From 312459de0c5857da1abf13c33bb446620871fb0112100d77a98c7bb7d95ee1e0 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 18 Dec 2006 23:15:14 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=1 --- .gitattributes | 23 + .gitignore | 1 + Makefile.in.diff | 49 ++ VU697164_VU915404.diff | 154 +++++ bind-9.3.2.tar.gz | 3 + bind-rsa.patch | 78 +++ bind-sdb-ldap-1.0-beta.tar.gz | 3 + bind.changes | 763 ++++++++++++++++++++++++ bind.spec | 1054 +++++++++++++++++++++++++++++++++ configure.in.diff | 31 + dnszone-schema.txt | 124 ++++ idnkit-1.0.diff | 622 +++++++++++++++++++ named-bootconf.diff | 25 + named.root | 80 +++ nsupdate.8.diff | 125 ++++ perl-path.diff | 24 + pid-path.diff | 25 + pie_compile.diff | 119 ++++ ready | 0 sdb_ldap.diff | 42 ++ vendor-files.tar.bz2 | 3 + 21 files changed, 3348 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Makefile.in.diff create mode 100644 VU697164_VU915404.diff create mode 100644 bind-9.3.2.tar.gz create mode 100644 bind-rsa.patch create mode 100644 bind-sdb-ldap-1.0-beta.tar.gz create mode 100644 bind.changes create mode 100644 bind.spec create mode 100644 configure.in.diff create mode 100644 dnszone-schema.txt create mode 100644 idnkit-1.0.diff create mode 100644 named-bootconf.diff create mode 100644 named.root create mode 100644 nsupdate.8.diff create mode 100644 perl-path.diff create mode 100644 pid-path.diff create mode 100644 pie_compile.diff create mode 100644 ready create mode 100644 sdb_ldap.diff create mode 100644 vendor-files.tar.bz2 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Makefile.in.diff b/Makefile.in.diff new file mode 100644 index 0000000..6c38a70 --- /dev/null +++ b/Makefile.in.diff @@ -0,0 +1,49 @@ +--- bind-9.2.3/lib/bind/port/linux/include/Makefile.in ++++ bind-9.2.3/lib/bind/port/linux/include/Makefile.in 2003-03-03 16:35:43 +@@ -17,7 +17,6 @@ + + srcdir = @srcdir@ + VPATH = @srcdir@ +-top_srcdir = @top_srcdir@ + + NHEADERS= net/route.h + SHEADERS= sys/mbuf.h +@@ -26,6 +25,8 @@ + + @BIND9_MAKE_RULES@ + ++top_srcdir = @top_srcdir@ ++ + installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${includedir}/net \ + ${DESTDIR}${includedir}/sys +--- bind-9.2.3/lib/bind/Makefile.in ++++ bind-9.2.3/lib/bind/Makefile.in 2003-03-03 17:04:15 +@@ -17,7 +17,6 @@ + + srcdir = @srcdir@ + VPATH = @srcdir@ +-top_srcdir = @top_srcdir@ + + @LIBBIND_API@ + +@@ -94,6 +94,8 @@ + + @BIND9_MAKE_RULES@ + ++top_srcdir = @top_srcdir@ ++ + libbind.@SA@: ${OBJS} + ${AR} ${ARFLAGS} $@ ${OBJS} + ${RANLIB} $@ +--- bind-9.3.1/bin/named/Makefile.in ++++ bind-9.3.1/bin/named/Makefile.in 2004-09-25 13:06:00 +@@ -129,7 +129,4 @@ + install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir} + (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@) +- ${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8 +- ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8 +- ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5 +- ++ for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man$${m##*.}; done diff --git a/VU697164_VU915404.diff b/VU697164_VU915404.diff new file mode 100644 index 0000000..d727f42 --- /dev/null +++ b/VU697164_VU915404.diff @@ -0,0 +1,154 @@ +Index: bin/named/query.c +=================================================================== +RCS file: /proj/cvs/prod/bind9/bin/named/query.c,v +retrieving revision 1.198.2.13.4.36 +diff -u -r1.198.2.13.4.36 query.c +--- bin/named/query.c 11 Aug 2005 05:25:20 -0000 1.198.2.13.4.36 ++++ bin/named/query.c 28 Jul 2006 03:41:15 -0000 +@@ -2393,7 +2393,7 @@ + is_zone = ISC_FALSE; + + qtype = event->qtype; +- if (qtype == dns_rdatatype_rrsig) ++ if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig) + type = dns_rdatatype_any; + else + type = qtype; +@@ -2434,7 +2434,7 @@ + /* + * If it's a SIG query, we'll iterate the node. + */ +- if (qtype == dns_rdatatype_rrsig) ++ if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig) + type = dns_rdatatype_any; + else + type = qtype; +Index: lib/dns/resolver.c +=================================================================== +RCS file: /proj/cvs/prod/bind9/lib/dns/resolver.c,v +retrieving revision 1.218.2.18.4.56 +diff -u -r1.218.2.18.4.56 resolver.c +--- lib/dns/resolver.c 14 Oct 2005 01:38:48 -0000 1.218.2.18.4.56 ++++ lib/dns/resolver.c 28 Jul 2006 03:41:25 -0000 +@@ -762,7 +762,8 @@ + INSIST(result != ISC_R_SUCCESS || + dns_rdataset_isassociated(event->rdataset) || + fctx->type == dns_rdatatype_any || +- fctx->type == dns_rdatatype_rrsig); ++ fctx->type == dns_rdatatype_rrsig || ++ fctx->type == dns_rdatatype_sig); + + isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event)); + } +@@ -3188,7 +3189,8 @@ + if (hevent != NULL) { + if (!negative && !chaining && + (fctx->type == dns_rdatatype_any || +- fctx->type == dns_rdatatype_rrsig)) { ++ fctx->type == dns_rdatatype_rrsig || ++ fctx->type == dns_rdatatype_sig)) { + /* + * Don't bind rdatasets; the caller + * will iterate the node. +@@ -3306,7 +3308,8 @@ + if (!ISC_LIST_EMPTY(fctx->validators)) { + INSIST(!negative); + INSIST(fctx->type == dns_rdatatype_any || +- fctx->type == dns_rdatatype_rrsig); ++ fctx->type == dns_rdatatype_rrsig || ++ fctx->type == dns_rdatatype_sig); + /* + * Don't send a response yet - we have + * more rdatasets that still need to +@@ -3455,14 +3458,15 @@ + return (result); + anodep = &event->node; + /* +- * If this is an ANY or SIG query, we're not going +- * to return any rdatasets, unless we encountered ++ * If this is an ANY, SIG or RRSIG query, we're not ++ * going to return any rdatasets, unless we encountered + * a CNAME or DNAME as "the answer". In this case, + * we're going to return DNS_R_CNAME or DNS_R_DNAME + * and we must set up the rdatasets. + */ + if ((fctx->type != dns_rdatatype_any && +- fctx->type != dns_rdatatype_rrsig) || ++ fctx->type != dns_rdatatype_rrsig && ++ fctx->type != dns_rdatatype_sig) || + (name->attributes & DNS_NAMEATTR_CHAINING) != 0) { + ardataset = event->rdataset; + asigrdataset = event->sigrdataset; +@@ -3521,7 +3525,7 @@ + */ + if (secure_domain && rdataset->trust != dns_trust_glue) { + /* +- * SIGs are validated as part of validating the ++ * RRSIGs are validated as part of validating the + * type they cover. + */ + if (rdataset->type == dns_rdatatype_rrsig) +@@ -3591,7 +3595,8 @@ + + if (ANSWER(rdataset) && need_validation) { + if (fctx->type != dns_rdatatype_any && +- fctx->type != dns_rdatatype_rrsig) { ++ fctx->type != dns_rdatatype_rrsig && ++ fctx->type != dns_rdatatype_sig) { + /* + * This is The Answer. We will + * validate it, but first we cache +@@ -3763,23 +3768,28 @@ + isc_result_t *eresultp) + { + isc_result_t result; ++ dns_rdataset_t rdataset; ++ ++ if (ardataset == NULL) { ++ dns_rdataset_init(&rdataset); ++ ardataset = &rdataset; ++ } + result = dns_ncache_add(message, cache, node, covers, now, + maxttl, ardataset); +- if (result == DNS_R_UNCHANGED) { ++ if (result == DNS_R_UNCHANGED || result == ISC_R_SUCCESS) { + /* +- * The data in the cache are better than the negative cache +- * entry we're trying to add. ++ * If the cache now contains a negative entry and we ++ * care about whether it is DNS_R_NCACHENXDOMAIN or ++ * DNS_R_NCACHENXRRSET then extract it. + */ +- if (ardataset != NULL && ardataset->type == 0) { ++ if (ardataset->type == 0) { + /* +- * The cache data is also a negative cache +- * entry. ++ * The cache data is a negative cache entry. + */ + if (NXDOMAIN(ardataset)) + *eresultp = DNS_R_NCACHENXDOMAIN; + else + *eresultp = DNS_R_NCACHENXRRSET; +- result = ISC_R_SUCCESS; + } else { + /* + * Either we don't care about the nature of the +@@ -3791,14 +3801,11 @@ + * XXXRTH There's a CNAME/DNAME problem here. + */ + *eresultp = ISC_R_SUCCESS; +- result = ISC_R_SUCCESS; + } +- } else if (result == ISC_R_SUCCESS) { +- if (NXDOMAIN(ardataset)) +- *eresultp = DNS_R_NCACHENXDOMAIN; +- else +- *eresultp = DNS_R_NCACHENXRRSET; ++ result = ISC_R_SUCCESS; + } ++ if (ardataset == &rdataset && dns_rdataset_isassociated(ardataset)) ++ dns_rdataset_disassociate(ardataset); + + return (result); + } diff --git a/bind-9.3.2.tar.gz b/bind-9.3.2.tar.gz new file mode 100644 index 0000000..69e5343 --- /dev/null +++ b/bind-9.3.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4d4298abd85d06083a0643091dde05ffbe3db051439524dbe4a81c689735c694 +size 5302112 diff --git a/bind-rsa.patch b/bind-rsa.patch new file mode 100644 index 0000000..3eaa6fd --- /dev/null +++ b/bind-rsa.patch @@ -0,0 +1,78 @@ + +Security Fixes (BIND 9.3.2-P2): + +Change the default RSA exponent from 3 to 65537 which is +not vulnerable to the attacks described in CVE-2006-4339. + +Index: lib/dns/opensslrsa_link.c +--- lib/dns/opensslrsa_link.c.orig 2004-12-09 05:07:18 +0100 ++++ lib/dns/opensslrsa_link.c 2006-11-04 09:58:32 +0100 +@@ -39,6 +39,9 @@ + #include + #include + #include ++#if OPENSSL_VERSION_NUMBER > 0x00908000L ++#include ++#endif + + /* + * XXXMPA Temporarially disable RSA_BLINDING as it requires +@@ -260,13 +263,47 @@ + + static isc_result_t + opensslrsa_generate(dst_key_t *key, int exp) { ++#if OPENSSL_VERSION_NUMBER > 0x00908000L ++ BN_GENCB cb; ++ RSA *rsa = RSA_new(); ++ BIGNUM *e = BN_new(); ++ ++ if (rsa == NULL || e == NULL) ++ goto err; ++ ++ if (exp == 0) { ++ /* RSA_F4 0x10001 */ ++ BN_set_bit(e, 0); ++ BN_set_bit(e, 16); ++ } else { ++ /* F5 0x100000001 */ ++ BN_set_bit(e, 0); ++ BN_set_bit(e, 32); ++ } ++ ++ BN_GENCB_set_old(&cb, NULL, NULL); ++ ++ if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) { ++ BN_free(e); ++ SET_FLAGS(rsa); ++ key->opaque = rsa; ++ return (ISC_R_SUCCESS); ++ } ++ ++ err: ++ if (e != NULL) ++ BN_free(e); ++ if (rsa != NULL) ++ RSA_free(rsa); ++ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); ++#else + RSA *rsa; + unsigned long e; + + if (exp == 0) +- e = RSA_3; +- else + e = RSA_F4; ++ else ++ e = 0x40000003; + rsa = RSA_generate_key(key->key_size, e, NULL, NULL); + if (rsa == NULL) + return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); +@@ -274,6 +311,7 @@ + key->opaque = rsa; + + return (ISC_R_SUCCESS); ++#endif + } + + static isc_boolean_t + diff --git a/bind-sdb-ldap-1.0-beta.tar.gz b/bind-sdb-ldap-1.0-beta.tar.gz new file mode 100644 index 0000000..7889b40 --- /dev/null +++ b/bind-sdb-ldap-1.0-beta.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:40b014bb2109565caaad8cec4c91995c57a53d9a8ad17a7387425bd1f8e817b9 +size 8262 diff --git a/bind.changes b/bind.changes new file mode 100644 index 0000000..b75805a --- /dev/null +++ b/bind.changes @@ -0,0 +1,763 @@ +------------------------------------------------------------------- +Fri Nov 10 12:07:56 CET 2006 - ug@suse.de + +- security fix (#218303) + workarounds OpenSSL's recently + discovered RSA signature verification issue (CVE-2006-4339) by using + the exponent 65537 (0x10001) instead of the widely used 3. + +------------------------------------------------------------------- +Tue Oct 17 20:39:31 CEST 2006 - poeml@suse.de + +- there is no SuSEconfig.syslog script anymore, thus remove the + YaST hint from the sysconfig template + +------------------------------------------------------------------- +Mon Oct 16 09:50:14 CEST 2006 - ug@suse.de + +- typo in sysconfig file fixed (#212337) + +------------------------------------------------------------------- +Fri Sep 1 14:58:28 CEST 2006 - ug@suse.de + +- security fix + Bug #201424 VUL-0: bind: two denial-of-service attacks + VU#697164 + BIND INSIST failure due to excessive recursive queries + VU#915404 + BIND assertion failure during SIG query processing + +------------------------------------------------------------------- +Tue Aug 15 14:28:09 CEST 2006 - ug@suse.de + +- update messages removed + +------------------------------------------------------------------- +Fri Aug 4 13:48:56 CEST 2006 - ug@suse.de + +- moved the la files to bind-utils + (#182448) + +------------------------------------------------------------------- +Thu Jul 6 12:11:11 CEST 2006 - ug@suse.de + +- fix for the nsupdate man page (#92730) + thanx to Werner + +------------------------------------------------------------------- +Wed May 17 13:00:02 CEST 2006 - ug@suse.de + +- fix for ldapdump script (#175587) + +------------------------------------------------------------------- +Mon Mar 13 16:57:01 CET 2006 - ug@suse.de + +- typos fixed (#157611) + +------------------------------------------------------------------- +Wed Feb 8 14:59:58 CET 2006 - ug@suse.de + +- fixed #148527 + a broken symlink in the chroot jail is in the way + +------------------------------------------------------------------- +Fri Jan 27 00:49:18 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jan 25 14:27:11 CET 2006 - ug@suse.de + +- fixed #145169 + (follow symlinks during chroot jail creation) + +------------------------------------------------------------------- +Sat Jan 14 22:13:30 CET 2006 - schwab@suse.de + +- Don't remove sources. + +------------------------------------------------------------------- +Mon Jan 2 11:05:18 CET 2006 - ug@suse.de + +- version update from 9.3.1 to 9.3.2 + +------------------------------------------------------------------- +Mon Nov 21 12:16:32 CET 2005 - ug@suse.de + +- fixed an insecure tmp file bug in the + named-bootconf.sh contrib script + +------------------------------------------------------------------- +Mon Sep 26 01:27:01 CEST 2005 - ro@suse.de + +- added LDAP_DEPRECATED to CFLAGS + +------------------------------------------------------------------- +Fri Jul 22 16:50:27 CEST 2005 - lmuelle@suse.de + +- Copy the right default file if /etc/sysconfig/named is missing while + calling the lwresd init script; [#97187]. + +------------------------------------------------------------------- +Fri Jun 17 15:14:52 CEST 2005 - ug@suse.de + +- compilation with -fpie and -pie now + which makes it harder to use + exploits with fixed memory addresses. + +------------------------------------------------------------------- +Wed Apr 13 14:06:42 CEST 2005 - mls@suse.de + +- fix SLP registration + +------------------------------------------------------------------- +Fri Mar 25 18:29:09 CET 2005 - schwab@suse.de + +- Fix leak in lwres library [#74529]. + +------------------------------------------------------------------- +Fri Mar 11 18:28:37 CET 2005 - ug@suse.de + +- version update from 9.3.0 to 9.3.1 +- fixed bug #72153 + lwresd doesn't notice if name server is + unreachable and times out + +------------------------------------------------------------------- +Fri Mar 11 16:41:26 CET 2005 - ug@suse.de + +- rndc dropped from the lwresd init script + it conflicts with a running bind + +------------------------------------------------------------------- +Mon Mar 7 14:34:28 CET 2005 - ug@suse.de + +- lwresd init script "status" changed. + rndc is not used anymore + +------------------------------------------------------------------- +Wed Feb 16 11:16:40 CET 2005 - ug@suse.de + +- lwresd name string changed (just beautify) + +------------------------------------------------------------------- +Fri Feb 4 11:23:14 CET 2005 - ug@suse.de + +- changed the "insserv" behaviour on updates +- fixed empty lwresd.conf file in chroot env. + +------------------------------------------------------------------- +Thu Feb 3 17:48:21 CET 2005 - ug@suse.de + +- empty lwresd.conf file fix (Bug #49081) +- lwresd is on by default now during boot + +------------------------------------------------------------------- +Fri Jan 21 14:46:24 CET 2005 - ug@suse.de + +- sdb-ldap activated (ldapdb.c version from 16.01.2005) +- fixed security problem bug #49927 - remote denial-of-service + An incorrect assumption in the validator (authvalidated) + can result in a REQUIRE (internal consistancy) test failing + and named exiting. + +------------------------------------------------------------------- +Tue Nov 30 11:39:04 CET 2004 - ug@suse.de + +- fixed #48659 + "rclwresd status" answered with OKAY even if only bind was running + "rcnamed status" answered with OKAY even if only lwresd was running + +------------------------------------------------------------------- +Fri Nov 19 14:41:32 CET 2004 - ug@suse.de + +- SLP support via /etc/slp.reg.d/bind.reg file added + +------------------------------------------------------------------- +Thu Nov 4 14:52:17 CET 2004 - ug@suse.de + +- version update to 9.3.0 +- ldapdump script bug fixed (#44452) +- dnssec-makekeyset and dnssec-signkey activated + in Makefile of bin/dnssec/ + +------------------------------------------------------------------- +Wed Oct 13 14:30:07 CEST 2004 - lmuelle@suse.de + +- Add condrestart to the named init script and use same code as in skeleton to + restart. +- Enhance check if named or lwresd are still running if the init script is + called with stop. + +------------------------------------------------------------------- +Mon Sep 27 17:03:38 CEST 2004 - lmuelle@suse.de + +- Update to version 9.2.4. +- Use defines for named user and group settings. +- Add PreReq groupadd and useradd to the chrootenv and lwresd package, + [#46050]. +- Ensure to remove temp sysconfig file in %post. +- Remove warning from createNamedConfInclude script if a file is already + included in /etc/named.conf as we take care of such include statements in + the named init script anyway. +- Remove NAMED_CONF_INCLUDE_FILES fillup from include statements of + /etc/named.conf in the %post of the bind package by the same reason. + +------------------------------------------------------------------- +Sat Sep 18 18:29:40 CEST 2004 - lmuelle@suse.de + +- Add all filenames from include statements of named.conf to + NAMED_CONF_INCLUDE_FILES in the named init script, [#40610]. + +------------------------------------------------------------------- +Thu Sep 16 12:16:14 CEST 2004 - lmuelle@suse.de + +- Add $remote_fs to Required-Start and Required-Stop of lwresd init script. +- Add Provides: dns_daemon to the lwresd package. +- Remove $time from Should-Start and Should-Stop, [#45433]. + +------------------------------------------------------------------- +Wed Sep 15 14:14:53 CEST 2004 - lmuelle@suse.de + +- Remove conflicts from bind and bind-lwrewsd package, [#45335]. +- Use rndc in lwresd init script if rndc is available. + +------------------------------------------------------------------- +Thu Sep 9 17:02:25 CEST 2004 - lmuelle@suse.de + +- Create /etc/rndc.key if bind-lwresd is installed and we install bind-utils + or if bind-utils is installed and we install bind-lwresd. +- Use 0644 instead of 0640 for the named.conf file. +- Split bind-doc from bind-utils. +- Use one sysconfig file for lwresd and named. +- Split common named and lwresd sysconfig settings from them unique to named. +- Rename lwres to bind-lwresd and lwres-devel to bind-libs. +- Ensure to create user and group 'named' in the %pre of bind-lwresd and + bind-chrootenv. + +------------------------------------------------------------------- +Tue Sep 7 02:17:05 CEST 2004 - lmuelle@suse.de + +- Remove %run_ldconfig from %post of the bind package. +- Move vendor files to an own tar ball. +- Create new sub packages lwres, lwres-devel, and bind-chrootenv, [#44711]. +- Use new update message mechanism, [#44344]. + +------------------------------------------------------------------- +Sun Jun 20 10:21:37 CEST 2004 - lmuelle@suse.de + +- Quote definition of NOM_PATH_FILE in configure.in. + +------------------------------------------------------------------- +Mon May 31 15:47:51 CEST 2004 - lmuelle@suse.de + +- Add BIND.desktop file for SuSEhelp. + +------------------------------------------------------------------- +Wed May 19 14:30:07 CEST 2004 - lmuelle@suse.de + +- Add -d, directroy option to genDDNSkey [#40786]. +- Update ldapdump to version 1.1. This Version has better keyfile checks and + throws an error message if a keyfile can't be found, instead of just barfing + perl errors. + +------------------------------------------------------------------- +Wed May 12 12:43:37 CEST 2004 - lmuelle@suse.de + +- Update ldapdump; don't use .zone suffix for zone files. + +------------------------------------------------------------------- +Wed Apr 28 15:18:40 CEST 2004 - lmuelle@suse.de + +- Add /etc/openldap/schema/dnszone.schema to the bind-utils package. +- Add /usr/share/bind/ldapdump to the bind package. +- Add idnkit programs and libraries. +- Add idn patches for dig, host, and nslookup. +- Ensure to call functions initializeNamed, checkAndCopyConfigFiles, and + namedCheckConf in the named init script only one time. + Let namedCheckConf check the configuration inside the chroot. +- Check all configuration files in named init script while called with probe. +- Add NAMED_INITIALIZE_SCRIPTS to sysconfig.named. This allows to call + arbitrary scripts before named is started, restarted, or reloaded. + Therewith it's also possible to disable createNamedConfInclude entirely. +- createNamedConfInclude always overwrite .SuSEconfig file [#33768]. +- Rename SuSEconfig.named to createNamedConfInclude and move it to + /usr/share/bind. + +------------------------------------------------------------------- +Sat Mar 13 21:06:48 CET 2004 - schwab@suse.de + +- Fix path to docs in sample named.conf. + +------------------------------------------------------------------- +Tue Feb 24 18:47:38 CET 2004 - poeml@suse.de + +- add genDDNSkey to bind-utils (formerly in dhcp-server package) +- allow --keyfile and --keyname to be used with genDDNSkey, and + allow using /dev/urandom to avoid blocking +- in the init script, use rndc (if possible) in order to shut down, + so named will flush pending changes to dynamical zones +- when restarting named, make sure it is stopped before trying to + start it again [#34937] +- update root zone (dated Jan 29, 2004) + +------------------------------------------------------------------- +Thu Feb 12 09:32:30 CET 2004 - kukuk@suse.de + +- Fix group of named.conf.include in filelist +- Build with -fno-strict-aliasing + +------------------------------------------------------------------- +Wed Oct 15 15:32:00 CEST 2003 - lmuelle@suse.de + +- update to version 9.2.3; includes the new zone type "delegation-only" to + foil Verisign's sitefinder games +- move root.hint to an extra source file, named.root +- use /etc/named.d and /var/lib/named/master directory in the example + configuration from the sample-config directory +- supress superfluous warning in SuSEconfig.named if /etc/named.conf.include + is empty +- create /etc/rndc.key in the init script if it's missing +- call namedCheckConf after checkAndCopyConfigFiles to allow us to start named + after checkAndCopyConfigFiles fixed a problem +- call SuSEconfig -module named not direct in the init script +- add norootforbuild to the spec file +- set owner of /etc/named.d and /etc/named.d/rndc-access.conf to root: +- add additional x while testing strings in the init script +- always include /etc/rndc.key in rndc-access.conf +- remove absolet stdtime.diff +- remove ip6rev.diff, as one part is included upstream and the other isn't + possible any longer + +------------------------------------------------------------------- +Wed Oct 8 17:19:25 CEST 2003 - schwab@suse.de + +- Fix typo in last change. + +------------------------------------------------------------------- +Mon Sep 29 15:37:35 CEST 2003 - kukuk@suse.de + +- Create named.conf.include if it does not exist [Bug #31683] +- Don't add rndc-access.conf at update [Bug #31696] + +------------------------------------------------------------------- +Fri Sep 19 13:01:53 CEST 2003 - kukuk@suse.de + +- Fix all useradd calls + +------------------------------------------------------------------- +Mon Sep 15 08:35:06 CEST 2003 - kukuk@suse.de + +- Fix Requires and Provides [Bug #30717] + +------------------------------------------------------------------- +Fri Aug 29 12:29:03 CEST 2003 - kukuk@suse.de + +- Call useradd with -r for system accounts [Bug #29611] + +------------------------------------------------------------------- +Thu Aug 28 20:06:46 CEST 2003 - lmuelle@suse.de + +- call sbin/SuSEconfig --module named and not directly the script in the %post + section +- check if rndc is accessible in the init script + +------------------------------------------------------------------- +Tue Aug 26 17:35:10 CEST 2003 - lmuelle@suse.de + +- add Config: syslog-ng to sysconfig.syslog-named + +------------------------------------------------------------------- +Sat Aug 23 01:29:39 CEST 2003 - lmuelle@suse.de + +- add NAMED_ARGS to sysconfig.named +- use -r /dev/urandom while calling rndc-confgen in the post section + +------------------------------------------------------------------- +Thu Aug 21 16:46:12 CEST 2003 - lmuelle@suse.de + +- rename package from bind9 to bind +- add stop_on_removal and restart_on_update macros to preun and postun section + fix bug #29048 +- add default /etc/named.d/rndc-access.conf +- add SuSEconfig.named +- add all included files to NAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named + while update if NAMED_CONF_INCLUDE_FILES is empty +- add additional sysconfig meta data +- remove -u from the copy in prepare_chroot() of the init script due to + the rist of a wrong system time +- unify init scripts; add one space at the end to all echos +- document new features in the README.{SuSE,UnitedLinux} +- fix bug #28585 + +------------------------------------------------------------------- +Fri Apr 11 15:01:00 CEST 2003 - mludvig@suse.cz + +- Make nibble queries instead of bitstring ones for IPv6 addresses. +- Differentiate between 6bone (3ffe::/16, .ip6.int) and other + addresses (!3ffe::/16, ip6.arpa). + +------------------------------------------------------------------- +Mon May 26 15:52:42 CEST 2003 - lmuelle@suse.de + +- add -u to copy in prepare_chroot() of the init script, #25687 +- fix output format in init script + +------------------------------------------------------------------- +Wed Mar 12 13:58:35 CET 2003 - lmuelle@suse.de + +- fix try-restart part of init skript +- set PATH to "/sbin:/usr/sbin:/bin:/usr/bin", #21295 + +------------------------------------------------------------------- +Mon Mar 10 18:40:40 CET 2003 - lmuelle@suse.de + +- remove %ghost from /var/lib/named/var/log + +------------------------------------------------------------------- +Mon Mar 10 18:03:36 CET 2003 - lmuelle@suse.de + +- add null logging for lame-servers to logging example in named.conf +- fix file section +- change /var/run/named to a sym link pointing to /var/lib/named/var/run/named, + #24768 + +------------------------------------------------------------------- +Wed Mar 5 17:09:20 CET 2003 - lmuelle@suse.de + +- remove empty.zone due to possibility of CIDR addressing +- remove rndc.conf; rndc also uses rndc.key, fix bug #17751 +- create rndc.key with 512bit sized key in %post +- remove %pre of utils package +- create additional sub directories log, dyn and master in /var/lib/named +- add a non active logging example to named.conf + +------------------------------------------------------------------- +Tue Mar 4 17:50:58 CET 2003 - lmuelle@suse.de + +- update to version 9.2.2; maintenance/ bugfix release + +------------------------------------------------------------------- +Sat Mar 1 17:41:47 CET 2003 - ro@suse.de + +- also create named user/group in utils preinstall + +------------------------------------------------------------------- +Thu Feb 27 23:53:01 CET 2003 - ro@suse.de + +- create named user/group in preinstall and install + +------------------------------------------------------------------- +Thu Feb 27 14:00:59 CET 2003 - lmuelle@suse.de + +- set /etc/named.conf to root:named and 0640 +- add an example to additional info mail for dynamic updates +- add more information to the README +- add sysconfig file for chroot jail; default is yes +- add chroot features to init script for start and reload + +------------------------------------------------------------------- +Mon Feb 24 16:56:17 CET 2003 - lmuelle@suse.de + +- add separate binaries to PreReq +- add --localstatedir=/var to configure call +- add and autocreate /etc/rndc.{conf,key} +- move rndc binaries and man pages to utils package +- fix %post in case of update +- set ownership of /var/lib/named to root: +- add a README +- fix init script to return correspondig message to checkproc return code +- remove umlauts from %post mail +- add additional info mail about ownership of /var/lib/named if journal files + are used + +------------------------------------------------------------------- +Mon Feb 17 22:48:21 CET 2003 - lmuelle@suse.de + +- update bind9 to version 9.2.1 +- move /var/named to /var/lib/named +- remove obsolete patches (bison, ltconfig_ppc64, manpages, security) + +------------------------------------------------------------------- +Wed Nov 13 01:43:18 CET 2002 - ro@suse.de + +- fix build with current bison (end all rules with ";") + +------------------------------------------------------------------- +Sat Sep 7 16:31:04 CEST 2002 - kukuk@suse.de + +- Fix running bind9 as user named [Bug #18417] + +------------------------------------------------------------------- +Mon Aug 19 15:22:43 CEST 2002 - ro@suse.de + +- added prereqs (#17807) + +------------------------------------------------------------------- +Mon Aug 19 12:50:37 CEST 2002 - okir@suse.de + +- Added patch to make named run as non-root user +- added "-u named" option to init script invocation of named + +------------------------------------------------------------------- +Sun Jul 28 13:38:54 CEST 2002 - kukuk@suse.de + +- Remove yacc from neededforbuild + +------------------------------------------------------------------- +Sat Jul 27 18:17:13 CEST 2002 - adrian@suse.de + +- add %run_ldconfig + +------------------------------------------------------------------- +Mon Jul 22 09:57:32 CEST 2002 - kukuk@suse.de + +- Move .so symlinks to devel package +- Move liblwres shared library to utils package +- make lib64 clean + +------------------------------------------------------------------- +Wed Jul 10 22:29:04 CEST 2002 - olh@suse.de + +- hack ltconfig for ppc64 to build shared libs + +------------------------------------------------------------------- +Wed Jul 10 16:36:30 MEST 2002 - draht@suse.de + +- move /usr/bin/nsupdate to bindutil (#16944) + +------------------------------------------------------------------- +Mon Jun 3 10:59:07 CEST 2002 - okir@suse.de + +- Applied security fix for remote DoS (CERT VU#739123) + +------------------------------------------------------------------- +Fri Dec 14 17:55:36 CET 2001 - ro@suse.de + +- removed START_NAMED + +------------------------------------------------------------------- +Wed Sep 5 20:32:15 CEST 2001 - pthomas@suse.de + +- Fix incorrect .so references in lwres manpages. + +------------------------------------------------------------------- +Sun Aug 12 15:04:44 CEST 2001 - kukuk@suse.de + +- Fix path to perl interpreter + +------------------------------------------------------------------- +Wed Jul 4 09:06:38 CEST 2001 - bodammer@suse.de + +- Update to bind-9.1.3 (release) +- Config-files moved away from bind-9.1.3.dif + +------------------------------------------------------------------- +Mon Jul 2 11:49:12 CEST 2001 - bodammer@suse.de + +- update to bind-9.1.3rc3 +- "Implicit declaration of function time" in context.c fixed + +------------------------------------------------------------------- +Mon Jun 25 10:48:06 CEST 2001 - bodammer@suse.de + +- update to bind-9.1.3rc2 + +------------------------------------------------------------------- +Tue May 29 11:09:59 CEST 2001 - bodammer@suse.de + +- update to bind-9.1.3rc1 + +------------------------------------------------------------------- +Thu May 10 14:41:05 CEST 2001 - bodammer@suse.de + +- initscript fix: don't start bind in runlevel 2 [bug #7956] + +------------------------------------------------------------------- +Tue May 8 15:53:04 CEST 2001 - mfabian@suse.de + +- bzip2 sources + +------------------------------------------------------------------- +Tue May 8 10:03:00 CEST 2001 - bodammer@suse.de + +- install a new named.conf with comments + +------------------------------------------------------------------- +Mon May 7 13:38:25 CEST 2001 - bodammer@suse.de + +- update to bind-9.1.2 (release) + +------------------------------------------------------------------- +Tue Apr 24 12:18:01 CEST 2001 - bodammer@suse.de + +- little modification to named.conf + +------------------------------------------------------------------- +Thu Mar 29 13:21:29 CEST 2001 - bodammer@suse.de + +- update to bind-9.1.1 (release) + +------------------------------------------------------------------- +Tue Mar 27 10:50:55 CEST 2001 - bodammer@suse.de + +- update to bind-9.1.1rc7 + +------------------------------------------------------------------- +Fri Mar 23 10:39:53 CET 2001 - bodammer@suse.de + +- update to bind-9.1.1rc6 + +------------------------------------------------------------------- +Thu Mar 15 14:47:49 CET 2001 - bodammer@suse.de + +- update to bind-9.1.1rc5 +- new initscript more LSB conform + +------------------------------------------------------------------- +Mon Mar 12 13:34:23 CET 2001 - bodammer@suse.de + +- update to bind-9.1.1rc4 + +------------------------------------------------------------------- +Tue Feb 27 17:05:04 CET 2001 - bodammer@suse.de + +- initscript fix: now checks for a running named + +------------------------------------------------------------------- +Tue Feb 27 09:18:09 CET 2001 - bodammer@suse.de + +- update to bind-9.1.1rc3 + +------------------------------------------------------------------- +Thu Feb 15 15:04:08 CET 2001 - sf@suse.de + +- added suse_update_config + +------------------------------------------------------------------- +Wed Feb 14 13:27:11 CET 2001 - bodammer@suse.de + +- update to bind-9.1.1rc2 + +------------------------------------------------------------------- +Mon Feb 12 18:04:03 CET 2001 - bodammer@suse.de + +- subpackages bind9-util and bind9-devel created + +------------------------------------------------------------------- +Thu Feb 8 12:08:50 CET 2001 - bodammer@suse.de + +- update to bind-9.1.1rc1 +- missing headerfile included in stdtime.c + +------------------------------------------------------------------- +Thu Jan 18 09:40:33 CET 2001 - bodammer@suse.de + +- update to bind-9.1.0 + +------------------------------------------------------------------- +Tue Nov 28 19:01:37 CET 2000 - bodammer@suse.de + +- Fix location of rcscript + +------------------------------------------------------------------- +Thu Nov 23 23:46:02 CET 2000 - ro@suse.de + +- added insserv calls + +------------------------------------------------------------------- +Thu Nov 23 22:40:37 CET 2000 - bodammer@suse.de + +- rcscript update + +------------------------------------------------------------------- +Mon Nov 13 18:19:00 CET 2000 - bodammer@suse.de + +- update to bind-9.0.1 + +------------------------------------------------------------------- +Fri Oct 6 18:09:53 CEST 2000 - kukuk@suse.de + +- change group tag + +------------------------------------------------------------------- +Mon Sep 18 11:07:47 CEST 2000 - bodammer@suse.de + +- update to bind-9.0.0 ( first release version ) + +------------------------------------------------------------------- +Wed Aug 30 13:19:52 CEST 2000 - bodammer@suse.de + +- update to bind-9.0.0rc5 + +------------------------------------------------------------------- +Wed Aug 16 09:30:11 CEST 2000 - bodammer@suse.de + +- update to bind-9.0.0rc3 + +------------------------------------------------------------------- +Thu Aug 10 19:50:49 CEST 2000 - bodammer@suse.de + +- update to bind-9.0.0rc2 +- nslookup renamed to nslookup9 + +------------------------------------------------------------------- +Thu Jul 13 09:53:58 CEST 2000 - bodammer@suse.de + +- update to bind-9.0.0rc1 (release candidate) + +------------------------------------------------------------------- +Mon Jul 3 23:10:21 CEST 2000 - bodammer@suse.de + +- update to bind-9.0.0b5 +- host renamed to host9 + +------------------------------------------------------------------- +Fri Jun 16 10:55:41 CEST 2000 - bodammer@suse.de + +- update to bind-9.0.0b4 + +------------------------------------------------------------------- +Thu May 25 18:19:21 CEST 2000 - bodammer@suse.de + +- dig renamed to dig9 to avoid conflicts with dig from bindutil +- libtool-fix added +- option -f added to suse_update_config-macro + +------------------------------------------------------------------- +Wed May 24 10:10:43 CEST 2000 - bodammer@suse.de + +- update to bind-9.0.0b3 +- configure option added to build shared libraries + +------------------------------------------------------------------- +Mon May 15 15:49:35 CEST 2000 - schwab@suse.de + +- Update config files. +- Fix 64-bit bug. + +------------------------------------------------------------------- +Fri May 12 16:24:15 CEST 2000 - bodammer@suse.de + +- update to bind9-snap-20000510 + +------------------------------------------------------------------- +Tue May 2 09:44:15 CEST 2000 - bodammer@suse.de + +- update to bind9-snap-20000427a + +------------------------------------------------------------------- +Wed Apr 19 10:27:15 CEST 2000 - bodammer@suse.de + +- update to bind9-snap-20000414 + +------------------------------------------------------------------- +Tue Mar 28 19:03:17 CEST 2000 - bodammer@suse.de + +- update to bind-9.0.0b2 + +------------------------------------------------------------------- +Mon Feb 7 21:26:09 CET 2000 - bodammer@suse.de + +- first public beta version bind-9.0.0b1 + diff --git a/bind.spec b/bind.spec new file mode 100644 index 0000000..cf49673 --- /dev/null +++ b/bind.spec @@ -0,0 +1,1054 @@ +# +# spec file for package bind (Version 9.3.2) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: bind +BuildRequires: openldap2 openldap2-devel +Summary: Domain Name System (DNS) Server (named) +Version: 9.3.2 +Release: 42 +%define SDB_LDAP_VERSION 1.0-beta +License: GNU General Public License (GPL) - all versions, Other License(s), see package +Group: Productivity/Networking/DNS/Servers +Provides: dns_daemon bind8 bind9 +Obsoletes: bind8 bind9 +Requires: bind-utils bind-chrootenv +PreReq: %fillup_prereq %insserv_prereq bind-utils /bin/grep /bin/sed /bin/mkdir /usr/bin/tee /bin/chmod /bin/chown /bin/mv /bin/cat /usr/bin/dirname /usr/bin/diff /usr/bin/old /usr/sbin/groupadd /usr/sbin/useradd /usr/sbin/usermod +Autoreqprov: on +URL: http://isc.org/sw/bind/ +Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz +Source1: vendor-files.tar.bz2 +Source9: ftp://ftp.internic.net/domain/named.root +Source40: http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt +Source50: bind-sdb-ldap-%{SDB_LDAP_VERSION}.tar.gz +Patch: configure.in.diff +Patch1: Makefile.in.diff +Patch2: pid-path.diff +Patch3: idnkit-1.0.diff +Patch4: perl-path.diff +Patch50: sdb_ldap.diff +Patch51: pie_compile.diff +Patch52: named-bootconf.diff +Patch53: nsupdate.8.diff +Patch54: VU697164_VU915404.diff +Patch55: bind-rsa.patch +%if %ul_version >= 1 +%define VENDOR UL +%else +%if "%{_vendor}" == "suse" +%define VENDOR SUSE +%else +%define VENDOR %_vendor +%endif +%endif +# Defines for user and group add +%define NAMED_UID 44 +%define NAMED_UID_NAME named +%define NAMED_GID 44 +%define NAMED_GID_NAME named +%define NAMED_COMMENT Name server daemon +%define NAMED_HOMEDIR /var/lib/named +%define NAMED_SHELL /bin/false +%define GROUPADD_NAMED /usr/sbin/groupadd -g %{NAMED_GID} -o -r %{NAMED_GID_NAME} 2> /dev/null || : +%define USERADD_NAMED /usr/sbin/useradd -r -o -g %{NAMED_GID_NAME} -u %{NAMED_UID} -s %{NAMED_SHELL} -c "%{NAMED_COMMENT}" -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME} 2> /dev/null || : +%define USERMOD_NAMED /usr/sbin/usermod -s %{NAMED_SHELL} -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME} 2>/dev/null || : +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +Berkeley Internet Name Domain (BIND) is an implementation of the Domain +Name System (DNS) protocols and provides an openly redistributable +reference implementation of the major components of the Domain Name +System. This package includes the components to operate a DNS server. + + + +Authors: +-------- + ISC Software + +%package chrootenv +Summary: Chroot environment for BIND named and lwresd +Group: Productivity/Networking/DNS/Servers +PreReq: /usr/sbin/groupadd /usr/sbin/useradd + +%description chrootenv +This package contains all directories and files which are common to the +chroot environment of BIND named and lwresd. Most is part of the +structure below /var/lib/named. + + + +Authors: +-------- + ISC Software + +%package devel +Summary: Development Libraries and Header Files of BIND +Group: Development/Libraries/C and C++ +Requires: bind-utils = %{version} +Provides: bind8-devel bind9-devel +Obsoletes: bind8-devel bind9-devel + +%description devel +This package contains the header files, libraries, and documentation +for building programs using the libraries of the Berkeley Internet Name +Domain (BIND) Domain Name System implementation of the Domain Name +System (DNS) protocols. + + + +Authors: +-------- + ISC Software + +%package doc +Summary: BIND documentation +Group: Documentation/Other + +%description doc +Documentation of the Berkeley Internet Name Domain (BIND) Domain Name +System implementation of the Domain Name System (DNS) protocols. This +includes also the BIND Administrator Reference Manual (ARM). + + + +Authors: +-------- + ISC Software + +%package libs +Summary: Shared libraries of BIND +Group: Development/Libraries/C and C++ + +%description libs +This package contains the shared libraries of the Berkeley Internet +Name Domain (BIND) Domain Name System implementation of the Domain Name +System (DNS) protocols. + + + +Authors: +-------- + ISC Software + +%package lwresd +Summary: Lightweight Resolver Daemon +Group: Productivity/Networking/DNS/Utilities +Requires: bind-chrootenv +Provides: dns_daemon +PreReq: /usr/sbin/groupadd /usr/sbin/useradd + +%description lwresd +Bind-lwresd provides resolution services to local clients using a +combination of the lightweight resolver library liblwres and the +resolver daemon process lwresd running on the local host. These +communicate using a simple UDP-based protocol, the "lightweight +resolver protocol" that is distinct from and simpler than the full DNS +protocol. + + + +Authors: +-------- + ISC Software + +%package utils +Summary: Utilities to query and test DNS +Group: Productivity/Networking/DNS/Utilities +Provides: dns_utils bindutil bind9-utils +Obsoletes: bindutil bind9-utils + +%description utils +This package includes the utilities host, dig, and nslookup used to +test and query the Domain Name System (DNS). The Berkeley Internet +Name Domain (BIND) DNS server is found in the package named bind. + + + +Authors: +-------- + ISC Software + +%prep +[ "${RPM_BUILD_DIR}/%{name}-%{version}" != "/" -a -d "${RPM_BUILD_DIR}/%{name}-%{version}" ] && rm -rf "${RPM_BUILD_DIR}/%{name}-%{version}" +%setup +%setup -T -D -a1 -a50 +%patch -p1 +%patch1 -p1 +%patch3 -p1 +%patch2 -p1 +%patch4 -p1 +%patch50 +%patch51 +%patch52 +%patch53 +%patch54 +%patch55 +# modify settings of some files regarding to OS version and vendor +function replaceStrings() +{ + file="$1" + sed -e "s@__NSD__@/lib@g" \ + -e "s@__BIND_PACKAGE_NAME__@%{name}@g" \ + -e "s@__VENDOR__@%{VENDOR}@g" \ + "${file}" >"${file}.new" && \ + mv "${file}.new" "${file}" +} +pushd vendor-files +for file in docu/README tools/createNamedConfInclude config/{README,named.conf} init/{named,lwresd} sysconfig/{named-common,named-named,syslog-named}; do + replaceStrings ${file} +done +popd +cp bind-sdb-ldap-%{SDB_LDAP_VERSION}/ldapdb.c bin/named/ +cp bind-sdb-ldap-%{SDB_LDAP_VERSION}/ldapdb.h bin/named/include/ +# --------------------------------------------------------------------------- + +%build +%{?suse_update_config:%{suse_update_config -f}} +cat /usr/share/aclocal/libtool.m4 >> aclocal.m4 +%{__libtoolize} -f +%{__aclocal} +%{__autoconf} +pushd lib/bind +%{?suse_update_config:%{suse_update_config -f}} +cat /usr/share/aclocal/libtool.m4 >> aclocal.m4 +%{__libtoolize} -f +%{__aclocal} +%{__autoconf} +popd +#pushd contrib/idn/idnkit-1.0-src +#%{?suse_update_config:%{suse_update_config -f}} +#cat /usr/share/aclocal/libtool.m4 >> aclocal.m4 +#%{__libtoolize} -f +#%{__aclocal} +#%{__autoconf} +#popd +export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED" LDFLAGS="-L%{_libdir}" +#export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fpie" LDFLAGS="-L%{_libdir} -pie" +CONFIGURE_OPTIONS="\ + --prefix=%{_prefix} \ + --bindir=%{_bindir} \ + --sbindir=%{_sbindir} \ + --sysconfdir=%{_sysconfdir} \ + --localstatedir=%{_var} \ + --libdir=%{_libdir} \ + --includedir=%{_includedir}/bind \ + --mandir=%{_mandir} \ + --infodir=%{_infodir} \ + --with-openssl \ + --enable-threads \ + --enable-libbind \ + --with-libtool \ + --enable-runidn \ +" +./configure ${CONFIGURE_OPTIONS} +%{__make} +pushd contrib/idn/idnkit-1.0-src +./configure ${CONFIGURE_OPTIONS} +%{__make} +popd +# running BIND system tests +# FIXME: enable make test if every test checks for a free port first; fixed port +# 5300 might lead to test failures if port is already in use. +#pushd bin/tests/system/ +#./ifconfig.sh up +#%{__make} test +#./ifconfig.sh down +#popd +# replace __NSD__ in some files by a sub directory to set the full path to +# named's root directory +# --------------------------------------------------------------------------- + +%install +%{GROUPADD_NAMED} +%{USERADD_NAMED} +mkdir -p \ + ${RPM_BUILD_ROOT}/%{_sysconfdir}/init.d \ + ${RPM_BUILD_ROOT}/%{_sysconfdir}/named.d \ + ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/schema \ + ${RPM_BUILD_ROOT}/%{_sysconfdir}/slp.reg.d \ + ${RPM_BUILD_ROOT}/usr/{bin,%{_lib},sbin,include} \ + ${RPM_BUILD_ROOT}/%{_datadir}/bind \ + ${RPM_BUILD_ROOT}/%{_datadir}/susehelp/meta/Administration/System \ + ${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind \ + ${RPM_BUILD_ROOT}/var/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/named}} \ + ${RPM_BUILD_ROOT}%{_mandir}/{man1,man3,man5,man8} \ + ${RPM_BUILD_ROOT}/var/adm/fillup-templates \ + ${RPM_BUILD_ROOT}/var/run +%{__make} DESTDIR=${RPM_BUILD_ROOT} install +pushd contrib/idn/idnkit-1.0-src +%{__make} DESTDIR=${RPM_BUILD_ROOT} install +popd +mv vendor-files/config/named.conf ${RPM_BUILD_ROOT}/%{_sysconfdir} +mv vendor-files/config/bind.reg ${RPM_BUILD_ROOT}/%{_sysconfdir}/slp.reg.d +mv vendor-files/config/rndc-access.conf ${RPM_BUILD_ROOT}/%{_sysconfdir}/named.d +for file in named.conf.include rndc.key; do + touch ${RPM_BUILD_ROOT}/%{_sysconfdir}/${file} +done +for file in lwresd named; do + install -m 0754 vendor-files/init/${file} ${RPM_BUILD_ROOT}/etc/init.d/${file} + ln -sf /etc/init.d/${file} ${RPM_BUILD_ROOT}/usr/sbin/rc${file} +done +install -m 0644 ${RPM_SOURCE_DIR}/named.root ${RPM_BUILD_ROOT}/var/lib/named/root.hint +mv vendor-files/config/{127.0.0,localhost}.zone ${RPM_BUILD_ROOT}/var/lib/named +install -m 0754 vendor-files/tools/createNamedConfInclude ${RPM_BUILD_ROOT}/%{_datadir}/bind +install -m 0755 vendor-files/tools/bind.genDDNSkey ${RPM_BUILD_ROOT}/%{_bindir}/genDDNSkey +cp -a vendor-files/docu/BIND.desktop ${RPM_BUILD_ROOT}/%{_datadir}/susehelp/meta/Administration/System +cp -p ${RPM_SOURCE_DIR}/dnszone-schema.txt ${RPM_BUILD_ROOT}/%{_sysconfdir}/openldap/schema/dnszone.schema +install -m 0754 vendor-files/tools/ldapdump ${RPM_BUILD_ROOT}/%{_datadir}/bind +find ${RPM_BUILD_ROOT}/%{_libdir} -type f -name '*.so*' -print0 | xargs -0 chmod 0755 +touch ${RPM_BUILD_ROOT}/var/lib/named/etc/{localtime,named.conf.include,named.d/rndc.access.conf} +touch ${RPM_BUILD_ROOT}/var/lib/named/dev/log +ln -s ../.. ${RPM_BUILD_ROOT}/var/lib/named/var/lib/named +ln -s ../log ${RPM_BUILD_ROOT}/var/lib/named/var +ln -s ../lib/named/var/run/named ${RPM_BUILD_ROOT}/var/run +for file in named-common named-named syslog-named; do + install -m 0644 vendor-files/sysconfig/${file} ${RPM_BUILD_ROOT}/var/adm/fillup-templates/sysconfig.${file} +done +# Cleanup doc +rm doc/misc/Makefile* +# Remove samples +rm ${RPM_BUILD_ROOT}/etc/*.sample +find doc/arm -type f ! -name '*.html' -print0 | xargs -0 rm -f +# Create doc as we want it in bind and not bind-doc +cp -a vendor-files/docu/README ${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind/README.%{VENDOR} +cp -a vendor-files/docu/dnszonehowto.html contrib/sdb/ldap/ +mkdir -p vendor-files/config/ISC-examples +cp -a bin/tests/*.conf* vendor-files/config/ISC-examples +for file in CHANGES COPYRIGHT README FAQ version contrib doc/{arm,draft,misc,rfc} vendor-files/config; do + basename=$( basename ${file}) + cp -a ${file} ${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind/${basename} + echo "%doc %{_defaultdocdir}/bind/${basename}" >>filelist-bind-doc +done +pushd ${RPM_BUILD_ROOT}%{_defaultdocdir}/bind/contrib/idn/idnkit-1.0-src +%{__make} distclean +rm -rf include lib man map patch tools win wsock Makefile.in acconfig.h aclocal.m4 config.* configure* install-sh ltconfig make.wnt mkinstalldirs +popd +# --------------------------------------------------------------------------- + +%clean +[ "${RPM_BUILD_ROOT}" != "/" -a -d "${RPM_BUILD_ROOT}" ] && rm -rf "${RPM_BUILD_ROOT}" +# --------------------------------------------------------------------------- + +%pre +# Are we updating from a package named bind9? +if test -d usr/share/doc/packages/bind9 && sbin/chkconfig -c named; then + NAMED_ACTIVE_FILE="var/adm/named.was.active" + test -f ${NAMED_ACTIVE_FILE} && old ${NAMED_ACTIVE_FILE} + ACTIVE_DIR=$( dirname ${NAMED_ACTIVE_FILE}) + test -d ${ACTIVE_DIR} || mkdir -p ${ACTIVE_DIR} + touch ${NAMED_ACTIVE_FILE} +fi +%{GROUPADD_NAMED} +%{USERADD_NAMED} +# Might be an update. +%{USERMOD_NAMED} +# var/run/named is now a sym link pointing to the chroot jail +test -L var/run/named || rm -rf var/run/named +test -f etc/sysconfig/named && \ + . etc/sysconfig/named +# Store NAMED_RUN_CHROOTED setting to a temp file. +TEMP_SYSCONFIG_FILE="var/adm/named-chroot" +TEMP_DIR=$( dirname ${TEMP_SYSCONFIG_FILE}) +test -d ${TEMP_DIR} || \ + mkdir -p ${TEMP_DIR} +test -e ${TEMP_SYSCONFIG_FILE} && \ + old ${TEMP_SYSCONFIG_FILE} +echo "NAMED_RUN_CHROOTED=\"${NAMED_RUN_CHROOTED}\"" >${TEMP_SYSCONFIG_FILE} + +%preun +%stop_on_removal named + +%post +%{fillup_and_insserv -nf named} +%{fillup_only -nsa named named} +if [ ! -f etc/rndc.key ]; then + usr/sbin/rndc-confgen -a -b 512 -r dev/urandom + chmod 0640 etc/rndc.key + chown root:named etc/rndc.key +fi +TEMP_SYSCONFIG_FILE="var/adm/named-chroot" +# Are we in update mode? +if [ ${FIRST_ARG:-0} -gt 1 ]; then +# Is named.conf an old, /var/named configuration? +if [ -f etc/named.conf ] && grep -qi '^[[:space:]]*directory[[:space:]]*"/var/named"[[:space:]]*;' etc/named.conf; then + test -d var/log || \ + mkdir -p var/log + CONVLOG="/var/log/named-move-to-var-lib" + # move zone files to new location + echo "Moving zone files to new location /var/lib/named" | tee ${CONVLOG} + IFS=" +" + for dir in var/named var/named/slave; do + for source in $( find ${dir} -maxdepth 1 ); do + case "${source#var/named/}" in + localhost.zone|127.0.0.zone|root.hint|slave|var/named) continue ;; + esac + sourcedir=$( echo "${source%/*}") + destdir=$( echo "${sourcedir#var/named}") + if [ -e "var/lib/named/${destdir}/${source##*/}" ]; then + echo "Warning: /var/lib/named${destdir}/${source##*/} already exists; skipped." | tee -a ${CONVLOG} + else + echo "${source#var/named/}" | tee -a ${CONVLOG} + mv "${source}" "var/lib/named/${destdir}" + fi + done + done + # updating named.conf + echo -n "Backup old /etc/named.conf to " | tee -a ${CONVLOG} + oldconfig=$( old etc/named.conf) 2>/dev/null + oldconfig=${oldconfig##*/} + echo -en "/etc/${oldconfig}. Conversion " | tee -a ${CONVLOG} + sed -e "s@\"/var/named\"@\"/var/lib/named\"@" "etc/${oldconfig}" > etc/named.conf 2>/dev/null + conv_rc=$? + if [ ${conv_rc} -eq 0 ]; then + echo "succeded." | tee -a ${CONVLOG} + chmod --reference="etc/${oldconfig}" etc/named.conf + chown --reference="etc/${oldconfig}" etc/named.conf + else + echo "failed." | tee -a ${CONVLOG} + fi + if [ ${conv_rc} -eq 0 ]; then + cat << EOF >>${CONVLOG} + +Result: named.conf conversion succeded. For details check the following +diff of the the old and new configuration. + +Ergebnis: Die named.conf-Konvertierung war erfolgreich. Details finden +Sie in der nachfolgenden Differenz der alten und neuen Konfiguration. + + +EOF + diff -u etc/${oldconfig} etc/named.conf >>${CONVLOG} + else + cat << EOF >>${CONVLOG} + +Result: Conversion failed. You must check your /etc/named.conf + +Ergebnis: Die Konvertierung ist fehlgeschlagen. Sie müssen Ihre +/etc/named.conf überprüfen. +EOF + fi +else + rm -f var/lib/update-messages/bind.1 +fi # End of 'Is named.conf an old, /var/named configuration?'. +# Add include files to NAMED_CONF_INCLUDE_FILES if we have already a include +# file (SL Standard Server 8) and NAMED_RUN_CHROOTED from the +# TEMP_SYSCONFIG_FILE is empty. +if [ -f ${TEMP_SYSCONFIG_FILE} ]; then + . ${TEMP_SYSCONFIG_FILE} +fi +if [ -s etc/named.conf.include -a -z "${NAMED_RUN_CHROOTED}" ]; then + test -f etc/sysconfig/named && . etc/sysconfig/named + if [ "${NAMED_INITIALIZE_SCRIPTS}" = "createNamedConfInclude" -a \ + -z "${NAMED_CONF_INCLUDE_FILES}" ]; then + # Get the included files from an existing meta include file. + INCLUDE_LINES=$( grep -e '^[[:space:]]*include' etc/named.conf.include | cut -f 2 -d '"') + if [ "${INCLUDE_LINES}" -a -z "${NAMED_CONF_INCLUDE_FILES}" ]; then + for file in ${INCLUDE_LINES}; do + # don't add a file a second time + echo "${INCLUDE_FILES}" | grep -qe "\<${file#/etc/named.d/}\>" && continue + # don't add the meta include file as the init script copy it anyway + # to the chroot jail + test "${file}" = "/etc/named.conf.include" && continue + test "${INCLUDE_FILES}" && INCLUDE_FILES="${INCLUDE_FILES} " + # strip off any leading /etc/named.d/ as the init script takes care + # of relative file names + INCLUDE_FILES="${INCLUDE_FILES}${file#/etc/named.d/}" + done + TMPFILE=$( mktemp /var/tmp/named.sysconfig.XXXXXX) + if [ $? -ne 0 ]; then + echo -e "Can't create temp file. Please add your included files from /etc/named.conf to\nNAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named manually." + return + fi + chmod --reference=etc/sysconfig/named ${TMPFILE} + if sed "s+^NAMED_CONF_INCLUDE_FILES.*$+NAMED_CONF_INCLUDE_FILES=\"${INCLUDE_FILES}\"+" etc/sysconfig/named > "${TMPFILE}"; then + mv "${TMPFILE}" etc/sysconfig/named + else + echo "Can't set NAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named to \"${INCLUDE_FILES}\"." + fi + fi + fi +else + rm -f touch var/lib/update-messages/bind.3 +fi # End of 'Add include files to NAMED_CONF_INCLUDE_FILES' +fi # End of 'Are we in update mode?' +# Remove TEMP_SYSCONFIG_FILE in any case. +rm -f ${TEMP_SYSCONFIG_FILE} +NAMED_ACTIVE_FILE="var/adm/named.was.active" +if [ -f ${NAMED_ACTIVE_FILE} ]; then + sbin/insserv named + test ! -s ${NAMED_ACTIVE_FILE} && rm -f ${NAMED_ACTIVE_FILE} +fi + +%postun +%restart_on_update named +%insserv_cleanup + +%pre chrootenv +%{GROUPADD_NAMED} +%{USERADD_NAMED} + +%post chrootenv +%{fillup_only -nsa named common} +%{fillup_only -nsa syslog named} + +%pre lwresd +%{GROUPADD_NAMED} +%{USERADD_NAMED} + +%post lwresd +# Create a key if usr/sbin/rndc-confgen is installed. +if [ -x usr/sbin/rndc-confgen -a ! -f etc/rndc.key ]; then + usr/sbin/rndc-confgen -a -b 512 -r dev/urandom + chmod 0640 etc/rndc.key + chown root:named etc/rndc.key +fi +# delete an emtpy lwresd.conf file +if [ ! -s etc/lwresd.conf ]; then + rm -f etc/lwresd.conf +fi +if [ $1 -le 1 ]; then + %{fillup_and_insserv -fy lwresd} +fi; + +%preun lwresd +%stop_on_removal lwresd + +%postun lwresd +%restart_on_update lwresd +%insserv_cleanup + +%post utils +%run_ldconfig +# Create a key if lwresd is installed. +if [ -x usr/sbin/lwresd -a ! -f etc/rndc.key ]; then + usr/sbin/rndc-confgen -a -b 512 -r dev/urandom + chmod 0640 etc/rndc.key + chown root:named etc/rndc.key +fi +# --------------------------------------------------------------------------- + +%files +%defattr(-,root,root) +%attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/named.conf +%{_sysconfdir}/slp.reg.d +%attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/bind.reg +%attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include +%attr(0640,root,named) %ghost %config(noreplace) /%{_sysconfdir}/rndc.key +%config /%{_sysconfdir}/init.d/named +%{_sbindir}/rcnamed +%{_sbindir}/named +%{_sbindir}/named-checkconf +%{_sbindir}/named-checkzone +%{_sbindir}/dnssec-keygen +%{_sbindir}/dnssec-signzone +%doc %{_mandir}/man5/named.conf.5.gz +%doc %{_mandir}/man8/dnssec-keygen.8.gz +%doc %{_mandir}/man8/dnssec-signzone.8.gz +%doc %{_mandir}/man8/named-checkconf.8.gz +%doc %{_mandir}/man8/named-checkzone.8.gz +%doc %{_mandir}/man8/named.8.gz +%dir %{_datadir}/bind +%{_datadir}/bind/createNamedConfInclude +%{_datadir}/bind/ldapdump +%{_var}/adm/fillup-templates/sysconfig.named-named +%dir %{_var}/lib/named/master +%attr(-,named,named) %dir %{_var}/lib/named/dyn +%attr(-,named,named) %dir %{_var}/lib/named/slave +%config %{_var}/lib/named/root.hint +%config %{_var}/lib/named/127.0.0.zone +%config %{_var}/lib/named/localhost.zone +%ghost %{_var}/lib/named/etc/localtime +%attr(0644,root,named) %ghost %{_var}/lib/named/etc/named.conf.include + +%files chrootenv +%defattr(-,root,root) +%dir %{_var}/lib/named +%dir %{_var}/lib/named/etc +%dir %{_var}/lib/named/etc/named.d +%dir %{_var}/lib/named/dev +%dir %{_var}/lib/named/var +%dir %{_var}/lib/named/var/lib +%dir %{_var}/lib/named/var/run +%attr(-,named,named) %dir %{_var}/lib/named/log +%attr(-,named,named) %dir %{_var}/lib/named/var/run/named +%ghost %{_var}/lib/named/etc/named.d/rndc.access.conf +%ghost %{_var}/lib/named/dev/log +%attr(0666, root, root) %dev(c, 1, 3) %{_var}/lib/named/dev/null +%attr(0666, root, root) %dev(c, 1, 8) %{_var}/lib/named/dev/random +%{_var}/lib/named/var/lib/named +%{_var}/lib/named/var/log +%{_var}/run/named +%{_var}/adm/fillup-templates/sysconfig.named-common +%{_var}/adm/fillup-templates/sysconfig.syslog-named + +%files devel +%defattr(-,root,root) +%{_bindir}/isc-config.sh +%{_libdir}/*.a +%{_libdir}/*.so +%{_includedir}/bind +%doc %{_mandir}/man3/* + +%files doc -f filelist-bind-doc +%defattr(-,root,root) +%dir %doc %{_defaultdocdir}/bind +%doc %{_datadir}/susehelp + +%files libs +%defattr(-,root,root) +%{_libdir}/*.so.* + +%files lwresd +%defattr(-,root,root) +%config /etc/init.d/lwresd +%{_sbindir}/rclwresd +%{_sbindir}/lwresd +%doc %{_mandir}/man8/lwresd.8.gz + +%files utils +%defattr(-,root,root) +%config(noreplace) %{_sysconfdir}/idn.conf +%config(noreplace) %{_sysconfdir}/idnalias.conf +%dir /etc/named.d +%config(noreplace) /etc/named.d/rndc-access.conf +%dir %{_sysconfdir}/openldap/schema +%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dnszone.schema +%{_libdir}/*.la +%{_bindir}/dig +%{_bindir}/host +%{_bindir}/idnconv +%{_bindir}/nslookup +%{_bindir}/nsupdate +%{_bindir}/genDDNSkey +%{_bindir}/runidn +%{_sbindir}/rndc +%{_sbindir}/rndc-confgen +%dir %{_datadir}/idnkit +%{_datadir}/idnkit/jp.map +%dir %doc %{_defaultdocdir}/bind +%dir %{_defaultdocdir}/bind/README.%{VENDOR} +%doc %{_mandir}/man1/dig.1.gz +%doc %{_mandir}/man1/host.1.gz +%doc %{_mandir}/man1/nslookup.1.gz +%doc %{_mandir}/man5/rndc.conf.5.gz +%doc %{_mandir}/man8/nsupdate.8.gz +%doc %{_mandir}/man8/rndc-confgen.8.gz +%doc %{_mandir}/man8/rndc.8.gz +# idn kit +%doc %{_mandir}/man1/idnconv.1.gz +%doc %{_mandir}/man1/runidn.1.gz +%doc %{_mandir}/man5/idn.conf.5.gz +%doc %{_mandir}/man5/idnalias.conf.5.gz +%doc %{_mandir}/man5/idnrc.5.gz + +%changelog -n bind +* Fri Nov 10 2006 - ug@suse.de +- security fix (#218303) + workarounds OpenSSL's recently + discovered RSA signature verification issue (CVE-2006-4339) by using + the exponent 65537 (0x10001) instead of the widely used 3. +* Tue Oct 17 2006 - poeml@suse.de +- there is no SuSEconfig.syslog script anymore, thus remove the + YaST hint from the sysconfig template +* Mon Oct 16 2006 - ug@suse.de +- typo in sysconfig file fixed (#212337) +* Fri Sep 01 2006 - ug@suse.de +- security fix + Bug #201424 VUL-0: bind: two denial-of-service attacks + VU#697164 + BIND INSIST failure due to excessive recursive queries + VU#915404 + BIND assertion failure during SIG query processing +* Tue Aug 15 2006 - ug@suse.de +- update messages removed +* Fri Aug 04 2006 - ug@suse.de +- moved the la files to bind-utils + (#182448) +* Thu Jul 06 2006 - ug@suse.de +- fix for the nsupdate man page (#92730) + thanx to Werner +* Wed May 17 2006 - ug@suse.de +- fix for ldapdump script (#175587) +* Mon Mar 13 2006 - ug@suse.de +- typos fixed (#157611) +* Wed Feb 08 2006 - ug@suse.de +- fixed #148527 + a broken symlink in the chroot jail is in the way +* Fri Jan 27 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Wed Jan 25 2006 - ug@suse.de +- fixed #145169 + (follow symlinks during chroot jail creation) +* Sat Jan 14 2006 - schwab@suse.de +- Don't remove sources. +* Mon Jan 02 2006 - ug@suse.de +- version update from 9.3.1 to 9.3.2 +* Mon Nov 21 2005 - ug@suse.de +- fixed an insecure tmp file bug in the + named-bootconf.sh contrib script +* Mon Sep 26 2005 - ro@suse.de +- added LDAP_DEPRECATED to CFLAGS +* Fri Jul 22 2005 - lmuelle@suse.de +- Copy the right default file if /etc/sysconfig/named is missing while + calling the lwresd init script; [#97187]. +* Fri Jun 17 2005 - ug@suse.de +- compilation with -fpie and -pie now + which makes it harder to use + exploits with fixed memory addresses. +* Wed Apr 13 2005 - mls@suse.de +- fix SLP registration +* Fri Mar 25 2005 - schwab@suse.de +- Fix leak in lwres library [#74529]. +* Fri Mar 11 2005 - ug@suse.de +- version update from 9.3.0 to 9.3.1 +- fixed bug #72153 + lwresd doesn't notice if name server is + unreachable and times out +* Fri Mar 11 2005 - ug@suse.de +- rndc dropped from the lwresd init script + it conflicts with a running bind +* Mon Mar 07 2005 - ug@suse.de +- lwresd init script "status" changed. + rndc is not used anymore +* Wed Feb 16 2005 - ug@suse.de +- lwresd name string changed (just beautify) +* Fri Feb 04 2005 - ug@suse.de +- changed the "insserv" behaviour on updates +- fixed empty lwresd.conf file in chroot env. +* Thu Feb 03 2005 - ug@suse.de +- empty lwresd.conf file fix (Bug #49081) +- lwresd is on by default now during boot +* Fri Jan 21 2005 - ug@suse.de +- sdb-ldap activated (ldapdb.c version from 16.01.2005) +- fixed security problem bug #49927 - remote denial-of-service + An incorrect assumption in the validator (authvalidated) + can result in a REQUIRE (internal consistancy) test failing + and named exiting. +* Tue Nov 30 2004 - ug@suse.de +- fixed #48659 + "rclwresd status" answered with OKAY even if only bind was running + "rcnamed status" answered with OKAY even if only lwresd was running +* Fri Nov 19 2004 - ug@suse.de +- SLP support via /etc/slp.reg.d/bind.reg file added +* Thu Nov 04 2004 - ug@suse.de +- version update to 9.3.0 +- ldapdump script bug fixed (#44452) +- dnssec-makekeyset and dnssec-signkey activated + in Makefile of bin/dnssec/ +* Wed Oct 13 2004 - lmuelle@suse.de +- Add condrestart to the named init script and use same code as in skeleton to + restart. +- Enhance check if named or lwresd are still running if the init script is + called with stop. +* Mon Sep 27 2004 - lmuelle@suse.de +- Update to version 9.2.4. +- Use defines for named user and group settings. +- Add PreReq groupadd and useradd to the chrootenv and lwresd package, + [#46050]. +- Ensure to remove temp sysconfig file in %%post. +- Remove warning from createNamedConfInclude script if a file is already + included in /etc/named.conf as we take care of such include statements in + the named init script anyway. +- Remove NAMED_CONF_INCLUDE_FILES fillup from include statements of + /etc/named.conf in the %%post of the bind package by the same reason. +* Sat Sep 18 2004 - lmuelle@suse.de +- Add all filenames from include statements of named.conf to + NAMED_CONF_INCLUDE_FILES in the named init script, [#40610]. +* Thu Sep 16 2004 - lmuelle@suse.de +- Add $remote_fs to Required-Start and Required-Stop of lwresd init script. +- Add Provides: dns_daemon to the lwresd package. +- Remove $time from Should-Start and Should-Stop, [#45433]. +* Wed Sep 15 2004 - lmuelle@suse.de +- Remove conflicts from bind and bind-lwrewsd package, [#45335]. +- Use rndc in lwresd init script if rndc is available. +* Thu Sep 09 2004 - lmuelle@suse.de +- Create /etc/rndc.key if bind-lwresd is installed and we install bind-utils + or if bind-utils is installed and we install bind-lwresd. +- Use 0644 instead of 0640 for the named.conf file. +- Split bind-doc from bind-utils. +- Use one sysconfig file for lwresd and named. +- Split common named and lwresd sysconfig settings from them unique to named. +- Rename lwres to bind-lwresd and lwres-devel to bind-libs. +- Ensure to create user and group 'named' in the %%pre of bind-lwresd and + bind-chrootenv. +* Tue Sep 07 2004 - lmuelle@suse.de +- Remove %%run_ldconfig from %%post of the bind package. +- Move vendor files to an own tar ball. +- Create new sub packages lwres, lwres-devel, and bind-chrootenv, [#44711]. +- Use new update message mechanism, [#44344]. +* Sun Jun 20 2004 - lmuelle@suse.de +- Quote definition of NOM_PATH_FILE in configure.in. +* Mon May 31 2004 - lmuelle@suse.de +- Add BIND.desktop file for SuSEhelp. +* Wed May 19 2004 - lmuelle@suse.de +- Add -d, directroy option to genDDNSkey [#40786]. +- Update ldapdump to version 1.1. This Version has better keyfile checks and + throws an error message if a keyfile can't be found, instead of just barfing + perl errors. +* Wed May 12 2004 - lmuelle@suse.de +- Update ldapdump; don't use .zone suffix for zone files. +* Wed Apr 28 2004 - lmuelle@suse.de +- Add /etc/openldap/schema/dnszone.schema to the bind-utils package. +- Add /usr/share/bind/ldapdump to the bind package. +- Add idnkit programs and libraries. +- Add idn patches for dig, host, and nslookup. +- Ensure to call functions initializeNamed, checkAndCopyConfigFiles, and + namedCheckConf in the named init script only one time. + Let namedCheckConf check the configuration inside the chroot. +- Check all configuration files in named init script while called with probe. +- Add NAMED_INITIALIZE_SCRIPTS to sysconfig.named. This allows to call + arbitrary scripts before named is started, restarted, or reloaded. + Therewith it's also possible to disable createNamedConfInclude entirely. +- createNamedConfInclude always overwrite .SuSEconfig file [#33768]. +- Rename SuSEconfig.named to createNamedConfInclude and move it to + /usr/share/bind. +* Sat Mar 13 2004 - schwab@suse.de +- Fix path to docs in sample named.conf. +* Tue Feb 24 2004 - poeml@suse.de +- add genDDNSkey to bind-utils (formerly in dhcp-server package) +- allow --keyfile and --keyname to be used with genDDNSkey, and + allow using /dev/urandom to avoid blocking +- in the init script, use rndc (if possible) in order to shut down, + so named will flush pending changes to dynamical zones +- when restarting named, make sure it is stopped before trying to + start it again [#34937] +- update root zone (dated Jan 29, 2004) +* Thu Feb 12 2004 - kukuk@suse.de +- Fix group of named.conf.include in filelist +- Build with -fno-strict-aliasing +* Wed Oct 15 2003 - lmuelle@suse.de +- update to version 9.2.3; includes the new zone type "delegation-only" to + foil Verisign's sitefinder games +- move root.hint to an extra source file, named.root +- use /etc/named.d and /var/lib/named/master directory in the example + configuration from the sample-config directory +- supress superfluous warning in SuSEconfig.named if /etc/named.conf.include + is empty +- create /etc/rndc.key in the init script if it's missing +- call namedCheckConf after checkAndCopyConfigFiles to allow us to start named + after checkAndCopyConfigFiles fixed a problem +- call SuSEconfig -module named not direct in the init script +- add norootforbuild to the spec file +- set owner of /etc/named.d and /etc/named.d/rndc-access.conf to root: +- add additional x while testing strings in the init script +- always include /etc/rndc.key in rndc-access.conf +- remove absolet stdtime.diff +- remove ip6rev.diff, as one part is included upstream and the other isn't + possible any longer +* Wed Oct 08 2003 - schwab@suse.de +- Fix typo in last change. +* Mon Sep 29 2003 - kukuk@suse.de +- Create named.conf.include if it does not exist [Bug #31683] +- Don't add rndc-access.conf at update [Bug #31696] +* Fri Sep 19 2003 - kukuk@suse.de +- Fix all useradd calls +* Mon Sep 15 2003 - kukuk@suse.de +- Fix Requires and Provides [Bug #30717] +* Fri Aug 29 2003 - kukuk@suse.de +- Call useradd with -r for system accounts [Bug #29611] +* Thu Aug 28 2003 - lmuelle@suse.de +- call sbin/SuSEconfig --module named and not directly the script in the %%post + section +- check if rndc is accessible in the init script +* Tue Aug 26 2003 - lmuelle@suse.de +- add Config: syslog-ng to sysconfig.syslog-named +* Sat Aug 23 2003 - lmuelle@suse.de +- add NAMED_ARGS to sysconfig.named +- use -r /dev/urandom while calling rndc-confgen in the post section +* Thu Aug 21 2003 - lmuelle@suse.de +- rename package from bind9 to bind +- add stop_on_removal and restart_on_update macros to preun and postun section + fix bug #29048 +- add default /etc/named.d/rndc-access.conf +- add SuSEconfig.named +- add all included files to NAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named + while update if NAMED_CONF_INCLUDE_FILES is empty +- add additional sysconfig meta data +- remove -u from the copy in prepare_chroot() of the init script due to + the rist of a wrong system time +- unify init scripts; add one space at the end to all echos +- document new features in the README.{SuSE,UnitedLinux} +- fix bug #28585 +* Mon May 26 2003 - lmuelle@suse.de +- add -u to copy in prepare_chroot() of the init script, #25687 +- fix output format in init script +* Fri Apr 11 2003 - mludvig@suse.cz +- Make nibble queries instead of bitstring ones for IPv6 addresses. +- Differentiate between 6bone (3ffe::/16, .ip6.int) and other + addresses (!3ffe::/16, ip6.arpa). +* Wed Mar 12 2003 - lmuelle@suse.de +- fix try-restart part of init skript +- set PATH to "/sbin:/usr/sbin:/bin:/usr/bin", #21295 +* Mon Mar 10 2003 - lmuelle@suse.de +- remove %%ghost from /var/lib/named/var/log +* Mon Mar 10 2003 - lmuelle@suse.de +- add null logging for lame-servers to logging example in named.conf +- fix file section +- change /var/run/named to a sym link pointing to /var/lib/named/var/run/named, + [#24768] +* Wed Mar 05 2003 - lmuelle@suse.de +- remove empty.zone due to possibility of CIDR addressing +- remove rndc.conf; rndc also uses rndc.key, fix bug #17751 +- create rndc.key with 512bit sized key in %%post +- remove %%pre of utils package +- create additional sub directories log, dyn and master in /var/lib/named +- add a non active logging example to named.conf +* Tue Mar 04 2003 - lmuelle@suse.de +- update to version 9.2.2; maintenance/ bugfix release +* Sat Mar 01 2003 - ro@suse.de +- also create named user/group in utils preinstall +* Thu Feb 27 2003 - ro@suse.de +- create named user/group in preinstall and install +* Thu Feb 27 2003 - lmuelle@suse.de +- set /etc/named.conf to root:named and 0640 +- add an example to additional info mail for dynamic updates +- add more information to the README +- add sysconfig file for chroot jail; default is yes +- add chroot features to init script for start and reload +* Mon Feb 24 2003 - lmuelle@suse.de +- add separate binaries to PreReq +- add --localstatedir=/var to configure call +- add and autocreate /etc/rndc.{conf,key} +- move rndc binaries and man pages to utils package +- fix %%post in case of update +- set ownership of /var/lib/named to root: +- add a README +- fix init script to return correspondig message to checkproc return code +- remove umlauts from %%post mail +- add additional info mail about ownership of /var/lib/named if journal files + are used +* Mon Feb 17 2003 - lmuelle@suse.de +- update bind9 to version 9.2.1 +- move /var/named to /var/lib/named +- remove obsolete patches (bison, ltconfig_ppc64, manpages, security) +* Wed Nov 13 2002 - ro@suse.de +- fix build with current bison (end all rules with ";") +* Sat Sep 07 2002 - kukuk@suse.de +- Fix running bind9 as user named [Bug #18417] +* Mon Aug 19 2002 - ro@suse.de +- added prereqs (#17807) +* Mon Aug 19 2002 - okir@suse.de +- Added patch to make named run as non-root user +- added "-u named" option to init script invocation of named +* Sun Jul 28 2002 - kukuk@suse.de +- Remove yacc from neededforbuild +* Sat Jul 27 2002 - adrian@suse.de +- add %%run_ldconfig +* Mon Jul 22 2002 - kukuk@suse.de +- Move .so symlinks to devel package +- Move liblwres shared library to utils package +- make lib64 clean +* Wed Jul 10 2002 - olh@suse.de +- hack ltconfig for ppc64 to build shared libs +* Wed Jul 10 2002 - draht@suse.de +- move /usr/bin/nsupdate to bindutil (#16944) +* Mon Jun 03 2002 - okir@suse.de +- Applied security fix for remote DoS (CERT VU#739123) +* Fri Dec 14 2001 - ro@suse.de +- removed START_NAMED +* Wed Sep 05 2001 - pthomas@suse.de +- Fix incorrect .so references in lwres manpages. +* Sun Aug 12 2001 - kukuk@suse.de +- Fix path to perl interpreter +* Wed Jul 04 2001 - bodammer@suse.de +- Update to bind-9.1.3 (release) +- Config-files moved away from bind-9.1.3.dif +* Mon Jul 02 2001 - bodammer@suse.de +- update to bind-9.1.3rc3 +- "Implicit declaration of function time" in context.c fixed +* Mon Jun 25 2001 - bodammer@suse.de +- update to bind-9.1.3rc2 +* Tue May 29 2001 - bodammer@suse.de +- update to bind-9.1.3rc1 +* Thu May 10 2001 - bodammer@suse.de +- initscript fix: don't start bind in runlevel 2 [bug #7956] +* Tue May 08 2001 - mfabian@suse.de +- bzip2 sources +* Tue May 08 2001 - bodammer@suse.de +- install a new named.conf with comments +* Mon May 07 2001 - bodammer@suse.de +- update to bind-9.1.2 (release) +* Tue Apr 24 2001 - bodammer@suse.de +- little modification to named.conf +* Thu Mar 29 2001 - bodammer@suse.de +- update to bind-9.1.1 (release) +* Tue Mar 27 2001 - bodammer@suse.de +- update to bind-9.1.1rc7 +* Fri Mar 23 2001 - bodammer@suse.de +- update to bind-9.1.1rc6 +* Thu Mar 15 2001 - bodammer@suse.de +- update to bind-9.1.1rc5 +- new initscript more LSB conform +* Mon Mar 12 2001 - bodammer@suse.de +- update to bind-9.1.1rc4 +* Tue Feb 27 2001 - bodammer@suse.de +- initscript fix: now checks for a running named +* Tue Feb 27 2001 - bodammer@suse.de +- update to bind-9.1.1rc3 +* Thu Feb 15 2001 - sf@suse.de +- added suse_update_config +* Wed Feb 14 2001 - bodammer@suse.de +- update to bind-9.1.1rc2 +* Mon Feb 12 2001 - bodammer@suse.de +- subpackages bind9-util and bind9-devel created +* Thu Feb 08 2001 - bodammer@suse.de +- update to bind-9.1.1rc1 +- missing headerfile included in stdtime.c +* Thu Jan 18 2001 - bodammer@suse.de +- update to bind-9.1.0 +* Tue Nov 28 2000 - bodammer@suse.de +- Fix location of rcscript +* Thu Nov 23 2000 - ro@suse.de +- added insserv calls +* Thu Nov 23 2000 - bodammer@suse.de +- rcscript update +* Mon Nov 13 2000 - bodammer@suse.de +- update to bind-9.0.1 +* Fri Oct 06 2000 - kukuk@suse.de +- change group tag +* Mon Sep 18 2000 - bodammer@suse.de +- update to bind-9.0.0 ( first release version ) +* Wed Aug 30 2000 - bodammer@suse.de +- update to bind-9.0.0rc5 +* Wed Aug 16 2000 - bodammer@suse.de +- update to bind-9.0.0rc3 +* Thu Aug 10 2000 - bodammer@suse.de +- update to bind-9.0.0rc2 +- nslookup renamed to nslookup9 +* Thu Jul 13 2000 - bodammer@suse.de +- update to bind-9.0.0rc1 (release candidate) +* Mon Jul 03 2000 - bodammer@suse.de +- update to bind-9.0.0b5 +- host renamed to host9 +* Fri Jun 16 2000 - bodammer@suse.de +- update to bind-9.0.0b4 +* Thu May 25 2000 - bodammer@suse.de +- dig renamed to dig9 to avoid conflicts with dig from bindutil +- libtool-fix added +- option -f added to suse_update_config-macro +* Wed May 24 2000 - bodammer@suse.de +- update to bind-9.0.0b3 +- configure option added to build shared libraries +* Mon May 15 2000 - schwab@suse.de +- Update config files. +- Fix 64-bit bug. +* Fri May 12 2000 - bodammer@suse.de +- update to bind9-snap-20000510 +* Tue May 02 2000 - bodammer@suse.de +- update to bind9-snap-20000427a +* Wed Apr 19 2000 - bodammer@suse.de +- update to bind9-snap-20000414 +* Tue Mar 28 2000 - bodammer@suse.de +- update to bind-9.0.0b2 +* Mon Feb 07 2000 - bodammer@suse.de +- first public beta version bind-9.0.0b1 diff --git a/configure.in.diff b/configure.in.diff new file mode 100644 index 0000000..ea97e31 --- /dev/null +++ b/configure.in.diff @@ -0,0 +1,31 @@ +--- bind-9.2.3/configure.in ++++ bind-9.2.3/configure.in 2004-06-20 08:17:09 +@@ -24,7 +24,7 @@ + AC_CANONICAL_HOST + + AC_PROG_MAKE_SET +-AC_PROG_RANLIB ++AC_PROG_LIBTOOL + AC_PROG_INSTALL + + AC_SUBST(STD_CINCLUDES) +@@ -1636,7 +1636,7 @@ + # empty). The variable VARIABLE will be substituted into output files. + # + +-AC_DEFUN(NOM_PATH_FILE, [ ++AC_DEFUN([NOM_PATH_FILE], [ + $1="" + AC_MSG_CHECKING(for $2) + for d in $3 +--- bind-9.2.2rc1/lib/bind/configure.in ++++ bind-9.2.2rc1/lib/bind/configure.in 2003-01-31 11:18:00 +@@ -23,7 +23,7 @@ + AC_CANONICAL_HOST + + AC_PROG_MAKE_SET +-AC_PROG_RANLIB ++AC_PROG_LIBTOOL + AC_PROG_INSTALL + + AC_SUBST(STD_CINCLUDES) diff --git a/dnszone-schema.txt b/dnszone-schema.txt new file mode 100644 index 0000000..bd969ab --- /dev/null +++ b/dnszone-schema.txt @@ -0,0 +1,124 @@ +# A schema for storing DNS zones in LDAP +# +attributetype ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' + DESC 'An integer denoting time to live' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' + DESC 'The class of a resource record' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName' + DESC 'The name of a zone, i.e. the name of the highest node in the zone' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName' + DESC 'The starting labels of a domain name' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' + DESC 'domain name pointer, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' + DESC 'host information, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' + DESC 'mailbox or mail list information, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' + DESC 'text string, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' + DESC 'Signature, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' + DESC 'Key, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' + DESC 'IPv6 address, RFC 1886' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' + DESC 'Location, RFC 1876' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' + DESC 'non-existant, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' + DESC 'service location, RFC 2782' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' + DESC 'Naming Authority Pointer, RFC 2915' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' + DESC 'Key Exchange Delegation, RFC 2230' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' + DESC 'certificate, RFC 2538' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' + DESC 'A6 Record Type, RFC 2874' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' + DESC 'Non-Terminal DNS Name Redirection, RFC 2672' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' + SUP top STRUCTURAL + MUST ( zoneName $ relativeDomainName ) + MAY ( DNSTTL $ DNSClass $ + ARecord $ MDRecord $ MXRecord $ NSRecord $ + SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $ + MINFORecord $ TXTRecord $ SIGRecord $ KEYRecord $ + AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $ + NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $ + DNAMERecord ) ) diff --git a/idnkit-1.0.diff b/idnkit-1.0.diff new file mode 100644 index 0000000..63780bd --- /dev/null +++ b/idnkit-1.0.diff @@ -0,0 +1,622 @@ +--- bind-9.2.3/bin/dig/dig.1 ++++ bind-9.2.3/bin/dig/dig.1 Tue Jul 22 15:01:36 2003 +@@ -354,4 +354,15 @@ + will not print the initial query when it looks up the NS records for + isc.org. ++.SH "IDN SUPPORT" ++.PP ++If \fBdig\fR has been built with IDN (internationalized ++domain name) support, it can accept and display non-ASCII domain names. ++\fBdig\fR appropriately converts character encoding of ++domain name before sending a request to DNS server or displaying a ++reply from the server. ++If you'd like to turn off the IDN support for some reason, defines ++the \fBIDN_DISABLE\fR environment variable. ++The IDN support is disabled if the the variable is set when ++\fBdig\fR runs. + .SH "FILES" + .PP +--- bind-9.3.0/bin/dig/Makefile.in ++++ bind-9.3.0/bin/dig/Makefile.in 2004/11/03 16:31:56 +@@ -45,7 +45,7 @@ + ${LWRESDEPLIBS} + + LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCLIBS} \ +- ${ISCCFGLIBS} @LIBS@ ++ ${ISCCFGLIBS} @IDNLIBS@ @LIBS@ + + SUBDIRS = + +--- bind-9.2.3/bin/dig/dig.docbook ++++ bind-9.2.3/bin/dig/dig.docbook Tue Jul 22 15:01:36 2003 +@@ -530,4 +530,19 @@ + + ++IDN SUPPORT ++ ++If dig has been built with IDN (internationalized ++domain name) support, it can accept and display non-ASCII domain names. ++dig appropriately converts character encoding of ++domain name before sending a request to DNS server or displaying a ++reply from the server. ++If you'd like to turn off the IDN support for some reason, defines ++the IDN_DISABLE environment variable. ++The IDN support is disabled if the the variable is set when ++dig runs. ++ ++ ++ ++ + FILES + +--- bind-9.2.3/bin/dig/dighost.c ++++ bind-9.2.3/bin/dig/dighost.c Tue Jul 22 15:01:36 2003 +@@ -33,4 +33,15 @@ + #include + ++#ifdef HAVE_LOCALE_H ++#include ++#endif ++ ++#ifdef WITH_IDN ++#include ++#include ++#include ++#include ++#endif ++ + #include + #include +@@ -132,4 +143,16 @@ + dig_lookup_t *current_lookup = NULL; + ++#ifdef WITH_IDN ++static void initialize_idn(void); ++static isc_result_t output_filter(isc_buffer_t *buffer, ++ unsigned int used_org, ++ isc_boolean_t absolute); ++static idn_result_t append_textname(char *name, const char *origin, ++ size_t namesize); ++static void idn_check_result(idn_result_t r, const char *msg); ++ ++#define MAXDLEN 256 ++#endif ++ + /* + * Apply and clear locks at the event level in global task. +@@ -683,4 +706,8 @@ + } + ++#ifdef WITH_IDN ++ initialize_idn(); ++#endif ++ + if (keyfile[0] != 0) + setup_file_key(); +@@ -1203,4 +1230,12 @@ + dns_compress_t cctx; + char store[MXNAME]; ++#ifdef WITH_IDN ++ idn_result_t mr; ++ char utf8_textname[MXNAME], utf8_origin[MXNAME], idn_textname[MXNAME]; ++#endif ++ ++#ifdef WITH_IDN ++ dns_name_settotextfilter(output_filter); ++#endif + + REQUIRE(lookup != NULL); +@@ -1231,4 +1266,15 @@ + sizeof(lookup->onamespace)); + ++#ifdef WITH_IDN ++ /* ++ * We cannot convert `textname' and `origin' separately. ++ * `textname' doesn't contain TLD, but local mapping needs ++ * TLD. ++ */ ++ mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, lookup->textname, ++ utf8_textname, sizeof(utf8_textname)); ++ idn_check_result(mr, "convert textname to UTF-8"); ++#endif ++ + /* + * If the name has too many dots, force the origin to be NULL +@@ -1239,4 +1285,11 @@ + */ + /* XXX New search here? */ ++#ifdef WITH_IDN ++ if ((count_dots(utf8_textname) >= ndots) || !usesearch) ++ lookup->origin = NULL; /* Force abs lookup */ ++ else if (lookup->origin == NULL && lookup->new_search && usesearch) { ++ lookup->origin = ISC_LIST_HEAD(search_list); ++ } ++#else + if ((count_dots(lookup->textname) >= ndots) || !usesearch) + lookup->origin = NULL; /* Force abs lookup */ +@@ -1244,5 +1297,27 @@ + lookup->origin = ISC_LIST_HEAD(search_list); + } ++#endif ++ ++#ifdef WITH_IDN + if (lookup->origin != NULL) { ++ mr = idn_encodename(IDN_LOCALCONV | IDN_DELIMMAP, ++ lookup->origin->origin, utf8_origin, ++ sizeof(utf8_origin)); ++ idn_check_result(mr, "convert origin to UTF-8"); ++ mr = append_textname(utf8_textname, utf8_origin, ++ sizeof(utf8_textname)); ++ idn_check_result(mr, "append origin to textname"); ++ } ++ mr = idn_encodename(IDN_LOCALMAP | IDN_NAMEPREP | IDN_ASCCHECK | ++ IDN_IDNCONV | IDN_LENCHECK, utf8_textname, ++ idn_textname, sizeof(idn_textname)); ++ idn_check_result(mr, "convert UTF-8 textname to IDN encoding"); ++#endif ++ ++#ifdef WITH_IDN ++ if (0) { ++#else ++ if (lookup->origin != NULL) { ++#endif + debug("trying origin %s", lookup->origin->origin); + result = dns_message_gettempname(lookup->sendmsg, +@@ -1289,4 +1364,13 @@ + dns_name_clone(dns_rootname, lookup->name); + else { ++#ifdef WITH_IDN ++ len = strlen(idn_textname); ++ isc_buffer_init(&b, idn_textname, len); ++ isc_buffer_add(&b, len); ++ result = dns_name_fromtext(lookup->name, &b, ++ dns_rootname, ++ ISC_FALSE, ++ &lookup->namebuf); ++#else + len = strlen(lookup->textname); + isc_buffer_init(&b, lookup->textname, len); +@@ -1296,4 +1380,5 @@ + ISC_FALSE, + &lookup->namebuf); ++#endif + } + if (result != ISC_R_SUCCESS) { +@@ -2724,2 +2809,100 @@ + isc_mem_destroy(&mctx); + } ++ ++#ifdef WITH_IDN ++static void ++initialize_idn(void) { ++ idn_result_t r; ++ ++#ifdef HAVE_SETLOCALE ++ /* Set locale */ ++ (void)setlocale(LC_ALL, ""); ++#endif ++ /* Create configuration context. */ ++ r = idn_nameinit(1); ++ if (r != idn_success) ++ fatal("idn api initialization failed: %s", ++ idn_result_tostring(r)); ++ ++ /* Set domain name -> text post-conversion filter. */ ++ dns_name_settotextfilter(output_filter); ++} ++ ++static isc_result_t ++output_filter(isc_buffer_t *buffer, unsigned int used_org, ++ isc_boolean_t absolute) ++{ ++ char tmp1[MAXDLEN], tmp2[MAXDLEN]; ++ size_t fromlen, tolen; ++ isc_boolean_t end_with_dot; ++ ++ /* ++ * Copy contents of 'buffer' to 'tmp1', supply trailing dot ++ * if 'absolute' is true, and terminate with NUL. ++ */ ++ fromlen = isc_buffer_usedlength(buffer) - used_org; ++ if (fromlen >= MAXDLEN) ++ return (ISC_R_SUCCESS); ++ memcpy(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen); ++ end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE; ++ if (absolute && !end_with_dot) { ++ fromlen++; ++ if (fromlen >= MAXDLEN) ++ return (ISC_R_SUCCESS); ++ tmp1[fromlen - 1] = '.'; ++ } ++ tmp1[fromlen] = '\0'; ++ ++ /* ++ * Convert contents of 'tmp1' to local encoding. ++ */ ++ if (idn_decodename(IDN_DECODE_APP, tmp1, tmp2, MAXDLEN) != idn_success) ++ return (ISC_R_SUCCESS); ++ strcpy(tmp1, tmp2); ++ ++ /* ++ * Copy the converted contents in 'tmp1' back to 'buffer'. ++ * If we have appended trailing dot, remove it. ++ */ ++ tolen = strlen(tmp1); ++ if (absolute && !end_with_dot && tmp1[tolen - 1] == '.') ++ tolen--; ++ ++ if (isc_buffer_length(buffer) < used_org + tolen) ++ return (ISC_R_NOSPACE); ++ ++ isc_buffer_subtract(buffer, isc_buffer_usedlength(buffer) - used_org); ++ memcpy(isc_buffer_used(buffer), tmp1, tolen); ++ isc_buffer_add(buffer, tolen); ++ ++ return (ISC_R_SUCCESS); ++} ++ ++static idn_result_t ++append_textname(char *name, const char *origin, size_t namesize) { ++ size_t namelen = strlen(name); ++ size_t originlen = strlen(origin); ++ ++ /* Already absolute? */ ++ if (namelen > 0 && name[namelen - 1] == '.') ++ return idn_success; ++ ++ /* Append dot and origin */ ++ ++ if (namelen + 1 + originlen >= namesize) ++ return idn_buffer_overflow; ++ ++ name[namelen++] = '.'; ++ (void)strcpy(name + namelen, origin); ++ return idn_success; ++} ++ ++static void ++idn_check_result(idn_result_t r, const char *msg) { ++ if (r != idn_success) { ++ exitcode = 1; ++ fatal("%s: %s", msg, idn_result_tostring(r)); ++ } ++} ++ ++#endif /* WITH_IDN */ +--- bind-9.2.3/bin/dig/host.1 ++++ bind-9.2.3/bin/dig/host.1 Tue Jul 22 15:01:36 2003 +@@ -121,4 +121,15 @@ + will be set to the number of seconds given by the hardware's maximum + value for an integer quantity. ++.SH "IDN SUPPORT" ++.PP ++If \fBhost\fR has been built with IDN (internationalized ++domain name) support, it can accept and display non-ASCII domain names. ++\fBhost\fR appropriately converts character encoding of ++domain name before sending a request to DNS server or displaying a ++reply from the server. ++If you'd like to turn off the IDN support for some reason, defines ++the \fBIDN_DISABLE\fR environment variable. ++The IDN support is disabled if the the variable is set when ++\fBhost\fR runs. + .SH "FILES" + .PP +--- bind-9.2.3/bin/dig/host.docbook ++++ bind-9.2.3/bin/dig/host.docbook Tue Jul 22 15:01:36 2003 +@@ -182,4 +182,19 @@ + + ++IDN SUPPORT ++ ++If host has been built with IDN (internationalized ++domain name) support, it can accept and display non-ASCII domain names. ++host appropriately converts character encoding of ++domain name before sending a request to DNS server or displaying a ++reply from the server. ++If you'd like to turn off the IDN support for some reason, defines ++the IDN_DISABLE environment variable. ++The IDN support is disabled if the the variable is set when ++host runs. ++ ++ ++ ++ + FILES + +--- bind-9.2.3/lib/dns/include/dns/name.h ++++ bind-9.2.3/lib/dns/include/dns/name.h Tue Jul 22 15:01:37 2003 +@@ -220,4 +220,15 @@ + #define DNS_NAME_MAXWIRE 255 + ++#ifdef WITH_IDN ++/* ++ * Text output filter procedure. ++ * 'target' is the buffer to be converted. The region to be converted ++ * is from 'buffer'->base + 'used_org' to the end of the used region. ++ */ ++typedef isc_result_t (*dns_name_totextfilter_t)(isc_buffer_t *target, ++ unsigned int used_org, ++ isc_boolean_t absolute); ++#endif ++ + /*** + *** Initialization +@@ -1261,4 +1272,12 @@ + * + */ ++ ++#ifdef WITH_IDN ++void ++dns_name_settotextfilter(dns_name_totextfilter_t proc); ++/* ++ * Call 'proc' at the end of dns_name_totext. ++ */ ++#endif /* WITH_IDN */ + + #define DNS_NAME_FORMATSIZE (DNS_NAME_MAXTEXT + 1) +--- bind-9.2.3/lib/dns/name.c ++++ bind-9.2.3/lib/dns/name.c Tue Jul 22 15:01:36 2003 +@@ -196,4 +196,11 @@ + dns_name_t *dns_wildcardname = &wild; + ++#ifdef WITH_IDN ++/* ++ * dns_name_t to text post-conversion procedure. ++ */ ++static dns_name_totextfilter_t totext_filter_proc = NULL; ++#endif ++ + static void + set_offsets(const dns_name_t *name, unsigned char *offsets, +@@ -1700,4 +1707,7 @@ + isc_boolean_t saw_root = ISC_FALSE; + char num[4]; ++#ifdef WITH_IDN ++ unsigned int oused = target->used; ++#endif + + /* +@@ -1877,4 +1887,8 @@ + isc_buffer_add(target, tlen - trem); + ++#ifdef WITH_IDN ++ if (totext_filter_proc != NULL) ++ return ((*totext_filter_proc)(target, oused, saw_root)); ++#endif + return (ISC_R_SUCCESS); + } +@@ -3341,2 +3355,8 @@ + } + ++#ifdef WITH_IDN ++void ++dns_name_settotextfilter(dns_name_totextfilter_t proc) { ++ totext_filter_proc = proc; ++} ++#endif +--- bind-9.2.3/README.idnkit ++++ bind-9.2.3/README.idnkit Tue Jul 22 15:01:35 2003 +@@ -0,0 +1,113 @@ ++ ++ BIND-9 IDN patch ++ ++ Japan Network Information Center (JPNIC) ++ ++ ++* What is this patch for? ++ ++This patch adds internationalized domain name (IDN) support to BIND-9. ++You'll get internationalized version of dig/host/nslookup commands. ++ ++ + internationalized dig/host/nslookup ++ dig/host/nslookup accepts non-ASCII domain names in the local ++ codeset (such as Shift JIS, Big5 or ISO8859-1) determined by ++ the locale information. The domain names are normalized and ++ converted to the encoding on the DNS protocol, and sent to DNS ++ servers. The replies are converted back to the local codeset ++ and displayed. ++ ++ ++* Compilation & installation ++ ++0. Prerequisite ++ ++You have to build and install idnkit before building this patched version ++of bind-9. ++ ++1. Running configure script ++ ++Run `configure' in the top directory. See `README' for the ++configuration options. ++ ++This patch adds the following 4 options to `configure'. You should ++at least specify `--with-idn' option to enable IDN support. ++ ++ --with-idn[=IDN_PREFIX] ++ To enable IDN support, you have to specify `--with-idn' option. ++ The argument IDN_PREFIX is the install prefix of idnkit. If ++ IDN_PREFIX is omitted, PREFIX (derived from `--prefix=PREFIX') ++ is assumed. ++ ++ --with-libiconv[=LIBICONV_PREFIX] ++ Specify this option if idnkit you have installed links GNU ++ libiconv. The argument LIBICONV_PREFIX is install prefix of ++ GNU libiconv. If the argument is omitted, PREFIX (derived ++ from `--prefix=PREFIX') is assumed. ++ ++ `--with-libiconv' is shorthand option for GNU libiconv. ++ ++ --with-libiconv=/usr/local ++ ++ This is equivalent to: ++ ++ --with-iconv='-L/usr/local/lib -R/usr/local/lib -liconv' ++ ++ `--with-libiconv' assumes that your C compiler has `-R' ++ option, and that the option adds the specified run-time path ++ to an exacutable binary. If `-R' option of your compiler has ++ different meaning, or your compiler lacks the option, you ++ should use `--with-iconv' option instead. Binary command ++ without run-time path information might be unexecutable. ++ In that case, you would see an error message like: ++ ++ error in loading shared libraries: libiconv.so.2: cannot ++ open shared object file ++ ++ If both `--with-libiconv' and `--with-iconv' options are ++ specified, `--with-iconv' is prior to `--with-libiconv'. ++ ++ --with-iconv=ICONV_LIBSPEC ++ If your libc doens't provide iconv(), you need to specify the ++ library containing iconv() with this option. `ICONV_LIBSPEC' ++ is the argument(s) to `cc' or `ld' to link the library, for ++ example, `--with-iconv="-L/usr/local/lib -liconv"'. ++ You don't need to specify the header file directory for "iconv.h" ++ to the compiler, as it isn't included directly by bind-9 with ++ this patch. ++ ++ --with-idnlib=IDN_LIBSPEC ++ With this option, you can explicitly specify the argument(s) ++ to `cc' or `ld' to link the idnkit's library, `libidnkit'. If ++ this option is not specified, `-L${PREFIX}/lib -lidnkit' is ++ assumed, where ${PREFIX} is the installation prefix specified ++ with `--with-idn' option above. You may need to use this ++ option to specify extra argments, for example, ++ `--with-idnlib="-L/usr/local/lib -R/usr/local/lib -lidnkit"'. ++ ++Please consult `README' for other configuration options. ++ ++Note that if you want to specify some extra header file directories, ++you should use the environment variable STD_CINCLUDES instead of ++CFLAGS, as described in README. ++ ++2. Compilation and installation ++ ++After running "configure", just do ++ ++ make ++ make install ++ ++for compiling and installing. ++ ++ ++* Contact information ++ ++Please see http//www.nic.ad.jp/en/idn/ for the latest news ++about idnkit and this patch. ++ ++Bug reports and comments on this kit should be sent to ++mdnkit-bugs@nic.ad.jp and idn-cmt@nic.ad.jp, respectively. ++ ++ ++; $Id: bind-9.2.3rc1-patch,v 1.1.2.1 2003/07/22 06:02:05 marka Exp $ +--- bind-9.2.3/config.h.in ++++ bind-9.2.3/config.h.in Tue Jul 22 15:05:37 2003 +@@ -137,4 +137,7 @@ + #undef HAVE_STRERROR + ++/* Define if you have the setlocale function. */ ++#undef HAVE_SETLOCALE ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_DLFCN_H +@@ -164,4 +167,7 @@ + #undef HAVE_LINUX_CAPABILITY_H + ++/* Define if you have the header file. */ ++#undef HAVE_LOCALE_H ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_MEMORY_H +@@ -183,4 +189,8 @@ + + /* Define to 1 if you have the header file. */ ++ ++/* define if idnkit support is to be included. */ ++#undef WITH_IDN ++ + #undef HAVE_SYS_SELECT_H + +--- bind-9.2.3/configure.in ++++ bind-9.2.3/configure.in Tue Jul 22 15:01:35 2003 +@@ -1696,4 +1696,80 @@ + + # ++# IDN support ++# ++AC_ARG_WITH(idn, ++ [ --with-idn[=MPREFIX] enable IDN support using idnkit [default PREFIX]], ++ use_idn="$withval", use_idn="no") ++case "$use_idn" in ++yes) ++ if test X$prefix = XNONE ; then ++ idn_path=/usr/local ++ else ++ idn_path=$prefix ++ fi ++ ;; ++no) ++ ;; ++*) ++ idn_path="$use_idn" ++ ;; ++esac ++ ++iconvinc= ++iconvlib= ++AC_ARG_WITH(libiconv, ++ [ --with-libiconv[=IPREFIX] GNU libiconv are in IPREFIX [default PREFIX]], ++ use_libiconv="$withval", use_libiconv="no") ++case "$use_libiconv" in ++yes) ++ if test X$prefix = XNONE ; then ++ iconvlib="-L/usr/local/lib -R/usr/local/lib -liconv" ++ else ++ iconvlib="-L$prefix/lib -R$prefix/lib -liconv" ++ fi ++ ;; ++no) ++ iconvlib= ++ ;; ++*) ++ iconvlib="-L$use_libiconv/lib -R$use_libiconv/lib -liconv" ++ ;; ++esac ++ ++AC_ARG_WITH(iconv, ++ [ --with-iconv[=LIBSPEC] specify iconv library [default -liconv]], ++ iconvlib="$withval") ++case "$iconvlib" in ++no) ++ iconvlib= ++ ;; ++yes) ++ iconvlib=-liconv ++ ;; ++esac ++ ++AC_ARG_WITH(idnlib, ++ [ --with-idnlib=ARG specify libidnkit], ++ idnlib="$withval", idnlib="no") ++if test "$idnlib" = yes; then ++ AC_MSG_ERROR([You must specify ARG for --with-idnlib.]) ++fi ++ ++IDNLIBS= ++if test "$use_idn" != no; then ++ AC_DEFINE(WITH_IDN, 1, [define if idnkit support is to be included.]) ++ STD_CINCLUDES="$STD_CINCLUDES -I$idn_path/include" ++ if test "$idnlib" != no; then ++ IDNLIBS="$idnlib $iconvlib" ++ else ++ IDNLIBS="-L$idn_path/lib -lidnkit $iconvlib" ++ fi ++fi ++AC_SUBST(IDNLIBS) ++ ++AC_CHECK_HEADERS(locale.h) ++AC_CHECK_FUNCS(setlocale) ++ ++# + # Substitutions + # diff --git a/named-bootconf.diff b/named-bootconf.diff new file mode 100644 index 0000000..cf9b8f6 --- /dev/null +++ b/named-bootconf.diff @@ -0,0 +1,25 @@ +--- contrib/named-bootconf/named-bootconf.sh ++++ contrib/named-bootconf/named-bootconf.sh 2005/11/21 10:57:33 +@@ -54,9 +54,10 @@ + # POSSIBILITY OF SUCH DAMAGE. + + if [ ${OPTIONFILE-X} = X ]; then +- OPTIONFILE=/tmp/.options.`date +%s`.$$ +- ZONEFILE=/tmp/.zones.`date +%s`.$$ +- COMMENTFILE=/tmp/.comments.`date +%s`.$$ ++ TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1 ++ OPTIONFILE=$TMPDIR/.options.`date +%s`.$$ ++ ZONEFILE=$TMPDIR/.zones.`date +%s`.$$ ++ COMMENTFILE=$TMPDIR/.comments.`date +%s`.$$ + export OPTIONFILE ZONEFILE COMMENTFILE + touch $OPTIONFILE $ZONEFILE $COMMENTFILE + DUMP=1 +@@ -302,7 +303,7 @@ + echo "};" + cat $ZONEFILE $COMMENTFILE + +- rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE ++ rm -rf $TMPDIR + fi + + exit 0 diff --git a/named.root b/named.root new file mode 100644 index 0000000..278dd97 --- /dev/null +++ b/named.root @@ -0,0 +1,80 @@ +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . " +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.root +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: Jan 29, 2004 +; related version of root zone: 2004012900 +; +; +; formerly NS.INTERNIC.NET +; +. 3600000 IN NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +; +; formerly NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +; +; formerly C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +; +; formerly TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 +; +; formerly NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +; +; formerly NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +; +; formerly NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +; +; formerly AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 +; +; formerly NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +; +; operated by VeriSign, Inc. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +; +; operated by RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +; +; operated by ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12 +; +; operated by WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +; End of File diff --git a/nsupdate.8.diff b/nsupdate.8.diff new file mode 100644 index 0000000..d35517b --- /dev/null +++ b/nsupdate.8.diff @@ -0,0 +1,125 @@ +--- bin/nsupdate//nsupdate.8 2006-07-06 11:17:01.000000000 +0200 ++++ /usr/share/man/man8/nsupdate.8 2006-07-06 11:19:37.000000000 +0200 +@@ -29,7 +29,6 @@ + .SH "NAME" + nsupdate \- Dynamic DNS update utility + .SH "SYNOPSIS" +-.HP 9 + \fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fIkeyname:secret\fR\fR] [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [filename] + .SH "DESCRIPTION" + .PP +@@ -124,7 +123,7 @@ + .PP + The command formats and their meaning are as follows: + .TP +-.HP 7 \fBserver\fR {servername} [port] ++\fBserver\fR {servername} [port] + Sends all dynamic update requests to the name server + \fIservername\fR. When no server statement is provided, + \fBnsupdate\fR +@@ -134,7 +133,7 @@ + \fIservername\fR + where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used. + .TP +-.HP 6 \fBlocal\fR {address} [port] ++\fBlocal\fR {address} [port] + Sends all dynamic update requests using the local + \fIaddress\fR. When no local statement is provided, + \fBnsupdate\fR +@@ -142,7 +141,7 @@ + \fIport\fR + can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one. + .TP +-.HP 5 \fBzone\fR {zonename} ++\fBzone\fR {zonename} + Specifies that all updates are to be made to the zone + \fIzonename\fR. If no + \fIzone\fR +@@ -150,13 +149,13 @@ + \fBnsupdate\fR + will attempt determine the correct zone to update based on the rest of the input. + .TP +-.HP 6 \fBclass\fR {classname} ++\fBclass\fR {classname} + Specify the default class. If no + \fIclass\fR + is specified the default class is + \fIIN\fR. + .TP +-.HP 4 \fBkey\fR {name} {secret} ++\fBkey\fR {name} {secret} + Specifies that all updates are to be TSIG signed using the + \fIkeyname\fR\fIkeysecret\fR + pair. The +@@ -166,16 +165,16 @@ + or + \fB\-k\fR. + .TP +-.HP 16 \fBprereq nxdomain\fR {domain\-name} ++\fBprereq nxdomain\fR {domain\-name} + Requires that no resource record of any type exists with name + \fIdomain\-name\fR. + .TP +-.HP 16 \fBprereq yxdomain\fR {domain\-name} ++\fBprereq yxdomain\fR {domain\-name} + Requires that + \fIdomain\-name\fR + exists (has as at least one resource record, of any type). + .TP +-.HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type} ++\fBprereq nxrrset\fR {domain\-name} [class] {type} + Requires that no resource record exists of the specified + \fItype\fR, + \fIclass\fR +@@ -184,7 +183,7 @@ + \fIclass\fR + is omitted, IN (internet) is assumed. + .TP +-.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} ++\fBprereq yxrrset\fR {domain\-name} [class] {type} + This requires that a resource record of the specified + \fItype\fR, + \fIclass\fR +@@ -194,7 +193,7 @@ + \fIclass\fR + is omitted, IN (internet) is assumed. + .TP +-.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} ++\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} + The + \fIdata\fR + from each set of prerequisites of this form sharing a common +@@ -208,7 +207,7 @@ + \fIdata\fR + are written in the standard text representation of the resource record's RDATA. + .TP +-.HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] ++\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] + Deletes any resource records named + \fIdomain\-name\fR. If + \fItype\fR +@@ -220,20 +219,20 @@ + \fIttl\fR + is ignored, and is only allowed for compatibility. + .TP +-.HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} ++\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} + Adds a new resource record with the specified + \fIttl\fR, + \fIclass\fR + and + \fIdata\fR. + .TP +-.HP 5 \fBshow\fR ++\fBshow\fR + Displays the current message, containing all of the prerequisites and updates specified since the last send. + .TP +-.HP 5 \fBsend\fR ++\fBsend\fR + Sends the current message. This is equivalent to entering a blank line. + .TP +-.HP 7 \fBanswer\fR ++\fBanswer\fR + Displays the answer. + .PP + Lines beginning with a semicolon are comments and are ignored. diff --git a/perl-path.diff b/perl-path.diff new file mode 100644 index 0000000..f9a7851 --- /dev/null +++ b/perl-path.diff @@ -0,0 +1,24 @@ +--- bind-9.2.3/bin/tests/t_api.pl ++++ bind-9.2.3/bin/tests/t_api.pl 2003-10-23 12:03:38 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/perl ++#!/usr/bin/perl + # + # Copyright (C) 1999-2001 Internet Software Consortium. + # +--- bind-9.2.3/contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl ++++ bind-9.2.3/contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl 2003-10-23 12:03:46 +@@ -1,4 +1,4 @@ +-#! /usr/local/bin/perl -w ++#! /usr/bin/perl -w + # $Id: generate_normalize_data.pl,v 1.1.1.1 2003/06/04 00:27:55 marka Exp $ + # + # Copyright (c) 2000,2001 Japan Network Information Center. +--- bind-9.2.3/contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl ++++ bind-9.2.3/contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl 2003-10-23 13:03:54 +@@ -1,4 +1,4 @@ +-#! /usr/local/bin/perl -w ++#! /usr/bin/perl -w + # $Id: generate_nameprep_data.pl,v 1.1.1.1 2003/06/04 00:27:54 marka Exp $ + # + # Copyright (c) 2001 Japan Network Information Center. All rights reserved. diff --git a/pid-path.diff b/pid-path.diff new file mode 100644 index 0000000..7929090 --- /dev/null +++ b/pid-path.diff @@ -0,0 +1,25 @@ +--- bind-9.2.2rc1/bin/named/include/named/globals.h ++++ bind-9.2.2rc1/bin/named/include/named/globals.h 2003/01/12 18:15:26 +@@ -102,9 +102,9 @@ + EXTERN isc_boolean_t ns_g_logstderr INIT(ISC_FALSE); + + EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR +- "/run/named.pid"); ++ "/run/named/named.pid"); + EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR +- "/run/lwresd.pid"); ++ "/run/named/lwresd.pid"); + EXTERN const char * ns_g_username INIT(NULL); + + #undef EXTERN +--- bind-9.2.2rc1/contrib/nanny/nanny.pl ++++ bind-9.2.2rc1/contrib/nanny/nanny.pl 2003-02-19 18:44:10.000000000 +0100 +@@ -19,7 +19,7 @@ + + # A simple nanny to make sure named stays running. + +-$pid_file_location = '/var/run/named.pid'; ++$pid_file_location = '/var/run/named/named.pid'; + $nameserver_location = 'localhost'; + $dig_program = 'dig'; + $named_program = 'named'; diff --git a/pie_compile.diff b/pie_compile.diff new file mode 100644 index 0000000..6db1507 --- /dev/null +++ b/pie_compile.diff @@ -0,0 +1,119 @@ +--- bin/check/Makefile.in ++++ bin/check/Makefile.in 2005/06/17 13:01:56 +@@ -55,8 +55,12 @@ + + MANOBJS = ${MANPAGES} ${HTMLPAGES} + ++EXT_CFLAGS = -fPIE ++ + @BIND9_MAKE_RULES@ + ++LDFLAGS += -pie ++ + named-checkconf.@O@: named-checkconf.c + ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ + -DVERSION=\"${VERSION}\" \ +--- bin/dig/Makefile.in ++++ bin/dig/Makefile.in 2005/06/17 13:02:54 +@@ -63,8 +63,12 @@ + + MANOBJS = ${MANPAGES} ${HTMLPAGES} + ++EXT_CFLAGS = -fPIE ++ + @BIND9_MAKE_RULES@ + ++LDFLAGS += -pie ++ + dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ + dig.@O@ dighost.@O@ ${UOBJS} ${LIBS} +--- bin/dnssec/Makefile.in ++++ bin/dnssec/Makefile.in 2005/06/17 13:03:30 +@@ -51,8 +51,12 @@ + + MANOBJS = ${MANPAGES} ${HTMLPAGES} + ++EXT_CFLAGS = -fPIE ++ + @BIND9_MAKE_RULES@ + ++LDFLAGS += -pie ++ + dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ + dnssec-keygen.@O@ ${OBJS} ${LIBS} +--- bin/Makefile.in ++++ bin/Makefile.in 2005/06/17 12:52:58 +@@ -22,4 +22,8 @@ + SUBDIRS = named rndc dig dnssec tests nsupdate check + TARGETS = + ++EXT_CFLAGS = -fPIE ++ + @BIND9_MAKE_RULES@ ++ ++LDFLAGS += -pie +--- bin/named/Makefile.in ++++ bin/named/Makefile.in 2005/06/17 12:41:37 +@@ -91,8 +91,12 @@ + + MANOBJS = ${MANPAGES} ${HTMLPAGES} + ++EXT_CFLAGS = -fPIE ++ + @BIND9_MAKE_RULES@ + ++LDFLAGS += -pie ++ + main.@O@: main.c + ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ + -DVERSION=\"${VERSION}\" \ +--- bin/named/unix/Makefile.in ++++ bin/named/unix/Makefile.in 2005/06/17 12:40:23 +@@ -33,4 +33,6 @@ + + TARGETS = ${OBJS} + ++EXT_CFLAGS = -fPIE ++ + @BIND9_MAKE_RULES@ +--- bin/nsupdate/Makefile.in ++++ bin/nsupdate/Makefile.in 2005/06/17 13:04:16 +@@ -61,8 +61,12 @@ + + MANOBJS = ${MANPAGES} ${HTMLPAGES} + ++EXT_CFLAGS = -fPIE ++ + @BIND9_MAKE_RULES@ + ++LDFLAGS += -pie ++ + nsupdate@EXEEXT@: nsupdate.@O@ ${UOBJS} ${DEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ nsupdate.@O@ ${UOBJS} ${LIBS} + +--- bin/rndc/Makefile.in ++++ bin/rndc/Makefile.in 2005/06/17 13:04:51 +@@ -59,8 +59,12 @@ + + UOBJS = unix/os.@O@ + ++EXT_CFLAGS = -fPIE ++ + @BIND9_MAKE_RULES@ + ++LDFLAGS += -pie ++ + rndc.@O@: rndc.c + ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ + -DVERSION=\"${VERSION}\" \ +--- bin/rndc/unix/Makefile.in ++++ bin/rndc/unix/Makefile.in 2005/06/17 13:05:14 +@@ -33,4 +33,6 @@ + + TARGETS = ${OBJS} + ++EXT_CFLAGS = -fPIE ++ + @BIND9_MAKE_RULES@ diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/sdb_ldap.diff b/sdb_ldap.diff new file mode 100644 index 0000000..ee50a3f --- /dev/null +++ b/sdb_ldap.diff @@ -0,0 +1,42 @@ +--- bin/named/Makefile.in ++++ bin/named/Makefile.in 2004/11/26 09:41:06 +@@ -26,10 +26,10 @@ + # + # Add database drivers here. + # +-DBDRIVER_OBJS = +-DBDRIVER_SRCS = ++DBDRIVER_OBJS = ldapdb.@O@ ++DBDRIVER_SRCS = ldapdb.c + DBDRIVER_INCLUDES = +-DBDRIVER_LIBS = ++DBDRIVER_LIBS = -lldap + + CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include \ + ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \ +--- bin/named/main.c ++++ bin/named/main.c 2004/11/26 09:47:52 +@@ -71,6 +71,7 @@ + * Include header files for database drivers here. + */ + /* #include "xxdb.h" */ ++#include + + static isc_boolean_t want_stats = ISC_FALSE; + static char program_name[ISC_DIR_NAMEMAX] = "named"; +@@ -647,6 +648,7 @@ + * Add calls to register sdb drivers here. + */ + /* xxdb_init(); */ ++ ldapdb_init(); + + ns_server_create(ns_g_mctx, &ns_g_server); + } +@@ -663,6 +665,7 @@ + * Add calls to unregister sdb drivers here. + */ + /* xxdb_clear(); */ ++ ldapdb_clear(); + + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, "exiting"); diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2 new file mode 100644 index 0000000..48cd8b3 --- /dev/null +++ b/vendor-files.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c920d577ebbbfd13379674595c3e4bacdc69af2e0ba92715a96697fd01dc8343 +size 19652