diff --git a/bind-9.9.1-P1.tar.gz b/bind-9.9.1-P1.tar.gz
new file mode 100644
index 0000000..8f46d44
--- /dev/null
+++ b/bind-9.9.1-P1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2dc5886b3eb6768d312b43dbe1e23a5b67b4f4dcfa1a65b1017e7710bb764627
+size 7223197
diff --git a/bind-9.9.1.tar.gz b/bind-9.9.1.tar.gz
deleted file mode 100644
index 8b10858..0000000
--- a/bind-9.9.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7599ae5a7d945707926019a6b191d06775e9657c68ced00e09af5bc751dad524
-size 7092357
diff --git a/bind.changes b/bind.changes
index 2ab516b..754ed59 100644
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Jun  5 16:30:32 CEST 2012 - ug@suse.de
+
+- updated dnszone-schema.txt
+
+-------------------------------------------------------------------
+Mon Jun  4 17:25:27 CEST 2012 - ug@suse.de
+
+- VUL-0: bind remote DoS via zero length rdata field
+  CVE-2012-1667
+  bnc#765315
+- 9.9.1-P1
+
 -------------------------------------------------------------------
 Tue May 22 10:04:42 CEST 2012 - ug@suse.de
 
diff --git a/bind.spec b/bind.spec
index c6e0399..447ca3e 100644
--- a/bind.spec
+++ b/bind.spec
@@ -19,7 +19,7 @@
 
 Name:           bind
 %define pkg_name bind
-%define pkg_vers 9.9.1
+%define pkg_vers 9.9.1-P1
 BuildRequires:  krb5-devel
 BuildRequires:  libcap
 BuildRequires:  libcap-devel
@@ -33,7 +33,7 @@ BuildRequires:  update-desktop-files
 Summary:        Domain Name System (DNS) Server (named)
 License:        BSD-3-Clause ; MIT
 Group:          Productivity/Networking/DNS/Servers
-Version:        9.9.1
+Version:        9.9.1P1
 Release:        0
 Provides:       dns_daemon bind8 bind9
 Obsoletes:      bind8 bind9
diff --git a/dnszone-schema.txt b/dnszone-schema.txt
index bd969ab..cf0751d 100644
--- a/dnszone-schema.txt
+++ b/dnszone-schema.txt
@@ -1,8 +1,12 @@
 # A schema for storing DNS zones in LDAP
 #
+# ORDERING is not necessary, and some servers don't support
+# integerOrderingMatch. Omit or change if you like
+
 attributetype ( 1.3.6.1.4.1.2428.20.0.0  NAME 'dNSTTL'
 	DESC 'An integer denoting time to live'
 	EQUALITY integerMatch
+	ORDERING integerOrderingMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
 
 attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
@@ -10,14 +14,8 @@ attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
 	EQUALITY caseIgnoreIA5Match
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
-attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName'
-	DESC 'The name of a zone, i.e. the name of the highest node in the zone'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName'
-	DESC 'The starting labels of a domain name'
+attributetype ( 1.3.6.1.4.1.2428.20.1.11 NAME 'wKSRecord'
+	DESC 'a well known service description, RFC 1035'
 	EQUALITY caseIgnoreIA5Match
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
@@ -46,6 +44,18 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord'
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
+attributetype ( 1.3.6.1.4.1.2428.20.1.17 NAME 'rPRecord'
+	DESC 'for Responsible Person, RFC 1183'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord'
+	DESC 'for AFS Data Base location, RFC 1183'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
 attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord'
 	DESC 'Signature, RFC 2535'
 	EQUALITY caseIgnoreIA5Match
@@ -58,6 +68,12 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord'
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
+attributetype ( 1.3.6.1.4.1.2428.20.1.27 NAME 'gPosRecord'
+	DESC 'Geographical Position, RFC 1712'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
 attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord'
 	DESC 'IPv6 address, RFC 1886'
 	EQUALITY caseIgnoreIA5Match
@@ -112,13 +128,68 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord'
 	SUBSTR caseIgnoreIA5SubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 
-objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
-        SUP top STRUCTURAL
-	MUST ( zoneName $ relativeDomainName )
-        MAY ( DNSTTL $ DNSClass $
-              ARecord $ MDRecord $ MXRecord $ NSRecord $
-	      SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
-              MINFORecord $ TXTRecord $ SIGRecord $ KEYRecord $
-              AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $
-              NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $
-              DNAMERecord ) )
+attributetype ( 1.3.6.1.4.1.2428.20.1.42 NAME 'aPLRecord'
+	DESC 'Lists of Address Prefixes, RFC 3123'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord'
+	DESC 'Delegation Signer, RFC 3658'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord'
+	DESC 'SSH Key Fingerprint, RFC 4255'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.45 NAME 'iPSecKeyRecord'
+	DESC 'SSH Key Fingerprint, RFC 4025'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord'
+	DESC 'RRSIG, RFC 3755'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord'
+	DESC 'NSEC, RFC 3755'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.48 NAME 'dNSKeyRecord'
+	DESC 'DNSKEY, RFC 3755'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.49 NAME 'dHCIDRecord'
+	DESC 'DHCID, RFC 4701'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.99 NAME 'sPFRecord'
+	DESC 'Sender Policy Framework, RFC 4408'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.2428.20.2 NAME 'dNSDomain2'
+	SUP 'dNSDomain' STRUCTURAL
+	MAY ( DNSTTL $ DNSClass $ WKSRecord $ PTRRecord $
+		HINFORecord $ MINFORecord $ TXTRecord $ RPRecord $
+		AFSDBRecord $ SIGRecord $ KEYRecord $ GPOSRecord $
+		AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $
+		NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $
+		DNAMERecord $ APLRecord $ DSRecord $ SSHFPRecord $
+		IPSECKEYRecord $ RRSIGRecord $ NSECRecord $
+		DNSKEYRecord $ DHCIDRecord $ SPFRecord
+	) )