diff options
| author | Adam Tkac <atkac@fedoraproject.org> | 2008-07-31 14:40:05 +0000 |
|---|---|---|
| committer | Adam Tkac <atkac@fedoraproject.org> | 2008-07-31 14:40:05 +0000 |
| commit | c73a48ceb05bec2e512f566be7fef7025a27aa30 (patch) | |
| tree | b5e31ae2661e7fc5adb84024611b9102e8c8fcde | |
| parent | 53ae61452e4cd0f0051396b0b0e442b5af8a9cda (diff) | |
- IP acls weren't merged correctly (#457175)
| -rw-r--r-- | bind.spec | 13 | ||||
| -rw-r--r-- | bind95-rh457175.patch | 25 |
2 files changed, 35 insertions, 3 deletions
@@ -3,6 +3,7 @@ # %define PATCHVER P1 +%define _default_patch_fuzz 2 %{?!SDB: %define SDB 1} %{?!LIBBIND: %define LIBBIND 1} @@ -20,7 +21,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.5.0 -Release: 28.%{PATCHVER}%{?dist} +Release: 28.1.%{PATCHVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -62,6 +63,7 @@ Patch72: bind-9.5-dlz-64bit.patch Patch80: bind-9.5-edns.patch Patch88: bind-9.5-recv-race.patch Patch89: bind95-rh450995.patch +Patch90: bind95-rh457175.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -187,7 +189,7 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz> %setup -q -n %{name}-%{version}-%{PATCHVER} # Common patches -%patch -p1 -b .varrun +%patch0 -p1 -b .varrun %patch1 -p1 -b .key %patch5 -p1 -b .nonexec %patch6 -p1 -b .nsl @@ -251,6 +253,7 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named %patch85 -p1 -b .libidn3 %patch88 -p1 -b .recv-race %patch89 -p1 -b .rh450995 +%patch90 -p1 -b .rh457175 :; @@ -280,6 +283,7 @@ export LDFLAGS=-lefence --enable-threads \ --enable-ipv6 \ --with-pic \ + --disable-static \ %if %{LIBBIND} --enable-libbind \ %endif @@ -407,7 +411,7 @@ for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.int echo '@ in soa localhost. root 1 3H 15M 1W 1D ns localhost.' > sample/var/named/$f; done -/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.248 2008/07/08 22:14:21 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ +/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.249 2008/07/31 14:40:05 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ *\ * NOTE: you only need to create this file if it is to\ * differ from the following default contents: @@ -666,6 +670,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_sbindir}/bind-chroot-admin %changelog +* Thu Jul 31 2008 Adam Tkac <atkac redhat com> 32:9.5.0-28.1.P1 +- IP acls weren't merged correctly (#457175) + * Tue Jul 08 2008 Adam Tkac <atkac redhat com> 32:9.5.0-28.P1 - 9.5.0-P1 release (CVE-2008-1447) diff --git a/bind95-rh457175.patch b/bind95-rh457175.patch new file mode 100644 index 0000000..2ecd01e --- /dev/null +++ b/bind95-rh457175.patch @@ -0,0 +1,25 @@ +diff -up bind-9.5.0-P1/lib/dns/iptable.c.rh457175 bind-9.5.0-P1/lib/dns/iptable.c +--- bind-9.5.0-P1/lib/dns/iptable.c.rh457175 2008-01-21 22:02:24.000000000 +0100 ++++ bind-9.5.0-P1/lib/dns/iptable.c 2008-07-31 16:10:46.000000000 +0200 +@@ -117,16 +117,17 @@ dns_iptable_merge(dns_iptable_t *tab, dn + if (node->data[0] && + *(isc_boolean_t *) node->data[0] == ISC_TRUE) + new_node->data[0] = &dns_iptable_neg; +- else +- new_node->data[0] = node->data[0]; + + if (node->data[1] && + *(isc_boolean_t *) node->data[1] == ISC_TRUE) + new_node->data[1] = &dns_iptable_neg; +- else +- new_node->data[1] = node->data[0]; + } + ++ if (new_node->data[0] == NULL) ++ new_node->data[0] = node->data[0]; ++ if (new_node->data[1] == NULL) ++ new_node->data[1] = node->data[1]; ++ + if (node->node_num[0] > max_node) + max_node = node->node_num[0]; + if (node->node_num[1] > max_node) |