1
0
forked from rpms/bind

import bind-9.16.23-1.el9

This commit is contained in:
CentOS Sources 2022-01-11 12:49:01 -05:00 committed by Stepan Oksanichenko
parent e0861c561a
commit 13a9717633
9 changed files with 42 additions and 94 deletions

View File

@ -1 +1 @@
771bbb31ab0bfcf3f50effa0af4df6014853ac86 SOURCES/bind-9.16.20.tar.xz 30cbd1f3e9d2d47d653498143334128aac1f8fc0 SOURCES/bind-9.16.23.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/bind-9.16.20.tar.xz SOURCES/bind-9.16.23.tar.xz

View File

@ -1,4 +1,4 @@
From a1a4730c1f02cd85680cf7608ac81e0db59ee522 Mon Sep 17 00:00:00 2001 From 0f03071080e7fa68433b322359d46abaca2cc5ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 16 Jan 2019 16:27:33 +0100 Date: Wed, 16 Jan 2019 16:27:33 +0100
Subject: [PATCH] Fix possible crash when loading corrupted file Subject: [PATCH] Fix possible crash when loading corrupted file
@ -6,23 +6,14 @@ Subject: [PATCH] Fix possible crash when loading corrupted file
Some values passes internal triggers by coincidence. Fix the check and Some values passes internal triggers by coincidence. Fix the check and
check also first_node_offset before even passing it further. check also first_node_offset before even passing it further.
--- ---
lib/dns/rbt.c | 6 ++++-- lib/dns/rbt.c | 4 +++-
1 file changed, 4 insertions(+), 2 deletions(-) 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
index ef6441b..404fd6d 100644 index 5aee5f6..7f2c2d2 100644
--- a/lib/dns/rbt.c --- a/lib/dns/rbt.c
+++ b/lib/dns/rbt.c +++ b/lib/dns/rbt.c
@@ -754,7 +754,7 @@ treefix(dns_rbt_t *rbt, void *base, size_t filesize, dns_rbtnode_t *n, @@ -945,7 +945,9 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize,
}
CONFIRM((void *)n >= base);
- CONFIRM((char *)n - (char *)base <= (int)nodemax);
+ CONFIRM((size_t)((char *)n - (char *)base) <= (int)nodemax);
CONFIRM(DNS_RBTNODE_VALID(n));
dns_name_init(&nodename, NULL);
@@ -911,7 +911,9 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize,
rbt->root = (dns_rbtnode_t *)((char *)base_address + header_offset + rbt->root = (dns_rbtnode_t *)((char *)base_address + header_offset +
header->first_node_offset); header->first_node_offset);
@ -34,5 +25,5 @@ index ef6441b..404fd6d 100644
goto cleanup; goto cleanup;
} }
-- --
2.21.1 2.31.1

View File

@ -1,8 +0,0 @@
--- a/lib/dns/mapapi
+++ b/lib/dns/mapapi
@@ -13,4 +13,4 @@
# Whenever releasing a new major release of BIND9, set this value
# back to 1.0 when releasing the first alpha. Map files are *never*
# compatible across major releases.
-MAPAPI=2.0
+MAPAPI=3.0

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABAgAdFiEE6atueSM8BBbomT9FDAOvqQpZZ8QFAmETiLIACgkQDAOvqQpZ
Z8SWCBAAn9moH3eaxJit2rMp6119PTx1VJNDAM7IM2jhszhnU5pkbXKZjIusbYJl
9xPpWr64nx7WSWXvoyR/5DwKERNrYXx4klot6eMa/abIJiNDsVFdai8qJjJtqdcs
wnvtlYs0OYIpbg8kBfCMUBiEfUdQVxE3XKrbBZ/i7SdnMDnYnpymZbDhkJK7mc+M
jG0lG77CXdZOpP33LxahXfY63mfm5bK7/MHGF+J8Yxk0Dveh56znYXmCmXYQIw6L
mmXT56wA+XBsXLIReHgM8prXxwRjFa704WmnPPegWAyEIbL8siWHE/h4zlp6TXl1
TZyT6cz54kZ1RiEuM4IMVEy0FHXOw/sR6+/bHixGCUw4QZqnsUWt0stzSgMQXgj4
D+1VtnGZ7tIhyzAGuN1xFX7tjR244jgnNsJlvWMS+NYkCs0zF2wMt7LgwSvf0RVY
UEGDlLs39fl/pJdyU/kdBSbC6ZKvF2+TDqReaQwiWt6M+GqWGYK1XG1q5oZ7Y9in
jmcJWrhLdaq17YB+Z9LS69m2hY+Qob4zyErXscSCDiL114Mcp9YCbj9dp3+rI/vY
USJA23O2D2RnMc5PuLg1Iyh1f9VkT1VI2I/qT5L3mrs4F56G0FcMYofgNcaWaY/X
H2xDz+h5OHE9DqYLuGaP/23bP9Gt1GHy8DB6ZtUtDp5wuVMSho0=
=Ryzr
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIzBAABAgAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAmGKhMcACgkQxbTukxqf
nf1EbQ//YXsBbMtyI3c0MoleSi5zwzcpCTZTWTFHqH5WUiruLMDF453j/Fn2zaSC
WuaUnhN61dR+BVtX+D2Y8GiVQFICo5X1nJj0jb/TcflXFq7YLWUAO0NPwPkBL1J4
/PA0YCp1zYcvBXIxTKaU7AcBxlKmcGLdZcgCyGU6NSKaOJSxHOWXM460uD/crskB
iSPEbMevN9TTJs9webztJNKH/3BuNkOD9SFb6JlUIQqwKx1v8rosgdI7BvgGMZqy
s+10+GlIRFFvsX2XkX8BnjDlQ1QdzDOAoyCU+Se9rXDqu+zZf1VN4ReUCSDuPYf9
z+GW1EbMxuZzEKrEIJvhnVNNiHqtKVaK6IIUX5bHqgPLEx87HxJMOPmbyBc1kDAe
0WCmsITaq62WvKOG8Ho8wLrlG4AAO5+A7xit4bJ4XUtLiqyt+9FUIeEFY9nZb/6O
OXK9eBMZHZ++r52RtA+GYZllkNRpzwnULOdR/9svVQuc10/MjnRoFqInzLlqwfwm
2q6r372oWn8+MUvjQVBgzprn5BvY+HDo2gNEYEi5QyR3ql2dX/Qz7iUdUfhRvMNL
FdPt3B3kktfOV98p/imrIwLwVVWwKBlphntkRxLtSZBs3nbo27F/ND54fixC2eCa
epB6FF5IquzQ/MOiz4uql3YexNDQQ+7N2IGPJVMwO2ILAyZDNOQ=
=pVtf
-----END PGP SIGNATURE-----

View File

@ -1,43 +0,0 @@
From d3c58d860737f0f70eff05edad77e0b2a90d4cb9 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Fri, 19 Jun 2020 18:48:23 +0200
Subject: [PATCH] .rh640538
---
bin/dig/dig.rst | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/bin/dig/dig.rst b/bin/dig/dig.rst
index bef52ba..9f16607 100644
--- a/bin/dig/dig.rst
+++ b/bin/dig/dig.rst
@@ -615,6 +615,26 @@ To turn off IDN support, use the parameters
``+noidnin`` and ``+noidnout``, or define the ``IDN_DISABLE`` environment
variable.
+Return Codes
+~~~~~~~~~~~~
+
+``dig`` return codes are:
+
+``0``
+ Response received, including NXDOMAIN status
+
+``1``
+ Usage error
+
+``8``
+ Couldn't open batch file
+
+``9``
+ No reply from server
+
+``10``
+ Internal error
+
Files
~~~~~
--
2.26.2

View File

@ -20,6 +20,7 @@
/usr/lib/named /usr/lib/named
/usr/share/GeoIP /usr/share/GeoIP
/run/named /run/named
/proc/sys/net/ipv4/ip_local_port_range
# Warning: the order is important # Warning: the order is important
# If a directory containing $ROOTDIR is listed here, # If a directory containing $ROOTDIR is listed here,
# it MUST be listed last. (/var/named contains /var/named/chroot) # it MUST be listed last. (/var/named contains /var/named/chroot)

View File

@ -30,7 +30,7 @@
%global chroot_prefix %{bind_dir}/chroot %global chroot_prefix %{bind_dir}/chroot
%global chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\ %global chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
%{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\ %{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
%{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP %{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
%global selinuxbooleans named_write_master_zones=1 %global selinuxbooleans named_write_master_zones=1
## The order of libs is important. See lib/Makefile.in for details ## The order of libs is important. See lib/Makefile.in for details
@ -50,8 +50,8 @@
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind Name: bind
License: MPLv2.0 License: MPLv2.0
Version: 9.16.20 Version: 9.16.23
Release: 2%{?dist} Release: 1%{?dist}
Epoch: 32 Epoch: 32
Url: https://www.isc.org/downloads/bind/ Url: https://www.isc.org/downloads/bind/
# #
@ -90,7 +90,6 @@ Patch72: bind-9.5-dlz-64bit.patch
Patch106:bind93-rh490837.patch Patch106:bind93-rh490837.patch
Patch112:bind97-rh645544.patch Patch112:bind97-rh645544.patch
Patch130:bind-9.9.1-P2-dlz-libdb.patch Patch130:bind-9.9.1-P2-dlz-libdb.patch
Patch133:bind99-rh640538.patch
# Make PKCS11 used only for pkcs11 parts # Make PKCS11 used only for pkcs11 parts
Patch135:bind-9.14-config-pkcs11.patch Patch135:bind-9.14-config-pkcs11.patch
# Fedora specific patch to distribute native-pkcs#11 functionality # Fedora specific patch to distribute native-pkcs#11 functionality
@ -102,9 +101,6 @@ Patch157:bind-9.11-fips-tests.patch
Patch164:bind-9.11-rh1666814.patch Patch164:bind-9.11-rh1666814.patch
Patch170:bind-9.11-feature-test-named.patch Patch170:bind-9.11-feature-test-named.patch
Patch171:bind-9.11-tests-variants.patch Patch171:bind-9.11-tests-variants.patch
# https://gitlab.isc.org/isc-projects/bind9/-/issues/2872
# https://kb.isc.org/docs/map-zone-format-incompatibility-in-bind-9-16-20-and-9-17-17
Patch172:https://downloads.isc.org/isc/bind9/9.16.20/patches/bind-9.16.20-map-format-fix.patch
%{?systemd_ordering} %{?systemd_ordering}
Requires: coreutils Requires: coreutils
@ -405,7 +401,6 @@ in HTML and PDF format.
%patch164 -p1 -b .rh1666814 %patch164 -p1 -b .rh1666814
%patch170 -p1 -b .featuretest-named %patch170 -p1 -b .featuretest-named
%patch171 -p1 -b .test-variant %patch171 -p1 -b .test-variant
%patch172 -p1 -b .map-format
%if %{with PKCS11} %if %{with PKCS11}
%patch135 -p1 -b .config-pkcs11 %patch135 -p1 -b .config-pkcs11
@ -417,8 +412,6 @@ cp -r lib/ns{,-pkcs11}
%patch149 -p1 -b .kyua-pkcs11 %patch149 -p1 -b .kyua-pkcs11
%endif %endif
%patch133 -p1 -b .rh640538
# Sparc and s390 arches need to use -fPIE # Sparc and s390 arches need to use -fPIE
%ifarch sparcv9 sparc64 s390 s390x %ifarch sparcv9 sparc64 s390 s390x
for i in bin/named/{,unix}/Makefile.in; do for i in bin/named/{,unix}/Makefile.in; do
@ -1057,6 +1050,7 @@ fi;
%dir %{chroot_prefix}/%{_libdir} %dir %{chroot_prefix}/%{_libdir}
%dir %{chroot_prefix}/%{_libdir}/bind %dir %{chroot_prefix}/%{_libdir}/bind
%dir %{chroot_prefix}/%{_datadir}/GeoIP %dir %{chroot_prefix}/%{_datadir}/GeoIP
%{chroot_prefix}/proc
%defattr(0660,root,named,01770) %defattr(0660,root,named,01770)
%dir %{chroot_prefix}%{_localstatedir}/named %dir %{chroot_prefix}%{_localstatedir}/named
%defattr(0660,named,named,0770) %defattr(0660,named,named,0770)
@ -1129,6 +1123,18 @@ fi;
%endif %endif
%changelog %changelog
* Fri Nov 19 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.23-1
- Update to 9.16.23 (#2024210)
* Wed Oct 13 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-5
- Propagate ephemeral port ranges to chroot (#2013595)
* Tue Oct 12 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-4
- Fixes listening on TCP in some race conditions (#1999691)
* Tue Oct 12 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-3
- Include documentation of dig return codes (#1989909)
* Thu Aug 19 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-2 * Thu Aug 19 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-2
- Fix map file format incompatibility - Fix map file format incompatibility
- Actually enable LMDB support - Actually enable LMDB support