Accepting request 80897 from network

* fixed SSL in chroot environment (bnc#715881) * Added a new include file with function typedefs for the DLZ "dlopen" driver. [RT #23629] * Added a tool able to generate malformed packets to allow testing of how named handles them. [RT #24096] * The root key is now provided in the file bind.keys allowing DNSSEC validation to be switched on at start up by adding "dnssec-validation auto;" to named.conf. If the root key provided has expired, named will log the expiration and validation will not work. More information and the most current copy of bind.keys can be found at http://www.isc.org/bind-keys. *Please note this feature was actually added in 9.8.0 but was not included in the 9.8.0 release notes. [RT #21727] * If named is configured with a response policy zone (RPZ) and a query of type RRSIG is received for a name configured for RRset replacement in that RPZ, it will trigger an INSIST and crash the server. RRSIG. [RT #24280] * named, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause named to crash. [RT #24650] [CVE-2011-1910] * Using Response Policy Zone (RPZ) to query a wildcard CNAME label with QUERY type SIG/RRSIG, it can cause named to crash. Fix is query type independant. [RT #24715] * Using Response Policy Zone (RPZ) with DNAME records and querying the subdomain of that label can cause named to crash. Now logs that DNAME is not supported. [RT #24766] * Change #2912 populated the message section in replies to UPDATE OBS-URL: https://build.opensuse.org/request/show/80897 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=70
2011-09-05 14:20:29 +00:00 · 2011-09-05 14:20:29 +00:00 · 8651331685
commit 8651331685
parent 126b9649b9 fe71b72655
6 changed files with 66 additions and 10 deletions
--- a/bind-9.8.0P4.tar.gz
+++ b/bind-9.8.0P4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:abd5761319c54b6bada99830b733067b71ebef7a3203c1af17ab5d28121003ca
-size 7710343
--- a/bind-9.8.1.tar.gz
+++ b/bind-9.8.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:02285dc429cb2a6687a1b2446e9ee22c1df27f2577225b05be5092395ee7c92c
+size 8450567
--- a/bind.changes
+++ b/bind.changes
@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Mon Sep  5 11:41:49 CEST 2011 - ug@suse.de
+
+* fixed SSL in chroot environment (bnc#715881)
+
+-------------------------------------------------------------------
+Mon Sep  5 10:19:34 CEST 2011 - ug@suse.de
+
+* Added a new include file with function typedefs for the DLZ
+  "dlopen" driver. [RT #23629]
+* Added a tool able to generate malformed packets to allow testing of
+  how named handles them. [RT #24096]
+* The root key is now provided in the file bind.keys allowing DNSSEC
+  validation to be switched on at start up by adding
+  "dnssec-validation auto;" to named.conf. If the root key provided
+  has expired, named will log the expiration and validation will not
+  work. More information and the most current copy of bind.keys can
+  be found at http://www.isc.org/bind-keys. *Please note this feature
+  was actually added in 9.8.0 but was not included in the 9.8.0
+  release notes. [RT #21727]
+* If named is configured with a response policy zone (RPZ) and a
+  query of type RRSIG is received for a name configured for RRset
+  replacement in that RPZ, it will trigger an INSIST and crash the
+  server. RRSIG. [RT #24280]
+* named, set up to be a caching resolver, is vulnerable to a user
+  querying a domain with very large resource record sets (RRSets)
+  when trying to negatively cache the response. Due to an off-by-one
+  error, caching the response could cause named to crash. [RT #24650]
+  [CVE-2011-1910]
+* Using Response Policy Zone (RPZ) to query a wildcard CNAME label
+  with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
+  query type independant. [RT #24715]
+* Using Response Policy Zone (RPZ) with DNAME records and querying
+  the subdomain of that label can cause named to crash. Now logs that
+  DNAME is not supported. [RT #24766]
+* Change #2912 populated the message section in replies to UPDATE
+  requests, which some Windows clients wanted. This exposed a latent
+  bug that allowed the response message to crash named. With this
+  fix, change 2912 has been reduced to copy only the zone section to
+  the reply. A more complete fix for the latent bug will be released
+  later. [RT #24777]
+* many bugfixes (see CHANGELOG)
+* 9.8.1
+
 -------------------------------------------------------------------
 Wed Aug 31 09:36:54 UTC 2011 - rhafer@suse.de

--- a/bind.spec
+++ b/bind.spec
@ -20,14 +20,14 @@

 Name:           bind
 %define pkg_name bind
-%define pkg_vers 9.8.0P4
+%define pkg_vers 9.8.1
 BuildRequires:  openldap2-devel
 BuildRequires:  libcap libcap-devel libmysqlclient-devel libxml2-devel openssl openssl-devel
 BuildRequires:  update-desktop-files
 BuildRequires:  krb5-devel
 Summary:        Domain Name System (DNS) Server (named)
-Version:        9.8.0P4
-Release:        4
+Version:        9.8.1
+Release:        1
 License:        BSD3c(or similar) ; MIT License (or similar)
 Group:          Productivity/Networking/DNS/Servers
 Provides:       dns_daemon bind8 bind9
@ -50,6 +50,7 @@ Patch6:         ldapdump-allow-uri.diff
 Patch51:        pie_compile.diff
 Patch52:        named-bootconf.diff
 Patch54:        named-direct-proc-mount.diff
+Patch70:        dlz_compile.diff
 Patch100:       configure.in.diff2
 Source60:       dlz-schema.txt
 %if %ul_version >= 1
@ -237,6 +238,7 @@ Authors:
 %if 0%{?suse_version} <= 1010
 %patch100 -p1
 %endif
+%patch70 -p0
 # modify settings of some files regarding to OS version and vendor
 function replaceStrings()
 {
@ -294,8 +296,7 @@ CONFIGURE_OPTIONS="\
 	--with-libtool \
 	--enable-runidn \
 	--with-libxml2 \
-	--with-dlz-mysql --with-dlz-ldap \
-    --with-gssapi
+	--with-dlz-mysql --with-dlz-ldap
 "
 ./configure ${CONFIGURE_OPTIONS}
 %{__make} %{?_smp_mflags}
--- a/dlz_compile.diff
+++ b/dlz_compile.diff
@ -0,0 +1,11 @@
+--- contrib/dlz/drivers/sdlz_helper.c
+++ contrib/dlz/drivers/sdlz_helper.c	2011/09/05 08:09:41
+@@ -50,7 +50,7 @@
+  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+  */
+ 
+-#ifdef DLZ
+#ifdef CONTRIB_DLZ
+ 
+ #include <config.h>
+ 
--- a/vendor-files.tar.bz2
+++ b/vendor-files.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f5352fdb15255dd73745632eaab1bde1537acca181c5a2e9414c66d1fc8adfa5
-size 20809
+oid sha256:6c9de0edd85daa45adbdf76b0bb4ef309563627902139c437cc83ea2588a4b09
+size 20892