rpm/bind
SHA256
1
0
Fork 0
forked from pool/bind
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=3

Browse Source
This commit is contained in:
OBS User unknown 2007-01-19 14:23:41 +00:00 committed by Git OBS Bridge
parent 4bfd8e419c
commit ef34d19725
8 changed files with 54 additions and 293 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
VU697164_VU915404.diff
View File

@ -1,154 +0,0 @@
Index: bin/named/query.c
===================================================================
RCS file: /proj/cvs/prod/bind9/bin/named/query.c,v
retrieving revision 1.198.2.13.4.36
diff -u -r1.198.2.13.4.36 query.c
--- bin/named/query.c 11 Aug 2005 05:25:20 -0000 1.198.2.13.4.36
+++ bin/named/query.c 28 Jul 2006 03:41:15 -0000
@@ -2393,7 +2393,7 @@
is_zone = ISC_FALSE;
qtype = event->qtype;
- if (qtype == dns_rdatatype_rrsig)
+ if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
type = dns_rdatatype_any;
else
type = qtype;
@@ -2434,7 +2434,7 @@
/*
* If it's a SIG query, we'll iterate the node.
*/
- if (qtype == dns_rdatatype_rrsig)
+ if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
type = dns_rdatatype_any;
else
type = qtype;
Index: lib/dns/resolver.c
===================================================================
RCS file: /proj/cvs/prod/bind9/lib/dns/resolver.c,v
retrieving revision 1.218.2.18.4.56
diff -u -r1.218.2.18.4.56 resolver.c
--- lib/dns/resolver.c 14 Oct 2005 01:38:48 -0000 1.218.2.18.4.56
+++ lib/dns/resolver.c 28 Jul 2006 03:41:25 -0000
@@ -762,7 +762,8 @@
INSIST(result != ISC_R_SUCCESS ||
dns_rdataset_isassociated(event->rdataset) ||
fctx->type == dns_rdatatype_any ||
- fctx->type == dns_rdatatype_rrsig);
+ fctx->type == dns_rdatatype_rrsig ||
+ fctx->type == dns_rdatatype_sig);
isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event));
}
@@ -3188,7 +3189,8 @@
if (hevent != NULL) {
if (!negative && !chaining &&
(fctx->type == dns_rdatatype_any ||
- fctx->type == dns_rdatatype_rrsig)) {
+ fctx->type == dns_rdatatype_rrsig ||
+ fctx->type == dns_rdatatype_sig)) {
/*
* Don't bind rdatasets; the caller
* will iterate the node.
@@ -3306,7 +3308,8 @@
if (!ISC_LIST_EMPTY(fctx->validators)) {
INSIST(!negative);
INSIST(fctx->type == dns_rdatatype_any ||
- fctx->type == dns_rdatatype_rrsig);
+ fctx->type == dns_rdatatype_rrsig ||
+ fctx->type == dns_rdatatype_sig);
/*
* Don't send a response yet - we have
* more rdatasets that still need to
@@ -3455,14 +3458,15 @@
return (result);
anodep = &event->node;
/*
- * If this is an ANY or SIG query, we're not going
- * to return any rdatasets, unless we encountered
+ * If this is an ANY, SIG or RRSIG query, we're not
+ * going to return any rdatasets, unless we encountered
* a CNAME or DNAME as "the answer". In this case,
* we're going to return DNS_R_CNAME or DNS_R_DNAME
* and we must set up the rdatasets.
*/
if ((fctx->type != dns_rdatatype_any &&
- fctx->type != dns_rdatatype_rrsig) ||
+ fctx->type != dns_rdatatype_rrsig &&
+ fctx->type != dns_rdatatype_sig) ||
(name->attributes & DNS_NAMEATTR_CHAINING) != 0) {
ardataset = event->rdataset;
asigrdataset = event->sigrdataset;
@@ -3521,7 +3525,7 @@
*/
if (secure_domain && rdataset->trust != dns_trust_glue) {
/*
- * SIGs are validated as part of validating the
+ * RRSIGs are validated as part of validating the
* type they cover.
*/
if (rdataset->type == dns_rdatatype_rrsig)
@@ -3591,7 +3595,8 @@
if (ANSWER(rdataset) && need_validation) {
if (fctx->type != dns_rdatatype_any &&
- fctx->type != dns_rdatatype_rrsig) {
+ fctx->type != dns_rdatatype_rrsig &&
+ fctx->type != dns_rdatatype_sig) {
/*
* This is The Answer. We will
* validate it, but first we cache
@@ -3763,23 +3768,28 @@
isc_result_t *eresultp)
{
isc_result_t result;
+ dns_rdataset_t rdataset;
+
+ if (ardataset == NULL) {
+ dns_rdataset_init(&rdataset);
+ ardataset = &rdataset;
+ }
result = dns_ncache_add(message, cache, node, covers, now,
maxttl, ardataset);
- if (result == DNS_R_UNCHANGED) {
+ if (result == DNS_R_UNCHANGED || result == ISC_R_SUCCESS) {
/*
- * The data in the cache are better than the negative cache
- * entry we're trying to add.
+ * If the cache now contains a negative entry and we
+ * care about whether it is DNS_R_NCACHENXDOMAIN or
+ * DNS_R_NCACHENXRRSET then extract it.
*/
- if (ardataset != NULL && ardataset->type == 0) {
+ if (ardataset->type == 0) {
/*
- * The cache data is also a negative cache
- * entry.
+ * The cache data is a negative cache entry.
*/
if (NXDOMAIN(ardataset))
*eresultp = DNS_R_NCACHENXDOMAIN;
else
*eresultp = DNS_R_NCACHENXRRSET;
- result = ISC_R_SUCCESS;
} else {
/*
* Either we don't care about the nature of the
@@ -3791,14 +3801,11 @@
* XXXRTH There's a CNAME/DNAME problem here.
*/
*eresultp = ISC_R_SUCCESS;
- result = ISC_R_SUCCESS;
}
- } else if (result == ISC_R_SUCCESS) {
- if (NXDOMAIN(ardataset))
- *eresultp = DNS_R_NCACHENXDOMAIN;
- else
- *eresultp = DNS_R_NCACHENXRRSET;
+ result = ISC_R_SUCCESS;
}
+ if (ardataset == &rdataset && dns_rdataset_isassociated(ardataset))
+ dns_rdataset_disassociate(ardataset);
return (result);
}

3
bind-9.3.2.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4d4298abd85d06083a0643091dde05ffbe3db051439524dbe4a81c689735c694
size 5302112

3
bind-9.3.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d2d115578f9feff1871cbb9a78e99d510da38da5b0eeb31b749b0c084b06dec2
size 5401230

78
bind-rsa.patch
View File

@ -1,78 +0,0 @@
Security Fixes (BIND 9.3.2-P2):
Change the default RSA exponent from 3 to 65537 which is
not vulnerable to the attacks described in CVE-2006-4339.
Index: lib/dns/opensslrsa_link.c
--- lib/dns/opensslrsa_link.c.orig 2004-12-09 05:07:18 +0100
+++ lib/dns/opensslrsa_link.c 2006-11-04 09:58:32 +0100
@@ -39,6 +39,9 @@
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/rsa.h>
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
+#include <openssl/bn.h>
+#endif
/*
* XXXMPA Temporarially disable RSA_BLINDING as it requires
@@ -260,13 +263,47 @@
static isc_result_t
opensslrsa_generate(dst_key_t *key, int exp) {
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
+ BN_GENCB cb;
+ RSA *rsa = RSA_new();
+ BIGNUM *e = BN_new();
+
+ if (rsa == NULL || e == NULL)
+ goto err;
+
+ if (exp == 0) {
+ /* RSA_F4 0x10001 */
+ BN_set_bit(e, 0);
+ BN_set_bit(e, 16);
+ } else {
+ /* F5 0x100000001 */
+ BN_set_bit(e, 0);
+ BN_set_bit(e, 32);
+ }
+
+ BN_GENCB_set_old(&cb, NULL, NULL);
+
+ if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) {
+ BN_free(e);
+ SET_FLAGS(rsa);
+ key->opaque = rsa;
+ return (ISC_R_SUCCESS);
+ }
+
+ err:
+ if (e != NULL)
+ BN_free(e);
+ if (rsa != NULL)
+ RSA_free(rsa);
+ return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
+#else
RSA *rsa;
unsigned long e;
if (exp == 0)
- e = RSA_3;
- else
e = RSA_F4;
+ else
+ e = 0x40000003;
rsa = RSA_generate_key(key->key_size, e, NULL, NULL);
if (rsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
@@ -274,6 +311,7 @@
key->opaque = rsa;
return (ISC_R_SUCCESS);
+#endif
}
static isc_boolean_t

6
bind.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Jan 19 10:38:46 CET 2007 - ug@suse.de
- version 9.3.2 to 9.3.3
- lots of bugfixes (see changelog for details)
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 2 15:50:59 CET 2007 - ug@suse.de Tue Jan 2 15:50:59 CET 2007 - ug@suse.de

13
bind.spec
View File

@ -1,5 +1,5 @@
# #
# spec file for package bind (Version 9.3.2) # spec file for package bind (Version 9.3.3)
# #
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine # This file and all modifications and additions to the pristine
@ -13,8 +13,8 @@
Name: bind Name: bind
BuildRequires: openldap2 openldap2-devel BuildRequires: openldap2 openldap2-devel
Summary: Domain Name System (DNS) Server (named) Summary: Domain Name System (DNS) Server (named)
Version: 9.3.2 Version: 9.3.3
Release: 54 Release: 1
%define SDB_LDAP_VERSION 1.0-beta %define SDB_LDAP_VERSION 1.0-beta
License: GNU General Public License (GPL) License: GNU General Public License (GPL)
Group: Productivity/Networking/DNS/Servers Group: Productivity/Networking/DNS/Servers
@ -38,8 +38,6 @@ Patch50: sdb_ldap.diff
Patch51: pie_compile.diff Patch51: pie_compile.diff
Patch52: named-bootconf.diff Patch52: named-bootconf.diff
Patch53: nsupdate.8.diff Patch53: nsupdate.8.diff
Patch54: VU697164_VU915404.diff
Patch55: bind-rsa.patch
%if %ul_version >= 1 %if %ul_version >= 1
%define VENDOR UL %define VENDOR UL
%else %else
@ -190,8 +188,6 @@ Authors:
%patch51 %patch51
%patch52 %patch52
%patch53 %patch53
%patch54
%patch55
# modify settings of some files regarding to OS version and vendor # modify settings of some files regarding to OS version and vendor
function replaceStrings() function replaceStrings()
{ {
@ -652,6 +648,9 @@ fi
%doc %{_mandir}/man5/idnrc.5.gz %doc %{_mandir}/man5/idnrc.5.gz
%changelog -n bind %changelog -n bind
* Fri Jan 19 2007 - ug@suse.de
- version 9.3.2 to 9.3.3
- lots of bugfixes (see changelog for details)
* Tue Jan 02 2007 - ug@suse.de * Tue Jan 02 2007 - ug@suse.de
- load of bind during boot fails if ip-up starts - load of bind during boot fails if ip-up starts
modify_resolvconf at the same time (#221948) modify_resolvconf at the same time (#221948)

26
named-bootconf.diff
View File

@ -1,24 +1,20 @@
--- contrib/named-bootconf/named-bootconf.sh --- contrib/named-bootconf/named-bootconf.sh
+++ contrib/named-bootconf/named-bootconf.sh 2005/11/21 10:57:33 +++ contrib/named-bootconf/named-bootconf.sh 2006/11/06 08:59:04
@@ -54,9 +54,10 @@ @@ -54,7 +54,8 @@
# POSSIBILITY OF SUCH DAMAGE. # POSSIBILITY OF SUCH DAMAGE.
if [ ${OPTIONFILE-X} = X ]; then if [ ${OPTIONFILE-X} = X ]; then
- OPTIONFILE=/tmp/.options.`date +%s`.$$ - WORKDIR=/tmp/`date +%s`.$$
- ZONEFILE=/tmp/.zones.`date +%s`.$$ + TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1
- COMMENTFILE=/tmp/.comments.`date +%s`.$$ + WORKDIR=$TMPDIR/`date +%s`.$$
+ TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1 ( umask 077 ; mkdir $WORKDIR ) || {
+ OPTIONFILE=$TMPDIR/.options.`date +%s`.$$ echo "unable to create work directory '$WORKDIR'" >&2
+ ZONEFILE=$TMPDIR/.zones.`date +%s`.$$ exit 1
+ COMMENTFILE=$TMPDIR/.comments.`date +%s`.$$ @@ -308,7 +309,7 @@
export OPTIONFILE ZONEFILE COMMENTFILE
touch $OPTIONFILE $ZONEFILE $COMMENTFILE
DUMP=1
@@ -302,7 +303,7 @@
echo "};"
cat $ZONEFILE $COMMENTFILE cat $ZONEFILE $COMMENTFILE
- rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE
- rmdir $WORKDIR
+ rm -rf $TMPDIR + rm -rf $TMPDIR
fi fi

64
nsupdate.8.diff
View File

@ -1,107 +1,99 @@
--- bin/nsupdate//nsupdate.8 2006-07-06 11:17:01.000000000 +0200 --- bin/nsupdate/nsupdate.8
+++ /usr/share/man/man8/nsupdate.8 2006-07-06 11:19:37.000000000 +0200 +++ bin/nsupdate/nsupdate.8 2006/08/04 07:54:15
@@ -29,7 +29,6 @@ @@ -128,7 +128,7 @@
.SH "NAME"
nsupdate \- Dynamic DNS update utility
.SH "SYNOPSIS"
-.HP 9
\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fIkeyname:secret\fR\fR] [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [filename]
.SH "DESCRIPTION"
.PP
@@ -124,7 +123,7 @@
.PP .PP
The command formats and their meaning are as follows: The command formats and their meaning are as follows:
.TP .TP 3n
-.HP 7 \fBserver\fR {servername} [port] -.HP 7 \fBserver\fR {servername} [port]
+\fBserver\fR {servername} [port] +\fBserver\fR {servername} [port]
Sends all dynamic update requests to the name server Sends all dynamic update requests to the name server
\fIservername\fR. When no server statement is provided, \fIservername\fR. When no server statement is provided,
\fBnsupdate\fR \fBnsupdate\fR
@@ -134,7 +133,7 @@ @@ -138,7 +138,7 @@
\fIservername\fR \fIservername\fR
where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used. where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used.
.TP .TP 3n
-.HP 6 \fBlocal\fR {address} [port] -.HP 6 \fBlocal\fR {address} [port]
+\fBlocal\fR {address} [port] +\fBlocal\fR {address} [port]
Sends all dynamic update requests using the local Sends all dynamic update requests using the local
\fIaddress\fR. When no local statement is provided, \fIaddress\fR. When no local statement is provided,
\fBnsupdate\fR \fBnsupdate\fR
@@ -142,7 +141,7 @@ @@ -146,7 +146,7 @@
\fIport\fR \fIport\fR
can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one. can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one.
.TP .TP 3n
-.HP 5 \fBzone\fR {zonename} -.HP 5 \fBzone\fR {zonename}
+\fBzone\fR {zonename} +\fBzone\fR {zonename}
Specifies that all updates are to be made to the zone Specifies that all updates are to be made to the zone
\fIzonename\fR. If no \fIzonename\fR. If no
\fIzone\fR \fIzone\fR
@@ -150,13 +149,13 @@ @@ -154,13 +154,13 @@
\fBnsupdate\fR \fBnsupdate\fR
will attempt determine the correct zone to update based on the rest of the input. will attempt determine the correct zone to update based on the rest of the input.
.TP .TP 3n
-.HP 6 \fBclass\fR {classname} -.HP 6 \fBclass\fR {classname}
+\fBclass\fR {classname} +\fBclass\fR {classname}
Specify the default class. If no Specify the default class. If no
\fIclass\fR \fIclass\fR
is specified the default class is is specified the default class is
\fIIN\fR. \fIIN\fR.
.TP .TP 3n
-.HP 4 \fBkey\fR {name} {secret} -.HP 4 \fBkey\fR {name} {secret}
+\fBkey\fR {name} {secret} +\fBkey\fR {name} {secret}
Specifies that all updates are to be TSIG signed using the Specifies that all updates are to be TSIG signed using the
\fIkeyname\fR\fIkeysecret\fR \fIkeyname\fR
pair. The \fIkeysecret\fR
@@ -166,16 +165,16 @@ @@ -171,16 +171,16 @@
or or
\fB\-k\fR. \fB\-k\fR.
.TP .TP 3n
-.HP 16 \fBprereq nxdomain\fR {domain\-name} -.HP 16 \fBprereq nxdomain\fR {domain\-name}
+\fBprereq nxdomain\fR {domain\-name} +\fBprereq nxdomain\fR {domain\-name}
Requires that no resource record of any type exists with name Requires that no resource record of any type exists with name
\fIdomain\-name\fR. \fIdomain\-name\fR.
.TP .TP 3n
-.HP 16 \fBprereq yxdomain\fR {domain\-name} -.HP 16 \fBprereq yxdomain\fR {domain\-name}
+\fBprereq yxdomain\fR {domain\-name} +\fBprereq yxdomain\fR {domain\-name}
Requires that Requires that
\fIdomain\-name\fR \fIdomain\-name\fR
exists (has as at least one resource record, of any type). exists (has as at least one resource record, of any type).
.TP .TP 3n
-.HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type} -.HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type}
+\fBprereq nxrrset\fR {domain\-name} [class] {type} +\fBprereq nxrrset\fR {domain\-name} [class] {type}
Requires that no resource record exists of the specified Requires that no resource record exists of the specified
\fItype\fR, \fItype\fR,
\fIclass\fR \fIclass\fR
@@ -184,7 +183,7 @@ @@ -189,7 +189,7 @@
\fIclass\fR \fIclass\fR
is omitted, IN (internet) is assumed. is omitted, IN (internet) is assumed.
.TP .TP 3n
-.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} -.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type}
+\fBprereq yxrrset\fR {domain\-name} [class] {type} +\fBprereq yxrrset\fR {domain\-name} [class] {type}
This requires that a resource record of the specified This requires that a resource record of the specified
\fItype\fR, \fItype\fR,
\fIclass\fR \fIclass\fR
@@ -194,7 +193,7 @@ @@ -199,7 +199,7 @@
\fIclass\fR \fIclass\fR
is omitted, IN (internet) is assumed. is omitted, IN (internet) is assumed.
.TP .TP 3n
-.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} -.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
+\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} +\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
The The
\fIdata\fR \fIdata\fR
from each set of prerequisites of this form sharing a common from each set of prerequisites of this form sharing a common
@@ -208,7 +207,7 @@ @@ -213,7 +213,7 @@
\fIdata\fR \fIdata\fR
are written in the standard text representation of the resource record's RDATA. are written in the standard text representation of the resource record's RDATA.
.TP .TP 3n
-.HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] -.HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
+\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] +\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
Deletes any resource records named Deletes any resource records named
\fIdomain\-name\fR. If \fIdomain\-name\fR. If
\fItype\fR \fItype\fR
@@ -220,20 +219,20 @@ @@ -225,20 +225,20 @@
\fIttl\fR \fIttl\fR
is ignored, and is only allowed for compatibility. is ignored, and is only allowed for compatibility.
.TP .TP 3n
-.HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} -.HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
+\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} +\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
Adds a new resource record with the specified Adds a new resource record with the specified
@ -109,15 +101,15 @@
\fIclass\fR \fIclass\fR
and and
\fIdata\fR. \fIdata\fR.
.TP .TP 3n
-.HP 5 \fBshow\fR -.HP 5 \fBshow\fR
+\fBshow\fR +\fBshow\fR
Displays the current message, containing all of the prerequisites and updates specified since the last send. Displays the current message, containing all of the prerequisites and updates specified since the last send.
.TP .TP 3n
-.HP 5 \fBsend\fR -.HP 5 \fBsend\fR
+\fBsend\fR +\fBsend\fR
Sends the current message. This is equivalent to entering a blank line. Sends the current message. This is equivalent to entering a blank line.
.TP .TP 3n
-.HP 7 \fBanswer\fR -.HP 7 \fBanswer\fR
+\fBanswer\fR +\fBanswer\fR
Displays the answer. Displays the answer.