Accepting request 186266 from network

- Systemd doesn't set $TERM, and hence breaks tput (bnc#823175).

- Improve pie_compile.diff (bnc#828874).
- dnssec-checkds and dnssec-coverage need python-base.
- disable rpath in libtool.

- Update to 9.9.3P2 fixes CVE-2013-4854, bnc#831899.
  * Incorrect bounds checking on private type 'keydata' can lead
    to a remotely triggerable REQUIRE failure.

OBS-URL: https://build.opensuse.org/request/show/186266
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=93

bind-9.9.3-P1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1baa22e47c3b307c5fcc7aaf6700dd5953b5b9b7737d1e36117545af7bdbb435
-size 7459819

bind-9.9.3-P1.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.12 (NetBSD)
-
-iQEcBAABAgAGBQJRrkT/AAoJEEWseFcYnNvF10kH/2hDHZitnJyuJNbmdgxn76vt
-2LLzT+OQwMaq1owbyQHrY3jsKWNgGpB0toRApAyC6y0AJUgNjpNS7xvZcMaZXqam
-YQAyib+tGthCtIGOAQxYQae/lhuykip87Xi31jGwZzRnCSwUOHoPJ3iWk8XbM34c
-lKzAvsOimnpU8MxAyFPTO792A4INffiuH0UtnmBjSPACguO3/Nx+EJFxgtq7nx+e
-NXMKENI0UYxTuwL8MfMnweB69gTQyJOuYUznRfm+CeX3BdhslLzDvWlaVSngaXbP
-YTFxLaH/QuXHri1anKWMP8++rWhsNn1n0DvOmiu8DpOslZ4+UmHXyTpGXB3JwYw=
-=eKF8
------END PGP SIGNATURE-----

bind-9.9.3-P2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5e8ab06c7b73f38b47ce9ad12ca0afa7c714bbba2f6b7421c26c0d8b84b6c678
+size 7459422

bind-9.9.3-P2.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (NetBSD)
+
+iQEcBAABAgAGBQJR8sogAAoJEEWseFcYnNvFyMUIAJ3AfF7bF4rUajtXA5cj8HoE
+8pQsCvf1nYUoFQv1AwovA6PNc+EpQVtPkpQlItaIdacyN1ewjsoPEMcWdA8Xk0z1
+T0CpJIZfAlGl1QZBAqGnxt4KH4kHAuhQiT9S1boIPOdlHJ84NRD94et+hQfdqWIX
+dG4vyChOAYlNFwfQd97JyxWjplRT0YbaWQ8YoWh3puH33jC6yX0v8VfY0g0ga7Ul
+hz3PIiZo51JkVcWtsy5qf1WAVSqthzy6KB9MsXJZR7i+2H6t/1/7FK/niBPdASQB
+czR7gLmjuk/G5dJ1ZkEosJVEILjfLn9rTLKwf2d8dkgJwrZDpMyNMTqSUJgsRHQ=
+=Y9CU
+-----END PGP SIGNATURE-----

bind.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Wed Aug  7 15:19:10 UTC 2013 - max@suse.com
+
+- Systemd doesn't set $TERM, and hence breaks tput (bnc#823175).
+
+-------------------------------------------------------------------
+Tue Aug  6 10:09:22 UTC 2013 - max@suse.com
+
+- Improve pie_compile.diff (bnc#828874).
+- dnssec-checkds and dnssec-coverage need python-base.
+- disable rpath in libtool.
+
+-------------------------------------------------------------------
+Mon Aug  5 14:50:20 UTC 2013 - max@suse.com
+
+- Update to 9.9.3P2 fixes CVE-2013-4854, bnc#831899.
+  * Incorrect bounds checking on private type 'keydata' can lead
+    to a remotely triggerable REQUIRE failure.
+
 -------------------------------------------------------------------
 Wed Jul 24 15:37:09 UTC 2013 - max@suse.com
 

bind.spec

@@ -18,7 +18,7 @@
 
 Name:           bind
 %define pkg_name bind
-%define pkg_vers 9.9.3-P1
+%define pkg_vers 9.9.3-P2
 BuildRequires:  krb5-devel
 BuildRequires:  libcap
 BuildRequires:  libcap-devel
@@ -28,11 +28,12 @@ BuildRequires:  libxml2-devel
 BuildRequires:  openldap2-devel
 BuildRequires:  openssl
 BuildRequires:  openssl-devel
+BuildRequires:  python-base
 BuildRequires:  update-desktop-files
 Summary:        Domain Name System (DNS) Server (named)
 License:        ISC
 Group:          Productivity/Networking/DNS/Servers
-Version:        9.9.3P1
+Version:        9.9.3P2
 Release:        0
 Provides:       bind8
 Provides:       bind9
@@ -263,6 +264,7 @@ CONFIGURE_OPTIONS="\
 	--includedir=%{_includedir}/bind \
 	--mandir=%{_mandir} \
 	--infodir=%{_infodir} \
+        --disable-static \
 	--with-openssl \
 	--enable-threads \
 	--with-libtool \
@@ -272,9 +274,19 @@ CONFIGURE_OPTIONS="\
 "
 cp -f -p config.guess config.sub contrib/idn/idnkit-1.0-src/
 ./configure ${CONFIGURE_OPTIONS}
+# disable rpath
+sed -i '
+  s|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g
+  s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g
+' libtool
 %{__make} %{?_smp_mflags}
 pushd contrib/idn/idnkit-1.0-src
 ./configure ${CONFIGURE_OPTIONS}
+# disable rpath
+sed -i '
+  s|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g
+  s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g
+' libtool
 %{__make} %{?_smp_mflags}
 popd
 # running BIND system tests
@@ -667,6 +679,8 @@ fi
 %{_bindir}/runidn
 %{_sbindir}/arpaname
 %{_sbindir}/ddns-confgen
+%{_sbindir}/dnssec-checkds
+%{_sbindir}/dnssec-coverage
 %{_sbindir}/dnssec-dsfromkey
 %{_sbindir}/dnssec-keyfromlabel
 %{_sbindir}/dnssec-keygen
@@ -692,6 +706,8 @@ fi
 %doc %{_mandir}/man1/nsupdate.1.gz
 %doc %{_mandir}/man5/rndc.conf.5.gz
 %doc %{_mandir}/man8/ddns-confgen.8.gz
+%doc %{_mandir}/man8/dnssec-checkds.8.gz
+%doc %{_mandir}/man8/dnssec-coverage.8.gz
 %doc %{_mandir}/man8/dnssec-dsfromkey.8.gz
 %doc %{_mandir}/man8/dnssec-keyfromlabel.8.gz
 %doc %{_mandir}/man8/dnssec-keygen.8.gz

pid-path.diff

@@ -1,8 +1,8 @@
 Index: bin/named/include/named/globals.h
 ===================================================================
---- bin/named/include/named/globals.h.orig
-+++ bin/named/include/named/globals.h
-@@ -134,9 +134,9 @@ EXTERN const char *		lwresd_g_defaultpid
+--- bin/named/include/named/globals.h.orig	2013-07-17 00:13:06.000000000 +0200
++++ bin/named/include/named/globals.h	2013-08-05 14:14:28.152275375 +0200
+@@ -139,9 +139,9 @@
  							     "lwresd.pid");
  #else
  EXTERN const char *		ns_g_defaultpidfile 	INIT(NS_LOCALSTATEDIR
@@ -16,8 +16,8 @@ Index: bin/named/include/named/globals.h
  EXTERN const char *		ns_g_username		INIT(NULL);
 Index: contrib/nanny/nanny.pl
 ===================================================================
---- contrib/nanny/nanny.pl.orig
-+++ contrib/nanny/nanny.pl
+--- contrib/nanny/nanny.pl.orig	2013-07-17 00:13:06.000000000 +0200
++++ contrib/nanny/nanny.pl	2013-08-05 14:14:28.153275387 +0200
 @@ -19,7 +19,7 @@
  
  # A simple nanny to make sure named stays running.

pie_compile.diff

@@ -1,25 +1,59 @@
-Index: bin/Makefile.in
+Index: bin/check/Makefile.in
 ===================================================================
---- bin/Makefile.in.orig
-+++ bin/Makefile.in
-@@ -23,4 +23,8 @@ SUBDIRS =	named rndc dig dnssec tests to
- 		check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
- TARGETS =
+--- bin/check/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ bin/check/Makefile.in	2013-08-06 12:08:19.492457714 +0200
+@@ -57,8 +57,12 @@
  
-+EXT_CFLAGS = -fPIE
+ MANOBJS =	${MANPAGES} ${HTMLPAGES}
+ 
++EXT_CFLAGS = -fPIE -static
++
+ @BIND9_MAKE_RULES@
+ 
++LDFLAGS   += -pie
++
+ named-checkconf.@O@: named-checkconf.c
+ 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ 		-DVERSION=\"${VERSION}\" \
+Index: bin/confgen/Makefile.in
+===================================================================
+--- bin/confgen/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ bin/confgen/Makefile.in	2013-08-06 12:08:19.492457714 +0200
+@@ -64,8 +64,12 @@
+ 
+ UOBJS =		unix/os.@O@
+ 
++EXT_CFLAGS = -fPIE -static
++
+ @BIND9_MAKE_RULES@
+ 
++LDFLAGS   += -pie
++
+ rndc-confgen.@O@: rndc-confgen.c
+ 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ 		-DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
+Index: bin/confgen/unix/Makefile.in
+===================================================================
+--- bin/confgen/unix/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ bin/confgen/unix/Makefile.in	2013-08-06 12:08:19.492457714 +0200
+@@ -32,4 +32,8 @@
+ 
+ TARGETS =	${OBJS}
+ 
++EXT_CFLAGS = -fPIE -static
 +
  @BIND9_MAKE_RULES@
 +
 +LDFLAGS   += -pie
 Index: bin/dig/Makefile.in
 ===================================================================
---- bin/dig/Makefile.in.orig
-+++ bin/dig/Makefile.in
-@@ -67,8 +67,12 @@ HTMLPAGES =	dig.html host.html nslookup.
+--- bin/dig/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ bin/dig/Makefile.in	2013-08-06 12:08:19.492457714 +0200
+@@ -69,8 +69,12 @@
  
  MANOBJS =	${MANPAGES} ${HTMLPAGES}
  
-+EXT_CFLAGS = -fPIE
++EXT_CFLAGS = -fPIE -static
 +
  @BIND9_MAKE_RULES@
  
@@ -30,13 +64,13 @@ Index: bin/dig/Makefile.in
  	${FINALBUILDCMD}
 Index: bin/dnssec/Makefile.in
 ===================================================================
---- bin/dnssec/Makefile.in.orig
-+++ bin/dnssec/Makefile.in
-@@ -64,8 +64,12 @@ HTMLPAGES =	dnssec-dsfromkey.html dnssec
+--- bin/dnssec/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ bin/dnssec/Makefile.in	2013-08-06 12:08:19.493457729 +0200
+@@ -64,8 +64,12 @@
  
  MANOBJS =	${MANPAGES} ${HTMLPAGES}
  
-+EXT_CFLAGS = -fPIE
++EXT_CFLAGS = -fPIE -static
 +
  @BIND9_MAKE_RULES@
  
@@ -45,66 +79,28 @@ Index: bin/dnssec/Makefile.in
  dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
  	export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \
  	${FINALBUILDCMD}
-Index: bin/nsupdate/Makefile.in
+Index: bin/Makefile.in
 ===================================================================
---- bin/nsupdate/Makefile.in.orig
-+++ bin/nsupdate/Makefile.in
-@@ -64,8 +64,12 @@ HTMLPAGES =	nsupdate.html
+--- bin/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ bin/Makefile.in	2013-08-06 12:08:19.493457729 +0200
+@@ -23,4 +23,8 @@
+ 		check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
+ TARGETS =
  
- MANOBJS =	${MANPAGES} ${HTMLPAGES}
- 
-+EXT_CFLAGS = -fPIE
++EXT_CFLAGS = -fPIE -static
 +
  @BIND9_MAKE_RULES@
- 
++
 +LDFLAGS   += -pie
-+
- nsupdate.@O@: nsupdate.c
- 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
- 		-DSESSION_KEYFILE=\"${localstatedir}/run/named/session.key\" \
-Index: bin/rndc/Makefile.in
-===================================================================
---- bin/rndc/Makefile.in.orig
-+++ bin/rndc/Makefile.in
-@@ -59,8 +59,12 @@ HTMLPAGES =	rndc.html rndc.conf.html
- 
- MANOBJS =	${MANPAGES} ${HTMLPAGES}
- 
-+EXT_CFLAGS = -fPIE
-+
- @BIND9_MAKE_RULES@
- 
-+LDFLAGS   += -pie
-+
- rndc.@O@: rndc.c
- 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
- 		-DVERSION=\"${VERSION}\" \
-Index: bin/check/Makefile.in
-===================================================================
---- bin/check/Makefile.in.orig
-+++ bin/check/Makefile.in
-@@ -57,8 +57,12 @@ HTMLPAGES =	named-checkconf.html named-c
- 
- MANOBJS =	${MANPAGES} ${HTMLPAGES}
- 
-+EXT_CFLAGS = -fPIE
-+
- @BIND9_MAKE_RULES@
- 
-+LDFLAGS   += -pie
-+
- named-checkconf.@O@: named-checkconf.c
- 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
- 		-DVERSION=\"${VERSION}\" \
 Index: bin/named/Makefile.in
 ===================================================================
---- bin/named/Makefile.in.orig
-+++ bin/named/Makefile.in
-@@ -109,8 +109,12 @@ HTMLPAGES =	named.html lwresd.html named
+--- bin/named/Makefile.in.orig	2013-08-06 12:08:17.653432490 +0200
++++ bin/named/Makefile.in	2013-08-06 12:08:19.493457729 +0200
+@@ -115,8 +115,12 @@
  
  MANOBJS =	${MANPAGES} ${HTMLPAGES}
  
-+EXT_CFLAGS = -fPIE
++EXT_CFLAGS = -fPIE -static
 +
  @BIND9_MAKE_RULES@
  
@@ -115,29 +111,96 @@ Index: bin/named/Makefile.in
  		-DVERSION=\"${VERSION}\" \
 Index: bin/named/unix/Makefile.in
 ===================================================================
---- bin/named/unix/Makefile.in.orig
-+++ bin/named/unix/Makefile.in
-@@ -34,4 +34,6 @@ SRCS =		os.c dlz_dlopen_driver.c
+--- bin/named/unix/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ bin/named/unix/Makefile.in	2013-08-06 12:08:19.493457729 +0200
+@@ -34,4 +34,6 @@
  
  TARGETS =	${OBJS}
  
-+EXT_CFLAGS = -fPIE
++EXT_CFLAGS = -fPIE -static
 +
  @BIND9_MAKE_RULES@
-Index: bin/confgen/Makefile.in
+Index: bin/nsupdate/Makefile.in
 ===================================================================
---- bin/confgen/Makefile.in.orig
-+++ bin/confgen/Makefile.in
-@@ -64,8 +64,12 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
+--- bin/nsupdate/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ bin/nsupdate/Makefile.in	2013-08-06 12:08:19.493457729 +0200
+@@ -66,8 +66,12 @@
  
- UOBJS =		unix/os.@O@
+ MANOBJS =	${MANPAGES} ${HTMLPAGES}
  
-+EXT_CFLAGS = -fPIE
++EXT_CFLAGS = -fPIE -static
 +
  @BIND9_MAKE_RULES@
  
 +LDFLAGS   += -pie
 +
- rndc-confgen.@O@: rndc-confgen.c
+ nsupdate.@O@: nsupdate.c
  	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
- 		-DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
+ 		-DSESSION_KEYFILE=\"${localstatedir}/run/named/session.key\" \
+Index: bin/rndc/Makefile.in
+===================================================================
+--- bin/rndc/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ bin/rndc/Makefile.in	2013-08-06 12:08:19.493457729 +0200
+@@ -59,8 +59,12 @@
+ 
+ MANOBJS =	${MANPAGES} ${HTMLPAGES}
+ 
++EXT_CFLAGS = -fPIE -static
++
+ @BIND9_MAKE_RULES@
+ 
++LDFLAGS   += -pie
++
+ rndc.@O@: rndc.c
+ 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+ 		-DVERSION=\"${VERSION}\" \
+Index: bin/tools/Makefile.in
+===================================================================
+--- bin/tools/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ bin/tools/Makefile.in	2013-08-06 12:08:19.493457729 +0200
+@@ -53,8 +53,12 @@
+ 		genrandom.html isc-hmac-fixup.html
+ MANOBJS =	${MANPAGES} ${HTMLPAGES}
+ 
++EXT_CFLAGS = -fPIE -static
++
+ @BIND9_MAKE_RULES@
+ 
++LDFLAGS   += -pie
++
+ arpaname@EXEEXT@: arpaname.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ arpaname.@O@ \
+ 		${ISCLIBS} ${LIBS}
+Index: contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in
+===================================================================
+--- contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in	2013-08-06 12:08:19.493457729 +0200
+@@ -68,8 +68,8 @@
+ INCS = -I$(srcdir) -I$(srcdir)/../../include -I../../include $(ICONVINC)
+ DEFS =
+ 
+-CFLAGS = $(INCS) $(DEFS) @CPPFLAGS@ @CFLAGS@
+-LDFLAGS = @LDFLAGS@
++CFLAGS = $(INCS) $(DEFS) @CPPFLAGS@ @CFLAGS@ -fPIE
++LDFLAGS = @LDFLAGS@ -pie
+ 
+ SRCS = idnconv.c util.c selectiveencode.c
+ OBJS = idnconv.o util.o selectiveencode.o
+Index: contrib/zkt/Makefile.in
+===================================================================
+--- contrib/zkt/Makefile.in.orig	2013-07-17 00:13:06.000000000 +0200
++++ contrib/zkt/Makefile.in	2013-08-06 12:08:19.494457743 +0200
+@@ -13,11 +13,11 @@
+ OPTIM	=	# -O3 -DNDEBUG
+ 
+ #CFLAGS	?=	@CFLAGS@ @DEFS@ -I@top_srcdir@
+-CFLAGS	+=	-g @DEFS@ -I@top_srcdir@
++CFLAGS	+=	-g @DEFS@ -I@top_srcdir@ -fPIE
+ CFLAGS	+=	-Wall #-DDBG
+ CFLAGS	+=	-Wmissing-prototypes
+ CFLAGS	+=	$(PROFILE) $(OPTIM)
+-LDFLAGS	+=	$(PROFILE)
++LDFLAGS	+=	$(PROFILE) -fPIE -pie
+ LIBS	=	@LIBS@
+ 
+ PROJECT =	@PACKAGE_TARNAME@

vendor-files.tar.bz2

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:4331b9602056bdb2124534fd178250511dda7caae6cf7ef1b5a92241da522fc4
-size 20828
+oid sha256:a8de866ee9f59102b84666260e449275523c5cf823ca124083b22020838eb771
+size 21462