Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2014-08-05 10:24:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2014-06-05 10:49:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new/bind.changes 2014-08-05 10:24:18.000000000 +0200 @@ -1,0 +2,126 @@ +Thu Jul 31 21:40:49 UTC 2014 - lmue...@suse.com + +- Package dnssec-checkds and dnssec-coverage binaries and man pages only on + post-11.1 systems. + +------------------------------------------------------------------- +Thu Jul 31 17:20:38 UTC 2014 - lmue...@suse.com + +- Update to version 9.9.5P1 + Various bugfixes and some feature fixes. (see CHANGES files) + Security and maintenance issues: + + - [bug] Don't call qsort with a null pointer. [RT #35968] + - [bug] Disable GCC 4.9 "delete null pointer check". [RT #35968] + - [port] linux: libcap support: declare curval at start of block. [RT #35387] + +- Update to version 9.9.5 + - [bug] Address double dns_zone_detach when switching to using automatic + empty zones from regular zones. [RT #35177] + - [port] Use built-in versions of strptime() and timegm() on all platforms + to avoid portability issues. [RT #35183] + - [bug] Address a portentry locking issue in dispatch.c. [RT #35128] + - [bug] irs_resconf_load now returns ISC_R_FILENOTFOUND on a missing + resolv.conf file and initializes the structure as if it had been + configured with nameserver ::1 nameserver 127.0.0.1 [RT #35194] + - [contrib] queryperf: Fixed a possible integer overflow when printing + results. [RT #35182] + - [protocol] Accept integer timestamps in RRSIG records. [RT #35185] + - [func] named-checkconf can now obscure shared secrets when printing by + specifying '-x'. [RT #34465] + - [bug] Improvements to statistics channel XSL stylesheet: the stylesheet can + now be cached by the browser; section headers are omitted from the stats + display when there is no data in those sections to be displayed; counters + are now right-justified for easier readability. (Only available with + configure --enable-newstats.) [RT #35117] + - [cleanup] Replaced all uses of memcpy() with memmove(). [RT #35120] + - [bug] Handle "." as a search list element when IDN support is enabled. + [RT #35133] + - [bug] dig failed to handle AXFR style IXFR responses which span multiple + messages. [RT #35137] + - [bug] Address a possible race in dispatch.c. [RT #35107] + - [bug] Warn when a key-directory is configured for a zone, but does not + exist or is not a directory. [RT #35108] + - [security] memcpy was incorrectly called with overlapping ranges resulting + in malformed names being generated on some platforms. This could cause + INSIST failures when serving NSEC3 signed zones (CVE-2014-0591). + [RT #35120] + - [bug] Two calls to dns_db_getoriginnode were fatal if there was no data at + the node. [RT #35080] + - [bug] Iterative responses could be missed when the source port for an + upstream query was the same as the listener port (53). [RT #34925] + - [bug] Fixed a bug causing an insecure delegation from one static-stub zone + to another to fail with a broken trust chain. [RT #35081] + - [bug] loadnode could return a freed node on out of memory. [RT #35106] + - [bug] Address null pointer dereference in zone_xfrdone. [RT #35042] + - [func] "dnssec-signzone -Q" drops signatures from keys that are still + published but no longer active. [RT #34990] + - [bug] "rndc refresh" didn't work correctly with slave zones usingi + inline-signing. [RT #35105] + - [cleanup] Add a more detailed "not found" message to rndc commands which + specify a zone name. [RT #35059] + - [bug] Correct the behavior of rndc retransfer to allow inline-signing slave + zones to retain NSEC3 parameters instead of reverting to NSEC. [RT #34745] + - [port] Update the Windows build system to support feature selection and + WIN64 builds. This is a work in progress. [RT #34160] + - [bug] dig could fail to clean up TCP sockets still waiting on connect(). + [RT #35074] + - [port] Update config.guess and config.sub. [RT #35060] + - [bug] 'nsupdate' leaked memory if 'realm' was used multiple times. + [RT #35073] + - [bug] "named-checkconf -z" now checks zones of type hint and redirect as + well as master. [RT #35046] + - [misc] Provide a place for third parties to add version information for + their extensions in the version file by setting the EXTENSIONS variable. + - [bug] RPZ zeroed ttls if the query type was '*'. [RT #35026] + - [func] Local address can now be specified when using dns_client API. + [RT #34811] + - [bug] Don't allow dnssec-importkey overwrite a existing non-imported + private key. + - [bug] Address read after free in server side of lwres_getrrsetbyname. + [RT #29075] + - [bug] Fix cast in lex.c which could see 0xff treated as eof. [RT #34993] + - [bug] Failure to release lock on error in receive_secure_db. [RT #34944] + - [bug] Updated OpenSSL PKCS#11 patches to fix active list locking and other + bugs. [RT #34855] + - [bug] Address bugs in dns_rdata_fromstruct and dns_rdata_tostruct for WKS + and ISDN types. [RT #34910] + - [bug] 'host' could die if a UDP query timed out. [RT #34870] + - [bug] Address lock order reversal deadlock with inline zones. [RT #34856] + - [cleanup] Changed the name of "isc-config.sh" to "bind9-config". + [RT #23825] + - [port] linux: Address platform specific compilation issue when libcap-devel + is installed. [RT #34838] + - [port] Some readline clones don't accept NULL pointers when calling + add_history. [RT #34842] + - [cleanup] Simplify TCP message processing when requesting a zone transfer. + [RT #34825] + - [bug] Address race condition with manual notify requests. [RT #34806] + - [func] Create delegations for all "children" of empty zones except + "forward first". [RT #34826] + - [tuning] Adjust when a master server is deemed unreachable. [RT #27075] + - [tuning] Use separate rate limiting queues for refresh and notify + requests. [RT #30589] + - [cleanup] Include a comment in .nzf files, giving the name of the + associated view. [RT #34765] + - [bug] Address a race condition when shutting down a zone. [RT #34750] + - [bug] Journal filename string could be set incorrectly, causing garbage in + log messages. [RT #34738] + - [protocol] Use case sensitive compression when responding to queries. + [RT #34737] + - [protocol] Check that EDNS subnet client options are well formed. + [RT #34718] + - [func] Allow externally generated DNSKEY to be imported into the DNSKEY + management framework. A new tool dnssec-importkey is used to do this. + [RT #34698] + - [bug] Handle changes to sig-validity-interval settings better. [RT #34625] + - [bug] ndots was not being checked when searching. Only continue searching + on NXDOMAIN responses. Add the ability to specify ndots to nslookup. + [RT #34711] + - [bug] Treat type 65533 (KEYDATA) as opaque except when used in a key zone. + [RT #34238] +- Updated to current rpz patch fromĀ·http://ss.vix.su/~vjs/rrlrpz.html + - rpz2-9.9.4.patch + + rpz2+rl-9.9.5.patch + +------------------------------------------------------------------- Old: ---- bind-9.9.4-P2.tar.gz bind-9.9.4-P2.tar.gz.asc rpz2-9.9.4.patch New: ---- bind-9.9.5-P1.tar.gz bind-9.9.5-P1.tar.gz.asc rpz2+rl-9.9.5.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.ftAime/_old 2014-08-05 10:24:19.000000000 +0200 +++ /var/tmp/diff_new_pack.ftAime/_new 2014-08-05 10:24:19.000000000 +0200 @@ -18,7 +18,7 @@ Name: bind %define pkg_name bind -%define pkg_vers 9.9.4-P2 +%define pkg_vers 9.9.5-P1 BuildRequires: krb5-devel BuildRequires: libcap BuildRequires: libcap-devel @@ -33,7 +33,7 @@ Summary: Domain Name System (DNS) Server (named) License: ISC Group: Productivity/Networking/DNS/Servers -Version: 9.9.4P2 +Version: 9.9.5P1 Release: 0 Provides: bind8 Provides: bind9 @@ -66,8 +66,8 @@ # Rate limiting patch by Paul Vixie et.al. for reflection DoS protection # see http://www.redbarn.org/dns/ratelimits -#Patch200: http://ss.vix.su/~vjs/rpz2-9.9.4.patch -Patch200: rpz2-9.9.4.patch +#Patch200: http://ss.vix.su/~vjs/rpz2+rl-9.9.5.patch +Patch200: rpz2+rl-9.9.5.patch Source60: dlz-schema.txt %if %ul_version >= 1 @@ -589,11 +589,13 @@ %attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include %attr(0640,root,named) %ghost %config(noreplace) /%{_sysconfdir}/rndc.key %config /%{_sysconfdir}/init.d/named +%{_bindir}/bind9-config %{_sbindir}/rcnamed %{_sbindir}/named %{_sbindir}/named-checkconf %{_sbindir}/named-checkzone %{_sbindir}/named-compilezone +%doc %{_mandir}/man1/bind9-config.1.gz %doc %{_mandir}/man5/named.conf.5.gz %doc %{_mandir}/man8/named-checkconf.8.gz %doc %{_mandir}/man8/named-checkzone.8.gz @@ -688,9 +690,12 @@ %{_bindir}/runidn %{_sbindir}/arpaname %{_sbindir}/ddns-confgen +%if 0%{?suse_version} > 1110 %{_sbindir}/dnssec-checkds %{_sbindir}/dnssec-coverage +%endif %{_sbindir}/dnssec-dsfromkey +%{_sbindir}/dnssec-importkey %{_sbindir}/dnssec-keyfromlabel %{_sbindir}/dnssec-keygen %{_sbindir}/dnssec-revoke @@ -715,8 +720,10 @@ %doc %{_mandir}/man1/nsupdate.1.gz %doc %{_mandir}/man5/rndc.conf.5.gz %doc %{_mandir}/man8/ddns-confgen.8.gz +%if 0%{?suse_version} > 1110 %doc %{_mandir}/man8/dnssec-checkds.8.gz %doc %{_mandir}/man8/dnssec-coverage.8.gz +%endif %doc %{_mandir}/man8/dnssec-dsfromkey.8.gz %doc %{_mandir}/man8/dnssec-keyfromlabel.8.gz %doc %{_mandir}/man8/dnssec-keygen.8.gz ++++++ Makefile.in.diff ++++++ --- /var/tmp/diff_new_pack.ftAime/_old 2014-08-05 10:24:20.000000000 +0200 +++ /var/tmp/diff_new_pack.ftAime/_new 2014-08-05 10:24:20.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- bind-9.9.3-P1.orig/bin/named/Makefile.in +++ bind-9.9.3-P1/bin/named/Makefile.in -@@ -175,9 +175,7 @@ installdirs: +@@ -176,9 +176,7 @@ installdirs: install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir} (cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@) ++++++ bind-9.9.4-P2.tar.gz -> bind-9.9.5-P1.tar.gz ++++++ /work/SRC/openSUSE:Factory/bind/bind-9.9.4-P2.tar.gz /work/SRC/openSUSE:Factory/.bind.new/bind-9.9.5-P1.tar.gz differ: char 5, line 1 ++++++ bind-sdb-ldap.patch ++++++ --- /var/tmp/diff_new_pack.ftAime/_old 2014-08-05 10:24:20.000000000 +0200 +++ /var/tmp/diff_new_pack.ftAime/_new 2014-08-05 10:24:20.000000000 +0200 @@ -27,7 +27,7 @@ #ifdef CONTRIB_DLZ /* -@@ -904,6 +905,7 @@ +@@ -922,6 +923,7 @@ * Add calls to register sdb drivers here. */ /* xxdb_init(); */ @@ -35,7 +35,7 @@ #ifdef ISC_DLZ_DLOPEN /* -@@ -940,6 +942,7 @@ +@@ -958,6 +960,7 @@ * Add calls to unregister sdb drivers here. */ /* xxdb_clear(); */ ++++++ configure.in.diff ++++++ --- /var/tmp/diff_new_pack.ftAime/_old 2014-08-05 10:24:20.000000000 +0200 +++ /var/tmp/diff_new_pack.ftAime/_new 2014-08-05 10:24:20.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- bind-9.9.4-P2.orig/configure.in 2013-12-20 01:28:28.000000000 +0100 +++ bind-9.9.4-P2/configure.in 2014-01-21 17:55:51.063395215 +0100 -@@ -3142,7 +3142,7 @@ +@@ -3172,7 +3172,7 @@ # empty). The variable VARIABLE will be substituted into output files. # ++++++ named-bootconf.diff ++++++ --- /var/tmp/diff_new_pack.ftAime/_old 2014-08-05 10:24:20.000000000 +0200 +++ /var/tmp/diff_new_pack.ftAime/_new 2014-08-05 10:24:20.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- contrib/named-bootconf/named-bootconf.sh.orig +++ contrib/named-bootconf/named-bootconf.sh -@@ -54,7 +54,8 @@ +@@ -47,7 +47,8 @@ # POSSIBILITY OF SUCH DAMAGE. if [ ${OPTIONFILE-X} = X ]; then @@ -12,7 +12,7 @@ ( umask 077 ; mkdir $WORKDIR ) || { echo "unable to create work directory '$WORKDIR'" >&2 exit 1 -@@ -308,7 +309,7 @@ if [ $DUMP -eq 1 ]; then +@@ -301,7 +302,7 @@ if [ $DUMP -eq 1 ]; then cat $ZONEFILE $COMMENTFILE rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE ++++++ pid-path.diff ++++++ --- /var/tmp/diff_new_pack.ftAime/_old 2014-08-05 10:24:20.000000000 +0200 +++ /var/tmp/diff_new_pack.ftAime/_new 2014-08-05 10:24:20.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- bin/named/include/named/globals.h.orig 2013-07-17 00:13:06.000000000 +0200 +++ bin/named/include/named/globals.h 2013-08-05 14:14:28.152275375 +0200 -@@ -139,9 +139,9 @@ +@@ -140,9 +140,9 @@ "lwresd.pid"); #else EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR ++++++ pie_compile.diff ++++++ --- /var/tmp/diff_new_pack.ftAime/_old 2014-08-05 10:24:20.000000000 +0200 +++ /var/tmp/diff_new_pack.ftAime/_new 2014-08-05 10:24:20.000000000 +0200 @@ -124,7 +124,7 @@ =================================================================== --- bin/nsupdate/Makefile.in.orig 2013-07-17 00:13:06.000000000 +0200 +++ bin/nsupdate/Makefile.in 2013-08-06 12:08:19.493457729 +0200 -@@ -66,8 +66,12 @@ +@@ -68,8 +68,12 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES} ++++++ rpz2+rl-9.9.5.patch ++++++ ++++ 7601 lines (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org