Hello community,
here is the log from the commit of package bind for openSUSE:Factory checked in
at 2020-07-26 16:17:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bind (Old)
and /work/SRC/openSUSE:Factory/.bind.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind"
Sun Jul 26 16:17:23 2020 rev:153 rq:822229 version:9.16.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/bind/bind.changes 2020-06-24
15:47:45.176131629 +0200
+++ /work/SRC/openSUSE:Factory/.bind.new.3592/bind.changes 2020-07-26
16:18:37.436767883 +0200
@@ -1,0 +2,22 @@
+Tue Jul 21 14:06:51 UTC 2020 - Josef Möllers <josef.moell...@suse.com>
+
+- Upgrade to version bind-9.16.5
+ * The "primary" and "secondary" keywords, when used
+ as parameters for "check-names", were not
+ processed correctly and were being ignored.
+ * 'rndc dnstap -roll <value>' did not limit the number of
+ saved files to <value>.
+ * Add 'rndc dnssec -status' command.
+ * Addressed a couple of situations where named could crash
+ For the full list, see the CHANGES file in the source RPM.
+
+-------------------------------------------------------------------
+Tue Jun 30 08:32:21 UTC 2020 - Josef Möllers <josef.moell...@suse.com>
+
+- Changed /var/lib/named to owner root:named and perms rwxrwxr-t
+ so that named, being a/the only member of the "named" group
+ has full r/w access yet cannot change directories owned by root
+ in the case of a compromized named.
+ [bsc#1173307, bind-chrootenv.conf]
+
+-------------------------------------------------------------------
Old:
----
bind-9.16.4.tar.xz
bind-9.16.4.tar.xz.sha512.asc
New:
----
bind-9.16.5.tar.xz
bind-9.16.5.tar.xz.sha512.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ bind.spec ++++++
--- /var/tmp/diff_new_pack.XHhQWO/_old 2020-07-26 16:18:40.496770744 +0200
+++ /var/tmp/diff_new_pack.XHhQWO/_new 2020-07-26 16:18:40.500770748 +0200
@@ -20,17 +20,17 @@
# Note that the sonums are LIBINTERFACE - LIBAGE
%define bind9_sonum 1600
%define libbind9 libbind9-%{bind9_sonum}
-%define dns_sonum 1603
+%define dns_sonum 1605
%define libdns libdns%{dns_sonum}
%define irs_sonum 1601
%define libirs libirs%{irs_sonum}
-%define isc_sonum 1603
+%define isc_sonum 1605
%define libisc libisc%{isc_sonum}
%define isccc_sonum 1600
%define libisccc libisccc%{isccc_sonum}
%define isccfg_sonum 1600
%define libisccfg libisccfg%{isccfg_sonum}
-%define libns_sonum 1603
+%define libns_sonum 1604
%define VENDOR SUSE
%if 0%{?suse_version} >= 1500
@@ -60,7 +60,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: bind
-Version: 9.16.4
+Version: 9.16.5
Release: 0
Summary: Domain Name System (DNS) Server (named)
License: MPL-2.0
@@ -561,7 +561,7 @@
%if %{with_systemd}
%{_prefix}/lib/tmpfiles.d/bind-chrootenv.conf
%endif
-%attr(-,named,named) %dir %{_var}/lib/named
+%attr(1775,root,named) %dir %{_var}/lib/named
%dir %{_var}/lib/named%{_sysconfdir}
%dir %{_var}/lib/named%{_sysconfdir}/named.d
%dir %{_var}/lib/named/dev
@@ -641,7 +641,7 @@
%{_mandir}/man1/mdig.1%{ext_man}
%{_mandir}/man1/nslookup.1%{ext_man}
%{_mandir}/man1/nsupdate.1%{ext_man}
-%{_mandir}/man1/dnstap-read.1%{ext_man}
+# %%{_mandir}/man1/dnstap-read.1%%{ext_man}
%{_mandir}/man5/rndc.conf.5%{ext_man}
%{_mandir}/man8/ddns-confgen.8%{ext_man}
%{_mandir}/man8/dnssec-dsfromkey.8%{ext_man}
@@ -656,13 +656,15 @@
%{_mandir}/man8/dnssec-coverage.8%{ext_man}
%{_mandir}/man8/dnssec-keymgr.8%{ext_man}
%{_mandir}/man8/dnssec-cds.8%{ext_man}
-%{_mandir}/man8/named-nzd2nzf.8%{ext_man}
+# %%{_mandir}/man8/named-nzd2nzf.8%%{ext_man}
# %%{_mandir}/man8/genrandom.8%%{ext_man}
# %%{_mandir}/man8/isc-hmac-fixup.8%%{ext_man}
%{_mandir}/man8/named-journalprint.8%{ext_man}
%{_mandir}/man8/nsec3hash.8%{ext_man}
%{_mandir}/man8/rndc.8%{ext_man}
%{_mandir}/man8/rndc-confgen.8%{ext_man}
+%{_mandir}/man8/named-compilezone.8%{ext_man}
+%{_mandir}/man8/tsig-keygen.8%{ext_man}
%files -n python3-bind
%{python3_sitelib}/isc
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.XHhQWO/_old 2020-07-26 16:18:40.532770778 +0200
+++ /var/tmp/diff_new_pack.XHhQWO/_new 2020-07-26 16:18:40.532770778 +0200
@@ -1,7 +1,7 @@
libbind9-1600
-libdns1603
+libdns1605
libirs1601
-libisc1603
+libisc1605
obsoletes "bind-libs-<targettype> = <version>"
provides "bind-libs-<targettype> = <version>"
libisccc1600
@@ -9,8 +9,8 @@
bind-devel
requires -bind-<targettype>
requires "libbind9-1600-<targettype> = <version>"
- requires "libdns1603-<targettype> = <version>"
+ requires "libdns1605-<targettype> = <version>"
requires "libirs1601-<targettype> = <version>"
- requires "libisc1603-<targettype> = <version>"
+ requires "libisc1605-<targettype> = <version>"
requires "libisccc1600-<targettype> = <version>"
requires "libisccfg1600-<targettype> = <version>"
++++++ bind-9.16.4.tar.xz -> bind-9.16.5.tar.xz ++++++
++++ 6369 lines of diff (skipped)
++++++ bind-chrootenv.conf ++++++
--- /var/tmp/diff_new_pack.XHhQWO/_old 2020-07-26 16:18:42.000772151 +0200
+++ /var/tmp/diff_new_pack.XHhQWO/_new 2020-07-26 16:18:42.000772151 +0200
@@ -1,6 +1,6 @@
# See tmpfiles.d(5) for details
#Type Path Mode UID GID Age Argument
-d /var/lib/named 755 named named - -
+d /var/lib/named 1775 root named - -
d /var/lib/named/dev 755 root root - -
c /var/lib/named/dev/null 666 root root - 1:3
c /var/lib/named/dev/random 666 root root - 1:8
++++++ bind.conf ++++++
--- /var/tmp/diff_new_pack.XHhQWO/_old 2020-07-26 16:18:42.020772170 +0200
+++ /var/tmp/diff_new_pack.XHhQWO/_new 2020-07-26 16:18:42.024772174 +0200
@@ -1,6 +1,6 @@
# See tmpfiles.d(5) for details
#Type Path Mode UID GID Age Argument
-d /var/lib/named 755 named named - -
+d /var/lib/named 1775 root named - -
d /var/lib/named/dyn 755 named named - -
d /var/lib/named/master 755 named named - -
d /var/lib/named/slave 755 named named - -
