Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2019-11-25 11:23:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new.26869 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Mon Nov 25 11:23:22 2019 rev:143 rq:750233 version:9.14.8 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2019-07-29 17:23:08.126374527 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new.26869/bind.changes 2019-11-25 11:23:26.806114932 +0100 @@ -1,0 +2,27 @@ +Tue Nov 19 10:09:35 UTC 2019 - Josef Möllers <[email protected]> + +- Upgrade to version 9.14.8: + * Set a limit on the number of concurrently served pipelined TCP + queries. + * Some other bug fixing, see CHANGES file. + [CVE-2019-6477, bsc#1157051] + +------------------------------------------------------------------- +Fri Nov 8 12:50:00 UTC 2019 - Josef Möllers <[email protected]> + +- Upgrade to version 9.14.7 + * removed dnsperf, idn, nslint, perftcpdns, query-loc-0.4.0, + queryperf, sdb, zkt from contrib as they are not supported + any more + * Added support for the GeoIP2 API from MaxMind + * See CHANGES file in the source RPM. + [bsc#1111722, bsc#1156205, CVE-2019-6476, CVE-2019-6475, + CVE-2019-6471, CVE-2018-5743, CVE-2019-6467, CVE-2019-6465, + CVE-2018-5745, CVE-2018-5744, CVE-2018-5740, CVE-2018-5738, + CVE-2018-5737, CVE-2018-5736, CVE-2017-3145, + configure.in.diff, bind-99-libidn.patch, perl-path.diff, + bind-sdb-ldap.patch, bind-CVE-2017-3145.patch, + bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch, + bind-fix-fips.patch] + +------------------------------------------------------------------- Old: ---- bind-9.11.2.tar.gz bind-9.11.2.tar.gz.asc bind-99-libidn.patch bind-CVE-2017-3145.patch bind-fix-fips.patch bind-sdb-ldap.patch bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch configure.in.diff perl-path.diff New: ---- bind-9.14.8.tar.gz bind-9.14.8.tar.gz.sha512.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.0xl5O7/_old 2019-11-25 11:23:27.694114773 +0100 +++ /var/tmp/diff_new_pack.0xl5O7/_new 2019-11-25 11:23:27.698114772 +0100 @@ -12,25 +12,26 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # Don't forget to update the package names also in baselibs.conf -%define bind9_sonum 160 +# Note that the sonums are LIBINTERFACE - LIBAGE +%define bind9_sonum 1302 %define libbind9 libbind9-%{bind9_sonum} -%define dns_sonum 169 +%define dns_sonum 1311 %define libdns libdns%{dns_sonum} -%define irs_sonum 160 +%define irs_sonum 1301 %define libirs libirs%{irs_sonum} -%define isc_sonum 166 +%define isc_sonum 1310 %define libisc libisc%{isc_sonum} -%define isccc_sonum 160 +%define isccc_sonum 1302 %define libisccc libisccc%{isccc_sonum} -%define isccfg_sonum 160 +%define isccfg_sonum 1302 %define libisccfg libisccfg%{isccfg_sonum} -%define lwres_sonum 160 -%define liblwres liblwres%{lwres_sonum} +%define libns_sonum 1307 + %define VENDOR SUSE # Defines for user and group add %define NAMED_UID 44 @@ -45,8 +46,10 @@ %define USERMOD_NAMED getent passwd %{NAMED_UID_NAME} >/dev/null || %{_sbindir}/usermod -s %{NAMED_SHELL} -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME} %if 0%{?suse_version} >= 1500 %define with_systemd 1 +%define with_geoip 0 %else %define with_systemd 0 +%define with_geoip 1 %endif %if 0%{?suse_version} < 1315 %define with_sfw2 1 @@ -59,7 +62,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.11.2 +Version: 9.14.8 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 @@ -68,27 +71,19 @@ Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz Source1: vendor-files.tar.bz2 Source2: baselibs.conf -Source3: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz.asc +Source3: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz.sha512.asc # from http://www.isc.org/about/openpgp/ ... changes yearly apparently. Source4: %{name}.keyring Source9: ftp://ftp.internic.net/domain/named.root -# url http://www.venaas.no/ldap/bind-sdb/dnszone-schema.txt no longer exists... Source40: dnszone-schema.txt Source60: dlz-schema.txt # configuation files for systemd-tmpfiles Source70: bind.conf Source71: bind-chrootenv.conf -Patch0: configure.in.diff Patch1: Makefile.in.diff -Patch2: bind-99-libidn.patch -Patch4: perl-path.diff Patch51: pie_compile.diff Patch52: named-bootconf.diff -Patch53: bind-sdb-ldap.patch -Patch54: bind-CVE-2017-3145.patch -Patch55: bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch Patch56: bind-ldapdump-use-valid-host.patch -Patch57: bind-fix-fips.patch BuildRequires: libcap-devel BuildRequires: libmysqlclient-devel BuildRequires: libopenssl-devel @@ -99,10 +94,14 @@ BuildRequires: python3 BuildRequires: python3-ply BuildRequires: update-desktop-files -BuildRequires: pkgconfig(geoip) BuildRequires: pkgconfig(json) BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(libidn) +%if %{with_geoip} +BuildRequires: pkgconfig(geoip) +%else +BuildRequires: pkgconfig(libmaxminddb) +%endif BuildRequires: pkgconfig(libxml-2.0) Requires: %{name}-chrootenv Requires: %{name}-utils @@ -110,8 +109,8 @@ Requires(post): bind-utils Requires(post): coreutils Requires(pre): shadow -Provides: bind8 -Provides: bind9 +Provides: bind8 = %{version} +Provides: bind9 = %{version} Provides: dns_daemon Obsoletes: bind8 < %{version} Obsoletes: bind9 < %{version} @@ -156,7 +155,7 @@ allows a user-written driver to supply zone data either from alternate data sources (for instance, a relational database) or using specialized algorithms (for instance, for load-balancing). -[Book links for SDB: "Pro DNS and BIND 10", R. Aitchison, Apress] +[Book links for SDB: "Pro DNS and BIND 10", R. Aitchison, Apress] %package -n %{libirs} Summary: The BIND Information Retrieval System library @@ -208,28 +207,14 @@ %description -n %{libisccfg} This BIND library contains the configuration file parser. -%package -n %{liblwres} -Summary: Lightweight Resolver API library -Group: System/Libraries - -%description -n %{liblwres} -The BIND 9 lightweight resolver library is a name service independent -stub resolver library. It provides hostname-to-address and -address-to-hostname lookup services to applications by transmitting -lookup requests to a resolver daemon, lwresd, running on the local -host. The resover daemon performs the lookup using the DNS or -possibly other name service protocols, and returns the results to the -application through the library. The library and resolver daemon -communicate using a UDP-based protocol. - %package chrootenv -Summary: Chroot environment for BIND named and lwresd +Summary: Chroot environment for BIND named Group: Productivity/Networking/DNS/Servers Requires(pre): shadow %description chrootenv This package contains all directories and files which are common to the -chroot environment of BIND named and lwresd. Most is part of the +chroot environment of BIND named. Most is part of the structure below %{_localstatedir}/lib/named. %package devel @@ -241,7 +226,6 @@ Requires: %{libisccc} = %{version} Requires: %{libisccfg} = %{version} Requires: %{libisc} = %{version} -Requires: %{liblwres} = %{version} Provides: bind8-devel Provides: bind9-devel Obsoletes: bind8-devel < %{version} @@ -263,26 +247,6 @@ System implementation of the Domain Name System (DNS) protocols. This includes also the BIND Administrator Reference Manual (ARM). -%package lwresd -Summary: Lightweight Resolver Daemon -Group: Productivity/Networking/DNS/Utilities -Requires: %{name}-chrootenv -Requires(pre): shadow -Requires(pre): sysvinit(network) -Requires(pre): sysvinit(syslog) -Provides: dns_daemon -%if !%{with_systemd} -Requires(post): %insserv_prereq -%endif - -%description lwresd -Bind-lwresd provides resolution services to local clients using a -combination of the lightweight resolver library liblwres and the -resolver daemon process lwresd running on the local host. These -communicate using a simple UDP-based protocol, the "lightweight -resolver protocol" that is distinct from and simpler than the full DNS -protocol. - %package utils Summary: Utilities to query and test DNS # Needed for dnssec parts @@ -311,17 +275,10 @@ %prep %setup -q -a1 -%patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch4 -%patch51 -%patch52 -%patch53 -%patch54 -p1 -%patch55 -p1 +%patch51 -p1 +%patch52 -p1 %patch56 -p1 -%patch57 -p1 # use the year from source gzip header instead of current one to make reproducible rpms year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0}) @@ -338,16 +295,14 @@ -i "${file}" } pushd vendor-files -for file in docu/README tools/createNamedConfInclude config/{README,named.conf} init/{named,lwresd} system/{named.init,lwresd.init} sysconfig/{named-common,named-named,syslog-named}; do +for file in docu/README tools/createNamedConfInclude config/{README,named.conf} init/named system/named.init sysconfig/{named-common,named-named,syslog-named}; do replaceStrings ${file} done popd -cp contrib/sdb/ldap/ldapdb.c bin/named/ -cp contrib/sdb/ldap/ldapdb.h bin/named/include/ %build autoreconf -fvi -export CFLAGS="%{optflags}" +export CFLAGS="%{optflags} -DNO_VERSION_DATE" %configure \ --with-python=%{_bindir}/python3 \ --includedir=%{_includedir}/bind \ @@ -364,7 +319,12 @@ --with-pic \ --disable-openssl-version-check \ --with-tuning=large \ +%if %{with_geoip} --with-geoip \ +%else + --without-geoip \ + --with-geoip2 \ +%endif --with-dlopen \ --with-gssapi=yes \ --disable-isc-spnego \ @@ -391,7 +351,7 @@ %{buildroot}/%{_datadir}/bind \ %{buildroot}/%{_datadir}/susehelp/meta/Administration/System \ %{buildroot}/%{_defaultdocdir}/bind \ - %{buildroot}%{_localstatedir}/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/{lwresd,named}}} \ + %{buildroot}%{_localstatedir}/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/named}} \ %{buildroot}%{_mandir}/{man1,man3,man5,man8} \ %{buildroot}%{_fillupdir} \ %{buildroot}/%{_rundir} \ @@ -410,12 +370,12 @@ mv vendor-files/config/named.conf %{buildroot}/%{_sysconfdir} mv vendor-files/config/bind.reg %{buildroot}/%{_sysconfdir}/slp.reg.d mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d -for file in lwresd.conf named.conf.include; do +for file in named.conf.include; do touch %{buildroot}/%{_sysconfdir}/${file} done %if %{with_systemd} - for file in lwresd named; do + for file in named; do install -D -m 0644 vendor-files/system/${file}.service %{buildroot}%{_unitdir}/${file}.service install -m 0755 vendor-files/system/${file}.init %{buildroot}/usr/sbin/${file}.init ln -s /sbin/service %{buildroot}%{_sbindir}/rc${file} @@ -426,7 +386,7 @@ install -m 0644 vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named install -m 0644 bind.keys %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/named.root.key %else - for file in lwresd named; do + for file in named; do install -m 0754 vendor-files/init/${file} %{buildroot}%{_initddir}/${file} ln -sf %{_initddir}/${file} %{buildroot}%{_sbindir}/rc${file} done @@ -444,7 +404,6 @@ touch %{buildroot}%{_localstatedir}/lib/named/dev/log ln -s ../.. %{buildroot}%{_localstatedir}/lib/named%{_localstatedir}/lib/named ln -s ../log %{buildroot}%{_localstatedir}/lib/named%{_localstatedir} -ln -s ..%{_localstatedir}/lib/named%{_localstatedir}/run/lwresd %{buildroot}/run ln -s ..%{_localstatedir}/lib/named%{_localstatedir}/run/named %{buildroot}/run for file in named-common named-named syslog-named; do install -m 0644 vendor-files/sysconfig/${file} %{buildroot}%{_fillupdir}/sysconfig.${file} @@ -457,10 +416,9 @@ find doc/arm -type f ! -name '*.html' -print0 | xargs -0 rm -f # Create doc as we want it in bind and not bind-doc cp -a vendor-files/docu/README %{buildroot}/%{_defaultdocdir}/bind/README.%{VENDOR} -cp -a vendor-files/docu/dnszonehowto.html contrib/sdb/ldap/ mkdir -p vendor-files/config/ISC-examples cp -a bin/tests/*.conf* vendor-files/config/ISC-examples -for file in CHANGES COPYRIGHT README version contrib doc/{arm,misc} vendor-files/config contrib/sdb/ldap/INSTALL.ldap; do +for file in CHANGES COPYRIGHT README version contrib doc/{arm,misc} vendor-files/config; do basename=$( basename ${file}) cp -a ${file} %{buildroot}/%{_defaultdocdir}/bind/${basename} echo "%doc %{_defaultdocdir}/bind/${basename}" >>filelist-bind-doc @@ -520,8 +478,6 @@ %postun -n %{libisccc} -p /sbin/ldconfig %post -n %{libisccfg} -p /sbin/ldconfig %postun -n %{libisccfg} -p /sbin/ldconfig -%post -n %{liblwres} -p /sbin/ldconfig -%postun -n %{liblwres} -p /sbin/ldconfig %pre chrootenv %{GROUPADD_NAMED} %{USERADD_NAMED} @@ -533,49 +489,13 @@ %tmpfiles_create bind-chrootenv.conf %endif -%pre lwresd -%{GROUPADD_NAMED} -%{USERADD_NAMED} -%if %{with_systemd} -%service_add_pre lwresd.service -%endif - -%post lwresd -# delete an emtpy lwresd.conf file -if [ ! -s etc/lwresd.conf ]; then - rm -f etc/lwresd.conf -fi -%if %{with_systemd} -%service_add_post lwresd.service -%else -if [ $1 -le 1 ]; then - %{fillup_and_insserv -fy lwresd} -fi -%endif - -%preun lwresd -%stop_on_removal lwresd -%if %{with_systemd} -%service_del_preun lwresd.service -%else -%stop_on_removal lwresd -%endif - -%postun lwresd -%if %{with_systemd} -%service_del_postun lwresd.service -%else -%restart_on_update lwresd -%insserv_cleanup -%endif - %post utils %files %license LICENSE %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/named.conf %dir %{_sysconfdir}/slp.reg.d -%attr(0644,root,root) /%{_sysconfdir}/slp.reg.d/bind.reg +%attr(0644,root,root) %config /%{_sysconfdir}/slp.reg.d/bind.reg %attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include %if %{with_systemd} %config %{_unitdir}/named.service @@ -595,6 +515,8 @@ %{_sbindir}/named-checkconf %{_sbindir}/named-checkzone %{_sbindir}/named-compilezone +%dir %{_libdir}/named +%{_libdir}/named/filter-aaaa.so %{_mandir}/man1/bind9-config.1%{ext_man} %{_mandir}/man1/named-rrchecker.1%{ext_man} %{_mandir}/man5/named.conf.5%{ext_man} @@ -602,6 +524,7 @@ %{_mandir}/man8/named-checkzone.8%{ext_man} %{_mandir}/man8/named.8%{ext_man} %{_mandir}/man8/named-compilezone.8%{ext_man} +%{_mandir}/man8/filter-aaaa.8%{ext_man} %dir %{_datadir}/bind %{_datadir}/bind/createNamedConfInclude %{_datadir}/bind/ldapdump @@ -630,6 +553,7 @@ %files -n %{libisc} %{_libdir}/libisc.so.%{isc_sonum}* +%{_libdir}/libns.so.%{libns_sonum}* %files -n %{libisccc} %{_libdir}/libisccc.so.%{isccc_sonum}* @@ -637,9 +561,6 @@ %files -n %{libisccfg} %{_libdir}/libisccfg.so.%{isccfg_sonum}* -%files -n %{liblwres} -%{_libdir}/liblwres.so.%{lwres_sonum}* - %files chrootenv %if %{with_systemd} %{_prefix}/lib/tmpfiles.d/bind-chrootenv.conf @@ -672,28 +593,13 @@ %{_libdir}/libbind9.so %{_libdir}/libdns.so %{_libdir}/libisc*.so -%{_libdir}/liblwres.so +%{_libdir}/libns.so %{_includedir}/bind -%{_mandir}/man3/lwres*.3* %files doc -f filelist-bind-doc %dir %doc %{_defaultdocdir}/bind %doc %{_datadir}/susehelp -%files lwresd -%ghost %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/lwresd.conf -%if %{with_systemd} -%config %{_unitdir}/lwresd.service -%{_sbindir}/lwresd.init -%else -%config %{_initddir}/lwresd -%endif -%{_sbindir}/rclwresd -%{_sbindir}/lwresd -%{_mandir}/man8/lwresd.8%{ext_man} -%ghost %{_rundir}/lwresd -%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/lwresd - %files utils %dir %{_sysconfdir}/named.d %config(noreplace) %{_sysconfdir}/named.d/rndc-access.conf @@ -722,8 +628,9 @@ %{_sbindir}/dnssec-checkds %{_sbindir}/dnssec-coverage %{_sbindir}/dnssec-keymgr -%{_sbindir}/genrandom -%{_sbindir}/isc-hmac-fixup +%{_sbindir}/dnssec-cds +# %%{_sbindir}/genrandom +# %%{_sbindir}/isc-hmac-fixup %{_sbindir}/named-journalprint %{_sbindir}/nsec3hash %{_sbindir}/rndc @@ -752,8 +659,9 @@ %{_mandir}/man8/dnssec-checkds.8%{ext_man} %{_mandir}/man8/dnssec-coverage.8%{ext_man} %{_mandir}/man8/dnssec-keymgr.8%{ext_man} -%{_mandir}/man8/genrandom.8%{ext_man} -%{_mandir}/man8/isc-hmac-fixup.8%{ext_man} +%{_mandir}/man8/dnssec-cds.8%{ext_man} +# %%{_mandir}/man8/genrandom.8%%{ext_man} +# %%{_mandir}/man8/isc-hmac-fixup.8%%{ext_man} %{_mandir}/man8/named-journalprint.8%{ext_man} %{_mandir}/man8/nsec3hash.8%{ext_man} %{_mandir}/man8/rndc.8%{ext_man} ++++++ Makefile.in.diff ++++++ --- /var/tmp/diff_new_pack.0xl5O7/_old 2019-11-25 11:23:27.714114769 +0100 +++ /var/tmp/diff_new_pack.0xl5O7/_new 2019-11-25 11:23:27.714114769 +0100 @@ -1,13 +1,12 @@ -Index: bind-9.11.2/bin/named/Makefile.in +Index: bind-9.14.7/bin/named/Makefile.in =================================================================== ---- bind-9.11.2.orig/bin/named/Makefile.in 2017-07-24 07:36:50.000000000 +0200 -+++ bind-9.11.2/bin/named/Makefile.in 2017-08-15 10:27:54.263889946 +0200 -@@ -168,9 +168,7 @@ installdirs: - install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs +--- bind-9.14.7.orig/bin/named/Makefile.in ++++ bind-9.14.7/bin/named/Makefile.in +@@ -173,8 +173,7 @@ installdirs: + + install:: named@EXEEXT@ installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir} - (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@) - ${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8 -- ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5 + for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man$${m##*.}; done ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.0xl5O7/_old 2019-11-25 11:23:27.730114766 +0100 +++ /var/tmp/diff_new_pack.0xl5O7/_new 2019-11-25 11:23:27.730114766 +0100 @@ -1,18 +1,16 @@ -libbind9-160 -libdns169 -libirs160 -libisc166 +libbind9-1302 +libdns1311 +libirs1301 +libisc1310 obsoletes "bind-libs-<targettype> = <version>" provides "bind-libs-<targettype> = <version>" -libisccc160 -libisccfg160 -liblwres160 +libisccc1302 +libisccfg1302 bind-devel requires -bind-<targettype> - requires "libbind9-160-<targettype> = <version>" - requires "libdns169-<targettype> = <version>" - requires "libirs160-<targettype> = <version>" - requires "libisc166-<targettype> = <version>" - requires "libisccc160-<targettype> = <version>" - requires "libisccfg160-<targettype> = <version>" - requires "liblwres160-<targettype> = <version>" + requires "libbind9-1302-<targettype> = <version>" + requires "libdns1311-<targettype> = <version>" + requires "libirs1301-<targettype> = <version>" + requires "libisc1310-<targettype> = <version>" + requires "libisccc1302-<targettype> = <version>" + requires "libisccfg1302-<targettype> = <version>" ++++++ bind-9.11.2.tar.gz -> bind-9.14.8.tar.gz ++++++ /work/SRC/openSUSE:Factory/bind/bind-9.11.2.tar.gz /work/SRC/openSUSE:Factory/.bind.new.26869/bind-9.14.8.tar.gz differ: char 5, line 1 ++++++ named-bootconf.diff ++++++ --- /var/tmp/diff_new_pack.0xl5O7/_old 2019-11-25 11:23:27.798114755 +0100 +++ /var/tmp/diff_new_pack.0xl5O7/_new 2019-11-25 11:23:27.798114755 +0100 @@ -1,18 +1,18 @@ -Index: contrib/scripts/named-bootconf.sh +Index: bind-9.14.7/contrib/scripts/named-bootconf.sh =================================================================== ---- contrib/scripts/named-bootconf.sh.orig 2017-08-15 13:08:41.636256254 +0200 -+++ contrib/scripts/named-bootconf.sh 2017-08-15 13:08:42.516270950 +0200 -@@ -38,7 +38,8 @@ +--- bind-9.14.7.orig/contrib/scripts/named-bootconf.sh ++++ bind-9.14.7/contrib/scripts/named-bootconf.sh +@@ -39,7 +39,8 @@ # POSSIBILITY OF SUCH DAMAGE. if [ ${OPTIONFILE-X} = X ]; then - WORKDIR=/tmp/`date +%s`.$$ -+ TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1 -+ WORKDIR=$TMPDIR/`date +%s`.$$ ++ TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1 ++ WORKDIR=$TMPDIR/`date +%s`.$$ ( umask 077 ; mkdir $WORKDIR ) || { echo "unable to create work directory '$WORKDIR'" >&2 exit 1 -@@ -292,7 +293,7 @@ if [ $DUMP -eq 1 ]; then +@@ -293,7 +294,7 @@ if [ $DUMP -eq 1 ]; then cat $ZONEFILE $COMMENTFILE rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE ++++++ pie_compile.diff ++++++ --- /var/tmp/diff_new_pack.0xl5O7/_old 2019-11-25 11:23:27.822114750 +0100 +++ /var/tmp/diff_new_pack.0xl5O7/_new 2019-11-25 11:23:27.826114749 +0100 @@ -1,8 +1,21 @@ -Index: bin/check/Makefile.in +Index: bind-9.14.7/bin/Makefile.in =================================================================== ---- bin/check/Makefile.in.orig -+++ bin/check/Makefile.in -@@ -48,8 +48,12 @@ HTMLPAGES = named-checkconf.html named-c +--- bind-9.14.7.orig/bin/Makefile.in ++++ bind-9.14.7/bin/Makefile.in +@@ -15,4 +15,8 @@ SUBDIRS = named rndc dig delv dnssec too + @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests + TARGETS = + ++EXT_CFLAGS = -fPIE -static ++ + @BIND9_MAKE_RULES@ ++ ++LDFLAGS += -pie +Index: bind-9.14.7/bin/check/Makefile.in +=================================================================== +--- bind-9.14.7.orig/bin/check/Makefile.in ++++ bind-9.14.7/bin/check/Makefile.in +@@ -51,8 +51,12 @@ HTMLPAGES = named-checkconf.html named-c MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -15,11 +28,11 @@ named-checkconf.@O@: named-checkconf.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ -Index: bin/confgen/Makefile.in +Index: bind-9.14.7/bin/confgen/Makefile.in =================================================================== ---- bin/confgen/Makefile.in.orig -+++ bin/confgen/Makefile.in -@@ -56,8 +56,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +--- bind-9.14.7.orig/bin/confgen/Makefile.in ++++ bind-9.14.7/bin/confgen/Makefile.in +@@ -61,8 +61,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} UOBJS = unix/os.@O@ @@ -32,11 +45,11 @@ rndc-confgen.@O@: rndc-confgen.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \ -Index: bin/confgen/unix/Makefile.in +Index: bind-9.14.7/bin/confgen/unix/Makefile.in =================================================================== ---- bin/confgen/unix/Makefile.in.orig -+++ bin/confgen/unix/Makefile.in -@@ -24,4 +24,8 @@ SRCS = os.c +--- bind-9.14.7.orig/bin/confgen/unix/Makefile.in ++++ bind-9.14.7/bin/confgen/unix/Makefile.in +@@ -25,4 +25,8 @@ SRCS = os.c TARGETS = ${OBJS} @@ -45,28 +58,30 @@ @BIND9_MAKE_RULES@ + +LDFLAGS += -pie -Index: bin/dig/Makefile.in +Index: bind-9.14.7/bin/dig/Makefile.in =================================================================== ---- bin/dig/Makefile.in.orig -+++ bin/dig/Makefile.in -@@ -61,8 +61,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +--- bind-9.14.7.orig/bin/dig/Makefile.in ++++ bind-9.14.7/bin/dig/Makefile.in +@@ -62,10 +62,14 @@ HTMLPAGES = dig.html host.html nslookup. - EXT_CFLAGS = -DWITH_LIBIDN + MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE -static + @BIND9_MAKE_RULES@ + LDFLAGS = @LDFLAGS@ @LIBIDN2_LDFLAGS@ + +LDFLAGS += -pie + dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS} export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \ - export LIBS0="${DNSLIBS}"; \ -Index: bin/dnssec/Makefile.in + export LIBS0="${DNSLIBS} ${IRSLIBS}"; \ +Index: bind-9.14.7/bin/dnssec/Makefile.in =================================================================== ---- bin/dnssec/Makefile.in.orig -+++ bin/dnssec/Makefile.in -@@ -56,8 +56,12 @@ HTMLPAGES = dnssec-dsfromkey.html dnssec +--- bind-9.14.7.orig/bin/dnssec/Makefile.in ++++ bind-9.14.7/bin/dnssec/Makefile.in +@@ -59,8 +59,12 @@ HTMLPAGES = dnssec-cds.html dnssec-dsfro MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -76,27 +91,14 @@ +LDFLAGS += -pie + - dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS} - export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \ + dnssec-cds@EXEEXT@: dnssec-cds.@O@ ${OBJS} ${DEPLIBS} + export BASEOBJS="dnssec-cds.@O@ ${OBJS}"; \ ${FINALBUILDCMD} -Index: bin/Makefile.in +Index: bind-9.14.7/bin/named/Makefile.in =================================================================== ---- bin/Makefile.in.orig -+++ bin/Makefile.in -@@ -14,4 +14,8 @@ SUBDIRS = named rndc dig delv dnssec too - check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ - TARGETS = - -+EXT_CFLAGS = -fPIE -static -+ - @BIND9_MAKE_RULES@ -+ -+LDFLAGS += -pie -Index: bin/named/Makefile.in -=================================================================== ---- bin/named/Makefile.in.orig -+++ bin/named/Makefile.in -@@ -108,8 +108,12 @@ HTMLPAGES = named.html lwresd.html named +--- bind-9.14.7.orig/bin/named/Makefile.in ++++ bind-9.14.7/bin/named/Makefile.in +@@ -117,8 +117,12 @@ HTMLPAGES = named.html named.conf.html MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -109,22 +111,24 @@ main.@O@: main.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ -Index: bin/named/unix/Makefile.in +Index: bind-9.14.7/bin/named/unix/Makefile.in =================================================================== ---- bin/named/unix/Makefile.in.orig -+++ bin/named/unix/Makefile.in -@@ -25,4 +25,6 @@ SRCS = os.c dlz_dlopen_driver.c +--- bind-9.14.7.orig/bin/named/unix/Makefile.in ++++ bind-9.14.7/bin/named/unix/Makefile.in +@@ -26,4 +26,8 @@ SRCS = os.c dlz_dlopen_driver.c TARGETS = ${OBJS} +EXT_CFLAGS = -fPIE -static + @BIND9_MAKE_RULES@ -Index: bin/nsupdate/Makefile.in ++ ++LDFLAGS += -pie +Index: bind-9.14.7/bin/nsupdate/Makefile.in =================================================================== ---- bin/nsupdate/Makefile.in.orig -+++ bin/nsupdate/Makefile.in -@@ -60,8 +60,12 @@ HTMLPAGES = nsupdate.html +--- bind-9.14.7.orig/bin/nsupdate/Makefile.in ++++ bind-9.14.7/bin/nsupdate/Makefile.in +@@ -64,8 +64,12 @@ HTMLPAGES = nsupdate.html MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -137,11 +141,11 @@ nsupdate.@O@: nsupdate.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DSESSION_KEYFILE=\"${localstatedir}/run/named/session.key\" \ -Index: bin/rndc/Makefile.in +Index: bind-9.14.7/bin/rndc/Makefile.in =================================================================== ---- bin/rndc/Makefile.in.orig -+++ bin/rndc/Makefile.in -@@ -50,8 +50,12 @@ HTMLPAGES = rndc.html rndc.conf.html +--- bind-9.14.7.orig/bin/rndc/Makefile.in ++++ bind-9.14.7/bin/rndc/Makefile.in +@@ -51,8 +51,12 @@ HTMLPAGES = rndc.html rndc.conf.html MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -154,11 +158,11 @@ rndc.@O@: rndc.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ -Index: bin/tools/Makefile.in +Index: bind-9.14.7/bin/tools/Makefile.in =================================================================== ---- bin/tools/Makefile.in.orig -+++ bin/tools/Makefile.in -@@ -60,8 +60,12 @@ HTMLPAGES = arpaname.html dnstap-read.ht +--- bind-9.14.7.orig/bin/tools/Makefile.in ++++ bind-9.14.7/bin/tools/Makefile.in +@@ -61,8 +61,12 @@ HTMLPAGES = arpaname.html dnstap-read.ht MANOBJS = ${MANPAGES} ${HTMLPAGES} @@ -171,36 +175,3 @@ arpaname@EXEEXT@: arpaname.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ -o $@ arpaname.@O@ ${ISCLIBS} ${LIBS} -Index: contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in -=================================================================== ---- contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in.orig -+++ contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in -@@ -68,8 +68,8 @@ IDNLIB = ../../lib/libidnkit.la - INCS = -I$(srcdir) -I$(srcdir)/../../include -I../../include $(ICONVINC) - DEFS = - --CFLAGS = $(INCS) $(DEFS) @CPPFLAGS@ @CFLAGS@ --LDFLAGS = @LDFLAGS@ -+CFLAGS = $(INCS) $(DEFS) @CPPFLAGS@ @CFLAGS@ -fPIE -+LDFLAGS = @LDFLAGS@ -pie - - SRCS = idnconv.c util.c selectiveencode.c - OBJS = idnconv.o util.o selectiveencode.o -Index: contrib/zkt-1.1.3/Makefile.in -=================================================================== ---- contrib/zkt-1.1.3/Makefile.in.orig -+++ contrib/zkt-1.1.3/Makefile.in -@@ -13,11 +13,11 @@ PROFILE = # -pg - OPTIM = # -O3 -DNDEBUG - - #CFLAGS ?= @CFLAGS@ @DEFS@ -I@top_srcdir@ --CFLAGS += -g @DEFS@ -I@top_srcdir@ -+CFLAGS += -g @DEFS@ -I@top_srcdir@ -fPIE - CFLAGS += -Wall #-DDBG - CFLAGS += -Wmissing-prototypes - CFLAGS += $(PROFILE) $(OPTIM) --LDFLAGS += $(PROFILE) -+LDFLAGS += $(PROFILE) -fPIE -pie - LIBS = @LIBS@ - - PROJECT = @PACKAGE_TARNAME@
