- Named could die on specially crafted record.

[RT #30416] (bnc#780157) CVE-2012-4244 - 9.9.1-P3 - updated dnszone-schema.txt from upstream. OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=96
2012-09-15 16:23:25 +00:00
parent 9d3afd5a9e
commit a16486cc98
5 changed files with 33 additions and 65 deletions
--- a/bind-9.9.1-P2.tar.gz
+++ b/bind-9.9.1-P2.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a46ecf6177b69d6e9a83a15f792d0594adcc8e800086208dd9b84452afb84d0e
-size 7223896
--- a/bind-9.9.1-P3.tar.gz
+++ b/bind-9.9.1-P3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1cdb83db76d6f8554dea19e3bd82b8d65261a24b9ce9fc948eade8c57569e302
+size 7217415
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Sat Sep 15 16:20:32 UTC 2012 - meissner@suse.com
+
+- Named could die on specially crafted record.
+  [RT #30416] (bnc#780157) CVE-2012-4244
+- 9.9.1-P3
+- updated dnszone-schema.txt from upstream.
+
 -------------------------------------------------------------------
 Thu Jul 26 11:08:11 CEST 2012 - ug@suse.de

--- a/bind.spec
+++ b/bind.spec
@@ -18,7 +18,7 @@

 Name:           bind
 %define pkg_name bind
-%define pkg_vers 9.9.1-P2
+%define pkg_vers 9.9.1-P3
 BuildRequires:  krb5-devel
 BuildRequires:  libcap
 BuildRequires:  libcap-devel
@@ -32,7 +32,7 @@ BuildRequires:  update-desktop-files
 Summary:        Domain Name System (DNS) Server (named)
 License:        ISC
 Group:          Productivity/Networking/DNS/Servers
-Version:        9.9.1P2
+Version:        9.9.1P3
 Release:        0
 Provides:       bind8
 Provides:       bind9
--- a/dnszone-schema.txt
+++ b/dnszone-schema.txt
@@ -1,12 +1,8 @@
 # A schema for storing DNS zones in LDAP
 #
-# ORDERING is not necessary, and some servers don't support
-# integerOrderingMatch. Omit or change if you like
-
 attributetype ( 1.3.6.1.4.1.2428.20.0.0  NAME 'dNSTTL'
 	DESC 'An integer denoting time to live'
 	EQUALITY integerMatch
-	ORDERING integerOrderingMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

 attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
@@ -14,8 +10,14 @@ attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
 	EQUALITY caseIgnoreIA5Match
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

-attributetype ( 1.3.6.1.4.1.2428.20.1.11 NAME 'wKSRecord'
-	DESC 'a well known service description, RFC 1035'
+attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName'
+	DESC 'The name of a zone, i.e. the name of the highest node in the zone'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName'
+	DESC 'The starting labels of a domain name'
 	EQUALITY caseIgnoreIA5Match
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
@@ -44,12 +46,6 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord'
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

-attributetype ( 1.3.6.1.4.1.2428.20.1.17 NAME 'rPRecord'
-	DESC 'for Responsible Person, RFC 1183'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
 attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord'
 	DESC 'for AFS Data Base location, RFC 1183'
 	EQUALITY caseIgnoreIA5Match
@@ -68,12 +64,6 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord'
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

-attributetype ( 1.3.6.1.4.1.2428.20.1.27 NAME 'gPosRecord'
-	DESC 'Geographical Position, RFC 1712'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
 attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord'
 	DESC 'IPv6 address, RFC 1886'
 	EQUALITY caseIgnoreIA5Match
@@ -128,12 +118,6 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord'
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

-attributetype ( 1.3.6.1.4.1.2428.20.1.42 NAME 'aPLRecord'
-	DESC 'Lists of Address Prefixes, RFC 3123'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
 attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord'
 	DESC 'Delegation Signer, RFC 3658'
 	EQUALITY caseIgnoreIA5Match
@@ -141,13 +125,7 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord'
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

 attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord'
-	DESC 'SSH Key Fingerprint, RFC 4255'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.45 NAME 'iPSecKeyRecord'
-	DESC 'SSH Key Fingerprint, RFC 4025'
+	DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt'
 	EQUALITY caseIgnoreIA5Match
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
@@ -164,32 +142,14 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord'
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

-attributetype ( 1.3.6.1.4.1.2428.20.1.48 NAME 'dNSKeyRecord'
-	DESC 'DNSKEY, RFC 3755'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.49 NAME 'dHCIDRecord'
-	DESC 'DHCID, RFC 4701'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.99 NAME 'sPFRecord'
-	DESC 'Sender Policy Framework, RFC 4408'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-objectclass ( 1.3.6.1.4.1.2428.20.2 NAME 'dNSDomain2'
-	SUP 'dNSDomain' STRUCTURAL
-	MAY ( DNSTTL $ DNSClass $ WKSRecord $ PTRRecord $
-		HINFORecord $ MINFORecord $ TXTRecord $ RPRecord $
-		AFSDBRecord $ SIGRecord $ KEYRecord $ GPOSRecord $
-		AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $
-		NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $
-		DNAMERecord $ APLRecord $ DSRecord $ SSHFPRecord $
-		IPSECKEYRecord $ RRSIGRecord $ NSECRecord $
-		DNSKEYRecord $ DHCIDRecord $ SPFRecord
-	) )
+objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
+        SUP top STRUCTURAL
+	MUST ( zoneName $ relativeDomainName )
+        MAY ( DNSTTL $ DNSClass $
+              ARecord $ MDRecord $ MXRecord $ NSRecord $
+	      SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
+              MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $
+              KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $
+              SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
+              A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $
+              RRSIGRecord $ NSECRecord ) )