From 69299c3f09d3a9d8082c7662b7233e6878b42d65f75e501c4e3b6943a77da57f Mon Sep 17 00:00:00 2001
From: Navin Kukreja <navin.kukreja@suse.com>
Date: Wed, 16 May 2018 10:46:10 +0000
Subject: [PATCH 1/3] Accepting request 609105 from
 home:nkukreja:branches:network

- Remove rndc.key generation from bind.spec file because bind
  should create it on first boot (bsc#1092283)
- Add misisng rndc.key check and generation code is lwresd.init
  script

OBS-URL: https://build.opensuse.org/request/show/609105
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=238
---
 bind.changes         |  8 ++++++++
 bind.spec            | 20 +-------------------
 vendor-files.tar.bz2 |  4 ++--
 3 files changed, 11 insertions(+), 21 deletions(-)

diff --git a/bind.changes b/bind.changes
index 1dfcd7f..3390d94 100644
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed May 16 10:22:25 UTC 2018 - navin.kukreja@suse.com
+
+- Remove rndc.key generation from bind.spec file because bind
+  should create it on first boot (bsc#1092283)
+- Add misisng rndc.key check and generation code is lwresd.init
+  script
+
 -------------------------------------------------------------------
 Mon Feb 26 19:26:17 UTC 2018 - sweet_f_a@gmx.de
 
diff --git a/bind.spec b/bind.spec
index 40a3879..94aef4e 100644
--- a/bind.spec
+++ b/bind.spec
@@ -394,7 +394,7 @@ rm -f %{buildroot}/%{_libdir}/lib*.{la,a}
 mv vendor-files/config/named.conf %{buildroot}/%{_sysconfdir}
 mv vendor-files/config/bind.reg %{buildroot}/%{_sysconfdir}/slp.reg.d
 mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d
-for file in lwresd.conf named.conf.include rndc.key; do
+for file in lwresd.conf named.conf.include; do
 	touch %{buildroot}/%{_sysconfdir}/${file}
 done
 
@@ -486,11 +486,6 @@ echo "NAMED_RUN_CHROOTED=\"${NAMED_RUN_CHROOTED}\"" >${TEMP_SYSCONFIG_FILE}
 %{fillup_and_insserv -nf named}
 %endif
 %{fillup_only -nsa named named}
-if [ ! -f etc/rndc.key ]; then
-	usr/sbin/rndc-confgen -a -b 512 -r dev/urandom
-	chmod 0640 etc/rndc.key
-	chown root:named etc/rndc.key
-fi
 TEMP_SYSCONFIG_FILE="var/adm/named-chroot"
 # Are we in update mode?
 if [ ${FIRST_ARG:-0} -gt 1 ]; then
@@ -645,12 +640,6 @@ fi
 %endif
 
 %post lwresd
-# Create a key if usr/sbin/rndc-confgen is installed.
-if [ -x usr/sbin/rndc-confgen -a ! -f etc/rndc.key ]; then
-	usr/sbin/rndc-confgen -a -b 512 -r dev/urandom
-	chmod 0640 etc/rndc.key
-	chown root:named etc/rndc.key
-fi
 # delete an emtpy lwresd.conf file
 if [ ! -s etc/lwresd.conf ]; then
     rm -f etc/lwresd.conf
@@ -680,19 +669,12 @@ fi
 %endif
 
 %post utils
-# Create a key if lwresd is installed.
-if [ -x %{_sbindir}/lwresd -a ! -f %{_sysconfdir}/rndc.key ]; then
-	%{_sbindir}/rndc-confgen -a -b 512 -r dev/urandom
-	chmod 0640 %{_sysconfdir}/rndc.key
-	chown root:named %{_sysconfdir}/rndc.key
-fi
 
 %files
 %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/named.conf
 %dir %{_sysconfdir}/slp.reg.d
 %attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/bind.reg
 %attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include
-%attr(0640,root,named) %ghost %config(noreplace) /%{_sysconfdir}/rndc.key
 %if %{with_systemd}
 %config %{_unitdir}/named.service
 %{_sbindir}/named.init
diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2
index 965a058..5c88dbf 100644
--- a/vendor-files.tar.bz2
+++ b/vendor-files.tar.bz2
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fe5609bed079427793fef2bdc22a16d397b2dd358fd986e7e5315f567de2dc1e
-size 23552
+oid sha256:c2fb9236d4a9a16da076a8843be35378e7749f210548ea4e5d33e7f872e01775
+size 23419

From ccaf6117d3f1ec8fb4fec1504fc7e809a7a351629e07564ad7a7475230f8da98 Mon Sep 17 00:00:00 2001
From: Navin Kukreja <navin.kukreja@suse.com>
Date: Thu, 17 May 2018 14:45:41 +0000
Subject: [PATCH 2/3] Accepting request 610097 from
 home:nkukreja:branches:network

- Move chroot related files from bind to bind-chrootenv
  (bsc#1093338)

OBS-URL: https://build.opensuse.org/request/show/610097
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=239
---
 bind.changes | 6 ++++++
 bind.spec    | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/bind.changes b/bind.changes
index 3390d94..c426dc2 100644
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu May 17 14:28:29 UTC 2018 - navin.kukreja@suse.com
+
+- Move chroot related files from bind to bind-chrootenv 
+  (bsc#1093338) 
+
 -------------------------------------------------------------------
 Wed May 16 10:22:25 UTC 2018 - navin.kukreja@suse.com
 
diff --git a/bind.spec b/bind.spec
index 94aef4e..710d074 100644
--- a/bind.spec
+++ b/bind.spec
@@ -708,9 +708,6 @@ fi
 %config %{_var}/lib/named/127.0.0.zone
 %config %{_var}/lib/named/localhost.zone
 %config %{_var}/lib/named/named.root.key
-%ghost %{_var}/lib/named%{_sysconfdir}/localtime
-%attr(0644,root,named) %ghost %{_var}/lib/named%{_sysconfdir}/named.conf.include
-%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/named
 %dir %{_libexecdir}/bind
 
 %files -n %{libbind9}
@@ -755,6 +752,9 @@ fi
 %{_var}/lib/named%{_localstatedir}/log
 %{_fillupdir}/sysconfig.named-common
 %{_fillupdir}/sysconfig.syslog-named
+%ghost %{_var}/lib/named%{_sysconfdir}/localtime
+%attr(0644,root,named) %ghost %{_var}/lib/named%{_sysconfdir}/named.conf.include
+%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/named
 
 %files devel
 %dir %{_includedir}/isc

From 34d201c2e7cbf8f86072b8bc47555f93eb02b0818338eece1d11232888f50cbc Mon Sep 17 00:00:00 2001
From: Navin Kukreja <navin.kukreja@suse.com>
Date: Wed, 23 May 2018 09:09:10 +0000
Subject: [PATCH 3/3] Accepting request 611353 from
 home:scabrero:branches:network

- Add bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
  Fixes dynamic DNS updates against samba and Microsoft DNS servers
  (bsc#1094236).

OBS-URL: https://build.opensuse.org/request/show/611353
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=240
---
 bind.changes                                  |  7 ++++
 bind.spec                                     |  2 +
 ...e-workaround-for-Microsoft-Windows-T.patch | 41 +++++++++++++++++++
 3 files changed, 50 insertions(+)
 create mode 100644 bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch

diff --git a/bind.changes b/bind.changes
index c426dc2..c39f247 100644
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon May 21 11:57:47 UTC 2018 - scabrero@suse.de
+
+- Add bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
+  Fixes dynamic DNS updates against samba and Microsoft DNS servers
+  (bsc#1094236).
+
 -------------------------------------------------------------------
 Thu May 17 14:28:29 UTC 2018 - navin.kukreja@suse.com
 
diff --git a/bind.spec b/bind.spec
index 710d074..e9fd7ea 100644
--- a/bind.spec
+++ b/bind.spec
@@ -78,6 +78,7 @@ Patch51:        pie_compile.diff
 Patch52:        named-bootconf.diff
 Patch53:        bind-sdb-ldap.patch
 Patch54:        bind-CVE-2017-3145.patch
+Patch55:        bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
 BuildRequires:  libcap-devel
 BuildRequires:  libmysqlclient-devel
 BuildRequires:  libopenssl-devel
@@ -308,6 +309,7 @@ This package provides a module which allows commands to be sent to rndc directly
 %patch52
 %patch53
 %patch54 -p1
+%patch55 -p1
 
 # use the year from source gzip header instead of current one to make reproducible rpms
 year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})
diff --git a/bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch b/bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
new file mode 100644
index 0000000..965263e
--- /dev/null
+++ b/bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
@@ -0,0 +1,41 @@
+From 4985b5001d4f2f64bbee7e9d6ee32058caf67252 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Fri, 1 Sep 2017 11:17:59 +1000
+Subject: [PATCH] 4697.   [bug]           Restore workaround for Microsoft
+ Windows TSIG hash                         computation bug. [RT #45854]
+
+(cherry picked from commit a8a20462b516b0cc39e9b1fb1a8dd514eb1aed29)
+(cherry picked from commit b301c4293c082fcce4ec26218e6fad346976eb9e)
+---
+ CHANGES            | 3 +++
+ lib/dns/rdataset.c | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/CHANGES b/CHANGES
+index 5aa505345c..13b60473b5 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -1,3 +1,6 @@
++4697.	[bug]		Restore workaround for Microsoft Windows TSIG hash
++			computation bug. [RT #45854]
++
+ 	--- 9.11.2-P1 released ---
+ 
+ 4858.	[security]	Addresses could be referenced after being freed
+diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c
+index a8e75d6caf..7eb394c8c4 100644
+--- a/lib/dns/rdataset.c
++++ b/lib/dns/rdataset.c
+@@ -467,6 +467,9 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
+ 	dns_name_copy(owner_name, name, NULL);
+ 	dns_rdataset_getownercase(rdataset, name);
+ 
++	if ((owner_name->attributes & DNS_NAMEATTR_NOCOMPRESS) != 0)
++		name->attributes |= DNS_NAMEATTR_NOCOMPRESS;
++
+ 	do {
+ 		/*
+ 		 * Copy out the name, type, class, ttl.
+-- 
+2.16.3
+