diff options
| author | jvdias <jvdias@fedoraproject.org> | 2006-06-14 05:26:43 +0000 |
|---|---|---|
| committer | jvdias <jvdias@fedoraproject.org> | 2006-06-14 05:26:43 +0000 |
| commit | fc31cdddc1fc21bf418472a50a154854d0946809 (patch) | |
| tree | 3496c745ffe633b25f5855fb8e67811b1b32bd17 | |
| parent | 10f5fb7f7005e225d16f4876bdfe26a2fb8dab4e (diff) | |
| download | bind-fc31cdddc1fc21bf418472a50a154854d0946809.tar.gz bind-fc31cdddc1fc21bf418472a50a154854d0946809.tar.xz bind-fc31cdddc1fc21bf418472a50a154854d0946809.zip | |
fix bugs 191093, 189789; backport selected fixes from upstream v9_3_3b1 CVSbind-9_3_2-26_FC6
| -rw-r--r-- | bind-chroot-admin.in | 13 | ||||
| -rw-r--r-- | bind.spec | 70 | ||||
| -rw-r--r-- | named.conf.sample | 4 |
3 files changed, 80 insertions, 7 deletions
diff --git a/bind-chroot-admin.in b/bind-chroot-admin.in index 95e6eca..9395c6e 100644 --- a/bind-chroot-admin.in +++ b/bind-chroot-admin.in @@ -50,6 +50,15 @@ function rootdir() return 1; } +function selinux_enabled() +{ + [ -e /etc/selinux/config ] && . /etc/selinux/config; + if [ -n "$SELINUX" ] && [ "$SELINUX" != 'disabled' ] ; then + return 0; + fi; + return 1; +} + function check_dirs() { if [ -z "$BIND_CHROOT_PREFIX" ]; then @@ -89,7 +98,7 @@ function check_dirs() [ ! -e "${BIND_CHROOT_PREFIX}/etc/localtime" ] && [ -e /etc/localtime ] && /bin/cp -fp /etc/localtime "${BIND_CHROOT_PREFIX}/etc/localtime"; chown root:named "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero}; chmod 660 "${BIND_CHROOT_PREFIX}"/dev/{random,null,zero}; - if [ -d /selinux ] && [ -e /selinux/enforce ] && [ -x /usr/bin/chcon ]; then + if selinux_enabled && [ -x /usr/bin/chcon ]; then for dev in random zero null; do /usr/bin/chcon --reference=/dev/$dev ${BIND_CHROOT_PREFIX}/dev/$dev; done @@ -250,7 +259,7 @@ function sync_files() chmod 660 ${pfx}/var/named/{data/*,slaves/*} >/dev/null 2>&1; chmod 770 ${pfx}/var/named/{data/*/.,slaves/*/.} >/dev/null 2>&1; if [ -e $changed ]; then - if [ -e /selinux/enforce ] && [ -x /sbin/restorecon ]; then + if selinux_enabled && [ -x /sbin/restorecon ]; then /sbin/restorecon -R ${BIND_CHROOT_PREFIX}/etc ${BIND_CHROOT_PREFIX}/var/named ${BIND_CHROOT_PREFIX}/var/run/named >/dev/null 2>&1; if [ -e ${BIND_CHROOT_PREFIX}/etc/localtime ] && [ -e /etc/localtime ] ; then /usr/bin/chcon --reference=/etc/localtime ${BIND_CHROOT_PREFIX}/etc/localtime >/dev/null 2>&1; @@ -17,7 +17,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: BSD-like Version: 9.3.2 -Release: 24.FC6 +Release: 26.FC6 Epoch: 30 Url: http://www.isc.org/products/BIND/ Buildroot: %{_tmppath}/%{name}-root @@ -89,6 +89,24 @@ Patch29: bind-9.3.2-bz177854.patch Patch30: bind-9.3.2-bz187286_fix_host_cname.patch Patch31: bind-9.3.2-bz173961.patch Patch32: bind-9.3.2-prctl_set_dumpable.patch +Patch33: bind-9.3.2-ch2024_rt16027.patch +Patch34: bind-9.3.2-ch2013_rt15941.patch +Patch35: bind-9.3.2-ch2009_rt15808.patch +Patch36: bind-9.3.2-ch1997_rt15818.patch +Patch37: bind-9.3.2-ch1994_rt15694.patch +Patch38: bind-9.3.2-ch1991_rt15813.patch +Patch39: bind-9.3.2-9_3_3_validator.patch +Patch40: bind-9.3.2-9_3_3_resolver.patch +Patch41: bind-9.3.2-9_3_3_dns.patch +Patch42: bind-9.3.2-9_3_3_isc.patch +Patch43: bind-9.3.2-9_3_3_bind.patch +Patch44: bind-9.3.2-9_3_3_isccfg.patch +Patch45: bind-9.3.2-9_3_3_lwres.patch +Patch46: bind-9.3.2-9_3_3_named.patch +Patch47: bind-9.3.2-9_3_3_dig.patch +Patch48: bind-9.3.2-9_3_3_dnssec.patch +Patch49: bind-9.3.2-9_3_3_nsupdate.patch +Patch50: bind-9.3.2-9_3_3_tests.patch # Requires: bind-libs = %{epoch}:%{version}-%{release}, glibc >= 2.2 Requires(post): bash, coreutils, sed, grep, chkconfig >= 1.3.26 @@ -97,7 +115,7 @@ Requires(preun):chkconfig >= 1.3.26 %if %{selinux} Requires(post): policycoreutils %endif -BuildRequires: gcc, glibc-devel >= 2.2.5-26, glibc-kernheaders >= 2.4-7.10, openssl-devel, libtool, pkgconfig, tar +BuildRequires: gcc, glibc-devel >= 2.2.5-26, glibc-kernheaders >= 2.4-7.10, openssl-devel, libtool, autoconf, pkgconfig %if %{SDB} BuildRequires: openldap-devel, postgresql-devel %endif @@ -317,6 +335,24 @@ cp -fp contrib/sdb/pgsql/zonetodb.c bin/sdb_tools %patch30 -p1 -b .bz187286_fix_host_cname %patch31 -p1 -b .bz173961 %patch32 -p1 -b .prctl_set_dumpable +%patch33 -p1 -b .ch2024_rt16027 +%patch34 -p1 -b .ch2013_rt15941 +%patch35 -p1 -b .ch2009_rt15808 +%patch36 -p1 -b .ch1997_rt15818 +%patch37 -p1 -b .ch1994_rt15694 +%patch38 -p1 -b .ch1991_rt15813 +%patch39 -p1 -b .9_3_3_validator +%patch40 -p1 -b .9_3_3_resolver +%patch41 -p1 -b .9_3_3_dns +%patch42 -p1 -b .9_3_3_isc +%patch43 -p1 -b .9_3_3_bind +%patch44 -p1 -b .9_3_3_isccfg +%patch45 -p1 -b .9_3_3_lwres +%patch46 -p1 -b .9_3_3_named +%patch47 -p1 -b .9_3_3_dig +%patch48 -p1 -b .9_3_3_dnssec +%patch49 -p1 -b .9_3_3_nsupdate +%patch50 -p1 -b .9_3_3_tests # # this must follow all dbus patches: %if %{SDB} @@ -363,6 +399,7 @@ export LDFLAGS=-lefence %endif CFLAGS="$CFLAGS" \ ; +if [ -s openssl_config.h ]; then cat openssl_config.h >> config.h ; fi; make %{?_smp_mflags} @@ -503,7 +540,7 @@ exit 0 %dir /var/named/slaves %dir /var/named/data %dir /var/run/named -%defattr(0750,root,root,0750) +%defattr(0754,root,root,0750) %config /etc/rc.d/init.d/named %defattr(0640,root,named,0750) %config(noreplace) /etc/sysconfig/named @@ -806,6 +843,33 @@ rm -rf ${RPM_BUILD_ROOT} :; %changelog +* Wed Jun 14 2006 Jason Vas Dias <jvdias@redhat.com> - 30:9.3.2-26.FC6 +- fix bugs 191093, 189789 +- backport selected fixes from upstream bind9 'v9_3_3b1' CVS version: + ( see http://www.isc.org/sw/bind9.3.php "Fixes" ): + o change 2024 / bug 16027: + named emitted spurious "zone serial unchanged" messages on reload + o change 2013 / bug 15941: + handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully + o change 2009 / bug 15808: coverity fixes + o change 1997 / bug 15818: + named was failing to replace negative cache entries when a positive one + for the type was learnt + o change 1994 / bug 15694: OpenSSL 0.9.8 support + o change 1991 / bug 15813: + The configuration data, once read, should be treated as readonly. + o misc. validator fixes + o misc. resolver fixes + o misc. dns fixes + o misc. isc fixes + o misc. libbind fixes + o misc. isccfg fix + o misc. lwres fix + o misc. named fixes + o misc. dig fixes + o misc. nsupdate fix + o misc. tests fixes + * Wed Jun 7 2006 Jeremy Katz <katzj@redhat.com> - 30:9.3.2-24.FC6 - and actually put the devel symlinks in the right subpackage diff --git a/named.conf.sample b/named.conf.sample index 0f46fbd..c8d88bb 100644 --- a/named.conf.sample +++ b/named.conf.sample @@ -68,8 +68,8 @@ view "internal" /* This view will contain zones you want to serve only to "internal" clients that connect via your directly attached LAN interfaces - "localnets" . */ - match-clients { !localnets; !localhost; }; - match-destinations { !localnets; !localhost; }; + match-clients { localnets; }; + match-destinations { localnets; }; recursion yes; // all views must contain the root hints zone: include "/etc/named.root.hints"; |