diff --git a/.bind.metadata b/.bind.metadata index ec0886b..2a4946f 100644 --- a/.bind.metadata +++ b/.bind.metadata @@ -1 +1 @@ -771bbb31ab0bfcf3f50effa0af4df6014853ac86 SOURCES/bind-9.16.20.tar.xz +30cbd1f3e9d2d47d653498143334128aac1f8fc0 SOURCES/bind-9.16.23.tar.xz diff --git a/.gitignore b/.gitignore index 463781a..bed248e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/bind-9.16.20.tar.xz +SOURCES/bind-9.16.23.tar.xz diff --git a/SOURCES/bind-9.11-rh1666814.patch b/SOURCES/bind-9.11-rh1666814.patch index e66a5ab..7429999 100644 --- a/SOURCES/bind-9.11-rh1666814.patch +++ b/SOURCES/bind-9.11-rh1666814.patch @@ -1,4 +1,4 @@ -From a1a4730c1f02cd85680cf7608ac81e0db59ee522 Mon Sep 17 00:00:00 2001 +From 0f03071080e7fa68433b322359d46abaca2cc5ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Wed, 16 Jan 2019 16:27:33 +0100 Subject: [PATCH] Fix possible crash when loading corrupted file @@ -6,23 +6,14 @@ Subject: [PATCH] Fix possible crash when loading corrupted file Some values passes internal triggers by coincidence. Fix the check and check also first_node_offset before even passing it further. --- - lib/dns/rbt.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) + lib/dns/rbt.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c -index ef6441b..404fd6d 100644 +index 5aee5f6..7f2c2d2 100644 --- a/lib/dns/rbt.c +++ b/lib/dns/rbt.c -@@ -754,7 +754,7 @@ treefix(dns_rbt_t *rbt, void *base, size_t filesize, dns_rbtnode_t *n, - } - - CONFIRM((void *)n >= base); -- CONFIRM((char *)n - (char *)base <= (int)nodemax); -+ CONFIRM((size_t)((char *)n - (char *)base) <= (int)nodemax); - CONFIRM(DNS_RBTNODE_VALID(n)); - - dns_name_init(&nodename, NULL); -@@ -911,7 +911,9 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize, +@@ -945,7 +945,9 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize, rbt->root = (dns_rbtnode_t *)((char *)base_address + header_offset + header->first_node_offset); @@ -34,5 +25,5 @@ index ef6441b..404fd6d 100644 goto cleanup; } -- -2.21.1 +2.31.1 diff --git a/SOURCES/bind-9.16.20-map-format-fix.patch b/SOURCES/bind-9.16.20-map-format-fix.patch deleted file mode 100644 index f6e3c9b..0000000 --- a/SOURCES/bind-9.16.20-map-format-fix.patch +++ /dev/null @@ -1,8 +0,0 @@ ---- a/lib/dns/mapapi -+++ b/lib/dns/mapapi -@@ -13,4 +13,4 @@ - # Whenever releasing a new major release of BIND9, set this value - # back to 1.0 when releasing the first alpha. Map files are *never* - # compatible across major releases. --MAPAPI=2.0 -+MAPAPI=3.0 diff --git a/SOURCES/bind-9.16.20.tar.xz.asc b/SOURCES/bind-9.16.20.tar.xz.asc deleted file mode 100644 index e247e91..0000000 --- a/SOURCES/bind-9.16.20.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABAgAdFiEE6atueSM8BBbomT9FDAOvqQpZZ8QFAmETiLIACgkQDAOvqQpZ -Z8SWCBAAn9moH3eaxJit2rMp6119PTx1VJNDAM7IM2jhszhnU5pkbXKZjIusbYJl -9xPpWr64nx7WSWXvoyR/5DwKERNrYXx4klot6eMa/abIJiNDsVFdai8qJjJtqdcs -wnvtlYs0OYIpbg8kBfCMUBiEfUdQVxE3XKrbBZ/i7SdnMDnYnpymZbDhkJK7mc+M -jG0lG77CXdZOpP33LxahXfY63mfm5bK7/MHGF+J8Yxk0Dveh56znYXmCmXYQIw6L -mmXT56wA+XBsXLIReHgM8prXxwRjFa704WmnPPegWAyEIbL8siWHE/h4zlp6TXl1 -TZyT6cz54kZ1RiEuM4IMVEy0FHXOw/sR6+/bHixGCUw4QZqnsUWt0stzSgMQXgj4 -D+1VtnGZ7tIhyzAGuN1xFX7tjR244jgnNsJlvWMS+NYkCs0zF2wMt7LgwSvf0RVY -UEGDlLs39fl/pJdyU/kdBSbC6ZKvF2+TDqReaQwiWt6M+GqWGYK1XG1q5oZ7Y9in -jmcJWrhLdaq17YB+Z9LS69m2hY+Qob4zyErXscSCDiL114Mcp9YCbj9dp3+rI/vY -USJA23O2D2RnMc5PuLg1Iyh1f9VkT1VI2I/qT5L3mrs4F56G0FcMYofgNcaWaY/X -H2xDz+h5OHE9DqYLuGaP/23bP9Gt1GHy8DB6ZtUtDp5wuVMSho0= -=Ryzr ------END PGP SIGNATURE----- diff --git a/SOURCES/bind-9.16.23.tar.xz.asc b/SOURCES/bind-9.16.23.tar.xz.asc new file mode 100644 index 0000000..d48514d --- /dev/null +++ b/SOURCES/bind-9.16.23.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iQIzBAABAgAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAmGKhMcACgkQxbTukxqf +nf1EbQ//YXsBbMtyI3c0MoleSi5zwzcpCTZTWTFHqH5WUiruLMDF453j/Fn2zaSC +WuaUnhN61dR+BVtX+D2Y8GiVQFICo5X1nJj0jb/TcflXFq7YLWUAO0NPwPkBL1J4 +/PA0YCp1zYcvBXIxTKaU7AcBxlKmcGLdZcgCyGU6NSKaOJSxHOWXM460uD/crskB +iSPEbMevN9TTJs9webztJNKH/3BuNkOD9SFb6JlUIQqwKx1v8rosgdI7BvgGMZqy +s+10+GlIRFFvsX2XkX8BnjDlQ1QdzDOAoyCU+Se9rXDqu+zZf1VN4ReUCSDuPYf9 +z+GW1EbMxuZzEKrEIJvhnVNNiHqtKVaK6IIUX5bHqgPLEx87HxJMOPmbyBc1kDAe +0WCmsITaq62WvKOG8Ho8wLrlG4AAO5+A7xit4bJ4XUtLiqyt+9FUIeEFY9nZb/6O +OXK9eBMZHZ++r52RtA+GYZllkNRpzwnULOdR/9svVQuc10/MjnRoFqInzLlqwfwm +2q6r372oWn8+MUvjQVBgzprn5BvY+HDo2gNEYEi5QyR3ql2dX/Qz7iUdUfhRvMNL +FdPt3B3kktfOV98p/imrIwLwVVWwKBlphntkRxLtSZBs3nbo27F/ND54fixC2eCa +epB6FF5IquzQ/MOiz4uql3YexNDQQ+7N2IGPJVMwO2ILAyZDNOQ= +=pVtf +-----END PGP SIGNATURE----- diff --git a/SOURCES/bind99-rh640538.patch b/SOURCES/bind99-rh640538.patch deleted file mode 100644 index 833c476..0000000 --- a/SOURCES/bind99-rh640538.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d3c58d860737f0f70eff05edad77e0b2a90d4cb9 Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Fri, 19 Jun 2020 18:48:23 +0200 -Subject: [PATCH] .rh640538 - ---- - bin/dig/dig.rst | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/bin/dig/dig.rst b/bin/dig/dig.rst -index bef52ba..9f16607 100644 ---- a/bin/dig/dig.rst -+++ b/bin/dig/dig.rst -@@ -615,6 +615,26 @@ To turn off IDN support, use the parameters - ``+noidnin`` and ``+noidnout``, or define the ``IDN_DISABLE`` environment - variable. - -+Return Codes -+~~~~~~~~~~~~ -+ -+``dig`` return codes are: -+ -+``0`` -+ Response received, including NXDOMAIN status -+ -+``1`` -+ Usage error -+ -+``8`` -+ Couldn't open batch file -+ -+``9`` -+ No reply from server -+ -+``10`` -+ Internal error -+ - Files - ~~~~~ - --- -2.26.2 - diff --git a/SOURCES/named-chroot.files b/SOURCES/named-chroot.files index 9a768e4..75e6aa1 100644 --- a/SOURCES/named-chroot.files +++ b/SOURCES/named-chroot.files @@ -20,6 +20,7 @@ /usr/lib/named /usr/share/GeoIP /run/named +/proc/sys/net/ipv4/ip_local_port_range # Warning: the order is important # If a directory containing $ROOTDIR is listed here, # it MUST be listed last. (/var/named contains /var/named/chroot) diff --git a/SPECS/bind.spec b/SPECS/bind.spec index f1ebc1d..6e30f0a 100644 --- a/SPECS/bind.spec +++ b/SPECS/bind.spec @@ -30,7 +30,7 @@ %global chroot_prefix %{bind_dir}/chroot %global chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\ %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\ - %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP + %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4 %global selinuxbooleans named_write_master_zones=1 ## The order of libs is important. See lib/Makefile.in for details @@ -50,8 +50,8 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Name: bind License: MPLv2.0 -Version: 9.16.20 -Release: 2%{?dist} +Version: 9.16.23 +Release: 1%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -90,7 +90,6 @@ Patch72: bind-9.5-dlz-64bit.patch Patch106:bind93-rh490837.patch Patch112:bind97-rh645544.patch Patch130:bind-9.9.1-P2-dlz-libdb.patch -Patch133:bind99-rh640538.patch # Make PKCS11 used only for pkcs11 parts Patch135:bind-9.14-config-pkcs11.patch # Fedora specific patch to distribute native-pkcs#11 functionality @@ -102,9 +101,6 @@ Patch157:bind-9.11-fips-tests.patch Patch164:bind-9.11-rh1666814.patch Patch170:bind-9.11-feature-test-named.patch Patch171:bind-9.11-tests-variants.patch -# https://gitlab.isc.org/isc-projects/bind9/-/issues/2872 -# https://kb.isc.org/docs/map-zone-format-incompatibility-in-bind-9-16-20-and-9-17-17 -Patch172:https://downloads.isc.org/isc/bind9/9.16.20/patches/bind-9.16.20-map-format-fix.patch %{?systemd_ordering} Requires: coreutils @@ -405,7 +401,6 @@ in HTML and PDF format. %patch164 -p1 -b .rh1666814 %patch170 -p1 -b .featuretest-named %patch171 -p1 -b .test-variant -%patch172 -p1 -b .map-format %if %{with PKCS11} %patch135 -p1 -b .config-pkcs11 @@ -417,8 +412,6 @@ cp -r lib/ns{,-pkcs11} %patch149 -p1 -b .kyua-pkcs11 %endif -%patch133 -p1 -b .rh640538 - # Sparc and s390 arches need to use -fPIE %ifarch sparcv9 sparc64 s390 s390x for i in bin/named/{,unix}/Makefile.in; do @@ -1057,6 +1050,7 @@ fi; %dir %{chroot_prefix}/%{_libdir} %dir %{chroot_prefix}/%{_libdir}/bind %dir %{chroot_prefix}/%{_datadir}/GeoIP +%{chroot_prefix}/proc %defattr(0660,root,named,01770) %dir %{chroot_prefix}%{_localstatedir}/named %defattr(0660,named,named,0770) @@ -1129,6 +1123,18 @@ fi; %endif %changelog +* Fri Nov 19 2021 Petr Menšík - 32:9.16.23-1 +- Update to 9.16.23 (#2024210) + +* Wed Oct 13 2021 Petr Menšík - 32:9.16.20-5 +- Propagate ephemeral port ranges to chroot (#2013595) + +* Tue Oct 12 2021 Petr Menšík - 32:9.16.20-4 +- Fixes listening on TCP in some race conditions (#1999691) + +* Tue Oct 12 2021 Petr Menšík - 32:9.16.20-3 +- Include documentation of dig return codes (#1989909) + * Thu Aug 19 2021 Petr Menšík - 32:9.16.20-2 - Fix map file format incompatibility - Actually enable LMDB support