Hello community, here is the log from the commit of package bind.998 for openSUSE:12.2:Update checked in at 2012-10-19 09:39:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/bind.998 (Old) and /work/SRC/openSUSE:12.2:Update/.bind.998.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind.998", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-08-23 02:41:28.555381587 +0200 +++ /work/SRC/openSUSE:12.2:Update/.bind.998.new/bind.changes 2012-10-19 09:40:00.000000000 +0200 @@ -0,0 +1,1452 @@ +------------------------------------------------------------------- +Thu Oct 11 15:23:51 UTC 2012 - m...@suse.com + +- Specially crafted DNS data can cause a lockup in named. + CVE-2012-5166, bnc#784602. +- 9.9.1-P4 + +------------------------------------------------------------------- +Sat Sep 15 16:20:32 UTC 2012 - meiss...@suse.com + +- Named could die on specially crafted record. + [RT #30416] (bnc#780157) CVE-2012-4244 +- 9.9.1-P3 +- updated dnszone-schema.txt from upstream. + +------------------------------------------------------------------- +Thu Jul 26 11:08:11 CEST 2012 - u...@suse.de + +- Prevents a named assert (crash) when validating caused by using + "Bad cache" data before it has been initialized. [RT #30025] + (bnc#772945) + +- ISC_QUEUE handling for recursive clients was updated to address a + race condition that could cause a memory leak. This rarely occurred + with UDP clients, but could be a significant problem for a server + handling a steady rate of TCP queries. [RT #29539 & #30233] + +- Under heavy incoming TCP query loads named could experience a + memory leak which could lead to significant reductions in query + response or cause the server to be terminated on systems with + "out of memory" killers. [RT #29539] + (bnc#772946) + +- A condition has been corrected where improper handling of zero-length + RDATA could cause undesirable behavior, including termination of + the named process. [RT #29644] +- 9.9.1-P2 + +------------------------------------------------------------------- +Thu Jul 12 07:34:11 UTC 2012 - cfarr...@suse.com + +- license update: ISC + ISC is generally seen as the correct license for bind + +------------------------------------------------------------------- +Tue Jun 5 16:30:32 CEST 2012 - u...@suse.de + +- updated dnszone-schema.txt + +------------------------------------------------------------------- +Mon Jun 4 17:25:27 CEST 2012 - u...@suse.de + +- VUL-0: bind remote DoS via zero length rdata field + CVE-2012-1667 + bnc#765315 +- 9.9.1-P1 + +------------------------------------------------------------------- +Tue May 22 10:04:42 CEST 2012 - u...@suse.de + +- this version has no new features but only bugfixes +- Addresses a race condition that can cause named to to crash when + the masters list for a zone is updated via rndc reload/reconfig +- Fixes a race condition in zone.c that can cause named to crash + during the processing of rndc delzone +- Prevents a named segfault from resolver.c due to procedure + fctx_finddone() not being thread-safe +- SDB now handles unexpected errors from back-end database drivers + gracefully instead of exiting on an assert. +- Prevents named crashes as a result of dereferencing a NULL pointer + in zmgr_start_xfrin_ifquota if the zone was being removed while + there were zone transfers still pending +- Corrects a parser bug that could cause named to crash while + reading a malformed zone file +- many more smaller fixes +- version 9.9.1 + +------------------------------------------------------------------- +Thu May 10 13:44:54 CEST 2012 - u...@suse.de + +- added patch to fix an assertion failure + +------------------------------------------------------------------- +Fri May 4 17:01:24 CEST 2012 - u...@suse.de + +- many dnssec fixes and features (too many to list them + here, check the changelog) +- improved startup time +- improved scalability +- Added support for Uniform Resource Identifier (URI) resource + records +- Local copies of slave zones are now saved in raw format by + default to improve startup performance + BIND 9.9 changes the default storage format for slave zone + files from text to raw. Because named's behavior when a slave + server cannot read or parse a zone file is to move the offending + file out of the way and retransfer the zone, slave servers + that are updated from a pre-9.9.0 version of BIND and which + have existing copies of slave zone data may wind up with + extraneous copies of zone data stored, as the existing + text-format zone file copies will be moved aside to filenames + of the format db-###### and journal files to the format + jn-###### (where # represents a hexadecimal digit.) +- many many bugfixes. Please read changelog for details +- fixed handling of TXT records in ldapdump + (bnc#743758) +- 9.9.0 + +------------------------------------------------------------------- +Mon Feb 13 10:44:33 UTC 2012 - co...@suse.com + +- patch license to follow spdx.org standard + +------------------------------------------------------------------- +Wed Dec 21 22:16:02 UTC 2011 - l...@samba.org + +- Ensure to create the required dir or sym link in /var/run; (bnc#738156). + +------------------------------------------------------------------- +Mon Dec 5 16:47:48 CET 2011 - u...@suse.de + +- root nameserver updated (root.hint file) + +------------------------------------------------------------------- +Mon Dec 5 12:55:15 CET 2011 - u...@suse.de + +- added managed-keys-directory to named.conf + +------------------------------------------------------------------- +Tue Nov 22 11:37:01 CET 2011 - u...@suse.de + +- fixed apparmor profile for lib and lib64 in chroot + (bnc#716745) + +------------------------------------------------------------------- +Thu Nov 17 15:25:54 CET 2011 - fteod...@suse.de + +- Cache lookup could return RRSIG data associated with nonexistent + records, leading to an assertion failure. CVE-2011-4313; (bnc#730995). + +------------------------------------------------------------------- +Wed Oct 26 11:14:43 CEST 2011 - u...@suse.de + +- on a 64bit system a chrooted bind failed to start if 32bit + libs were installed (bnc#716745) + +------------------------------------------------------------------- +Fri Sep 30 20:07:45 UTC 2011 - co...@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Sat Sep 17 19:36:58 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections from specfile +- Use %_smp_mflags for parallel build + +------------------------------------------------------------------- +Fri Sep 16 15:48:23 CEST 2011 - u...@suse.de + +- very first restart can create broken chroot + (bnc#718441) + +------------------------------------------------------------------- +Mon Sep 5 11:41:49 CEST 2011 - u...@suse.de + +* fixed SSL in chroot environment (bnc#715881) + +------------------------------------------------------------------- +Mon Sep 5 10:19:34 CEST 2011 - u...@suse.de + +* Added a new include file with function typedefs for the DLZ + "dlopen" driver. [RT #23629] +* Added a tool able to generate malformed packets to allow testing of + how named handles them. [RT #24096] +* The root key is now provided in the file bind.keys allowing DNSSEC + validation to be switched on at start up by adding + "dnssec-validation auto;" to named.conf. If the root key provided + has expired, named will log the expiration and validation will not + work. More information and the most current copy of bind.keys can + be found at http://www.isc.org/bind-keys. *Please note this feature + was actually added in 9.8.0 but was not included in the 9.8.0 + release notes. [RT #21727] +* If named is configured with a response policy zone (RPZ) and a + query of type RRSIG is received for a name configured for RRset + replacement in that RPZ, it will trigger an INSIST and crash the + server. RRSIG. [RT #24280] +* named, set up to be a caching resolver, is vulnerable to a user + querying a domain with very large resource record sets (RRSets) + when trying to negatively cache the response. Due to an off-by-one + error, caching the response could cause named to crash. [RT #24650] + [CVE-2011-1910] +* Using Response Policy Zone (RPZ) to query a wildcard CNAME label + with QUERY type SIG/RRSIG, it can cause named to crash. Fix is + query type independant. [RT #24715] +* Using Response Policy Zone (RPZ) with DNAME records and querying + the subdomain of that label can cause named to crash. Now logs that ++++ 1255 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.bind.998.new/bind.changes New: ---- Makefile.in.diff baselibs.conf bind-9.9.1-P4.tar.gz bind.changes bind.spec configure.in.diff configure.in.diff2 dlz-schema.txt dnszone-schema.txt named-bootconf.diff named.root perl-path.diff pid-path.diff pie_compile.diff vendor-files.tar.bz2 workaround-compile-problem.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ ++++ 700 lines (skipped) ++++++ Makefile.in.diff ++++++ Index: bind-9.8.1-P1/bin/named/Makefile.in =================================================================== --- bind-9.8.1-P1.orig/bin/named/Makefile.in +++ bind-9.8.1-P1/bin/named/Makefile.in @@ -162,8 +162,6 @@ installdirs: install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir} (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@) - ${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5 + for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man$${m##*.}; done @DLZ_DRIVER_RULES@ ++++++ baselibs.conf ++++++ bind-libs obsoletes "bind-utils-<targettype>" provides "bind-utils-<targettype>" arch ppc package bind-devel requires -bind-<targettype> requires "bind-libs-<targettype> = <version>" arch sparcv9 package bind-devel requires -bind-<targettype> requires "bind-libs-<targettype> = <version>" ++++++ configure.in.diff ++++++ Index: bind-9.8.1-P1/configure.in =================================================================== --- bind-9.8.1-P1.orig/configure.in +++ bind-9.8.1-P1/configure.in @@ -2907,7 +2907,7 @@ AC_SUBST(DOXYGEN) # empty). The variable VARIABLE will be substituted into output files. # -AC_DEFUN(NOM_PATH_FILE, [ +AC_DEFUN([NOM_PATH_FILE], [ $1="" AC_MSG_CHECKING(for $2) for d in $3 ++++++ configure.in.diff2 ++++++ --- a/configure.in +++ a/configure.in 2011/04/21 13:34:11 @@ -280,7 +280,7 @@ AC_C_INLINE AC_C_VOLATILE AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME)) -AC_C_FLEXIBLE_ARRAY_MEMBER +#AC_C_FLEXIBLE_ARRAY_MEMBER # # UnixWare 7.1.1 with the feature supplement to the UDK compiler ++++++ dlz-schema.txt ++++++ # # # 1.3.6.1.4.1.18420.1.1.X is reserved for attribute types declared by the DLZ project. # 1.3.6.1.4.1.18420.1.2.X is reserved for object classes declared by the DLZ project. # 1.3.6.1.4.1.18420.1.3.X is reserved for PRIVATE extensions to the DLZ attribute # types and object classes that may be needed by end users # to add security, etc. Attributes and object classes using # this OID MUST NOT be published outside of an organization # except to offer them for consideration to become part of the # standard attributes and object classes published by the DLZ project. attributetype ( 1.3.6.1.4.1.18420.1.1.10 NAME 'dlzZoneName' DESC 'DNS zone name - domain name not including host name' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.20 NAME 'dlzHostName' DESC 'Host portion of a domain name' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.30 NAME 'dlzData' DESC 'Data for the resource record' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.40 NAME 'dlzType' DESC 'DNS record type - A, SOA, NS, MX, etc...' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.50 NAME 'dlzSerial' DESC 'SOA record serial number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.60 NAME 'dlzRefresh' DESC 'SOA record refresh time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.70 NAME 'dlzRetry' DESC 'SOA retry time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.80 NAME 'dlzExpire' DESC 'SOA expire time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.90 NAME 'dlzMinimum' DESC 'SOA minimum time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.100 NAME 'dlzAdminEmail' DESC 'E-mail address of person responsible for this zone - @ should be replaced with . (period)' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.110 NAME 'dlzPrimaryNS' DESC 'Primary name server for this zone - should be host name not IP address' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.120 NAME 'dlzIPAddr' DESC 'IP address - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6 should be in colon notation xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{40} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.130 NAME 'dlzCName' DESC 'DNS cname' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.140 NAME 'dlzPreference' DESC 'DNS MX record preference. Lower numbers have higher preference' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.150 NAME 'dlzTTL' DESC 'DNS time to live - how long this record can be cached by caching DNS servers' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.160 NAME 'dlzRecordID' DESC 'Unique ID for each DLZ resource record' SUP name SINGLE-VALUE ) #------------------------------------------------------------------------------ # Object class definitions #------------------------------------------------------------------------------ objectclass ( 1.3.6.1.4.1.18420.1.2.10 NAME 'dlzZone' DESC 'Zone name portion of a domain name' SUP top STRUCTURAL MUST ( objectclass $ dlzZoneName ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.20 NAME 'dlzHost' DESC 'Host name portion of a domain name' SUP top STRUCTURAL MUST ( objectclass $ dlzHostName ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.30 NAME 'dlzAbstractRecord' DESC 'Data common to all DNS record types' SUP top ABSTRACT MUST ( objectclass $ dlzRecordID $ dlzHostName $ dlzType $ dlzTTL ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.40 NAME 'dlzGenericRecord' DESC 'Generic DNS record - useful when a specific object class has not been defined for a DNS record' SUP dlzAbstractRecord STRUCTURAL MUST ( dlzData ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.50 NAME 'dlzARecord' DESC 'DNS A record' SUP dlzAbstractrecord STRUCTURAL MUST ( dlzIPAddr ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.60 NAME 'dlzNSRecord' DESC 'DNS NS record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.70 NAME 'dlzMXRecord' DESC 'DNS MX record' SUP dlzGenericRecord STRUCTURAL MUST ( dlzPreference ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.80 NAME 'dlzSOARecord' DESC 'DNS SOA record' SUP dlzAbstractRecord STRUCTURAL MUST ( dlzSerial $ dlzRefresh $ dlzRetry $ dlzExpire $ dlzMinimum $ dlzAdminEmail $ dlzPrimaryNS ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.90 NAME 'dlzTextRecord' DESC 'Text data with spaces should be wrapped in double quotes' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.100 NAME 'dlzPTRRecord' DESC 'DNS PTR record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.110 NAME 'dlzCNameRecord' DESC 'DNS CName record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.120 NAME 'dlzXFR' DESC 'Host allowed to perform zone transfer' SUP top STRUCTURAL MUST ( objectclass $ dlzRecordID $ dlzIPAddr ) ) ++++++ dnszone-schema.txt ++++++ # A schema for storing DNS zones in LDAP # attributetype ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName' DESC 'The name of a zone, i.e. the name of the highest node in the zone' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName' DESC 'The starting labels of a domain name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain name pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text string, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 address, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-existant, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service location, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming Authority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchange Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certificate, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record Type, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' SUP top STRUCTURAL MUST ( zoneName $ relativeDomainName ) MAY ( DNSTTL $ DNSClass $ ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $ MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord ) ) ++++++ named-bootconf.diff ++++++ Index: contrib/named-bootconf/named-bootconf.sh =================================================================== --- contrib/named-bootconf/named-bootconf.sh.orig +++ contrib/named-bootconf/named-bootconf.sh @@ -54,7 +54,8 @@ # POSSIBILITY OF SUCH DAMAGE. if [ ${OPTIONFILE-X} = X ]; then - WORKDIR=/tmp/`date +%s`.$$ + TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1 + WORKDIR=$TMPDIR/`date +%s`.$$ ( umask 077 ; mkdir $WORKDIR ) || { echo "unable to create work directory '$WORKDIR'" >&2 exit 1 @@ -308,7 +309,7 @@ if [ $DUMP -eq 1 ]; then cat $ZONEFILE $COMMENTFILE rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE - rmdir $WORKDIR + rm -rf $TMPDIR fi exit 0 ++++++ named.root ++++++ ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: Jun 8, 2011 ; related version of root zone: 2011060800 ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D ; ; FORMERLY NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; FORMERLY NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F ; ; FORMERLY NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 ; ; OPERATED BY ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; ; OPERATED BY WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 ; End of File ++++++ perl-path.diff ++++++ --- bin/tests/t_api.pl +++ bin/tests/t_api.pl 2012/05/22 07:59:27 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl # # Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1999-2001 Internet Software Consortium. --- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl +++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl 2012/05/22 07:59:17 @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w # $Id: generate_nameprep_data.pl,v 1.1 2003/06/04 00:27:54 marka Exp $ # # Copyright (c) 2001 Japan Network Information Center. All rights reserved. --- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl +++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl 2012/05/22 07:58:58 @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w # $Id: generate_normalize_data.pl,v 1.1 2003/06/04 00:27:55 marka Exp $ # # Copyright (c) 2000,2001 Japan Network Information Center. ++++++ pid-path.diff ++++++ Index: bin/named/include/named/globals.h =================================================================== --- bin/named/include/named/globals.h.orig +++ bin/named/include/named/globals.h @@ -134,9 +134,9 @@ EXTERN const char * lwresd_g_defaultpid "lwresd.pid"); #else EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/named.pid"); + "/run/named/named.pid"); EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/lwresd.pid"); + "/run/named/lwresd.pid"); #endif EXTERN const char * ns_g_username INIT(NULL); Index: contrib/nanny/nanny.pl =================================================================== --- contrib/nanny/nanny.pl.orig +++ contrib/nanny/nanny.pl @@ -19,7 +19,7 @@ # A simple nanny to make sure named stays running. -$pid_file_location = '/var/run/named.pid'; +$pid_file_location = '/var/run/named/named.pid'; $nameserver_location = 'localhost'; $dig_program = 'dig'; $named_program = 'named'; ++++++ pie_compile.diff ++++++ Index: bin/Makefile.in =================================================================== --- bin/Makefile.in.orig +++ bin/Makefile.in @@ -23,4 +23,8 @@ SUBDIRS = named rndc dig dnssec tests to check confgen @PKCS11_TOOLS@ TARGETS = +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ + +LDFLAGS += -pie Index: bin/dig/Makefile.in =================================================================== --- bin/dig/Makefile.in.orig +++ bin/dig/Makefile.in @@ -67,8 +67,12 @@ HTMLPAGES = dig.html host.html nslookup. MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS} export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \ ${FINALBUILDCMD} Index: bin/dnssec/Makefile.in =================================================================== --- bin/dnssec/Makefile.in.orig +++ bin/dnssec/Makefile.in @@ -60,8 +60,12 @@ HTMLPAGES = dnssec-dsfromkey.html dnssec MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS} export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \ ${FINALBUILDCMD} Index: bin/nsupdate/Makefile.in =================================================================== --- bin/nsupdate/Makefile.in.orig +++ bin/nsupdate/Makefile.in @@ -64,8 +64,12 @@ HTMLPAGES = nsupdate.html MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + nsupdate.@O@: nsupdate.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DSESSION_KEYFILE=\"${localstatedir}/run/named/session.key\" \ Index: bin/rndc/Makefile.in =================================================================== --- bin/rndc/Makefile.in.orig +++ bin/rndc/Makefile.in @@ -59,8 +59,12 @@ HTMLPAGES = rndc.html rndc.conf.html MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + rndc.@O@: rndc.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ Index: bin/check/Makefile.in =================================================================== --- bin/check/Makefile.in.orig +++ bin/check/Makefile.in @@ -57,8 +57,12 @@ HTMLPAGES = named-checkconf.html named-c MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + named-checkconf.@O@: named-checkconf.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ Index: bin/named/Makefile.in =================================================================== --- bin/named/Makefile.in.orig +++ bin/named/Makefile.in @@ -109,8 +109,12 @@ HTMLPAGES = named.html lwresd.html named MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + main.@O@: main.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ Index: bin/named/unix/Makefile.in =================================================================== --- bin/named/unix/Makefile.in.orig +++ bin/named/unix/Makefile.in @@ -34,4 +34,6 @@ SRCS = os.c dlz_dlopen_driver.c TARGETS = ${OBJS} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ Index: bin/confgen/Makefile.in =================================================================== --- bin/confgen/Makefile.in.orig +++ bin/confgen/Makefile.in @@ -64,8 +64,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} UOBJS = unix/os.@O@ +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + rndc-confgen.@O@: rndc-confgen.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \ ++++++ workaround-compile-problem.diff ++++++ --- bin/tests/system/Makefile.in +++ bin/tests/system/Makefile.in 2012/05/04 14:43:22 @@ -21,7 +21,7 @@ @BIND9_MAKE_INCLUDES@ -SUBDIRS = dlzexternal filter-aaaa lwresd rpz tkey tsiggss +SUBDIRS = filter-aaaa lwresd rpz tkey tsiggss TARGETS = @BIND9_MAKE_RULES@ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
