- removed bind-9.3.2-prctl_set_dumpable.patch (upstream)

- allow parallel building of libdns library
- CVE-2008-0122

bind-9.3.2-prctl_set_dumpable.patch

@@ -1,13 +0,0 @@
---- bind-9.3.2/bin/named/unix/os.c.prctl_set_dumpable	2005-05-19 21:37:19.000000000 -0400
-+++ bind-9.3.2/bin/named/unix/os.c	2006-04-04 16:43:11.000000000 -0400
-@@ -252,6 +252,10 @@
- 	caps |= (1 << CAP_SYS_RESOURCE);
- 
- 	linux_setcaps(caps);
-+
-+	/* allow us to continue to be able to generate coredumps after setuid:
-+	 */
-+	prctl(PR_SET_DUMPABLE,1,0,0,0);
- }
- 
- #ifdef HAVE_SYS_PRCTL_H

bind-9.5-CVE-2008-0122.patch

@@ -0,0 +1,20 @@
+Index: lib/bind/inet/inet_network.c
+===================================================================
+RCS file: /var/snap/bind9/lib/bind/inet/inet_network.c,v
+retrieving revision 1.5
+retrieving revision 1.6
+diff -u -r1.5 -r1.6
+--- lib/bind/inet/inet_network.c	27 Apr 2005 04:56:21 -0000	1.5
++++ lib/bind/inet/inet_network.c	15 Jan 2008 04:02:01 -0000	1.6
+@@ -84,9 +84,9 @@
+ 	}
+ 	if (!digit)
+ 		return (INADDR_NONE);
++	if (pp >= parts + 4 || val > 0xffU)
++		return (INADDR_NONE);
+ 	if (*cp == '.') {
+-		if (pp >= parts + 4 || val > 0xffU)
+-			return (INADDR_NONE);
+ 		*pp++ = val, cp++;
+ 		goto again;
+ 	}

bind-9.5-parallel-build.patch

@@ -0,0 +1,14 @@
+diff -up bind-9.5.0b1/lib/dns/Makefile.in.parallel bind-9.5.0b1/lib/dns/Makefile.in
+--- bind-9.5.0b1/lib/dns/Makefile.in.parallel	2008-01-17 18:27:38.000000000 +0100
++++ bind-9.5.0b1/lib/dns/Makefile.in	2008-01-17 18:27:45.000000000 +0100
+@@ -19,10 +19,6 @@ srcdir =	@srcdir@
+ VPATH =		@srcdir@
+ top_srcdir =	@top_srcdir@
+ 
+-# Attempt to disable parallel processing.
+-.NOTPARALLEL:
+-.NO_PARALLEL:
+-
+ @BIND9_VERSION@
+ 
+ @LIBDNS_API@

bind.spec

@@ -20,7 +20,7 @@ Summary: 	The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name: 		bind
 License: 	ISC
 Version: 	9.5.0
-Release: 	23.%{RELEASEVER}%{?dist}
+Release: 	24.%{RELEASEVER}%{?dist}
 Epoch:   	32
 Url: 		http://www.isc.org/products/BIND/
 Buildroot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -56,12 +56,13 @@ Patch6: 	bind-9.2.2-nsl.patch
 Patch10: 	bind-9.3.2b1-PIE.patch
 Patch13: 	bind-9.3.1rc1-fix_libbind_includedir.patch
 Patch16: 	bind-9.3.2-redhat_doc.patch
-Patch32:	bind-9.3.2-prctl_set_dumpable.patch
 Patch63:	bind-9.4.0-dnssec-directory.patch
 Patch69:	bind-9.5.0-generate-xml.patch
 Patch71:	bind-9.5-overflow.patch
 Patch72:	bind-9.5-dlz-64bit.patch
 Patch84:	bind-9.5-gssapi-header.patch
+Patch86:	bind-9.5-CVE-2008-0122.patch
+Patch87:	bind-9.5-parallel-build.patch
 
 # SDB patches
 Patch11: 	bind-9.3.2b2-sdbsrc.patch
@@ -237,7 +238,6 @@ cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools
 cp -fp contrib/dbus/{dbus_mgr.c,dbus_service.c} bin/named
 cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named
 %endif
-%patch32 -p1 -b .prctl_set_dumpable
 %if %{SDB}
 %patch62 -p1 -b .sdb-sqlite-bld
 %endif
@@ -250,6 +250,8 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named
 %patch83 -p1 -b .libidn2
 %patch84 -p1 -b .gssapi-header
 %patch85 -p1 -b .libidn3
+%patch86 -p0 -b .CVE-2008-0122
+%patch87 -p1 -b .parallel
 :;
 
 
@@ -650,6 +652,11 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_sbindir}/bind-chroot-admin
 
 %changelog
+* Tue Jan 22 2008 Adam Tkac <atkac redhat com> 32:9.5.0-24.b1
+- removed bind-9.3.2-prctl_set_dumpable.patch (upstream)
+- allow parallel building of libdns library
+- CVE-2008-0122
+
 * Thu Dec 27 2007 Adam Tkac <atkac redhat com> 32:9.5.0-23.b1
 - fixed initscript wait loop (#426382)
 - removed dependency on policycoreutils and libselinux (#426515)