Accepting request 98618 from home:lmuelle:branches:network

- Ensure to create the required dir or sym link in /var/run; (bnc#738156).
- Cache lookup could return RRSIG data associated with nonexistent
  records, leading to an assertion failure. CVE-2011-4313; (bnc#730995).

OBS-URL: https://build.opensuse.org/request/show/98618
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=80

Makefile.in.diff

@@ -1,6 +1,8 @@
---- bind-9.3.1/bin/named/Makefile.in
-+++ bind-9.3.1/bin/named/Makefile.in	2006/05/09 13:00:18
-@@ -138,8 +138,6 @@
+Index: bind-9.8.1-P1/bin/named/Makefile.in
+===================================================================
+--- bind-9.8.1-P1.orig/bin/named/Makefile.in
++++ bind-9.8.1-P1/bin/named/Makefile.in
+@@ -162,8 +162,6 @@ installdirs:
  install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
  	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
  	(cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@)

bind.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Dec 21 22:16:02 UTC 2011 - lars@samba.org
+
+- Ensure to create the required dir or sym link in /var/run; (bnc#738156).
+
 -------------------------------------------------------------------
 Mon Dec  5 16:47:48 CET 2011 - ug@suse.de
 
@@ -17,8 +22,8 @@ Tue Nov 22 11:37:01 CET 2011 - ug@suse.de
 -------------------------------------------------------------------
 Thu Nov 17 15:25:54 CET 2011 - fteodori@suse.de
 
-- Cache lookup could return RRSIG data associated with nonexistent 
-  records, leading to an assertion failure. (bnc#730995)
+- Cache lookup could return RRSIG data associated with nonexistent
+  records, leading to an assertion failure. CVE-2011-4313; (bnc#730995).
 
 -------------------------------------------------------------------
 Wed Oct 26 11:14:43 CEST 2011 - ug@suse.de

bind.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package bind
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -44,11 +44,8 @@ Patch:          configure.in.diff
 Patch1:         Makefile.in.diff
 Patch2:         pid-path.diff
 Patch4:         perl-path.diff
-Patch5:         tmpfs.patch
-Patch6:         ldapdump-allow-uri.diff
 Patch51:        pie_compile.diff
 Patch52:        named-bootconf.diff
-Patch54:        named-direct-proc-mount.diff
 Patch70:        dlz_compile.diff
 Patch100:       configure.in.diff2
 Source60:       dlz-schema.txt
@@ -182,15 +179,11 @@ Name Domain (BIND) DNS server is found in the package named bind.
 %patch1 -p1
 %patch2 -p0
 %patch4 -p0
-%patch5 -p0
-%patch6 -p1
 #%patch50
 %if 0%{?suse_version} >= 1000
 %patch51
 %endif
 %patch52
-#%patch53
-%patch54 -p1
 %if 0%{?suse_version} <= 1010
 %patch100 -p1
 %endif

configure.in.diff

@@ -1,6 +1,8 @@
---- bind-9.2.3/configure.in
-+++ bind-9.2.3/configure.in	2004-06-20 08:17:09
-@@ -1636,7 +1636,7 @@
+Index: bind-9.8.1-P1/configure.in
+===================================================================
+--- bind-9.8.1-P1.orig/configure.in
++++ bind-9.8.1-P1/configure.in
+@@ -2907,7 +2907,7 @@ AC_SUBST(DOXYGEN)
  # empty).  The variable VARIABLE will be substituted into output files.
  # 
  

dlz_compile.diff

@@ -1,5 +1,7 @@
---- contrib/dlz/drivers/sdlz_helper.c
-+++ contrib/dlz/drivers/sdlz_helper.c	2011/09/05 08:09:41
+Index: contrib/dlz/drivers/sdlz_helper.c
+===================================================================
+--- contrib/dlz/drivers/sdlz_helper.c.orig
++++ contrib/dlz/drivers/sdlz_helper.c
 @@ -50,7 +50,7 @@
   * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   */

ldapdump-allow-uri.diff

@@ -1,12 +0,0 @@
-Index: bind-9.6-ESVR4P3/vendor-files/tools/ldapdump
-===================================================================
---- bind-9.6-ESVR4P3.orig/vendor-files/tools/ldapdump
-+++ bind-9.6-ESVR4P3/vendor-files/tools/ldapdump
-@@ -622,6 +622,7 @@ sub getLDAPConfigServer {
-     my $data;
-     open( FILE, "< /etc/openldap/ldap.conf" ) or die "unable to open /etc/openldap/ldap.conf. $!";
-     while(<FILE>) {
-+        if ( /^uri\s+([^\s]*)\s*/i ) { $data = $1; last }
-         if ( /^host\s+([^\s]*)\s*/i ) { $data = $1; last }
-     }
-     close(FILE);

named-bootconf.diff

@@ -1,5 +1,7 @@
---- contrib/named-bootconf/named-bootconf.sh
-+++ contrib/named-bootconf/named-bootconf.sh	2006/11/06 08:59:04
+Index: contrib/named-bootconf/named-bootconf.sh
+===================================================================
+--- contrib/named-bootconf/named-bootconf.sh.orig
++++ contrib/named-bootconf/named-bootconf.sh
 @@ -54,7 +54,8 @@
  # POSSIBILITY OF SUCH DAMAGE.
  
@@ -10,7 +12,7 @@
  	( umask 077 ; mkdir $WORKDIR ) || {
  		echo "unable to create work directory '$WORKDIR'" >&2 
  		exit 1
-@@ -308,7 +309,7 @@
+@@ -308,7 +309,7 @@ if [ $DUMP -eq 1 ]; then
  	cat $ZONEFILE $COMMENTFILE
  
  	rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE

named-direct-proc-mount.diff

@@ -1,14 +0,0 @@
-Index: bind-9.7.2P3/vendor-files/init/named
-===================================================================
---- bind-9.7.2P3.orig/vendor-files/init/named	2010-12-09 16:17:51.000000000 +0100
-+++ bind-9.7.2P3/vendor-files/init/named	2010-12-09 16:19:55.060044775 +0100
-@@ -183,8 +183,7 @@
- 	# mount /proc for multicore CPUs (bnc#470828)
-         if [ ! -e "${CHROOT_PREFIX}/proc/meminfo" ]; then
-             mkdir -p "${CHROOT_PREFIX}/proc"
--            mount --bind /proc "${CHROOT_PREFIX}/proc" 2>/dev/null
--            mount -o remount,ro,nosuid,nodev ${CHROOT_PREFIX}/proc 2>/dev/null
-+            mount -tproc -oro,nosuid,nodev,noexec proc ${CHROOT_PREFIX}/proc 2>/dev/null
-         fi;
- 
-         ###########################

perl-path.diff

@@ -1,21 +1,27 @@
---- bin/tests/t_api.pl
-+++ bin/tests/t_api.pl	2011/02/24 08:53:35
+Index: bin/tests/t_api.pl
+===================================================================
+--- bin/tests/t_api.pl.orig
++++ bin/tests/t_api.pl
 @@ -1,4 +1,4 @@
 -#!/usr/local/bin/perl
 +#!/usr/bin/perl
  #
  # Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
  # Copyright (C) 1999-2001  Internet Software Consortium.
---- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl
-+++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl	2011/02/24 08:53:13
+Index: contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl
+===================================================================
+--- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl.orig
++++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl
 @@ -1,4 +1,4 @@
 -#! /usr/local/bin/perl -w
 +#! /usr/bin/perl -w
  # $Id: generate_nameprep_data.pl,v 1.1.1.1 2003-06-04 00:27:54 marka Exp $
  #
  # Copyright (c) 2001 Japan Network Information Center.  All rights reserved.
---- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl
-+++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl	2011/02/24 08:53:24
+Index: contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl
+===================================================================
+--- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl.orig
++++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl
 @@ -1,4 +1,4 @@
 -#! /usr/local/bin/perl -w
 +#! /usr/bin/perl -w

pid-path.diff

@@ -1,6 +1,8 @@
---- bin/named/include/named/globals.h
-+++ bin/named/include/named/globals.h	2009/01/28 11:01:54
-@@ -121,9 +121,9 @@
+Index: bin/named/include/named/globals.h
+===================================================================
+--- bin/named/include/named/globals.h.orig
++++ bin/named/include/named/globals.h
+@@ -134,9 +134,9 @@ EXTERN const char *		lwresd_g_defaultpid
  							     "lwresd.pid");
  #else
  EXTERN const char *		ns_g_defaultpidfile 	INIT(NS_LOCALSTATEDIR
@@ -12,8 +14,10 @@
  #endif
  
  EXTERN const char *		ns_g_username		INIT(NULL);
---- contrib/nanny/nanny.pl
-+++ contrib/nanny/nanny.pl	2009/01/28 11:02:29
+Index: contrib/nanny/nanny.pl
+===================================================================
+--- contrib/nanny/nanny.pl.orig
++++ contrib/nanny/nanny.pl
 @@ -19,7 +19,7 @@
  
  # A simple nanny to make sure named stays running.

pie_compile.diff

@@ -1,6 +1,8 @@
---- bin/Makefile.in
-+++ bin/Makefile.in	2010/02/17 10:54:34
-@@ -23,4 +23,8 @@
+Index: bin/Makefile.in
+===================================================================
+--- bin/Makefile.in.orig
++++ bin/Makefile.in
+@@ -23,4 +23,8 @@ SUBDIRS =	named rndc dig dnssec tests to
  		check confgen @PKCS11_TOOLS@
  TARGETS =
  
@@ -9,9 +11,11 @@
  @BIND9_MAKE_RULES@
 +
 +LDFLAGS   += -pie
---- bin/dig/Makefile.in
-+++ bin/dig/Makefile.in	2010/02/17 10:52:39
-@@ -67,8 +67,12 @@
+Index: bin/dig/Makefile.in
+===================================================================
+--- bin/dig/Makefile.in.orig
++++ bin/dig/Makefile.in
+@@ -67,8 +67,12 @@ HTMLPAGES =	dig.html host.html nslookup.
  
  MANOBJS =	${MANPAGES} ${HTMLPAGES}
  
@@ -24,9 +28,11 @@
  dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
  	export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \
  	${FINALBUILDCMD}
---- bin/dnssec/Makefile.in
-+++ bin/dnssec/Makefile.in	2010/02/17 10:53:51
-@@ -60,8 +60,12 @@
+Index: bin/dnssec/Makefile.in
+===================================================================
+--- bin/dnssec/Makefile.in.orig
++++ bin/dnssec/Makefile.in
+@@ -60,8 +60,12 @@ HTMLPAGES =	dnssec-dsfromkey.html dnssec
  
  MANOBJS =	${MANPAGES} ${HTMLPAGES}
  
@@ -39,9 +45,11 @@
  dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
  	export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \
  	${FINALBUILDCMD}
---- bin/nsupdate/Makefile.in
-+++ bin/nsupdate/Makefile.in	2010/02/17 10:55:42
-@@ -64,8 +64,12 @@
+Index: bin/nsupdate/Makefile.in
+===================================================================
+--- bin/nsupdate/Makefile.in.orig
++++ bin/nsupdate/Makefile.in
+@@ -64,8 +64,12 @@ HTMLPAGES =	nsupdate.html
  
  MANOBJS =	${MANPAGES} ${HTMLPAGES}
  
@@ -54,9 +62,11 @@
  nsupdate.@O@: nsupdate.c
  	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
  		-DSESSION_KEYFILE=\"${localstatedir}/run/named/session.key\" \
---- bin/rndc/Makefile.in
-+++ bin/rndc/Makefile.in	2010/02/17 10:57:03
-@@ -59,8 +59,12 @@
+Index: bin/rndc/Makefile.in
+===================================================================
+--- bin/rndc/Makefile.in.orig
++++ bin/rndc/Makefile.in
+@@ -59,8 +59,12 @@ HTMLPAGES =	rndc.html rndc.conf.html
  
  MANOBJS =	${MANPAGES} ${HTMLPAGES}
  
@@ -69,9 +79,11 @@
  rndc.@O@: rndc.c
  	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
  		-DVERSION=\"${VERSION}\" \
---- bin/check/Makefile.in
-+++ bin/check/Makefile.in	2005/06/17 13:01:56
-@@ -55,8 +55,12 @@
+Index: bin/check/Makefile.in
+===================================================================
+--- bin/check/Makefile.in.orig
++++ bin/check/Makefile.in
+@@ -57,8 +57,12 @@ HTMLPAGES =	named-checkconf.html named-c
  
  MANOBJS =	${MANPAGES} ${HTMLPAGES}
  
@@ -84,9 +96,11 @@
  named-checkconf.@O@: named-checkconf.c
  	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
  		-DVERSION=\"${VERSION}\" \
---- bin/named/Makefile.in
-+++ bin/named/Makefile.in	2005/06/17 12:41:37
-@@ -91,8 +91,12 @@
+Index: bin/named/Makefile.in
+===================================================================
+--- bin/named/Makefile.in.orig
++++ bin/named/Makefile.in
+@@ -109,8 +109,12 @@ HTMLPAGES =	named.html lwresd.html named
  
  MANOBJS =	${MANPAGES} ${HTMLPAGES}
  
@@ -99,18 +113,22 @@
  main.@O@: main.c
  	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
  		-DVERSION=\"${VERSION}\" \
---- bin/named/unix/Makefile.in
-+++ bin/named/unix/Makefile.in	2005/06/17 12:40:23
-@@ -33,4 +33,6 @@
+Index: bin/named/unix/Makefile.in
+===================================================================
+--- bin/named/unix/Makefile.in.orig
++++ bin/named/unix/Makefile.in
+@@ -34,4 +34,6 @@ SRCS =		os.c dlz_dlopen_driver.c
  
  TARGETS =	${OBJS}
  
 +EXT_CFLAGS = -fPIE
 +
  @BIND9_MAKE_RULES@
---- bin/confgen/Makefile.in
-+++ bin/confgen/Makefile.in	2010/02/17 11:09:01
-@@ -64,8 +64,12 @@
+Index: bin/confgen/Makefile.in
+===================================================================
+--- bin/confgen/Makefile.in.orig
++++ bin/confgen/Makefile.in
+@@ -64,8 +64,12 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
  
  UOBJS =		unix/os.@O@
  

tmpfs.patch

@@ -1,31 +0,0 @@
-Index: vendor-files/init/lwresd
-===================================================================
---- vendor-files/init/lwresd.orig
-+++ vendor-files/init/lwresd
-@@ -118,6 +118,10 @@ function checkAndCopyConfigFiles
- case "$1" in
-     start)
- 	echo -n "Starting Lightweight resolver daemon "
-+	# Create link if needed, /var/run might be on tmpfs
-+	if [ ! -L /var/run/named ] ; then
-+	  ln -s ${CHROOT_PREFIX}/var/run/named /var/run/named 
-+	fi
- 	checkAndCopyConfigFiles
- 	startproc ${LWRESD_BIN} ${NAMED_ARGS} -u named
- 	rc_status -v
-Index: vendor-files/init/named
-===================================================================
---- vendor-files/init/named.orig
-+++ vendor-files/init/named
-@@ -231,6 +231,11 @@ case "$1" in
- 	if [ ! -e /etc/named.d/forwarders.conf ]; then
- 		touch /etc/named.d/forwarders.conf
- 	fi
-+        # Create link if needed, /var/run might be on tmpfs
-+        if [ ! -L /var/run/named ] ; then
-+          ln -s ${CHROOT_PREFIX}/var/run/named /var/run/named
-+        fi
-+
- 	checkproc -p ${NAMED_PID} ${NAMED_BIN}
- 	case $? in
- 		0) echo -n "- Warning: named already running! " ;;

vendor-files.tar.bz2

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:0063db4271019d47c85d49a2d810e331d824df0bc2deaaa4228317dd1fd046e7
-size 20906
+oid sha256:81846ad3a3c44467009edfe3e5da8d74084631326690f4d5b785f4dcec2b2257
+size 20777