html
+- moved dnssec-* helpers to bind-utils package. bnc#813911
+
 -------------------------------------------------------------------
 Wed May  8 08:21:52 UTC 2013 - schwab@suse.de

--- a/bind.spec
+++ b/bind.spec
@ -18,7 +18,7 @@

 Name:           bind
 %define pkg_name bind
-%define pkg_vers 9.9.2-P2
+%define pkg_vers 9.9.3-P1
 BuildRequires:  krb5-devel
 BuildRequires:  libcap
 BuildRequires:  libcap-devel
@ -32,7 +32,7 @@ BuildRequires:  update-desktop-files
 Summary:        Domain Name System (DNS) Server (named)
 License:        ISC
 Group:          Productivity/Networking/DNS/Servers
-Version:        9.9.2P1
+Version:        9.9.3P1
 Release:        0
 Provides:       bind8
 Provides:       bind9
@ -65,8 +65,8 @@ BuildRequires:  gpg-offline

 # Rate limiting patch by Paul Vixie et.al. for reflection DoS protection
 # see http://www.redbarn.org/dns/ratelimits
-#Patch200:       http://ss.vix.com/~vixie/rl-9.9.2.patch
-Patch200:       rl-9.9.2p1.patch
+#Patch200:       http://ss.vix.su/~vjs/rpz2+rl-9.9.3-P1.patch
+Patch200:       rpz2+rl-9.9.3-P1.patch

 Source60:       dlz-schema.txt
 %if %ul_version >= 1
@ -576,18 +576,12 @@ fi
 %{_sbindir}/named
 %{_sbindir}/named-checkconf
 %{_sbindir}/named-checkzone
-%{_sbindir}/dnssec-keygen
-%{_sbindir}/dnssec-signzone
 %{_sbindir}/named-compilezone
 %doc %{_mandir}/man5/named.conf.5.gz
-%doc %{_mandir}/man8/dnssec-keygen.8.gz
-%doc %{_mandir}/man8/dnssec-signzone.8.gz
 %doc %{_mandir}/man8/named-checkconf.8.gz
 %doc %{_mandir}/man8/named-checkzone.8.gz
 %doc %{_mandir}/man8/named.8.gz
 %doc %{_mandir}/man8/named-compilezone.8.gz
-%doc %{_mandir}/man8/dnssec-dsfromkey.8.gz
-%doc %{_mandir}/man8/dnssec-keyfromlabel.8.gz
 %dir %{_datadir}/bind
 %{_datadir}/bind/createNamedConfInclude
 %{_datadir}/bind/ldapdump
@ -675,40 +669,46 @@ fi
 %{_bindir}/nsupdate
 %{_bindir}/genDDNSkey
 %{_bindir}/runidn
-%{_sbindir}/dnssec-dsfromkey
-%{_sbindir}/dnssec-keyfromlabel
-%{_sbindir}/rndc
-%{_sbindir}/rndc-confgen
 %{_sbindir}/arpaname
 %{_sbindir}/ddns-confgen
+%{_sbindir}/dnssec-dsfromkey
+%{_sbindir}/dnssec-keyfromlabel
+%{_sbindir}/dnssec-keygen
 %{_sbindir}/dnssec-revoke
-%{_sbindir}/dnssec-verify
 %{_sbindir}/dnssec-settime
+%{_sbindir}/dnssec-signzone
+%{_sbindir}/dnssec-verify
 %{_sbindir}/genrandom
 %{_sbindir}/isc-hmac-fixup
 %{_sbindir}/named-journalprint
 %{_sbindir}/nsec3hash
+%{_sbindir}/rndc
+%{_sbindir}/rndc-confgen
 %dir %{_datadir}/idnkit
 %{_datadir}/idnkit/jp.map
 %dir %doc %{_defaultdocdir}/bind
 %dir %{_defaultdocdir}/bind/README.%{VENDOR}
+%doc %{_mandir}/man1/arpaname.1.gz
 %doc %{_mandir}/man1/dig.1.gz
 %doc %{_mandir}/man1/host.1.gz
-%doc %{_mandir}/man1/nslookup.1.gz
 %doc %{_mandir}/man1/isc-config.sh.1.gz
-%doc %{_mandir}/man5/rndc.conf.5.gz
+%doc %{_mandir}/man1/nslookup.1.gz
 %doc %{_mandir}/man1/nsupdate.1.gz
-%doc %{_mandir}/man8/rndc-confgen.8.gz
-%doc %{_mandir}/man8/rndc.8.gz
-%doc %{_mandir}/man1/arpaname.1.gz
+%doc %{_mandir}/man5/rndc.conf.5.gz
 %doc %{_mandir}/man8/ddns-confgen.8.gz
+%doc %{_mandir}/man8/dnssec-dsfromkey.8.gz
+%doc %{_mandir}/man8/dnssec-keyfromlabel.8.gz
+%doc %{_mandir}/man8/dnssec-keygen.8.gz
 %doc %{_mandir}/man8/dnssec-revoke.8.gz
-%doc %{_mandir}/man8/dnssec-verify.8.gz
 %doc %{_mandir}/man8/dnssec-settime.8.gz
+%doc %{_mandir}/man8/dnssec-signzone.8.gz
+%doc %{_mandir}/man8/dnssec-verify.8.gz
 %doc %{_mandir}/man8/genrandom.8.gz
 %doc %{_mandir}/man8/isc-hmac-fixup.8.gz
 %doc %{_mandir}/man8/named-journalprint.8.gz
 %doc %{_mandir}/man8/nsec3hash.8.gz
+%doc %{_mandir}/man8/rndc.8.gz
+%doc %{_mandir}/man8/rndc-confgen.8.gz
 # idn kit
 %doc %{_mandir}/man1/idnconv.1.gz
 %doc %{_mandir}/man1/runidn.1.gz
--- a/configure.in.diff
+++ b/configure.in.diff
@ -1,10 +1,8 @@
-Index: bind-9.8.1-P1/configure.in
-===================================================================
--- bind-9.8.1-P1.orig/configure.in
-+++ bind-9.8.1-P1/configure.in
-@@ -2907,7 +2907,7 @@ AC_SUBST(DOXYGEN)
+--- bind-9.9.3-P1/configure.in.xx	2013-06-26 14:23:25.536177163 +0200
+++ bind-9.9.3-P1/configure.in	2013-06-26 14:23:26.401175186 +0200
+@@ -3099,7 +3099,7 @@
 # empty).  The variable VARIABLE will be substituted into output files.
- # 
+ #
 
 -AC_DEFUN(NOM_PATH_FILE, [
 +AC_DEFUN([NOM_PATH_FILE], [
--- a/rl-9.9.2p1.patch
+++ b/rl-9.9.2p1.patch
--- a/rpz2+rl-9.9.3-P1.patch
+++ b/rpz2+rl-9.9.3-P1.patch