diff --git a/.cvsignore b/.cvsignore
index 6572960..3ef43b0 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -10,3 +10,4 @@ libbind-man.tar.gz
bind-9.3.1.tar.gz
bind-9.3.2rc1.tar.gz
bind-9.3.2.tar.gz
+bind-9.3.3rc2.tar.gz
diff --git a/bind-9.3.1rc1-sdb_tools-Makefile.in b/bind-9.3.1rc1-sdb_tools-Makefile.in
deleted file mode 100644
index 2478db7..0000000
--- a/bind-9.3.1rc1-sdb_tools-Makefile.in
+++ /dev/null
@@ -1,67 +0,0 @@
-srcdir = @srcdir@
-VPATH = @srcdir@
-top_srcdir = @top_srcdir@
-
-@BIND9_VERSION@
-
-@BIND9_MAKE_INCLUDES@
-
-CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include \
- ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
- ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES}
-
-DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
-ISCCCLIBS = ../../lib/isccc/libisccc.@A@
-ISCLIBS = ../../lib/isc/libisc.@A@
-LWRESLIBS = ../../lib/lwres/liblwres.@A@
-BIND9LIBS = ../../lib/bind9/libbind9.@A@
-
-DNSDEPLIBS = ../../lib/dns/libdns.@A@
-ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
-ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@
-ISCDEPLIBS = ../../lib/isc/libisc.@A@
-LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@
-BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@
-
-DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
- ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}
-
-LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
- ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@
-
-TARGETS = zone2ldap@EXEEXT@ zonetodb@EXEEXT@
-
-OBJS = zone2ldap.o zonetodb.o
-
-SRCS = zone2ldap.c zonetodb.c
-
-MANPAGES = zone2ldap.1
-
-EXT_CFLAGS = -fPIE
-
-@BIND9_MAKE_RULES@
-
-LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack
-
-LIBTOOL_MODE_COMPILE=
-
-.SUFFIXES: .c .o
-
-zone2ldap: zone2ldap.o ${DEPLIBS}
- ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zone2ldap.o -lldap -llber ${LIBS}
-
-zonetodb: zonetodb.o ${DEPLIBS}
- ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zonetodb.o -lpq ${LIBS}
-
-clean distclean manclean maintainer-clean::
- rm -f ${TARGETS} ${OBJS}
-
-installdirs:
- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
-
-install:: ${TARGETS} installdirs
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2ldap ${DESTDIR}${sbindir}
- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zonetodb ${DESTDIR}${sbindir}
- ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1
diff --git a/bind-9.3.3rc2-rndckey.patch b/bind-9.3.3rc2-rndckey.patch
new file mode 100644
index 0000000..4439aa0
--- /dev/null
+++ b/bind-9.3.3rc2-rndckey.patch
@@ -0,0 +1,53 @@
+--- bind-9.3.3rc2/bin/rndc/rndc-confgen.c.key 2004-09-28 09:14:57.000000000 +0200
++++ bind-9.3.3rc2/bin/rndc/rndc-confgen.c 2006-09-15 08:56:25.000000000 +0200
+@@ -46,7 +46,7 @@
+ #include "util.h"
+
+ #define DEFAULT_KEYLENGTH 128 /* Bits. */
+-#define DEFAULT_KEYNAME "rndc-key"
++#define DEFAULT_KEYNAME "rndckey"
+ #define DEFAULT_SERVER "127.0.0.1"
+ #define DEFAULT_PORT 953
+
+--- bind-9.3.3rc2/bin/rndc/rndc.conf.key 2004-03-06 11:21:32.000000000 +0100
++++ bind-9.3.3rc2/bin/rndc/rndc.conf 2006-09-15 08:56:25.000000000 +0200
+@@ -23,14 +23,11 @@
+
+ options {
+ default-server localhost;
+- default-key "key";
++ default-key "rndckey";
+ };
+
+ server localhost {
+- key "key";
++ key "rndckey";
+ };
+
+-key "key" {
+- algorithm hmac-md5;
+- secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
+-};
++include "/etc/rndc.key";
+--- bind-9.3.3rc2/bin/rndc/rndc-confgen.8.key 2006-09-15 09:00:01.000000000 +0200
++++ bind-9.3.3rc2/bin/rndc/rndc-confgen.8 2006-09-15 08:56:25.000000000 +0200
+@@ -116,7 +116,7 @@
+ .TP 3n
+ \-k \fIkeyname\fR
+ Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is
+-\fBrndc\-key\fR.
++\fBrndckey\fR.
+ .TP 3n
+ \-p \fIport\fR
+ Specifies the command channel port where
+--- bind-9.3.3rc2/bin/rndc/rndc-confgen.docbook.key 2005-05-13 03:22:34.000000000 +0200
++++ bind-9.3.3rc2/bin/rndc/rndc-confgen.docbook 2006-09-15 08:56:25.000000000 +0200
+@@ -160,7 +160,7 @@
+
+ Specifies the key name of the rndc authentication key.
+ This must be a valid domain name.
+- The default is rndc-key.
++ The default is rndckey.
+
+
+
diff --git a/bind.spec b/bind.spec
index 7aa55aa..53772b9 100644
--- a/bind.spec
+++ b/bind.spec
@@ -12,18 +12,19 @@
%{?!selinux: %define selinux 1}
%define bind_dir /var/named
%define chroot_prefix %{bind_dir}/chroot
+%define prever rc2
#
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server.
Name: bind
License: BSD-like
-Version: 9.3.2
-Release: 41%{?dist}
+Version: 9.3.3
+Release: 1%{?dist}
Epoch: 30
Url: http://www.isc.org/products/BIND/
Buildroot: %{_tmppath}/%{name}-root
Group: System Environment/Daemons
#
-Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz
+Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}%{prever}.tar.gz
Source1: named.sysconfig
Source2: named.init
Source3: named.logrotate
@@ -57,58 +58,26 @@ Source30: named.rfc1912.zones.sample
Source31: named.root.hints
#
Patch: bind-9.2.0rc3-varrun.patch
-Patch1: bind-9.3.2b2-rndckey.patch
+Patch1: bind-9.3.3rc2-rndckey.patch
Patch2: bind-9.3.1beta2-openssl-suffix.patch
-Patch3: bind-posixthreads.patch
Patch4: bind-bsdcompat.patch
Patch5: bind-nonexec.patch
Patch6: bind-9.2.2-nsl.patch
-Patch7: bind-9.2.4rc7-pie.patch
-Patch8: bind-9.3.0-handle-send-errors.patch
-Patch9: bind-9.3.0-missing-dnssec-tools.patch
Patch10: bind-9.3.2b1-PIE.patch
Patch11: bind-9.3.2b2-sdbsrc.patch
Patch12: bind-9.3.1rc1-sdb.patch
Patch13: bind-9.3.1rc1-fix_libbind_includedir.patch
Patch14: libbind-9.3.1rc1-fix_h_errno.patch
-Patch15: bind-9.3.2b2-dbus.patch
+Patch15: bind-9.3.3rc2-dbus.patch
Patch16: bind-9.3.2-redhat_doc.patch
Patch17: bind-9.3.2b1-fix_sdb_ldap.patch
-Patch18: bind-9.3.1-reject_resolv_conf_errors.patch
Patch19: bind-9.3.1-next_server_on_referral.patch
Patch20: bind-9.3.2b2-no_servfail_stops.patch
-Patch21: bind-9.3.2b1-fix_sdb_pgsql.patch
Patch22: bind-9.3.1-sdb_dbus.patch
Patch23: bind-9.3.1-dbus_archdep_libdir.patch
-Patch24: bind-9.3.1-t_no_default_lookups.patch
-Patch25: bind-9.3.1-fix_no_dbus_daemon.patch
-Patch26: bind-9.3.1-flush-cache.patch
-Patch27: bind-9.3.1-dbus_restart.patch
-Patch28: bind-9.3.2rc1-dbus-0.6.patch
-Patch29: bind-9.3.2-bz177854.patch
-Patch30: bind-9.3.2-bz187286_fix_host_cname.patch
-Patch31: bind-9.3.2-bz173961.patch
+Patch28: bind-9.3.3rc2-dbus-0.6.patch
Patch32: bind-9.3.2-prctl_set_dumpable.patch
-Patch33: bind-9.3.2-ch2024_rt16027.patch
-Patch34: bind-9.3.2-ch2013_rt15941.patch
-Patch35: bind-9.3.2-ch2009_rt15808.patch
-Patch36: bind-9.3.2-ch1997_rt15818.patch
-Patch37: bind-9.3.2-ch1994_rt15694.patch
-Patch38: bind-9.3.2-ch1991_rt15813.patch
-Patch39: bind-9.3.2-9_3_3_validator.patch
-Patch40: bind-9.3.2-9_3_3_resolver.patch
-Patch41: bind-9.3.2-9_3_3_dns.patch
-Patch42: bind-9.3.2-9_3_3_isc.patch
-Patch43: bind-9.3.2-9_3_3_bind.patch
-Patch44: bind-9.3.2-9_3_3_isccfg.patch
-Patch45: bind-9.3.2-9_3_3_lwres.patch
-Patch46: bind-9.3.2-9_3_3_named.patch
-Patch47: bind-9.3.2-9_3_3_dig.patch
-Patch48: bind-9.3.2-9_3_3_dnssec.patch
-Patch49: bind-9.3.2-9_3_3_nsupdate.patch
-Patch50: bind-9.3.2-9_3_3_tests.patch
Patch51: bind-9.3.2-tmpfile.patch
-Patch52: bind-9.3.2-rrsig.patch
#
Requires: bind-libs = %{epoch}:%{version}-%{release}, glibc >= 2.2, mktemp
Requires(post): bash, coreutils, sed, grep, chkconfig >= 1.3.26
@@ -264,28 +233,13 @@ zone database.
%prep
-%setup -q -n %{name}-%{version}
+%setup -q -n %{name}-%{version}%{prever}
%patch -p1 -b .varrun
%patch1 -p1 -b .key
%patch2 -p1 -b .openssl_suffix
-#%define posix_threads 0
-#%if %{posix_threads}
-#%patch3 -p1 -b .posixthreads
-#^- This patch is no longer required and would not work anyway (see BZ 87525).
-#%endif
%patch4 -p1 -b .bsdcompat
%patch5 -p1 -b .nonexec
%patch6 -p1 -b .nsl
-#%patch7 -p1 -b .pie
-# This patch now in patch10
-#%patch8 -p1 -b .handle_send_errors
-# This patch is now in ISC bind-9.3.1x
-#
-#%patch9 -p1 -b .missing_dnssec_tools
-#RIP dnssec-signkey and dnssec-makekeyset:
-#1852. [cleanup] Remove last vestiges of dnssec-signkey and
-# dnssec-makekeyset (removed from Makefile years ago).
-#
%patch10 -p1 -b .PIE
%if %{SDB}
%patch11 -p1 -b .sdbsrc
@@ -323,50 +277,24 @@ cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools
%if %{SDB}
%patch17 -p1 -b .fix_sdb_ldap
%endif
-# %patch18 -p1 -b .reject_resolv_conf_errors
-# patch now upstream.
%patch19 -p1 -b .next_server_on_referral
%patch20 -p1 -b .no_servfail_stops
-# patches now upstream :
-#%patch21 -p1 -b .fix_sdb_pgsql
-#%patch24 -p1 -b .-t_no_default_lookups
%if %{WITH_DBUS}
-%patch25 -p1 -b .fix_no_dbus_daemon
-%patch26 -p1 -b .flush_cache
-%patch27 -p1 -b .dbus_restart
%patch28 -p1 -b .dbus-0.6
-# this patch no longer required (kernel now fixed):
-# %patch29 -p1 -b .bz177854
-%patch30 -p1 -b .bz187286_fix_host_cname
-%patch31 -p1 -b .bz173961
-%patch32 -p1 -b .prctl_set_dumpable
-%patch33 -p1 -b .ch2024_rt16027
-%patch34 -p1 -b .ch2013_rt15941
-%patch35 -p1 -b .ch2009_rt15808
-%patch36 -p1 -b .ch1997_rt15818
-%patch37 -p1 -b .ch1994_rt15694
-%patch38 -p1 -b .ch1991_rt15813
-%patch39 -p1 -b .9_3_3_validator
-%patch40 -p1 -b .9_3_3_resolver
-%patch41 -p1 -b .9_3_3_dns
-%patch42 -p1 -b .9_3_3_isc
-%patch43 -p1 -b .9_3_3_bind
-%patch44 -p1 -b .9_3_3_isccfg
-%patch45 -p1 -b .9_3_3_lwres
-%patch46 -p1 -b .9_3_3_named
-%patch47 -p1 -b .9_3_3_dig
-%patch48 -p1 -b .9_3_3_dnssec
-%patch49 -p1 -b .9_3_3_nsupdate
-%patch50 -p1 -b .9_3_3_tests
-%patch51 -p1 -b .tmp
-%patch52 -p1 -b .rrsig
#
# this must follow all dbus patches:
+#
+cp -fp contrib/dbus/{dbus_mgr.c,dbus_service.c} bin/named
+cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named
%if %{SDB}
-cp -fp bin/named/{dbus_mgr.c,dbus_service.c,log.c,server.c} bin/named_sdb
-cp -fp bin/named/include/named/{dbus_mgr.h,dbus_service.h,globals.h,server.h,log.h,types.h} bin/named_sdb/include/named
+cp -fp contrib/dbus/{dbus_mgr.c,dbus_service.c} bin/named_sdb
+cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named_sdb/include/named
+cp -fp bin/named/{log.c,server.c} bin/named_sdb
+cp -fp bin/named/include/named/{globals.h,server.h,log.h,types.h} bin/named_sdb/include/named
%endif
%endif
+%patch32 -p1 -b .prctl_set_dumpable
+%patch51 -p1 -b .tmp
:;
@@ -854,6 +782,9 @@ rm -rf ${RPM_BUILD_ROOT}
:;
%changelog
+* Fri Sep 15 2006 Martin Stransky - 30:9.3.3-1
+- updated to the latest upstream (9.3.3rc2)
+
* Wed Sep 6 2006 Martin Stransky - 30:9.3.2-41
- added upstream patch for correct SIG handling - CVE-2006-4095
diff --git a/sources b/sources
index ce42be2..15f1573 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
3567c35a24cb83a8a69443a399bbb6c8 bind-chroot.tar.gz
13fef79f99fcefebb51d84b08805de51 libbind-man.tar.gz
-55e709501a7780233c36e25ccd15ece2 bind-9.3.2.tar.gz
+e68a8211f7e2dc9acda4d279a123379c bind-9.3.3rc2.tar.gz