From da82fe36450f09c4a03819a9aa9ff493372dbf1b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 14 2020 01:08:00 +0000 Subject: import bind-9.11.20-3.el8 --- diff --git a/.bind.metadata b/.bind.metadata index 8da89f4..6031674 100644 --- a/.bind.metadata +++ b/.bind.metadata @@ -1,2 +1,2 @@ -f62726f2379eb1f2921c64c20f6668ce3db190c2 SOURCES/bind-9.11.19.tar.gz +ff6ad0d3f9282a77786e93eb889154008ef1ccdf SOURCES/bind-9.11.20.tar.gz a164fcad1d64d6b5fab5034928cb7260f1fa8fdd SOURCES/random.data diff --git a/.gitignore b/.gitignore index 6a6db0d..e7ad81f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/bind-9.11.19.tar.gz +SOURCES/bind-9.11.20.tar.gz SOURCES/random.data diff --git a/SOURCES/bind-9.11-export-isc-config.patch b/SOURCES/bind-9.11-export-isc-config.patch deleted file mode 100644 index fd5622c..0000000 --- a/SOURCES/bind-9.11-export-isc-config.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git a/export-libs/Makefile b/export-libs/Makefile -index df15ea8..13f416b 100644 ---- a/export-libs/Makefile -+++ b/export-libs/Makefile -@@ -404,20 +404,18 @@ installdirs: - $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1 - - install:: isc-config.sh installdirs -- ${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir} -- rm -f ${DESTDIR}${bindir}/bind9-config -- ln ${DESTDIR}${bindir}/isc-config.sh ${DESTDIR}${bindir}/bind9-config -- ${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1 -- rm -f ${DESTDIR}${mandir}/man1/bind9-config.1 -- ln ${DESTDIR}${mandir}/man1/isc-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-config.1 -- ${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir} -+ ${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}/isc-export-config.sh -+ rm -f ${DESTDIR}${bindir}/bind9-export-config -+ ln ${DESTDIR}${bindir}/isc-export-config.sh ${DESTDIR}${bindir}/bind9-export-config -+ ${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1/isc-export-config.sh.1 -+ rm -f ${DESTDIR}${mandir}/man1/bind9-export-config.1 -+ ln ${DESTDIR}${mandir}/man1/isc-export-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-export-config.1 - - uninstall:: -- rm -f ${DESTDIR}${sysconfdir}/bind.keys -- rm -f ${DESTDIR}${mandir}/man1/bind9-config.1 -- rm -f ${DESTDIR}${mandir}/man1/isc-config.sh.1 -- rm -f ${DESTDIR}${bindir}/bind9-config -- rm -f ${DESTDIR}${bindir}/isc-config.sh -+ rm -f ${DESTDIR}${mandir}/man1/bind9-export-config.1 -+ rm -f ${DESTDIR}${mandir}/man1/isc-export-config.sh.1 -+ rm -f ${DESTDIR}${bindir}/bind9-export-config -+ rm -f ${DESTDIR}${bindir}/isc-export-config.sh - - tags: - rm -f TAGS diff --git a/SOURCES/bind-9.11-rh1624100.patch b/SOURCES/bind-9.11-rh1624100.patch index 5764ed7..0775820 100644 --- a/SOURCES/bind-9.11-rh1624100.patch +++ b/SOURCES/bind-9.11-rh1624100.patch @@ -1,4 +1,4 @@ -From 76594cba9a1e910bb36160d96fc3872349341799 Mon Sep 17 00:00:00 2001 +From f27598743ab6e03271e26f23da4beba748d19c60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 25 Apr 2018 14:04:31 +0200 Subject: [PATCH] Replace isc_safe routines with their OpenSSL counter parts @@ -24,10 +24,10 @@ Fix the isc_safe_memwipe() usage with (NULL, >0) delete mode 100644 lib/isc/safe.c diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c -index 6ddaebe..d921870 100644 +index 6dded0c..a9c5557 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c -@@ -787,7 +787,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name, +@@ -784,7 +784,7 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name, static int hashlist_comp(const void *a, const void *b) { @@ -81,7 +81,7 @@ index ad77f24..670982a 100644 /* accept_sec_context.c */ diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in -index 0fd0837..8ad54bb 100644 +index 149552a..8529a86 100644 --- a/lib/isc/Makefile.in +++ b/lib/isc/Makefile.in @@ -60,7 +60,7 @@ OBJS = @ISC_EXTRA_OBJS@ @ISC_PK11_O@ @ISC_PK11_RESULT_O@ \ @@ -91,7 +91,7 @@ index 0fd0837..8ad54bb 100644 - safe.@O@ serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \ + serial.@O@ siphash.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \ string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \ - tm.@O@ timer.@O@ version.@O@ \ + tm.@O@ timer.@O@ utf8.@O@ version.@O@ \ ${UNIXOBJS} ${NLSOBJS} ${THREADOBJS} @@ -79,7 +79,7 @@ SRCS = @ISC_EXTRA_SRCS@ @ISC_PK11_C@ @ISC_PK11_RESULT_C@ \ netaddr.c netscope.c pool.c ondestroy.c \ @@ -100,7 +100,7 @@ index 0fd0837..8ad54bb 100644 - safe.c serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \ + serial.c siphash.c sha1.c sha2.c sockaddr.c stats.c string.c \ strtoul.c symtab.c task.c taskpool.c timer.c \ - tm.c version.c + tm.c utf8.c version.c @@ -95,10 +95,6 @@ TESTDIRS = @UNITTESTS@ @@ -284,5 +284,5 @@ index 266ac75..60e9181 100644 return (cmocka_run_group_tests(tests, NULL, NULL)); -- -2.20.1 +2.26.2 diff --git a/SOURCES/bind97-rh645544.patch b/SOURCES/bind97-rh645544.patch index d1d8429..c15eeb5 100644 --- a/SOURCES/bind97-rh645544.patch +++ b/SOURCES/bind97-rh645544.patch @@ -1,7 +1,8 @@ -diff -up bind-9.9.4rc2/lib/dns/resolver.c.rh645544 bind-9.9.4rc2/lib/dns/resolver.c ---- bind-9.9.4rc2/lib/dns/resolver.c.rh645544 2013-08-19 10:30:52.000000000 +0200 -+++ bind-9.9.4rc2/lib/dns/resolver.c 2013-09-06 17:58:03.864165823 +0200 -@@ -1138,7 +1138,7 @@ log_edns(fetchctx_t *fctx) { +diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c +index ecb3ddb..f7f73cd 100644 +--- a/lib/dns/resolver.c ++++ b/lib/dns/resolver.c +@@ -1456,7 +1456,7 @@ log_edns(fetchctx_t *fctx) { */ dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED, @@ -10,7 +11,7 @@ diff -up bind-9.9.4rc2/lib/dns/resolver.c.rh645544 bind-9.9.4rc2/lib/dns/resolve "success resolving '%s' (in '%s'?) after %s", fctx->info, domainbuf, fctx->reason); -@@ -3804,7 +3804,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrin +@@ -4667,7 +4667,7 @@ log_lame(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo) { dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf)); isc_sockaddr_format(&addrinfo->sockaddr, addrbuf, sizeof(addrbuf)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_LAME_SERVERS, @@ -19,12 +20,12 @@ diff -up bind-9.9.4rc2/lib/dns/resolver.c.rh645544 bind-9.9.4rc2/lib/dns/resolve "lame server resolving '%s' (in '%s'?): %s", namebuf, domainbuf, addrbuf); } -@@ -3831,7 +3831,7 @@ log_formerr(fetchctx_t *fctx, const char - } +@@ -4685,7 +4685,7 @@ log_formerr(fetchctx_t *fctx, const char *format, ...) { + isc_sockaddr_format(&fctx->addrinfo->sockaddr, nsbuf, sizeof(nsbuf)); isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, - DNS_LOGMODULE_RESOLVER, ISC_LOG_NOTICE, + DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(1), - "DNS format error from %s resolving %s%s%s: %s", - nsbuf, fctx->info, clmsg, clbuf, msgbuf); + "DNS format error from %s resolving %s for %s: %s", + nsbuf, fctx->info, fctx->clientstr, msgbuf); } diff --git a/SOURCES/trusted-key.key b/SOURCES/trusted-key.key index df2fd0d..7b845f3 100644 --- a/SOURCES/trusted-key.key +++ b/SOURCES/trusted-key.key @@ -1,2 +1 @@ -. 3600 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= . 3600 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= diff --git a/SPECS/bind.spec b/SPECS/bind.spec index 47a1a06..2ba69ee 100644 --- a/SPECS/bind.spec +++ b/SPECS/bind.spec @@ -64,8 +64,8 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Name: bind License: MPLv2.0 -Version: 9.11.19 -Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Version: 9.11.20 +Release: 3%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ # @@ -160,9 +160,6 @@ Patch178:bind-9.11-dhcp-time-monotonic.patch Patch11: bind-9.3.2b2-sdbsrc.patch Patch12: bind-9.10-sdb.patch -# export lib patches -Patch135:bind-9.11-export-isc-config.patch - # needs inpection Patch17: bind-9.3.2b1-fix_sdb_ldap.patch Patch18: bind-9.11-zone2ldap.patch @@ -176,6 +173,7 @@ Requires(post): shadow-utils Requires(post): glibc-common Requires(post): grep Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires: bind-libs-lite%{?_isa} = %{epoch}:%{version}-%{release} Obsoletes: bind-config < 30:9.3.2-34.fc6 Provides: bind-config = 30:9.3.2-34.fc6 Obsoletes: caching-nameserver < 31:9.4.1-7.fc8 @@ -239,6 +237,8 @@ tools for verifying that the DNS server is operating properly. Summary: Bind with native PKCS#11 functionality for crypto Requires: systemd Requires: bind%{?_isa} = %{epoch}:%{version}-%{release} +Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires: bind-libs-lite%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind-pkcs11-libs%{?_isa} = %{epoch}:%{version}-%{release} Recommends: softhsm @@ -282,6 +282,7 @@ Summary: BIND server with database backends and DLZ support Requires: systemd Requires: bind%{?_isa} = %{epoch}:%{version}-%{release} Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires: bind-libs-lite%{?_isa} = %{epoch}:%{version}-%{release} %description sdb BIND (Berkeley Internet Name Domain) is an implementation of the DNS @@ -323,6 +324,7 @@ Contains license of the BIND DNS suite. %package utils Summary: Utilities for querying DNS name servers Requires: bind-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires: bind-libs-lite%{?_isa} = %{epoch}:%{version}-%{release} Requires: python3-bind = %{epoch}:%{version}-%{release} %description utils @@ -690,6 +692,8 @@ popd # build %systemtest_prepare_build build %if %{with EXPORT_LIBS} +cp isc-config.sh.1 isc-export-config.sh.1 + ## Create export libs ## mkdir -p export-libs pushd export-libs @@ -726,8 +730,12 @@ export LIBDIR_SUFFIX ## FIXME this should be in patch instead of SED'ing ## but do we really like/want to patch generated files? -sed -i -e \ -'/^SUBDIRS =/s/.*/SUBDIRS = make lib/i' \ +mv isc-config.sh isc-export-config.sh + +sed -i \ +-e '/^SUBDIRS =/s/.*/SUBDIRS = make lib/i' \ +-e 's/isc-config.sh/isc-export-config.sh/g' \ +-e 's/bind9-config/bind9-export-config/g' \ Makefile sed -i -e \ @@ -739,9 +747,9 @@ do find . -name Makefile -exec sed "s/lib${lib}\./lib${lib}-export\./g" -i {} \; sed -e "s/-l${lib}\([^[:alpha:]]\)/-l${lib}-export\1/g" \ -e "s/lib${lib}\./lib${lib}-export\./g" \ - -i isc-config.sh + -i isc-export-config.sh done; -%{__patch} -p2 -b --suffix .export-isc-config < %{PATCH135} + make %{?_smp_mflags} popd @@ -969,6 +977,7 @@ pushd ${RPM_BUILD_ROOT}%{_mandir}/man8 ln -s named.8.gz named-pkcs11.8.gz ln -s dnssec-checkds.8.gz dnssec-checkds-pkcs11.8.gz ln -s dnssec-dsfromkey.8.gz dnssec-dsfromkey-pkcs11.8.gz +ln -s dnssec-importkey.8.gz dnssec-importkey-pkcs11.8.gz ln -s dnssec-keyfromlabel.8.gz dnssec-keyfromlabel-pkcs11.8.gz ln -s dnssec-keygen.8.gz dnssec-keygen-pkcs11.8.gz ln -s dnssec-revoke.8.gz dnssec-revoke-pkcs11.8.gz @@ -1512,6 +1521,19 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Fri Jun 19 2020 Petr Menšík - 32:9.11.20-3 +- Add remaining require to bind package (#1633169) + +* Fri Jun 19 2020 Petr Menšík - 32:9.11.20-2 +- Add manual page for dnssec-importkey-pkcs11 (#1666785) +- Add versioned depends to all library subpackages + +* Wed Jun 17 2020 Petr Menšík - 32:9.11.20-1 +- Update to 9.11.20 + +* Mon Jun 08 2020 Petr Menšík - 32:9.11.19-2 +- Remove old KSK 19036 from remaining trusted-key.key + * Fri May 15 2020 Petr Menšík - 32:9.11.19-1 - Update to 9.11.19 (CVE-2020-8616, CVE-2020-8617)