diff --git a/.gitignore b/.gitignore index 0cb91f0..550e2d1 100644 --- a/.gitignore +++ b/.gitignore @@ -156,3 +156,5 @@ bind-9.7.2b1.tar.gz /bind-9.16.19.tar.xz.asc /bind-9.16.20.tar.xz /bind-9.16.20.tar.xz.asc +/bind-9.16.21.tar.xz +/bind-9.16.21.tar.xz.asc diff --git a/bind-9.11-rh1666814.patch b/bind-9.11-rh1666814.patch index e66a5ab..533781d 100644 --- a/bind-9.11-rh1666814.patch +++ b/bind-9.11-rh1666814.patch @@ -1,4 +1,4 @@ -From a1a4730c1f02cd85680cf7608ac81e0db59ee522 Mon Sep 17 00:00:00 2001 +From d05d116da39c0a5c580ceaac6ba069899b82c5a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Wed, 16 Jan 2019 16:27:33 +0100 Subject: [PATCH] Fix possible crash when loading corrupted file @@ -6,23 +6,14 @@ Subject: [PATCH] Fix possible crash when loading corrupted file Some values passes internal triggers by coincidence. Fix the check and check also first_node_offset before even passing it further. --- - lib/dns/rbt.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) + lib/dns/rbt.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c -index ef6441b..404fd6d 100644 +index 5aee5f6..7f2c2d2 100644 --- a/lib/dns/rbt.c +++ b/lib/dns/rbt.c -@@ -754,7 +754,7 @@ treefix(dns_rbt_t *rbt, void *base, size_t filesize, dns_rbtnode_t *n, - } - - CONFIRM((void *)n >= base); -- CONFIRM((char *)n - (char *)base <= (int)nodemax); -+ CONFIRM((size_t)((char *)n - (char *)base) <= (int)nodemax); - CONFIRM(DNS_RBTNODE_VALID(n)); - - dns_name_init(&nodename, NULL); -@@ -911,7 +911,9 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize, +@@ -945,7 +945,9 @@ dns_rbt_deserialize_tree(void *base_address, size_t filesize, rbt->root = (dns_rbtnode_t *)((char *)base_address + header_offset + header->first_node_offset); @@ -34,5 +25,5 @@ index ef6441b..404fd6d 100644 goto cleanup; } -- -2.21.1 +2.31.1 diff --git a/bind-9.16.20-map-format-fix.patch b/bind-9.16.20-map-format-fix.patch deleted file mode 100644 index f6e3c9b..0000000 --- a/bind-9.16.20-map-format-fix.patch +++ /dev/null @@ -1,8 +0,0 @@ ---- a/lib/dns/mapapi -+++ b/lib/dns/mapapi -@@ -13,4 +13,4 @@ - # Whenever releasing a new major release of BIND9, set this value - # back to 1.0 when releasing the first alpha. Map files are *never* - # compatible across major releases. --MAPAPI=2.0 -+MAPAPI=3.0 diff --git a/bind.spec b/bind.spec index 080306e..2737d16 100644 --- a/bind.spec +++ b/bind.spec @@ -52,8 +52,8 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Name: bind License: MPLv2.0 -Version: 9.16.20 -Release: 4%{?dist} +Version: 9.16.21 +Release: 1%{?dist} Epoch: 32 Url: https://www.isc.org/downloads/bind/ # @@ -92,8 +92,6 @@ Patch72: bind-9.5-dlz-64bit.patch Patch106:bind93-rh490837.patch Patch112:bind97-rh645544.patch Patch130:bind-9.9.1-P2-dlz-libdb.patch -# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/2688 -Patch133:bind99-rh640538.patch # Make PKCS11 used only for pkcs11 parts Patch135:bind-9.14-config-pkcs11.patch # Fedora specific patch to distribute native-pkcs#11 functionality @@ -102,9 +100,8 @@ Patch136:bind-9.10-dist-native-pkcs11.patch Patch149:bind-9.11-kyua-pkcs11.patch Patch157:bind-9.11-fips-tests.patch +# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/2689 Patch164:bind-9.11-rh1666814.patch -# https://gitlab.isc.org/isc-projects/bind9/-/issues/2872 -Patch172:https://downloads.isc.org/isc/bind9/9.16.20/patches/bind-9.16.20-map-format-fix.patch %{?systemd_ordering} Requires: coreutils @@ -403,7 +400,6 @@ in HTML and PDF format. %patch130 -p1 -b .libdb %patch157 -p1 -b .fips-tests %patch164 -p1 -b .rh1666814 -%patch172 -p1 -b .map-format %if %{with PKCS11} %patch135 -p1 -b .config-pkcs11 @@ -415,9 +411,6 @@ cp -r lib/ns{,-pkcs11} %patch149 -p1 -b .kyua-pkcs11 %endif -%patch133 -p1 -b .rh640538 -touch doc/man/dig.rst - # Sparc and s390 arches need to use -fPIE %ifarch sparcv9 sparc64 s390 s390x for i in bin/named/{,unix}/Makefile.in; do @@ -1128,10 +1121,12 @@ fi; %endif %changelog +* Wed Sep 15 2021 Petr Menšík - 32:9.16.21-1 +- Update to 9.16.21 + * Tue Sep 14 2021 Sahana Prasad - 32:9.16.20-4 - Rebuilt with OpenSSL 3.0.0 - * Wed Aug 25 2021 Petr Menšík - 32:9.16.20-3 - Increase map format version, lower memory consuption a bit (#1997504) - Remove unneeded test variants changes diff --git a/bind99-rh640538.patch b/bind99-rh640538.patch deleted file mode 100644 index 833c476..0000000 --- a/bind99-rh640538.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d3c58d860737f0f70eff05edad77e0b2a90d4cb9 Mon Sep 17 00:00:00 2001 -From: Petr Mensik -Date: Fri, 19 Jun 2020 18:48:23 +0200 -Subject: [PATCH] .rh640538 - ---- - bin/dig/dig.rst | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/bin/dig/dig.rst b/bin/dig/dig.rst -index bef52ba..9f16607 100644 ---- a/bin/dig/dig.rst -+++ b/bin/dig/dig.rst -@@ -615,6 +615,26 @@ To turn off IDN support, use the parameters - ``+noidnin`` and ``+noidnout``, or define the ``IDN_DISABLE`` environment - variable. - -+Return Codes -+~~~~~~~~~~~~ -+ -+``dig`` return codes are: -+ -+``0`` -+ Response received, including NXDOMAIN status -+ -+``1`` -+ Usage error -+ -+``8`` -+ Couldn't open batch file -+ -+``9`` -+ No reply from server -+ -+``10`` -+ Internal error -+ - Files - ~~~~~ - --- -2.26.2 - diff --git a/sources b/sources index b49745d..c51be57 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (bind-9.16.20.tar.xz) = bd4ffcc2589ca8f1ac228576ec11e86f317d5a78d7964a0a7ae70b2fa38831d5bd65c2e8c35d8190502de7139f85d8b080b3b8ee968811a8df78e5761781525d -SHA512 (bind-9.16.20.tar.xz.asc) = ae4fdcd0ab40ac4adce6154ef3b251a552a7cd42dc8ebfd1c38dfd0a6ead5d6e74e67cb1f4247c4a3fb25a9580043635cc946e536f2a7ec8bc9e654dde2d58bf +SHA512 (bind-9.16.21.tar.xz) = 2cb71e50600fd7409ca7b7e2e9cf4ef6668b07faad7980ac8060e6a76f30a315182d75534ad1dcfb740c225cdf727b2bd6aa9ceb24ab77ffff09b7b5d6eaca2d +SHA512 (bind-9.16.21.tar.xz.asc) = 6bed602050fe42e63b9073da0dc8563848406a4ac36d3c621a618c22d856fc6185304446a958ca534c780a384fec870801f2a92d3aa4e07b0afba46eb17c187a