diff --git a/SOURCES/setup-named-chroot.sh b/SOURCES/setup-named-chroot.sh index d7de36a..2326c49 100755 --- a/SOURCES/setup-named-chroot.sh +++ b/SOURCES/setup-named-chroot.sh @@ -1,9 +1,12 @@ #!/bin/bash +# Warning: the order is important +# If a directory containing $ROOTDIR is listed here, +# it MUST be listed last. (/var/named contains /var/named/chroot) ROOTDIR_MOUNT='/etc/localtime /etc/named /etc/pki/dnssec-keys /etc/named.root.key /etc/named.conf -/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key -/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /run/named /var/named -/etc/protocols /etc/services' +/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key /etc/named.iscdlv.key /etc/protocols /etc/services +/usr/lib64/bind /usr/lib/bind /run/named +/var/named' usage() { diff --git a/SPECS/bind.spec b/SPECS/bind.spec index f65cc3c..58bb869 100644 --- a/SPECS/bind.spec +++ b/SPECS/bind.spec @@ -25,7 +25,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.9.4 -Release: 51%{?PATCHVER}%{?PREVER}%{?dist} +Release: 51%{?PATCHVER}%{?PREVER}%{?dist}.1 Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -1131,6 +1131,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Fri Oct 20 2017 Petr Menšík - 32:9.9.4-51.1 +- Fix named-chroot restart leak (#1504700) + * Thu Jun 29 2017 Petr Menšík - 32:9.9.4-51 - Fix CVE-2017-3142 and CVE-2017-3143