Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2018-05-23 16:08:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Wed May 23 16:08:09 2018 rev:135 rq:611520 version:9.11.2 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2018-04-19 15:32:44.047056285 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new/bind.changes 2018-05-23 16:08:19.727680778 +0200 @@ -1,0 +2,21 @@ +Mon May 21 11:57:47 UTC 2018 - [email protected] + +- Add bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch + Fixes dynamic DNS updates against samba and Microsoft DNS servers + (bsc#1094236). + +------------------------------------------------------------------- +Thu May 17 14:28:29 UTC 2018 - [email protected] + +- Move chroot related files from bind to bind-chrootenv + (bsc#1093338) + +------------------------------------------------------------------- +Wed May 16 10:22:25 UTC 2018 - [email protected] + +- Remove rndc.key generation from bind.spec file because bind + should create it on first boot (bsc#1092283) +- Add misisng rndc.key check and generation code is lwresd.init + script + +------------------------------------------------------------------- New: ---- bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.7Ijr0l/_old 2018-05-23 16:08:20.599648842 +0200 +++ /var/tmp/diff_new_pack.7Ijr0l/_new 2018-05-23 16:08:20.603648696 +0200 @@ -78,6 +78,7 @@ Patch52: named-bootconf.diff Patch53: bind-sdb-ldap.patch Patch54: bind-CVE-2017-3145.patch +Patch55: bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch BuildRequires: libcap-devel BuildRequires: libmysqlclient-devel BuildRequires: libopenssl-devel @@ -308,6 +309,7 @@ %patch52 %patch53 %patch54 -p1 +%patch55 -p1 # use the year from source gzip header instead of current one to make reproducible rpms year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0}) @@ -394,7 +396,7 @@ mv vendor-files/config/named.conf %{buildroot}/%{_sysconfdir} mv vendor-files/config/bind.reg %{buildroot}/%{_sysconfdir}/slp.reg.d mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d -for file in lwresd.conf named.conf.include rndc.key; do +for file in lwresd.conf named.conf.include; do touch %{buildroot}/%{_sysconfdir}/${file} done @@ -486,11 +488,6 @@ %{fillup_and_insserv -nf named} %endif %{fillup_only -nsa named named} -if [ ! -f etc/rndc.key ]; then - usr/sbin/rndc-confgen -a -b 512 -r dev/urandom - chmod 0640 etc/rndc.key - chown root:named etc/rndc.key -fi TEMP_SYSCONFIG_FILE="var/adm/named-chroot" # Are we in update mode? if [ ${FIRST_ARG:-0} -gt 1 ]; then @@ -645,12 +642,6 @@ %endif %post lwresd -# Create a key if usr/sbin/rndc-confgen is installed. -if [ -x usr/sbin/rndc-confgen -a ! -f etc/rndc.key ]; then - usr/sbin/rndc-confgen -a -b 512 -r dev/urandom - chmod 0640 etc/rndc.key - chown root:named etc/rndc.key -fi # delete an emtpy lwresd.conf file if [ ! -s etc/lwresd.conf ]; then rm -f etc/lwresd.conf @@ -680,19 +671,12 @@ %endif %post utils -# Create a key if lwresd is installed. -if [ -x %{_sbindir}/lwresd -a ! -f %{_sysconfdir}/rndc.key ]; then - %{_sbindir}/rndc-confgen -a -b 512 -r dev/urandom - chmod 0640 %{_sysconfdir}/rndc.key - chown root:named %{_sysconfdir}/rndc.key -fi %files %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/named.conf %dir %{_sysconfdir}/slp.reg.d %attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/bind.reg %attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include -%attr(0640,root,named) %ghost %config(noreplace) /%{_sysconfdir}/rndc.key %if %{with_systemd} %config %{_unitdir}/named.service %{_sbindir}/named.init @@ -726,9 +710,6 @@ %config %{_var}/lib/named/127.0.0.zone %config %{_var}/lib/named/localhost.zone %config %{_var}/lib/named/named.root.key -%ghost %{_var}/lib/named%{_sysconfdir}/localtime -%attr(0644,root,named) %ghost %{_var}/lib/named%{_sysconfdir}/named.conf.include -%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/named %dir %{_libexecdir}/bind %files -n %{libbind9} @@ -773,6 +754,9 @@ %{_var}/lib/named%{_localstatedir}/log %{_fillupdir}/sysconfig.named-common %{_fillupdir}/sysconfig.syslog-named +%ghost %{_var}/lib/named%{_sysconfdir}/localtime +%attr(0644,root,named) %ghost %{_var}/lib/named%{_sysconfdir}/named.conf.include +%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/named %files devel %dir %{_includedir}/isc ++++++ bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch ++++++ >From 4985b5001d4f2f64bbee7e9d6ee32058caf67252 Mon Sep 17 00:00:00 2001 From: Mark Andrews <[email protected]> Date: Fri, 1 Sep 2017 11:17:59 +1000 Subject: [PATCH] 4697. [bug] Restore workaround for Microsoft Windows TSIG hash computation bug. [RT #45854] (cherry picked from commit a8a20462b516b0cc39e9b1fb1a8dd514eb1aed29) (cherry picked from commit b301c4293c082fcce4ec26218e6fad346976eb9e) --- CHANGES | 3 +++ lib/dns/rdataset.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/CHANGES b/CHANGES index 5aa505345c..13b60473b5 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4697. [bug] Restore workaround for Microsoft Windows TSIG hash + computation bug. [RT #45854] + --- 9.11.2-P1 released --- 4858. [security] Addresses could be referenced after being freed diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c index a8e75d6caf..7eb394c8c4 100644 --- a/lib/dns/rdataset.c +++ b/lib/dns/rdataset.c @@ -467,6 +467,9 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, dns_name_copy(owner_name, name, NULL); dns_rdataset_getownercase(rdataset, name); + if ((owner_name->attributes & DNS_NAMEATTR_NOCOMPRESS) != 0) + name->attributes |= DNS_NAMEATTR_NOCOMPRESS; + do { /* * Copy out the name, type, class, ttl. -- 2.16.3 ++++++ vendor-files.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/system/lwresd.init new/vendor-files/system/lwresd.init --- old/vendor-files/system/lwresd.init 2018-02-06 19:16:08.663800983 +0100 +++ new/vendor-files/system/lwresd.init 2018-05-16 12:21:47.306362749 +0200 @@ -52,6 +52,14 @@ function checkAndCopyConfigFiles { test "${checkAndCopyConfigFilesCalled}" = "yes" && return + # check for /etc/rndc.key + if [ ! -f /etc/rndc.key ]; then + warnMessage "File /etc/rndc.key not found. Creating it." + /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom + chmod 0640 /etc/rndc.key + chown root:named /etc/rndc.key + fi + # Handle known configuration files. if [ "${NAMED_RUN_CHROOTED}" = "yes" ]; then # Create link if needed, /var/run might be on tmpfs
