diff --git a/bind-9.3.2-prctl_set_dumpable.patch b/bind-9.3.2-prctl_set_dumpable.patch deleted file mode 100644 index 1ce6033..0000000 --- a/bind-9.3.2-prctl_set_dumpable.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- bind-9.3.2/bin/named/unix/os.c.prctl_set_dumpable 2005-05-19 21:37:19.000000000 -0400 -+++ bind-9.3.2/bin/named/unix/os.c 2006-04-04 16:43:11.000000000 -0400 -@@ -252,6 +252,10 @@ - caps |= (1 << CAP_SYS_RESOURCE); - - linux_setcaps(caps); -+ -+ /* allow us to continue to be able to generate coredumps after setuid: -+ */ -+ prctl(PR_SET_DUMPABLE,1,0,0,0); - } - - #ifdef HAVE_SYS_PRCTL_H diff --git a/bind-9.5-CVE-2008-0122.patch b/bind-9.5-CVE-2008-0122.patch new file mode 100644 index 0000000..38e0a4b --- /dev/null +++ b/bind-9.5-CVE-2008-0122.patch @@ -0,0 +1,20 @@ +Index: lib/bind/inet/inet_network.c +=================================================================== +RCS file: /var/snap/bind9/lib/bind/inet/inet_network.c,v +retrieving revision 1.5 +retrieving revision 1.6 +diff -u -r1.5 -r1.6 +--- lib/bind/inet/inet_network.c 27 Apr 2005 04:56:21 -0000 1.5 ++++ lib/bind/inet/inet_network.c 15 Jan 2008 04:02:01 -0000 1.6 +@@ -84,9 +84,9 @@ + } + if (!digit) + return (INADDR_NONE); ++ if (pp >= parts + 4 || val > 0xffU) ++ return (INADDR_NONE); + if (*cp == '.') { +- if (pp >= parts + 4 || val > 0xffU) +- return (INADDR_NONE); + *pp++ = val, cp++; + goto again; + } diff --git a/bind-9.5-parallel-build.patch b/bind-9.5-parallel-build.patch new file mode 100644 index 0000000..53e34ca --- /dev/null +++ b/bind-9.5-parallel-build.patch @@ -0,0 +1,14 @@ +diff -up bind-9.5.0b1/lib/dns/Makefile.in.parallel bind-9.5.0b1/lib/dns/Makefile.in +--- bind-9.5.0b1/lib/dns/Makefile.in.parallel 2008-01-17 18:27:38.000000000 +0100 ++++ bind-9.5.0b1/lib/dns/Makefile.in 2008-01-17 18:27:45.000000000 +0100 +@@ -19,10 +19,6 @@ srcdir = @srcdir@ + VPATH = @srcdir@ + top_srcdir = @top_srcdir@ + +-# Attempt to disable parallel processing. +-.NOTPARALLEL: +-.NO_PARALLEL: +- + @BIND9_VERSION@ + + @LIBDNS_API@ diff --git a/bind.spec b/bind.spec index 4aa8963..650555d 100644 --- a/bind.spec +++ b/bind.spec @@ -20,7 +20,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.5.0 -Release: 23.%{RELEASEVER}%{?dist} +Release: 24.%{RELEASEVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -56,12 +56,13 @@ Patch6: bind-9.2.2-nsl.patch Patch10: bind-9.3.2b1-PIE.patch Patch13: bind-9.3.1rc1-fix_libbind_includedir.patch Patch16: bind-9.3.2-redhat_doc.patch -Patch32: bind-9.3.2-prctl_set_dumpable.patch Patch63: bind-9.4.0-dnssec-directory.patch Patch69: bind-9.5.0-generate-xml.patch Patch71: bind-9.5-overflow.patch Patch72: bind-9.5-dlz-64bit.patch Patch84: bind-9.5-gssapi-header.patch +Patch86: bind-9.5-CVE-2008-0122.patch +Patch87: bind-9.5-parallel-build.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -237,7 +238,6 @@ cp -fp contrib/sdb/sqlite/zone2sqlite.c bin/sdb_tools cp -fp contrib/dbus/{dbus_mgr.c,dbus_service.c} bin/named cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named %endif -%patch32 -p1 -b .prctl_set_dumpable %if %{SDB} %patch62 -p1 -b .sdb-sqlite-bld %endif @@ -250,6 +250,8 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named %patch83 -p1 -b .libidn2 %patch84 -p1 -b .gssapi-header %patch85 -p1 -b .libidn3 +%patch86 -p0 -b .CVE-2008-0122 +%patch87 -p1 -b .parallel :; @@ -650,6 +652,11 @@ rm -rf ${RPM_BUILD_ROOT} %{_sbindir}/bind-chroot-admin %changelog +* Tue Jan 22 2008 Adam Tkac 32:9.5.0-24.b1 +- removed bind-9.3.2-prctl_set_dumpable.patch (upstream) +- allow parallel building of libdns library +- CVE-2008-0122 + * Thu Dec 27 2007 Adam Tkac 32:9.5.0-23.b1 - fixed initscript wait loop (#426382) - removed dependency on policycoreutils and libselinux (#426515)