From a3097226b3de955c09841b7c83418c7eed2d5494e44517df04a060b348586bc0 Mon Sep 17 00:00:00 2001 From: Uwe Gansert Date: Tue, 3 Jan 2012 15:16:12 +0000 Subject: [PATCH] Accepting request 98618 from home:lmuelle:branches:network - Ensure to create the required dir or sym link in /var/run; (bnc#738156). - Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure. CVE-2011-4313; (bnc#730995). OBS-URL: https://build.opensuse.org/request/show/98618 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=80 --- Makefile.in.diff | 8 ++-- bind.changes | 9 ++++- bind.spec | 9 +---- configure.in.diff | 8 ++-- dlz_compile.diff | 6 ++- ldapdump-allow-uri.diff | 12 ------ named-bootconf.diff | 8 ++-- named-direct-proc-mount.diff | 14 ------- perl-path.diff | 18 ++++++--- pid-path.diff | 14 ++++--- pie_compile.diff | 72 ++++++++++++++++++++++-------------- tmpfs.patch | 31 ---------------- vendor-files.tar.bz2 | 4 +- 13 files changed, 95 insertions(+), 118 deletions(-) delete mode 100644 ldapdump-allow-uri.diff delete mode 100644 named-direct-proc-mount.diff delete mode 100644 tmpfs.patch diff --git a/Makefile.in.diff b/Makefile.in.diff index c9ebcd2..382d315 100644 --- a/Makefile.in.diff +++ b/Makefile.in.diff @@ -1,6 +1,8 @@ ---- bind-9.3.1/bin/named/Makefile.in -+++ bind-9.3.1/bin/named/Makefile.in 2006/05/09 13:00:18 -@@ -138,8 +138,6 @@ +Index: bind-9.8.1-P1/bin/named/Makefile.in +=================================================================== +--- bind-9.8.1-P1.orig/bin/named/Makefile.in ++++ bind-9.8.1-P1/bin/named/Makefile.in +@@ -162,8 +162,6 @@ installdirs: install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir} (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@) diff --git a/bind.changes b/bind.changes index af6b8fd..6a83454 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Dec 21 22:16:02 UTC 2011 - lars@samba.org + +- Ensure to create the required dir or sym link in /var/run; (bnc#738156). + ------------------------------------------------------------------- Mon Dec 5 16:47:48 CET 2011 - ug@suse.de @@ -17,8 +22,8 @@ Tue Nov 22 11:37:01 CET 2011 - ug@suse.de ------------------------------------------------------------------- Thu Nov 17 15:25:54 CET 2011 - fteodori@suse.de -- Cache lookup could return RRSIG data associated with nonexistent - records, leading to an assertion failure. (bnc#730995) +- Cache lookup could return RRSIG data associated with nonexistent + records, leading to an assertion failure. CVE-2011-4313; (bnc#730995). ------------------------------------------------------------------- Wed Oct 26 11:14:43 CEST 2011 - ug@suse.de diff --git a/bind.spec b/bind.spec index 5bb0ef9..b5315e3 100644 --- a/bind.spec +++ b/bind.spec @@ -1,7 +1,7 @@ # # spec file for package bind # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -44,11 +44,8 @@ Patch: configure.in.diff Patch1: Makefile.in.diff Patch2: pid-path.diff Patch4: perl-path.diff -Patch5: tmpfs.patch -Patch6: ldapdump-allow-uri.diff Patch51: pie_compile.diff Patch52: named-bootconf.diff -Patch54: named-direct-proc-mount.diff Patch70: dlz_compile.diff Patch100: configure.in.diff2 Source60: dlz-schema.txt @@ -182,15 +179,11 @@ Name Domain (BIND) DNS server is found in the package named bind. %patch1 -p1 %patch2 -p0 %patch4 -p0 -%patch5 -p0 -%patch6 -p1 #%patch50 %if 0%{?suse_version} >= 1000 %patch51 %endif %patch52 -#%patch53 -%patch54 -p1 %if 0%{?suse_version} <= 1010 %patch100 -p1 %endif diff --git a/configure.in.diff b/configure.in.diff index 155a93f..4c229d8 100644 --- a/configure.in.diff +++ b/configure.in.diff @@ -1,6 +1,8 @@ ---- bind-9.2.3/configure.in -+++ bind-9.2.3/configure.in 2004-06-20 08:17:09 -@@ -1636,7 +1636,7 @@ +Index: bind-9.8.1-P1/configure.in +=================================================================== +--- bind-9.8.1-P1.orig/configure.in ++++ bind-9.8.1-P1/configure.in +@@ -2907,7 +2907,7 @@ AC_SUBST(DOXYGEN) # empty). The variable VARIABLE will be substituted into output files. # diff --git a/dlz_compile.diff b/dlz_compile.diff index c24884b..f1be2b5 100644 --- a/dlz_compile.diff +++ b/dlz_compile.diff @@ -1,5 +1,7 @@ ---- contrib/dlz/drivers/sdlz_helper.c -+++ contrib/dlz/drivers/sdlz_helper.c 2011/09/05 08:09:41 +Index: contrib/dlz/drivers/sdlz_helper.c +=================================================================== +--- contrib/dlz/drivers/sdlz_helper.c.orig ++++ contrib/dlz/drivers/sdlz_helper.c @@ -50,7 +50,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ diff --git a/ldapdump-allow-uri.diff b/ldapdump-allow-uri.diff deleted file mode 100644 index edc62f9..0000000 --- a/ldapdump-allow-uri.diff +++ /dev/null @@ -1,12 +0,0 @@ -Index: bind-9.6-ESVR4P3/vendor-files/tools/ldapdump -=================================================================== ---- bind-9.6-ESVR4P3.orig/vendor-files/tools/ldapdump -+++ bind-9.6-ESVR4P3/vendor-files/tools/ldapdump -@@ -622,6 +622,7 @@ sub getLDAPConfigServer { - my $data; - open( FILE, "< /etc/openldap/ldap.conf" ) or die "unable to open /etc/openldap/ldap.conf. $!"; - while() { -+ if ( /^uri\s+([^\s]*)\s*/i ) { $data = $1; last } - if ( /^host\s+([^\s]*)\s*/i ) { $data = $1; last } - } - close(FILE); diff --git a/named-bootconf.diff b/named-bootconf.diff index 361b3dd..fc18c23 100644 --- a/named-bootconf.diff +++ b/named-bootconf.diff @@ -1,5 +1,7 @@ ---- contrib/named-bootconf/named-bootconf.sh -+++ contrib/named-bootconf/named-bootconf.sh 2006/11/06 08:59:04 +Index: contrib/named-bootconf/named-bootconf.sh +=================================================================== +--- contrib/named-bootconf/named-bootconf.sh.orig ++++ contrib/named-bootconf/named-bootconf.sh @@ -54,7 +54,8 @@ # POSSIBILITY OF SUCH DAMAGE. @@ -10,7 +12,7 @@ ( umask 077 ; mkdir $WORKDIR ) || { echo "unable to create work directory '$WORKDIR'" >&2 exit 1 -@@ -308,7 +309,7 @@ +@@ -308,7 +309,7 @@ if [ $DUMP -eq 1 ]; then cat $ZONEFILE $COMMENTFILE rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE diff --git a/named-direct-proc-mount.diff b/named-direct-proc-mount.diff deleted file mode 100644 index 651a56b..0000000 --- a/named-direct-proc-mount.diff +++ /dev/null @@ -1,14 +0,0 @@ -Index: bind-9.7.2P3/vendor-files/init/named -=================================================================== ---- bind-9.7.2P3.orig/vendor-files/init/named 2010-12-09 16:17:51.000000000 +0100 -+++ bind-9.7.2P3/vendor-files/init/named 2010-12-09 16:19:55.060044775 +0100 -@@ -183,8 +183,7 @@ - # mount /proc for multicore CPUs (bnc#470828) - if [ ! -e "${CHROOT_PREFIX}/proc/meminfo" ]; then - mkdir -p "${CHROOT_PREFIX}/proc" -- mount --bind /proc "${CHROOT_PREFIX}/proc" 2>/dev/null -- mount -o remount,ro,nosuid,nodev ${CHROOT_PREFIX}/proc 2>/dev/null -+ mount -tproc -oro,nosuid,nodev,noexec proc ${CHROOT_PREFIX}/proc 2>/dev/null - fi; - - ########################### diff --git a/perl-path.diff b/perl-path.diff index 4e997e8..6a3b9db 100644 --- a/perl-path.diff +++ b/perl-path.diff @@ -1,21 +1,27 @@ ---- bin/tests/t_api.pl -+++ bin/tests/t_api.pl 2011/02/24 08:53:35 +Index: bin/tests/t_api.pl +=================================================================== +--- bin/tests/t_api.pl.orig ++++ bin/tests/t_api.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl # # Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1999-2001 Internet Software Consortium. ---- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl -+++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl 2011/02/24 08:53:13 +Index: contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl +=================================================================== +--- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl.orig ++++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w # $Id: generate_nameprep_data.pl,v 1.1.1.1 2003-06-04 00:27:54 marka Exp $ # # Copyright (c) 2001 Japan Network Information Center. All rights reserved. ---- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl -+++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl 2011/02/24 08:53:24 +Index: contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl +=================================================================== +--- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl.orig ++++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w diff --git a/pid-path.diff b/pid-path.diff index 00da028..d0a9eef 100644 --- a/pid-path.diff +++ b/pid-path.diff @@ -1,6 +1,8 @@ ---- bin/named/include/named/globals.h -+++ bin/named/include/named/globals.h 2009/01/28 11:01:54 -@@ -121,9 +121,9 @@ +Index: bin/named/include/named/globals.h +=================================================================== +--- bin/named/include/named/globals.h.orig ++++ bin/named/include/named/globals.h +@@ -134,9 +134,9 @@ EXTERN const char * lwresd_g_defaultpid "lwresd.pid"); #else EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR @@ -12,8 +14,10 @@ #endif EXTERN const char * ns_g_username INIT(NULL); ---- contrib/nanny/nanny.pl -+++ contrib/nanny/nanny.pl 2009/01/28 11:02:29 +Index: contrib/nanny/nanny.pl +=================================================================== +--- contrib/nanny/nanny.pl.orig ++++ contrib/nanny/nanny.pl @@ -19,7 +19,7 @@ # A simple nanny to make sure named stays running. diff --git a/pie_compile.diff b/pie_compile.diff index de54d71..a453968 100644 --- a/pie_compile.diff +++ b/pie_compile.diff @@ -1,6 +1,8 @@ ---- bin/Makefile.in -+++ bin/Makefile.in 2010/02/17 10:54:34 -@@ -23,4 +23,8 @@ +Index: bin/Makefile.in +=================================================================== +--- bin/Makefile.in.orig ++++ bin/Makefile.in +@@ -23,4 +23,8 @@ SUBDIRS = named rndc dig dnssec tests to check confgen @PKCS11_TOOLS@ TARGETS = @@ -9,9 +11,11 @@ @BIND9_MAKE_RULES@ + +LDFLAGS += -pie ---- bin/dig/Makefile.in -+++ bin/dig/Makefile.in 2010/02/17 10:52:39 -@@ -67,8 +67,12 @@ +Index: bin/dig/Makefile.in +=================================================================== +--- bin/dig/Makefile.in.orig ++++ bin/dig/Makefile.in +@@ -67,8 +67,12 @@ HTMLPAGES = dig.html host.html nslookup. MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -24,9 +28,11 @@ dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS} export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \ ${FINALBUILDCMD} ---- bin/dnssec/Makefile.in -+++ bin/dnssec/Makefile.in 2010/02/17 10:53:51 -@@ -60,8 +60,12 @@ +Index: bin/dnssec/Makefile.in +=================================================================== +--- bin/dnssec/Makefile.in.orig ++++ bin/dnssec/Makefile.in +@@ -60,8 +60,12 @@ HTMLPAGES = dnssec-dsfromkey.html dnssec MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -39,9 +45,11 @@ dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS} export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \ ${FINALBUILDCMD} ---- bin/nsupdate/Makefile.in -+++ bin/nsupdate/Makefile.in 2010/02/17 10:55:42 -@@ -64,8 +64,12 @@ +Index: bin/nsupdate/Makefile.in +=================================================================== +--- bin/nsupdate/Makefile.in.orig ++++ bin/nsupdate/Makefile.in +@@ -64,8 +64,12 @@ HTMLPAGES = nsupdate.html MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -54,9 +62,11 @@ nsupdate.@O@: nsupdate.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DSESSION_KEYFILE=\"${localstatedir}/run/named/session.key\" \ ---- bin/rndc/Makefile.in -+++ bin/rndc/Makefile.in 2010/02/17 10:57:03 -@@ -59,8 +59,12 @@ +Index: bin/rndc/Makefile.in +=================================================================== +--- bin/rndc/Makefile.in.orig ++++ bin/rndc/Makefile.in +@@ -59,8 +59,12 @@ HTMLPAGES = rndc.html rndc.conf.html MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -69,9 +79,11 @@ rndc.@O@: rndc.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ ---- bin/check/Makefile.in -+++ bin/check/Makefile.in 2005/06/17 13:01:56 -@@ -55,8 +55,12 @@ +Index: bin/check/Makefile.in +=================================================================== +--- bin/check/Makefile.in.orig ++++ bin/check/Makefile.in +@@ -57,8 +57,12 @@ HTMLPAGES = named-checkconf.html named-c MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -84,9 +96,11 @@ named-checkconf.@O@: named-checkconf.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ ---- bin/named/Makefile.in -+++ bin/named/Makefile.in 2005/06/17 12:41:37 -@@ -91,8 +91,12 @@ +Index: bin/named/Makefile.in +=================================================================== +--- bin/named/Makefile.in.orig ++++ bin/named/Makefile.in +@@ -109,8 +109,12 @@ HTMLPAGES = named.html lwresd.html named MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -99,18 +113,22 @@ main.@O@: main.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ ---- bin/named/unix/Makefile.in -+++ bin/named/unix/Makefile.in 2005/06/17 12:40:23 -@@ -33,4 +33,6 @@ +Index: bin/named/unix/Makefile.in +=================================================================== +--- bin/named/unix/Makefile.in.orig ++++ bin/named/unix/Makefile.in +@@ -34,4 +34,6 @@ SRCS = os.c dlz_dlopen_driver.c TARGETS = ${OBJS} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ ---- bin/confgen/Makefile.in -+++ bin/confgen/Makefile.in 2010/02/17 11:09:01 -@@ -64,8 +64,12 @@ +Index: bin/confgen/Makefile.in +=================================================================== +--- bin/confgen/Makefile.in.orig ++++ bin/confgen/Makefile.in +@@ -64,8 +64,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} UOBJS = unix/os.@O@ diff --git a/tmpfs.patch b/tmpfs.patch deleted file mode 100644 index edd37f4..0000000 --- a/tmpfs.patch +++ /dev/null @@ -1,31 +0,0 @@ -Index: vendor-files/init/lwresd -=================================================================== ---- vendor-files/init/lwresd.orig -+++ vendor-files/init/lwresd -@@ -118,6 +118,10 @@ function checkAndCopyConfigFiles - case "$1" in - start) - echo -n "Starting Lightweight resolver daemon " -+ # Create link if needed, /var/run might be on tmpfs -+ if [ ! -L /var/run/named ] ; then -+ ln -s ${CHROOT_PREFIX}/var/run/named /var/run/named -+ fi - checkAndCopyConfigFiles - startproc ${LWRESD_BIN} ${NAMED_ARGS} -u named - rc_status -v -Index: vendor-files/init/named -=================================================================== ---- vendor-files/init/named.orig -+++ vendor-files/init/named -@@ -231,6 +231,11 @@ case "$1" in - if [ ! -e /etc/named.d/forwarders.conf ]; then - touch /etc/named.d/forwarders.conf - fi -+ # Create link if needed, /var/run might be on tmpfs -+ if [ ! -L /var/run/named ] ; then -+ ln -s ${CHROOT_PREFIX}/var/run/named /var/run/named -+ fi -+ - checkproc -p ${NAMED_PID} ${NAMED_BIN} - case $? in - 0) echo -n "- Warning: named already running! " ;; diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2 index 0c45324..3f921b5 100644 --- a/vendor-files.tar.bz2 +++ b/vendor-files.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:0063db4271019d47c85d49a2d810e331d824df0bc2deaaa4228317dd1fd046e7 -size 20906 +oid sha256:81846ad3a3c44467009edfe3e5da8d74084631326690f4d5b785f4dcec2b2257 +size 20777