Hello community, here is the log from the commit of package bind.1167 for openSUSE:12.2:Update checked in at 2012-12-17 11:56:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/bind.1167 (Old) and /work/SRC/openSUSE:12.2:Update/.bind.1167.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind.1167", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-11-30 12:21:47.308011256 +0100 +++ /work/SRC/openSUSE:12.2:Update/.bind.1167.new/bind.changes 2012-12-17 11:56:28.000000000 +0100 @@ -0,0 +1,1608 @@ +------------------------------------------------------------------- +Fri Dec 7 15:40:37 UTC 2012 - [email protected] + +- Updated to 9.9.2-P1 (bnc#792926) + https://kb.isc.org/article/AA-00828 + * Security Fixes + + Prevents named from aborting with a require assertion failure on + servers with DNS64 enabled. These crashes might occur as a result of + specific queries that are received. (Note that this fix is a subset + of a series of updates that will be included in full in BIND 9.8.5 + and 9.9.3 as change #3388, RT #30996). [CVE-2012-5688] [RT #30792] + + A deliberately constructed combination of records could cause + named to hang while populating the additional section of a + response. [CVE-2012-5166] [RT #31090] + + Prevents a named assert (crash) when queried for a record whose + RDATA exceeds 65535 bytes. [CVE-2012-4244] [RT #30416] + + Prevents a named assert (crash) when validating caused by using + "Bad cache" data before it has been initialized. [CVE-2012-3817] + [RT #30025] + + A condition has been corrected where improper handling of zero-length + RDATA could cause undesirable behavior, including termination of + the named process. [CVE-2012-1667] [RT #29644] + + ISC_QUEUE handling for recursive clients was updated to address a race + condition that could cause a memory leak. This rarely occurred with + UDP clients, but could be a significant problem for a server handling + a steady rate of TCP queries. [CVE-2012-3868] [RT #29539 & #30233] + +New Features + + Elliptic Curve Digital Signature Algorithm keys and signatures in + DNSSEC are now supported per RFC 6605. [RT #21918] + + Introduces a new tool "dnssec-checkds" command that checks a zone to + determine which DS records should be published in the parent zone, + or which DLV records should be published in a DLV zone, and queries + the DNS to ensure that it exists. (Note: This tool depends on python; + it will not be built or installed on systems that do not have a + python interpreter.) [RT #28099] + + Introduces a new tool "dnssec-verify" that validates a signed zone, + checking for the correctness of signatures and NSEC/NSEC3 chains. + [RT #23673] + + Adds configuration option "max-rsa-exponent-size <value>;" that + can be used to specify the maximum rsa exponent size that will be + accepted when validating [RT #29228] + +Feature Changes + + Improves OpenSSL error logging [RT #29932] + nslookup now returns a nonzero exit code when it is unable to get + an answer. [RT #29492] + +Bug Fixes + + Uses binary mode to open raw files on Windows. [RT #30944] + When using DNSSEC inline signing with "rndc signing -nsec3param", a + salt value of "-" can now be used to indicate 'no salt'. [RT #30099] + Prevents race conditions (address use after free) that could be + encountered when named is shutting down and releasing structures + used to manage recursive clients. [RT #30241] + Static-stub zones now accept "forward" and "fowarders" options + (often needed for subdomains of the zone referenced to override + global forwarding options). These options are already available + with traditional stub zones and their omission from zones of type + "static-stub" was an inadvertent oversight. [RT #30482] + Limits the TTL of signed RRsets in cache when their RRSIGs are + approaching expiry. This prevents the persistence in cache of + invalid RRSIGs in order to assist recovery from a situation where + zone re-signing doesn't occur in a timely manner. With this change, + named will attempt to obtain new RRSIGs from the authoritative server + once the original ones have expired, and even if the TTL of the old + records would in other circumstances cause them to be kept in cache + for longer. [RT #26429] + Corrects the syntax of isc_atomic_xadd() and isc_atomic_cmpxchg() + which are employed on Itanium systems to speed up lock management + by making use of atomic operations. Without the syntax correction + it is possible that concurrent access to the same structures could + accidentally occur with unpredictable results. [RT #25181] + Improves OpenSSL error logging [RT #29932] + The configure script now supports and detects libxml2-2.8.x correctly + [RT #30440] + The host command should no longer assert on some architectures + and builds while handling the time values used with the -w (wait + forever) option. [RT #18723] + Invalid zero settings for max-retry-time, min-retry-time, + max-refresh-time, min-refresh-time will now be detected during parsing + of named.conf and an error emitted instead of triggering an assertion + failure on startup. [RT #27730] + Removes spurious newlines from log messages in zone.c [RT #30675] + When built with readline support (i.e. on a system with readline + installed) nsupdate no longer terminates unexpectedly in interactive + mode. [RT #29550] + All named tasks that perform task-exclusive operations now share the + same single task. Prior to this change, there was the possibility of + a race condition between rndc operations and other functions such as + re-sizing the adb hash table. If the race condition was encountered, + named would in most cases terminate unexpectedly with an assert. + [RT #29872] + Ensures that servers are expired from the ADB cache when the timeout + limit is reached so that their learned attributes can be refreshed. + Prior to this change, servers that were frequently queried might + never have their entries removed and reinitialized. This is of + particular importance to DNSSEC-validating recursive servers that + might erroneously set "no-edns" for an authoritative server following + a period of intermittent connectivity. [RT #29856] + Adds additional resilience to a previous security change (3218) by + preventing RRSIG data from being added to cache when a pseudo-record + matching the covering type and proving non-existence exists at a + higher trust level. The earlier change prevented this inconsistent + data from being retrieved from cache in response to client queries - + with this additional change, the RRSIG records are no longer inserted + into cache at all. [RT #26809] + dnssec-settime will now issue a warning when the writing of a new + private key file would cause a change in the permissions of the + existing file. [RT #27724] + Fixes the defect introduced by change #3314 that was causing failures + when saving stub zones to disk (resulting in excessive CPU usage in + some cases). [RT #29952] + Address race condition in units tests: asyncload_zone and + asyncload_zt. [RT #26100] + It is now possible to using multiple control keys again - this + functionality was inadvertently broken by change #3924 (RT #28265) + which addressed a memory leak. [RT #29694] + Named now holds a zone table reference while performing an + asynchronous load of a zone. This removes a race condition that + could cause named to crash when zones are added using rndc addzone + or by manually editing named's configuration file followed by rndc + reconfig/reload. [RT #28326] + Setting resolver-query-timeout too low could cause named problems + recovering after a loss of connectivity. [RT #29623] + Reduces the potential build-up of stale RRsets in cache on a busy + recursive nameserver by re-using cached DS and RRSIG rrsets when + possible [RT #29446] + Corrects a failure to authenticate non-existence of resource records + in some circumstances when RPZ has been configured. Also: + adds an optional "recursive-only yes|no" to the response-policy + statement + adds an optional "max-policy-ttl" to the response-policy statement + to limit the false data that "recursive-only no" can introduce + into resolvers' caches + introduces a predefined encoding of PASSTHRU policy by adding + "rpz-passthru" to be used as the target of CNAME policy records + (the old encoding is still accepted.) + adds a RPZ performance test to bin/tests/system/rpz when queryperf is available. [RT #26172] + Upper-case/lower-case handling of RRSIG signer-names is now handled + consistently: RRSIG records are generated with the signer-name in + lower case. They are accepted with any case, but if they fail to + validate, we try again in lower case. [RT #27451] + +------------------------------------------------------------------- +Thu Oct 11 15:23:51 UTC 2012 - [email protected] + +- Specially crafted DNS data can cause a lockup in named. + CVE-2012-5166, bnc#784602. +- 9.9.1-P4 + +------------------------------------------------------------------- +Sat Sep 15 16:20:32 UTC 2012 - [email protected] + +- Named could die on specially crafted record. + [RT #30416] (bnc#780157) CVE-2012-4244 +- 9.9.1-P3 +- updated dnszone-schema.txt from upstream. + +------------------------------------------------------------------- +Thu Jul 26 11:08:11 CEST 2012 - [email protected] + +- Prevents a named assert (crash) when validating caused by using + "Bad cache" data before it has been initialized. [RT #30025] + (bnc#772945) + +- ISC_QUEUE handling for recursive clients was updated to address a + race condition that could cause a memory leak. This rarely occurred + with UDP clients, but could be a significant problem for a server + handling a steady rate of TCP queries. [RT #29539 & #30233] + +- Under heavy incoming TCP query loads named could experience a + memory leak which could lead to significant reductions in query + response or cause the server to be terminated on systems with + "out of memory" killers. [RT #29539] + (bnc#772946) + +- A condition has been corrected where improper handling of zero-length + RDATA could cause undesirable behavior, including termination of + the named process. [RT #29644] +- 9.9.1-P2 + +------------------------------------------------------------------- +Thu Jul 12 07:34:11 UTC 2012 - [email protected] + ++++ 1411 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.bind.1167.new/bind.changes New: ---- Makefile.in.diff baselibs.conf bind-9.9.2-P1.tar.gz bind.changes bind.spec configure.in.diff configure.in.diff2 dlz-schema.txt dnszone-schema.txt named-bootconf.diff named.root perl-path.diff pid-path.diff pie_compile.diff vendor-files.tar.bz2 workaround-compile-problem.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ ++++ 702 lines (skipped) ++++++ Makefile.in.diff ++++++ Index: bind-9.8.1-P1/bin/named/Makefile.in =================================================================== --- bind-9.8.1-P1.orig/bin/named/Makefile.in +++ bind-9.8.1-P1/bin/named/Makefile.in @@ -162,8 +162,6 @@ installdirs: install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir} (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@) - ${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5 + for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man$${m##*.}; done @DLZ_DRIVER_RULES@ ++++++ baselibs.conf ++++++ bind-libs obsoletes "bind-utils-<targettype>" provides "bind-utils-<targettype>" arch ppc package bind-devel requires -bind-<targettype> requires "bind-libs-<targettype> = <version>" arch sparcv9 package bind-devel requires -bind-<targettype> requires "bind-libs-<targettype> = <version>" ++++++ configure.in.diff ++++++ Index: bind-9.8.1-P1/configure.in =================================================================== --- bind-9.8.1-P1.orig/configure.in +++ bind-9.8.1-P1/configure.in @@ -2907,7 +2907,7 @@ AC_SUBST(DOXYGEN) # empty). The variable VARIABLE will be substituted into output files. # -AC_DEFUN(NOM_PATH_FILE, [ +AC_DEFUN([NOM_PATH_FILE], [ $1="" AC_MSG_CHECKING(for $2) for d in $3 ++++++ configure.in.diff2 ++++++ --- a/configure.in +++ a/configure.in 2011/04/21 13:34:11 @@ -280,7 +280,7 @@ AC_C_INLINE AC_C_VOLATILE AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME)) -AC_C_FLEXIBLE_ARRAY_MEMBER +#AC_C_FLEXIBLE_ARRAY_MEMBER # # UnixWare 7.1.1 with the feature supplement to the UDK compiler ++++++ dlz-schema.txt ++++++ # # # 1.3.6.1.4.1.18420.1.1.X is reserved for attribute types declared by the DLZ project. # 1.3.6.1.4.1.18420.1.2.X is reserved for object classes declared by the DLZ project. # 1.3.6.1.4.1.18420.1.3.X is reserved for PRIVATE extensions to the DLZ attribute # types and object classes that may be needed by end users # to add security, etc. Attributes and object classes using # this OID MUST NOT be published outside of an organization # except to offer them for consideration to become part of the # standard attributes and object classes published by the DLZ project. attributetype ( 1.3.6.1.4.1.18420.1.1.10 NAME 'dlzZoneName' DESC 'DNS zone name - domain name not including host name' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.20 NAME 'dlzHostName' DESC 'Host portion of a domain name' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.30 NAME 'dlzData' DESC 'Data for the resource record' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.40 NAME 'dlzType' DESC 'DNS record type - A, SOA, NS, MX, etc...' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.50 NAME 'dlzSerial' DESC 'SOA record serial number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.60 NAME 'dlzRefresh' DESC 'SOA record refresh time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.70 NAME 'dlzRetry' DESC 'SOA retry time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.80 NAME 'dlzExpire' DESC 'SOA expire time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.90 NAME 'dlzMinimum' DESC 'SOA minimum time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.100 NAME 'dlzAdminEmail' DESC 'E-mail address of person responsible for this zone - @ should be replaced with . (period)' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.110 NAME 'dlzPrimaryNS' DESC 'Primary name server for this zone - should be host name not IP address' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.120 NAME 'dlzIPAddr' DESC 'IP address - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6 should be in colon notation xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{40} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.130 NAME 'dlzCName' DESC 'DNS cname' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.140 NAME 'dlzPreference' DESC 'DNS MX record preference. Lower numbers have higher preference' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.150 NAME 'dlzTTL' DESC 'DNS time to live - how long this record can be cached by caching DNS servers' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.160 NAME 'dlzRecordID' DESC 'Unique ID for each DLZ resource record' SUP name SINGLE-VALUE ) #------------------------------------------------------------------------------ # Object class definitions #------------------------------------------------------------------------------ objectclass ( 1.3.6.1.4.1.18420.1.2.10 NAME 'dlzZone' DESC 'Zone name portion of a domain name' SUP top STRUCTURAL MUST ( objectclass $ dlzZoneName ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.20 NAME 'dlzHost' DESC 'Host name portion of a domain name' SUP top STRUCTURAL MUST ( objectclass $ dlzHostName ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.30 NAME 'dlzAbstractRecord' DESC 'Data common to all DNS record types' SUP top ABSTRACT MUST ( objectclass $ dlzRecordID $ dlzHostName $ dlzType $ dlzTTL ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.40 NAME 'dlzGenericRecord' DESC 'Generic DNS record - useful when a specific object class has not been defined for a DNS record' SUP dlzAbstractRecord STRUCTURAL MUST ( dlzData ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.50 NAME 'dlzARecord' DESC 'DNS A record' SUP dlzAbstractrecord STRUCTURAL MUST ( dlzIPAddr ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.60 NAME 'dlzNSRecord' DESC 'DNS NS record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.70 NAME 'dlzMXRecord' DESC 'DNS MX record' SUP dlzGenericRecord STRUCTURAL MUST ( dlzPreference ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.80 NAME 'dlzSOARecord' DESC 'DNS SOA record' SUP dlzAbstractRecord STRUCTURAL MUST ( dlzSerial $ dlzRefresh $ dlzRetry $ dlzExpire $ dlzMinimum $ dlzAdminEmail $ dlzPrimaryNS ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.90 NAME 'dlzTextRecord' DESC 'Text data with spaces should be wrapped in double quotes' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.100 NAME 'dlzPTRRecord' DESC 'DNS PTR record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.110 NAME 'dlzCNameRecord' DESC 'DNS CName record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.120 NAME 'dlzXFR' DESC 'Host allowed to perform zone transfer' SUP top STRUCTURAL MUST ( objectclass $ dlzRecordID $ dlzIPAddr ) ) ++++++ dnszone-schema.txt ++++++ # A schema for storing DNS zones in LDAP # attributetype ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName' DESC 'The name of a zone, i.e. the name of the highest node in the zone' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName' DESC 'The starting labels of a domain name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain name pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text string, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 address, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-existant, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service location, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming Authority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchange Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certificate, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record Type, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' SUP top STRUCTURAL MUST ( zoneName $ relativeDomainName ) MAY ( DNSTTL $ DNSClass $ ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $ MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord ) ) ++++++ named-bootconf.diff ++++++ Index: contrib/named-bootconf/named-bootconf.sh =================================================================== --- contrib/named-bootconf/named-bootconf.sh.orig +++ contrib/named-bootconf/named-bootconf.sh @@ -54,7 +54,8 @@ # POSSIBILITY OF SUCH DAMAGE. if [ ${OPTIONFILE-X} = X ]; then - WORKDIR=/tmp/`date +%s`.$$ + TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1 + WORKDIR=$TMPDIR/`date +%s`.$$ ( umask 077 ; mkdir $WORKDIR ) || { echo "unable to create work directory '$WORKDIR'" >&2 exit 1 @@ -308,7 +309,7 @@ if [ $DUMP -eq 1 ]; then cat $ZONEFILE $COMMENTFILE rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE - rmdir $WORKDIR + rm -rf $TMPDIR fi exit 0 ++++++ named.root ++++++ ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: Jun 8, 2011 ; related version of root zone: 2011060800 ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D ; ; FORMERLY NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; FORMERLY NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F ; ; FORMERLY NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 ; ; OPERATED BY ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; ; OPERATED BY WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 ; End of File ++++++ perl-path.diff ++++++ Index: bin/tests/t_api.pl =================================================================== --- bin/tests/t_api.pl.orig +++ bin/tests/t_api.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl # # Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1999-2001 Internet Software Consortium. Index: contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl =================================================================== --- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl.orig +++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w # $Id: generate_nameprep_data.pl,v 1.1 2003/06/04 00:27:54 marka Exp $ # # Copyright (c) 2001 Japan Network Information Center. All rights reserved. Index: contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl =================================================================== --- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl.orig +++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w # $Id: generate_normalize_data.pl,v 1.1 2003/06/04 00:27:55 marka Exp $ # # Copyright (c) 2000,2001 Japan Network Information Center. ++++++ pid-path.diff ++++++ Index: bin/named/include/named/globals.h =================================================================== --- bin/named/include/named/globals.h.orig +++ bin/named/include/named/globals.h @@ -134,9 +134,9 @@ EXTERN const char * lwresd_g_defaultpid "lwresd.pid"); #else EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/named.pid"); + "/run/named/named.pid"); EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/lwresd.pid"); + "/run/named/lwresd.pid"); #endif EXTERN const char * ns_g_username INIT(NULL); Index: contrib/nanny/nanny.pl =================================================================== --- contrib/nanny/nanny.pl.orig +++ contrib/nanny/nanny.pl @@ -19,7 +19,7 @@ # A simple nanny to make sure named stays running. -$pid_file_location = '/var/run/named.pid'; +$pid_file_location = '/var/run/named/named.pid'; $nameserver_location = 'localhost'; $dig_program = 'dig'; $named_program = 'named'; ++++++ pie_compile.diff ++++++ Index: bin/Makefile.in =================================================================== --- bin/Makefile.in.orig +++ bin/Makefile.in @@ -23,4 +23,8 @@ SUBDIRS = named rndc dig dnssec tests to check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ TARGETS = +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ + +LDFLAGS += -pie Index: bin/dig/Makefile.in =================================================================== --- bin/dig/Makefile.in.orig +++ bin/dig/Makefile.in @@ -67,8 +67,12 @@ HTMLPAGES = dig.html host.html nslookup. MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS} export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \ ${FINALBUILDCMD} Index: bin/dnssec/Makefile.in =================================================================== --- bin/dnssec/Makefile.in.orig +++ bin/dnssec/Makefile.in @@ -64,8 +64,12 @@ HTMLPAGES = dnssec-dsfromkey.html dnssec MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS} export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \ ${FINALBUILDCMD} Index: bin/nsupdate/Makefile.in =================================================================== --- bin/nsupdate/Makefile.in.orig +++ bin/nsupdate/Makefile.in @@ -64,8 +64,12 @@ HTMLPAGES = nsupdate.html MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + nsupdate.@O@: nsupdate.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DSESSION_KEYFILE=\"${localstatedir}/run/named/session.key\" \ Index: bin/rndc/Makefile.in =================================================================== --- bin/rndc/Makefile.in.orig +++ bin/rndc/Makefile.in @@ -59,8 +59,12 @@ HTMLPAGES = rndc.html rndc.conf.html MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + rndc.@O@: rndc.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ Index: bin/check/Makefile.in =================================================================== --- bin/check/Makefile.in.orig +++ bin/check/Makefile.in @@ -57,8 +57,12 @@ HTMLPAGES = named-checkconf.html named-c MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + named-checkconf.@O@: named-checkconf.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ Index: bin/named/Makefile.in =================================================================== --- bin/named/Makefile.in.orig +++ bin/named/Makefile.in @@ -109,8 +109,12 @@ HTMLPAGES = named.html lwresd.html named MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + main.@O@: main.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ Index: bin/named/unix/Makefile.in =================================================================== --- bin/named/unix/Makefile.in.orig +++ bin/named/unix/Makefile.in @@ -34,4 +34,6 @@ SRCS = os.c dlz_dlopen_driver.c TARGETS = ${OBJS} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ Index: bin/confgen/Makefile.in =================================================================== --- bin/confgen/Makefile.in.orig +++ bin/confgen/Makefile.in @@ -64,8 +64,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} UOBJS = unix/os.@O@ +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + rndc-confgen.@O@: rndc-confgen.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \ ++++++ workaround-compile-problem.diff ++++++ --- bin/tests/system/Makefile.in +++ bin/tests/system/Makefile.in 2012/05/04 14:43:22 @@ -21,7 +21,7 @@ @BIND9_MAKE_INCLUDES@ -SUBDIRS = dlzexternal filter-aaaa lwresd rpz rsabigexponent tkey tsiggss +SUBDIRS = filter-aaaa lwresd rpz rsabigexponent tkey tsiggss TARGETS = @BIND9_MAKE_RULES@ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
