Hello community,
here is the log from the commit of package bind for openSUSE:Factory checked in
at 2015-12-23 09:56:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bind (Old)
and /work/SRC/openSUSE:Factory/.bind.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind"
Changes:
--------
--- /work/SRC/openSUSE:Factory/bind/bind.changes 2015-10-22
12:56:28.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.bind.new/bind.changes 2015-12-23
09:57:03.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Dec 21 16:55:36 UTC 2015 - m...@suse.com
+
+- Update to version 9.10.3-P2 to fix a remote denial of service by
+ misparsing incoming responses (CVE-2015-8000, bsc#958861).
+
+-------------------------------------------------------------------
Old:
----
bind-9.10.2-P4.tar.gz
bind-9.10.2-P4.tar.gz.asc
New:
----
bind-9.10.3-P2.tar.gz
bind-9.10.3-P2.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ bind.spec ++++++
--- /var/tmp/diff_new_pack.aom3lA/_old 2015-12-23 09:57:06.000000000 +0100
+++ /var/tmp/diff_new_pack.aom3lA/_new 2015-12-23 09:57:06.000000000 +0100
@@ -18,8 +18,8 @@
Name: bind
%define pkg_name bind
-%define pkg_vers 9.10.2-P4
-%define rpm_vers 9.10.2P4
+%define pkg_vers 9.10.3-P2
+%define rpm_vers 9.10.3P2
%define idn_vers 1.0
Summary: Domain Name System (DNS) Server (named)
License: ISC
@@ -141,13 +141,13 @@
This library contains a few utility functions used by the BIND
server and utilities.
-%package -n libdns161
+%package -n libdns162
Summary: DNS library used by BIND
Group: System/Libraries
Version: %rpm_vers
Release: 0
-%description -n libdns161
+%description -n libdns162
This subpackage contains the "DNS client" module. This is a higher
level API that provides an interface to name resolution, single DNS
transaction with a particular server, and dynamic update. Regarding
@@ -227,7 +227,7 @@
parameters that would be beyond the capability of the resolv.conf file. This
subpackage contains the header files needed for building programs with it.
-%package -n libisc148
+%package -n libisc160
Summary: ISC shared library used by BIND
Group: System/Libraries
Version: %rpm_vers
@@ -238,7 +238,7 @@
Obsoletes: bind-libs = %version-%release
Provides: bind-libs < %version-%release
-%description -n libisc148
+%description -n libisc160
This library contains miscellaneous utility function used by the BIND
server and utilities. It includes functions for assertion handling,
balanced binary (AVL) trees, bit masks comparison, event based
@@ -298,9 +298,9 @@
Version: %rpm_vers
Release: 0
Requires: libbind9-140 = %version
-Requires: libdns161 = %version
+Requires: libdns162 = %version
Requires: libirs141 = %version
-Requires: libisc148 = %version
+Requires: libisc160 = %version
Requires: libisccc140 = %version
Requires: libisccfg140 = %version
Requires: liblwres141 = %version
@@ -725,8 +725,8 @@
%post -n libbind9-140 -p /sbin/ldconfig
%postun -n libbind9-140 -p /sbin/ldconfig
-%post -n libdns161 -p /sbin/ldconfig
-%postun -n libdns161 -p /sbin/ldconfig
+%post -n libdns162 -p /sbin/ldconfig
+%postun -n libdns162 -p /sbin/ldconfig
%post -n libidnkit1 -p /sbin/ldconfig
%postun -n libidnkit1 -p /sbin/ldconfig
%post -n libidnkitlite1 -p /sbin/ldconfig
@@ -735,8 +735,8 @@
%postun -n libidnkitres1 -p /sbin/ldconfig
%post -n libirs141 -p /sbin/ldconfig
%postun -n libirs141 -p /sbin/ldconfig
-%post -n libisc148 -p /sbin/ldconfig
-%postun -n libisc148 -p /sbin/ldconfig
+%post -n libisc160 -p /sbin/ldconfig
+%postun -n libisc160 -p /sbin/ldconfig
%post -n libisccc140 -p /sbin/ldconfig
%postun -n libisccc140 -p /sbin/ldconfig
%post -n libisccfg140 -p /sbin/ldconfig
@@ -864,9 +864,9 @@
%defattr(-,root,root)
%_libdir/libbind9.so.140*
-%files -n libdns161
+%files -n libdns162
%defattr(-,root,root)
-%_libdir/libdns.so.161*
+%_libdir/libdns.so.162*
%files -n libidnkit1
%defattr(-,root,root)
@@ -888,9 +888,9 @@
%defattr(-,root,root)
%_libdir/libirs.so
-%files -n libisc148
+%files -n libisc160
%defattr(-,root,root)
-%_libdir/libisc.so.148*
+%_libdir/libisc.so.160*
%files -n libisccc140
%defattr(-,root,root)
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.aom3lA/_old 2015-12-23 09:57:06.000000000 +0100
+++ /var/tmp/diff_new_pack.aom3lA/_new 2015-12-23 09:57:06.000000000 +0100
@@ -1,10 +1,10 @@
libbind9-140
-libdns161
+libdns162
libidnkit1
libidnkitlite1
libidnkitres1
libirs141
-libisc148
+libisc160
obsoletes "bind-libs-<targettype> = <version>"
provides "bind-libs-<targettype> = <version>"
libisccc140
@@ -13,13 +13,13 @@
bind-devel
requires -bind-<targettype>
requires "libbind9-140-<targettype> = <version>"
- requires "libdns161-<targettype> = <version>"
+ requires "libdns162-<targettype> = <version>"
requires "libirs141-<targettype> = <version>"
- requires "libisc148-<targettype> = <version>"
+ requires "libisc160-<targettype> = <version>"
requires "libisccc140-<targettype> = <version>"
requires "libisccfg140-<targettype> = <version>"
requires "liblwres141-<targettype> = <version>"
idnkit-devel
- requires "libdns161-<targettype> = <version>"
+ requires "libdns162-<targettype> = <version>"
requires "libidnkit1-<targettype> = <version>"
requires "libidnkitlite1-<targettype> = <version>"
++++++ bind-9.10.2-P4.tar.gz -> bind-9.10.3-P2.tar.gz ++++++
/work/SRC/openSUSE:Factory/bind/bind-9.10.2-P4.tar.gz
/work/SRC/openSUSE:Factory/.bind.new/bind-9.10.3-P2.tar.gz differ: char 5, line
1
++++++ dns_dynamic_db.patch ++++++
--- /var/tmp/diff_new_pack.aom3lA/_old 2015-12-23 09:57:06.000000000 +0100
+++ /var/tmp/diff_new_pack.aom3lA/_new 2015-12-23 09:57:06.000000000 +0100
@@ -7,9 +7,10 @@
#
# Based on the original patch, some minor adjustments to line numbers are made
by Howard Guo <h...@suse.com>.
-diff -rupN bind-9.10.1-P1-orig/bin/named/main.c
bind-9.10.1-P1-patched/bin/named/main.c
---- bind-9.10.1-P1-orig/bin/named/main.c 2014-11-21 00:56:37.000000000
+0100
-+++ bind-9.10.1-P1-patched/bin/named/main.c 2015-04-27 11:33:20.619196452
+0200
+Index: bind-9.10.3-P2/bin/named/main.c
+===================================================================
+--- bind-9.10.3-P2.orig/bin/named/main.c
++++ bind-9.10.3-P2/bin/named/main.c
@@ -43,6 +43,7 @@
#include <isccc/result.h>
@@ -18,9 +19,10 @@
#include <dns/name.h>
#include <dns/result.h>
#include <dns/view.h>
-diff -rupN bind-9.10.1-P1-orig/bin/named/server.c
bind-9.10.1-P1-patched/bin/named/server.c
---- bind-9.10.1-P1-orig/bin/named/server.c 2014-11-21 00:56:37.000000000
+0100
-+++ bind-9.10.1-P1-patched/bin/named/server.c 2015-04-27 11:33:20.620196464
+0200
+Index: bind-9.10.3-P2/bin/named/server.c
+===================================================================
+--- bind-9.10.3-P2.orig/bin/named/server.c
++++ bind-9.10.3-P2/bin/named/server.c
@@ -68,6 +68,7 @@
#include <dns/db.h>
#include <dns/dispatch.h>
@@ -29,7 +31,7 @@
#include <dns/dns64.h>
#include <dns/forward.h>
#include <dns/journal.h>
-@@ -1304,6 +1305,72 @@ configure_peer(const cfg_obj_t *cpeer, i
+@@ -1309,6 +1310,72 @@
}
static isc_result_t
@@ -102,15 +104,15 @@
disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
isc_result_t result;
const cfg_obj_t *algorithms;
-@@ -2335,6 +2402,7 @@ configure_view(dns_view_t *view, dns_vie
+@@ -2344,6 +2411,7 @@
const cfg_obj_t *dlz;
unsigned int dlzargc;
char **dlzargv;
+ const cfg_obj_t *dynamic_db_list;
const cfg_obj_t *disabled;
const cfg_obj_t *obj;
- const cfg_listelt_t *element;
-@@ -2611,6 +2679,8 @@ configure_view(dns_view_t *view, dns_vie
+ #ifdef ENABLE_FETCHLIMIT
+@@ -2623,6 +2691,8 @@
}
}
@@ -119,7 +121,7 @@
/*
* Obtain configuration parameters that affect the decision of whether
* we can reuse/share an existing cache.
-@@ -3613,6 +3683,37 @@ configure_view(dns_view_t *view, dns_vie
+@@ -3698,6 +3768,37 @@
dns_view_setrootdelonly(view, ISC_FALSE);
/*
@@ -157,7 +159,7 @@
* Setup automatic empty zones. If recursion is off then
* they are disabled by default.
*/
-@@ -5355,6 +5456,7 @@ load_configuration(const char *filename,
+@@ -5443,6 +5544,7 @@
cfg_aclconfctx_detach(&ns_g_aclconfctx);
CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx));
@@ -165,7 +167,7 @@
/*
* Parse the global default pseudo-config file.
*/
-@@ -6562,6 +6664,8 @@ shutdown_server(isc_task_t *task, isc_ev
+@@ -6671,6 +6773,8 @@
dns_view_detach(&view);
}
@@ -174,9 +176,10 @@
while ((nsc = ISC_LIST_HEAD(server->cachelist)) != NULL) {
ISC_LIST_UNLINK(server->cachelist, nsc, link);
dns_cache_detach(&nsc->cache);
-diff -rupN bind-9.10.1-P1-orig/lib/dns/dynamic_db.c
bind-9.10.1-P1-patched/lib/dns/dynamic_db.c
---- bind-9.10.1-P1-orig/lib/dns/dynamic_db.c 1970-01-01 01:00:00.000000000
+0100
-+++ bind-9.10.1-P1-patched/lib/dns/dynamic_db.c 2015-04-27
11:33:20.620196464 +0200
+Index: bind-9.10.3-P2/lib/dns/dynamic_db.c
+===================================================================
+--- /dev/null
++++ bind-9.10.3-P2/lib/dns/dynamic_db.c
@@ -0,0 +1,366 @@
+/*
+ * Copyright (C) 2008-2011 Red Hat, Inc.
@@ -544,9 +547,10 @@
+
+ return args->timermgr;
+}
-diff -rupN bind-9.10.1-P1-orig/lib/dns/include/dns/dynamic_db.h
bind-9.10.1-P1-patched/lib/dns/include/dns/dynamic_db.h
---- bind-9.10.1-P1-orig/lib/dns/include/dns/dynamic_db.h 1970-01-01
01:00:00.000000000 +0100
-+++ bind-9.10.1-P1-patched/lib/dns/include/dns/dynamic_db.h 2015-04-27
11:33:20.620196464 +0200
+Index: bind-9.10.3-P2/lib/dns/include/dns/dynamic_db.h
+===================================================================
+--- /dev/null
++++ bind-9.10.3-P2/lib/dns/include/dns/dynamic_db.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2008-2011 Red Hat, Inc.
@@ -598,10 +602,11 @@
+isc_timermgr_t *dns_dyndb_get_timermgr(dns_dyndb_arguments_t *args);
+
+#endif
-diff -rupN bind-9.10.1-P1-orig/lib/dns/include/dns/log.h
bind-9.10.1-P1-patched/lib/dns/include/dns/log.h
---- bind-9.10.1-P1-orig/lib/dns/include/dns/log.h 2014-11-21
00:56:37.000000000 +0100
-+++ bind-9.10.1-P1-patched/lib/dns/include/dns/log.h 2015-04-27
11:33:20.621196475 +0200
-@@ -79,6 +79,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodul
+Index: bind-9.10.3-P2/lib/dns/include/dns/log.h
+===================================================================
+--- bind-9.10.3-P2.orig/lib/dns/include/dns/log.h
++++ bind-9.10.3-P2/lib/dns/include/dns/log.h
+@@ -78,6 +78,7 @@
#define DNS_LOGMODULE_DNSSEC (&dns_modules[27])
#define DNS_LOGMODULE_CRYPTO (&dns_modules[28])
#define DNS_LOGMODULE_PACKETS (&dns_modules[29])
@@ -609,10 +614,11 @@
ISC_LANG_BEGINDECLS
-diff -rupN bind-9.10.1-P1-orig/lib/dns/include/dns/Makefile.in
bind-9.10.1-P1-patched/lib/dns/include/dns/Makefile.in
---- bind-9.10.1-P1-orig/lib/dns/include/dns/Makefile.in 2014-11-21
00:56:37.000000000 +0100
-+++ bind-9.10.1-P1-patched/lib/dns/include/dns/Makefile.in 2015-04-27
11:33:20.621196475 +0200
-@@ -23,7 +23,7 @@ top_srcdir = @top_srcdir@
+Index: bind-9.10.3-P2/lib/dns/include/dns/Makefile.in
+===================================================================
+--- bind-9.10.3-P2.orig/lib/dns/include/dns/Makefile.in
++++ bind-9.10.3-P2/lib/dns/include/dns/Makefile.in
+@@ -23,7 +23,7 @@
HEADERS = acache.h acl.h adb.h bit.h byaddr.h cache.h callbacks.h cert.h \
client.h clientinfo.h compress.h \
@@ -621,10 +627,11 @@
dlz.h dlz_dlopen.h dns64.h dnssec.h ds.h dsdigest.h \
ecdb.h events.h fixedname.h forward.h geoip.h iptable.h \
journal.h keydata.h keyflags.h keytable.h keyvalues.h \
-diff -rupN bind-9.10.1-P1-orig/lib/dns/include/dns/types.h
bind-9.10.1-P1-patched/lib/dns/include/dns/types.h
---- bind-9.10.1-P1-orig/lib/dns/include/dns/types.h 2014-11-21
00:56:37.000000000 +0100
-+++ bind-9.10.1-P1-patched/lib/dns/include/dns/types.h 2015-04-27
11:33:20.621196475 +0200
-@@ -139,6 +139,7 @@ typedef struct dns_zone
dns_zone_t;
+Index: bind-9.10.3-P2/lib/dns/include/dns/types.h
+===================================================================
+--- bind-9.10.3-P2.orig/lib/dns/include/dns/types.h
++++ bind-9.10.3-P2/lib/dns/include/dns/types.h
+@@ -140,6 +140,7 @@
typedef ISC_LIST(dns_zone_t) dns_zonelist_t;
typedef struct dns_zonemgr dns_zonemgr_t;
typedef struct dns_zt dns_zt_t;
@@ -632,10 +639,11 @@
/*
* If we are not using GSSAPI, define the types we use as opaque types here.
-diff -rupN bind-9.10.1-P1-orig/lib/dns/log.c
bind-9.10.1-P1-patched/lib/dns/log.c
---- bind-9.10.1-P1-orig/lib/dns/log.c 2014-11-21 00:56:37.000000000 +0100
-+++ bind-9.10.1-P1-patched/lib/dns/log.c 2015-04-27 11:33:20.621196475
+0200
-@@ -85,6 +85,7 @@ LIBDNS_EXTERNAL_DATA isc_logmodule_t dns
+Index: bind-9.10.3-P2/lib/dns/log.c
+===================================================================
+--- bind-9.10.3-P2.orig/lib/dns/log.c
++++ bind-9.10.3-P2/lib/dns/log.c
+@@ -84,6 +84,7 @@
{ "dns/dnssec", 0 },
{ "dns/crypto", 0 },
{ "dns/packets", 0 },
@@ -643,10 +651,11 @@
{ NULL, 0 }
};
-diff -rupN bind-9.10.1-P1-orig/lib/dns/Makefile.in
bind-9.10.1-P1-patched/lib/dns/Makefile.in
---- bind-9.10.1-P1-orig/lib/dns/Makefile.in 2014-11-21 00:56:37.000000000
+0100
-+++ bind-9.10.1-P1-patched/lib/dns/Makefile.in 2015-04-27 11:36:30.228342475
+0200
-@@ -65,7 +65,7 @@ GEOIPLINKOBJS = geoip.@O@
+Index: bind-9.10.3-P2/lib/dns/Makefile.in
+===================================================================
+--- bind-9.10.3-P2.orig/lib/dns/Makefile.in
++++ bind-9.10.3-P2/lib/dns/Makefile.in
+@@ -65,7 +65,7 @@
DNSOBJS = acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \
cache.@O@ callbacks.@O@ clientinfo.@O@ compress.@O@ \
db.@O@ dbiterator.@O@ dbtable.@O@ diff.@O@ dispatch.@O@ \
@@ -655,7 +664,7 @@
iptable.@O@ journal.@O@ keydata.@O@ keytable.@O@ \
lib.@O@ log.@O@ lookup.@O@ \
master.@O@ masterdump.@O@ message.@O@ \
-@@ -103,7 +103,7 @@ GEOIOLINKSRCS = geoip.c
+@@ -103,7 +103,7 @@
DNSSRCS = acache.c acl.c adb.c byaddr.c \
cache.c callbacks.c clientinfo.c compress.c \
db.c dbiterator.c dbtable.c diff.c dispatch.c \
@@ -664,7 +673,7 @@
iptable.c journal.c keydata.c keytable.c lib.c log.c \
lookup.c master.c masterdump.c message.c \
name.c ncache.c nsec.c nsec3.c order.c peer.c portlist.c \
-@@ -138,6 +138,11 @@ version.@O@: version.c
+@@ -138,6 +138,11 @@
-DLIBAGE=${LIBAGE} \
-c ${srcdir}/version.c
@@ -676,10 +685,11 @@
libdns.@SA@: ${OBJS}
${AR} ${ARFLAGS} $@ ${OBJS}
${RANLIB} $@
-diff -rupN bind-9.10.1-P1-orig/lib/isccfg/namedconf.c
bind-9.10.1-P1-patched/lib/isccfg/namedconf.c
---- bind-9.10.1-P1-orig/lib/isccfg/namedconf.c 2014-11-21 00:56:37.000000000
+0100
-+++ bind-9.10.1-P1-patched/lib/isccfg/namedconf.c 2015-04-27
11:33:20.621196475 +0200
-@@ -660,6 +660,40 @@ static cfg_type_t cfg_type_transferforma
+Index: bind-9.10.3-P2/lib/isccfg/namedconf.c
+===================================================================
+--- bind-9.10.3-P2.orig/lib/isccfg/namedconf.c
++++ bind-9.10.3-P2/lib/isccfg/namedconf.c
+@@ -661,6 +661,40 @@
&transferformat_enums
};
@@ -720,7 +730,7 @@
/*%
* The special keyword "none", as used in the pid-file option.
*/
-@@ -906,6 +940,7 @@ namedconf_or_view_clauses[] = {
+@@ -962,6 +996,7 @@
{ "key", &cfg_type_key, CFG_CLAUSEFLAG_MULTI },
{ "zone", &cfg_type_zone, CFG_CLAUSEFLAG_MULTI },
{ "dlz", &cfg_type_dlz, CFG_CLAUSEFLAG_MULTI },
@@ -728,7 +738,7 @@
{ "server", &cfg_type_server, CFG_CLAUSEFLAG_MULTI },
{ "trusted-keys", &cfg_type_dnsseckeys, CFG_CLAUSEFLAG_MULTI },
{ "managed-keys", &cfg_type_managedkeys, CFG_CLAUSEFLAG_MULTI },
-@@ -2131,6 +2166,7 @@ static cfg_type_t cfg_type_dialuptype =
+@@ -2188,6 +2223,7 @@
&cfg_rep_string, dialup_enums
};
@@ -736,7 +746,7 @@
static const char *notify_enums[] = { "explicit", "master-only", NULL };
static isc_result_t
parse_notify_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t
**ret) {
-@@ -3199,3 +3235,4 @@ static cfg_type_t cfg_type_maxttl = {
+@@ -3256,3 +3292,4 @@
"maxttl_no_default", parse_maxttl, cfg_print_ustring, cfg_doc_terminal,
&cfg_rep_string, maxttl_enums
};
