Accepting request 215020 from network

- Add the sdb-ldap backend module (fate#313216).
- Details can be found here:
  * http://bind9-ldap.bayour.com/
  * http://bind9-ldap.bayour.com/dnszonehowto.html

- Update to version 9.9.4P2
  * Fixes named crash when handling malformed NSEC3-signed zones
    (CVE-2014-0591, bnc#858639)
  * Obsoletes workaround-compile-problem.diff
- Replace rpz2+rl-9.9.3-P1.patch by rpz2-9.9.4.patch, rl is now
  supported upstream (--enable-rrl).

OBS-URL: https://build.opensuse.org/request/show/215020
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=96

bind-9.9.3-P2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5e8ab06c7b73f38b47ce9ad12ca0afa7c714bbba2f6b7421c26c0d8b84b6c678
-size 7459422

bind-9.9.3-P2.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.12 (NetBSD)
-
-iQEcBAABAgAGBQJR8sogAAoJEEWseFcYnNvFyMUIAJ3AfF7bF4rUajtXA5cj8HoE
-8pQsCvf1nYUoFQv1AwovA6PNc+EpQVtPkpQlItaIdacyN1ewjsoPEMcWdA8Xk0z1
-T0CpJIZfAlGl1QZBAqGnxt4KH4kHAuhQiT9S1boIPOdlHJ84NRD94et+hQfdqWIX
-dG4vyChOAYlNFwfQd97JyxWjplRT0YbaWQ8YoWh3puH33jC6yX0v8VfY0g0ga7Ul
-hz3PIiZo51JkVcWtsy5qf1WAVSqthzy6KB9MsXJZR7i+2H6t/1/7FK/niBPdASQB
-czR7gLmjuk/G5dJ1ZkEosJVEILjfLn9rTLKwf2d8dkgJwrZDpMyNMTqSUJgsRHQ=
-=Y9CU
------END PGP SIGNATURE-----

bind-9.9.4-P2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:50f3c6431e26d3f322b69092a49c92e163e73029fe4a1933ce532dc97ec40a89
+size 7513077

bind-9.9.4-P2.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (NetBSD)
+
+iQEcBAABAgAGBQJSxzKdAAoJEEWseFcYnNvFBRMH+QE4AkJ4CoZPcO0PcE6+2AFA
+BEXCJJSyMfZr3R0Wblb+lhWehnnWpxqV8FCwM9gecFXn0J44aJ+U8nh3WA8ROAas
+5NfXjll34YDDo8UU9wGZ7XmPpzUnn6DoncVz1BeV1VwqLIADv6WkoSx0HasYQ4Vf
+bHwGJI1cFCLDpy8XhjLAb4iUkdE9NSmvJ+6OZJ0ZtgYymnnNWI2YvHn95DM3DQbS
+lURMaiqiwNmhuk4Q4qzoAPrbpEqRG/PmFxRiZWk9irPhBsSoJKU/wbOFyTD+iJAv
++pugh+S9lXkqR5bWLKzR8rpW4ydV9KVuxo6jW4dT4kR7QbU+zdMC6CAW/99duqQ=
+=F/NG
+-----END PGP SIGNATURE-----

bind-sdb-ldap.patch

@@ -0,0 +1,45 @@
+Index: bin/named/Makefile.in
+===================================================================
+--- bin/named/Makefile.in.orig	2014-01-23 18:42:24.479609343 +0100
++++ bin/named/Makefile.in	2014-01-24 10:11:54.234471728 +0100
+@@ -34,9 +34,9 @@
+ #
+ # Add database drivers here.
+ #
+-DBDRIVER_OBJS =
+-DBDRIVER_SRCS =
+-DBDRIVER_INCLUDES =
++DBDRIVER_OBJS = ldapdb.@O@
++DBDRIVER_SRCS = ldapdb.c
++DBDRIVER_INCLUDES = -DLDAP_DEPRECATED
+ DBDRIVER_LIBS =
+ 
+ DLZ_DRIVER_DIR =	${top_srcdir}/contrib/dlz/drivers
+Index: bin/named/main.c
+===================================================================
+--- bin/named/main.c.orig	2013-12-20 01:28:28.000000000 +0100
++++ bin/named/main.c	2014-01-23 18:45:19.059680008 +0100
+@@ -82,6 +82,7 @@
+  * Include header files for database drivers here.
+  */
+ /* #include "xxdb.h" */
++#include <ldapdb.h>
+ 
+ #ifdef CONTRIB_DLZ
+ /*
+@@ -904,6 +905,7 @@
+ 	 * Add calls to register sdb drivers here.
+ 	 */
+ 	/* xxdb_init(); */
++	ldapdb_init();
+ 
+ #ifdef ISC_DLZ_DLOPEN
+ 	/*
+@@ -940,6 +942,7 @@
+ 	 * Add calls to unregister sdb drivers here.
+ 	 */
+ 	/* xxdb_clear(); */
++	ldapdb_clear();
+ 
+ #ifdef CONTRIB_DLZ
+ 	/*

bind.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Fri Jan 24 10:12:56 UTC 2014 - max@suse.com
+
+- Add the sdb-ldap backend module (fate#313216).
+- Details can be found here:
+  * http://bind9-ldap.bayour.com/
+  * http://bind9-ldap.bayour.com/dnszonehowto.html
+
+-------------------------------------------------------------------
+Tue Jan 21 17:02:30 UTC 2014 - max@suse.com
+
+- Update to version 9.9.4P2
+  * Fixes named crash when handling malformed NSEC3-signed zones
+    (CVE-2014-0591, bnc#858639)
+  * Obsoletes workaround-compile-problem.diff
+- Replace rpz2+rl-9.9.3-P1.patch by rpz2-9.9.4.patch, rl is now
+  supported upstream (--enable-rrl).
+
 -------------------------------------------------------------------
 Mon Dec  9 12:16:42 UTC 2013 - max@suse.com
 

bind.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package bind
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 Name:           bind
 %define pkg_name bind
-%define pkg_vers 9.9.3-P2
+%define pkg_vers 9.9.4-P2
 BuildRequires:  krb5-devel
 BuildRequires:  libcap
 BuildRequires:  libcap-devel
@@ -33,7 +33,7 @@ BuildRequires:  update-desktop-files
 Summary:        Domain Name System (DNS) Server (named)
 License:        ISC
 Group:          Productivity/Networking/DNS/Servers
-Version:        9.9.3P2
+Version:        9.9.4P2
 Release:        0
 Provides:       bind8
 Provides:       bind9
@@ -58,16 +58,16 @@ Patch2:         pid-path.diff
 Patch4:         perl-path.diff
 Patch51:        pie_compile.diff
 Patch52:        named-bootconf.diff
+Patch53:        bind-sdb-ldap.patch
 Patch100:       configure.in.diff2
-Patch110:       workaround-compile-problem.diff
 %if 0%{?suse_version} > 1220
 BuildRequires:  gpg-offline
 %endif
 
 # Rate limiting patch by Paul Vixie et.al. for reflection DoS protection
 # see http://www.redbarn.org/dns/ratelimits
-#Patch200:       http://ss.vix.su/~vjs/rpz2+rl-9.9.3-P1.patch
-Patch200:       rpz2+rl-9.9.3-P1.patch
+#Patch200:       http://ss.vix.su/~vjs/rpz2-9.9.4.patch
+Patch200:       rpz2-9.9.4.patch
 
 Source60:       dlz-schema.txt
 %if %ul_version >= 1
@@ -207,10 +207,10 @@ Name Domain (BIND) DNS server is found in the package named bind.
 %patch51
 %endif
 %patch52
+%patch53
 %if 0%{?suse_version} <= 1010
 %patch100 -p1
 %endif
-%patch110 -p0
 %patch200 -p0
 # modify settings of some files regarding to OS version and vendor
 function replaceStrings()
@@ -227,8 +227,8 @@ for file in docu/README tools/createNamedConfInclude config/{README,named.conf}
 	replaceStrings ${file}
 done
 popd
-#cp bind-sdb-ldap-%{SDB_LDAP_VERSION}/ldapdb.c bin/named/
-#cp bind-sdb-ldap-%{SDB_LDAP_VERSION}/ldapdb.h bin/named/include/
+cp contrib/sdb/ldap/ldapdb.c bin/named/
+cp contrib/sdb/ldap/ldapdb.h bin/named/include/
 # ---------------------------------------------------------------------------
 
 %build
@@ -270,7 +270,9 @@ CONFIGURE_OPTIONS="\
 	--with-libtool \
 	--enable-runidn \
 	--with-libxml2 \
-	--with-dlz-mysql --with-dlz-ldap
+	--with-dlz-mysql \
+        --with-dlz-ldap \
+        --enable-rrl
 "
 cp -f -p config.guess config.sub contrib/idn/idnkit-1.0-src/
 ./configure ${CONFIGURE_OPTIONS}
@@ -364,7 +366,7 @@ cp -a vendor-files/docu/README ${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind/README.%
 cp -a vendor-files/docu/dnszonehowto.html contrib/sdb/ldap/
 mkdir -p vendor-files/config/ISC-examples
 cp -a bin/tests/*.conf* vendor-files/config/ISC-examples
-for file in CHANGES COPYRIGHT README FAQ version contrib doc/{arm,misc} vendor-files/config; do
+for file in CHANGES COPYRIGHT README FAQ version contrib doc/{arm,misc} vendor-files/config contrib/sdb/ldap/INSTALL.ldap; do
 	basename=$( basename ${file})
 	cp -a ${file} ${RPM_BUILD_ROOT}/%{_defaultdocdir}/bind/${basename}
 	echo "%doc %{_defaultdocdir}/bind/${basename}" >>filelist-bind-doc

configure.in.diff

@@ -1,6 +1,8 @@
---- bind-9.9.3-P1/configure.in.xx	2013-06-26 14:23:25.536177163 +0200
-+++ bind-9.9.3-P1/configure.in	2013-06-26 14:23:26.401175186 +0200
-@@ -3099,7 +3099,7 @@
+Index: bind-9.9.4-P2/configure.in
+===================================================================
+--- bind-9.9.4-P2.orig/configure.in	2013-12-20 01:28:28.000000000 +0100
++++ bind-9.9.4-P2/configure.in	2014-01-21 17:55:51.063395215 +0100
+@@ -3142,7 +3142,7 @@
  # empty).  The variable VARIABLE will be substituted into output files.
  #