diff --git a/bind-9.16.12.tar.xz b/bind-9.16.12.tar.xz deleted file mode 100644 index 2692b86..0000000 --- a/bind-9.16.12.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9914af9311fd349cab441097898d94fb28d0bfd9bf6ed04fe1f97f042644da7f -size 5017756 diff --git a/bind-9.16.12.tar.xz.sha512.asc b/bind-9.16.12.tar.xz.sha512.asc deleted file mode 100644 index 4097e23..0000000 --- a/bind-9.16.12.tar.xz.sha512.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEJFV3TUL9/mucOD64/hACvFlwgR8FAmAiI6sACgkQ/hACvFlw -gR9S7RAAtZCXjLtug5s2t+YqVUgKP3TKEgvJxSvZfZlEnQkkM9APg84UZKOc5XDY -Zzw1bJSuZ4f18KlJaJmQ++Y0XP++kv+tMJOcl8mkCUi/FKcfWCOW0qUy/ygb7ks6 -yarpxjuZ6DN+5xwOvJW9o1QiX5K0WYK2KdjsqfIrvf8HQqs4Ydgi9h2KtbkWBXp5 -Te6CLFSRfX2j2Ddbx1ggCzT3ztYNLT1trX+O7/wlISNl3ZS1wK475UlqA1qZc/lM -xE95p8KDR5+CHXJJNs7qr0jBS9WcB2N28yGJKAnCXw9tTEGtqa+QksgCthphmzQX -3vbB5KhcP1ho9pl/lyjh0Tnxm1Q9AbD42vMo6waGSRtIOMFK9Cjngulx5Wo5Aa3W -F3Ij95yMZmIo+WMCmdE6ejOL2r/JpiVYPWuR/1UHOFJbs+ZJSCSO4Ka7wauIraST -tpUUi6J/d6oTvx12IJb/A7jznX0n5o70N6I11lei5Os3N6V5BlU1+BN7aaeNoZzp -lgMsTJGhkD7IbdBRgl2qCsYI+jQr4nE0WpEEDwrio+ZEpBMs16WXcZBwUD6f9rW7 -Gl+Z6EhmhdWuMygngCXGfcGopmFJeFdDCbdnHCWjj+qWSc5JtdjB7+8iE/73frvr -TQ9ASrU4AwclNeEc3nVDuGC692h3w1IrOwHxFw2hIuwOJnPoj/U= -=y7e9 ------END PGP SIGNATURE----- diff --git a/bind-9.16.15.tar.xz b/bind-9.16.15.tar.xz new file mode 100644 index 0000000..236e0a0 --- /dev/null +++ b/bind-9.16.15.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:98b6f432d878a7bf8f57eb7b3c28be27278cf6b9989154bfe6c81104b38e7839 +size 5025688 diff --git a/bind-9.16.15.tar.xz.sha512.asc b/bind-9.16.15.tar.xz.sha512.asc new file mode 100644 index 0000000..c1eb1f1 --- /dev/null +++ b/bind-9.16.15.tar.xz.sha512.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEJFV3TUL9/mucOD64/hACvFlwgR8FAmB+oqoACgkQ/hACvFlw +gR85vRAAvIAItbIcVnNlYRSN5Pmgmcu7XsJF9lTP5m0DM++zF2puStoMfDm4t6tY +k+iV1SwgoNjAOhGpdnhczjNIhct0xImHaqpITcVjRwzNkoAStIkCr+g974EZcYEY +Q0mFowpefARhTUo3IbdkvN87lS+/yYNb7D3rHpluef4fexc29dbLnN8hvkkdiYEV +RAcJaXGjpjoqsxgiVbrhrQk2NA3Y5zKgyJsqMHF9bhSvX8y6cpi1y48W3+S6b31h +9Tx8f9DfoOWPl28rrL93iQTWc+SCK+BPUhP8kaIbEfJjX/CMWKAPjRxk8NPfkqs6 +IgwWsm15sNO2kXc8f2Tg976w1rElaDaWkjPLvQbD8/Yk8sInYSz9sFCoAQ6A7irk +0eVxzFS9Os/cjlf4n+v3b9MsYQ2f40uEP61LZ5hfC5puqfYx4c6pyRFjGvZzX90B +rpx4F94v94M+1lKlBELHhcTOvsiN3RjTti+qnHel02iKPw3AMu22Y9gCQ5d/OxwQ +WJSsvYfFhMt4h9e6Ejx6nQ1lHkC5G/i2ipGJmDFHZwUkXhMvOcAZsc/+EQEUjAyE +oH4gb49xTwrlZFidqmcSh6az/v53UZ396MGNJvQISaCeM3caenn5FCAcEFYngEj1 +Vp96Qmt4qJRI7YpdL2phFgZAmnPOr6h+ej6esdY+nwLUwwqf+DU= +=GxCr +-----END PGP SIGNATURE----- diff --git a/bind.changes b/bind.changes index 053635f..9836d73 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Mon May 3 12:35:44 UTC 2021 - Josef Möllers + +- Upgrade to bind 9.16.15 + Major changes: + * A specially crafted GSS-TSIG query could cause a buffer + overflow in the ISC implementation of SPNEGO. + (CVE-2021-25216) + + * named crashed when a DNAME record placed in the ANSWER + section during DNAME chasing turned out to be the final + answer to a client query. (CVE-2021-25215) + + * Insufficient IXFR checks could result in named serving a + zone without an SOA record at the apex, leading to a + RUNTIME_CHECK assertion failure when the zone was + subsequently refreshed. This has been fixed by adding an + owner name check for all SOA records which are included + in a zone transfer. (CVE-2021-25214) + More changes see CHANGES in the source package. + + [bsc#1185345,CVE-2021-25214,CVE-2021-25215,CVE-2021-25216] + ------------------------------------------------------------------- Thu Apr 8 09:23:22 UTC 2021 - Josef Möllers @@ -10,6 +33,12 @@ Thu Apr 8 09:23:22 UTC 2021 - Josef Möllers (See CHANGES, item 4707) [bind.spec, vendor-files.tar.bz2] +------------------------------------------------------------------- +Tue Mar 23 12:34:53 UTC 2021 - Jan Engelhardt + +- Modernize specfile, and declare /bin/bash as required buildshell + (use of {a,b} style expansion). + ------------------------------------------------------------------- Fri Mar 12 15:03:21 UTC 2021 - Matthias Gerstner diff --git a/bind.spec b/bind.spec index 18b9cf1..be9fbcb 100644 --- a/bind.spec +++ b/bind.spec @@ -16,6 +16,7 @@ # +%define _buildshell /bin/bash %define VENDOR SUSE %if 0%{?suse_version} >= 1500 %define with_systemd 1 @@ -44,7 +45,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.16.12 +Version: 9.16.15 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 @@ -144,9 +145,7 @@ BuildArch: noarch This package provides a module which allows commands to be sent to rndc directly from Python programs. %prep -%setup -q -a1 -%patch52 -p1 -%patch56 -p1 +%autosetup -p1 -a1 # use the year from source gzip header instead of current one to make reproducible rpms year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0}) @@ -204,7 +203,7 @@ sed -i ' s|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g ' libtool -make %{?_smp_mflags} +%make_build # special make for the Administrators Reference Manual for d in arm; do make -C doc/${d} SPHINXBUILD=sphinx-build doc @@ -246,11 +245,12 @@ mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d %if %{with_systemd} for file in named; do install -D -m 0644 vendor-files/system/${file}.service %{buildroot}%{_unitdir}/${file}.service - install -m 0755 vendor-files/system/${file}.prep %{buildroot}/%{_libexecdir}/bind/${file}.prep + sed -e "s,@LIBEXECDIR@,%{_libexecdir},g" -i %{buildroot}%{_unitdir}/${file}.service + install -m 0755 vendor-files/system/${file}.prep %{buildroot}%{_libexecdir}/bind/${file}.prep ln -s /sbin/service %{buildroot}%{_sbindir}/rc${file} done install -D -m 0644 %{SOURCE70} %{buildroot}%{_prefix}/lib/tmpfiles.d/bind.conf - install -D -m 0644 ${RPM_SOURCE_DIR}/named.root %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/root.hint + install -D -m 0644 %{_sourcedir}/named.root %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/root.hint install -m 0644 vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named install -m 0644 bind.keys %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/named.root.key %else @@ -259,14 +259,14 @@ mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d ln -sf %{_initddir}/${file} %{buildroot}%{_sbindir}/rc${file} done %endif -install -m 0644 ${RPM_SOURCE_DIR}/named.root %{buildroot}%{_localstatedir}/lib/named/root.hint +install -m 0644 %{_sourcedir}/named.root %{buildroot}%{_localstatedir}/lib/named/root.hint mv vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_localstatedir}/lib/named install -m 0755 vendor-files/tools/bind.genDDNSkey %{buildroot}/%{_bindir}/genDDNSkey cp -a vendor-files/docu/BIND.desktop %{buildroot}/%{_datadir}/susehelp/meta/Administration/System -cp -p ${RPM_SOURCE_DIR}/dnszone-schema.txt %{buildroot}/%{_sysconfdir}/openldap/schema/dnszone.schema +cp -p %{_sourcedir}/dnszone-schema.txt %{buildroot}/%{_sysconfdir}/openldap/schema/dnszone.schema cp -p "%{SOURCE60}" "%{buildroot}/%{_sysconfdir}/openldap/schema/dlz.schema" install -m 0754 vendor-files/tools/ldapdump %{buildroot}/%{_datadir}/bind -find %{buildroot}/%{_libdir} -type f -name '*.so*' -print0 | xargs -0 chmod 0755 +find %{buildroot}/%{_libdir} -type f -name '*.so*' -exec chmod 0755 {} + for file in named-named; do install -m 0644 vendor-files/sysconfig/${file} %{buildroot}%{_fillupdir}/sysconfig.${file} done @@ -275,7 +275,7 @@ install -m 644 vendor-files/sysconfig/SuSEFirewall.named %{buildroot}/%{_sysconf %endif # Cleanup doc rm doc/misc/Makefile* -find doc/arm -type f ! -name '*.html' -print0 | xargs -0 rm -f +find doc/arm -type f ! -name '*.html' -delete # Create doc as we want it in bind and not bind-doc for file in vendor-files/docu/README*; do basename=$( basename ${file}) @@ -306,6 +306,7 @@ install -m 644 %{SOURCE72} %{buildroot}%{_sysusersdir}/ %pre -f named.pre %service_add_pre named.service %else + %pre %{GROUPADD_NAMED} %{USERADD_NAMED} diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2 index 3beecd8..ded36a3 100644 --- a/vendor-files.tar.bz2 +++ b/vendor-files.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:56de813052a7071d9ce7d93432c776c256dc2a4d4b750dfaa021d67b659f72a6 -size 19324 +oid sha256:4c916821240c2cb1af02b8ed0de7b4c216a756492a7c66094d174cf04376031e +size 19365