--- rpms/djbdns/sme9/djbdns.spec	2013/02/06 22:00:55	1.1
+++ rpms/djbdns/sme9/djbdns.spec	2017/07/12 04:56:19	1.2
@@ -1,15 +1,15 @@
-# $Id: djbdns.spec,v 1.5 2008/04/09 13:51:47 slords Exp $
+# $Id: djbdns.spec,v 1.1 2013/02/06 22:00:55 slords Exp $
 
 #
 # RPM spec file for Dan Bernstein's djbdns package
 #
-# $Id: djbdns.spec,v 1.5 2008/04/09 13:51:47 slords Exp $
+# $Id: djbdns.spec,v 1.1 2013/02/06 22:00:55 slords Exp $
 #
 Summary: collection of Domain Name System tools
 %define name djbdns
 Name: %{name}
 %define version 1.05
-%define release 8
+%define release 9
 Version: %{version}
 Release: %{release}%{?dist}
 License: Public Domain
@@ -18,9 +18,32 @@ Source: http://cr.yp.to/%{name}/%{name}-
 URL: http://cr.yp.to/%{name}.html
 Patch0: %{name}-%{version}.patch.2001022000
 Patch1: dns_transmit-bug.patch
-Patch2: http://homepages.tesco.net./~J.deBoynePollard/Softwares/djbdns/dnscache-cname-handling.patch
+#Patch2: http://homepages.tesco.net./~J.deBoynePollard/Softwares/djbdns/dnscache-cname-handling.patch
 Patch3: http://homepages.tesco.net./~J.deBoynePollard/Softwares/djbdns/dnscache-strict-forwardonly.patch
-Patch4: http://homepages.tesco.net./~J.deBoynePollard/Softwares/djbdns/tinydns-alias-chain-truncation.patch
+#Patch4: http://homepages.tesco.net./~J.deBoynePollard/Softwares/djbdns/tinydns-alias-chain-truncation.patch
+
+# patch from openwrt
+Patch20: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/020-dnsroots-update.patch
+Patch30: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/030-srv-records-and-axfrget.patch
+Patch50: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/050-tinydns-mmap-leak.patch
+Patch60: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/060-dnscache-big-udp-packets.patch 
+Patch70: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/070-dnscache-dpos-tcp-servfail.patch
+Patch80: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/080-dnscache-cache-negatives.patch
+Patch90: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/090-tinydns-one-second.patch 
+Patch120: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/120-compiler-temporary-filename.patch 
+Patch200: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/200-dnscache-cname-handling.patch
+Patch210: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/210-dnscache-strict-forwardonly.patch
+Patch230: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/230-tinydns-data-semantic-error.patch 
+Patch240: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/240-tinydns-alias-chain-truncation.patch
+Patch270: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/270-dnscache-sigpipe-fix.patch
+Patch300: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/300-bugfix-dnscache-dempsky-poison.patch 
+Patch310: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/310-bugfix-dnscache-merge-outgoing-requests.patch 
+Patch320: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/320-bugfix-dnscache-cache-soa-records.patch
+Patch330: https://dev.openwrt.org/raw-attachment/ticket/5881/330-fix-dnscache-cname-handling.patch
+
+Patch450: 450-dnscache-ghost-domain-CVE-2012-1191.patch
+Patch500: 500-cutom-dnscache-maxloop.patch
+
 BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
 Provides: djbdns
 AutoReqProv: no
@@ -59,6 +82,34 @@ djbdns was written by Daniel J Bernstein
 domain on Dec 28, 2007.
 
 %changelog
+* Tue Jul 11 2017 Jean-Philipe Pialasse <tests@pialasse.com> 1.05-9.sme
+-- backport SME10 fixes [SME: 10381]
+--import patches from openwrt and rename already applied patches
+--fix security issues [SME: 10374]
+- 020-dnsroots-update.patch: update list of root DNS servers
+- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch
+- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch
+- 270-dnscache-sigpipe-fix.patch: SIGPIPE
+- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
+- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
+- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
+- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2
+--bug fixes [SME: 10374]
+- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets
+- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records
+- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch
+--fix issue with short ttl cname like akamaid [SME: 8362]
+- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch
+- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
+- 500-cutom-dnscache-maxloop.patch: set max loop to 200
+--needed for previous patches to apply cleanly
+- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch)
+- 080-dnscache-cache-negatives.patch: rfc2308 ? (for 200-*.patch)
+- 090-tinydns-one-second.patch: improve tinydns with 8 or more  concurent connections (for 240-*.patch)
+- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)
+--not backported from SME10 branch
+- 050-tinydns-mmap-leak.patch: report cdb leak
+
 * Mon Mar 24 2008 Shad L. Lords <slords@mail.com> 1.05-8
 - Comment out contentious patches for now [SME: 3826] [SME: 3824]
 
@@ -107,10 +158,26 @@ domain on Dec 28, 2007.
 mkdir -p ./root/usr
 mkdir -p ./root/etc
 
-%patch1 -p1
-#%patch2 -p1
-%patch3 -p1
-#%patch4 -p1
+%patch20 -p1
+%patch30 -p1
+%patch60 -p1
+%patch70 -p1
+%patch80 -p1
+%patch90 -p1
+%patch120 -p1
+%patch200 -p1
+%patch210 -p1
+%patch230 -p1
+%patch240 -p1
+%patch270 -p1
+%patch300 -p1
+%patch310 -p1
+%patch320 -p1
+%patch330 -p1
+
+%patch450 -p1
+%patch500 -p1
+
 
 %build
 echo "gcc -O2 -Wall --include /usr/include/errno.h" > conf-cc