From c6ec97ecb6ecabd3d3215c92b80ef21a5bd355a9cdc0c1270e243b7ada4275da Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Thu, 12 Jan 2017 12:21:22 +0000
Subject: [PATCH] Accepting request 449784 from home:simotek:branches:network

Fix bsc#1018699 by taking latest update in series 9.11 needs a little more work

OBS-URL: https://build.opensuse.org/request/show/449784
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=200
---
 baselibs.conf             |   6 +-
 bind-9.10.3-P4.tar.gz     |   3 -
 bind-9.10.3-P4.tar.gz.asc |  11 ---
 bind-9.10.4-P5.tar.gz     |   3 +
 bind-9.10.4-P5.tar.gz.asc |  17 +++++
 bind.changes              |  30 ++++++++
 bind.keyring              | 143 +++++++++++++++++---------------------
 bind.spec                 |  24 +++----
 dns_dynamic_db.patch      |  96 ++++++++++++-------------
 9 files changed, 174 insertions(+), 159 deletions(-)
 delete mode 100644 bind-9.10.3-P4.tar.gz
 delete mode 100644 bind-9.10.3-P4.tar.gz.asc
 create mode 100644 bind-9.10.4-P5.tar.gz
 create mode 100644 bind-9.10.4-P5.tar.gz.asc

diff --git a/baselibs.conf b/baselibs.conf
index 9c1ebe5..49c5207 100644
--- a/baselibs.conf
+++ b/baselibs.conf
@@ -1,5 +1,5 @@
 libbind9-140
-libdns162
+libdns165
 libidnkit1
 libidnkitlite1
 libidnkitres1
@@ -13,13 +13,13 @@ liblwres141
 bind-devel
 	requires -bind-<targettype>
 	requires "libbind9-140-<targettype> = <version>"
-	requires "libdns162-<targettype> = <version>"
+	requires "libdns165-<targettype> = <version>"
 	requires "libirs141-<targettype> = <version>"
 	requires "libisc160-<targettype> = <version>"
 	requires "libisccc140-<targettype> = <version>"
 	requires "libisccfg140-<targettype> = <version>"
 	requires "liblwres141-<targettype> = <version>"
 idnkit-devel
-	requires "libdns162-<targettype> = <version>"
+	requires "libdns165-<targettype> = <version>"
 	requires "libidnkit1-<targettype> = <version>"
 	requires "libidnkitlite1-<targettype> = <version>"
diff --git a/bind-9.10.3-P4.tar.gz b/bind-9.10.3-P4.tar.gz
deleted file mode 100644
index 4e517f6..0000000
--- a/bind-9.10.3-P4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2ac044b5fbdf45fb45107af0df961b3b7cb5262a3bf1948ed3fe7a170dd13e3e
-size 8529535
diff --git a/bind-9.10.3-P4.tar.gz.asc b/bind-9.10.3-P4.tar.gz.asc
deleted file mode 100644
index 5b4fe54..0000000
--- a/bind-9.10.3-P4.tar.gz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - http://gpgtools.org
-
-iQEcBAABAgAGBQJW1319AAoJEG+m68mRGkwC5S0H/AuD9XbH5GUvp8qedIT1nJX5
-9ifEodnIMsEqVFQVgAmRZHJp7dehq5gGXiWGn/7MD5WQzcxeRi3fIgrxcl6Gm2ig
-IV14kzK3xHQcdY97qJvSzwk72tBIRKG3M/PnvTaVpMb7Q/gWhVR8qXpbRtwEQ8NX
-mhO7Zut+idK45a48COnvqAMMQBNwjrz6WIYBoP1jvTY7jtM0GXJTmvVlEUxUgT71
-DiFthDL6pk90jjg+nbyvXK8tWEusGzGfDLHpfkZNIjYuoNh8vZbxLza3w6EmSoer
-D5/55C18U4bv4araCpbAh3HN3hMKh/OdjOpmJEBc6Lwj1UoiAZqbv28C7kIGklU=
-=2RyL
------END PGP SIGNATURE-----
diff --git a/bind-9.10.4-P5.tar.gz b/bind-9.10.4-P5.tar.gz
new file mode 100644
index 0000000..98f08d2
--- /dev/null
+++ b/bind-9.10.4-P5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:89c47b413613feddb1b623ad092f3def2247402e4148c464dbc6c0021e3f0feb
+size 9303205
diff --git a/bind-9.10.4-P5.tar.gz.asc b/bind-9.10.4-P5.tar.gz.asc
new file mode 100644
index 0000000..17a4cf4
--- /dev/null
+++ b/bind-9.10.4-P5.tar.gz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iQIcBAABAgAGBQJYUCKuAAoJEPGxG/Bc8C5XAawQAL/ZOekecEnCL9G7htXCttBd
+1C/5l42RhgEi0dqclc4BfqB8PqHKYiTEpRrouyQjNBJTjw/KLFST5BfHDyRJ/1BB
+z7+b5TNuPyM+v29j5eT7l//Y5C92CNazu7fwbKgq3+Nz1XrGCC1gMD2/45GwB8BA
+WMTEYCPqBPwfu2Rhg/pcAga/5a9ymTzFTlB/sZJ74gMpjEMDdqeR3tILAqGzIOGE
+kORJspF2ZKCvzCmv1ATP5VFH+iUgY/8nE0vuiun+cXXYlqLXVcyNWdgFgMx5ozcE
+Wrf6MSjgdh697C8rvdJEld7xcOC6XGZLU1RgykloW+rb19pLliEi5chPtWVEuVSm
+Hn9HqzUZSrmmqZpgHvbQvhVYoJsIgfS3lRdQIqiRZn2oKnUdHW7FwOU/ZH+L5elK
+Ggta7UYNZvLsGPtu997hZNB7javrlUGLVZzgl/LB4mBa2xI+hMgAyOE09CsTvVAE
+yBVuxnJ/L2yIjtdO7fy5C9HGyzN+vf5WUxZcfKpi1zLByEp9Pm71O0YWW9LNeU14
+qAFEcE3vvV0pAgE9tVBIPYf7AtO8O2tZVR/AGl9suacLzh5vXWy8WyXqPbZvBhQ/
+zVVhxlVIJQ9JtVfB1L8t2GT2lgMIN58V45C6ulXuN9RbcwbNerLBHDyIyzLBgX6p
+lFafztjStRds/JW9cnkd
+=Kgbj
+-----END PGP SIGNATURE-----
diff --git a/bind.changes b/bind.changes
index 88a2ff4..d94c988 100644
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Thu Jan 12 04:43:56 UTC 2017 - sflees@suse.de
+
+- Update to latest release in the 9.10.X series
+  * Security fixes in 9.10.4 
+    * Duplicate EDNS COOKIE options in a response could trigger an assertion failure. 
+      CVE-2016-2088. [RT #41809]
+    * The resolver could abort with an assertion failure due to improper DNAME handling
+      when parsing fetch reply messages. CVE-2016-1286. [RT #41753]
+    * Malformed control messages can trigger assertions in named and rndc. 
+      CVE-2016-1285. [RT #41666]
+    * Certain errors that could be encountered when printing out or logging an OPT record containing 
+      a CLIENT-SUBNET option could be mishandled, resulting in an assertion failure. CVE-2015-8705. [RT #41397]
+    * Specific APL data could trigger an INSIST. CVE-2015-8704. [RT #41396]
+    * Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing
+      a lookup. CVE-2015-8461. [RT#40945]
+    * Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, 
+      triggering a REQUIRE failure when those records were subsequently cached. CVE-2015-8000. [RT #40987]
+  * For Features and other fixes in 9.10.4 see https://kb.isc.org/article/AA-01380/0/BIND-9.10.4-Release-Notes.html
+  * Description of patch changes
+    * BIND 9.10.4-P5 addresses the security issues described in CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444. [bsc#1018699]
+    * BIND 9.10.4-P4 addresses the security issue described in CVE-2016-8864.
+    * BIND 9.10.4-P3 addresses the security issue described in CVE-2016-2776 and addresses an interoperability issue with ECS clients.
+    * BIND 9.10.4-P2 addresses the security issue described in CVE-2016-2775.
+    * BIND 9.10.4-P1 addresses Windows installation issues, the %z modifier is not supported under Windows and 
+      a race condition in the rbt/rbtdb implementation resulting in named exiting due to assertion failures being detected. 
+  * Following patches removed, fixed upstream
+    * cve-2016-2776.patch
+    * cve-2016-8864.patch
+
 -------------------------------------------------------------------
 Tue Nov  1 21:24:31 UTC 2016 - psimons@suse.com
 
diff --git a/bind.keyring b/bind.keyring
index 8b2b549..625e7d5 100644
--- a/bind.keyring
+++ b/bind.keyring
@@ -1,82 +1,65 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2
+Comment: GPGTools - http://gpgtools.org
 
-mQENBFR9szQBCADAwiKoEyFh32NHLc+c1vGgZ2lDKvXd7MoZZAOM2NUJkaDqt+Xy
-537ycGmZRqukpGUsa0fDeqjOq+l4paX3QnW1DEs8ypnWi5Zme4lYHysmNeG33ihe
-SMeGRbnZi+9VTho3NGv3iM9gtRMDXTB5wi7OCu0XNypUtR2afP9F9EgRs4nJ5iMz
-o5c1y0wH4y+lJ33NCHZDj8ditl64yMbuVlZOD3UxoQqw/8E6T4rHly64g9s6Ld7o
-YybSN/hKIXFZRqrTebEd2LwZqGhPQIgYDUdumwvtw6jfrosbMOx0tan3esnxlptl
-fbkmOsoi8pPJqlo2VtLBx9XN53ZFMqc/Pj3tABEBAAG0TUludGVybmV0IFN5c3Rl
-bXMgQ29uc29ydGl1bSwgSW5jLiAoU2lnbmluZyBrZXksIDIwMTUtMjAxNikgPGNv
-ZGVzaWduQGlzYy5vcmc+iEYEEBECAAYFAlSqwTUACgkQs9Bv5D4YwC2XOwCgyzqR
-Pw321UGSlg8BsLTL30oIp5sAnj0V/+8utHZDkXfCAVdaIIQNJmD/iEYEEBECAAYF
-AlSrw4MACgkQEKO5buIYjAZGywCfbu462hUgo3zPQHOm8Wo266j8qWUAni78PlKH
-BZ28H2Rjq+KhVJ45nZhHiEYEEBECAAYFAlTrQigACgkQi9gubzC5S1wIQQCgieUn
-67RR0OpW6y7mAYDbI0tsZgoAoIcrlgiZcRUQWEuguOXdkR/6oUtriQEcBBABAgAG
-BQJUrXNsAAoJEJbpllA5TJms5wcH/1Czp5cpkrxV/ONDuL5goYd/UpNS7P/VlowY
-S3uMUe0BEW5JSp0dzgqfBMQUe53cH+N6wFex23QlJbCM4S1fEuolMWI1X7f8KJtp
-8vMUTR9DgMINVM5Kw+YeM7ud8RLOe4qBOcyPUDYK6xr4wxA4zuDQqAxqjJHlEx7g
-19ED9yJX5JZ98FmsPS0rsA3h3LvkfFpIUuhTM3+uPSuktZNwjQtDPs8VQmydUtgB
-RToA/KJQfTibufUrzRwI73HakPUH/pwj7Ynkfy2YkKRpW30RtDyGZt3hOMNBIHPz
-57iFXLg4d7y8ZtgVOdcOGSsc9CYBwZxoAWrcv5r30RIW49fBmwOJARwEEAECAAYF
-AlStdBoACgkQvZfcY57oxHv+JwgAiO39F3dFN5z3JA/rlw8j43iMYkBKfOjFeJTv
-mp05gv8zgNiqlLHerEVC88HfJdeVWKV6r8bnzOmFtRR44Sjzg4/Wzz9J2x0Y3p+s
-54xrNrJi4zGUbwFCqFznkOntcrHlAIGt9Q6Ks9ztcxBiAqtLAj6+XlU0IXVX5Yym
-dusqYo3qkWm+HNxhYsf7JJMyGzsGuOsL9eV/+jplreVrIprdcxJDTUx4pUuGjJgn
-QqXhl+O6vpS3qV54ASW74VtJaniVhQ6+vTjWxRFnJQia2jZiFg/u5hawb53CcQat
-jSB886HKlb2xMbeF8T+jZOGiIIjQd5Vf6xeyKN0uNXTkiOBzu4kBHAQQAQIABgUC
-VK2fAAAKCRBFrHhXGJzbxYefB/0cNKb+GkiapChQ4mKInw7ozm4KmqrrGMWpddY5
-VY7nHuSfLCOpnFLFby6lyVNzTwjMWwDVs24GR22CZ9pYJm2uT4POxYEfgYOW3dRU
-lW16fJ6dk/4qHJXqTrSHn/4BZDUwQpH2z15rl6RZQSOB1QrkAjiY2lsdpCIxxy/d
-woltpsf1uYUJ40nXjzZnFXKmu5INc9ryBLCGTzNq86b1MWLqmXdyiWJOvho8SDEF
-FGQi0JJuXOTk6EJvhM90ofsrdchubf60RiwbD9n8EJw63Z7lNHvMaNfyriP+nRib
-FQUW7wSZBOZaBgVxEr3PcQBvmbXarw1MlROEbcKMZi9zf2sSiQEcBBABAgAGBQJU
-45s8AAoJEDp7U4zJG4K/oC0IAIqu8yhL2Omyw7qkFt+N8ByKvk/5T3UBQ3kf0JmQ
-TEU12ZpZFkQNxmTZ+nwJG2I1qxpSj8NnmLQVktFj9i8Eb65q0zqehgqCo8XRlAgO
-/7X8pcrZU21a9u0eoCT6DGUfvIcYo+dqiMV+VC31YMfQyGoJxueXQpTnjGAx46iJ
-PLjgehlU3GY4ZfWnGr8azez5Tkq+0hxGGVJgsLGzNYQVZjdL6JpVA8NMgvs2N4/a
-aAm5m83scYVdenIF+Fr3uCjjJnYiUn2gGAuXc/IAP67jbtrR5tNAPhs8BrZhJzxN
-yAdsZgxOZMe/Juqxe2nSZUYS+jXjPsZ/p/pO4dOCF5WVBgCJAT0EEwECACgFAlR9
-szQCGwMFCQQS0oAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEG+m68mRGkwC
-EPcH+KnXyRBITj/9i3xUwXqRyINtwJAA7DLjn/V+tlpf3BLmuL+l0fEHS/DhLCuk
-mAkSQsYbSwTNHBLztB4UK0YOEjAn/7klfqKfRwn6GvYbsMlSlWAqndjyURndyH6A
-BneTjm7POg5NPi2bq5daWQ6eU8mNRvWz1tXMv3NSwntdpXnHhpHcHDnf+LMkQhrF
-YePUISMDNELvA9Cmj8Qr59bMUF96dIIEkS9bW+Sia1vWMx2P66Gh3UvMV1cd1CMM
-JIqf8aWmf9hxn38uSJRLA0tOkvgLENsSKzhBY0Od0BH+71EQLXMNb/FAQLdTGwHT
-pmb01paMAfLyzSs6KGCh61quhokCHAQQAQoABgUCVK1/PAAKCRBXQSctAwfif73d
-EAC0v76ioGt7g7uwXDeuF2RDio2Pwn6mqrzgU6BnqwX8u8qUEWFWuhJmQstEaRk4
-+vLso2lLad/5DEjany+TqRwyA4GR6Q9krQ4mpMzaVLtLIXDDQGzkLjHvERjlsy5x
-eXHhooUhGe98R+8oyS0ykliiZd/aR+tGOZRPJmK/0zZ29aNi2n87oJwN4h6c/Gie
-oa2dO4iwnKbbIof+PXAhHczNAvV0ufhgXDbuf4ZjbuGbOVJzM2ej4iLnHpqAiqHv
-ZviVZdcs+9mBc+rrk6DJ03uVNakrLApykRxHoBSkbIhzoiBPT8vE9QMZCIZLWkWW
-Z791LKWCK4JuPP6iHNmmWacZwvRHOyXRTjWX4qBaVRugaIfETdVPy0tmwooTR7KL
-QwcjFlm5P20x+WoWC/EgcfXs1PvG6hLDc62HsqCgt9mykk4Ud/V9QFigaZCQf4sI
-5GuRr/jD24fzN1b0BVV0Df3tqQ9JbymKo0EBESZuYrA/RIM9oH4fE0PLSAEbcm2E
-f/kBbicLYrIWxgxcCKA0xoQ737bPPLE7EM8HJYMBZaUZl8eqXTauTxNBU9c6UhDV
-jhyViTcBv+cIYbIo+c6khSL64FPT32zDaDYR/0AUn6+u+JSVXjvxWl0oPMHOAOOt
-gKSXBOUwZC6r9vgBWH67kKPYr0ZGnhVN5lbfRfdmYgXOi4kCIgQQAQoADAUCVUg3
-zQWDA0hN5wAKCRAfRF6wIguS7NiaD/9nVUAIXSZx8xq2Lo37E6je1APbdSAT/K2T
-dLTMJsugzORVj4LVaSE4lOskMa3g8ffMdAnfGhEB5uLG9THDxOsvQ0ipdNdTr2hd
-pbo0v9J63H44LEaqKppOV3eHOJYXnfWI6Armv31cUGAuJkI1GZUIInL9jE80Ky/z
-YmkdSQwogPiSjb7i3ftS0QI7MR/hgJWz7vYLZ7o+Sqyse3PKl9Bw6SVL9oy05u/K
-x9nih5nh4mYWokfY3cEKVV9mhlTApkCgRqPWPVLN4/FfgoPIzKVG71wAVgkNwuZO
-AJH6+nNSV/N/nITyqLz0ddt4qxGtepZ+6P3FF7Qi4UNSGnhyHBbBkMbG3rRvo0VS
-gxWBUJQz3GAZjkS/YwGzR4F4P+IlFzj+1iKxke6vjGnXN06FzpsSYJ46j9EOk/+j
-2K1ir/pUn7hF4QeLUCnxQL785kUiKg2+8KWkM6hGawUsvH9TqAfqCp8Mu4YDGXG0
-KoBMeD7h6N9DZYGGk/kqbFhitnKZ2VanheaI6wFCjTCwDAnySfib+i1uKxaeddmS
-LMYiFlGz0E1pwjgALQF+qm6XHn6yD/vFLj/kiP1BtjY9dUTb6Yg3W01CyBOeFA/i
-SGZzWPgsbghlM7DJ16Jxq/Ij3M/7wfg6TiBgJoXLk7YXyWzGf2l2JI1kkLlZDCV7
-vAwC5+7ORLkBDQRUfbM0AQgAreBuzWxpZYdYbGw+6E5/7HXyDT/43t/h9kTtNN60
-82F06BjQsbG6X1UdGhmC89ueb4FmZmFgYyv+haVMS4X6xr8OvxIqpUONgiPSo7OK
-YwtiBophXxJDwuFQW1RCOblXkn8VD3s3M7Z8+AQijslshWuGw8Saz7WCX3Jqcpb/
-4dSi+XspTI1Gi99ol2k7i7K5j0IbPzvkOoTf0SF+UFY33pukJSan079VCzh4lOnq
-mS/YSQxVwRp20VcBUWVIV785R3zeBtVcz00JF9j3xkloHY6cjX+VTw6iZ0c637Pq
-Htt20L/DjaqyMGa77LYW2HhZfM93tZt+9V2UyNsEdkufwQARAQABiQElBBgBAgAP
-BQJUfbM0AhsMBQkEEtKAAAoJEG+m68mRGkwCERcH/Rer02pHu+BJlN53t6xIxao4
-tZmWgp2PHKzcED2HcRcKQXqAx0Thvo6QhQfRXZoUJgldmbIWiXS2rnRoRMPrZoKA
-I5W3GWTHlUe1MuX9PVV6d/1MMhKISYMEj7cMOqMDdg4fzoWqXsmr4QxnHh7YvnQ9
-ZbJFHcvOOnpMV71eHiupAmgjQ4G0vJfXc1978CvhnzkNfo7Wy/8IzRpaR8Zt0wB5
-4esNVEpqtodQvLJfiR+76ZmPwC2HEylUPJoeKX1YJfW7Aaj7quSK4Ay9RFufTmHk
-L3a3ZBRAkTWu8EqnMsQFbypCrl+ij7zIcdanO57iLiva4Qnf4UtSyO2VT7cX4+o=
-=vnk9
------END PGP PUBLIC KEY BLOCK-----
+mQINBFf1aL4BEADaw6pPFCoWEtbcGEbfFRsCxEK2PDjzG7+PWTDUpdJgzMvHKvWU
+BkKKpxxkWk6+irY4fZnaRkXKR6ggkTDRXucpssayXt95ZXdniOWGOuEGvGmIcif9
+klfvDLxK3dq1WrsRGs35FE4puxldS0RAS8dcRlq0bqMpnaSPxay8bdvQF8v5syIF
+vW2ySfT21e1YgaMdSCu92kmg7lzrPccKFNuX3xkosGIglnoVcjpXqsZEIZjj6YAw
+cZiEGB1Lxc88WjWbhrct0S1Z4zITapRAFdY65i1POmHmcyqEDlhYvbPIfk99PUvB
+o6SbvE5IGChc+O5cqwp9i8sTw/ABewUkv2rcRfjaehQzIm6HHq3lX+ukqinic1fc
++FsZnQNQXUoh9z3InKPzWkxOcc1DiXkMcXUdxSi7C0zghR/tFKTLHeTOxj8j6oaX
+DfWpdhBfFch2ogVQXZMyPaQxuObtG9aVffbpQsTHzAitz5/M7lXj2044DE8p9gcq
+ORMZnqAE/uVuYvGzdQZJEx8pDma4Aegx/Nn0Wpv19U2zw2dfGon3Ckrdi8G77K10
+5++BB0ZFDia93kkEodcyJtdLMhFSxXV2XMMN8frO4jhHq86lnG71kbb5Y2ZdrkXz
+BCGo6sVMVqWWEXUp4COfgEboeDneLUTlVLFQbgqpgWCCFZKz/k0hQpZbOQARAQAB
+tE1JbnRlcm5ldCBTeXN0ZW1zIENvbnNvcnRpdW0sIEluYy4gKFNpZ25pbmcga2V5
+LCAyMDE3LTIwMTgpIDxjb2Rlc2lnbkBpc2Mub3JnPokCPwQTAQgAKQUCV/VovgIb
+AwUJBF9JgAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEPGxG/Bc8C5XwvEP
+/jRPx7GaTG4PqXiNptV36r1q+Eg92oRozUqNcuhN/l09gThyClfQylsEhZBcTT3I
+VAjqqqAott5XNqw8pyPjERMFnqal0zBMZTln9RLkLnvoWQrHnEzG3CJ9Ndkk7niM
+DOpRI71h8+nMl7YbkXOy87qamvoZ2BQZcdL+a8R5p733JaPMDUy5leZKNiywThQQ
+iEtpWuz5u+zoALP5EKedPKCr0+xfGTUS5qptR2nHnRXnZouPfbQWKyEWtC3Qbiu+
+0ir9e2/4pp725g+os8TDCyzfRDLgD1cbxPrObwDAiw1B8KrL5l9WD70vfYpyMuvj
+aUVkNbL5kFEuKKOrQSxyehyR8pgUyUnYUejmSdXDg/BmOpXr6gscnRDpq7Th6yew
+85Dy5ntYHVAO2Qq6Iafnsun0/i1g0Wlv+OEbN+YIXTMbweCt5qddC1ak6I0WomiP
+Frh8a2EeFrpRGEsKR9aFxUb+HdobclBMV4T2siewcW12W+MWnvRzVcMxFs/Yf1Wi
+4DTb0sAztpftYk3vOVFkhIlTtgp0u9GPkSgCwIeW1ZCVMnxaWMfzDvzjt0cp09MQ
+a6MBwIoKPLIRwVOzoyIhS9PrI26e/hdcQPaJo6ESYbJGT64lTbkVoaWkKKbJbJrG
+gTnIzoxDL7l9rlYGOy3G1M6jZvT8uFanMM9vl22QfT5niQEcBBABCAAGBQJYPPzW
+AAoJEG+m68mRGkwCqeMH/3sYTCls7frQzPDsNxc6sUowMvIHmU99ybUNzcIBEG4v
+uBTCTKQm4ubC0vQN1YSGgQwkRAaVLLATA6hXvq0Rif0LHm2U3gNOTl3I4khgy2pp
+gE0NNaXJ5WZUFITN2vY41z6RqUccW2vVSa4EfsQF53AshsRC81wjKHx09UX04dtz
+AczeqBBoNAQ9IOm4hagiD7uZm9GFg8h0p+f2QgEIz68LOV/EOebyVDCoaU1DV2u2
+PYDcIwJHHSVBwvmzDDOKqUkqicsOzpMqE96/oZ6vtzTAmQMavQJ5PH4iAlLc5kYs
+Cg1fRhSkfw5FKh7I+1OGaNcqqWHRqMXHa/XqgF/IUmyJARwEEAEIAAYFAlg8/UYA
+CgkQlumWUDlMmawx6wf+LrvfHO4STQygjoAVpLPL/XwB5DohSrLNygoTJX2D9jol
+jgek57VXfJHY2wRWZgCUJ4lN9yUjPnIN5Z2LcmAY4CX4F2QOyWPIplnsggG1mn9z
+ERqSNXIdJmNkP8A3/wfmcxgIHUUgM947HpQWC20uNls/27UXGyWZpRsfsE1qza67
+BDCwRwmkJ3Du34tLUH3eup321DX8edmBcVd8zcBhxg4I85mexO6ypq+/u89GSHrC
+HZntHaowd42s+Ej2ApcING01WkxgIhvjc/BI7MLQcJ9YGCJWo16nbwrk+7crfP1O
+t6yaXPuGWzaCTyEzVdxAl3ONVk+TUfS7nOaakofzRrkCDQRX9Wi+ARAA7jZa8vD6
+sow7Jf6JaeW1HN2Pe4yshwGDYIYNFa8MKCrWhhonll2lex7VLJZrZlJY+y/A8s7w
+bzpZimcBpwBAOlCUhxGPlW2M48Smj80x7ViaWbX7JGZMgkHmMu8gocZOdNJIVPMD
+T+fs3ZBVPnfeY5Y9ENuikv2S5yv9MGaEsxkTVdvgnk5T87T7s6LXKWOXoP+19A/4
+nvFhOwTitgaMTVh75qZh43gKFuWrAZSeh8nezjdLWz/Ponh23AMWqZK/SBK9dvv0
+T4ZrqwMEU9Vt1zSj26h4RDJmp6Y7/UBWZ84brD7pnm0vRd0tyHUjx52WbArqVeVX
+u3es6r23W9H/5xP+7Ufu4xBTXuPdZCVJ810ze6yn4yZCFZMZWA5Ax/Ctq+5DWwpH
+bNrETfsPP7/ERCZAN9RRoX9qDupoFfjWtzaWLUjfLUtsfaAuXDLXhJb5wcaA3xNG
+FB0r+TcubBo41v/kR6qtVcaigR2G25UKX0dTrBLFs0VieEeRfErpvJPV30QHak9O
+IBPQ5ZhrIOGTZ+HdUfkr12qIyEYczqxbtrYRL0CadXGDIzPQkiFPqt9NtRPpYhA+
+84OXeQ9fZdolQJiZF3yrBXb+Jh0tTjPyA4LbtL4O4OKkUQeKBkEZUpdvPBJabsKP
+5jtS18MqpOqB96WQfhbu2saNcTeRD72GaxcAEQEAAYkCJQQYAQgADwUCV/VovgIb
+DAUJBF9JgAAKCRDxsRvwXPAuV8rPEACvmX/uXTjRHgI3Ofqk+AcSqwfR9XMxnV9i
+II7AazAwh2QhUX71ITBvdOW9YmztescIBMP1a18CULo1kinOLix7ihfUjXcKf6AV
+KcpbR5tGVFSc6Z0KS7jaMGHNoSlC0UkSo1EZAcOZ9ICvjprwgNrkRxEQXVKJCZla
+2o0yFbWDrqszL0VGIDm6NRAItCy8JaAiA2Ze8v1ngCTP+LHL30UT72dswpp+0JCm
+cWntZ1ikQokrmXVVfRNObDgtHNj+BAPqaml8hy5Gdv1zhy9HlXpLO85e6qeMgVmm
+X5lP4d0gT78YZNCEK/j2dDZM6voKldGs4ejsumuUs9ToSbcXWsfYfVsDtSnAUWui
+AvFDrWxh7h2tExire/92Plud82YMidayvUGyTFUpzcxXGlqbCnsCZNIjUjC0qZax
+FD2jXRlCxn8RtR8dY0QmnU1rG6h0baZDPn0mgH3TCpTxCJc3oA/plyli6Gfg+Vsh
+YKDcZ1FdUlmIfx/tZygCABPRbKiB2DNr5S4Vd5VYZFGUR/hAvrVoE0f/X5bcRavu
+daZUIbaHdYuWZP1gIqFp5muOSuDp73ddrIdEbEIeS1JfDcy+jPCFfl2w6TuORSah
+UE6h7ewfx3MRCAoHVkyEgUA1XR+7Ic5N4mdoq/9lBVk5oJm58uJtAWbgEs5p5ky5
+twX4/LLOqg==
+=KES6
+-----END PGP PUBLIC KEY BLOCK-----
\ No newline at end of file
diff --git a/bind.spec b/bind.spec
index b16daca..09e264e 100644
--- a/bind.spec
+++ b/bind.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package bind
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,8 +18,8 @@
 
 Name:           bind
 %define pkg_name bind
-%define pkg_vers 9.10.3-P4
-%define rpm_vers 9.10.3P4
+%define pkg_vers 9.10.4-P5
+%define rpm_vers 9.10.4P5
 %define idn_vers 1.0
 Summary:        Domain Name System (DNS) Server (named)
 License:        ISC
@@ -45,8 +45,6 @@ Patch52:        named-bootconf.diff
 Patch53:        bind-sdb-ldap.patch
 Patch101:       runidn.diff
 Patch102:       idnkit-powerpc-ltconfig.patch
-Patch103:       cve-2016-2776.patch
-Patch104:       cve-2016-8864.patch
 BuildRequires:  krb5-devel
 BuildRequires:  libcap-devel
 BuildRequires:  libmysqlclient-devel
@@ -142,13 +140,13 @@ Release:        0
 This library contains a few utility functions used by the BIND
 server and utilities.
 
-%package -n libdns162
+%package -n libdns165
 Summary:        DNS library used by BIND
 Group:          System/Libraries
 Version:        %rpm_vers
 Release:        0
 
-%description -n libdns162
+%description -n libdns165
 This subpackage contains the "DNS client" module. This is a higher
 level API that provides an interface to name resolution, single DNS
 transaction with a particular server, and dynamic update. Regarding
@@ -299,7 +297,7 @@ Group:          Development/Libraries/C and C++
 Version:        %rpm_vers
 Release:        0
 Requires:       libbind9-140 = %version
-Requires:       libdns162 = %version
+Requires:       libdns165 = %version
 Requires:       libirs141 = %version
 Requires:       libisc160 = %version
 Requires:       libisccc140 = %version
@@ -378,8 +376,6 @@ Name Domain (BIND) DNS server is found in the package named bind.
 %patch53
 %patch101 -p1
 %patch102 -p1
-%patch103 -p1
-%patch104 -p1
 
 # use the year from source gzip header instead of current one to make reproducible rpms
 year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{S:0})
@@ -734,8 +730,8 @@ fi
 
 %post   -n libbind9-140 -p /sbin/ldconfig
 %postun -n libbind9-140 -p /sbin/ldconfig
-%post   -n libdns162 -p /sbin/ldconfig
-%postun -n libdns162 -p /sbin/ldconfig
+%post   -n libdns165 -p /sbin/ldconfig
+%postun -n libdns165 -p /sbin/ldconfig
 %post   -n libidnkit1 -p /sbin/ldconfig
 %postun -n libidnkit1 -p /sbin/ldconfig
 %post   -n libidnkitlite1 -p /sbin/ldconfig
@@ -873,9 +869,9 @@ fi
 %defattr(-,root,root)
 %_libdir/libbind9.so.140*
 
-%files -n libdns162
+%files -n libdns165
 %defattr(-,root,root)
-%_libdir/libdns.so.162*
+%_libdir/libdns.so.165*
 
 %files -n libidnkit1
 %defattr(-,root,root)
diff --git a/dns_dynamic_db.patch b/dns_dynamic_db.patch
index 9d9569e..cd02ab4 100644
--- a/dns_dynamic_db.patch
+++ b/dns_dynamic_db.patch
@@ -7,10 +7,10 @@
 #
 # Based on the original patch, some minor adjustments to line numbers are made by Howard Guo <hguo@suse.com>.
 
-Index: bind-9.10.3-P2/bin/named/main.c
+Index: bind-9.10.4-P5/bin/named/main.c
 ===================================================================
---- bind-9.10.3-P2.orig/bin/named/main.c
-+++ bind-9.10.3-P2/bin/named/main.c
+--- bind-9.10.4-P5.orig/bin/named/main.c
++++ bind-9.10.4-P5/bin/named/main.c
 @@ -43,6 +43,7 @@
  #include <isccc/result.h>
  
@@ -19,10 +19,10 @@ Index: bind-9.10.3-P2/bin/named/main.c
  #include <dns/name.h>
  #include <dns/result.h>
  #include <dns/view.h>
-Index: bind-9.10.3-P2/bin/named/server.c
+Index: bind-9.10.4-P5/bin/named/server.c
 ===================================================================
---- bind-9.10.3-P2.orig/bin/named/server.c
-+++ bind-9.10.3-P2/bin/named/server.c
+--- bind-9.10.4-P5.orig/bin/named/server.c
++++ bind-9.10.4-P5/bin/named/server.c
 @@ -68,6 +68,7 @@
  #include <dns/db.h>
  #include <dns/dispatch.h>
@@ -31,7 +31,7 @@ Index: bind-9.10.3-P2/bin/named/server.c
  #include <dns/dns64.h>
  #include <dns/forward.h>
  #include <dns/journal.h>
-@@ -1309,6 +1310,72 @@
+@@ -1310,6 +1311,72 @@ configure_peer(const cfg_obj_t *cpeer, i
  }
  
  static isc_result_t
@@ -104,7 +104,7 @@ Index: bind-9.10.3-P2/bin/named/server.c
  disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
  	isc_result_t result;
  	const cfg_obj_t *algorithms;
-@@ -2344,6 +2411,7 @@
+@@ -2349,6 +2416,7 @@ configure_view(dns_view_t *view, dns_vie
  	const cfg_obj_t *dlz;
  	unsigned int dlzargc;
  	char **dlzargv;
@@ -112,7 +112,7 @@ Index: bind-9.10.3-P2/bin/named/server.c
  	const cfg_obj_t *disabled;
  	const cfg_obj_t *obj;
  #ifdef ENABLE_FETCHLIMIT
-@@ -2623,6 +2691,8 @@
+@@ -2628,6 +2696,8 @@ configure_view(dns_view_t *view, dns_vie
  		}
  	}
  
@@ -121,7 +121,7 @@ Index: bind-9.10.3-P2/bin/named/server.c
  	/*
  	 * Obtain configuration parameters that affect the decision of whether
  	 * we can reuse/share an existing cache.
-@@ -3698,6 +3768,37 @@
+@@ -3704,6 +3774,37 @@ configure_view(dns_view_t *view, dns_vie
  		dns_view_setrootdelonly(view, ISC_FALSE);
  
  	/*
@@ -159,7 +159,7 @@ Index: bind-9.10.3-P2/bin/named/server.c
  	 * Setup automatic empty zones.  If recursion is off then
  	 * they are disabled by default.
  	 */
-@@ -5443,6 +5544,7 @@
+@@ -5457,6 +5558,7 @@ load_configuration(const char *filename,
  		cfg_aclconfctx_detach(&ns_g_aclconfctx);
  	CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx));
  
@@ -167,7 +167,7 @@ Index: bind-9.10.3-P2/bin/named/server.c
  	/*
  	 * Parse the global default pseudo-config file.
  	 */
-@@ -6671,6 +6773,8 @@
+@@ -6685,6 +6787,8 @@ shutdown_server(isc_task_t *task, isc_ev
  			dns_view_detach(&view);
  	}
  
@@ -176,10 +176,10 @@ Index: bind-9.10.3-P2/bin/named/server.c
  	while ((nsc = ISC_LIST_HEAD(server->cachelist)) != NULL) {
  		ISC_LIST_UNLINK(server->cachelist, nsc, link);
  		dns_cache_detach(&nsc->cache);
-Index: bind-9.10.3-P2/lib/dns/dynamic_db.c
+Index: bind-9.10.4-P5/lib/dns/dynamic_db.c
 ===================================================================
 --- /dev/null
-+++ bind-9.10.3-P2/lib/dns/dynamic_db.c
++++ bind-9.10.4-P5/lib/dns/dynamic_db.c
 @@ -0,0 +1,366 @@
 +/*
 + * Copyright (C) 2008-2011  Red Hat, Inc.
@@ -547,10 +547,10 @@ Index: bind-9.10.3-P2/lib/dns/dynamic_db.c
 +
 +	return args->timermgr;
 +}
-Index: bind-9.10.3-P2/lib/dns/include/dns/dynamic_db.h
+Index: bind-9.10.4-P5/lib/dns/include/dns/dynamic_db.h
 ===================================================================
 --- /dev/null
-+++ bind-9.10.3-P2/lib/dns/include/dns/dynamic_db.h
++++ bind-9.10.4-P5/lib/dns/include/dns/dynamic_db.h
 @@ -0,0 +1,50 @@
 +/*
 + * Copyright (C) 2008-2011  Red Hat, Inc.
@@ -602,11 +602,11 @@ Index: bind-9.10.3-P2/lib/dns/include/dns/dynamic_db.h
 +isc_timermgr_t *dns_dyndb_get_timermgr(dns_dyndb_arguments_t *args);
 +
 +#endif
-Index: bind-9.10.3-P2/lib/dns/include/dns/log.h
+Index: bind-9.10.4-P5/lib/dns/include/dns/log.h
 ===================================================================
---- bind-9.10.3-P2.orig/lib/dns/include/dns/log.h
-+++ bind-9.10.3-P2/lib/dns/include/dns/log.h
-@@ -78,6 +78,7 @@
+--- bind-9.10.4-P5.orig/lib/dns/include/dns/log.h
++++ bind-9.10.4-P5/lib/dns/include/dns/log.h
+@@ -78,6 +78,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodul
  #define DNS_LOGMODULE_DNSSEC		(&dns_modules[27])
  #define DNS_LOGMODULE_CRYPTO		(&dns_modules[28])
  #define DNS_LOGMODULE_PACKETS		(&dns_modules[29])
@@ -614,11 +614,11 @@ Index: bind-9.10.3-P2/lib/dns/include/dns/log.h
  
  ISC_LANG_BEGINDECLS
  
-Index: bind-9.10.3-P2/lib/dns/include/dns/Makefile.in
+Index: bind-9.10.4-P5/lib/dns/include/dns/Makefile.in
 ===================================================================
---- bind-9.10.3-P2.orig/lib/dns/include/dns/Makefile.in
-+++ bind-9.10.3-P2/lib/dns/include/dns/Makefile.in
-@@ -23,7 +23,7 @@
+--- bind-9.10.4-P5.orig/lib/dns/include/dns/Makefile.in
++++ bind-9.10.4-P5/lib/dns/include/dns/Makefile.in
+@@ -23,7 +23,7 @@ VERSION=@BIND9_VERSION@
  
  HEADERS =	acache.h acl.h adb.h bit.h byaddr.h cache.h callbacks.h cert.h \
  		client.h clientinfo.h compress.h \
@@ -627,11 +627,11 @@ Index: bind-9.10.3-P2/lib/dns/include/dns/Makefile.in
  		dlz.h dlz_dlopen.h dns64.h dnssec.h ds.h dsdigest.h \
  		ecdb.h events.h fixedname.h forward.h geoip.h iptable.h \
  		journal.h keydata.h keyflags.h keytable.h keyvalues.h \
-Index: bind-9.10.3-P2/lib/dns/include/dns/types.h
+Index: bind-9.10.4-P5/lib/dns/include/dns/types.h
 ===================================================================
---- bind-9.10.3-P2.orig/lib/dns/include/dns/types.h
-+++ bind-9.10.3-P2/lib/dns/include/dns/types.h
-@@ -140,6 +140,7 @@
+--- bind-9.10.4-P5.orig/lib/dns/include/dns/types.h
++++ bind-9.10.4-P5/lib/dns/include/dns/types.h
+@@ -140,6 +140,7 @@ typedef struct dns_zone				dns_zone_t;
  typedef ISC_LIST(dns_zone_t)			dns_zonelist_t;
  typedef struct dns_zonemgr			dns_zonemgr_t;
  typedef struct dns_zt				dns_zt_t;
@@ -639,11 +639,11 @@ Index: bind-9.10.3-P2/lib/dns/include/dns/types.h
  
  /*
   * If we are not using GSSAPI, define the types we use as opaque types here.
-Index: bind-9.10.3-P2/lib/dns/log.c
+Index: bind-9.10.4-P5/lib/dns/log.c
 ===================================================================
---- bind-9.10.3-P2.orig/lib/dns/log.c
-+++ bind-9.10.3-P2/lib/dns/log.c
-@@ -84,6 +84,7 @@
+--- bind-9.10.4-P5.orig/lib/dns/log.c
++++ bind-9.10.4-P5/lib/dns/log.c
+@@ -84,6 +84,7 @@ LIBDNS_EXTERNAL_DATA isc_logmodule_t dns
  	{ "dns/dnssec",		0 },
  	{ "dns/crypto",		0 },
  	{ "dns/packets",	0 },
@@ -651,11 +651,11 @@ Index: bind-9.10.3-P2/lib/dns/log.c
  	{ NULL, 		0 }
  };
  
-Index: bind-9.10.3-P2/lib/dns/Makefile.in
+Index: bind-9.10.4-P5/lib/dns/Makefile.in
 ===================================================================
---- bind-9.10.3-P2.orig/lib/dns/Makefile.in
-+++ bind-9.10.3-P2/lib/dns/Makefile.in
-@@ -65,7 +65,7 @@
+--- bind-9.10.4-P5.orig/lib/dns/Makefile.in
++++ bind-9.10.4-P5/lib/dns/Makefile.in
+@@ -65,7 +65,7 @@ GEOIPLINKOBJS = geoip.@O@
  DNSOBJS =	acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \
  		cache.@O@ callbacks.@O@ clientinfo.@O@ compress.@O@ \
  		db.@O@ dbiterator.@O@ dbtable.@O@ diff.@O@ dispatch.@O@ \
@@ -664,16 +664,16 @@ Index: bind-9.10.3-P2/lib/dns/Makefile.in
  		iptable.@O@ journal.@O@ keydata.@O@ keytable.@O@ \
  		lib.@O@ log.@O@ lookup.@O@ \
  		master.@O@ masterdump.@O@ message.@O@ \
-@@ -103,7 +103,7 @@
+@@ -103,7 +103,7 @@ GEOIOLINKSRCS = geoip.c
  DNSSRCS =	acache.c acl.c adb.c byaddr.c \
  		cache.c callbacks.c clientinfo.c compress.c \
  		db.c dbiterator.c dbtable.c diff.c dispatch.c \
--		dlz.c dns64.c dnssec.c ds.c forward.c geoip.c \
-+		dlz.c dns64.c dnssec.c ds.c dynamic_db.c forward.c geoip.c \
+-		dlz.c dns64.c dnssec.c ds.c forward.c \
++		dlz.c dns64.c dnssec.c ds.c dynamic_db.c forward.c \
  		iptable.c journal.c keydata.c keytable.c lib.c log.c \
  		lookup.c master.c masterdump.c message.c \
  		name.c ncache.c nsec.c nsec3.c order.c peer.c portlist.c \
-@@ -138,6 +138,11 @@
+@@ -138,6 +138,11 @@ version.@O@: version.c
  		-DLIBAGE=${LIBAGE} \
  		-c ${srcdir}/version.c
  
@@ -685,11 +685,11 @@ Index: bind-9.10.3-P2/lib/dns/Makefile.in
  libdns.@SA@: ${OBJS}
  	${AR} ${ARFLAGS} $@ ${OBJS}
  	${RANLIB} $@
-Index: bind-9.10.3-P2/lib/isccfg/namedconf.c
+Index: bind-9.10.4-P5/lib/isccfg/namedconf.c
 ===================================================================
---- bind-9.10.3-P2.orig/lib/isccfg/namedconf.c
-+++ bind-9.10.3-P2/lib/isccfg/namedconf.c
-@@ -661,6 +661,40 @@
+--- bind-9.10.4-P5.orig/lib/isccfg/namedconf.c
++++ bind-9.10.4-P5/lib/isccfg/namedconf.c
+@@ -666,6 +666,40 @@ static cfg_type_t cfg_type_transferforma
  	&transferformat_enums
  };
  
@@ -730,7 +730,7 @@ Index: bind-9.10.3-P2/lib/isccfg/namedconf.c
  /*%
   * The special keyword "none", as used in the pid-file option.
   */
-@@ -962,6 +996,7 @@
+@@ -969,6 +1003,7 @@ namedconf_or_view_clauses[] = {
  	{ "key", &cfg_type_key, CFG_CLAUSEFLAG_MULTI },
  	{ "zone", &cfg_type_zone, CFG_CLAUSEFLAG_MULTI },
  	{ "dlz", &cfg_type_dlz, CFG_CLAUSEFLAG_MULTI },
@@ -738,7 +738,7 @@ Index: bind-9.10.3-P2/lib/isccfg/namedconf.c
  	{ "server", &cfg_type_server, CFG_CLAUSEFLAG_MULTI },
  	{ "trusted-keys", &cfg_type_dnsseckeys, CFG_CLAUSEFLAG_MULTI },
  	{ "managed-keys", &cfg_type_managedkeys, CFG_CLAUSEFLAG_MULTI },
-@@ -2188,6 +2223,7 @@
+@@ -2230,6 +2265,7 @@ static cfg_type_t cfg_type_dialuptype =
  	&cfg_rep_string, dialup_enums
  };
  
@@ -746,8 +746,8 @@ Index: bind-9.10.3-P2/lib/isccfg/namedconf.c
  static const char *notify_enums[] = { "explicit", "master-only", NULL };
  static isc_result_t
  parse_notify_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
-@@ -3256,3 +3292,4 @@
- 	"maxttl_no_default", parse_maxttl, cfg_print_ustring, cfg_doc_terminal,
+@@ -3335,3 +3371,4 @@ static cfg_type_t cfg_type_maxttl = {
+ 	"maxttl_no_default", parse_maxttl, cfg_print_ustring, doc_maxttl,
  	&cfg_rep_string, maxttl_enums
  };
 +