Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2024-08-25 12:09:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new.2698 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Sun Aug 25 12:09:38 2024 rev:210 rq:1195688 version:9.20.1 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2024-07-26 16:14:57.628401094 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new.2698/bind.changes 2024-08-25 12:09:42.930335837 +0200 @@ -1,0 +2,81 @@ +Fri Aug 23 09:26:22 UTC 2024 - Jorik Cronenberg <[email protected]> + +- Update to release 9.20.1 + New Features: + * Implement rndc retransfer -force. + * A new optional argument -force has been added to the command + rndc retransfer. When it is specified, named aborts the ongoing + zone transfer (if there is one) and starts a new transfer. + * dig now reports a missing QUESTION section for messages with + opcode QUERY. + * Query responses should contain the QUESTION section, with some + exceptions. dig was not reporting this. + + Feature Changes: + * Tighten max-recursion-queries and add max-query-restarts + configuration statement. + * There were cases when the max-recursion-queries quota was + ineffective. It was possible to craft zones that would cause a + resolver to waste resources by sending excessive queries while + attempting to resolve a name. This has been addressed by + correcting errors in the implementation of + max-recursion-queries and by reducing the default value from + 100 to 32. + * In addition, a new max-query-restarts configuration statement + has been added, which limits the number of times a recursive + server will follow CNAME or DNAME records before terminating + resolution. This was previously a hard-coded limit of 16 but is + now configurable with a default value of 11. + * ISC would like to thank Huayi Duan, Marco Bearzi, Jodok Vieli, + and Cagin Tanir from NetSec group, ETH Zurich for discovering + and notifying us about the issue. + * Allow shorter resolver-query-timeout configuration. + * The minimum allowed value of resolver-query-timeout was lowered + from its previous value of 10 000 milliseconds (which is still + the default) to 301 milliseconds. Note however that values of 1 + to 300 inclusive are interpreted as seconds before applying the + limit. A value of zero is interpreted as the default. + * Raise the log level of priming failures. + * When a priming query is complete, it was previously logged at + level DEBUG(1), regardless of success or failure. It is now + logged to NOTICE in the case of failure. + + Bug Fixes: + * Fix a crash caused by valid TSIG signatures with invalid time. + * An assertion failure was triggered when the TSIG had a valid + cryptographic signature but the time was invalid. This could + happen when the times between the primary and secondary servers + were not synchronised. The crash has now been fixed. + * Return SERVFAIL for a too long CNAME chain. + * When following long CNAME chains, named was returning NOERROR + (along with a partial answer) instead of SERVFAIL, if the chain + exceeded the maximum length. This has been fixed. + * Reconfigure catz member zones during named reconfiguration. + * During a reconfiguration, named wasnât reconfiguring catalog + zonesâ member zones. This has been fixed. + * Update key lifetime and metadata after dnssec-policy + reconfiguration. + * Adjust key state and timing metadata if dnssec-policy key + lifetime configuration is updated, so that it also affects + existing keys. + * Fix a crash during zone modification. + * Fix an assertion failure that could happen when an + authoritative zone was modified while the server was generating + an answer from that zone. + * Fix assertion failure when executing named-checkconf -v to + print its version. + * Fix generation of 6to4-self name expansion from IPv4 address. + * The period between the most significant nibble of the encoded + IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing, + resulting in the wrong name being checked. This has been fixed. + * dig +yaml was producing unexpected and/or invalid YAML. output. + * SVBC ALPN text parsing failed to reject zero-length ALPN. + * Fix false QNAME minimisation error being reported. + * Remove the false positive success resolving log message when + QNAME minimisation is in effect and the final result is an + NXDOMAIN. + * Fix --enable-tracing build on systems without dtrace. + * A missing util/dtrace.sh file prevented builds on systems + without the dtrace utility. This has been corrected. + +------------------------------------------------------------------- Old: ---- bind-9.20.0.tar.xz bind-9.20.0.tar.xz.asc New: ---- bind-9.20.1.tar.xz bind-9.20.1.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.LyZxmf/_old 2024-08-25 12:09:43.742369534 +0200 +++ /var/tmp/diff_new_pack.LyZxmf/_new 2024-08-25 12:09:43.742369534 +0200 @@ -56,7 +56,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.20.0 +Version: 9.20.1 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 ++++++ bind-9.20.0.tar.xz -> bind-9.20.1.tar.xz ++++++ ++++ 147325 lines of diff (skipped)
