rpm/bind
SHA256
1
0
Fork 0
forked from pool/bind
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=3

Browse Source
This commit is contained in:
OBS User unknown 2007-01-19 14:23:41 +00:00 committed by Git OBS Bridge
parent 4bfd8e419c
commit ef34d19725
8 changed files with 54 additions and 293 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
VU697164_VU915404.diff
View File

@ -1,154 +0,0 @@
Index: bin/named/query.c
===================================================================
RCS file: /proj/cvs/prod/bind9/bin/named/query.c,v
retrieving revision 1.198.2.13.4.36
diff -u -r1.198.2.13.4.36 query.c
--- bin/named/query.c 11 Aug 2005 05:25:20 -0000 1.198.2.13.4.36
+++ bin/named/query.c 28 Jul 2006 03:41:15 -0000
@@ -2393,7 +2393,7 @@
is_zone = ISC_FALSE;
qtype = event->qtype;
- if (qtype == dns_rdatatype_rrsig)
+ if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
type = dns_rdatatype_any;
else
type = qtype;
@@ -2434,7 +2434,7 @@
/*
* If it's a SIG query, we'll iterate the node.
*/
- if (qtype == dns_rdatatype_rrsig)
+ if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
type = dns_rdatatype_any;
else
type = qtype;
Index: lib/dns/resolver.c
===================================================================
RCS file: /proj/cvs/prod/bind9/lib/dns/resolver.c,v
retrieving revision 1.218.2.18.4.56
diff -u -r1.218.2.18.4.56 resolver.c
--- lib/dns/resolver.c 14 Oct 2005 01:38:48 -0000 1.218.2.18.4.56
+++ lib/dns/resolver.c 28 Jul 2006 03:41:25 -0000
@@ -762,7 +762,8 @@
INSIST(result != ISC_R_SUCCESS ||
dns_rdataset_isassociated(event->rdataset) ||
fctx->type == dns_rdatatype_any ||
- fctx->type == dns_rdatatype_rrsig);
+ fctx->type == dns_rdatatype_rrsig ||
+ fctx->type == dns_rdatatype_sig);
isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event));
}
@@ -3188,7 +3189,8 @@
if (hevent != NULL) {
if (!negative && !chaining &&
(fctx->type == dns_rdatatype_any ||
- fctx->type == dns_rdatatype_rrsig)) {
+ fctx->type == dns_rdatatype_rrsig ||
+ fctx->type == dns_rdatatype_sig)) {
/*
* Don't bind rdatasets; the caller
* will iterate the node.
@@ -3306,7 +3308,8 @@
if (!ISC_LIST_EMPTY(fctx->validators)) {
INSIST(!negative);
INSIST(fctx->type == dns_rdatatype_any ||
- fctx->type == dns_rdatatype_rrsig);
+ fctx->type == dns_rdatatype_rrsig ||
+ fctx->type == dns_rdatatype_sig);
/*
* Don't send a response yet - we have
* more rdatasets that still need to
@@ -3455,14 +3458,15 @@
return (result);
anodep = &event->node;
/*
- * If this is an ANY or SIG query, we're not going
- * to return any rdatasets, unless we encountered
+ * If this is an ANY, SIG or RRSIG query, we're not
+ * going to return any rdatasets, unless we encountered
* a CNAME or DNAME as "the answer". In this case,
* we're going to return DNS_R_CNAME or DNS_R_DNAME
* and we must set up the rdatasets.
*/
if ((fctx->type != dns_rdatatype_any &&
- fctx->type != dns_rdatatype_rrsig) ||
+ fctx->type != dns_rdatatype_rrsig &&
+ fctx->type != dns_rdatatype_sig) ||
(name->attributes & DNS_NAMEATTR_CHAINING) != 0) {
ardataset = event->rdataset;
asigrdataset = event->sigrdataset;
@@ -3521,7 +3525,7 @@
*/
if (secure_domain && rdataset->trust != dns_trust_glue) {
/*
- * SIGs are validated as part of validating the
+ * RRSIGs are validated as part of validating the
* type they cover.
*/
if (rdataset->type == dns_rdatatype_rrsig)
@@ -3591,7 +3595,8 @@
if (ANSWER(rdataset) && need_validation) {
if (fctx->type != dns_rdatatype_any &&
- fctx->type != dns_rdatatype_rrsig) {
+ fctx->type != dns_rdatatype_rrsig &&
+ fctx->type != dns_rdatatype_sig) {
/*
* This is The Answer. We will
* validate it, but first we cache
@@ -3763,23 +3768,28 @@
isc_result_t *eresultp)
{
isc_result_t result;
+ dns_rdataset_t rdataset;
+
+ if (ardataset == NULL) {
+ dns_rdataset_init(&rdataset);
+ ardataset = &rdataset;
+ }
result = dns_ncache_add(message, cache, node, covers, now,
maxttl, ardataset);
- if (result == DNS_R_UNCHANGED) {
+ if (result == DNS_R_UNCHANGED || result == ISC_R_SUCCESS) {
/*
- * The data in the cache are better than the negative cache
- * entry we're trying to add.
+ * If the cache now contains a negative entry and we
+ * care about whether it is DNS_R_NCACHENXDOMAIN or
+ * DNS_R_NCACHENXRRSET then extract it.
*/
- if (ardataset != NULL && ardataset->type == 0) {
+ if (ardataset->type == 0) {
/*
- * The cache data is also a negative cache
- * entry.
+ * The cache data is a negative cache entry.
*/
if (NXDOMAIN(ardataset))
*eresultp = DNS_R_NCACHENXDOMAIN;
else
*eresultp = DNS_R_NCACHENXRRSET;
- result = ISC_R_SUCCESS;
} else {
/*
* Either we don't care about the nature of the
@@ -3791,14 +3801,11 @@
* XXXRTH There's a CNAME/DNAME problem here.
*/
*eresultp = ISC_R_SUCCESS;
- result = ISC_R_SUCCESS;
}
- } else if (result == ISC_R_SUCCESS) {
- if (NXDOMAIN(ardataset))
- *eresultp = DNS_R_NCACHENXDOMAIN;
- else
- *eresultp = DNS_R_NCACHENXRRSET;
+ result = ISC_R_SUCCESS;
}
+ if (ardataset == &rdataset && dns_rdataset_isassociated(ardataset))
+ dns_rdataset_disassociate(ardataset);
return (result);
}

3
bind-9.3.2.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4d4298abd85d06083a0643091dde05ffbe3db051439524dbe4a81c689735c694
size 5302112

3
bind-9.3.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d2d115578f9feff1871cbb9a78e99d510da38da5b0eeb31b749b0c084b06dec2
size 5401230

78
bind-rsa.patch
View File

@ -1,78 +0,0 @@
Security Fixes (BIND 9.3.2-P2):
Change the default RSA exponent from 3 to 65537 which is
not vulnerable to the attacks described in CVE-2006-4339.
Index: lib/dns/opensslrsa_link.c
--- lib/dns/opensslrsa_link.c.orig 2004-12-09 05:07:18 +0100
+++ lib/dns/opensslrsa_link.c 2006-11-04 09:58:32 +0100
@@ -39,6 +39,9 @@
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/rsa.h>
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
+#include <openssl/bn.h>
+#endif
/*
* XXXMPA Temporarially disable RSA_BLINDING as it requires
@@ -260,13 +263,47 @@
static isc_result_t
opensslrsa_generate(dst_key_t *key, int exp) {
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
+ BN_GENCB cb;
+ RSA *rsa = RSA_new();
+ BIGNUM *e = BN_new();
+
+ if (rsa == NULL || e == NULL)
+ goto err;
+
+ if (exp == 0) {
+ /* RSA_F4 0x10001 */
+ BN_set_bit(e, 0);
+ BN_set_bit(e, 16);
+ } else {
+ /* F5 0x100000001 */
+ BN_set_bit(e, 0);
+ BN_set_bit(e, 32);
+ }
+
+ BN_GENCB_set_old(&cb, NULL, NULL);
+
+ if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) {
+ BN_free(e);
+ SET_FLAGS(rsa);
+ key->opaque = rsa;
+ return (ISC_R_SUCCESS);
+ }
+
+ err:
+ if (e != NULL)
+ BN_free(e);
+ if (rsa != NULL)
+ RSA_free(rsa);
+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+#else
RSA *rsa;
unsigned long e;
if (exp == 0)
- e = RSA_3;
- else
e = RSA_F4;
+ else
+ e = 0x40000003;
rsa = RSA_generate_key(key->key_size, e, NULL, NULL);
if (rsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
@@ -274,6 +311,7 @@
key->opaque = rsa;
return (ISC_R_SUCCESS);
+#endif
}
static isc_boolean_t

6
bind.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Jan 19 10:38:46 CET 2007 - ug@suse.de
- version 9.3.2 to 9.3.3
- lots of bugfixes (see changelog for details)
-------------------------------------------------------------------
Tue Jan 2 15:50:59 CET 2007 - ug@suse.de

13
bind.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package bind (Version 9.3.2)
# spec file for package bind (Version 9.3.3)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -13,8 +13,8 @@
Name: bind
BuildRequires: openldap2 openldap2-devel
Summary: Domain Name System (DNS) Server (named)
Version: 9.3.2
Release: 54
Version: 9.3.3
Release: 1
%define SDB_LDAP_VERSION 1.0-beta
License: GNU General Public License (GPL)
Group: Productivity/Networking/DNS/Servers
@ -38,8 +38,6 @@ Patch50: sdb_ldap.diff
Patch51: pie_compile.diff
Patch52: named-bootconf.diff
Patch53: nsupdate.8.diff
Patch54: VU697164_VU915404.diff
Patch55: bind-rsa.patch
%if %ul_version >= 1
%define VENDOR UL
%else
@ -190,8 +188,6 @@ Authors:
%patch51
%patch52
%patch53
%patch54
%patch55
# modify settings of some files regarding to OS version and vendor
function replaceStrings()
{
@ -652,6 +648,9 @@ fi
%doc %{_mandir}/man5/idnrc.5.gz
%changelog -n bind
* Fri Jan 19 2007 - ug@suse.de
- version 9.3.2 to 9.3.3
- lots of bugfixes (see changelog for details)
* Tue Jan 02 2007 - ug@suse.de
- load of bind during boot fails if ip-up starts
modify_resolvconf at the same time (#221948)

26
named-bootconf.diff
View File

@ -1,24 +1,20 @@
--- contrib/named-bootconf/named-bootconf.sh
+++ contrib/named-bootconf/named-bootconf.sh 2005/11/21 10:57:33
@@ -54,9 +54,10 @@
+++ contrib/named-bootconf/named-bootconf.sh 2006/11/06 08:59:04
@@ -54,7 +54,8 @@
# POSSIBILITY OF SUCH DAMAGE.
if [ ${OPTIONFILE-X} = X ]; then
- OPTIONFILE=/tmp/.options.`date +%s`.$$
- ZONEFILE=/tmp/.zones.`date +%s`.$$
- COMMENTFILE=/tmp/.comments.`date +%s`.$$
+ TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1
+ OPTIONFILE=$TMPDIR/.options.`date +%s`.$$
+ ZONEFILE=$TMPDIR/.zones.`date +%s`.$$
+ COMMENTFILE=$TMPDIR/.comments.`date +%s`.$$
export OPTIONFILE ZONEFILE COMMENTFILE
touch $OPTIONFILE $ZONEFILE $COMMENTFILE
DUMP=1
@@ -302,7 +303,7 @@
echo "};"
- WORKDIR=/tmp/`date +%s`.$$
+ TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1
+ WORKDIR=$TMPDIR/`date +%s`.$$
( umask 077 ; mkdir $WORKDIR ) || {
echo "unable to create work directory '$WORKDIR'" >&2
exit 1
@@ -308,7 +309,7 @@
cat $ZONEFILE $COMMENTFILE
- rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE
rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE
- rmdir $WORKDIR
+ rm -rf $TMPDIR
fi

64
nsupdate.8.diff
View File

@ -1,107 +1,99 @@
--- bin/nsupdate//nsupdate.8 2006-07-06 11:17:01.000000000 +0200
+++ /usr/share/man/man8/nsupdate.8 2006-07-06 11:19:37.000000000 +0200
@@ -29,7 +29,6 @@
.SH "NAME"
nsupdate \- Dynamic DNS update utility
.SH "SYNOPSIS"
-.HP 9
\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fIkeyname:secret\fR\fR] [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [filename]
.SH "DESCRIPTION"
.PP
@@ -124,7 +123,7 @@
--- bin/nsupdate/nsupdate.8
+++ bin/nsupdate/nsupdate.8 2006/08/04 07:54:15
@@ -128,7 +128,7 @@
.PP
The command formats and their meaning are as follows:
.TP
.TP 3n
-.HP 7 \fBserver\fR {servername} [port]
+\fBserver\fR {servername} [port]
Sends all dynamic update requests to the name server
\fIservername\fR. When no server statement is provided,
\fBnsupdate\fR
@@ -134,7 +133,7 @@
@@ -138,7 +138,7 @@
\fIservername\fR
where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used.
.TP
.TP 3n
-.HP 6 \fBlocal\fR {address} [port]
+\fBlocal\fR {address} [port]
Sends all dynamic update requests using the local
\fIaddress\fR. When no local statement is provided,
\fBnsupdate\fR
@@ -142,7 +141,7 @@
@@ -146,7 +146,7 @@
\fIport\fR
can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one.
.TP
.TP 3n
-.HP 5 \fBzone\fR {zonename}
+\fBzone\fR {zonename}
Specifies that all updates are to be made to the zone
\fIzonename\fR. If no
\fIzone\fR
@@ -150,13 +149,13 @@
@@ -154,13 +154,13 @@
\fBnsupdate\fR
will attempt determine the correct zone to update based on the rest of the input.
.TP
.TP 3n
-.HP 6 \fBclass\fR {classname}
+\fBclass\fR {classname}
Specify the default class. If no
\fIclass\fR
is specified the default class is
\fIIN\fR.
.TP
.TP 3n
-.HP 4 \fBkey\fR {name} {secret}
+\fBkey\fR {name} {secret}
Specifies that all updates are to be TSIG signed using the
\fIkeyname\fR\fIkeysecret\fR
pair. The
@@ -166,16 +165,16 @@
\fIkeyname\fR
\fIkeysecret\fR
@@ -171,16 +171,16 @@
or
\fB\-k\fR.
.TP
.TP 3n
-.HP 16 \fBprereq nxdomain\fR {domain\-name}
+\fBprereq nxdomain\fR {domain\-name}
Requires that no resource record of any type exists with name
\fIdomain\-name\fR.
.TP
.TP 3n
-.HP 16 \fBprereq yxdomain\fR {domain\-name}
+\fBprereq yxdomain\fR {domain\-name}
Requires that
\fIdomain\-name\fR
exists (has as at least one resource record, of any type).
.TP
.TP 3n
-.HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type}
+\fBprereq nxrrset\fR {domain\-name} [class] {type}
Requires that no resource record exists of the specified
\fItype\fR,
\fIclass\fR
@@ -184,7 +183,7 @@
@@ -189,7 +189,7 @@
\fIclass\fR
is omitted, IN (internet) is assumed.
.TP
.TP 3n
-.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type}
+\fBprereq yxrrset\fR {domain\-name} [class] {type}
This requires that a resource record of the specified
\fItype\fR,
\fIclass\fR
@@ -194,7 +193,7 @@
@@ -199,7 +199,7 @@
\fIclass\fR
is omitted, IN (internet) is assumed.
.TP
.TP 3n
-.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
+\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
The
\fIdata\fR
from each set of prerequisites of this form sharing a common
@@ -208,7 +207,7 @@
@@ -213,7 +213,7 @@
\fIdata\fR
are written in the standard text representation of the resource record's RDATA.
.TP
.TP 3n
-.HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
+\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
Deletes any resource records named
\fIdomain\-name\fR. If
\fItype\fR
@@ -220,20 +219,20 @@
@@ -225,20 +225,20 @@
\fIttl\fR
is ignored, and is only allowed for compatibility.
.TP
.TP 3n
-.HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
+\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
Adds a new resource record with the specified
@ -109,15 +101,15 @@
\fIclass\fR
and
\fIdata\fR.
.TP
.TP 3n
-.HP 5 \fBshow\fR
+\fBshow\fR
Displays the current message, containing all of the prerequisites and updates specified since the last send.
.TP
.TP 3n
-.HP 5 \fBsend\fR
+\fBsend\fR
Sends the current message. This is equivalent to entering a blank line.
.TP
.TP 3n
-.HP 7 \fBanswer\fR
+\fBanswer\fR
Displays the answer.