summaryrefslogtreecommitdiffstats
path: root/source
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2023-11-07 19:57:12 +0000
committer Eric Hameleers <alien@slackware.com>2023-11-07 21:28:19 +0100
commit69753b9a1da83d78dab7943e3fcdb428ee74a254 (patch)
tree9c58cf752080a6715fe80639e22491bbb8be31d2 /source
parent16aecb6aa38eaab548b9aece32c6aa72f59e80b2 (diff)
downloadcurrent-69753b9a1da83d78dab7943e3fcdb428ee74a254.tar.gz
current-69753b9a1da83d78dab7943e3fcdb428ee74a254.tar.xz
Tue Nov 7 19:57:12 UTC 202320231107195712
ap/sudo-1.9.15-x86_64-1.txz: Upgraded. The sudoers plugin has been modified to make it more resilient to ROWHAMMER attacks on authentication and policy matching. The sudoers plugin now constructs the user time stamp file path name using the user-ID instead of the user name. This avoids a potential problem with user names that contain a path separator ('/') being interpreted as part of the path name. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-42465 https://www.cve.org/CVERecord?id=CVE-2023-42456 (* Security fix *) ap/vim-9.0.2092-x86_64-1.txz: Upgraded. l/libuv-1.47.0-x86_64-1.txz: Upgraded. l/xapian-core-1.4.24-x86_64-1.txz: Upgraded. n/bind-9.18.19-x86_64-2.txz: Rebuilt. Don't go automatically chowning files in /var/named, since some users may have special requirements. But in case anyone finds that behavior useful, you may set NAMED_CHOWN=YES in /etc/default/named to turn it back on. Unless anyone has a good objection to it, this change is considered pending for the next BIND upgrades in -stable. Thanks to Mig21. xap/vim-gvim-9.0.2092-x86_64-1.txz: Upgraded.
Diffstat (limited to '')
-rwxr-xr-xsource/n/bind/bind.SlackBuild20
-rw-r--r--source/n/bind/caching-example/named.ca92
-rw-r--r--source/n/bind/caching-example/named.root6
-rw-r--r--source/n/bind/default.named14
-rw-r--r--source/n/bind/rc.bind12
5 files changed, 127 insertions, 17 deletions
diff --git a/source/n/bind/bind.SlackBuild b/source/n/bind/bind.SlackBuild
index 856c86504..e32294b1f 100755
--- a/source/n/bind/bind.SlackBuild
+++ b/source/n/bind/bind.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2018, 2019, 2020, 2021 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2018, 2019, 2020, 2021, 2023 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=bind
VERSION=${VERSION:-$(echo ${PKGNAM}-[0-9]*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -163,13 +163,18 @@ fi
# Add sample config files for a simple caching nameserver:
mkdir -p $PKG/var/named/caching-example
-cat $CWD/caching-example/named.conf > $PKG/etc/named.conf.new
-cat $CWD/caching-example/localhost.zone > $PKG/var/named/caching-example/localhost.zone
-cat $CWD/caching-example/named.local > $PKG/var/named/caching-example/named.local
-cat $CWD/caching-example/named.root > $PKG/var/named/caching-example/named.root
+cp -a $CWD/caching-example/named.conf $PKG/etc/named.conf.new
+cp -a $CWD/caching-example/localhost.zone $PKG/var/named/caching-example/localhost.zone
+cp -a $CWD/caching-example/named.local $PKG/var/named/caching-example/named.local
+cp -a $CWD/caching-example/named.root $PKG/var/named/caching-example/named.root
# This name is deprecated, but having it here doesn't hurt in case
# an old configuration file wants it:
-cat $CWD/caching-example/named.root > $PKG/var/named/caching-example/named.ca
+cp -a $CWD/caching-example/named.root $PKG/var/named/caching-example/named.ca
+chown root:root $PKG/etc/named.conf.new
+chmod 644 $PKG/var/named/caching-example/*
+
+# Make sure that everything in /var/named is owned by named:named:
+chown -R named:named $PKG/var/named
mkdir -p $PKG/install
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
@@ -177,4 +182,3 @@ cat $CWD/slack-desc > $PKG/install/slack-desc
cd $PKG
/sbin/makepkg -l y -c n $TMP/${PKGNAM}-$(echo $VERSION | tr - _)-$ARCH-$BUILD.txz
-
diff --git a/source/n/bind/caching-example/named.ca b/source/n/bind/caching-example/named.ca
new file mode 100644
index 000000000..6db8239a2
--- /dev/null
+++ b/source/n/bind/caching-example/named.ca
@@ -0,0 +1,92 @@
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.cache
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: October 24, 2023
+; related version of root zone: 2023102402
+;
+; FORMERLY NS.INTERNIC.NET
+;
+. 3600000 NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201
+B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
+; End of file \ No newline at end of file
diff --git a/source/n/bind/caching-example/named.root b/source/n/bind/caching-example/named.root
index dba9ed9ea..6db8239a2 100644
--- a/source/n/bind/caching-example/named.root
+++ b/source/n/bind/caching-example/named.root
@@ -8,9 +8,9 @@
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
-;
-; last update: July 30, 2019
-; related version of root zone: 2019073000
+;
+; last update: October 24, 2023
+; related version of root zone: 2023102402
;
; FORMERLY NS.INTERNIC.NET
;
diff --git a/source/n/bind/default.named b/source/n/bind/default.named
index 50e18664b..5c59298df 100644
--- a/source/n/bind/default.named
+++ b/source/n/bind/default.named
@@ -1,7 +1,7 @@
# User to run named as:
NAMED_USER=named
-# Group to use for chowning named related files and directories.
+# Group to use for named related files and directories.
# By default, named will also run as the primary group of $NAMED_USER,
# which will usually be the same as what's listed below, but not
# necessarily if something other than the default of "named" is used.
@@ -10,3 +10,15 @@ NAMED_GROUP=named
# Options to run named with. At least -u $NAMED_USER is required, but
# additional options may be added if needed.
NAMED_OPTIONS="-u $NAMED_USER"
+
+# If this is set to YES, then before starting named the startup script
+# will make sure that /etc/rndc.key (if it exists) and the enitre contents
+# of /var/named are chowned to $NAMED_USER:$NAMED_GROUP. If some of these
+# files are improperly owned, named will refuse to start or may now work
+# properly. This is also a useful setting when upgrading from an older BIND
+# package that would run as root.
+#
+# If NAMED_CHOWN is set to anything else (or is unset), then these files
+# will not be chowned automatically and the admin will handle any required
+# file ownerships.
+NAMED_CHOWN=NO
diff --git a/source/n/bind/rc.bind b/source/n/bind/rc.bind
index 169db8126..1b0b4d6fb 100644
--- a/source/n/bind/rc.bind
+++ b/source/n/bind/rc.bind
@@ -42,11 +42,13 @@ bind_start() {
mkdir -p /var/run/named
# Make sure that /var/run/named has correct ownership:
chown -R ${NAMED_USER}:${NAMED_GROUP} /var/run/named
- # Make sure that /var/named has correct ownership:
- chown -R ${NAMED_USER}:${NAMED_GROUP} /var/named
- if [ -r /etc/rndc.key ]; then
- # Make sure that /etc/rndc.key has correct ownership:
- chown ${NAMED_USER}:${NAMED_GROUP} /etc/rndc.key
+ if [ "$NAMED_CHOWN" = "YES" ]; then
+ # Make sure that /var/named has correct ownership:
+ chown -R ${NAMED_USER}:${NAMED_GROUP} /var/named
+ if [ -r /etc/rndc.key ]; then
+ # Make sure that /etc/rndc.key has correct ownership:
+ chown ${NAMED_USER}:${NAMED_GROUP} /etc/rndc.key
+ fi
fi
# Start named:
if [ -x /usr/sbin/named ]; then