Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2020-12-08 13:23:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new.5913 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Tue Dec 8 13:23:53 2020 rev:159 rq:853298 version:9.16.8 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2020-10-24 15:16:41.508185962 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new.5913/bind.changes 2020-12-08 13:25:28.838688811 +0100 @@ -1,0 +2,51 @@ +Wed Nov 11 10:55:46 UTC 2020 - Josef Möllers <[email protected]> + +- Added special make instruction for the "Administrator Reference + Manual" which is built using python3-Sphinx + [bsc#1177983, bind.spec] +- Removed "Before=nss-lookup.target" from named.service as that + leads to a systemd ordering cycle + [bsc#1177491, bsc#1178626, bsc#1177991, vendor-files.tar.bz2] + +------------------------------------------------------------------- +Wed Oct 28 12:50:56 UTC 2020 - Josef Möllers <[email protected]> + +- Upgrade to version 9.16.8 + New Features: + * Add a new rndc command, "rndc dnssec -rollover", which triggers a + manual rollover for a specific key. + * Add a new rndc command, "rndc dumpdb -expired", which dumps the + cache database, including expired RRsets that are awaiting + cleanup, to the dump-file for diagnostic purposes. + Bug Fixes: + * named reported an invalid memory size when running in an environment + that did not properly report the number of available memory pages + and/or the size of each memory page. + * With multiple forwarders configured, named could fail the + REQUIRE(msg->state == (-1)) assertion in lib/dns/message.c, + causing it to crash. This has been fixed. + * named erroneously performed continuous key rollovers for KASP + policies that used algorithm Ed25519 or Ed448 due to a mismatch + between created key size and expected key size. + * Updating contents of an RPZ zone which contained names spelled + using varying letter case could cause some processing rules in + that RPZ zone to be erroneously ignored. + Local changes: + * Add /usr/lib64/named to the files and directories in + bind-chrootenv.conf. This directory contains plugins loaded + after the chroot(). + [bsc#1177913,bsc#1178078,bsc#1177603,bind-chrootenv.conf] + +------------------------------------------------------------------- +Fri Oct 23 11:29:25 UTC 2020 - Josef Möllers <[email protected]> + +- Removed "dnssec-enable" from named.conf as it has been obsoleted. + Added a comment for reference which should be removed + in the future. +- Added a comment to the "dnssec-validation" in named.conf + with a reference to forwarders which do not return signed responses. +- Replaced named's dependency on time-sync with a dependency on time-set + in named.service. + [bsc#1177790,bsc#1175894,bsc#1177915,vendor-files.tar.bz2] + +------------------------------------------------------------------- Old: ---- bind-9.16.7.tar.xz bind-9.16.7.tar.xz.sha512.asc New: ---- bind-9.16.8.tar.xz bind-9.16.8.tar.xz.sha512.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.RGhHVc/_old 2020-12-08 13:25:29.718691322 +0100 +++ /var/tmp/diff_new_pack.RGhHVc/_new 2020-12-08 13:25:29.722691333 +0100 @@ -20,17 +20,17 @@ # Note that the sonums are LIBINTERFACE - LIBAGE %define bind9_sonum 1600 %define libbind9 libbind9-%{bind9_sonum} -%define dns_sonum 1607 +%define dns_sonum 1608 %define libdns libdns%{dns_sonum} %define irs_sonum 1601 %define libirs libirs%{irs_sonum} -%define isc_sonum 1606 +%define isc_sonum 1607 %define libisc libisc%{isc_sonum} %define isccc_sonum 1600 %define libisccc libisccc%{isccc_sonum} %define isccfg_sonum 1601 %define libisccfg libisccfg%{isccfg_sonum} -%define ns_sonum 1604 +%define ns_sonum 1605 %define libns libns%{ns_sonum} %define VENDOR SUSE @@ -61,7 +61,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.16.7 +Version: 9.16.8 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 @@ -91,6 +91,7 @@ BuildRequires: openssl BuildRequires: pkgconfig BuildRequires: python3 +BuildRequires: python3-Sphinx BuildRequires: python3-ply BuildRequires: update-desktop-files BuildRequires: pkgconfig(json) @@ -344,6 +345,10 @@ s|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g ' libtool make %{?_smp_mflags} +# special make for the Administrators Reference Manual +for d in arm; do + make -C doc/${d} SPHINXBUILD=sphinx-build doc +done %if %{with_systemd} %sysusers_generate_pre %{SOURCE72} named %endif @@ -426,7 +431,11 @@ cp -a vendor-files/docu/README %{buildroot}/%{_defaultdocdir}/bind/README.%{VENDOR} mkdir -p vendor-files/config/ISC-examples cp -a bin/tests/*.conf* vendor-files/config/ISC-examples -for file in CHANGES COPYRIGHT README version contrib doc/{arm,misc} vendor-files/config; do +for d in arm; do + cp -a doc/${d}/_build %{buildroot}/%{_defaultdocdir}/bind/${d} + echo "%doc %{_defaultdocdir}/bind/${d}" >>filelist-bind-doc +done +for file in CHANGES COPYRIGHT README version contrib doc/misc vendor-files/config; do basename=$( basename ${file}) cp -a ${file} %{buildroot}/%{_defaultdocdir}/bind/${basename} echo "%doc %{_defaultdocdir}/bind/${basename}" >>filelist-bind-doc ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.RGhHVc/_old 2020-12-08 13:25:29.790691527 +0100 +++ /var/tmp/diff_new_pack.RGhHVc/_new 2020-12-08 13:25:29.794691538 +0100 @@ -1,17 +1,17 @@ libbind9-1600 -libdns1607 +libdns1608 libirs1601 -libisc1606 +libisc1607 obsoletes "bind-libs-<targettype> = <version>" provides "bind-libs-<targettype> = <version>" libisccc1600 libisccfg1601 -libns1604 +libns1605 bind-devel requires -bind-<targettype> requires "libbind9-1600-<targettype> = <version>" - requires "libdns1607-<targettype> = <version>" + requires "libdns1608-<targettype> = <version>" requires "libirs1601-<targettype> = <version>" - requires "libisc1606-<targettype> = <version>" + requires "libisc1607-<targettype> = <version>" requires "libisccc1600-<targettype> = <version>" requires "libisccfg1601-<targettype> = <version>" ++++++ bind-9.16.7.tar.xz -> bind-9.16.8.tar.xz ++++++ ++++ 36665 lines of diff (skipped) ++++++ bind-chrootenv.conf ++++++ --- /var/tmp/diff_new_pack.RGhHVc/_old 2020-12-08 13:25:31.302695841 +0100 +++ /var/tmp/diff_new_pack.RGhHVc/_new 2020-12-08 13:25:31.306695852 +0100 @@ -14,3 +14,4 @@ L /var/lib/named/var/log - - - - ../log d /var/lib/named/var/run - - - - - d /var/lib/named/var/run/named 755 named named - - +C /var/lib/named/usr/lib64/named - - - - /usr/lib64/named ++++++ vendor-files.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/config/named.conf new/vendor-files/config/named.conf --- old/vendor-files/config/named.conf 2014-06-01 15:29:46.000000000 +0200 +++ new/vendor-files/config/named.conf 2020-10-23 13:43:08.242872586 +0200 @@ -25,18 +25,17 @@ # If BIND logs error messages about the root key being expired, you # will need to update your keys. See https://www.isc.org/bind-keys # - # dnssec-enable yes (default), indicates that a secure DNS service - # is being used which may be one, or more, of TSIG - # (for securing zone transfers or DDNS updates), SIG(0) - # (for securing DDNS updates) or DNSSEC. - - #dnssec-enable yes; + # The dnssec-enable option has been obsoleted and no longer has any effect. + # DNSSEC responses are always enabled if signatures and other DNSSEC data are present. # dnssec-validation yes (default), indicates that a resolver # (a caching or caching-only name server) will attempt to validate # replies from DNSSEC enabled (signed) zones. To perform this task # the server also needs either a valid trusted-keys clause - # (containing one or more trusted-anchors or a managed-keys clause. + # (containing one or more trusted-anchors) or a managed-keys clause. + # If you have problems with forwarders not returning signed responses, + # set this to "no", but be aware that this may create security issues + # so better switch to a forwarder which supports DNSSEC! #dnssec-validation auto; managed-keys-directory "/var__NSD__/named/dyn/"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/system/named.service new/vendor-files/system/named.service --- old/vendor-files/system/named.service 2020-05-08 14:53:35.129101446 +0200 +++ new/vendor-files/system/named.service 2020-11-11 11:57:09.079024113 +0100 @@ -1,10 +1,9 @@ [Unit] Description=Berkeley Internet Name Domain (DNS) After=network.target -After=time-sync.target -Before=nss-lookup.target +After=time-set.target Wants=nss-lookup.target -Wants=time-sync.target +Wants=time-set.target [Service] Type=forking _______________________________________________ openSUSE Commits mailing list -- [email protected] To unsubscribe, email [email protected] List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/[email protected]
