diff --git a/bind-9.9.1-P4.tar.gz b/bind-9.9.1-P4.tar.gz deleted file mode 100644 index b826cb6..0000000 --- a/bind-9.9.1-P4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:18f90727fd9566da037e71569d9b3a4834c96b04d9e75f9899eba0bc88c0868a -size 7227655 diff --git a/bind-9.9.2.tar.gz b/bind-9.9.2.tar.gz new file mode 100644 index 0000000..5ba33b8 --- /dev/null +++ b/bind-9.9.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7e6530b198d512e27a856bbd7426b1a3c47fd55d06d667adb66f760259009b48 +size 7285050 diff --git a/bind.changes b/bind.changes index ec23e42..acb1487 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,54 @@ +------------------------------------------------------------------- +Wed Nov 14 10:24:42 UTC 2012 - meissner@suse.com + +- updated to 9.9.2 + https://kb.isc.org/article/AA-00798 + + Security: + * A deliberately constructed combination of records could cause + named to hang while populating the additional section of a + response. [CVE-2012-5166] [RT #31090] + * Prevents a named assert (crash) when queried for a record whose + RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416] + * Prevents a named assert (crash) when validating caused by using "Bad + cache" data before it has been initialized. [CVE-2012-3817] [RT #30025] + * A condition has been corrected where improper handling of zero-length + RDATA could cause undesirable behavior, including termination of the + named process. [CVE-2012-1667] [RT #29644] + * ISC_QUEUE handling for recursive clients was updated to address a race + condition that could cause a memory leak. This rarely occurred with + UDP clients, but could be a significant problem for a server handling + a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233] + + New Features + + * Elliptic Curve Digital Signature Algorithm keys and signatures in + DNSSEC are now supported per RFC 6605. [RT #21918] + * Introduces a new tool "dnssec-checkds" command that checks a zone + to determine which DS records should be published in the parent zone, + or which DLV records should be published in a DLV zone, and queries + the DNS to ensure that it exists. (Note: This tool depends on python; + it will not be built or installed on systems that do not have a python + interpreter.) [RT #28099] + * Introduces a new tool "dnssec-verify" that validates a signed zone, + checking for the correctness of signatures and NSEC/NSEC3 chains. + [RT #23673] + * Adds configuration option "max-rsa-exponent-size ;" that can + be used to specify the maximum rsa exponent size that will be accepted + when validating [RT #29228] + + Feature Changes + + * Improves OpenSSL error logging [RT #29932] + * nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] + + Lots of bugfixes. +- unfuzzed patches: + perl-path.diff + pie_compile.diff + workaround-compile-problem.diff + + ------------------------------------------------------------------- Fri Oct 19 12:11:55 UTC 2012 - meissner@suse.com diff --git a/bind.spec b/bind.spec index 76773a7..aa8d1cb 100644 --- a/bind.spec +++ b/bind.spec @@ -18,7 +18,7 @@ Name: bind %define pkg_name bind -%define pkg_vers 9.9.1-P4 +%define pkg_vers 9.9.2 BuildRequires: krb5-devel BuildRequires: libcap BuildRequires: libcap-devel @@ -32,7 +32,7 @@ BuildRequires: update-desktop-files Summary: Domain Name System (DNS) Server (named) License: ISC Group: Productivity/Networking/DNS/Servers -Version: 9.9.1P3 +Version: 9.9.2 Release: 0 Provides: bind8 Provides: bind9 @@ -665,6 +665,7 @@ fi %{_sbindir}/arpaname %{_sbindir}/ddns-confgen %{_sbindir}/dnssec-revoke +%{_sbindir}/dnssec-verify %{_sbindir}/dnssec-settime %{_sbindir}/genrandom %{_sbindir}/isc-hmac-fixup @@ -685,6 +686,7 @@ fi %doc %{_mandir}/man1/arpaname.1.gz %doc %{_mandir}/man8/ddns-confgen.8.gz %doc %{_mandir}/man8/dnssec-revoke.8.gz +%doc %{_mandir}/man8/dnssec-verify.8.gz %doc %{_mandir}/man8/dnssec-settime.8.gz %doc %{_mandir}/man8/genrandom.8.gz %doc %{_mandir}/man8/isc-hmac-fixup.8.gz diff --git a/perl-path.diff b/perl-path.diff index dd5a939..d9fc1c4 100644 --- a/perl-path.diff +++ b/perl-path.diff @@ -1,21 +1,27 @@ ---- bin/tests/t_api.pl -+++ bin/tests/t_api.pl 2012/05/22 07:59:27 +Index: bin/tests/t_api.pl +=================================================================== +--- bin/tests/t_api.pl.orig ++++ bin/tests/t_api.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl # - # Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + # Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1999-2001 Internet Software Consortium. ---- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl -+++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl 2012/05/22 07:59:17 +Index: contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl +=================================================================== +--- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl.orig ++++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w # $Id: generate_nameprep_data.pl,v 1.1 2003/06/04 00:27:54 marka Exp $ # # Copyright (c) 2001 Japan Network Information Center. All rights reserved. ---- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl -+++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl 2012/05/22 07:58:58 +Index: contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl +=================================================================== +--- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl.orig ++++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w diff --git a/pie_compile.diff b/pie_compile.diff index a453968..0314da2 100644 --- a/pie_compile.diff +++ b/pie_compile.diff @@ -3,7 +3,7 @@ Index: bin/Makefile.in --- bin/Makefile.in.orig +++ bin/Makefile.in @@ -23,4 +23,8 @@ SUBDIRS = named rndc dig dnssec tests to - check confgen @PKCS11_TOOLS@ + check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ TARGETS = +EXT_CFLAGS = -fPIE @@ -32,7 +32,7 @@ Index: bin/dnssec/Makefile.in =================================================================== --- bin/dnssec/Makefile.in.orig +++ bin/dnssec/Makefile.in -@@ -60,8 +60,12 @@ HTMLPAGES = dnssec-dsfromkey.html dnssec +@@ -64,8 +64,12 @@ HTMLPAGES = dnssec-dsfromkey.html dnssec MANOBJS = ${MANPAGES} ${HTMLPAGES} diff --git a/workaround-compile-problem.diff b/workaround-compile-problem.diff index f3560cc..7b93547 100644 --- a/workaround-compile-problem.diff +++ b/workaround-compile-problem.diff @@ -1,11 +1,13 @@ ---- bin/tests/system/Makefile.in -+++ bin/tests/system/Makefile.in 2012/05/04 14:43:22 -@@ -21,7 +21,7 @@ +Index: bin/tests/system/Makefile.in +=================================================================== +--- bin/tests/system/Makefile.in.orig ++++ bin/tests/system/Makefile.in +@@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@ @BIND9_MAKE_INCLUDES@ --SUBDIRS = dlzexternal filter-aaaa lwresd rpz tkey tsiggss -+SUBDIRS = filter-aaaa lwresd rpz tkey tsiggss +-SUBDIRS = dlzexternal filter-aaaa lwresd rpz rsabigexponent tkey tsiggss ++SUBDIRS = filter-aaaa lwresd rpz rsabigexponent tkey tsiggss TARGETS = @BIND9_MAKE_RULES@