From 66802105fa628770a93da9bc11f070900b75ae51 Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Jul 31 2008 14:41:57 +0000 Subject: - IP acls weren't merged correctly (#457175) --- diff --git a/bind.spec b/bind.spec index a7e6992..d06caae 100644 --- a/bind.spec +++ b/bind.spec @@ -3,6 +3,7 @@ # %define PATCHVER P1 +%define _default_patch_fuzz 2 %{?!SDB: %define SDB 1} %{?!LIBBIND: %define LIBBIND 1} @@ -18,7 +19,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.5.0 -Release: 34.%{PATCHVER}%{?dist} +Release: 34.1.%{PATCHVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -60,6 +61,7 @@ Patch87: bind-9.5-parallel-build.patch Patch91: bind-9.5-recv-race.patch Patch92: bind-9.5-edns.patch Patch93: bind95-rh450995.patch +Patch94: bind95-rh457175.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -177,7 +179,7 @@ Based on the code from Jan "Yenya" Kasprzak %setup -q -n %{name}-%{version}-%{PATCHVER} # Common patches -%patch -p1 -b .varrun +%patch0 -p1 -b .varrun %patch1 -p1 -b .key %patch5 -p1 -b .nonexec %patch10 -p1 -b .PIE @@ -241,6 +243,8 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named %patch91 -p1 -b .recv-race %patch92 -p1 -b .edns %patch93 -p1 -b .rh450995 +%patch94 -p1 -b .rh457175 + # Sparc and s390 arches need to use -fPIE %ifarch sparcv9 sparc64 s390 s390x for i in bin/named-sdb/unix/Makefile.in bin/named-sdb/Makefile.in bin/named/unix/Makefile.in bin/named/Makefile.in; do @@ -275,6 +279,7 @@ fi --enable-threads \ --enable-ipv6 \ --with-pic \ + --disable-static \ --disable-openssl-version-check \ %if %{LIBBIND} --enable-libbind \ @@ -292,8 +297,7 @@ fi %endif ; if [ -s openssl_config.h ]; then cat openssl_config.h >> config.h ; fi; -make -j8 -#%{?_smp_mflags} +make %{?_smp_mflags} %install rm -rf ${RPM_BUILD_ROOT} @@ -402,7 +406,7 @@ for f in my.internal.zone.db slaves/my.slave.internal.zone.db slaves/my.ddns.int echo '@ in soa localhost. root 1 3H 15M 1W 1D ns localhost.' > sample/var/named/$f; done -/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.266 2008/07/18 21:33:29 ausil Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ +/usr/bin/tail -n '+'`/bin/egrep -n '\\$Id: bind.spec,v 1.267 2008/07/31 14:41:55 atkac Exp $/+1/' | bc` bin/rndc/rndc.conf | sed '/Sample rndc configuration file./{p;i\ *\ * NOTE: you only need to create this file if it is to\ * differ from the following default contents: @@ -653,6 +657,9 @@ rm -rf ${RPM_BUILD_ROOT} %{_sbindir}/bind-chroot-admin %changelog +* Thu Jul 31 2008 Adam Tkac 32:9.5.0-34.1.P1 +- IP acls weren't merged correctly (#457175) + * Fri Jul 18 2008 Dennis Gilmore 32:9.5.0-34.P1 - use fPIE on sparcv9/sparc64 - add sparc64 to list of 64bit arches in spec diff --git a/bind95-rh457175.patch b/bind95-rh457175.patch new file mode 100644 index 0000000..2ecd01e --- /dev/null +++ b/bind95-rh457175.patch @@ -0,0 +1,25 @@ +diff -up bind-9.5.0-P1/lib/dns/iptable.c.rh457175 bind-9.5.0-P1/lib/dns/iptable.c +--- bind-9.5.0-P1/lib/dns/iptable.c.rh457175 2008-01-21 22:02:24.000000000 +0100 ++++ bind-9.5.0-P1/lib/dns/iptable.c 2008-07-31 16:10:46.000000000 +0200 +@@ -117,16 +117,17 @@ dns_iptable_merge(dns_iptable_t *tab, dn + if (node->data[0] && + *(isc_boolean_t *) node->data[0] == ISC_TRUE) + new_node->data[0] = &dns_iptable_neg; +- else +- new_node->data[0] = node->data[0]; + + if (node->data[1] && + *(isc_boolean_t *) node->data[1] == ISC_TRUE) + new_node->data[1] = &dns_iptable_neg; +- else +- new_node->data[1] = node->data[0]; + } + ++ if (new_node->data[0] == NULL) ++ new_node->data[0] = node->data[0]; ++ if (new_node->data[1] == NULL) ++ new_node->data[1] = node->data[1]; ++ + if (node->node_num[0] > max_node) + max_node = node->node_num[0]; + if (node->node_num[1] > max_node)