diff --git a/SOURCES/bind-99-dyndb-rh1142150.patch b/SOURCES/bind-99-dyndb-rh1142150.patch new file mode 100644 index 0000000..0ff2fbf --- /dev/null +++ b/SOURCES/bind-99-dyndb-rh1142150.patch @@ -0,0 +1,114 @@ +From 1f6c240231fcb9fe8bc4a28f3359201c2a1d8465 Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Wed, 17 Sep 2014 20:00:39 +0200 +Subject: [PATCH] Fix for BZ #1142150 + +Signed-off-by: Tomas Hozza +--- + bin/named/server.c | 14 +++++++++----- + lib/dns/dynamic_db.c | 12 ++++++++++-- + lib/dns/include/dns/dynamic_db.h | 2 +- + 3 files changed, 20 insertions(+), 8 deletions(-) + +diff --git a/bin/named/server.c b/bin/named/server.c +index ee04dda..6f8b0f0 100644 +--- a/bin/named/server.c ++++ b/bin/named/server.c +@@ -1302,6 +1302,12 @@ configure_dynamic_db(const cfg_obj_t *dynamic_db, isc_mem_t *mctx, + CHECK(dns_dynamic_db_load(libname, name, mctx, argv, dyndb_args)); + + cleanup: ++ ++ if (result != ISC_R_SUCCESS) ++ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, ++ NS_LOGMODULE_SERVER, ISC_LOG_ERROR, ++ "dynamic database '%s' configuration failed: %s", ++ name, isc_result_totext(result)); + if (argv != NULL) + isc_mem_free(mctx, argv); + +@@ -2165,6 +2171,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, + unsigned int query_timeout, ndisp; + struct cfg_context *nzctx; + dns_rpz_zone_t *rpz; ++ dns_dyndb_arguments_t *args = NULL; + + REQUIRE(DNS_VIEW_VALID(view)); + +@@ -3330,8 +3337,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, + (void)cfg_map_get(config, "dynamic-db", &dynamic_db_list); + element = cfg_list_first(dynamic_db_list); + if (element != NULL) { +- dns_dyndb_arguments_t *args; +- + args = dns_dyndb_arguments_create(mctx); + if (args == NULL) { + result = ISC_R_NOMEMORY; +@@ -3344,11 +3349,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, + while (element != NULL) { + obj = cfg_listelt_value(element); + CHECK(configure_dynamic_db(obj, mctx, args)); +- + element = cfg_list_next(element); + } +- +- dns_dyndb_arguments_destroy(mctx, args); + } + + /* +@@ -3536,6 +3538,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, + + if (cache != NULL) + dns_cache_detach(&cache); ++ if (args != NULL) ++ dns_dyndb_arguments_destroy(mctx, &args); + + return (result); + } +diff --git a/lib/dns/dynamic_db.c b/lib/dns/dynamic_db.c +index bf83161..a0d26eb 100644 +--- a/lib/dns/dynamic_db.c ++++ b/lib/dns/dynamic_db.c +@@ -280,9 +280,15 @@ dns_dyndb_arguments_create(isc_mem_t *mctx) + } + + void +-dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t *args) ++dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t **argsp) + { +- REQUIRE(args != NULL); ++ dns_dyndb_arguments_t *args; ++ ++ REQUIRE(argsp != NULL); ++ ++ args = *argsp; ++ if (args == NULL) ++ return; + + dns_dyndb_set_view(args, NULL); + dns_dyndb_set_zonemgr(args, NULL); +@@ -290,6 +296,8 @@ dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t *args) + dns_dyndb_set_timermgr(args, NULL); + + isc_mem_put(mctx, args, sizeof(*args)); ++ ++ *argsp = NULL; + } + + void +diff --git a/lib/dns/include/dns/dynamic_db.h b/lib/dns/include/dns/dynamic_db.h +index 673ad4b..5ecee0e 100644 +--- a/lib/dns/include/dns/dynamic_db.h ++++ b/lib/dns/include/dns/dynamic_db.h +@@ -35,7 +35,7 @@ isc_result_t dns_dynamic_db_load(const char *libname, const char *name, + void dns_dynamic_db_cleanup(isc_boolean_t exiting); + + dns_dyndb_arguments_t *dns_dyndb_arguments_create(isc_mem_t *mctx); +-void dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t *args); ++void dns_dyndb_arguments_destroy(isc_mem_t *mctx, dns_dyndb_arguments_t **argsp); + + void dns_dyndb_set_view(dns_dyndb_arguments_t *args, dns_view_t *view); + dns_view_t *dns_dyndb_get_view(dns_dyndb_arguments_t *args); +-- +1.9.3 + diff --git a/SOURCES/bind99-rh1067424.patch b/SOURCES/bind99-rh1067424.patch new file mode 100644 index 0000000..9f5faf8 --- /dev/null +++ b/SOURCES/bind99-rh1067424.patch @@ -0,0 +1,41 @@ +From 09f1a6e812c02bd8bf1644e2253e21c26d25613a Mon Sep 17 00:00:00 2001 +From: Tomas Hozza +Date: Thu, 20 Feb 2014 11:01:00 +0100 +Subject: [PATCH] check TSIG key ID when receiving NOTIFY + +Signed-off-by: Tomas Hozza +--- + lib/dns/zone.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/lib/dns/zone.c b/lib/dns/zone.c +index 01ff97b..54b7896 100644 +--- a/lib/dns/zone.c ++++ b/lib/dns/zone.c +@@ -11846,6 +11846,8 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, + int match = 0; + isc_netaddr_t netaddr; + isc_sockaddr_t local, remote; ++ dns_tsigkey_t *tsigkey; ++ dns_name_t *tsig; + + REQUIRE(DNS_ZONE_VALID(zone)); + +@@ -11928,10 +11930,12 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from, + + /* + * Accept notify requests from non masters if they are on +- * 'zone->notify_acl'. ++ * 'zone->notify_acl' or if used key ID match the ACLs. + */ ++ tsigkey = dns_message_gettsigkey(msg); ++ tsig = dns_tsigkey_identity(tsigkey); + if (i >= zone->masterscnt && zone->notify_acl != NULL && +- dns_acl_match(&netaddr, NULL, zone->notify_acl, ++ dns_acl_match(&netaddr, tsig, zone->notify_acl, + &zone->view->aclenv, + &match, NULL) == ISC_R_SUCCESS && + match > 0) +-- +1.8.5.3 + diff --git a/SOURCES/bind99-rh1072379.patch b/SOURCES/bind99-rh1072379.patch new file mode 100644 index 0000000..2eb0cc2 --- /dev/null +++ b/SOURCES/bind99-rh1072379.patch @@ -0,0 +1,53 @@ +From 7f5bdf7f4063c2fefb18900468d2c851f8de7816 Mon Sep 17 00:00:00 2001 +From: Evan Hunt +Date: Tue, 18 Feb 2014 23:32:02 -0800 +Subject: [PATCH] [master] fix dns_resolver_destroyfetch race + +3747. [bug] A race condition could lead to a core dump when + destroying a resolver fetch object. [RT #35385] +--- + lib/dns/resolver.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index fa188c1..66ab41f 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -357,6 +357,7 @@ typedef struct { + + struct dns_fetch { + unsigned int magic; ++ isc_mem_t * mctx; + fetchctx_t * private; + }; + +@@ -8561,6 +8562,8 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name, + fetch = isc_mem_get(res->mctx, sizeof(*fetch)); + if (fetch == NULL) + return (ISC_R_NOMEMORY); ++ fetch->mctx = NULL; ++ isc_mem_attach(res->mctx, &fetch->mctx); + + bucketnum = dns_name_fullhash(name, ISC_FALSE) % res->nbuckets; + +@@ -8651,7 +8654,7 @@ dns_resolver_createfetch2(dns_resolver_t *res, dns_name_t *name, + FTRACE("created"); + *fetchp = fetch; + } else +- isc_mem_put(res->mctx, fetch, sizeof(*fetch)); ++ isc_mem_putanddetach(&fetch->mctx, fetch, sizeof(*fetch)); + + return (result); + } +@@ -8742,7 +8745,7 @@ dns_resolver_destroyfetch(dns_fetch_t **fetchp) { + + UNLOCK(&res->buckets[bucketnum].lock); + +- isc_mem_put(res->mctx, fetch, sizeof(*fetch)); ++ isc_mem_putanddetach(&fetch->mctx, fetch, sizeof(*fetch)); + *fetchp = NULL; + + if (bucket_empty) +-- +1.9.0 + diff --git a/SOURCES/bind99-rh1098959.patch b/SOURCES/bind99-rh1098959.patch new file mode 100644 index 0000000..ef4ce0a --- /dev/null +++ b/SOURCES/bind99-rh1098959.patch @@ -0,0 +1,164 @@ +diff -up bind-9.8.2rc1/bin/named/include/named/lwresd.h.lwres_tasks_clients bind-9.8.2rc1/bin/named/include/named/lwresd.h +--- bind-9.8.2rc1/bin/named/include/named/lwresd.h.lwres_tasks_clients 2007-06-20 01:46:59.000000000 +0200 ++++ bind-9.8.2rc1/bin/named/include/named/lwresd.h 2014-05-19 09:41:56.792427201 +0200 +@@ -36,6 +36,8 @@ struct ns_lwresd { + dns_view_t *view; + ns_lwsearchlist_t *search; + unsigned int ndots; ++ unsigned int ntasks; ++ unsigned int nclients; + isc_mem_t *mctx; + isc_boolean_t shutting_down; + unsigned int refs; +diff -up bind-9.8.2rc1/bin/named/lwresd.c.lwres_tasks_clients bind-9.8.2rc1/bin/named/lwresd.c +--- bind-9.8.2rc1/bin/named/lwresd.c.lwres_tasks_clients 2009-09-03 01:48:01.000000000 +0200 ++++ bind-9.8.2rc1/bin/named/lwresd.c 2014-05-19 09:41:56.793427201 +0200 +@@ -60,11 +60,7 @@ + #define LWRESLISTENER_MAGIC ISC_MAGIC('L', 'W', 'R', 'L') + #define VALID_LWRESLISTENER(l) ISC_MAGIC_VALID(l, LWRESLISTENER_MAGIC) + +-/*! +- * The total number of clients we can handle will be NTASKS * NRECVS. +- */ +-#define NTASKS 2 /*%< tasks to create to handle lwres queries */ +-#define NRECVS 2 /*%< max clients per task */ ++#define LWRESD_NCLIENTS_MAX 32768 /*%< max clients per task */ + + typedef ISC_LIST(ns_lwreslistener_t) ns_lwreslistenerlist_t; + +@@ -395,6 +391,24 @@ ns_lwdmanager_create(isc_mem_t *mctx, co + } + } + ++ obj = NULL; ++ (void)cfg_map_get(lwres, "lwres-tasks", &obj); ++ if (obj != NULL) ++ lwresd->ntasks = cfg_obj_asuint32(obj); ++ else ++ lwresd->ntasks = ns_g_cpus; ++ ++ obj = NULL; ++ (void)cfg_map_get(lwres, "lwres-clients", &obj); ++ if (obj != NULL) { ++ lwresd->nclients = cfg_obj_asuint32(obj); ++ if (lwresd->nclients > LWRESD_NCLIENTS_MAX) ++ lwresd->nclients = LWRESD_NCLIENTS_MAX; ++ } else if (ns_g_lwresdonly) ++ lwresd->nclients = 1024; ++ else ++ lwresd->nclients = 256; ++ + lwresd->magic = LWRESD_MAGIC; + + *lwresdp = lwresd; +@@ -604,15 +618,24 @@ static isc_result_t + listener_startclients(ns_lwreslistener_t *listener) { + ns_lwdclientmgr_t *cm; + unsigned int i; +- isc_result_t result; ++ isc_result_t result = ISC_R_SUCCESS; ++ ++ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, ++ NS_LOGMODULE_LWRESD, ISC_LOG_DEBUG(6), ++ "listener_startclients: creating %d " ++ "managers with %d clients each", ++ listener->manager->ntasks, listener->manager->nclients); + + /* + * Create the client managers. + */ +- result = ISC_R_SUCCESS; +- for (i = 0; i < NTASKS && result == ISC_R_SUCCESS; i++) +- result = ns_lwdclientmgr_create(listener, NRECVS, ++ for (i = 0; i < listener->manager->ntasks; i++) { ++ result = ns_lwdclientmgr_create(listener, ++ listener->manager->nclients, + ns_g_taskmgr); ++ if (result != ISC_R_SUCCESS) ++ break; ++ } + + /* + * Ensure that we have created at least one. +diff -up bind-9.8.2rc1/bin/named/named.conf.docbook.lwres_tasks_clients bind-9.8.2rc1/bin/named/named.conf.docbook +--- bind-9.8.2rc1/bin/named/named.conf.docbook.lwres_tasks_clients 2011-11-07 01:31:47.000000000 +0100 ++++ bind-9.8.2rc1/bin/named/named.conf.docbook 2014-05-19 09:41:56.793427201 +0200 +@@ -185,6 +185,8 @@ lwres { + view string optional_class; + search { string; ... }; + ndots integer; ++ lwres-tasks integer; ++ lwres-clients integer; + }; + + +diff -up bind-9.8.2rc1/doc/arm/Bv9ARM-book.xml.lwres_tasks_clients bind-9.8.2rc1/doc/arm/Bv9ARM-book.xml +--- bind-9.8.2rc1/doc/arm/Bv9ARM-book.xml.lwres_tasks_clients 2014-05-19 09:41:56.770427201 +0200 ++++ bind-9.8.2rc1/doc/arm/Bv9ARM-book.xml 2014-05-19 10:26:40.147380836 +0200 +@@ -2964,7 +2964,12 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2. + be configured to act as a lightweight resolver daemon using the + lwres statement in named.conf. + +- ++ ++ The number of client queries that the lwresd ++ daemon is able to serve can be set using the ++ and ++ statements in the configuration. ++ + + + +@@ -4959,6 +4964,8 @@ badresp:1,adberr:0,findfail:0,valfail:0] + view view_name; + search { domain_name ; domain_name ; ... }; + ndots number; ++ lwres-tasks number; ++ lwres-clients number; + }; + + +@@ -5017,6 +5024,31 @@ badresp:1,adberr:0,findfail:0,valfail:0] + number of dots in a relative domain name that should result in an + exact match lookup before search path elements are appended. + ++ ++ The statement specifies the number ++ of worker threads the lightweight resolver will dedicate to serving ++ clients. By default the number is the same as the number of CPUs on ++ the system; this can be overridden using the ++ command line option when starting the server. ++ ++ ++ The specifies ++ the number of client objects per thread the lightweight ++ resolver should create to serve client queries. ++ By default, if the lightweight resolver runs as a part ++ of named, 256 client objects are ++ created for each task; if it runs as lwresd, ++ 1024 client objects are created for each thread. The maximum ++ value is 32768; higher values will be silently ignored and ++ the maximum will be used instead. ++ Note that setting too high a value may overconsume ++ system resources. ++ ++ ++ The maximum number of client queries that the lightweight ++ resolver can handle at any one time equals ++ times . ++ + + + <command>masters</command> Statement Grammar +diff -up bind-9.8.2rc1/lib/isccfg/namedconf.c.lwres_tasks_clients bind-9.8.2rc1/lib/isccfg/namedconf.c +--- bind-9.8.2rc1/lib/isccfg/namedconf.c.lwres_tasks_clients 2014-05-19 09:41:56.771427201 +0200 ++++ bind-9.8.2rc1/lib/isccfg/namedconf.c 2014-05-19 09:41:56.797427201 +0200 +@@ -2563,6 +2563,8 @@ lwres_clauses[] = { + { "view", &cfg_type_lwres_view, 0 }, + { "search", &cfg_type_lwres_searchlist, 0 }, + { "ndots", &cfg_type_uint32, 0 }, ++ { "lwres-tasks", &cfg_type_uint32, 0}, ++ { "lwres-clients", &cfg_type_uint32, 0}, + { NULL, NULL, 0 } + }; + diff --git a/SOURCES/generate-rndc-key.sh b/SOURCES/generate-rndc-key.sh index 454e7fe..194e65b 100755 --- a/SOURCES/generate-rndc-key.sh +++ b/SOURCES/generate-rndc-key.sh @@ -6,7 +6,7 @@ if [ ! -s /etc/rndc.key -a ! -s /etc/rndc.conf ]; then echo -n $"Generating /etc/rndc.key:" - if /usr/sbin/rndc-confgen -a > /dev/null 2>&1; then + if /usr/sbin/rndc-confgen -a -r /dev/urandom > /dev/null 2>&1; then chmod 640 /etc/rndc.key chown root.named /etc/rndc.key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.key diff --git a/SPECS/bind.spec b/SPECS/bind.spec index 6979f7c..1f0f345 100644 --- a/SPECS/bind.spec +++ b/SPECS/bind.spec @@ -29,7 +29,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.9.4 -Release: 14%{?PATCHVER}%{?PREVER}%{?dist}.1 +Release: 18%{?PATCHVER}%{?PREVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -93,7 +93,10 @@ Patch140:bind99-ISC-Bugs-34870-v3.patch Patch141:bind99-ISC-Bugs-35073.patch Patch142:bind99-ISC-Bugs-35080.patch Patch143:bind99-CVE-2014-0591.patch -Patch144:bind99-CVE-2014-8500.patch +Patch144:bind99-rh1067424.patch +Patch145:bind99-rh1072379.patch +Patch146:bind99-rh1098959.patch +Patch147:bind99-CVE-2014-8500.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -103,6 +106,7 @@ Patch62: bind-9.5-sdb-sqlite-bld.patch # needs inpection Patch17: bind-9.3.2b1-fix_sdb_ldap.patch Patch104: bind-96-dyndb.patch +Patch105: bind-99-dyndb-rh1142150.patch # IDN paches Patch73: bind-9.5-libidn.patch @@ -166,6 +170,7 @@ will have a label of "zone,zsk|ksk,xxx" and an id of the keytag in hex. Summary: BIND server with database backends and DLZ support Group: System Environment/Daemons Requires: bind +Requires: bind-libs = %{epoch}:%{version}-%{release} Requires: systemd-units %description sdb @@ -210,6 +215,7 @@ Contains license of the BIND DNS suite. %package utils Summary: Utilities for querying DNS name servers Group: Applications/System +Requires: bind-libs = %{epoch}:%{version}-%{release} %description utils Bind-utils contains a collection of utilities for querying DNS (Domain @@ -280,6 +286,7 @@ Based on the code from Jan "Yenya" Kasprzak %patch10 -p1 -b .PIE %patch16 -p1 -b .redhat_doc %patch104 -p1 -b .dyndb +%patch105 -p1 -b .dyndb_rh1142150 %ifnarch alpha ia64 %patch72 -p1 -b .64bit %endif @@ -312,7 +319,10 @@ popd %patch141 -p1 -b .leak_35073 %patch142 -p1 -b .rbt_crash %patch143 -p1 -b .CVE-2014-059 -%patch144 -p1 -b .CVE-2014-8500 +%patch144 -p1 -b .rh1067424 +%patch145 -p1 -b .rh1072379 +%patch146 -p1 -b .rh1098959 +%patch147 -p1 -b .CVE-2014-8500 %if %{SDB} %patch101 -p1 -b .old-api @@ -387,6 +397,7 @@ libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f --with-pkcs11=%{_libdir}/pkcs11/PKCS11_API.so \ %endif %if %{SDB} + --with-dlopen=yes \ --with-dlz-ldap=yes \ --with-dlz-postgres=yes \ --with-dlz-mysql=yes \ @@ -627,7 +638,7 @@ if [ "$1" -gt 0 ]; then fi :; -%triggerun -- bind < bind-9.9.0-0.6.rc1 +%triggerun -- bind < 32:9.9.0-0.6.rc1 /sbin/chkconfig --del named >/dev/null 2>&1 || : /bin/systemctl try-restart named.service >/dev/null 2>&1 || : @@ -639,6 +650,16 @@ fi %postun libs-lite -p /sbin/ldconfig +%pre chroot +# updating +if [ "$1" -gt 1 ]; then + # if %%{chroot_prefix}/var/run is a directory, remove it + # fix for Bug #1091341 + if [ -d %{chroot_prefix}/var/run ]; then + rm -rf %{chroot_prefix}/var/run + fi +fi + %post chroot %systemd_post named-chroot.service if [ "$1" -gt 0 ]; then @@ -921,8 +942,23 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog -* Wed Dec 10 2014 Tomas Hozza - 32:9.9.4-14.1 -- Fix CVE-2014-8500 (#1171975) +* Wed Dec 10 2014 Tomas Hozza - 32:9.9.4-18 +- Fix CVE-2014-8500 (#1171976) + +* Thu Sep 18 2014 Tomas Hozza - 32:9.9.4-17 +- Fix error in dyndb API that can cause named to freeze on shutdown (#1142150) +- Fix error in triggerun scriptlet (#1143033) +- Remove /var/named/chroot/var/run on bind-chroot update if it is a directory (#1091341) + +* Thu Aug 21 2014 Tomas Hozza - 32:9.9.4-16 +- Add versioned requires on bind-libs to bind-utils and bind-sdb + +* Wed Aug 20 2014 Tomas Hozza - 32:9.9.4-15 +- Use /dev/urandom when generating rndc.key file (#1107568) +- Allow authentication using TSIG in allow-notify configuration statement (#1067424) +- Fix race condition when destroying a resolver fetch object (#1072379) +- Increase defaults for lwresd workers and make workers and client objects number configurable (#1098959) +- Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#1096688) * Fri Jan 24 2014 Daniel Mach - 32:9.9.4-14 - Mass rebuild 2014-01-24