Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2015-12-23 09:56:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2015-10-22 12:56:28.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new/bind.changes 2015-12-23 09:57:03.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Dec 21 16:55:36 UTC 2015 - [email protected] + +- Update to version 9.10.3-P2 to fix a remote denial of service by + misparsing incoming responses (CVE-2015-8000, bsc#958861). + +------------------------------------------------------------------- Old: ---- bind-9.10.2-P4.tar.gz bind-9.10.2-P4.tar.gz.asc New: ---- bind-9.10.3-P2.tar.gz bind-9.10.3-P2.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.aom3lA/_old 2015-12-23 09:57:06.000000000 +0100 +++ /var/tmp/diff_new_pack.aom3lA/_new 2015-12-23 09:57:06.000000000 +0100 @@ -18,8 +18,8 @@ Name: bind %define pkg_name bind -%define pkg_vers 9.10.2-P4 -%define rpm_vers 9.10.2P4 +%define pkg_vers 9.10.3-P2 +%define rpm_vers 9.10.3P2 %define idn_vers 1.0 Summary: Domain Name System (DNS) Server (named) License: ISC @@ -141,13 +141,13 @@ This library contains a few utility functions used by the BIND server and utilities. -%package -n libdns161 +%package -n libdns162 Summary: DNS library used by BIND Group: System/Libraries Version: %rpm_vers Release: 0 -%description -n libdns161 +%description -n libdns162 This subpackage contains the "DNS client" module. This is a higher level API that provides an interface to name resolution, single DNS transaction with a particular server, and dynamic update. Regarding @@ -227,7 +227,7 @@ parameters that would be beyond the capability of the resolv.conf file. This subpackage contains the header files needed for building programs with it. -%package -n libisc148 +%package -n libisc160 Summary: ISC shared library used by BIND Group: System/Libraries Version: %rpm_vers @@ -238,7 +238,7 @@ Obsoletes: bind-libs = %version-%release Provides: bind-libs < %version-%release -%description -n libisc148 +%description -n libisc160 This library contains miscellaneous utility function used by the BIND server and utilities. It includes functions for assertion handling, balanced binary (AVL) trees, bit masks comparison, event based @@ -298,9 +298,9 @@ Version: %rpm_vers Release: 0 Requires: libbind9-140 = %version -Requires: libdns161 = %version +Requires: libdns162 = %version Requires: libirs141 = %version -Requires: libisc148 = %version +Requires: libisc160 = %version Requires: libisccc140 = %version Requires: libisccfg140 = %version Requires: liblwres141 = %version @@ -725,8 +725,8 @@ %post -n libbind9-140 -p /sbin/ldconfig %postun -n libbind9-140 -p /sbin/ldconfig -%post -n libdns161 -p /sbin/ldconfig -%postun -n libdns161 -p /sbin/ldconfig +%post -n libdns162 -p /sbin/ldconfig +%postun -n libdns162 -p /sbin/ldconfig %post -n libidnkit1 -p /sbin/ldconfig %postun -n libidnkit1 -p /sbin/ldconfig %post -n libidnkitlite1 -p /sbin/ldconfig @@ -735,8 +735,8 @@ %postun -n libidnkitres1 -p /sbin/ldconfig %post -n libirs141 -p /sbin/ldconfig %postun -n libirs141 -p /sbin/ldconfig -%post -n libisc148 -p /sbin/ldconfig -%postun -n libisc148 -p /sbin/ldconfig +%post -n libisc160 -p /sbin/ldconfig +%postun -n libisc160 -p /sbin/ldconfig %post -n libisccc140 -p /sbin/ldconfig %postun -n libisccc140 -p /sbin/ldconfig %post -n libisccfg140 -p /sbin/ldconfig @@ -864,9 +864,9 @@ %defattr(-,root,root) %_libdir/libbind9.so.140* -%files -n libdns161 +%files -n libdns162 %defattr(-,root,root) -%_libdir/libdns.so.161* +%_libdir/libdns.so.162* %files -n libidnkit1 %defattr(-,root,root) @@ -888,9 +888,9 @@ %defattr(-,root,root) %_libdir/libirs.so -%files -n libisc148 +%files -n libisc160 %defattr(-,root,root) -%_libdir/libisc.so.148* +%_libdir/libisc.so.160* %files -n libisccc140 %defattr(-,root,root) ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.aom3lA/_old 2015-12-23 09:57:06.000000000 +0100 +++ /var/tmp/diff_new_pack.aom3lA/_new 2015-12-23 09:57:06.000000000 +0100 @@ -1,10 +1,10 @@ libbind9-140 -libdns161 +libdns162 libidnkit1 libidnkitlite1 libidnkitres1 libirs141 -libisc148 +libisc160 obsoletes "bind-libs-<targettype> = <version>" provides "bind-libs-<targettype> = <version>" libisccc140 @@ -13,13 +13,13 @@ bind-devel requires -bind-<targettype> requires "libbind9-140-<targettype> = <version>" - requires "libdns161-<targettype> = <version>" + requires "libdns162-<targettype> = <version>" requires "libirs141-<targettype> = <version>" - requires "libisc148-<targettype> = <version>" + requires "libisc160-<targettype> = <version>" requires "libisccc140-<targettype> = <version>" requires "libisccfg140-<targettype> = <version>" requires "liblwres141-<targettype> = <version>" idnkit-devel - requires "libdns161-<targettype> = <version>" + requires "libdns162-<targettype> = <version>" requires "libidnkit1-<targettype> = <version>" requires "libidnkitlite1-<targettype> = <version>" ++++++ bind-9.10.2-P4.tar.gz -> bind-9.10.3-P2.tar.gz ++++++ /work/SRC/openSUSE:Factory/bind/bind-9.10.2-P4.tar.gz /work/SRC/openSUSE:Factory/.bind.new/bind-9.10.3-P2.tar.gz differ: char 5, line 1 ++++++ dns_dynamic_db.patch ++++++ --- /var/tmp/diff_new_pack.aom3lA/_old 2015-12-23 09:57:06.000000000 +0100 +++ /var/tmp/diff_new_pack.aom3lA/_new 2015-12-23 09:57:06.000000000 +0100 @@ -7,9 +7,10 @@ # # Based on the original patch, some minor adjustments to line numbers are made by Howard Guo <[email protected]>. -diff -rupN bind-9.10.1-P1-orig/bin/named/main.c bind-9.10.1-P1-patched/bin/named/main.c ---- bind-9.10.1-P1-orig/bin/named/main.c 2014-11-21 00:56:37.000000000 +0100 -+++ bind-9.10.1-P1-patched/bin/named/main.c 2015-04-27 11:33:20.619196452 +0200 +Index: bind-9.10.3-P2/bin/named/main.c +=================================================================== +--- bind-9.10.3-P2.orig/bin/named/main.c ++++ bind-9.10.3-P2/bin/named/main.c @@ -43,6 +43,7 @@ #include <isccc/result.h> @@ -18,9 +19,10 @@ #include <dns/name.h> #include <dns/result.h> #include <dns/view.h> -diff -rupN bind-9.10.1-P1-orig/bin/named/server.c bind-9.10.1-P1-patched/bin/named/server.c ---- bind-9.10.1-P1-orig/bin/named/server.c 2014-11-21 00:56:37.000000000 +0100 -+++ bind-9.10.1-P1-patched/bin/named/server.c 2015-04-27 11:33:20.620196464 +0200 +Index: bind-9.10.3-P2/bin/named/server.c +=================================================================== +--- bind-9.10.3-P2.orig/bin/named/server.c ++++ bind-9.10.3-P2/bin/named/server.c @@ -68,6 +68,7 @@ #include <dns/db.h> #include <dns/dispatch.h> @@ -29,7 +31,7 @@ #include <dns/dns64.h> #include <dns/forward.h> #include <dns/journal.h> -@@ -1304,6 +1305,72 @@ configure_peer(const cfg_obj_t *cpeer, i +@@ -1309,6 +1310,72 @@ } static isc_result_t @@ -102,15 +104,15 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) { isc_result_t result; const cfg_obj_t *algorithms; -@@ -2335,6 +2402,7 @@ configure_view(dns_view_t *view, dns_vie +@@ -2344,6 +2411,7 @@ const cfg_obj_t *dlz; unsigned int dlzargc; char **dlzargv; + const cfg_obj_t *dynamic_db_list; const cfg_obj_t *disabled; const cfg_obj_t *obj; - const cfg_listelt_t *element; -@@ -2611,6 +2679,8 @@ configure_view(dns_view_t *view, dns_vie + #ifdef ENABLE_FETCHLIMIT +@@ -2623,6 +2691,8 @@ } } @@ -119,7 +121,7 @@ /* * Obtain configuration parameters that affect the decision of whether * we can reuse/share an existing cache. -@@ -3613,6 +3683,37 @@ configure_view(dns_view_t *view, dns_vie +@@ -3698,6 +3768,37 @@ dns_view_setrootdelonly(view, ISC_FALSE); /* @@ -157,7 +159,7 @@ * Setup automatic empty zones. If recursion is off then * they are disabled by default. */ -@@ -5355,6 +5456,7 @@ load_configuration(const char *filename, +@@ -5443,6 +5544,7 @@ cfg_aclconfctx_detach(&ns_g_aclconfctx); CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx)); @@ -165,7 +167,7 @@ /* * Parse the global default pseudo-config file. */ -@@ -6562,6 +6664,8 @@ shutdown_server(isc_task_t *task, isc_ev +@@ -6671,6 +6773,8 @@ dns_view_detach(&view); } @@ -174,9 +176,10 @@ while ((nsc = ISC_LIST_HEAD(server->cachelist)) != NULL) { ISC_LIST_UNLINK(server->cachelist, nsc, link); dns_cache_detach(&nsc->cache); -diff -rupN bind-9.10.1-P1-orig/lib/dns/dynamic_db.c bind-9.10.1-P1-patched/lib/dns/dynamic_db.c ---- bind-9.10.1-P1-orig/lib/dns/dynamic_db.c 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.10.1-P1-patched/lib/dns/dynamic_db.c 2015-04-27 11:33:20.620196464 +0200 +Index: bind-9.10.3-P2/lib/dns/dynamic_db.c +=================================================================== +--- /dev/null ++++ bind-9.10.3-P2/lib/dns/dynamic_db.c @@ -0,0 +1,366 @@ +/* + * Copyright (C) 2008-2011 Red Hat, Inc. @@ -544,9 +547,10 @@ + + return args->timermgr; +} -diff -rupN bind-9.10.1-P1-orig/lib/dns/include/dns/dynamic_db.h bind-9.10.1-P1-patched/lib/dns/include/dns/dynamic_db.h ---- bind-9.10.1-P1-orig/lib/dns/include/dns/dynamic_db.h 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.10.1-P1-patched/lib/dns/include/dns/dynamic_db.h 2015-04-27 11:33:20.620196464 +0200 +Index: bind-9.10.3-P2/lib/dns/include/dns/dynamic_db.h +=================================================================== +--- /dev/null ++++ bind-9.10.3-P2/lib/dns/include/dns/dynamic_db.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2008-2011 Red Hat, Inc. @@ -598,10 +602,11 @@ +isc_timermgr_t *dns_dyndb_get_timermgr(dns_dyndb_arguments_t *args); + +#endif -diff -rupN bind-9.10.1-P1-orig/lib/dns/include/dns/log.h bind-9.10.1-P1-patched/lib/dns/include/dns/log.h ---- bind-9.10.1-P1-orig/lib/dns/include/dns/log.h 2014-11-21 00:56:37.000000000 +0100 -+++ bind-9.10.1-P1-patched/lib/dns/include/dns/log.h 2015-04-27 11:33:20.621196475 +0200 -@@ -79,6 +79,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodul +Index: bind-9.10.3-P2/lib/dns/include/dns/log.h +=================================================================== +--- bind-9.10.3-P2.orig/lib/dns/include/dns/log.h ++++ bind-9.10.3-P2/lib/dns/include/dns/log.h +@@ -78,6 +78,7 @@ #define DNS_LOGMODULE_DNSSEC (&dns_modules[27]) #define DNS_LOGMODULE_CRYPTO (&dns_modules[28]) #define DNS_LOGMODULE_PACKETS (&dns_modules[29]) @@ -609,10 +614,11 @@ ISC_LANG_BEGINDECLS -diff -rupN bind-9.10.1-P1-orig/lib/dns/include/dns/Makefile.in bind-9.10.1-P1-patched/lib/dns/include/dns/Makefile.in ---- bind-9.10.1-P1-orig/lib/dns/include/dns/Makefile.in 2014-11-21 00:56:37.000000000 +0100 -+++ bind-9.10.1-P1-patched/lib/dns/include/dns/Makefile.in 2015-04-27 11:33:20.621196475 +0200 -@@ -23,7 +23,7 @@ top_srcdir = @top_srcdir@ +Index: bind-9.10.3-P2/lib/dns/include/dns/Makefile.in +=================================================================== +--- bind-9.10.3-P2.orig/lib/dns/include/dns/Makefile.in ++++ bind-9.10.3-P2/lib/dns/include/dns/Makefile.in +@@ -23,7 +23,7 @@ HEADERS = acache.h acl.h adb.h bit.h byaddr.h cache.h callbacks.h cert.h \ client.h clientinfo.h compress.h \ @@ -621,10 +627,11 @@ dlz.h dlz_dlopen.h dns64.h dnssec.h ds.h dsdigest.h \ ecdb.h events.h fixedname.h forward.h geoip.h iptable.h \ journal.h keydata.h keyflags.h keytable.h keyvalues.h \ -diff -rupN bind-9.10.1-P1-orig/lib/dns/include/dns/types.h bind-9.10.1-P1-patched/lib/dns/include/dns/types.h ---- bind-9.10.1-P1-orig/lib/dns/include/dns/types.h 2014-11-21 00:56:37.000000000 +0100 -+++ bind-9.10.1-P1-patched/lib/dns/include/dns/types.h 2015-04-27 11:33:20.621196475 +0200 -@@ -139,6 +139,7 @@ typedef struct dns_zone dns_zone_t; +Index: bind-9.10.3-P2/lib/dns/include/dns/types.h +=================================================================== +--- bind-9.10.3-P2.orig/lib/dns/include/dns/types.h ++++ bind-9.10.3-P2/lib/dns/include/dns/types.h +@@ -140,6 +140,7 @@ typedef ISC_LIST(dns_zone_t) dns_zonelist_t; typedef struct dns_zonemgr dns_zonemgr_t; typedef struct dns_zt dns_zt_t; @@ -632,10 +639,11 @@ /* * If we are not using GSSAPI, define the types we use as opaque types here. -diff -rupN bind-9.10.1-P1-orig/lib/dns/log.c bind-9.10.1-P1-patched/lib/dns/log.c ---- bind-9.10.1-P1-orig/lib/dns/log.c 2014-11-21 00:56:37.000000000 +0100 -+++ bind-9.10.1-P1-patched/lib/dns/log.c 2015-04-27 11:33:20.621196475 +0200 -@@ -85,6 +85,7 @@ LIBDNS_EXTERNAL_DATA isc_logmodule_t dns +Index: bind-9.10.3-P2/lib/dns/log.c +=================================================================== +--- bind-9.10.3-P2.orig/lib/dns/log.c ++++ bind-9.10.3-P2/lib/dns/log.c +@@ -84,6 +84,7 @@ { "dns/dnssec", 0 }, { "dns/crypto", 0 }, { "dns/packets", 0 }, @@ -643,10 +651,11 @@ { NULL, 0 } }; -diff -rupN bind-9.10.1-P1-orig/lib/dns/Makefile.in bind-9.10.1-P1-patched/lib/dns/Makefile.in ---- bind-9.10.1-P1-orig/lib/dns/Makefile.in 2014-11-21 00:56:37.000000000 +0100 -+++ bind-9.10.1-P1-patched/lib/dns/Makefile.in 2015-04-27 11:36:30.228342475 +0200 -@@ -65,7 +65,7 @@ GEOIPLINKOBJS = geoip.@O@ +Index: bind-9.10.3-P2/lib/dns/Makefile.in +=================================================================== +--- bind-9.10.3-P2.orig/lib/dns/Makefile.in ++++ bind-9.10.3-P2/lib/dns/Makefile.in +@@ -65,7 +65,7 @@ DNSOBJS = acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \ cache.@O@ callbacks.@O@ clientinfo.@O@ compress.@O@ \ db.@O@ dbiterator.@O@ dbtable.@O@ diff.@O@ dispatch.@O@ \ @@ -655,7 +664,7 @@ iptable.@O@ journal.@O@ keydata.@O@ keytable.@O@ \ lib.@O@ log.@O@ lookup.@O@ \ master.@O@ masterdump.@O@ message.@O@ \ -@@ -103,7 +103,7 @@ GEOIOLINKSRCS = geoip.c +@@ -103,7 +103,7 @@ DNSSRCS = acache.c acl.c adb.c byaddr.c \ cache.c callbacks.c clientinfo.c compress.c \ db.c dbiterator.c dbtable.c diff.c dispatch.c \ @@ -664,7 +673,7 @@ iptable.c journal.c keydata.c keytable.c lib.c log.c \ lookup.c master.c masterdump.c message.c \ name.c ncache.c nsec.c nsec3.c order.c peer.c portlist.c \ -@@ -138,6 +138,11 @@ version.@O@: version.c +@@ -138,6 +138,11 @@ -DLIBAGE=${LIBAGE} \ -c ${srcdir}/version.c @@ -676,10 +685,11 @@ libdns.@SA@: ${OBJS} ${AR} ${ARFLAGS} $@ ${OBJS} ${RANLIB} $@ -diff -rupN bind-9.10.1-P1-orig/lib/isccfg/namedconf.c bind-9.10.1-P1-patched/lib/isccfg/namedconf.c ---- bind-9.10.1-P1-orig/lib/isccfg/namedconf.c 2014-11-21 00:56:37.000000000 +0100 -+++ bind-9.10.1-P1-patched/lib/isccfg/namedconf.c 2015-04-27 11:33:20.621196475 +0200 -@@ -660,6 +660,40 @@ static cfg_type_t cfg_type_transferforma +Index: bind-9.10.3-P2/lib/isccfg/namedconf.c +=================================================================== +--- bind-9.10.3-P2.orig/lib/isccfg/namedconf.c ++++ bind-9.10.3-P2/lib/isccfg/namedconf.c +@@ -661,6 +661,40 @@ &transferformat_enums }; @@ -720,7 +730,7 @@ /*% * The special keyword "none", as used in the pid-file option. */ -@@ -906,6 +940,7 @@ namedconf_or_view_clauses[] = { +@@ -962,6 +996,7 @@ { "key", &cfg_type_key, CFG_CLAUSEFLAG_MULTI }, { "zone", &cfg_type_zone, CFG_CLAUSEFLAG_MULTI }, { "dlz", &cfg_type_dlz, CFG_CLAUSEFLAG_MULTI }, @@ -728,7 +738,7 @@ { "server", &cfg_type_server, CFG_CLAUSEFLAG_MULTI }, { "trusted-keys", &cfg_type_dnsseckeys, CFG_CLAUSEFLAG_MULTI }, { "managed-keys", &cfg_type_managedkeys, CFG_CLAUSEFLAG_MULTI }, -@@ -2131,6 +2166,7 @@ static cfg_type_t cfg_type_dialuptype = +@@ -2188,6 +2223,7 @@ &cfg_rep_string, dialup_enums }; @@ -736,7 +746,7 @@ static const char *notify_enums[] = { "explicit", "master-only", NULL }; static isc_result_t parse_notify_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { -@@ -3199,3 +3235,4 @@ static cfg_type_t cfg_type_maxttl = { +@@ -3256,3 +3292,4 @@ "maxttl_no_default", parse_maxttl, cfg_print_ustring, cfg_doc_terminal, &cfg_rep_string, maxttl_enums };
