diff --git a/.cvsignore b/.cvsignore index 6572960..3ef43b0 100644 --- a/.cvsignore +++ b/.cvsignore @@ -10,3 +10,4 @@ libbind-man.tar.gz bind-9.3.1.tar.gz bind-9.3.2rc1.tar.gz bind-9.3.2.tar.gz +bind-9.3.3rc2.tar.gz diff --git a/bind-9.3.1rc1-sdb_tools-Makefile.in b/bind-9.3.1rc1-sdb_tools-Makefile.in deleted file mode 100644 index 2478db7..0000000 --- a/bind-9.3.1rc1-sdb_tools-Makefile.in +++ /dev/null @@ -1,67 +0,0 @@ -srcdir = @srcdir@ -VPATH = @srcdir@ -top_srcdir = @top_srcdir@ - -@BIND9_VERSION@ - -@BIND9_MAKE_INCLUDES@ - -CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include \ - ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \ - ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} - -DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ -ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ -ISCCCLIBS = ../../lib/isccc/libisccc.@A@ -ISCLIBS = ../../lib/isc/libisc.@A@ -LWRESLIBS = ../../lib/lwres/liblwres.@A@ -BIND9LIBS = ../../lib/bind9/libbind9.@A@ - -DNSDEPLIBS = ../../lib/dns/libdns.@A@ -ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ -ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@ -ISCDEPLIBS = ../../lib/isc/libisc.@A@ -LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@ -BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@ - -DEPLIBS = ${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \ - ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS} - -LIBS = ${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \ - ${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@ - -TARGETS = zone2ldap@EXEEXT@ zonetodb@EXEEXT@ - -OBJS = zone2ldap.o zonetodb.o - -SRCS = zone2ldap.c zonetodb.c - -MANPAGES = zone2ldap.1 - -EXT_CFLAGS = -fPIE - -@BIND9_MAKE_RULES@ - -LDFLAGS += -pie -Wl,-z,relro,-z,now,-z,nodlopen,-z,noexecstack - -LIBTOOL_MODE_COMPILE= - -.SUFFIXES: .c .o - -zone2ldap: zone2ldap.o ${DEPLIBS} - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zone2ldap.o -lldap -llber ${LIBS} - -zonetodb: zonetodb.o ${DEPLIBS} - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ zonetodb.o -lpq ${LIBS} - -clean distclean manclean maintainer-clean:: - rm -f ${TARGETS} ${OBJS} - -installdirs: - $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} - $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1 - -install:: ${TARGETS} installdirs - ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zone2ldap ${DESTDIR}${sbindir} - ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} zonetodb ${DESTDIR}${sbindir} - ${INSTALL_DATA} ${srcdir}/zone2ldap.1 ${DESTDIR}${mandir}/man1/zone2ldap.1 diff --git a/bind-9.3.3rc2-rndckey.patch b/bind-9.3.3rc2-rndckey.patch new file mode 100644 index 0000000..4439aa0 --- /dev/null +++ b/bind-9.3.3rc2-rndckey.patch @@ -0,0 +1,53 @@ +--- bind-9.3.3rc2/bin/rndc/rndc-confgen.c.key 2004-09-28 09:14:57.000000000 +0200 ++++ bind-9.3.3rc2/bin/rndc/rndc-confgen.c 2006-09-15 08:56:25.000000000 +0200 +@@ -46,7 +46,7 @@ + #include "util.h" + + #define DEFAULT_KEYLENGTH 128 /* Bits. */ +-#define DEFAULT_KEYNAME "rndc-key" ++#define DEFAULT_KEYNAME "rndckey" + #define DEFAULT_SERVER "127.0.0.1" + #define DEFAULT_PORT 953 + +--- bind-9.3.3rc2/bin/rndc/rndc.conf.key 2004-03-06 11:21:32.000000000 +0100 ++++ bind-9.3.3rc2/bin/rndc/rndc.conf 2006-09-15 08:56:25.000000000 +0200 +@@ -23,14 +23,11 @@ + + options { + default-server localhost; +- default-key "key"; ++ default-key "rndckey"; + }; + + server localhost { +- key "key"; ++ key "rndckey"; + }; + +-key "key" { +- algorithm hmac-md5; +- secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; +-}; ++include "/etc/rndc.key"; +--- bind-9.3.3rc2/bin/rndc/rndc-confgen.8.key 2006-09-15 09:00:01.000000000 +0200 ++++ bind-9.3.3rc2/bin/rndc/rndc-confgen.8 2006-09-15 08:56:25.000000000 +0200 +@@ -116,7 +116,7 @@ + .TP 3n + \-k \fIkeyname\fR + Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is +-\fBrndc\-key\fR. ++\fBrndckey\fR. + .TP 3n + \-p \fIport\fR + Specifies the command channel port where +--- bind-9.3.3rc2/bin/rndc/rndc-confgen.docbook.key 2005-05-13 03:22:34.000000000 +0200 ++++ bind-9.3.3rc2/bin/rndc/rndc-confgen.docbook 2006-09-15 08:56:25.000000000 +0200 +@@ -160,7 +160,7 @@ + + Specifies the key name of the rndc authentication key. + This must be a valid domain name. +- The default is rndc-key. ++ The default is rndckey. + + + diff --git a/bind.spec b/bind.spec index 7aa55aa..53772b9 100644 --- a/bind.spec +++ b/bind.spec @@ -12,18 +12,19 @@ %{?!selinux: %define selinux 1} %define bind_dir /var/named %define chroot_prefix %{bind_dir}/chroot +%define prever rc2 # Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server. Name: bind License: BSD-like -Version: 9.3.2 -Release: 41%{?dist} +Version: 9.3.3 +Release: 1%{?dist} Epoch: 30 Url: http://www.isc.org/products/BIND/ Buildroot: %{_tmppath}/%{name}-root Group: System Environment/Daemons # -Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.gz +Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}%{prever}.tar.gz Source1: named.sysconfig Source2: named.init Source3: named.logrotate @@ -57,58 +58,26 @@ Source30: named.rfc1912.zones.sample Source31: named.root.hints # Patch: bind-9.2.0rc3-varrun.patch -Patch1: bind-9.3.2b2-rndckey.patch +Patch1: bind-9.3.3rc2-rndckey.patch Patch2: bind-9.3.1beta2-openssl-suffix.patch -Patch3: bind-posixthreads.patch Patch4: bind-bsdcompat.patch Patch5: bind-nonexec.patch Patch6: bind-9.2.2-nsl.patch -Patch7: bind-9.2.4rc7-pie.patch -Patch8: bind-9.3.0-handle-send-errors.patch -Patch9: bind-9.3.0-missing-dnssec-tools.patch Patch10: bind-9.3.2b1-PIE.patch Patch11: bind-9.3.2b2-sdbsrc.patch Patch12: bind-9.3.1rc1-sdb.patch Patch13: bind-9.3.1rc1-fix_libbind_includedir.patch Patch14: libbind-9.3.1rc1-fix_h_errno.patch -Patch15: bind-9.3.2b2-dbus.patch +Patch15: bind-9.3.3rc2-dbus.patch Patch16: bind-9.3.2-redhat_doc.patch Patch17: bind-9.3.2b1-fix_sdb_ldap.patch -Patch18: bind-9.3.1-reject_resolv_conf_errors.patch Patch19: bind-9.3.1-next_server_on_referral.patch Patch20: bind-9.3.2b2-no_servfail_stops.patch -Patch21: bind-9.3.2b1-fix_sdb_pgsql.patch Patch22: bind-9.3.1-sdb_dbus.patch Patch23: bind-9.3.1-dbus_archdep_libdir.patch -Patch24: bind-9.3.1-t_no_default_lookups.patch -Patch25: bind-9.3.1-fix_no_dbus_daemon.patch -Patch26: bind-9.3.1-flush-cache.patch -Patch27: bind-9.3.1-dbus_restart.patch -Patch28: bind-9.3.2rc1-dbus-0.6.patch -Patch29: bind-9.3.2-bz177854.patch -Patch30: bind-9.3.2-bz187286_fix_host_cname.patch -Patch31: bind-9.3.2-bz173961.patch +Patch28: bind-9.3.3rc2-dbus-0.6.patch Patch32: bind-9.3.2-prctl_set_dumpable.patch -Patch33: bind-9.3.2-ch2024_rt16027.patch -Patch34: bind-9.3.2-ch2013_rt15941.patch -Patch35: bind-9.3.2-ch2009_rt15808.patch -Patch36: bind-9.3.2-ch1997_rt15818.patch -Patch37: bind-9.3.2-ch1994_rt15694.patch -Patch38: bind-9.3.2-ch1991_rt15813.patch -Patch39: bind-9.3.2-9_3_3_validator.patch -Patch40: bind-9.3.2-9_3_3_resolver.patch -Patch41: bind-9.3.2-9_3_3_dns.patch -Patch42: bind-9.3.2-9_3_3_isc.patch -Patch43: bind-9.3.2-9_3_3_bind.patch -Patch44: bind-9.3.2-9_3_3_isccfg.patch -Patch45: bind-9.3.2-9_3_3_lwres.patch -Patch46: bind-9.3.2-9_3_3_named.patch -Patch47: bind-9.3.2-9_3_3_dig.patch -Patch48: bind-9.3.2-9_3_3_dnssec.patch -Patch49: bind-9.3.2-9_3_3_nsupdate.patch -Patch50: bind-9.3.2-9_3_3_tests.patch Patch51: bind-9.3.2-tmpfile.patch -Patch52: bind-9.3.2-rrsig.patch # Requires: bind-libs = %{epoch}:%{version}-%{release}, glibc >= 2.2, mktemp Requires(post): bash, coreutils, sed, grep, chkconfig >= 1.3.26 @@ -264,28 +233,13 @@ zone database. %prep -%setup -q -n %{name}-%{version} +%setup -q -n %{name}-%{version}%{prever} %patch -p1 -b .varrun %patch1 -p1 -b .key %patch2 -p1 -b .openssl_suffix -#%define posix_threads 0 -#%if %{posix_threads} -#%patch3 -p1 -b .posixthreads -#^- This patch is no longer required and would not work anyway (see BZ 87525). -#%endif %patch4 -p1 -b .bsdcompat %patch5 -p1 -b .nonexec %patch6 -p1 -b .nsl -#%patch7 -p1 -b .pie -# This patch now in patch10 -#%patch8 -p1 -b .handle_send_errors -# This patch is now in ISC bind-9.3.1x -# -#%patch9 -p1 -b .missing_dnssec_tools -#RIP dnssec-signkey and dnssec-makekeyset: -#1852. [cleanup] Remove last vestiges of dnssec-signkey and -# dnssec-makekeyset (removed from Makefile years ago). -# %patch10 -p1 -b .PIE %if %{SDB} %patch11 -p1 -b .sdbsrc @@ -323,50 +277,24 @@ cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools %if %{SDB} %patch17 -p1 -b .fix_sdb_ldap %endif -# %patch18 -p1 -b .reject_resolv_conf_errors -# patch now upstream. %patch19 -p1 -b .next_server_on_referral %patch20 -p1 -b .no_servfail_stops -# patches now upstream : -#%patch21 -p1 -b .fix_sdb_pgsql -#%patch24 -p1 -b .-t_no_default_lookups %if %{WITH_DBUS} -%patch25 -p1 -b .fix_no_dbus_daemon -%patch26 -p1 -b .flush_cache -%patch27 -p1 -b .dbus_restart %patch28 -p1 -b .dbus-0.6 -# this patch no longer required (kernel now fixed): -# %patch29 -p1 -b .bz177854 -%patch30 -p1 -b .bz187286_fix_host_cname -%patch31 -p1 -b .bz173961 -%patch32 -p1 -b .prctl_set_dumpable -%patch33 -p1 -b .ch2024_rt16027 -%patch34 -p1 -b .ch2013_rt15941 -%patch35 -p1 -b .ch2009_rt15808 -%patch36 -p1 -b .ch1997_rt15818 -%patch37 -p1 -b .ch1994_rt15694 -%patch38 -p1 -b .ch1991_rt15813 -%patch39 -p1 -b .9_3_3_validator -%patch40 -p1 -b .9_3_3_resolver -%patch41 -p1 -b .9_3_3_dns -%patch42 -p1 -b .9_3_3_isc -%patch43 -p1 -b .9_3_3_bind -%patch44 -p1 -b .9_3_3_isccfg -%patch45 -p1 -b .9_3_3_lwres -%patch46 -p1 -b .9_3_3_named -%patch47 -p1 -b .9_3_3_dig -%patch48 -p1 -b .9_3_3_dnssec -%patch49 -p1 -b .9_3_3_nsupdate -%patch50 -p1 -b .9_3_3_tests -%patch51 -p1 -b .tmp -%patch52 -p1 -b .rrsig # # this must follow all dbus patches: +# +cp -fp contrib/dbus/{dbus_mgr.c,dbus_service.c} bin/named +cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named %if %{SDB} -cp -fp bin/named/{dbus_mgr.c,dbus_service.c,log.c,server.c} bin/named_sdb -cp -fp bin/named/include/named/{dbus_mgr.h,dbus_service.h,globals.h,server.h,log.h,types.h} bin/named_sdb/include/named +cp -fp contrib/dbus/{dbus_mgr.c,dbus_service.c} bin/named_sdb +cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named_sdb/include/named +cp -fp bin/named/{log.c,server.c} bin/named_sdb +cp -fp bin/named/include/named/{globals.h,server.h,log.h,types.h} bin/named_sdb/include/named %endif %endif +%patch32 -p1 -b .prctl_set_dumpable +%patch51 -p1 -b .tmp :; @@ -854,6 +782,9 @@ rm -rf ${RPM_BUILD_ROOT} :; %changelog +* Fri Sep 15 2006 Martin Stransky - 30:9.3.3-1 +- updated to the latest upstream (9.3.3rc2) + * Wed Sep 6 2006 Martin Stransky - 30:9.3.2-41 - added upstream patch for correct SIG handling - CVE-2006-4095 diff --git a/sources b/sources index ce42be2..15f1573 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ 3567c35a24cb83a8a69443a399bbb6c8 bind-chroot.tar.gz 13fef79f99fcefebb51d84b08805de51 libbind-man.tar.gz -55e709501a7780233c36e25ccd15ece2 bind-9.3.2.tar.gz +e68a8211f7e2dc9acda4d279a123379c bind-9.3.3rc2.tar.gz