Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2020-07-26 16:17:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new.3592 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Sun Jul 26 16:17:23 2020 rev:153 rq:822229 version:9.16.5 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2020-06-24 15:47:45.176131629 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new.3592/bind.changes 2020-07-26 16:18:37.436767883 +0200 @@ -1,0 +2,22 @@ +Tue Jul 21 14:06:51 UTC 2020 - Josef Möllers <josef.moell...@suse.com> + +- Upgrade to version bind-9.16.5 + * The "primary" and "secondary" keywords, when used + as parameters for "check-names", were not + processed correctly and were being ignored. + * 'rndc dnstap -roll <value>' did not limit the number of + saved files to <value>. + * Add 'rndc dnssec -status' command. + * Addressed a couple of situations where named could crash + For the full list, see the CHANGES file in the source RPM. + +------------------------------------------------------------------- +Tue Jun 30 08:32:21 UTC 2020 - Josef Möllers <josef.moell...@suse.com> + +- Changed /var/lib/named to owner root:named and perms rwxrwxr-t + so that named, being a/the only member of the "named" group + has full r/w access yet cannot change directories owned by root + in the case of a compromized named. + [bsc#1173307, bind-chrootenv.conf] + +------------------------------------------------------------------- Old: ---- bind-9.16.4.tar.xz bind-9.16.4.tar.xz.sha512.asc New: ---- bind-9.16.5.tar.xz bind-9.16.5.tar.xz.sha512.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.XHhQWO/_old 2020-07-26 16:18:40.496770744 +0200 +++ /var/tmp/diff_new_pack.XHhQWO/_new 2020-07-26 16:18:40.500770748 +0200 @@ -20,17 +20,17 @@ # Note that the sonums are LIBINTERFACE - LIBAGE %define bind9_sonum 1600 %define libbind9 libbind9-%{bind9_sonum} -%define dns_sonum 1603 +%define dns_sonum 1605 %define libdns libdns%{dns_sonum} %define irs_sonum 1601 %define libirs libirs%{irs_sonum} -%define isc_sonum 1603 +%define isc_sonum 1605 %define libisc libisc%{isc_sonum} %define isccc_sonum 1600 %define libisccc libisccc%{isccc_sonum} %define isccfg_sonum 1600 %define libisccfg libisccfg%{isccfg_sonum} -%define libns_sonum 1603 +%define libns_sonum 1604 %define VENDOR SUSE %if 0%{?suse_version} >= 1500 @@ -60,7 +60,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.16.4 +Version: 9.16.5 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 @@ -561,7 +561,7 @@ %if %{with_systemd} %{_prefix}/lib/tmpfiles.d/bind-chrootenv.conf %endif -%attr(-,named,named) %dir %{_var}/lib/named +%attr(1775,root,named) %dir %{_var}/lib/named %dir %{_var}/lib/named%{_sysconfdir} %dir %{_var}/lib/named%{_sysconfdir}/named.d %dir %{_var}/lib/named/dev @@ -641,7 +641,7 @@ %{_mandir}/man1/mdig.1%{ext_man} %{_mandir}/man1/nslookup.1%{ext_man} %{_mandir}/man1/nsupdate.1%{ext_man} -%{_mandir}/man1/dnstap-read.1%{ext_man} +# %%{_mandir}/man1/dnstap-read.1%%{ext_man} %{_mandir}/man5/rndc.conf.5%{ext_man} %{_mandir}/man8/ddns-confgen.8%{ext_man} %{_mandir}/man8/dnssec-dsfromkey.8%{ext_man} @@ -656,13 +656,15 @@ %{_mandir}/man8/dnssec-coverage.8%{ext_man} %{_mandir}/man8/dnssec-keymgr.8%{ext_man} %{_mandir}/man8/dnssec-cds.8%{ext_man} -%{_mandir}/man8/named-nzd2nzf.8%{ext_man} +# %%{_mandir}/man8/named-nzd2nzf.8%%{ext_man} # %%{_mandir}/man8/genrandom.8%%{ext_man} # %%{_mandir}/man8/isc-hmac-fixup.8%%{ext_man} %{_mandir}/man8/named-journalprint.8%{ext_man} %{_mandir}/man8/nsec3hash.8%{ext_man} %{_mandir}/man8/rndc.8%{ext_man} %{_mandir}/man8/rndc-confgen.8%{ext_man} +%{_mandir}/man8/named-compilezone.8%{ext_man} +%{_mandir}/man8/tsig-keygen.8%{ext_man} %files -n python3-bind %{python3_sitelib}/isc ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.XHhQWO/_old 2020-07-26 16:18:40.532770778 +0200 +++ /var/tmp/diff_new_pack.XHhQWO/_new 2020-07-26 16:18:40.532770778 +0200 @@ -1,7 +1,7 @@ libbind9-1600 -libdns1603 +libdns1605 libirs1601 -libisc1603 +libisc1605 obsoletes "bind-libs-<targettype> = <version>" provides "bind-libs-<targettype> = <version>" libisccc1600 @@ -9,8 +9,8 @@ bind-devel requires -bind-<targettype> requires "libbind9-1600-<targettype> = <version>" - requires "libdns1603-<targettype> = <version>" + requires "libdns1605-<targettype> = <version>" requires "libirs1601-<targettype> = <version>" - requires "libisc1603-<targettype> = <version>" + requires "libisc1605-<targettype> = <version>" requires "libisccc1600-<targettype> = <version>" requires "libisccfg1600-<targettype> = <version>" ++++++ bind-9.16.4.tar.xz -> bind-9.16.5.tar.xz ++++++ ++++ 6369 lines of diff (skipped) ++++++ bind-chrootenv.conf ++++++ --- /var/tmp/diff_new_pack.XHhQWO/_old 2020-07-26 16:18:42.000772151 +0200 +++ /var/tmp/diff_new_pack.XHhQWO/_new 2020-07-26 16:18:42.000772151 +0200 @@ -1,6 +1,6 @@ # See tmpfiles.d(5) for details #Type Path Mode UID GID Age Argument -d /var/lib/named 755 named named - - +d /var/lib/named 1775 root named - - d /var/lib/named/dev 755 root root - - c /var/lib/named/dev/null 666 root root - 1:3 c /var/lib/named/dev/random 666 root root - 1:8 ++++++ bind.conf ++++++ --- /var/tmp/diff_new_pack.XHhQWO/_old 2020-07-26 16:18:42.020772170 +0200 +++ /var/tmp/diff_new_pack.XHhQWO/_new 2020-07-26 16:18:42.024772174 +0200 @@ -1,6 +1,6 @@ # See tmpfiles.d(5) for details #Type Path Mode UID GID Age Argument -d /var/lib/named 755 named named - - +d /var/lib/named 1775 root named - - d /var/lib/named/dyn 755 named named - - d /var/lib/named/master 755 named named - - d /var/lib/named/slave 755 named named - -