Accepting request 141386 from network
- updated to 9.9.2 https://kb.isc.org/article/AA-00798 Security: * A deliberately constructed combination of records could cause named to hang while populating the additional section of a response. [CVE-2012-5166] [RT #31090] * Prevents a named assert (crash) when queried for a record whose RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416] * Prevents a named assert (crash) when validating caused by using "Bad cache" data before it has been initialized. [CVE-2012-3817] [RT #30025] * A condition has been corrected where improper handling of zero-length RDATA could cause undesirable behavior, including termination of the named process. [CVE-2012-1667] [RT #29644] * ISC_QUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak. This rarely occurred with UDP clients, but could be a significant problem for a server handling a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233] New Features * Elliptic Curve Digital Signature Algorithm keys and signatures in DNSSEC are now supported per RFC 6605. [RT #21918] * Introduces a new tool "dnssec-checkds" command that checks a zone to determine which DS records should be published in the parent zone, or which DLV records should be published in a DLV zone, and queries the DNS to ensure that it exists. (Note: This tool depends on python; it will not be built or installed on systems that do not have a python interpreter.) [RT #28099] * Introduces a new tool "dnssec-verify" that validates a signed zone, checking for the correctness of signatures and NSEC/NSEC3 chains. [RT #23673] * Adds configuration option "max-rsa-exponent-size <value>;" that can OBS-URL: https://build.opensuse.org/request/show/141386 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=84
This commit is contained in:
Stephan Kulow
Git OBS Bridge
commit
13cb2fb5aa
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:18f90727fd9566da037e71569d9b3a4834c96b04d9e75f9899eba0bc88c0868a
|
||||
size 7227655
|
||||
3
bind-9.9.2.tar.gz
Normal file
3
bind-9.9.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:7e6530b198d512e27a856bbd7426b1a3c47fd55d06d667adb66f760259009b48
|
||||
size 7285050
|
||||
51
bind.changes
51
bind.changes
@ -1,3 +1,54 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 14 10:24:42 UTC 2012 - meissner@suse.com
|
||||
|
||||
- updated to 9.9.2
|
||||
https://kb.isc.org/article/AA-00798
|
||||
|
||||
Security:
|
||||
* A deliberately constructed combination of records could cause
|
||||
named to hang while populating the additional section of a
|
||||
response. [CVE-2012-5166] [RT #31090]
|
||||
* Prevents a named assert (crash) when queried for a record whose
|
||||
RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416]
|
||||
* Prevents a named assert (crash) when validating caused by using "Bad
|
||||
cache" data before it has been initialized. [CVE-2012-3817] [RT #30025]
|
||||
* A condition has been corrected where improper handling of zero-length
|
||||
RDATA could cause undesirable behavior, including termination of the
|
||||
named process. [CVE-2012-1667] [RT #29644]
|
||||
* ISC_QUEUE handling for recursive clients was updated to address a race
|
||||
condition that could cause a memory leak. This rarely occurred with
|
||||
UDP clients, but could be a significant problem for a server handling
|
||||
a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233]
|
||||
|
||||
New Features
|
||||
|
||||
* Elliptic Curve Digital Signature Algorithm keys and signatures in
|
||||
DNSSEC are now supported per RFC 6605. [RT #21918]
|
||||
* Introduces a new tool "dnssec-checkds" command that checks a zone
|
||||
to determine which DS records should be published in the parent zone,
|
||||
or which DLV records should be published in a DLV zone, and queries
|
||||
the DNS to ensure that it exists. (Note: This tool depends on python;
|
||||
it will not be built or installed on systems that do not have a python
|
||||
interpreter.) [RT #28099]
|
||||
* Introduces a new tool "dnssec-verify" that validates a signed zone,
|
||||
checking for the correctness of signatures and NSEC/NSEC3 chains.
|
||||
[RT #23673]
|
||||
* Adds configuration option "max-rsa-exponent-size <value>;" that can
|
||||
be used to specify the maximum rsa exponent size that will be accepted
|
||||
when validating [RT #29228]
|
||||
|
||||
Feature Changes
|
||||
|
||||
* Improves OpenSSL error logging [RT #29932]
|
||||
* nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492]
|
||||
|
||||
Lots of bugfixes.
|
||||
- unfuzzed patches:
|
||||
perl-path.diff
|
||||
pie_compile.diff
|
||||
workaround-compile-problem.diff
|
||||
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 19 12:11:55 UTC 2012 - meissner@suse.com
|
||||
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
|
||||
Name: bind
|
||||
%define pkg_name bind
|
||||
%define pkg_vers 9.9.1-P4
|
||||
%define pkg_vers 9.9.2
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: libcap
|
||||
BuildRequires: libcap-devel
|
||||
@ -32,7 +32,7 @@ BuildRequires: update-desktop-files
|
||||
Summary: Domain Name System (DNS) Server (named)
|
||||
License: ISC
|
||||
Group: Productivity/Networking/DNS/Servers
|
||||
Version: 9.9.1P3
|
||||
Version: 9.9.2
|
||||
Release: 0
|
||||
Provides: bind8
|
||||
Provides: bind9
|
||||
@ -665,6 +665,7 @@ fi
|
||||
%{_sbindir}/arpaname
|
||||
%{_sbindir}/ddns-confgen
|
||||
%{_sbindir}/dnssec-revoke
|
||||
%{_sbindir}/dnssec-verify
|
||||
%{_sbindir}/dnssec-settime
|
||||
%{_sbindir}/genrandom
|
||||
%{_sbindir}/isc-hmac-fixup
|
||||
@ -685,6 +686,7 @@ fi
|
||||
%doc %{_mandir}/man1/arpaname.1.gz
|
||||
%doc %{_mandir}/man8/ddns-confgen.8.gz
|
||||
%doc %{_mandir}/man8/dnssec-revoke.8.gz
|
||||
%doc %{_mandir}/man8/dnssec-verify.8.gz
|
||||
%doc %{_mandir}/man8/dnssec-settime.8.gz
|
||||
%doc %{_mandir}/man8/genrandom.8.gz
|
||||
%doc %{_mandir}/man8/isc-hmac-fixup.8.gz
|
||||
|
||||
@ -1,21 +1,27 @@
|
||||
--- bin/tests/t_api.pl
|
||||
+++ bin/tests/t_api.pl 2012/05/22 07:59:27
|
||||
Index: bin/tests/t_api.pl
|
||||
===================================================================
|
||||
--- bin/tests/t_api.pl.orig
|
||||
+++ bin/tests/t_api.pl
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/local/bin/perl
|
||||
+#!/usr/bin/perl
|
||||
#
|
||||
# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 1999-2001 Internet Software Consortium.
|
||||
--- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl
|
||||
+++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl 2012/05/22 07:59:17
|
||||
Index: contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl
|
||||
===================================================================
|
||||
--- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl.orig
|
||||
+++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl
|
||||
@@ -1,4 +1,4 @@
|
||||
-#! /usr/local/bin/perl -w
|
||||
+#! /usr/bin/perl -w
|
||||
# $Id: generate_nameprep_data.pl,v 1.1 2003/06/04 00:27:54 marka Exp $
|
||||
#
|
||||
# Copyright (c) 2001 Japan Network Information Center. All rights reserved.
|
||||
--- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl
|
||||
+++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl 2012/05/22 07:58:58
|
||||
Index: contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl
|
||||
===================================================================
|
||||
--- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl.orig
|
||||
+++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl
|
||||
@@ -1,4 +1,4 @@
|
||||
-#! /usr/local/bin/perl -w
|
||||
+#! /usr/bin/perl -w
|
||||
|
||||
@ -3,7 +3,7 @@ Index: bin/Makefile.in
|
||||
--- bin/Makefile.in.orig
|
||||
+++ bin/Makefile.in
|
||||
@@ -23,4 +23,8 @@ SUBDIRS = named rndc dig dnssec tests to
|
||||
check confgen @PKCS11_TOOLS@
|
||||
check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
|
||||
TARGETS =
|
||||
|
||||
+EXT_CFLAGS = -fPIE
|
||||
@ -32,7 +32,7 @@ Index: bin/dnssec/Makefile.in
|
||||
===================================================================
|
||||
--- bin/dnssec/Makefile.in.orig
|
||||
+++ bin/dnssec/Makefile.in
|
||||
@@ -60,8 +60,12 @@ HTMLPAGES = dnssec-dsfromkey.html dnssec
|
||||
@@ -64,8 +64,12 @@ HTMLPAGES = dnssec-dsfromkey.html dnssec
|
||||
|
||||
MANOBJS = ${MANPAGES} ${HTMLPAGES}
|
||||
|
||||
|
||||
@ -1,11 +1,13 @@
|
||||
--- bin/tests/system/Makefile.in
|
||||
+++ bin/tests/system/Makefile.in 2012/05/04 14:43:22
|
||||
@@ -21,7 +21,7 @@
|
||||
Index: bin/tests/system/Makefile.in
|
||||
===================================================================
|
||||
--- bin/tests/system/Makefile.in.orig
|
||||
+++ bin/tests/system/Makefile.in
|
||||
@@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
|
||||
-SUBDIRS = dlzexternal filter-aaaa lwresd rpz tkey tsiggss
|
||||
+SUBDIRS = filter-aaaa lwresd rpz tkey tsiggss
|
||||
-SUBDIRS = dlzexternal filter-aaaa lwresd rpz rsabigexponent tkey tsiggss
|
||||
+SUBDIRS = filter-aaaa lwresd rpz rsabigexponent tkey tsiggss
|
||||
TARGETS =
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
|
||||
Loading…
Reference in New Issue
Block a user