Hello community, here is the log from the commit of package nsd for openSUSE:Factory checked in at 2018-08-06 11:53:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nsd (Old) and /work/SRC/openSUSE:Factory/.nsd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nsd" Mon Aug 6 11:53:59 2018 rev:5 rq:627482 version:4.1.23 Changes: -------- --- /work/SRC/openSUSE:Factory/nsd/nsd.changes 2018-07-03 23:36:03.460262266 +0200 +++ /work/SRC/openSUSE:Factory/.nsd.new/nsd.changes 2018-08-06 11:54:01.341217755 +0200 @@ -1,0 +2,6 @@ +Mon Jul 30 18:47:44 UTC 2018 - [email protected] + +- Update to upstream release 4.1.23: + - Fix NSD time sensitive TSIG compare vulnerability. + +------------------------------------------------------------------- Old: ---- nsd-4.1.22.tar.gz nsd-4.1.22.tar.gz.asc New: ---- nsd-4.1.23.tar.gz nsd-4.1.23.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nsd.spec ++++++ --- /var/tmp/diff_new_pack.sxC5m3/_old 2018-08-06 11:54:01.829218602 +0200 +++ /var/tmp/diff_new_pack.sxC5m3/_new 2018-08-06 11:54:01.829218602 +0200 @@ -23,7 +23,7 @@ %define zonesdir %{configdir}/zones %define pidfile %{_rundir}/nsd/nsd.pid Name: nsd -Version: 4.1.22 +Version: 4.1.23 Release: 0 # Summary: An authoritative-only domain name server ++++++ nsd-4.1.22.tar.gz -> nsd-4.1.23.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nsd-4.1.22/configure new/nsd-4.1.23/configure --- old/nsd-4.1.22/configure 2018-06-11 10:27:20.000000000 +0200 +++ new/nsd-4.1.23/configure 2018-07-30 09:17:59.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for NSD 4.1.22. +# Generated by GNU Autoconf 2.69 for NSD 4.1.23. # # Report bugs to <[email protected]>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='NSD' PACKAGE_TARNAME='nsd' -PACKAGE_VERSION='4.1.22' -PACKAGE_STRING='NSD 4.1.22' +PACKAGE_VERSION='4.1.23' +PACKAGE_STRING='NSD 4.1.23' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1286,7 +1286,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures NSD 4.1.22 to adapt to many kinds of systems. +\`configure' configures NSD 4.1.23 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1347,7 +1347,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of NSD 4.1.22:";; + short | recursive ) echo "Configuration of NSD 4.1.23:";; esac cat <<\_ACEOF @@ -1496,7 +1496,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -NSD configure 4.1.22 +NSD configure 4.1.23 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2205,7 +2205,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by NSD $as_me 4.1.22, which was +It was created by NSD $as_me 4.1.23, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -9729,7 +9729,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by NSD $as_me 4.1.22, which was +This file was extended by NSD $as_me 4.1.23, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -9791,7 +9791,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -NSD config.status 4.1.22 +NSD config.status 4.1.23 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nsd-4.1.22/configure.ac new/nsd-4.1.23/configure.ac --- old/nsd-4.1.22/configure.ac 2018-05-23 16:04:01.000000000 +0200 +++ new/nsd-4.1.23/configure.ac 2018-07-30 09:17:47.000000000 +0200 @@ -4,7 +4,7 @@ sinclude(acx_nlnetlabs.m4) -AC_INIT(NSD,4.1.22,[email protected]) +AC_INIT(NSD,4.1.23,[email protected]) AC_CONFIG_HEADER([config.h]) CFLAGS="$CFLAGS" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nsd-4.1.22/doc/README new/nsd-4.1.23/doc/README --- old/nsd-4.1.22/doc/README 2018-06-11 10:27:21.000000000 +0200 +++ new/nsd-4.1.23/doc/README 2018-07-30 09:17:59.000000000 +0200 @@ -19,7 +19,7 @@ 1.0 Introduction -This is NSD Name Server Daemon (NSD) version 4.1.22. +This is NSD Name Server Daemon (NSD) version 4.1.23. The NLnet Labs Name Server Daemon (NSD) is an authoritative RFC compliant DNS nameserver. It was first conceived to allow for more genetic @@ -55,7 +55,7 @@ 1.2 Quick build and install -Step 1: Unpack the source with gtar -xzvf nsd-4.1.22.tar.gz +Step 1: Unpack the source with gtar -xzvf nsd-4.1.23.tar.gz Step 2: Create user nsd or any other unprivileged user of your choice. In case of later make sure to use @@ -109,9 +109,9 @@ Use your favorite combination of tar and gnu zip to unpack the source, for example -$ gtar -xzvf nsd-4.1.22.tar.gz +$ gtar -xzvf nsd-4.1.23.tar.gz -will unpack the source into the ./nsd-4.1.22 directory... +will unpack the source into the ./nsd-4.1.23 directory... 2.2 Configuring NSD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nsd-4.1.22/doc/RELNOTES new/nsd-4.1.23/doc/RELNOTES --- old/nsd-4.1.22/doc/RELNOTES 2018-06-11 10:26:11.000000000 +0200 +++ new/nsd-4.1.23/doc/RELNOTES 2018-07-30 09:14:53.000000000 +0200 @@ -1,5 +1,11 @@ NSD RELEASE NOTES +4.1.23 +================ +BUG FIXES: + - Fix NSD time sensitive TSIG compare vulnerability. + + 4.1.22 ================ FEATURES: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nsd-4.1.22/nsd-checkconf.8.in new/nsd-4.1.23/nsd-checkconf.8.in --- old/nsd-4.1.22/nsd-checkconf.8.in 2018-06-11 10:27:21.000000000 +0200 +++ new/nsd-4.1.23/nsd-checkconf.8.in 2018-07-30 09:17:59.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "nsd\-checkconf" "8" "Jun 11, 2018" "NLnet Labs" "nsd 4.1.22" +.TH "nsd\-checkconf" "8" "Jul 30, 2018" "NLnet Labs" "nsd 4.1.23" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nsd-4.1.22/nsd-checkzone.8.in new/nsd-4.1.23/nsd-checkzone.8.in --- old/nsd-4.1.22/nsd-checkzone.8.in 2018-06-11 10:27:21.000000000 +0200 +++ new/nsd-4.1.23/nsd-checkzone.8.in 2018-07-30 09:17:59.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "nsd\-checkzone" "8" "Jun 11, 2018" "NLnet Labs" "nsd 4.1.22" +.TH "nsd\-checkzone" "8" "Jul 30, 2018" "NLnet Labs" "nsd 4.1.23" .\" Copyright (c) 2014, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nsd-4.1.22/nsd-control.8.in new/nsd-4.1.23/nsd-control.8.in --- old/nsd-4.1.22/nsd-control.8.in 2018-06-11 10:27:21.000000000 +0200 +++ new/nsd-4.1.23/nsd-control.8.in 2018-07-30 09:17:59.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "nsd\-control" "8" "Jun 11, 2018" "NLnet Labs" "nsd 4.1.22" +.TH "nsd\-control" "8" "Jul 30, 2018" "NLnet Labs" "nsd 4.1.23" .\" Copyright (c) 2011, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nsd-4.1.22/nsd.8.in new/nsd-4.1.23/nsd.8.in --- old/nsd-4.1.22/nsd.8.in 2018-06-11 10:27:21.000000000 +0200 +++ new/nsd-4.1.23/nsd.8.in 2018-07-30 09:17:59.000000000 +0200 @@ -1,9 +1,9 @@ -.TH "NSD" "8" "Jun 11, 2018" "NLnet Labs" "NSD 4.1.22" +.TH "NSD" "8" "Jul 30, 2018" "NLnet Labs" "NSD 4.1.23" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" .B nsd -\- Name Server Daemon (NSD) version 4.1.22. +\- Name Server Daemon (NSD) version 4.1.23. .SH "SYNOPSIS" .B nsd .RB [ \-4 ] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nsd-4.1.22/nsd.conf.5.in new/nsd-4.1.23/nsd.conf.5.in --- old/nsd-4.1.22/nsd.conf.5.in 2018-06-11 10:27:21.000000000 +0200 +++ new/nsd-4.1.23/nsd.conf.5.in 2018-07-30 09:17:59.000000000 +0200 @@ -1,4 +1,4 @@ -.TH "nsd.conf" "5" "Jun 11, 2018" "NLnet Labs" "nsd 4.1.22" +.TH "nsd.conf" "5" "Jul 30, 2018" "NLnet Labs" "nsd 4.1.23" .\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved. .\" See LICENSE for the license. .SH "NAME" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/nsd-4.1.22/tsig.c new/nsd-4.1.23/tsig.c --- old/nsd-4.1.22/tsig.c 2017-01-19 16:32:27.000000000 +0100 +++ new/nsd-4.1.23/tsig.c 2018-07-30 09:14:53.000000000 +0200 @@ -475,7 +475,7 @@ &tsig->prior_mac_size); if (tsig->mac_size != tsig->prior_mac_size - || memcmp(tsig->mac_data, + || CRYPTO_memcmp(tsig->mac_data, tsig->prior_mac_data, tsig->mac_size) != 0) {
