rpms/bind/FC-6 bind-9.3.3-edns.patch, NONE, 1.1 bind.spec, 1.136, 1.137

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Nov 2 12:30:15 UTC 2006 

Author: stransky

Update of /cvs/dist/rpms/bind/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv29453

Modified Files:
	bind.spec 
Added Files:
	bind-9.3.3-edns.patch 
Log Message:
fix for #211282: EDNS is globally enabled, crashing CheckPoint FW-1

bind-9.3.3-edns.patch:
 bin/named/config.c         |    1 +
 bin/named/query.c          |    6 ++++++
 bin/named/server.c         |    5 +++++
 doc/misc/options           |    2 ++
 lib/dns/include/dns/view.h |    1 +
 lib/dns/view.c             |    1 +
 lib/isccfg/namedconf.c     |    1 +
 7 files changed, 17 insertions(+)

--- NEW FILE bind-9.3.3-edns.patch ---
--- bind-9.3.3rc2/doc/misc/options.edns	2005-05-13 04:43:27.000000000 +0200
+++ bind-9.3.3rc2/doc/misc/options	2006-11-02 13:00:25.000000000 +0100
@@ -83,6 +83,7 @@
         edns-udp-size <integer>;
         root-delegation-only [ exclude { <quoted_string>; ... } ];
         disable-algorithms <string> { <string>; ... };
+        edns-enable <boolean>;
         dnssec-enable <boolean>;
         dnssec-lookaside <string> trust-anchor <string>;
         dnssec-must-be-secure <string> <boolean>;
@@ -263,6 +264,7 @@
         edns-udp-size <integer>;
         root-delegation-only [ exclude { <quoted_string>; ... } ];
         disable-algorithms <string> { <string>; ... };
+        edns-enable <boolean>;
         dnssec-enable <boolean>;
         dnssec-lookaside <string> trust-anchor <string>;
         dnssec-must-be-secure <string> <boolean>;
--- bind-9.3.3rc2/lib/dns/view.c.edns	2004-03-10 03:55:58.000000000 +0100
+++ bind-9.3.3rc2/lib/dns/view.c	2006-11-02 12:47:07.000000000 +0100
@@ -156,6 +156,7 @@
 	view->additionalfromcache = ISC_TRUE;
 	view->additionalfromauth = ISC_TRUE;
 	view->enablednssec = ISC_TRUE;
+	view->enableedns = ISC_TRUE;
 	view->minimalresponses = ISC_FALSE;
 	view->transfer_format = dns_one_answer;
 	view->queryacl = NULL;
--- bind-9.3.3rc2/lib/dns/include/dns/view.h.edns	2004-03-10 03:55:58.000000000 +0100
+++ bind-9.3.3rc2/lib/dns/include/dns/view.h	2006-11-02 12:47:07.000000000 +0100
@@ -109,6 +109,7 @@
 	isc_boolean_t			additionalfromauth;
 	isc_boolean_t			minimalresponses;
 	isc_boolean_t			enablednssec;
+	isc_boolean_t			enableedns;
 	dns_transfer_format_t		transfer_format;
 	dns_acl_t *			queryacl;
 	dns_acl_t *			recursionacl;
--- bind-9.3.3rc2/lib/isccfg/namedconf.c.edns	2006-03-02 01:37:20.000000000 +0100
+++ bind-9.3.3rc2/lib/isccfg/namedconf.c	2006-11-02 12:47:07.000000000 +0100
@@ -726,6 +726,7 @@
 	{ "root-delegation-only",  &cfg_type_optional_exclude, 0 },
 	{ "disable-algorithms", &cfg_type_disablealgorithm,
 	  CFG_CLAUSEFLAG_MULTI },
+	{ "edns-enable", &cfg_type_boolean, 0 },
 	{ "dnssec-enable", &cfg_type_boolean, 0 },
 	{ "dnssec-lookaside", &cfg_type_lookaside, CFG_CLAUSEFLAG_MULTI },
 	{ "dnssec-must-be-secure",  &cfg_type_mustbesecure,
--- bind-9.3.3rc2/bin/named/server.c.edns	2006-11-02 12:47:07.000000000 +0100
+++ bind-9.3.3rc2/bin/named/server.c	2006-11-02 12:47:07.000000000 +0100
@@ -1181,6 +1181,11 @@
 	result = ns_config_get(maps, "provide-ixfr", &obj);
 	INSIST(result == ISC_R_SUCCESS);
 	view->provideixfr = cfg_obj_asboolean(obj);
+
+        obj = NULL;
+        (void)ns_config_get(maps, "edns-enable", &obj);
+        if (obj != NULL)
+		view->enableedns = cfg_obj_asboolean(obj);
 			
 	obj = NULL;
 	result = ns_config_get(maps, "dnssec-enable", &obj);
--- bind-9.3.3rc2/bin/named/query.c.edns	2006-08-31 05:57:11.000000000 +0200
+++ bind-9.3.3rc2/bin/named/query.c	2006-11-02 12:47:07.000000000 +0100
@@ -3558,6 +3558,12 @@
 	if (client->view->enablednssec)
 		message->flags |= DNS_MESSAGEFLAG_AD;
 
+        /*
+         * Disable edns if an user require it.
+         */
+        if (!client->view->enableedns)
+                client->query.fetchoptions |= DNS_FETCHOPT_NOEDNS0;
+
 	qclient = NULL;
 	ns_client_attach(client, &qclient);
 	query_find(qclient, NULL, qtype);
--- bind-9.3.3rc2/bin/named/config.c.edns	2006-02-28 07:32:53.000000000 +0100
+++ bind-9.3.3rc2/bin/named/config.c	2006-11-02 12:47:07.000000000 +0100
@@ -125,6 +125,7 @@
 	check-names master fail;\n\
 	check-names slave warn;\n\
 	check-names response ignore;\n\
+	edns-enable yes;\n\
 	dnssec-enable no; /* Make yes for 9.4. */ \n\
 "
 


Index: bind.spec
===================================================================
RCS file: /cvs/dist/rpms/bind/FC-6/bind.spec,v
retrieving revision 1.136
retrieving revision 1.137
diff -u -r1.136 -r1.137
--- bind.spec	30 Oct 2006 12:16:06 -0000	1.136
+++ bind.spec	2 Nov 2006 12:30:08 -0000	1.137
@@ -77,6 +77,7 @@
 Patch28: 	bind-9.3.3rc2-dbus-0.6.patch
 Patch32:	bind-9.3.2-prctl_set_dumpable.patch
 Patch51:	bind-9.3.2-tmpfile.patch
+Patch52:	bind-9.3.3-edns.patch
 #
 Requires:	bind-libs = %{epoch}:%{version}-%{release}, glibc  >= 2.2, mktemp
 Requires(post): bash, coreutils, sed, grep, chkconfig >= 1.3.26
@@ -289,6 +290,7 @@
 %endif
 %patch32 -p1 -b .prctl_set_dumpable
 %patch51 -p1 -b .tmp
+%patch52 -p1 -b .edns
 :;
 
 
@@ -779,8 +781,12 @@
 %changelog
 * Mon Oct 30 2006 Martin Stransky <stransky at redhat.com> - 30:9.3.3-6
 - fix for #200465: named-checkzone and co. cannot be run as non-root user
-- added fix for #212348: chroot'd named causes df permission denied error
-- added fix for #211249, #211083 - problems with stopping named
+- fix for #212348: chroot'd named causes df permission denied error
+- fix for #211249, #211083 - problems with stopping named
+- fix for #212549: init script does not unmount /proc filesystem
+- fix for #211282: EDNS is globally enabled, crashing CheckPoint FW-1,
+    added edns-enable options to named configuration file which can suppress
+    EDNS in queries to DNS servers (see /usr/share/doc/bind-9.3.3/misc/options)
 
 * Fri Oct 13 2006 Martin Stransky <stransky at redhat.com> - 30:9.3.3-5
 - fix for #209359: bind-libs from compatlayer CD will not

More information about the fedora-cvs-commits mailing list