Hello community, here is the log from the commit of package bind.998 for openSUSE:11.4:Update checked in at 2012-10-19 09:39:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:11.4:Update/bind.998 (Old) and /work/SRC/openSUSE:11.4:Update/.bind.998.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind.998", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-08-23 02:41:28.555381587 +0200 +++ /work/SRC/openSUSE:11.4:Update/.bind.998.new/bind.changes 2012-10-19 09:39:56.000000000 +0200 @@ -0,0 +1,1248 @@ +------------------------------------------------------------------- +Thu Oct 11 15:54:16 UTC 2012 - m...@suse.com + +- Specially crafted DNS data can cause a lockup in named. + CVE-2012-5166, bnc#784602. +- 9.7.6-P4 + +------------------------------------------------------------------- +Sat Sep 15 16:38:43 UTC 2012 - meiss...@suse.com + +- A nameserver can be caused to exit with a REQUIRE exception if it can + be induced to load a specially crafted resource record. + CVE-2012-4244 + bnc#780157 +- 9.7.6-P3 +- fetched current named.root and dnszone-schema.txt from upstream. + - named.root: D has ipv6 record now + +------------------------------------------------------------------- +Mon Jul 30 11:28:01 CEST 2012 - u...@suse.de + +- Bad-cache data could be used before it was + initialized, causing an assert. + CVE-2012-3817 + bnc#772945 +- Change #3314 broke saving of stub zones to disk + resulting in excessive cpu usage in some cases. +- 9.7.6-P2 + +------------------------------------------------------------------- +Tue Jul 3 12:19:41 CEST 2012 - u...@suse.de + +- VUL-1: deleted domain name resolving flaw + CVE-2012-1033 + bnc#746074 +- more than 40 other bugs fixed (see CHANGES for details) +- 9.7.6-P1 + +------------------------------------------------------------------- +Mon Jun 4 16:54:57 CEST 2012 - u...@suse.de + +- VUL-0: bind remote DoS via zero length rdata field + CVE-2012-1667 + bnc#765315 + +------------------------------------------------------------------- +Thu Nov 17 16:40:37 CET 2011 - u...@suse.de + +- Cache lookup could return RRSIG data associated with nonexistent + records, leading to an assertion failure. (bnc#730995) + CVE-2011-4313 + +------------------------------------------------------------------- +Tue Jul 5 16:46:36 CEST 2011 - u...@suse.de + +- Change #2912 (see CHANGES) exposed a latent bug in the DNS message + processing code that could allow certain UPDATE requests to crash + named. This was fixed by disambiguating internal database + representation vs DNS wire format data. [RT #24777] [CVE-2011-2464] + (bnc#703907) + +------------------------------------------------------------------- +Tue May 31 16:48:00 CEST 2011 - meiss...@suse.de + +- Security update to 9.7.3-P1 + - fixed a denial of service in RRSIG (CVE-2011-1910 / bnc#696585) +- Updated named.root from internic + +------------------------------------------------------------------- +Thu Feb 24 11:14:09 CET 2011 - u...@suse.de + +- fixed security issue + VUL-0: bind: IXFR or DDNS update combined with high query rate + DoS vulnerability (CVE-2011-0414 bnc#674431) +- version to 9.7.3 + +------------------------------------------------------------------- +Wed Jan 5 16:58:06 CET 2011 - meiss...@suse.de + +- ifdef the sysvinit specific prereqs for openSUSE 11.4 and later + +------------------------------------------------------------------- +Thu Dec 9 15:21:15 UTC 2010 - mvysko...@suse.cz + +- fix bnc#656509 - direct mount of /proc in chroot + +------------------------------------------------------------------- +Tue Dec 7 22:04:48 UTC 2010 - co...@novell.com + +- prereq init scripts syslog and network + +------------------------------------------------------------------- +Thu Dec 2 17:38:44 CET 2010 - u...@suse.de + +- fixed VUL-0: bind: Key algorithm rollover bug + bnc#657102, CVE-2010-3614 +- fixed VUL-0: bind: allow-query processed incorrectly + bnc#657120, CVE-2010-3615 +- fixed VUL-0: bind: cache incorrectly allows a ncache entry and a rrsig for the same type + bnc#657129, CVE-2010-3613 + +------------------------------------------------------------------- +Tue Nov 23 14:38:49 CET 2010 - u...@suse.de + +- fixed return code of "rcnamed status" +- added gssapi support + +------------------------------------------------------------------- +Tue Oct 12 13:53:16 CEST 2010 - u...@suse.de + +- Zones may be dynamically added and removed with the "rndc addzone" + and "rndc delzone" commands. These dynamically added zones are + written to a per-view configuration file. Do not rely on the + configuration file name nor contents as this will change in a + future release. This is an experimental feature at this time. +- Added new "filter-aaaa-on-v4" access control list to select which + IPv4 clients have AAAA record filtering applied. +- A new command "rndc secroots" was added to dump a combined summary + of the currently managed keys combined with statically configured + trust anchors. +- Added support to load new keys into managed zones without signing + immediately with "rndc loadkeys". Added support to link keys with + "dnssec-keygen -S" and "dnssec-settime -S". +- Documentation improvements +- ORCHID prefixes were removed from the automatic empty zone list. +- Improved handling of GSSAPI security contexts. Specifically, better + memory management of cached contexts, limited lifetime of a context + to 1 hour, and added a "realm" command to nsupdate to allow + selection of a non-default realm name. +- The contributed tool "ztk" was updated to version 1.0. + +- version 9.7.1 to 9.7.2-P2 + +------------------------------------------------------------------- +Mon Jul 26 15:33:02 CEST 2010 - u...@suse.de + +- chrooted bind failed to start (bnc#625019) + +------------------------------------------------------------------- +Mon Jun 21 12:43:15 CEST 2010 - u...@suse.de + +- genrandom: add support for the generation of multiple + files. +- Update empty-zones list to match + draft-ietf-dnsop-default-local-zones-13. +- Incrementally write the master file after performing + a AXFR. +- Add AAAA address for L.ROOT-SERVERS.NET. +- around 50 bugs fixed (see CHANGELOG for details) +- version 9.7.1 + +------------------------------------------------------------------- +Thu May 20 10:10:13 CEST 2010 - u...@suse.de + +- Handle broken DNSSEC trust chains better. [RT #15619] +- Named could return SERVFAIL for negative responses + from unsigned zones. [RT #21131 +- version 9.7.0-P2 + +------------------------------------------------------------------- +Sat May 1 12:18:57 UTC 2010 - a...@suse.de + +- Handle /var/run on tmpfs. +- do not use run_ldconfig. + +------------------------------------------------------------------- +Wed Feb 24 18:30:08 UTC 2010 - jeng...@medozas.de + +- Enable DLZ-LDAP (supersedes sdb_ldap) and add a patch + +------------------------------------------------------------------- +Wed Feb 17 12:27:56 CET 2010 - u...@suse.de + +- Fully automatic signing of zones by "named". +- Simplified configuration of DNSSEC Lookaside Validation (DLV). +- Simplified configuration of Dynamic DNS, using the "ddns-confgen" + command line tool or the "local" update-policy option. (As a side + effect, this also makes it easier to configure automatic zone + re-signing.) +- New named option "attach-cache" that allows multiple views to + share a single cache. +- DNS rebinding attack prevention. +- New default values for dnssec-keygen parameters. +- Support for RFC 5011 automated trust anchor maintenance +- Smart signing: simplified tools for zone signing and key + maintenance. +- The "statistics-channels" option is now available on Windows. +- A new DNSSEC-aware libdns API for use by non-BIND9 applications +- On some platforms, named and other binaries can now print out + a stack backtrace on assertion failure, to aid in debugging. +- A "tools only" installation mode on Windows, which only installs + dig, host, nslookup and nsupdate. +- Improved PKCS#11 support, including Keyper support and explicit + OpenSSL engine selection. +- version 9.7.0 + +------------------------------------------------------------------- ++++ 1051 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:11.4:Update/.bind.998.new/bind.changes New: ---- Makefile.in.diff baselibs.conf bind-9.7.6-P4.tar.gz bind.changes bind.spec configure.in.diff dlz-schema.txt dnszone-schema.txt named-bootconf.diff named-direct-proc-mount.diff named.root perl-path.diff pid-path.diff pie_compile.diff tmpfs.patch vendor-files.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ ++++ 745 lines (skipped) ++++++ Makefile.in.diff ++++++ --- bind-9.3.1/bin/named/Makefile.in +++ bind-9.3.1/bin/named/Makefile.in 2006/05/09 13:00:18 @@ -138,8 +138,6 @@ install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir} (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@) - ${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5 + for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man$${m##*.}; done @DLZ_DRIVER_RULES@ ++++++ baselibs.conf ++++++ bind-libs obsoletes "bind-utils-<targettype>" provides "bind-utils-<targettype>" arch ppc package bind-devel requires -bind-<targettype> requires "bind-libs-<targettype> = <version>" arch sparcv9 package bind-devel requires -bind-<targettype> requires "bind-libs-<targettype> = <version>" ++++++ configure.in.diff ++++++ --- bind-9.2.3/configure.in +++ bind-9.2.3/configure.in 2004-06-20 08:17:09 @@ -1636,7 +1636,7 @@ # empty). The variable VARIABLE will be substituted into output files. # -AC_DEFUN(NOM_PATH_FILE, [ +AC_DEFUN([NOM_PATH_FILE], [ $1="" AC_MSG_CHECKING(for $2) for d in $3 ++++++ dlz-schema.txt ++++++ # # # 1.3.6.1.4.1.18420.1.1.X is reserved for attribute types declared by the DLZ project. # 1.3.6.1.4.1.18420.1.2.X is reserved for object classes declared by the DLZ project. # 1.3.6.1.4.1.18420.1.3.X is reserved for PRIVATE extensions to the DLZ attribute # types and object classes that may be needed by end users # to add security, etc. Attributes and object classes using # this OID MUST NOT be published outside of an organization # except to offer them for consideration to become part of the # standard attributes and object classes published by the DLZ project. attributetype ( 1.3.6.1.4.1.18420.1.1.10 NAME 'dlzZoneName' DESC 'DNS zone name - domain name not including host name' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.20 NAME 'dlzHostName' DESC 'Host portion of a domain name' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.30 NAME 'dlzData' DESC 'Data for the resource record' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.40 NAME 'dlzType' DESC 'DNS record type - A, SOA, NS, MX, etc...' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.50 NAME 'dlzSerial' DESC 'SOA record serial number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.60 NAME 'dlzRefresh' DESC 'SOA record refresh time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.70 NAME 'dlzRetry' DESC 'SOA retry time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.80 NAME 'dlzExpire' DESC 'SOA expire time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.90 NAME 'dlzMinimum' DESC 'SOA minimum time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.100 NAME 'dlzAdminEmail' DESC 'E-mail address of person responsible for this zone - @ should be replaced with . (period)' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.110 NAME 'dlzPrimaryNS' DESC 'Primary name server for this zone - should be host name not IP address' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.120 NAME 'dlzIPAddr' DESC 'IP address - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6 should be in colon notation xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{40} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.130 NAME 'dlzCName' DESC 'DNS cname' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.140 NAME 'dlzPreference' DESC 'DNS MX record preference. Lower numbers have higher preference' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.150 NAME 'dlzTTL' DESC 'DNS time to live - how long this record can be cached by caching DNS servers' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.160 NAME 'dlzRecordID' DESC 'Unique ID for each DLZ resource record' SUP name SINGLE-VALUE ) #------------------------------------------------------------------------------ # Object class definitions #------------------------------------------------------------------------------ objectclass ( 1.3.6.1.4.1.18420.1.2.10 NAME 'dlzZone' DESC 'Zone name portion of a domain name' SUP top STRUCTURAL MUST ( objectclass $ dlzZoneName ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.20 NAME 'dlzHost' DESC 'Host name portion of a domain name' SUP top STRUCTURAL MUST ( objectclass $ dlzHostName ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.30 NAME 'dlzAbstractRecord' DESC 'Data common to all DNS record types' SUP top ABSTRACT MUST ( objectclass $ dlzRecordID $ dlzHostName $ dlzType $ dlzTTL ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.40 NAME 'dlzGenericRecord' DESC 'Generic DNS record - useful when a specific object class has not been defined for a DNS record' SUP dlzAbstractRecord STRUCTURAL MUST ( dlzData ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.50 NAME 'dlzARecord' DESC 'DNS A record' SUP dlzAbstractrecord STRUCTURAL MUST ( dlzIPAddr ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.60 NAME 'dlzNSRecord' DESC 'DNS NS record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.70 NAME 'dlzMXRecord' DESC 'DNS MX record' SUP dlzGenericRecord STRUCTURAL MUST ( dlzPreference ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.80 NAME 'dlzSOARecord' DESC 'DNS SOA record' SUP dlzAbstractRecord STRUCTURAL MUST ( dlzSerial $ dlzRefresh $ dlzRetry $ dlzExpire $ dlzMinimum $ dlzAdminEmail $ dlzPrimaryNS ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.90 NAME 'dlzTextRecord' DESC 'Text data with spaces should be wrapped in double quotes' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.100 NAME 'dlzPTRRecord' DESC 'DNS PTR record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.110 NAME 'dlzCNameRecord' DESC 'DNS CName record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.120 NAME 'dlzXFR' DESC 'Host allowed to perform zone transfer' SUP top STRUCTURAL MUST ( objectclass $ dlzRecordID $ dlzIPAddr ) ) ++++++ dnszone-schema.txt ++++++ # A schema for storing DNS zones in LDAP # attributetype ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName' DESC 'The name of a zone, i.e. the name of the highest node in the zone' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName' DESC 'The starting labels of a domain name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain name pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text string, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 address, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-existant, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service location, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming Authority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchange Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certificate, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record Type, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' SUP top STRUCTURAL MUST ( zoneName $ relativeDomainName ) MAY ( DNSTTL $ DNSClass $ ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $ MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord ) ) ++++++ named-bootconf.diff ++++++ --- contrib/named-bootconf/named-bootconf.sh +++ contrib/named-bootconf/named-bootconf.sh 2006/11/06 08:59:04 @@ -54,7 +54,8 @@ # POSSIBILITY OF SUCH DAMAGE. if [ ${OPTIONFILE-X} = X ]; then - WORKDIR=/tmp/`date +%s`.$$ + TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1 + WORKDIR=$TMPDIR/`date +%s`.$$ ( umask 077 ; mkdir $WORKDIR ) || { echo "unable to create work directory '$WORKDIR'" >&2 exit 1 @@ -308,7 +309,7 @@ cat $ZONEFILE $COMMENTFILE rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE - rmdir $WORKDIR + rm -rf $TMPDIR fi exit 0 ++++++ named-direct-proc-mount.diff ++++++ Index: bind-9.7.2P3/vendor-files/init/named =================================================================== --- bind-9.7.2P3.orig/vendor-files/init/named 2010-12-09 16:17:51.000000000 +0100 +++ bind-9.7.2P3/vendor-files/init/named 2010-12-09 16:19:55.060044775 +0100 @@ -183,8 +183,7 @@ # mount /proc for multicore CPUs (bnc#470828) if [ ! -e "${CHROOT_PREFIX}/proc/meminfo" ]; then mkdir -p "${CHROOT_PREFIX}/proc" - mount --bind /proc "${CHROOT_PREFIX}/proc" 2>/dev/null - mount -o remount,ro,nosuid,nodev ${CHROOT_PREFIX}/proc 2>/dev/null + mount -tproc -oro,nosuid,nodev,noexec proc ${CHROOT_PREFIX}/proc 2>/dev/null fi; ########################### ++++++ named.root ++++++ ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: Jun 8, 2011 ; related version of root zone: 2011060800 ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D ; ; FORMERLY NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; FORMERLY NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F ; ; FORMERLY NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 ; ; OPERATED BY ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; ; OPERATED BY WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 ; End of File ++++++ perl-path.diff ++++++ --- bin/tests/t_api.pl +++ bin/tests/t_api.pl 2012/07/03 09:59:31 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl # # Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1999-2001 Internet Software Consortium. --- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl +++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl 2012/07/03 09:59:52 @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w # $Id: generate_nameprep_data.pl,v 1.1 2003/06/04 00:27:54 marka Exp $ # # Copyright (c) 2001 Japan Network Information Center. All rights reserved. --- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl +++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl 2012/07/03 09:59:42 @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w # $Id: generate_normalize_data.pl,v 1.1 2003/06/04 00:27:55 marka Exp $ # # Copyright (c) 2000,2001 Japan Network Information Center. ++++++ pid-path.diff ++++++ --- bin/named/include/named/globals.h +++ bin/named/include/named/globals.h 2009/01/28 11:01:54 @@ -121,9 +121,9 @@ "lwresd.pid"); #else EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/named.pid"); + "/run/named/named.pid"); EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/lwresd.pid"); + "/run/named/lwresd.pid"); #endif EXTERN const char * ns_g_username INIT(NULL); --- contrib/nanny/nanny.pl +++ contrib/nanny/nanny.pl 2009/01/28 11:02:29 @@ -19,7 +19,7 @@ # A simple nanny to make sure named stays running. -$pid_file_location = '/var/run/named.pid'; +$pid_file_location = '/var/run/named/named.pid'; $nameserver_location = 'localhost'; $dig_program = 'dig'; $named_program = 'named'; ++++++ pie_compile.diff ++++++ --- bin/Makefile.in +++ bin/Makefile.in 2010/02/17 10:54:34 @@ -23,4 +23,8 @@ check confgen @PKCS11_TOOLS@ TARGETS = +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ + +LDFLAGS += -pie --- bin/dig/Makefile.in +++ bin/dig/Makefile.in 2010/02/17 10:52:39 @@ -67,8 +67,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS} export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \ ${FINALBUILDCMD} --- bin/dnssec/Makefile.in +++ bin/dnssec/Makefile.in 2010/02/17 10:53:51 @@ -60,8 +60,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS} export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \ ${FINALBUILDCMD} --- bin/nsupdate/Makefile.in +++ bin/nsupdate/Makefile.in 2010/02/17 10:55:42 @@ -64,8 +64,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + nsupdate.@O@: nsupdate.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DSESSION_KEYFILE=\"${localstatedir}/run/named/session.key\" \ --- bin/rndc/Makefile.in +++ bin/rndc/Makefile.in 2010/02/17 10:57:03 @@ -59,8 +59,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + rndc.@O@: rndc.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ --- bin/check/Makefile.in +++ bin/check/Makefile.in 2005/06/17 13:01:56 @@ -55,8 +55,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + named-checkconf.@O@: named-checkconf.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ --- bin/named/Makefile.in +++ bin/named/Makefile.in 2005/06/17 12:41:37 @@ -91,8 +91,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + main.@O@: main.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ --- bin/named/unix/Makefile.in +++ bin/named/unix/Makefile.in 2005/06/17 12:40:23 @@ -33,4 +33,6 @@ TARGETS = ${OBJS} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ --- bin/confgen/Makefile.in +++ bin/confgen/Makefile.in 2010/02/17 11:09:01 @@ -64,8 +64,12 @@ UOBJS = unix/os.@O@ +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + rndc-confgen.@O@: rndc-confgen.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \ ++++++ tmpfs.patch ++++++ Index: vendor-files/init/lwresd =================================================================== --- vendor-files/init/lwresd.orig +++ vendor-files/init/lwresd @@ -118,6 +118,10 @@ function checkAndCopyConfigFiles case "$1" in start) echo -n "Starting Lightweight resolver daemon " + # Create link if needed, /var/run might be on tmpfs + if [ ! -L /var/run/named ] ; then + ln -s ${CHROOT_PREFIX}/var/run/named /var/run/named + fi checkAndCopyConfigFiles startproc ${LWRESD_BIN} ${NAMED_ARGS} -u named rc_status -v Index: vendor-files/init/named =================================================================== --- vendor-files/init/named.orig +++ vendor-files/init/named @@ -231,6 +231,11 @@ case "$1" in if [ ! -e /etc/named.d/forwarders.conf ]; then touch /etc/named.d/forwarders.conf fi + # Create link if needed, /var/run might be on tmpfs + if [ ! -L /var/run/named ] ; then + ln -s ${CHROOT_PREFIX}/var/run/named /var/run/named + fi + checkproc -p ${NAMED_PID} ${NAMED_BIN} case $? in 0) echo -n "- Warning: named already running! " ;; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org