Hello community,
here is the log from the commit of package bind.998 for openSUSE:11.4:Update
checked in at 2012-10-19 09:39:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:11.4:Update/bind.998 (Old)
and /work/SRC/openSUSE:11.4:Update/.bind.998.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind.998", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2012-08-23 02:41:28.555381587 +0200
+++ /work/SRC/openSUSE:11.4:Update/.bind.998.new/bind.changes 2012-10-19
09:39:56.000000000 +0200
@@ -0,0 +1,1248 @@
+-------------------------------------------------------------------
+Thu Oct 11 15:54:16 UTC 2012 - m...@suse.com
+
+- Specially crafted DNS data can cause a lockup in named.
+ CVE-2012-5166, bnc#784602.
+- 9.7.6-P4
+
+-------------------------------------------------------------------
+Sat Sep 15 16:38:43 UTC 2012 - meiss...@suse.com
+
+- A nameserver can be caused to exit with a REQUIRE exception if it can
+ be induced to load a specially crafted resource record.
+ CVE-2012-4244
+ bnc#780157
+- 9.7.6-P3
+- fetched current named.root and dnszone-schema.txt from upstream.
+ - named.root: D has ipv6 record now
+
+-------------------------------------------------------------------
+Mon Jul 30 11:28:01 CEST 2012 - u...@suse.de
+
+- Bad-cache data could be used before it was
+ initialized, causing an assert.
+ CVE-2012-3817
+ bnc#772945
+- Change #3314 broke saving of stub zones to disk
+ resulting in excessive cpu usage in some cases.
+- 9.7.6-P2
+
+-------------------------------------------------------------------
+Tue Jul 3 12:19:41 CEST 2012 - u...@suse.de
+
+- VUL-1: deleted domain name resolving flaw
+ CVE-2012-1033
+ bnc#746074
+- more than 40 other bugs fixed (see CHANGES for details)
+- 9.7.6-P1
+
+-------------------------------------------------------------------
+Mon Jun 4 16:54:57 CEST 2012 - u...@suse.de
+
+- VUL-0: bind remote DoS via zero length rdata field
+ CVE-2012-1667
+ bnc#765315
+
+-------------------------------------------------------------------
+Thu Nov 17 16:40:37 CET 2011 - u...@suse.de
+
+- Cache lookup could return RRSIG data associated with nonexistent
+ records, leading to an assertion failure. (bnc#730995)
+ CVE-2011-4313
+
+-------------------------------------------------------------------
+Tue Jul 5 16:46:36 CEST 2011 - u...@suse.de
+
+- Change #2912 (see CHANGES) exposed a latent bug in the DNS message
+ processing code that could allow certain UPDATE requests to crash
+ named. This was fixed by disambiguating internal database
+ representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]
+ (bnc#703907)
+
+-------------------------------------------------------------------
+Tue May 31 16:48:00 CEST 2011 - meiss...@suse.de
+
+- Security update to 9.7.3-P1
+ - fixed a denial of service in RRSIG (CVE-2011-1910 / bnc#696585)
+- Updated named.root from internic
+
+-------------------------------------------------------------------
+Thu Feb 24 11:14:09 CET 2011 - u...@suse.de
+
+- fixed security issue
+ VUL-0: bind: IXFR or DDNS update combined with high query rate
+ DoS vulnerability (CVE-2011-0414 bnc#674431)
+- version to 9.7.3
+
+-------------------------------------------------------------------
+Wed Jan 5 16:58:06 CET 2011 - meiss...@suse.de
+
+- ifdef the sysvinit specific prereqs for openSUSE 11.4 and later
+
+-------------------------------------------------------------------
+Thu Dec 9 15:21:15 UTC 2010 - mvysko...@suse.cz
+
+- fix bnc#656509 - direct mount of /proc in chroot
+
+-------------------------------------------------------------------
+Tue Dec 7 22:04:48 UTC 2010 - co...@novell.com
+
+- prereq init scripts syslog and network
+
+-------------------------------------------------------------------
+Thu Dec 2 17:38:44 CET 2010 - u...@suse.de
+
+- fixed VUL-0: bind: Key algorithm rollover bug
+ bnc#657102, CVE-2010-3614
+- fixed VUL-0: bind: allow-query processed incorrectly
+ bnc#657120, CVE-2010-3615
+- fixed VUL-0: bind: cache incorrectly allows a ncache entry and a rrsig for
the same type
+ bnc#657129, CVE-2010-3613
+
+-------------------------------------------------------------------
+Tue Nov 23 14:38:49 CET 2010 - u...@suse.de
+
+- fixed return code of "rcnamed status"
+- added gssapi support
+
+-------------------------------------------------------------------
+Tue Oct 12 13:53:16 CEST 2010 - u...@suse.de
+
+- Zones may be dynamically added and removed with the "rndc addzone"
+ and "rndc delzone" commands. These dynamically added zones are
+ written to a per-view configuration file. Do not rely on the
+ configuration file name nor contents as this will change in a
+ future release. This is an experimental feature at this time.
+- Added new "filter-aaaa-on-v4" access control list to select which
+ IPv4 clients have AAAA record filtering applied.
+- A new command "rndc secroots" was added to dump a combined summary
+ of the currently managed keys combined with statically configured
+ trust anchors.
+- Added support to load new keys into managed zones without signing
+ immediately with "rndc loadkeys". Added support to link keys with
+ "dnssec-keygen -S" and "dnssec-settime -S".
+- Documentation improvements
+- ORCHID prefixes were removed from the automatic empty zone list.
+- Improved handling of GSSAPI security contexts. Specifically, better
+ memory management of cached contexts, limited lifetime of a context
+ to 1 hour, and added a "realm" command to nsupdate to allow
+ selection of a non-default realm name.
+- The contributed tool "ztk" was updated to version 1.0.
+
+- version 9.7.1 to 9.7.2-P2
+
+-------------------------------------------------------------------
+Mon Jul 26 15:33:02 CEST 2010 - u...@suse.de
+
+- chrooted bind failed to start (bnc#625019)
+
+-------------------------------------------------------------------
+Mon Jun 21 12:43:15 CEST 2010 - u...@suse.de
+
+- genrandom: add support for the generation of multiple
+ files.
+- Update empty-zones list to match
+ draft-ietf-dnsop-default-local-zones-13.
+- Incrementally write the master file after performing
+ a AXFR.
+- Add AAAA address for L.ROOT-SERVERS.NET.
+- around 50 bugs fixed (see CHANGELOG for details)
+- version 9.7.1
+
+-------------------------------------------------------------------
+Thu May 20 10:10:13 CEST 2010 - u...@suse.de
+
+- Handle broken DNSSEC trust chains better. [RT #15619]
+- Named could return SERVFAIL for negative responses
+ from unsigned zones. [RT #21131
+- version 9.7.0-P2
+
+-------------------------------------------------------------------
+Sat May 1 12:18:57 UTC 2010 - a...@suse.de
+
+- Handle /var/run on tmpfs.
+- do not use run_ldconfig.
+
+-------------------------------------------------------------------
+Wed Feb 24 18:30:08 UTC 2010 - jeng...@medozas.de
+
+- Enable DLZ-LDAP (supersedes sdb_ldap) and add a patch
+
+-------------------------------------------------------------------
+Wed Feb 17 12:27:56 CET 2010 - u...@suse.de
+
+- Fully automatic signing of zones by "named".
+- Simplified configuration of DNSSEC Lookaside Validation (DLV).
+- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
+ command line tool or the "local" update-policy option. (As a side
+ effect, this also makes it easier to configure automatic zone
+ re-signing.)
+- New named option "attach-cache" that allows multiple views to
+ share a single cache.
+- DNS rebinding attack prevention.
+- New default values for dnssec-keygen parameters.
+- Support for RFC 5011 automated trust anchor maintenance
+- Smart signing: simplified tools for zone signing and key
+ maintenance.
+- The "statistics-channels" option is now available on Windows.
+- A new DNSSEC-aware libdns API for use by non-BIND9 applications
+- On some platforms, named and other binaries can now print out
+ a stack backtrace on assertion failure, to aid in debugging.
+- A "tools only" installation mode on Windows, which only installs
+ dig, host, nslookup and nsupdate.
+- Improved PKCS#11 support, including Keyper support and explicit
+ OpenSSL engine selection.
+- version 9.7.0
+
+-------------------------------------------------------------------
++++ 1051 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:11.4:Update/.bind.998.new/bind.changes
New:
----
Makefile.in.diff
baselibs.conf
bind-9.7.6-P4.tar.gz
bind.changes
bind.spec
configure.in.diff
dlz-schema.txt
dnszone-schema.txt
named-bootconf.diff
named-direct-proc-mount.diff
named.root
perl-path.diff
pid-path.diff
pie_compile.diff
tmpfs.patch
vendor-files.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ bind.spec ++++++
++++ 745 lines (skipped)
++++++ Makefile.in.diff ++++++
--- bind-9.3.1/bin/named/Makefile.in
+++ bind-9.3.1/bin/named/Makefile.in 2006/05/09 13:00:18
@@ -138,8 +138,6 @@
install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@
${DESTDIR}${sbindir}
(cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@
lwresd@EXEEXT@)
- ${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8
- ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8
- ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5
+ for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m
${DESTDIR}${mandir}/man$${m##*.}; done
@DLZ_DRIVER_RULES@
++++++ baselibs.conf ++++++
bind-libs
obsoletes "bind-utils-<targettype>"
provides "bind-utils-<targettype>"
arch ppc package bind-devel
requires -bind-<targettype>
requires "bind-libs-<targettype> = <version>"
arch sparcv9 package bind-devel
requires -bind-<targettype>
requires "bind-libs-<targettype> = <version>"
++++++ configure.in.diff ++++++
--- bind-9.2.3/configure.in
+++ bind-9.2.3/configure.in 2004-06-20 08:17:09
@@ -1636,7 +1636,7 @@
# empty). The variable VARIABLE will be substituted into output files.
#
-AC_DEFUN(NOM_PATH_FILE, [
+AC_DEFUN([NOM_PATH_FILE], [
$1=""
AC_MSG_CHECKING(for $2)
for d in $3
++++++ dlz-schema.txt ++++++
#
#
# 1.3.6.1.4.1.18420.1.1.X is reserved for attribute types declared by the DLZ
project.
# 1.3.6.1.4.1.18420.1.2.X is reserved for object classes declared by the DLZ
project.
# 1.3.6.1.4.1.18420.1.3.X is reserved for PRIVATE extensions to the DLZ
attribute
# types and object classes that may be needed by end users
# to add security, etc. Attributes and object classes using
# this OID MUST NOT be published outside of an organization
# except to offer them for consideration to become part of
the
# standard attributes and object classes published by the
DLZ project.
attributetype ( 1.3.6.1.4.1.18420.1.1.10
NAME 'dlzZoneName'
DESC 'DNS zone name - domain name not including host name'
SUP name
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.20
NAME 'dlzHostName'
DESC 'Host portion of a domain name'
SUP name
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.30
NAME 'dlzData'
DESC 'Data for the resource record'
SUP name
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.40
NAME 'dlzType'
DESC 'DNS record type - A, SOA, NS, MX, etc...'
SUP name
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.50
NAME 'dlzSerial'
DESC 'SOA record serial number'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.60
NAME 'dlzRefresh'
DESC 'SOA record refresh time in seconds'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.70
NAME 'dlzRetry'
DESC 'SOA retry time in seconds'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.80
NAME 'dlzExpire'
DESC 'SOA expire time in seconds'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.90
NAME 'dlzMinimum'
DESC 'SOA minimum time in seconds'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.100
NAME 'dlzAdminEmail'
DESC 'E-mail address of person responsible for this zone - @ should be
replaced with . (period)'
SUP name
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.110
NAME 'dlzPrimaryNS'
DESC 'Primary name server for this zone - should be host name not IP
address'
SUP name
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.120
NAME 'dlzIPAddr'
DESC 'IP address - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6
should be in colon notation xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{40}
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.130
NAME 'dlzCName'
DESC 'DNS cname'
SUP name
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.140
NAME 'dlzPreference'
DESC 'DNS MX record preference. Lower numbers have higher preference'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.150
NAME 'dlzTTL'
DESC 'DNS time to live - how long this record can be cached by caching
DNS servers'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.18420.1.1.160
NAME 'dlzRecordID'
DESC 'Unique ID for each DLZ resource record'
SUP name
SINGLE-VALUE )
#------------------------------------------------------------------------------
# Object class definitions
#------------------------------------------------------------------------------
objectclass ( 1.3.6.1.4.1.18420.1.2.10
NAME 'dlzZone'
DESC 'Zone name portion of a domain name'
SUP top STRUCTURAL
MUST ( objectclass $ dlzZoneName ) )
objectclass ( 1.3.6.1.4.1.18420.1.2.20
NAME 'dlzHost'
DESC 'Host name portion of a domain name'
SUP top STRUCTURAL
MUST ( objectclass $ dlzHostName ) )
objectclass ( 1.3.6.1.4.1.18420.1.2.30
NAME 'dlzAbstractRecord'
DESC 'Data common to all DNS record types'
SUP top ABSTRACT
MUST ( objectclass $ dlzRecordID $ dlzHostName $ dlzType $ dlzTTL ) )
objectclass ( 1.3.6.1.4.1.18420.1.2.40
NAME 'dlzGenericRecord'
DESC 'Generic DNS record - useful when a specific object class has not
been defined for a DNS record'
SUP dlzAbstractRecord STRUCTURAL
MUST ( dlzData ) )
objectclass ( 1.3.6.1.4.1.18420.1.2.50
NAME 'dlzARecord'
DESC 'DNS A record'
SUP dlzAbstractrecord STRUCTURAL
MUST ( dlzIPAddr ) )
objectclass ( 1.3.6.1.4.1.18420.1.2.60
NAME 'dlzNSRecord'
DESC 'DNS NS record'
SUP dlzGenericRecord STRUCTURAL )
objectclass ( 1.3.6.1.4.1.18420.1.2.70
NAME 'dlzMXRecord'
DESC 'DNS MX record'
SUP dlzGenericRecord STRUCTURAL
MUST ( dlzPreference ) )
objectclass ( 1.3.6.1.4.1.18420.1.2.80
NAME 'dlzSOARecord'
DESC 'DNS SOA record'
SUP dlzAbstractRecord STRUCTURAL
MUST ( dlzSerial $ dlzRefresh $ dlzRetry
$ dlzExpire $ dlzMinimum $ dlzAdminEmail $ dlzPrimaryNS ) )
objectclass ( 1.3.6.1.4.1.18420.1.2.90
NAME 'dlzTextRecord'
DESC 'Text data with spaces should be wrapped in double quotes'
SUP dlzGenericRecord STRUCTURAL )
objectclass ( 1.3.6.1.4.1.18420.1.2.100
NAME 'dlzPTRRecord'
DESC 'DNS PTR record'
SUP dlzGenericRecord STRUCTURAL )
objectclass ( 1.3.6.1.4.1.18420.1.2.110
NAME 'dlzCNameRecord'
DESC 'DNS CName record'
SUP dlzGenericRecord STRUCTURAL )
objectclass ( 1.3.6.1.4.1.18420.1.2.120
NAME 'dlzXFR'
DESC 'Host allowed to perform zone transfer'
SUP top STRUCTURAL
MUST ( objectclass $ dlzRecordID $ dlzIPAddr ) )
++++++ dnszone-schema.txt ++++++
# A schema for storing DNS zones in LDAP
#
attributetype ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL'
DESC 'An integer denoting time to live'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
DESC 'The class of a resource record'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName'
DESC 'The name of a zone, i.e. the name of the highest node in the zone'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName'
DESC 'The starting labels of a domain name'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord'
DESC 'domain name pointer, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord'
DESC 'host information, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord'
DESC 'mailbox or mail list information, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord'
DESC 'text string, RFC 1035'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord'
DESC 'for AFS Data Base location, RFC 1183'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord'
DESC 'Signature, RFC 2535'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord'
DESC 'Key, RFC 2535'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord'
DESC 'IPv6 address, RFC 1886'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord'
DESC 'Location, RFC 1876'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord'
DESC 'non-existant, RFC 2535'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord'
DESC 'service location, RFC 2782'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord'
DESC 'Naming Authority Pointer, RFC 2915'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord'
DESC 'Key Exchange Delegation, RFC 2230'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord'
DESC 'certificate, RFC 2538'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record'
DESC 'A6 Record Type, RFC 2874'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord'
DESC 'Non-Terminal DNS Name Redirection, RFC 2672'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord'
DESC 'Delegation Signer, RFC 3658'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord'
DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord'
DESC 'RRSIG, RFC 3755'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord'
DESC 'NSEC, RFC 3755'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
SUP top STRUCTURAL
MUST ( zoneName $ relativeDomainName )
MAY ( DNSTTL $ DNSClass $
ARecord $ MDRecord $ MXRecord $ NSRecord $
SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $
KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $
SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $
RRSIGRecord $ NSECRecord ) )
++++++ named-bootconf.diff ++++++
--- contrib/named-bootconf/named-bootconf.sh
+++ contrib/named-bootconf/named-bootconf.sh 2006/11/06 08:59:04
@@ -54,7 +54,8 @@
# POSSIBILITY OF SUCH DAMAGE.
if [ ${OPTIONFILE-X} = X ]; then
- WORKDIR=/tmp/`date +%s`.$$
+ TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1
+ WORKDIR=$TMPDIR/`date +%s`.$$
( umask 077 ; mkdir $WORKDIR ) || {
echo "unable to create work directory '$WORKDIR'" >&2
exit 1
@@ -308,7 +309,7 @@
cat $ZONEFILE $COMMENTFILE
rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE
- rmdir $WORKDIR
+ rm -rf $TMPDIR
fi
exit 0
++++++ named-direct-proc-mount.diff ++++++
Index: bind-9.7.2P3/vendor-files/init/named
===================================================================
--- bind-9.7.2P3.orig/vendor-files/init/named 2010-12-09 16:17:51.000000000
+0100
+++ bind-9.7.2P3/vendor-files/init/named 2010-12-09 16:19:55.060044775
+0100
@@ -183,8 +183,7 @@
# mount /proc for multicore CPUs (bnc#470828)
if [ ! -e "${CHROOT_PREFIX}/proc/meminfo" ]; then
mkdir -p "${CHROOT_PREFIX}/proc"
- mount --bind /proc "${CHROOT_PREFIX}/proc" 2>/dev/null
- mount -o remount,ro,nosuid,nodev ${CHROOT_PREFIX}/proc 2>/dev/null
+ mount -tproc -oro,nosuid,nodev,noexec proc ${CHROOT_PREFIX}/proc
2>/dev/null
fi;
###########################
++++++ named.root ++++++
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jun 8, 2011
; related version of root zone: 2011060800
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; FORMERLY C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
;
; OPERATED BY VERISIGN, INC.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
;
; OPERATED BY ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
;
; OPERATED BY WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
; End of File
++++++ perl-path.diff ++++++
--- bin/tests/t_api.pl
+++ bin/tests/t_api.pl 2012/07/03 09:59:31
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
#
# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1999-2001 Internet Software Consortium.
--- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl
+++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl 2012/07/03
09:59:52
@@ -1,4 +1,4 @@
-#! /usr/local/bin/perl -w
+#! /usr/bin/perl -w
# $Id: generate_nameprep_data.pl,v 1.1 2003/06/04 00:27:54 marka Exp $
#
# Copyright (c) 2001 Japan Network Information Center. All rights reserved.
--- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl
+++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl 2012/07/03
09:59:42
@@ -1,4 +1,4 @@
-#! /usr/local/bin/perl -w
+#! /usr/bin/perl -w
# $Id: generate_normalize_data.pl,v 1.1 2003/06/04 00:27:55 marka Exp $
#
# Copyright (c) 2000,2001 Japan Network Information Center.
++++++ pid-path.diff ++++++
--- bin/named/include/named/globals.h
+++ bin/named/include/named/globals.h 2009/01/28 11:01:54
@@ -121,9 +121,9 @@
"lwresd.pid");
#else
EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR
- "/run/named.pid");
+
"/run/named/named.pid");
EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
- "/run/lwresd.pid");
+
"/run/named/lwresd.pid");
#endif
EXTERN const char * ns_g_username INIT(NULL);
--- contrib/nanny/nanny.pl
+++ contrib/nanny/nanny.pl 2009/01/28 11:02:29
@@ -19,7 +19,7 @@
# A simple nanny to make sure named stays running.
-$pid_file_location = '/var/run/named.pid';
+$pid_file_location = '/var/run/named/named.pid';
$nameserver_location = 'localhost';
$dig_program = 'dig';
$named_program = 'named';
++++++ pie_compile.diff ++++++
--- bin/Makefile.in
+++ bin/Makefile.in 2010/02/17 10:54:34
@@ -23,4 +23,8 @@
check confgen @PKCS11_TOOLS@
TARGETS =
+EXT_CFLAGS = -fPIE
+
@BIND9_MAKE_RULES@
+
+LDFLAGS += -pie
--- bin/dig/Makefile.in
+++ bin/dig/Makefile.in 2010/02/17 10:52:39
@@ -67,8 +67,12 @@
MANOBJS = ${MANPAGES} ${HTMLPAGES}
+EXT_CFLAGS = -fPIE
+
@BIND9_MAKE_RULES@
+LDFLAGS += -pie
+
dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \
${FINALBUILDCMD}
--- bin/dnssec/Makefile.in
+++ bin/dnssec/Makefile.in 2010/02/17 10:53:51
@@ -60,8 +60,12 @@
MANOBJS = ${MANPAGES} ${HTMLPAGES}
+EXT_CFLAGS = -fPIE
+
@BIND9_MAKE_RULES@
+LDFLAGS += -pie
+
dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \
${FINALBUILDCMD}
--- bin/nsupdate/Makefile.in
+++ bin/nsupdate/Makefile.in 2010/02/17 10:55:42
@@ -64,8 +64,12 @@
MANOBJS = ${MANPAGES} ${HTMLPAGES}
+EXT_CFLAGS = -fPIE
+
@BIND9_MAKE_RULES@
+LDFLAGS += -pie
+
nsupdate.@O@: nsupdate.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DSESSION_KEYFILE=\"${localstatedir}/run/named/session.key\" \
--- bin/rndc/Makefile.in
+++ bin/rndc/Makefile.in 2010/02/17 10:57:03
@@ -59,8 +59,12 @@
MANOBJS = ${MANPAGES} ${HTMLPAGES}
+EXT_CFLAGS = -fPIE
+
@BIND9_MAKE_RULES@
+LDFLAGS += -pie
+
rndc.@O@: rndc.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DVERSION=\"${VERSION}\" \
--- bin/check/Makefile.in
+++ bin/check/Makefile.in 2005/06/17 13:01:56
@@ -55,8 +55,12 @@
MANOBJS = ${MANPAGES} ${HTMLPAGES}
+EXT_CFLAGS = -fPIE
+
@BIND9_MAKE_RULES@
+LDFLAGS += -pie
+
named-checkconf.@O@: named-checkconf.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DVERSION=\"${VERSION}\" \
--- bin/named/Makefile.in
+++ bin/named/Makefile.in 2005/06/17 12:41:37
@@ -91,8 +91,12 @@
MANOBJS = ${MANPAGES} ${HTMLPAGES}
+EXT_CFLAGS = -fPIE
+
@BIND9_MAKE_RULES@
+LDFLAGS += -pie
+
main.@O@: main.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DVERSION=\"${VERSION}\" \
--- bin/named/unix/Makefile.in
+++ bin/named/unix/Makefile.in 2005/06/17 12:40:23
@@ -33,4 +33,6 @@
TARGETS = ${OBJS}
+EXT_CFLAGS = -fPIE
+
@BIND9_MAKE_RULES@
--- bin/confgen/Makefile.in
+++ bin/confgen/Makefile.in 2010/02/17 11:09:01
@@ -64,8 +64,12 @@
UOBJS = unix/os.@O@
+EXT_CFLAGS = -fPIE
+
@BIND9_MAKE_RULES@
+LDFLAGS += -pie
+
rndc-confgen.@O@: rndc-confgen.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
++++++ tmpfs.patch ++++++
Index: vendor-files/init/lwresd
===================================================================
--- vendor-files/init/lwresd.orig
+++ vendor-files/init/lwresd
@@ -118,6 +118,10 @@ function checkAndCopyConfigFiles
case "$1" in
start)
echo -n "Starting Lightweight resolver daemon "
+ # Create link if needed, /var/run might be on tmpfs
+ if [ ! -L /var/run/named ] ; then
+ ln -s ${CHROOT_PREFIX}/var/run/named /var/run/named
+ fi
checkAndCopyConfigFiles
startproc ${LWRESD_BIN} ${NAMED_ARGS} -u named
rc_status -v
Index: vendor-files/init/named
===================================================================
--- vendor-files/init/named.orig
+++ vendor-files/init/named
@@ -231,6 +231,11 @@ case "$1" in
if [ ! -e /etc/named.d/forwarders.conf ]; then
touch /etc/named.d/forwarders.conf
fi
+ # Create link if needed, /var/run might be on tmpfs
+ if [ ! -L /var/run/named ] ; then
+ ln -s ${CHROOT_PREFIX}/var/run/named /var/run/named
+ fi
+
checkproc -p ${NAMED_PID} ${NAMED_BIN}
case $? in
0) echo -n "- Warning: named already running! " ;;
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
