Hello community, here is the log from the commit of package bind.1511 for openSUSE:12.1:Update checked in at 2013-04-03 16:16:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/bind.1511 (Old) and /work/SRC/openSUSE:12.1:Update/.bind.1511.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind.1511", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-02-26 18:15:11.936010755 +0100 +++ /work/SRC/openSUSE:12.1:Update/.bind.1511.new/bind.changes 2013-04-03 16:16:47.000000000 +0200 @@ -0,0 +1,1655 @@ +------------------------------------------------------------------- +Tue Mar 26 21:45:56 UTC 2013 - lmue...@suse.com + +- Updated to 9.8.4-P2 + +Security Fixes + + Removed the check for regex.h in configure in order to disable + regex syntax checking, as it exposes BIND to a critical flaw in + libregex on some platforms. [CVE-2013-2266] [RT #32688] + https://kb.isc.org/article/AA-00871 (bnc#811876) + + Prevents named from aborting with a require assertion failure + on servers with DNS64 enabled. These crashes might occur as a + result of specific queries that are received. (Note that this + fix is a subset of a series of updates that will be included in + full in BIND 9.8.5 and 9.9.3 as change #3388, RT #30996). + [CVE-2012-5688] [RT #30792] + + A deliberately constructed combination of records could cause + named to hang while populating the additional section of a + response. [CVE-2012-5166] [RT #31090] + + Prevents a named assert (crash) when queried for a record whose + RDATA exceeds 65535 bytes [CVE-2012-4244] [RT #30416] + + Prevents a named assert (crash) when validating caused by using + "Bad cache" data before it has been initialized. [CVE-2012-3817] + [RT #30025] + + A condition has been corrected where improper handling of + zero-length RDATA could cause undesirable behavior, including + termination of the named process. [CVE-2012-1667] [RT #29644] + +New Features + + Elliptic Curve Digital Signature Algorithm keys and signatures + in DNSSEC are now supported per RFC 6605. [RT #21918] + +Feature Changes + + Improves OpenSSL error logging [RT #29932] + + nslookup now returns a nonzero exit code when it is unable to + get an answer. [RT #29492] + +Bug Fixes + + Uses binary mode to open raw files on Windows. [RT #30944] + + Static-stub zones now accept "forward" and "fowarders" options + (often needed for subdomains of the zone referenced to override + global forwarding options). These options are already available + with traditional stub zones and their omission from zones of + type "static-stub" was an inadvertent oversight. [RT #30482] + + Limits the TTL of signed RRsets in cache when their RRSIGs are + approaching expiry. This prevents the persistence in cache of + invalid RRSIGs in order to assist recovery from a situation where + zone re-signing doesn't occur in a timely manner. With this + change, named will attempt to obtain new RRSIGs from the + authoritative server once the original ones have expired, and + even if the TTL of the old records would in other circumstances + cause them to be kept in cache for longer. [RT #26429] + + Corrects the syntax of isc_atomic_xadd() and isc_atomic_cmpxchg() + which are employed on Itanium systems to speed up lock management + by making use of atomic operations. Without the syntax correction + it is possible that concurrent access to the same structures + could accidentally occur with unpredictable results. [RT #25181] + + The configure script now supports and detects libxml2-2.8.x + correctly [RT #30440] + + The host command should no longer assert on some architectures + and builds while handling the time values used with the -w (wait + forever) option. [RT #18723] + + Invalid zero settings for max-retry-time, min-retry-time, + max-refresh-time, min-refresh-time will now be detected during + parsing of named.conf and an error emitted instead of triggering + an assertion failure on startup. [RT #27730] + + Removes spurious newlines from log messages in zone.c [RT #30675] + + When built with readline support (i.e. on a system with readline + installed) nsupdate no longer terminates unexpectedly in interactive + mode. [RT #29550] + + All named tasks that perform task-exclusive operations now share + the same single task. Prior to this change, there was the + possibility of a race condition between rndc operations and other + functions such as re-sizing the adb hash table. If the race + condition was encountered, named would in most cases terminate + unexpectedly with an assert. [RT #29872] + + Ensures that servers are expired from the ADB cache when the + timeout limit is reached so that their learned attributes can + be refreshed. Prior to this change, servers that were frequently + queried might never have their entries removed and reinitialized. + This is of particular importance to DNSSEC-validating recursive + servers that might erroneously set "no-edns" for an authoritative + server following a period of intermittent connectivity. [RT + #29856] + + Adds additional resilience to a previous security change (3218) + by preventing RRSIG data from being added to cache when a + pseudo-record matching the covering type and proving non-existence + exists at a higher trust level. The earlier change prevented + this inconsistent data from being retrieved from cache in response + to client queries - with this additional change, the RRSIG + records are no longer inserted into cache at all. [RT #26809] + + dnssec-settime will now issue a warning when the writing of a + new private key file would cause a change in the permissions of + the existing file. [RT #27724] + + Fixes the defect introduced by change #3314 that was causing + failures when saving stub zones to disk (resulting in excessive + CPU usage in some cases). [RT #29952] + + It is now possible to using multiple control keys again - this + functionality was inadvertently broken by change #3924 (RT #28265) + which addressed a memory leak. [RT #29694] + + Setting resolver-query-timeout too low could cause named problems + recovering after a loss of connectivity. [RT #29623] Reduces + the potential build-up of stale RRsets in cache on a busy recursive + nameserver by re-using cached DS and RRSIG rrsets when possible + [RT #29446] + + Corrects a failure to authenticate non-existence of resource + records in some circumstances when RPZ has been configured. + Also: + - adds an optional "recursive-only yes|no" to the response-policy + statement + - adds an optional "max-policy-ttl" to the response-policy + statement to limit the false data that "recursive-only no" + can introduce into resolvers' caches + - introduces a predefined encoding of PASSTHRU policy by adding + "rpz-passthru" to be used as the target of CNAME policy records + (the old encoding is still accepted.) + - adds a RPZ performance test to bin/tests/system/rpz when + queryperf is available. + [RT #26172] + + Upper-case/lower-case handling of RRSIG signer-names is now + handled consistently: RRSIG records are generated with the + signer-name in lower case. They are accepted with any case, but + if they fail to validate, we try again in lower case. [RT #27451] + +------------------------------------------------------------------- +Tue Mar 26 21:32:09 UTC 2013 - lmue...@suse.com + +- Update the IPv4 address of the D root name server. + +------------------------------------------------------------------- +Fri Dec 7 15:34:36 UTC 2012 - meiss...@suse.com + +- 9.8.4-P1 (bnc#792926) + * Security: + - Prevents named from aborting with a require assertion failure on + servers with DNS64 enabled. These crashes might occur as a result of + specific queries that are received. (Note that this fix is a subset + of a series of updates that will be included in full in BIND 9.8.5 and + 9.9.3 as change #3388, RT #30996). [CVE-2012-5688] [RT #30792] + - A deliberately constructed combination of records could cause + named to hang while populating the additional section of a + response. [CVE-2012-5166] [RT #31090] + + - Prevents a named assert (crash) when queried for a record whose + RDATA exceeds 65535 bytes [CVE-2012-4244] [RT #30416] + - Prevents a named assert (crash) when validating caused by using "Bad + cache" data before it has been initialized. [CVE-2012-3817] [RT #30025] + - A condition has been corrected where improper handling of zero-length + RDATA could cause undesirable behavior, including termination of the + named process. [CVE-2012-1667] [RT #29644] + + * New Features + + Elliptic Curve Digital Signature Algorithm keys and signatures in + DNSSEC are now supported per RFC 6605. [RT #21918] + + * Feature Changes + + Improves OpenSSL error logging [RT #29932] + nslookup now returns a nonzero exit code when it is unable to get an answer. [RT #29492] + + * Bug Fixes + + - Uses binary mode to open raw files on Windows. [RT #30944] + - Static-stub zones now accept "forward" and "fowarders" options + (often needed for subdomains of the zone referenced to override + global forwarding options). These options are already available + with traditional stub zones and their omission from zones of type + "static-stub" was an inadvertent oversight. [RT #30482] + - Limits the TTL of signed RRsets in cache when their RRSIGs are ++++ 1458 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.1:Update/.bind.1511.new/bind.changes New: ---- Makefile.in.diff baselibs.conf bind-9.8.4-P2.tar.gz bind.changes bind.spec configure.in.diff configure.in.diff2 dlz-schema.txt dnszone-schema.txt named-bootconf.diff named.root perl-path.diff pid-path.diff pie_compile.diff vendor-files.tar.bz2 workaround-compile-problem.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ ++++ 701 lines (skipped) ++++++ Makefile.in.diff ++++++ Index: bind-9.8.4-P2/bin/named/Makefile.in =================================================================== --- bind-9.8.4-P2.orig/bin/named/Makefile.in +++ bind-9.8.4-P2/bin/named/Makefile.in @@ -162,8 +162,6 @@ installdirs: install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir} (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@) - ${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8 - ${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5 + for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man$${m##*.}; done @DLZ_DRIVER_RULES@ ++++++ baselibs.conf ++++++ bind-libs obsoletes "bind-utils-<targettype>" provides "bind-utils-<targettype>" arch ppc package bind-devel requires -bind-<targettype> requires "bind-libs-<targettype> = <version>" arch sparcv9 package bind-devel requires -bind-<targettype> requires "bind-libs-<targettype> = <version>" ++++++ configure.in.diff ++++++ Index: bind-9.8.4-P2/configure.in =================================================================== --- bind-9.8.4-P2.orig/configure.in +++ bind-9.8.4-P2/configure.in @@ -2961,7 +2961,7 @@ AC_SUBST(DOXYGEN) # empty). The variable VARIABLE will be substituted into output files. # -AC_DEFUN(NOM_PATH_FILE, [ +AC_DEFUN([NOM_PATH_FILE], [ $1="" AC_MSG_CHECKING(for $2) for d in $3 ++++++ configure.in.diff2 ++++++ --- a/configure.in +++ a/configure.in 2011/04/21 13:34:11 @@ -280,7 +280,7 @@ AC_C_INLINE AC_C_VOLATILE AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME)) -AC_C_FLEXIBLE_ARRAY_MEMBER +#AC_C_FLEXIBLE_ARRAY_MEMBER # # UnixWare 7.1.1 with the feature supplement to the UDK compiler ++++++ dlz-schema.txt ++++++ # # # 1.3.6.1.4.1.18420.1.1.X is reserved for attribute types declared by the DLZ project. # 1.3.6.1.4.1.18420.1.2.X is reserved for object classes declared by the DLZ project. # 1.3.6.1.4.1.18420.1.3.X is reserved for PRIVATE extensions to the DLZ attribute # types and object classes that may be needed by end users # to add security, etc. Attributes and object classes using # this OID MUST NOT be published outside of an organization # except to offer them for consideration to become part of the # standard attributes and object classes published by the DLZ project. attributetype ( 1.3.6.1.4.1.18420.1.1.10 NAME 'dlzZoneName' DESC 'DNS zone name - domain name not including host name' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.20 NAME 'dlzHostName' DESC 'Host portion of a domain name' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.30 NAME 'dlzData' DESC 'Data for the resource record' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.40 NAME 'dlzType' DESC 'DNS record type - A, SOA, NS, MX, etc...' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.50 NAME 'dlzSerial' DESC 'SOA record serial number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.60 NAME 'dlzRefresh' DESC 'SOA record refresh time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.70 NAME 'dlzRetry' DESC 'SOA retry time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.80 NAME 'dlzExpire' DESC 'SOA expire time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.90 NAME 'dlzMinimum' DESC 'SOA minimum time in seconds' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.100 NAME 'dlzAdminEmail' DESC 'E-mail address of person responsible for this zone - @ should be replaced with . (period)' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.110 NAME 'dlzPrimaryNS' DESC 'Primary name server for this zone - should be host name not IP address' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.120 NAME 'dlzIPAddr' DESC 'IP address - IPV4 should be in dot notation xxx.xxx.xxx.xxx IPV6 should be in colon notation xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{40} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.130 NAME 'dlzCName' DESC 'DNS cname' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.140 NAME 'dlzPreference' DESC 'DNS MX record preference. Lower numbers have higher preference' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.150 NAME 'dlzTTL' DESC 'DNS time to live - how long this record can be cached by caching DNS servers' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.18420.1.1.160 NAME 'dlzRecordID' DESC 'Unique ID for each DLZ resource record' SUP name SINGLE-VALUE ) #------------------------------------------------------------------------------ # Object class definitions #------------------------------------------------------------------------------ objectclass ( 1.3.6.1.4.1.18420.1.2.10 NAME 'dlzZone' DESC 'Zone name portion of a domain name' SUP top STRUCTURAL MUST ( objectclass $ dlzZoneName ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.20 NAME 'dlzHost' DESC 'Host name portion of a domain name' SUP top STRUCTURAL MUST ( objectclass $ dlzHostName ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.30 NAME 'dlzAbstractRecord' DESC 'Data common to all DNS record types' SUP top ABSTRACT MUST ( objectclass $ dlzRecordID $ dlzHostName $ dlzType $ dlzTTL ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.40 NAME 'dlzGenericRecord' DESC 'Generic DNS record - useful when a specific object class has not been defined for a DNS record' SUP dlzAbstractRecord STRUCTURAL MUST ( dlzData ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.50 NAME 'dlzARecord' DESC 'DNS A record' SUP dlzAbstractrecord STRUCTURAL MUST ( dlzIPAddr ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.60 NAME 'dlzNSRecord' DESC 'DNS NS record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.70 NAME 'dlzMXRecord' DESC 'DNS MX record' SUP dlzGenericRecord STRUCTURAL MUST ( dlzPreference ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.80 NAME 'dlzSOARecord' DESC 'DNS SOA record' SUP dlzAbstractRecord STRUCTURAL MUST ( dlzSerial $ dlzRefresh $ dlzRetry $ dlzExpire $ dlzMinimum $ dlzAdminEmail $ dlzPrimaryNS ) ) objectclass ( 1.3.6.1.4.1.18420.1.2.90 NAME 'dlzTextRecord' DESC 'Text data with spaces should be wrapped in double quotes' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.100 NAME 'dlzPTRRecord' DESC 'DNS PTR record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.110 NAME 'dlzCNameRecord' DESC 'DNS CName record' SUP dlzGenericRecord STRUCTURAL ) objectclass ( 1.3.6.1.4.1.18420.1.2.120 NAME 'dlzXFR' DESC 'Host allowed to perform zone transfer' SUP top STRUCTURAL MUST ( objectclass $ dlzRecordID $ dlzIPAddr ) ) ++++++ dnszone-schema.txt ++++++ # A schema for storing DNS zones in LDAP # attributetype ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName' DESC 'The name of a zone, i.e. the name of the highest node in the zone' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName' DESC 'The starting labels of a domain name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain name pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mailbox or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text string, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signature, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6 address, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Location, RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-existant, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'service location, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Naming Authority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Exchange Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'certificate, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Record Type, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non-Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delegation Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRSIG, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' SUP top STRUCTURAL MUST ( zoneName $ relativeDomainName ) MAY ( DNSTTL $ DNSClass $ ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $ MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecord ) ) ++++++ named-bootconf.diff ++++++ Index: contrib/named-bootconf/named-bootconf.sh =================================================================== --- contrib/named-bootconf/named-bootconf.sh.orig +++ contrib/named-bootconf/named-bootconf.sh @@ -54,7 +54,8 @@ # POSSIBILITY OF SUCH DAMAGE. if [ ${OPTIONFILE-X} = X ]; then - WORKDIR=/tmp/`date +%s`.$$ + TMPDIR=`mktemp -p /tmp/ -d named-bootconf.XXXXXXXXXX` || exit 1 + WORKDIR=$TMPDIR/`date +%s`.$$ ( umask 077 ; mkdir $WORKDIR ) || { echo "unable to create work directory '$WORKDIR'" >&2 exit 1 @@ -308,7 +309,7 @@ if [ $DUMP -eq 1 ]; then cat $ZONEFILE $COMMENTFILE rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE - rmdir $WORKDIR + rm -rf $TMPDIR fi exit 0 ++++++ named.root ++++++ ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: Jan 3, 2013 ; related version of root zone: 2013010300 ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D ; ; FORMERLY NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; FORMERLY NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F ; ; FORMERLY NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 ; ; OPERATED BY ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; ; OPERATED BY WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 ; End of File ++++++ perl-path.diff ++++++ Index: bin/tests/t_api.pl =================================================================== --- bin/tests/t_api.pl.orig +++ bin/tests/t_api.pl @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl # # Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1999-2001 Internet Software Consortium. Index: contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl =================================================================== --- contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl.orig +++ contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w # $Id: generate_nameprep_data.pl,v 1.1 2003/06/04 00:27:54 marka Exp $ # # Copyright (c) 2001 Japan Network Information Center. All rights reserved. Index: contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl =================================================================== --- contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl.orig +++ contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl @@ -1,4 +1,4 @@ -#! /usr/local/bin/perl -w +#! /usr/bin/perl -w # $Id: generate_normalize_data.pl,v 1.1 2003/06/04 00:27:55 marka Exp $ # # Copyright (c) 2000,2001 Japan Network Information Center. ++++++ pid-path.diff ++++++ Index: bin/named/include/named/globals.h =================================================================== --- bin/named/include/named/globals.h.orig +++ bin/named/include/named/globals.h @@ -134,9 +134,9 @@ EXTERN const char * lwresd_g_defaultpid "lwresd.pid"); #else EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/named.pid"); + "/run/named/named.pid"); EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/lwresd.pid"); + "/run/named/lwresd.pid"); #endif EXTERN const char * ns_g_username INIT(NULL); Index: contrib/nanny/nanny.pl =================================================================== --- contrib/nanny/nanny.pl.orig +++ contrib/nanny/nanny.pl @@ -19,7 +19,7 @@ # A simple nanny to make sure named stays running. -$pid_file_location = '/var/run/named.pid'; +$pid_file_location = '/var/run/named/named.pid'; $nameserver_location = 'localhost'; $dig_program = 'dig'; $named_program = 'named'; ++++++ pie_compile.diff ++++++ Index: bin/Makefile.in =================================================================== --- bin/Makefile.in.orig +++ bin/Makefile.in @@ -23,4 +23,8 @@ SUBDIRS = named rndc dig dnssec tests to check confgen @PKCS11_TOOLS@ TARGETS = +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ + +LDFLAGS += -pie Index: bin/dig/Makefile.in =================================================================== --- bin/dig/Makefile.in.orig +++ bin/dig/Makefile.in @@ -67,8 +67,12 @@ HTMLPAGES = dig.html host.html nslookup. MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS} export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \ ${FINALBUILDCMD} Index: bin/dnssec/Makefile.in =================================================================== --- bin/dnssec/Makefile.in.orig +++ bin/dnssec/Makefile.in @@ -60,8 +60,12 @@ HTMLPAGES = dnssec-dsfromkey.html dnssec MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS} export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \ ${FINALBUILDCMD} Index: bin/nsupdate/Makefile.in =================================================================== --- bin/nsupdate/Makefile.in.orig +++ bin/nsupdate/Makefile.in @@ -64,8 +64,12 @@ HTMLPAGES = nsupdate.html MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + nsupdate.@O@: nsupdate.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DSESSION_KEYFILE=\"${localstatedir}/run/named/session.key\" \ Index: bin/rndc/Makefile.in =================================================================== --- bin/rndc/Makefile.in.orig +++ bin/rndc/Makefile.in @@ -59,8 +59,12 @@ HTMLPAGES = rndc.html rndc.conf.html MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + rndc.@O@: rndc.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ Index: bin/check/Makefile.in =================================================================== --- bin/check/Makefile.in.orig +++ bin/check/Makefile.in @@ -57,8 +57,12 @@ HTMLPAGES = named-checkconf.html named-c MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + named-checkconf.@O@: named-checkconf.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ Index: bin/named/Makefile.in =================================================================== --- bin/named/Makefile.in.orig +++ bin/named/Makefile.in @@ -109,8 +109,12 @@ HTMLPAGES = named.html lwresd.html named MANOBJS = ${MANPAGES} ${HTMLPAGES} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + main.@O@: main.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DVERSION=\"${VERSION}\" \ Index: bin/named/unix/Makefile.in =================================================================== --- bin/named/unix/Makefile.in.orig +++ bin/named/unix/Makefile.in @@ -34,4 +34,6 @@ SRCS = os.c dlz_dlopen_driver.c TARGETS = ${OBJS} +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ Index: bin/confgen/Makefile.in =================================================================== --- bin/confgen/Makefile.in.orig +++ bin/confgen/Makefile.in @@ -64,8 +64,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} UOBJS = unix/os.@O@ +EXT_CFLAGS = -fPIE + @BIND9_MAKE_RULES@ +LDFLAGS += -pie + rndc-confgen.@O@: rndc-confgen.c ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \ ++++++ workaround-compile-problem.diff ++++++ --- bin/tests/system/Makefile.in +++ bin/tests/system/Makefile.in 2012/05/04 14:43:22 @@ -21,7 +21,7 @@ @BIND9_MAKE_INCLUDES@ -SUBDIRS = dlzexternal filter-aaaa lwresd rpz tkey tsiggss +SUBDIRS = filter-aaaa lwresd rpz tkey tsiggss TARGETS = @BIND9_MAKE_RULES@ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org