[gentoo-dev] Bind 8.2.3

[gentoo-dev] Bind 8.2.3

[Jerry A!]

[-- Attachment #1: Type: text/plain, Size: 806 bytes --]

Due to the announced security expliots in bind, I upgraded the v9
package in the CVS tree to 9.1.0.  I planned on upgrading the v8 package
to 8.2.3.  However, I wasn't able to get it to compile on my system.
I'm not suprised because more than likely I've gotten it dirty with all
the stuff I've been working on lately.

Anyway, I'm hoping that some soul out there will be kind enough to test
out the ebuild I'm attaching and let me know if it does or doesn't work
for them.  Oh, and please let me know the results.  8)

Thanks in advance...

        --Jerry

name:  Jerry Alexandratos         ||  Open-Source software isn't a
phone: 703.599.6023               ||  matter of life or death...
email: jerry@thehutt.org          ||  ...It's much more important
                                  ||  than that!

[-- Attachment #2: bind-8.2.3.ebuild --]
[-- Type: text/plain, Size: 2420 bytes --]

# Copyright 1999-2000 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License, v2 or later
# Author Daniel Robbins <drobbins@gentoo.org>
# $Header: /home/cvsroot/gentoo-x86/net-misc/bind/bind-8.2.2.7-r1.ebuild,v 1.2 2000/11/17 03:05:48 achim Exp $

A="bind-src.tar.gz bind-doc.tar.gz"
S=${WORKDIR}/src
DESCRIPTION="Name Server"
SRC_URI="ftp://ftp.isc.org/isc/bind/src/8.2.3/bind-src.tar.gz
         ftp://ftp.isc.org/isc/bind/src/8.2.3/bind-doc.tar.gz"
HOMEPAGE="http://www.isc.org/products/BIND"

DEPEND=">=sys-apps/bash-2.04
        >=sys-libs/glibc-2.1.3"


src_unpack() {
    unpack ${A}

    cd ${S}/port/linux
    cp Makefile.set Makefile.set.orig
    sed -e "s:CDEBUG=-O -g:CDEBUG=${CFLAGS}:" Makefile.set.orig > Makefile.set
}

src_compile() {
    cd ${S}
    try make depend
    try make
}

src_install() {
	into /usr
	for x in addr dig dnsquery host mkservdb nslookup nsupdate
	do
		dobin bin/${x}/${x}
	done	

	for x in dnskeygen irpd named named-bootconf named-xfer ndc
	do
		dosbin bin/${x}/${x}
	done

	dodoc CHANGES DNSSEC SUPPORT README LICENSE* TODO 
	docinto conf
	dodoc conf/README	
	docinto conf/recursive
	dodoc conf/recursive/* 
	docinto conf/recursive/pri
	dodoc conf/recursive/pri/* 
	docinto conf/workstation
	dodoc conf/workstation/* 
	docinto conf/workstation/pri
	dodoc conf/workstation/pri/* 
	dodir /etc/rc.d/init.d
	cp ${O}/files/named ${D}/etc/rc.d/init.d
	cp ${O}/files/named.conf ${D}/usr/doc/${PF}/conf/workstation/named.conf.gentoolinux
	dodir /etc/bind
	dodir /var/bind

    cd ${WORKDIR}/doc/html
    docinto html
    dodoc *

    cd ${WORKDIR}/doc/man
    for i in *.1 *.3 *.5 *.7 *.8
    do
        doman $i
    done
}

pkg_config() {
    . ${ROOT}/etc/rc.d/config/functions

    if [ -e ${ROOT}/etc/bind/named.conf ]; then
	echo "You already have a named.conf in ${ROOT}/etc/bind/named.conf, not creating one."
    else
	install -m0644 ${ROOT}/usr/doc/${PF}/conf/workstation/named.conf.gentoolinux ${ROOT}/etc/bind/named.conf
	mkdir ${ROOT}/var/bind/pri
	gzip -d ${ROOT}/usr/doc/${PF}/conf/workstation/root.cache.gz
	gzip -d ${ROOT}/usr/doc/${PF}/conf/workstation/pri/*.gz
	install -m0644 ${ROOT}/usr/doc/${PF}/conf/workstation/root.cache ${ROOT}/var/bind/root.cache
	install -m0644 ${ROOT}/usr/doc/${PF}/conf/workstation/pri/* ${ROOT}/var/bind/pri/
    fi
    echo; 

    ${ROOT}/usr/sbin/rc-update add named 
    echo; einfo "BIND enabled."
}

Re: [gentoo-dev] Bind 8.2.3

[Achim Gottinger]

"Jerry A!" wrote:

> Due to the announced security expliots in bind, I upgraded the v9
> package in the CVS tree to 9.1.0.  I planned on upgrading the v8 package
> to 8.2.3.  However, I wasn't able to get it to compile on my system.
> I'm not suprised because more than likely I've gotten it dirty with all
> the stuff I've been working on lately.
>

This is a glibc-2.2 related problem which we did not fix yet.
If someone really need bind 8 we can look deeper into it.

achim~

>
> Anyway, I'm hoping that some soul out there will be kind enough to test
> out the ebuild I'm attaching and let me know if it does or doesn't work
> for them.  Oh, and please let me know the results.  8)
>
> Thanks in advance...
>
>         --Jerry
>
> name:  Jerry Alexandratos         ||  Open-Source software isn't a
> phone: 703.599.6023               ||  matter of life or death...
> email: jerry@thehutt.org          ||  ...It's much more important
>                                   ||  than that!
>
>   ------------------------------------------------------------------------
>
>    bind-8.2.3.ebuildName: bind-8.2.3.ebuild
>                     Type: Plain Text (text/plain)

Re: [gentoo-dev] Bind 8.2.3

[Jerry A!]

On Thu, Feb 15, 2001 at 02:51:46PM +0100, Achim Gottinger wrote:
: "Jerry A!" wrote:
: 
: > Due to the announced security expliots in bind, I upgraded the v9
: > package in the CVS tree to 9.1.0.  I planned on upgrading the v8 package
: > to 8.2.3.  However, I wasn't able to get it to compile on my system.
: > I'm not suprised because more than likely I've gotten it dirty with all
: > the stuff I've been working on lately.
: >
: 
: This is a glibc-2.2 related problem which we did not fix yet.
: If someone really need bind 8 we can look deeper into it.

Well, I'm hoping that we can fix it.  I'd prefer to pull the insecure
versions out of the tree.  Hate for us to be the distro that ships
software w/known security holes.  8)

        --Jerry

name:  Jerry Alexandratos         ||  Open-Source software isn't a
phone: 703.599.6023               ||  matter of life or death...
email: jerry@thehutt.org          ||  ...It's much more important
                                  ||  than that!

Re: [gentoo-dev] Bind 8.2.3

[Achim Gottinger]

"Jerry A!" wrote:

> On Thu, Feb 15, 2001 at 02:51:46PM +0100, Achim Gottinger wrote:
> : "Jerry A!" wrote:
> :
> : > Due to the announced security expliots in bind, I upgraded the v9
> : > package in the CVS tree to 9.1.0.  I planned on upgrading the v8 package
> : > to 8.2.3.  However, I wasn't able to get it to compile on my system.
> : > I'm not suprised because more than likely I've gotten it dirty with all
> : > the stuff I've been working on lately.
> : >
> :
> : This is a glibc-2.2 related problem which we did not fix yet.
> : If someone really need bind 8 we can look deeper into it.
>
> Well, I'm hoping that we can fix it.  I'd prefer to pull the insecure
> versions out of the tree.  Hate for us to be the distro that ships
> software w/known security holes.  8)

We are still in a pre-productive phase right now, which should not mean we are
the most insecure distro on
planet earth. :-)
No version of bind 8 compiles on our current system (shame on us but no
security problems with 8 for us).
Is 9.1 really that much insecure? I took a look at the isc homepage and did not
find any security warnings for 9.1
but for 8.2.
I will take a closer look at bind 8.2.3 now. But I have already spend some
hours on it without succes during
the glibc-2.2 move.

achim~

>
>
>         --Jerry
>
> name:  Jerry Alexandratos         ||  Open-Source software isn't a
> phone: 703.599.6023               ||  matter of life or death...
> email: jerry@thehutt.org          ||  ...It's much more important
>                                   ||  than that!
>
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://www.gentoo.org/mailman/listinfo/gentoo-dev

Re: [gentoo-dev] Bind 8.2.3

[Jerry A!]

On Thu, Feb 15, 2001 at 03:22:36PM +0100, Achim Gottinger wrote:
: "Jerry A!" wrote:
: 
: > Well, I'm hoping that we can fix it.  I'd prefer to pull the insecure
: > versions out of the tree.  Hate for us to be the distro that ships
: > software w/known security holes.  8)
: 
: We are still in a pre-productive phase right now, which should not mean we are
: the most insecure distro on
: planet earth. :-)
: No version of bind 8 compiles on our current system (shame on us but no
: security problems with 8 for us).
: Is 9.1 really that much insecure? I took a look at the isc homepage and did not
: find any security warnings for 9.1
: but for 8.2.
: I will take a closer look at bind 8.2.3 now. But I have already spend some
: hours on it without succes during
: the glibc-2.2 move.

I'm sorry, I didn't make myself clear.  9.1 is secure, that's why I put
it in the tree.  However, looking at net-misc/bind, all the insecure
versions are still there.  I would like to move them to the Attic on the
CVS tree.

Now, I know that some people still have a preference for bind8 which is
why I was hoping that we could have a secure version of bind8 in the
tree as well.

Achim, if it doesn't work, it doesn't work.  I just wanted a second
opinion and to make sure that it wasn't just me having problems with
bind8.

        --Jerry

name:  Jerry Alexandratos         ||  Open-Source software isn't a
phone: 703.599.6023               ||  matter of life or death...
email: jerry@thehutt.org          ||  ...It's much more important
                                  ||  than that!

Re: [gentoo-dev] Bind 8.2.3

[Achim Gottinger]

"Jerry A!" wrote:

> On Thu, Feb 15, 2001 at 03:22:36PM +0100, Achim Gottinger wrote:
> : "Jerry A!" wrote:
> :
> : > Well, I'm hoping that we can fix it.  I'd prefer to pull the insecure
> : > versions out of the tree.  Hate for us to be the distro that ships
> : > software w/known security holes.  8)
> :
> : We are still in a pre-productive phase right now, which should not mean we are
> : the most insecure distro on
> : planet earth. :-)
> : No version of bind 8 compiles on our current system (shame on us but no
> : security problems with 8 for us).
> : Is 9.1 really that much insecure? I took a look at the isc homepage and did not
> : find any security warnings for 9.1
> : but for 8.2.
> : I will take a closer look at bind 8.2.3 now. But I have already spend some
> : hours on it without succes during
> : the glibc-2.2 move.
>
> I'm sorry, I didn't make myself clear.  9.1 is secure, that's why I put
> it in the tree.  However, looking at net-misc/bind, all the insecure
> versions are still there.  I would like to move them to the Attic on the
> CVS tree.
>

Ok this can be done.

>
> Now, I know that some people still have a preference for bind8 which is
> why I was hoping that we could have a secure version of bind8 in the
> tree as well.

I think I got it a working package is in the cvs tree.

achim~

>
>
> Achim, if it doesn't work, it doesn't work.  I just wanted a second
> opinion and to make sure that it wasn't just me having problems with
> bind8.
>
>         --Jerry
>
> name:  Jerry Alexandratos         ||  Open-Source software isn't a
> phone: 703.599.6023               ||  matter of life or death...
> email: jerry@thehutt.org          ||  ...It's much more important
>                                   ||  than that!
>
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://www.gentoo.org/mailman/listinfo/gentoo-dev

Re: [gentoo-dev] Bind 8.2.3

[Jerry A!]

On Thu, Feb 15, 2001 at 05:16:46PM +0100, Achim Gottinger wrote:
: "Jerry A!" wrote:
: >
: > Now, I know that some people still have a preference for bind8 which is
: > why I was hoping that we could have a secure version of bind8 in the
: > tree as well.
: 
: I think I got it a working package is in the cvs tree.

If you commit it to the tree, can you please take a look at the package
I sent to the list last night.  I added a section to also build and
install the docs.  Can you cut-and-paste that section into your .ebuild?

        --Jerry

name:  Jerry Alexandratos         ||  Open-Source software isn't a
phone: 703.599.6023               ||  matter of life or death...
email: jerry@thehutt.org          ||  ...It's much more important
                                  ||  than that!

Re: [gentoo-dev] Bind 8.2.3

[Achim Gottinger]

"Jerry A!" wrote:

> On Thu, Feb 15, 2001 at 05:16:46PM +0100, Achim Gottinger wrote:
> : "Jerry A!" wrote:
> : >
> : > Now, I know that some people still have a preference for bind8 which is
> : > why I was hoping that we could have a secure version of bind8 in the
> : > tree as well.
> :
> : I think I got it a working package is in the cvs tree.
>
> If you commit it to the tree, can you please take a look at the package
> I sent to the list last night.  I added a section to also build and
> install the docs.  Can you cut-and-paste that section into your .ebuild?
>

I used your package for the one which is now in the tree.
Can you test if it compiles and installs correct on your machine?

achim~

>
>         --Jerry
>
> name:  Jerry Alexandratos         ||  Open-Source software isn't a
> phone: 703.599.6023               ||  matter of life or death...
> email: jerry@thehutt.org          ||  ...It's much more important
>                                   ||  than that!
>
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://www.gentoo.org/mailman/listinfo/gentoo-dev

Re: [gentoo-dev] Bind 8.2.3

[Jerry A!]

On Thu, Feb 15, 2001 at 05:39:41PM +0100, Achim Gottinger wrote:
: "Jerry A!" wrote:
: 
: > On Thu, Feb 15, 2001 at 05:16:46PM +0100, Achim Gottinger wrote:
: > : "Jerry A!" wrote:
: > : >
: > : > Now, I know that some people still have a preference for bind8 which is
: > : > why I was hoping that we could have a secure version of bind8 in the
: > : > tree as well.
: > :
: > : I think I got it a working package is in the cvs tree.
: >
: > If you commit it to the tree, can you please take a look at the package
: > I sent to the list last night.  I added a section to also build and
: > install the docs.  Can you cut-and-paste that section into your .ebuild?
: >
: 
: I used your package for the one which is now in the tree.
: Can you test if it compiles and installs correct on your machine?

I'm updating my CVS repository as we speak.  Thanks...

        --Jerry

name:  Jerry Alexandratos         ||  Open-Source software isn't a
phone: 703.599.6023               ||  matter of life or death...
email: jerry@thehutt.org          ||  ...It's much more important
                                  ||  than that!

Re: [gentoo-dev] Bind 8.2.3

[Jerry A!]

On Thu, Feb 15, 2001 at 12:12:53PM -0500, Jerry A! wrote:
: On Thu, Feb 15, 2001 at 05:39:41PM +0100, Achim Gottinger wrote:
: : 
: : I used your package for the one which is now in the tree.
: : Can you test if it compiles and installs correct on your machine?
: 
: I'm updating my CVS repository as we speak.  Thanks...

Works like a champ.  If you don't mind, I'll go ahead and move the old
digest files and 9.0.1-r1 to the Attic.

        --Jerry

name:  Jerry Alexandratos         ||  Open-Source software isn't a
phone: 703.599.6023               ||  matter of life or death...
email: jerry@thehutt.org          ||  ...It's much more important
                                  ||  than that!

Re: [gentoo-dev] Bind 8.2.3

[Achim Gottinger]

"Jerry A!" wrote:

> On Thu, Feb 15, 2001 at 12:12:53PM -0500, Jerry A! wrote:
> : On Thu, Feb 15, 2001 at 05:39:41PM +0100, Achim Gottinger wrote:
> : :
> : : I used your package for the one which is now in the tree.
> : : Can you test if it compiles and installs correct on your machine?
> :
> : I'm updating my CVS repository as we speak.  Thanks...
>
> Works like a champ.  If you don't mind, I'll go ahead and move the old
> digest files and 9.0.1-r1 to the Attic.
>

Fine do that.

achim~

>
>         --Jerry
>
> name:  Jerry Alexandratos         ||  Open-Source software isn't a
> phone: 703.599.6023               ||  matter of life or death...
> email: jerry@thehutt.org          ||  ...It's much more important
>                                   ||  than that!
>
> _______________________________________________
> gentoo-dev mailing list
> gentoo-dev@gentoo.org
> http://www.gentoo.org/mailman/listinfo/gentoo-dev