Hello community, here is the log from the commit of package nsd.15253 for openSUSE:Leap:15.2:Update checked in at 2020-12-10 12:23:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/nsd.15253 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.nsd.15253.new.2328 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nsd.15253" Thu Dec 10 12:23:08 2020 rev:1 rq:853272 version:4.3.4 Changes: -------- New Changes file: --- /dev/null 2020-12-09 01:05:43.965003977 +0100 +++ /work/SRC/openSUSE:Leap:15.2:Update/.nsd.15253.new.2328/nsd.changes 2020-12-10 12:23:08.731431552 +0100 @@ -0,0 +1,907 @@ +------------------------------------------------------------------- +Tue Dec 1 18:26:51 UTC 2020 - Michael Ströder <mich...@stroeder.com> + +- New upstream release 4.3.4 + +FEATURES: +- Merge PR #141: ZONEMD RR type. + +BUG FIXES: +- Fix that symlink does not interfere with chown of pidfile + (bsc#1179191, CVE-2020-28935) +- Fix #129: ambiguous use of errno, in log message if sendmmsg fails. +- Fix #128: Fix that the invalid port number is logged for sendmmsg + failed: Invalid argument. +- Fix #127: two minor `-Wcast-qual` cleanups +- Fix #126: minor header hygiene +- Fix #125: include config.h in compat/setproctitle.c and fix + prototype of `setproctitle` +- Fix #133: fix 0-init of local ( stack ) buffer. +- Fix missing parenthesis on size of fix to init buffer. +- Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN. +- Fix to add missing closest encloser NSEC3 for wildcard nodata type + DS answer. +- Remove unused init_cfg_parse routine from configlexer. +- Fix #138: NSD returns non-EDNS answer when QUESTION is empty. +- Fix #142: NODATA answers missin SOA in authority section after + CNAME chain. + +------------------------------------------------------------------- +Thu Oct 8 19:28:21 UTC 2020 - Michael Ströder <mich...@stroeder.com> + +- New upstream release 4.3.3 + +FEATURES: +- Follow DNS flag day 2020 advice and + set default EDNS message size to 1232. +- Merged PR #113 with fixes. Instead of listing an IP-address to + listen on, an interface name can be specified in nsd.conf, with + ip-address: eth0. The IP-addresses for that interface are then used. +- Port TSIG code for openssl 3.0.0-alpha6. + +BUG FIXES: +- Fix make install with --with-pidfile="". +- Merge #115 from millert: Fix strlcpy() usage. From OpenBSD. +- Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find + fd_set - patch. +- Fix that configure checks for EVP_sha256 to detect openssl, because + HMAC_CTX_new is deprecated in 3.0.0. +- Fix #119: fix compile warnings from new gcc. +- Fix #119: warn when trying to parse a directory. +- Merge PR #121: Increase log level of recreated database from + WARNING to ERR. +- Remove unused space from LIBS on link line. +- Updated date in nsd -v output. + +------------------------------------------------------------------- +Tue Jul 14 19:02:21 UTC 2020 - Michael Ströder <mich...@stroeder.com> + +- New upstream release 4.3.2 + +FEATURES: +- Fix #96: log-only-syslog: yes sets to only use syslog, fixes + that the default configuration and systemd results in duplicate + log messages. +- Fix #107: nsd -v shows configure line, openssl version and libevent + version. +- Fix #103 with #110: min-expire-time option. To provide a lower + bound for expire period. Expressed in number of seconds or + refresh+retry+1. + +BUG FIXES: +- Fix for posix shell syntax for trap in nsd-control-setup +- Fix to omit the listen-on lines from log at startup, unless verbose. +- Fix uninitialised values for bindtodevice option at startup with + reuseport and multiple interfaces. +- Fix #95: Removed make test check because tpkg not included in + release tarballs. +- Fix unused parameter compile warnings. +- Fix #97: EDNS unknown version: query not in response. +- Fix #99: Fix copying of socket properties with reuseport enabled. +- Document default value for tcp-timeout. +- Merge PR#102 from and0x000: add missing default in documentation + for drop-updates. +- Fix unlink of pidfile warning if not possible due to permissions, + nsd can display the message at high verbosity levels. +- Removed contrib/nsd.service, example is too complicated and not + useful. +- Do not log EAGAIN errors for sendmmsg, to stop log spam on OpenBSD. +- Merge #108 from Nomis: Make the max-retry-time description clearer. +- Retry when udp send buffer is full to wait until buffer space is + available. +- Remove errno reset behaviour from sendmmsg and recvmmsg + replacement functions. +- Fix unit test for different nsd-control-setup -h exit code. +- Merge #112 from jaredmauch: log old and new serials when NSD + rejects an IXFR due to an old serial number. +- Fix #106: Adhere better to xfrd bounds. Refresh and retry times. +- Fix #105: Clearing hash_tree means just emptying the tree. + +------------------------------------------------------------------- +Thu Apr 16 19:04:58 UTC 2020 - Michael Ströder <mich...@stroeder.com> + +- New upstream release 4.3.1 + +BUG FIXES: +- Fix #70: error: 'fd_set' undeclared. +- Fix #71: error: 'for' loop initial declaration used outside C99 + mode. +- Fix to move declarations out of for loops in event test too. +- Fix #76: cpuid typedef for Hurd, DragonflyBSD compile. +- Fix #75: configure test for sched_setaffinity, and use + cpuset_setaffinity otherwise. Also test for presence of sysconf. +- Fix #74: GNU Hurd fix cast from pointer to integer of different size. +- Fix for #74, #75: cpuset test for header contents and provide code. +- Fix #78: Fix SO_SETFIB error on FreeBSD. +- Merge PR #83 from noloader: Fix GNU HURD sched_setaffinity compile. +- Fix #80: NetBSD and implicit declaration of reallocarray. +- Fix unknown u_long in util.c for Issue #80 . +- Merge PR #86 from noloader: Use precious variables for GREP, EGREP, + SED, AWK, LEX and YACC. +- For PR #86: Fix that programs loaded after CFLAGS and stuff is + set, specifically the compiler, so that it can work if it needs + special flags from that. Fix that lex only needs to support -i + if actually defined, otherwise the output included in the source + tarball can be used. +- Merge PR #90 by phicoh: O_CLOEXEC should be FD_CLOEXEC. +- Merge PR #92 by tonysgi: Fix typo. +- Merge PR #91 by gearnode: nsd-control-setup recreate certificates. + The '-r' option recreates certificates. Without it it creates them + if they do not exist, and does not modify them otherwise. + +------------------------------------------------------------------- +Tue Mar 17 20:52:34 UTC 2020 - Michael Ströder <mich...@stroeder.com> + +- New upstream release 4.3.0 + +FEATURES: +- Fix to use getrandom() for randomness, if available. +- Fix #56: Drop sparse TSIG signing support in NSD. + Sign every axfr packet with TSIG, according to the latest + draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1. +- Merge pull request #59 from buddyns: add FreeBSD support + for conf key ip-transparent. +- Add feature to pin server processes to specific cpus. +- Add feature to pin IP addresses to selected server processes. +- Set process title to identify individual processes. +- Merge PR#22: minimise-any: prefer polular and not large RRset, + from Daisuke Higashi. +- Add support for SO_BINDTODEVICE on Linux. +- Add support for SO_SETFIB on FreeBSD. +- Add feature to drop queries with opcode UPDATE. + +BUG FIXES: +- Fix fname null check of fname in namedb_read_zonefile. +- Fix implicit cast of size in udb_radnode_array_grow. +- Fix ignore of return value of ssl_printf in remote.c. +- Fix unused check of fd in parent_handle_reload_command. +- Attempt to fix signedness of nscount lookup in ixfr query_process. +- Fix identical branches for ssl_print of errors in remote.c. +- Fix type cast bounds, signedness of opt_rdlen in edns_parse_record. +- Fix to separate header and data lines in parse_zone_list_file. +- Fix to define max number of EDNS records we are willing to + spend time on. +- Fix size of string len and capacity type cast in udbradtree. +- Fix to protect rrcount in tsig_find_rr from overflow. +- Annotate radix_find_prefix_node not reachable trail code. +- Fix to protect rrcount in packet_find_notify_serial from overflow. +- Fix to close socket on error in create_tcp_accept_sock. +- Fix to log on failure to chmod for socket for remote control. +- Fix to remove unneeded if in open of socket for remote control. +- Fix to restore input parameter on call failure in create_dirs. +- Please checker by terminating and initialising string read + by remote control. +- Fix to define upper bounds on rr counts read from untrusted packet + data. +- Separate acl_addr_match_range functions for ip4 and ip6, to + please checkers. +- Avoid unused variable warning in new match_range_v4 function. +- Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters. +- use-systemd is ignored in nsd.conf, when NSD is compiled with + libsystemd it always signals readiness, if possible. +- Note that use-systemd is not necessary and ignored in man page. +- Fix unreachable code in ssl set options code. +- Fix bad shift in assertion code analyzer complaint. +- Fix responses for IXFR so that the authority section is not echoed + in the response. +- Merge PR#60: Minor portability fixes from michaelforney, with + avoid pointer arithmetic on void* and avoid unnecessary VLA. +- Fix that the retry wait does not exceed one day for zone transfers. + +CHANGES: +- Set FD_CLOEXEC on opened sockets. + +------------------------------------------------------------------- +Thu Dec 12 15:50:13 UTC 2019 - Adam Majer <adam.ma...@suse.de> + +- Update keyring as per https://nlnetlabs.nl/people/ ++++ 710 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.nsd.15253.new.2328/nsd.changes New: ---- nsd-4.3.4.tar.gz nsd-4.3.4.tar.gz.asc nsd-rpmlintrc nsd.changes nsd.keyring nsd.service nsd.spec tmpfiles-nsd.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nsd.spec ++++++ # # spec file for package nsd # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define home %{_localstatedir}/lib/%{name} %define configdir %{_sysconfdir}/%{name} %define configfile %{configdir}/nsdc.conf %define zonesfile %{configdir}/nsd.zones %define zonesdir %{configdir}/zones %define pidfile %{_rundir}/nsd/nsd.pid Name: nsd Version: 4.3.4 Release: 0 # Summary: An authoritative-only domain name server # License: BSD-3-Clause Group: Productivity/Networking/DNS/Servers URL: http://open.nlnetlabs.nl/nsd/ Source: http://open.nlnetlabs.nl/downloads/nsd/nsd-%{version}.tar.gz Source1: nsd.service Source2: tmpfiles-nsd.conf # Generated with from https://nlnetlabs.nl/people/ # # curl -Ss https://nlnetlabs.nl/people/ | \ # grep 'PGP Key ID' | \ # sed 's,.*PGP Key ID: \([A-Z0-9 ]\+\).*,\1,' | \ # perl -e 'while($_=<>){chop; s, ,,g;print; print(" ");}' | \ # xargs gpg --export-options export-minimal --export > nsd.keyring # Source4: nsd.keyring Source5: https://www.nlnetlabs.nl/downloads/nsd/nsd-%{version}.tar.gz.asc Source10: nsd-rpmlintrc # BuildRequires: libevent-devel BuildRequires: openssl-devel BuildRequires: pkgconfig BuildRequires: pwdutils BuildRequires: tcpd-devel Requires: pwdutils Requires(pre): coreutils Requires(post): coreutils Requires(post): findutils Requires(pre): shadow Requires(post): shadow %{?systemd_requires} %description NSD is a complete implementation of an authoritative domain name server, developed by NLnet Labs, with the purpose of creating more diversity in the DNS landscape. %prep %setup -q %build %configure \ --with-configdir=%{configdir} \ --with-zonesdir=%{zonesdir} \ --with-dbfile=%{home}/nsd.db \ --with-xfrdfile=%{home}/xfrd.state \ --with-pidfile=%{_rundir}/nsd/nsd.pid \ --with-logfile=/%{_localstatedir}/log/nsd/nsd.log \ --enable-root-server \ --enable-bind8-stats \ --enable-zone-stats \ --enable-mmap \ --with-user=_nsd \ --enable-ratelimit make %{?_smp_mflags} iconv -f iso8859-1 -t utf-8 doc/RELNOTES > doc/RELNOTES.utf8 iconv -f iso8859-1 -t utf-8 doc/CREDITS > doc/CREDITS.utf8 mv -f doc/RELNOTES.utf8 doc/RELNOTES mv -f doc/CREDITS.utf8 doc/CREDITS %install %make_install chmod -Rv o= %{buildroot}%{configdir}/ # install -d -m 0700 %{buildroot}%{home} \ %{buildroot}%{_rundir}/%{name} # install -d -m 0755 %{buildroot}/%{_localstatedir}/log/nsd/ touch %{buildroot}%{home}/{nsd.db,ixfr.db,xfrd.state} %{buildroot}/%{_localstatedir}/log/nsd/nsd.log mkdir -m 0750 %{buildroot}%{zonesdir} install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/nsd.service install -D -m 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/nsd.conf ln -s -f %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} %pre getent group _nsd >/dev/null || groupadd -r _nsd getent passwd _nsd >/dev/null || \ useradd -r -g _nsd -s /bin/false -c "user for %{name}" \ -d %{home} _nsd %service_add_pre %{name}.service %post systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || : %service_add_post %{name}.service %preun %service_del_preun %{name}.service %postun %service_del_postun %{name}.service %files %doc doc/* %{configdir}/nsd.conf.sample %doc contrib/ %{_unitdir}/nsd.service %dir %{_tmpfilesdir} %{_tmpfilesdir}/nsd.conf %{_sbindir}/rcnsd %{_sbindir}/nsd %{_sbindir}/nsd-control %{_sbindir}/nsd-control-setup %{_sbindir}/nsd-checkconf %{_sbindir}/nsd-checkzone %{_mandir}/man5/nsd.conf.5* %{_mandir}/man8/nsd-checkconf.8* %{_mandir}/man8/nsd-checkzone.8* %{_mandir}/man8/nsd.8* %{_mandir}/man8/nsd-control.8* # %config(noreplace) %attr(-,root,_nsd) %{configdir} %ghost %config %attr(640,_nsd,_nsd) %{configdir}/nsd.conf %dir %attr(750,root,_nsd) %{zonesdir} # %dir %attr(750,_nsd,_nsd) %{home} %ghost %config %attr(640,_nsd,_nsd) %{home}/nsd.db %ghost %config %attr(640,_nsd,_nsd) %{home}/ixfr.db %ghost %config %attr(640,_nsd,_nsd) %{home}/xfrd.state # %dir %attr(750,_nsd,_nsd) /%{_localstatedir}/log/nsd %ghost %attr(640,_nsd,_nsd) /%{_localstatedir}/log/nsd/nsd.log %ghost %attr(750,_nsd,_nsd) %{_rundir}/%{name} %changelog ++++++ nsd-rpmlintrc ++++++ # failed check. chroot immediately follows chdir addFilter("W: missing-call-to-chdir-with-chroot /usr/sbin/nsd") ++++++ nsd.service ++++++ [Unit] Description=NSD DNS Server After=syslog.target network.target [Service] Type=simple PIDFile=/run/nsd/nsd.pid #EnvironmentFile=-/etc/sysconfig/nsd #ExecStart=/usr/sbin/nsd -D -c /etc/nsd/nsd.conf $OTHER_NSD_OPTS ExecStart=/usr/sbin/nsd -d -c /etc/nsd/nsd.conf ExecStopPost=/bin/rm -f /var/lib/nsd/xfrd.state [Install] WantedBy=multi-user.target ++++++ tmpfiles-nsd.conf ++++++ D /run/nsd 0755 _nsd _nsd - _______________________________________________ openSUSE Commits mailing list -- commit@lists.opensuse.org To unsubscribe, email commit-le...@lists.opensuse.org List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
