Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2015-07-21 13:26:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2015-07-05 17:58:16.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new/bind.changes 2015-07-21 13:26:39.000000000 +0200 @@ -1,0 +2,32 @@ +Fri Jul 10 18:02:41 UTC 2015 - [email protected] + +- Update to version 9.10.2-P2 + - An uninitialized value in validator.c could result in an assertion failure. + (CVE-2015-4620) [RT #39795] +- Update to version 9.10.2-P1 + - Include client-ip rules when logging the number of RPZ rules of each type. + [RT #39670] + - Addressed further problems with reloading RPZ zones. [RT #39649] + - Addressed a regression introduced in change #4121. [RT #39611] + - The server could match a shorter prefix than what was available in + CLIENT-IP policy triggers, and so, an unexpected action could be taken. + This has been corrected. [RT #39481] + - On servers with one or more policy zones configured as slaves, if a policy + zone updated during regular operation (rather than at startup) using a full + zone reload, such as via AXFR, a bug could allow the RPZ summary data to + fall out of sync, potentially leading to an assertion failure in rpz.c when + further incremental updates were made to the zone, such as via IXFR. + [RT #39567] + - A bug in RPZ could cause the server to crash if policy zones were updated + while recursion was pending for RPZ processing of an active query. + [RT #39415] + - Fix a bug in RPZ that could cause some policy zones that did not + specifically require recursion to be treated as if they did; consequently, + setting qname-wait-recurse no; was sometimes ineffective. [RT #39229] + - Asynchronous zone loads were not handled correctly when the zone load was + already in progress; this could trigger a crash in zt.c. [RT #37573] + - Fix an out-of-bounds read in RPZ code. If the read succeeded, it doesn't + result in a bug during operation. If the read failed, named could segfault. + [RT #38559] + +------------------------------------------------------------------- Old: ---- bind-9.10.2.tar.gz bind-9.10.2.tar.gz.asc New: ---- bind-9.10.2-P2.tar.gz bind-9.10.2-P2.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.VqcL0d/_old 2015-07-21 13:26:41.000000000 +0200 +++ /var/tmp/diff_new_pack.VqcL0d/_new 2015-07-21 13:26:41.000000000 +0200 @@ -18,8 +18,8 @@ Name: bind %define pkg_name bind -%define pkg_vers 9.10.2 -%define rpm_vers 9.10.2 +%define pkg_vers 9.10.2-P2 +%define rpm_vers 9.10.2P2 %define idn_vers 1.0 Summary: Domain Name System (DNS) Server (named) License: ISC @@ -140,13 +140,13 @@ This library contains a few utility functions used by the BIND server and utilities. -%package -n libdns160 +%package -n libdns161 Summary: DNS library used by BIND Group: System/Libraries Version: %rpm_vers Release: 0 -%description -n libdns160 +%description -n libdns161 This subpackage contains the "DNS client" module. This is a higher level API that provides an interface to name resolution, single DNS transaction with a particular server, and dynamic update. Regarding @@ -297,7 +297,7 @@ Version: %rpm_vers Release: 0 Requires: libbind9-140 = %version -Requires: libdns160 = %version +Requires: libdns161 = %version Requires: libirs141 = %version Requires: libisc148 = %version Requires: libisccc140 = %version @@ -726,8 +726,8 @@ %post -n libbind9-140 -p /sbin/ldconfig %postun -n libbind9-140 -p /sbin/ldconfig -%post -n libdns160 -p /sbin/ldconfig -%postun -n libdns160 -p /sbin/ldconfig +%post -n libdns161 -p /sbin/ldconfig +%postun -n libdns161 -p /sbin/ldconfig %post -n libidnkit1 -p /sbin/ldconfig %postun -n libidnkit1 -p /sbin/ldconfig %post -n libidnkitlite1 -p /sbin/ldconfig @@ -865,9 +865,9 @@ %defattr(-,root,root) %_libdir/libbind9.so.140* -%files -n libdns160 +%files -n libdns161 %defattr(-,root,root) -%_libdir/libdns.so.160* +%_libdir/libdns.so.161* %files -n libidnkit1 %defattr(-,root,root) ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.VqcL0d/_old 2015-07-21 13:26:41.000000000 +0200 +++ /var/tmp/diff_new_pack.VqcL0d/_new 2015-07-21 13:26:41.000000000 +0200 @@ -1,5 +1,5 @@ libbind9-140 -libdns160 +libdns161 libidnkit1 libidnkitlite1 libidnkitres1 @@ -13,13 +13,13 @@ bind-devel requires -bind-<targettype> requires "libbind9-140-<targettype> = <version>" - requires "libdns160-<targettype> = <version>" + requires "libdns161-<targettype> = <version>" requires "libirs141-<targettype> = <version>" requires "libisc148-<targettype> = <version>" requires "libisccc140-<targettype> = <version>" requires "libisccfg140-<targettype> = <version>" requires "liblwres141-<targettype> = <version>" idnkit-devel - requires "libdns160-<targettype> = <version>" + requires "libdns161-<targettype> = <version>" requires "libidnkit1-<targettype> = <version>" requires "libidnkitlite1-<targettype> = <version>" ++++++ bind-sdb-ldap.patch ++++++ --- /var/tmp/diff_new_pack.VqcL0d/_old 2015-07-21 13:26:41.000000000 +0200 +++ /var/tmp/diff_new_pack.VqcL0d/_new 2015-07-21 13:26:41.000000000 +0200 @@ -19,7 +19,7 @@ =================================================================== --- bin/named/main.c.orig 2013-12-20 01:28:28.000000000 +0100 +++ bin/named/main.c 2014-01-23 18:45:19.059680008 +0100 -@@ -85,6 +85,7 @@ +@@ -91,6 +91,7 @@ * Include header files for database drivers here. */ /* #include "xxdb.h" */ @@ -27,7 +27,7 @@ #ifdef CONTRIB_DLZ /* -@@ -1016,6 +1017,7 @@ +@@ -1064,6 +1065,7 @@ * Add calls to register sdb drivers here. */ /* xxdb_init(); */ @@ -35,7 +35,7 @@ #ifdef ISC_DLZ_DLOPEN /* -@@ -1056,6 +1058,7 @@ +@@ -1104,6 +1106,7 @@ * Add calls to unregister sdb drivers here. */ /* xxdb_clear(); */ ++++++ dns_dynamic_db.patch ++++++ --- /var/tmp/diff_new_pack.VqcL0d/_old 2015-07-21 13:26:41.000000000 +0200 +++ /var/tmp/diff_new_pack.VqcL0d/_new 2015-07-21 13:26:41.000000000 +0200 @@ -102,7 +102,7 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) { isc_result_t result; const cfg_obj_t *algorithms; -@@ -2329,6 +2396,7 @@ configure_view(dns_view_t *view, dns_vie +@@ -2335,6 +2402,7 @@ configure_view(dns_view_t *view, dns_vie const cfg_obj_t *dlz; unsigned int dlzargc; char **dlzargv; @@ -110,7 +110,7 @@ const cfg_obj_t *disabled; const cfg_obj_t *obj; const cfg_listelt_t *element; -@@ -2605,6 +2673,8 @@ configure_view(dns_view_t *view, dns_vie +@@ -2611,6 +2679,8 @@ configure_view(dns_view_t *view, dns_vie } } @@ -119,7 +119,7 @@ /* * Obtain configuration parameters that affect the decision of whether * we can reuse/share an existing cache. -@@ -3607,6 +3677,37 @@ configure_view(dns_view_t *view, dns_vie +@@ -3613,6 +3683,37 @@ configure_view(dns_view_t *view, dns_vie dns_view_setrootdelonly(view, ISC_FALSE); /* @@ -157,7 +157,7 @@ * Setup automatic empty zones. If recursion is off then * they are disabled by default. */ -@@ -5349,6 +5450,7 @@ load_configuration(const char *filename, +@@ -5355,6 +5456,7 @@ load_configuration(const char *filename, cfg_aclconfctx_detach(&ns_g_aclconfctx); CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx)); @@ -165,7 +165,7 @@ /* * Parse the global default pseudo-config file. */ -@@ -6556,6 +6658,8 @@ shutdown_server(isc_task_t *task, isc_ev +@@ -6562,6 +6664,8 @@ shutdown_server(isc_task_t *task, isc_ev dns_view_detach(&view); }
