From 32d56c34f2d4c234a2871d263e0b0eb15091a03084714c32c62fac571257bd91 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Thu, 26 May 2011 08:22:01 +0000 Subject: [PATCH 1/4] Updating link to change in openSUSE:Factory/bind revision 65.0 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=01f79c1cc7a94bd86f871022b16673b2 --- bind.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bind.spec b/bind.spec index 950801a..db8e9d0 100644 --- a/bind.spec +++ b/bind.spec @@ -27,7 +27,7 @@ BuildRequires: update-desktop-files BuildRequires: krb5-devel Summary: Domain Name System (DNS) Server (named) Version: 9.8.0 -Release: 1 +Release: 2 License: BSD3c(or similar) ; MIT License (or similar) Group: Productivity/Networking/DNS/Servers Provides: dns_daemon bind8 bind9 From 8253ee26409e13285fc36351fe91d217189dfb10f3ea6d17ed9c51519ee0b960 Mon Sep 17 00:00:00 2001 From: Uwe Gansert Date: Tue, 7 Jun 2011 14:38:49 +0000 Subject: [PATCH 2/4] version to 9.8.0-P2 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=56 --- bind-9.8.0.tar.gz | 3 --- bind-9.8.0P2.tar.gz | 3 +++ bind.changes | 11 +++++++++++ bind.spec | 4 ++-- 4 files changed, 16 insertions(+), 5 deletions(-) delete mode 100644 bind-9.8.0.tar.gz create mode 100644 bind-9.8.0P2.tar.gz diff --git a/bind-9.8.0.tar.gz b/bind-9.8.0.tar.gz deleted file mode 100644 index 7dd58e5..0000000 --- a/bind-9.8.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e44183f5a4ab7d3deb3c08171c4821c391d6b10ed8d4bc6485a1fc3ba6490c06 -size 7760161 diff --git a/bind-9.8.0P2.tar.gz b/bind-9.8.0P2.tar.gz new file mode 100644 index 0000000..cd19d98 --- /dev/null +++ b/bind-9.8.0P2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8e022226513394fa8b2bb367dcfa4462164a83360a25fd5ba63cbc479e48a7e9 +size 7709840 diff --git a/bind.changes b/bind.changes index 0291222..5b71d06 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Jun 7 16:37:56 CEST 2011 - ug@suse.de + +- A large RRSET from a remote authoritative server that results in + the recursive resolver trying to negatively cache the response can + hit an off by one code error in named, resulting in named crashing. + [RT #24650] [CVE-2011-1910] +- Zones that have a DS record in the parent zone but are also listed + in a DLV and won't validate without DLV could fail to validate. [RT + #24631] + ------------------------------------------------------------------- Mon May 23 19:55:15 UTC 2011 - crrodriguez@opensuse.org diff --git a/bind.spec b/bind.spec index db8e9d0..4ac1dca 100644 --- a/bind.spec +++ b/bind.spec @@ -20,13 +20,13 @@ Name: bind %define pkg_name bind -%define pkg_vers 9.8.0 +%define pkg_vers 9.8.0P2 BuildRequires: openldap2-devel BuildRequires: libcap libcap-devel libmysqlclient-devel libxml2-devel openssl openssl-devel BuildRequires: update-desktop-files BuildRequires: krb5-devel Summary: Domain Name System (DNS) Server (named) -Version: 9.8.0 +Version: 9.8.0P2 Release: 2 License: BSD3c(or similar) ; MIT License (or similar) Group: Productivity/Networking/DNS/Servers From 8748c87af209a875e395b9be38bd270da8016bc80b55ca3fa63d5a6fa6ddfbbf Mon Sep 17 00:00:00 2001 From: Uwe Gansert Date: Fri, 10 Jun 2011 14:09:53 +0000 Subject: [PATCH 3/4] fixed SLE10 build OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=57 --- bind.spec | 4 ++++ configure.in.diff2 | 11 +++++++++++ 2 files changed, 15 insertions(+) create mode 100644 configure.in.diff2 diff --git a/bind.spec b/bind.spec index 4ac1dca..fab7ef0 100644 --- a/bind.spec +++ b/bind.spec @@ -49,6 +49,7 @@ Patch5: tmpfs.patch Patch51: pie_compile.diff Patch52: named-bootconf.diff Patch54: named-direct-proc-mount.diff +patch100: configure.in.diff2 Source60: dlz-schema.txt %if %ul_version >= 1 %define VENDOR UL @@ -231,6 +232,9 @@ Authors: %patch52 #%patch53 %patch54 -p1 +%if 0%{?suse_version} <= 1010 +%patch100 -p1 +%endif # modify settings of some files regarding to OS version and vendor function replaceStrings() { diff --git a/configure.in.diff2 b/configure.in.diff2 new file mode 100644 index 0000000..a05b830 --- /dev/null +++ b/configure.in.diff2 @@ -0,0 +1,11 @@ +--- a/configure.in ++++ a/configure.in 2011/04/21 13:34:11 +@@ -280,7 +280,7 @@ + AC_C_INLINE + AC_C_VOLATILE + AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME)) +-AC_C_FLEXIBLE_ARRAY_MEMBER ++#AC_C_FLEXIBLE_ARRAY_MEMBER + + # + # UnixWare 7.1.1 with the feature supplement to the UDK compiler From 2aaf0b182b8d03d4ee56e1f3165551e5865a1e429b53214706c0abdbacebd4d1 Mon Sep 17 00:00:00 2001 From: Uwe Gansert Date: Tue, 5 Jul 2011 14:12:05 +0000 Subject: [PATCH 4/4] version 9.8.0-P4 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=58 --- bind-9.8.0P2.tar.gz | 3 --- bind-9.8.0P4.tar.gz | 3 +++ bind.changes | 21 +++++++++++++++++++++ bind.spec | 4 ++-- 4 files changed, 26 insertions(+), 5 deletions(-) delete mode 100644 bind-9.8.0P2.tar.gz create mode 100644 bind-9.8.0P4.tar.gz diff --git a/bind-9.8.0P2.tar.gz b/bind-9.8.0P2.tar.gz deleted file mode 100644 index cd19d98..0000000 --- a/bind-9.8.0P2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8e022226513394fa8b2bb367dcfa4462164a83360a25fd5ba63cbc479e48a7e9 -size 7709840 diff --git a/bind-9.8.0P4.tar.gz b/bind-9.8.0P4.tar.gz new file mode 100644 index 0000000..40db63d --- /dev/null +++ b/bind-9.8.0P4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:abd5761319c54b6bada99830b733067b71ebef7a3203c1af17ab5d28121003ca +size 7710343 diff --git a/bind.changes b/bind.changes index 5b71d06..15fc182 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Tue Jul 5 15:24:10 CEST 2011 - ug@suse.de + +* Using Response Policy Zone (RPZ) with DNAME records and querying + the subdomain of that label can cause named to crash. Now logs that + DNAME is not supported. [RT #24766] +* If named is configured to be both authoritative and resursive and + receives a recursive query for a CNAME in a zone that it is + authoritative for, if that CNAME also points to a zone the server + is authoritative for, the recursive part of name will not follow + the CNAME change and the response will not be a complete CNAME + chain. [RT #24455] +* Using Response Policy Zone (RPZ) to query a wildcard CNAME label + with QUERY type SIG/RRSIG, it can cause named to crash. Fix is + query type independant. [RT #24715] [CVE-2011-1907] +* Change #2912 (see CHANGES) exposed a latent bug in the DNS message + processing code that could allow certain UPDATE requests to crash + named. This was fixed by disambiguating internal database + representation vs DNS wire format data. [RT #24777] [CVE-2011-2464] +* 9.8.0-P4 + ------------------------------------------------------------------- Tue Jun 7 16:37:56 CEST 2011 - ug@suse.de diff --git a/bind.spec b/bind.spec index fab7ef0..b443e6b 100644 --- a/bind.spec +++ b/bind.spec @@ -20,13 +20,13 @@ Name: bind %define pkg_name bind -%define pkg_vers 9.8.0P2 +%define pkg_vers 9.8.0P4 BuildRequires: openldap2-devel BuildRequires: libcap libcap-devel libmysqlclient-devel libxml2-devel openssl openssl-devel BuildRequires: update-desktop-files BuildRequires: krb5-devel Summary: Domain Name System (DNS) Server (named) -Version: 9.8.0P2 +Version: 9.8.0P4 Release: 2 License: BSD3c(or similar) ; MIT License (or similar) Group: Productivity/Networking/DNS/Servers