Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package bind for openSUSE:Factory checked in
at 2021-05-10 15:36:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bind (Old)
and /work/SRC/openSUSE:Factory/.bind.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind"
Mon May 10 15:36:45 2021 rev:164 rq:891837 version:9.16.15
Changes:
--------
--- /work/SRC/openSUSE:Factory/bind/bind.changes 2021-05-02
18:35:21.321142290 +0200
+++ /work/SRC/openSUSE:Factory/.bind.new.2988/bind.changes 2021-05-10
15:39:08.849621346 +0200
@@ -1,0 +2,23 @@
+Mon May 3 12:35:44 UTC 2021 - Josef M??llers <josef.moell...@suse.com>
+
+- Upgrade to bind 9.16.15
+ Major changes:
+ * A specially crafted GSS-TSIG query could cause a buffer
+ overflow in the ISC implementation of SPNEGO.
+ (CVE-2021-25216)
+
+ * named crashed when a DNAME record placed in the ANSWER
+ section during DNAME chasing turned out to be the final
+ answer to a client query. (CVE-2021-25215)
+
+ * Insufficient IXFR checks could result in named serving a
+ zone without an SOA record at the apex, leading to a
+ RUNTIME_CHECK assertion failure when the zone was
+ subsequently refreshed. This has been fixed by adding an
+ owner name check for all SOA records which are included
+ in a zone transfer. (CVE-2021-25214)
+ More changes see CHANGES in the source package.
+
+ [bsc#1185345,CVE-2021-25214,CVE-2021-25215,CVE-2021-25216]
+
+-------------------------------------------------------------------
@@ -11,0 +35,6 @@
+
+-------------------------------------------------------------------
+Tue Mar 23 12:34:53 UTC 2021 - Jan Engelhardt <jeng...@inai.de>
+
+- Modernize specfile, and declare /bin/bash as required buildshell
+ (use of {a,b} style expansion).
Old:
----
bind-9.16.12.tar.xz
bind-9.16.12.tar.xz.sha512.asc
New:
----
bind-9.16.15.tar.xz
bind-9.16.15.tar.xz.sha512.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ bind.spec ++++++
--- /var/tmp/diff_new_pack.x7gl3t/_old 2021-05-10 15:39:09.449618891 +0200
+++ /var/tmp/diff_new_pack.x7gl3t/_new 2021-05-10 15:39:09.453618874 +0200
@@ -16,6 +16,7 @@
#
+%define _buildshell /bin/bash
%define VENDOR SUSE
%if 0%{?suse_version} >= 1500
%define with_systemd 1
@@ -44,7 +45,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: bind
-Version: 9.16.12
+Version: 9.16.15
Release: 0
Summary: Domain Name System (DNS) Server (named)
License: MPL-2.0
@@ -144,9 +145,7 @@
This package provides a module which allows commands to be sent to rndc
directly from Python programs.
%prep
-%setup -q -a1
-%patch52 -p1
-%patch56 -p1
+%autosetup -p1 -a1
# use the year from source gzip header instead of current one to make
reproducible rpms
year=$(perl -e 'sysread(STDIN, $h, 8); print
(1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})
@@ -204,7 +203,7 @@
s|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g
s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g
' libtool
-make %{?_smp_mflags}
+%make_build
# special make for the Administrators Reference Manual
for d in arm; do
make -C doc/${d} SPHINXBUILD=sphinx-build doc
@@ -246,11 +245,12 @@
%if %{with_systemd}
for file in named; do
install -D -m 0644 vendor-files/system/${file}.service
%{buildroot}%{_unitdir}/${file}.service
- install -m 0755 vendor-files/system/${file}.prep
%{buildroot}/%{_libexecdir}/bind/${file}.prep
+ sed -e "s,@LIBEXECDIR@,%{_libexecdir},g" -i
%{buildroot}%{_unitdir}/${file}.service
+ install -m 0755 vendor-files/system/${file}.prep
%{buildroot}%{_libexecdir}/bind/${file}.prep
ln -s /sbin/service %{buildroot}%{_sbindir}/rc${file}
done
install -D -m 0644 %{SOURCE70}
%{buildroot}%{_prefix}/lib/tmpfiles.d/bind.conf
- install -D -m 0644 ${RPM_SOURCE_DIR}/named.root
%{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/root.hint
+ install -D -m 0644 %{_sourcedir}/named.root
%{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/root.hint
install -m 0644 vendor-files/config/{127.0.0,localhost}.zone
%{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named
install -m 0644 bind.keys
%{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/named.root.key
%else
@@ -259,14 +259,14 @@
ln -sf %{_initddir}/${file} %{buildroot}%{_sbindir}/rc${file}
done
%endif
-install -m 0644 ${RPM_SOURCE_DIR}/named.root
%{buildroot}%{_localstatedir}/lib/named/root.hint
+install -m 0644 %{_sourcedir}/named.root
%{buildroot}%{_localstatedir}/lib/named/root.hint
mv vendor-files/config/{127.0.0,localhost}.zone
%{buildroot}%{_localstatedir}/lib/named
install -m 0755 vendor-files/tools/bind.genDDNSkey
%{buildroot}/%{_bindir}/genDDNSkey
cp -a vendor-files/docu/BIND.desktop
%{buildroot}/%{_datadir}/susehelp/meta/Administration/System
-cp -p ${RPM_SOURCE_DIR}/dnszone-schema.txt
%{buildroot}/%{_sysconfdir}/openldap/schema/dnszone.schema
+cp -p %{_sourcedir}/dnszone-schema.txt
%{buildroot}/%{_sysconfdir}/openldap/schema/dnszone.schema
cp -p "%{SOURCE60}" "%{buildroot}/%{_sysconfdir}/openldap/schema/dlz.schema"
install -m 0754 vendor-files/tools/ldapdump %{buildroot}/%{_datadir}/bind
-find %{buildroot}/%{_libdir} -type f -name '*.so*' -print0 | xargs -0 chmod
0755
+find %{buildroot}/%{_libdir} -type f -name '*.so*' -exec chmod 0755 {} +
for file in named-named; do
install -m 0644 vendor-files/sysconfig/${file}
%{buildroot}%{_fillupdir}/sysconfig.${file}
done
@@ -275,7 +275,7 @@
%endif
# Cleanup doc
rm doc/misc/Makefile*
-find doc/arm -type f ! -name '*.html' -print0 | xargs -0 rm -f
+find doc/arm -type f ! -name '*.html' -delete
# Create doc as we want it in bind and not bind-doc
for file in vendor-files/docu/README*; do
basename=$( basename ${file})
@@ -306,6 +306,7 @@
%pre -f named.pre
%service_add_pre named.service
%else
+
%pre
%{GROUPADD_NAMED}
%{USERADD_NAMED}
++++++ bind-9.16.12.tar.xz -> bind-9.16.15.tar.xz ++++++
++++ 30276 lines of diff (skipped)
++++++ vendor-files.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/vendor-files/system/named.service
new/vendor-files/system/named.service
--- old/vendor-files/system/named.service 2021-04-13 15:14:43.655902696
+0200
+++ new/vendor-files/system/named.service 2021-05-07 13:58:47.035292125
+0200
@@ -9,7 +9,7 @@
Type=forking
KillMode=process
EnvironmentFile=/etc/sysconfig/named
-ExecStartPre=+/usr/libexec/bind/named.prep
+ExecStartPre=+@LIBEXECDIR@/bind/named.prep
ExecStart=/usr/sbin/named -u named $NAMED_ARGS
ExecReload=/sbin/kill -p $MAINPID -HUP
ProtectSystem=strict
