Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2025-01-12 11:10:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new.1881 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Sun Jan 12 11:10:14 2025 rev:214 rq:1236154 version:9.20.4 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2024-12-18 20:08:38.225513127 +0100 +++ /work/SRC/openSUSE:Factory/.bind.new.1881/bind.changes 2025-01-12 11:10:45.866059901 +0100 @@ -1,0 +2,86 @@ +Thu Dec 12 12:38:04 UTC 2024 - Jorik Cronenberg <[email protected]> + +- Add new dlz-modules source +- Update to release 9.20.4 + New Features: + * Update built-in bind.keys file with the new 2025 IANA root key. + * Add an initial-ds entry to bind.keys for the new root key, ID + 38696, which is scheduled for publication in January 2025. + + Removed Features: + * Move contributed DLZ modules into a separate repository. DLZ + modules should not be used except in testing. + * The DLZ modules were not maintained, the DLZ interface itself + is going to be scheduled for removal, and the DLZ interface is + blocking. Any module that blocks the query to the database + blocks the whole server. + * The DLZ modules now live in + https://gitlab.isc.org/isc-projects/dlz-modules repository. + + Feature Changes: + * dnssec-ksr now supports KSK rollovers. + * The tool now allows for KSK generation, as well as planned KSK + rollovers. When signing a bundle from a Key Signing Request + (KSR), only the key that is active in that time frame is used + for signing. Also, the CDS and CDNSKEY records are now added + and removed at the correct time. + * Print RFC 7314: EXPIRE option in transfer summary. + * Emit more helpful log messages for exceeding + max-records-per-type. + * The new log message is emitted when adding or updating an RRset + fails due to exceeding the max-records-per-type limit. The log + includes the owner name and type, corresponding zone name, and + the limit value. It will be emitted on loading a zone file, + inbound zone transfer (both AXFR and IXFR), handling a DDNS + update, or updating a cache DB. Itâs especially helpful in the + case of zone transfer, since the secondary side doesnât have + direct access to the offending zone data. + * It could also be used for max-types-per-name, but this change + doesnât implement it yet as itâs much less likely to happen in + practice. + * Harden key management when key files have become unavailable. + * Prior to doing key management, BIND 9 will check if the key + files on disk match the expected keys. If key files for + previously observed keys have become unavailable, this will + prevent the internal key manager from running. + + Bug Fixes: + * Use TLS for notifies if configured to do so. + * Notifies configured to use TLS will now be sent over TLS, + instead of plain text UDP or TCP. Also, failing to load the TLS + configuration for notify now results in an error. + * {&dns} is as valid as {?dns} in a SVCBâs dohpath. + * dig failed to parse a valid SVCB record with a dohpath URI + template containing a {&dns}, like + dohpath=/some/path?key=value{&dns}â. + * Fix NSEC3 closest encloser lookup for names with empty + non-terminals. + * A previous performance optimization for finding the NSEC3 + closest encloser when generating authoritative responses could + cause servers to return incorrect NSEC3 records in some cases. + This has been fixed. + * recursive-clients statement with value 0 triggered an assertion + failure. + * BIND 9.20.0 broke recursive-clients 0;. This has now been + fixed. + * Parsing of hostnames in rndc.conf was broken. + * When DSCP support was removed, parsing of hostnames in + rndc.conf was accidentally broken, resulting in an assertion + failure. This has been fixed. + * dig options of the form [+-]option=<value> failed to display + the value on the printed command line. This has been fixed. + * Provide more visibility into TLS configuration errors by + logging SSL_CTX_use_certificate_chain_file() and + SSL_CTX_use_PrivateKey_file() errors individually. + * Fix a race condition when canceling ADB find which could cause + an assertion failure. + * SERVFAIL cache memory cleaning is now more aggressive; it no + longer consumes a lot of memory if the server encounters many + SERVFAILs at once. + * Fix trying the next primary XoT server when the previous one + was marked as unreachable. + * In some cases named failed to try the next primary server in + the primaries list when the previous one was marked as + unreachable. This has been fixed. + +------------------------------------------------------------------- Old: ---- bind-9.20.3.tar.xz bind-9.20.3.tar.xz.asc New: ---- _service bind-9.20.4.tar.xz bind-9.20.4.tar.xz.asc dlz-modules-5923650.obscpio dlz-modules.obsinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.MDbE8U/_old 2025-01-12 11:10:46.962105004 +0100 +++ /var/tmp/diff_new_pack.MDbE8U/_new 2025-01-12 11:10:46.962105004 +0100 @@ -1,7 +1,7 @@ # # spec file for package bind # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # Copyright (c) 2024 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -52,12 +52,14 @@ %define with_sfw2 0 %endif +%define dlz_modules_hash 5923650 + #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.20.3 +Version: 9.20.4 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 @@ -68,6 +70,7 @@ Source2: vendor-files.tar.bz2 # from http://www.isc.org/about/openpgp/ ... changes yearly apparently. Source3: %{name}.keyring +Source4: dlz-modules-%{dlz_modules_hash}.tar.gz Source9: https://www.internic.net/domain/named.root Source40: dnszone-schema.txt Source60: dlz-schema.txt @@ -232,6 +235,7 @@ %prep %autosetup -p1 -a2 +%setup -T -D -a4 # use the year from source gzip header instead of current one to make reproducible rpms year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0}) @@ -308,7 +312,7 @@ %sysusers_generate_pre %{SOURCE72} named named.conf %endif # special build for the plugins -for d in contrib/dlz/modules/*; do +for d in dlz-modules-%{dlz_modules_hash}/modules/*; do [ -e $d/Makefile ] && make -C $d done @@ -340,25 +344,28 @@ # Install the plugins mkdir -p %{buildroot}/%{_libdir}/bind-plugins +pushd dlz-modules-%{dlz_modules_hash}/modules %if %{with_modules_perl} - install -m 0644 contrib/dlz/modules/perl/*.so %{buildroot}/%{_libdir}/bind-plugins + install -m 0644 perl/*.so %{buildroot}/%{_libdir}/bind-plugins %endif %if %{with_modules_mysql} - install -m 0644 contrib/dlz/modules/mysql/*.so %{buildroot}/%{_libdir}/bind-plugins - install -m 0644 contrib/dlz/modules/mysqldyn/*.so %{buildroot}/%{_libdir}/bind-plugins + install -m 0644 mysql/*.so %{buildroot}/%{_libdir}/bind-plugins + install -m 0644 mysqldyn/*.so %{buildroot}/%{_libdir}/bind-plugins %endif %if %{with_modules_ldap} - install -m 0644 contrib/dlz/modules/ldap/*.so %{buildroot}/%{_libdir}/bind-plugins + install -m 0644 ldap/*.so %{buildroot}/%{_libdir}/bind-plugins %endif %if %{with_modules_bdbhpt} - install -m 0644 contrib/dlz/modules/bdbhpt/*.so %{buildroot}/%{_libdir}/bind-plugins + install -m 0644 bdbhpt/*.so %{buildroot}/%{_libdir}/bind-plugins %endif %if %{with_modules_sqlite3} - install -m 0644 contrib/dlz/modules/sqlite3/*.so %{buildroot}/%{_libdir}/bind-plugins + install -m 0644 sqlite3/*.so %{buildroot}/%{_libdir}/bind-plugins %endif %if %{with_modules_generic} - install -m 0644 contrib/dlz/modules/{filesystem,wildcard}/*.so %{buildroot}/%{_libdir}/bind-plugins + install -m 0644 {filesystem,wildcard}/*.so %{buildroot}/%{_libdir}/bind-plugins %endif +popd + # remove useless .la files rm -f %{buildroot}/%{_libdir}/lib*.{la,a} %{buildroot}/%{_libdir}/bind/*.la mv vendor-files/config/named.conf %{buildroot}/%{_sysconfdir} ++++++ _service ++++++ <services> <service name="obs_scm" mode="manual"> <param name="scm">git</param> <param name="url">https://gitlab.isc.org/isc-projects/dlz-modules.git</param> <param name="revision">main</param> <param name="versionformat">%h</param> <param name="filename">dlz-modules</param> <param name="package-meta">yes</param> </service> <service name="tar" mode="buildtime"/> <service name="recompress" mode="buildtime"> <param name="file">*.tar</param> <param name="compression">gz</param> </service> </services> ++++++ bind-9.20.3.tar.xz -> bind-9.20.4.tar.xz ++++++ ++++ 120744 lines of diff (skipped) ++++++ dlz-modules.obsinfo ++++++ name: dlz-modules version: 5923650 mtime: 1731483151 commit: 5923650dbb69eac5006938218d0bc11ad9b41696 ++++++ named.root ++++++ --- /var/tmp/diff_new_pack.MDbE8U/_old 2025-01-12 11:10:48.618173150 +0100 +++ /var/tmp/diff_new_pack.MDbE8U/_new 2025-01-12 11:10:48.622173315 +0100 @@ -9,8 +9,8 @@ ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; -; last update: November 20, 2024 -; related version of root zone: 2024112001 +; last update: December 18, 2024 +; related version of root zone: 2024121801 ; ; FORMERLY NS.INTERNIC.NET ;
