Sync from SUSE:ALP:Source:Standard:1.0 bind revision 5611014a1cd1e4302729c582d8f43f18
This commit is contained in:
parent
986eb81914
commit
fe313f6991
BIN
bind-9.18.24.tar.xz
(Stored with Git LFS)
BIN
bind-9.18.24.tar.xz
(Stored with Git LFS)
Binary file not shown.
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmXI5VgACgkQUQpkKgbF
|
||||
LOwcMA/+Ow94NYy2xIcuN2bqLtZLnfM8tWU3NL/mUJed/iYp//Q0CI3Q6pnLmPVY
|
||||
1j5trMDmNGcDHFg1RN4GKtsZmRm4icjANyuqYA7Bcqb2Qr7cezbkbpGrY6AI7ex/
|
||||
wGtt5+OL+1aZgAQWZV35XVmyW7c+HJ1zQc28Ctfh7pRwOU+sit7OGvTSZZVPaY/Q
|
||||
CzyOQnLE2lqpTZzcUT7m/ohHW7mYkf4GN+xRXuvD/TyAE+h3XetYdK03C8+lRY/y
|
||||
r6KbucVG2hm/6L5u00s2mPMH68vTidQiT1YPMMHcWSAXZ51OcVJdLCg5CVCnXDIJ
|
||||
O8PoUIs7cxvUstfdRGie7vyCwqsk9fwgH/9M+81OreizdxX7G/orKyzIfiBRxcMw
|
||||
UHpuc0bMfZ3CWigo79q1FdXaSpC+RA+noBqoDJS6/eMl9M0mFOUwuNIsDbTqHoRK
|
||||
tGJu9xFz4vjgisXIuXCyNEJfvzESRl/w7fAs90sumMiVrjxWw7JXAUsZfaMNQhI5
|
||||
LQedp+SGtrXQLUqLJe/nHeAKSuXKvf6ftgs5/nVBmLS/KPRfnciysDd7Vuu5+lFB
|
||||
FrEQ4b6m80H7W0kwRdqPEiFcGGS3Zsiyi1SAERMudsoR/JiDGVMuSRuulRwJVQw4
|
||||
rpylvX+yCy7VRXQIIo4K65TAWtHLnld3Lp1fnrmHbzL9ZrE2exE=
|
||||
=CnZp
|
||||
-----END PGP SIGNATURE-----
|
||||
BIN
bind-9.20.0.tar.xz
(Stored with Git LFS)
Normal file
BIN
bind-9.20.0.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
bind-9.20.0.tar.xz.asc
Normal file
16
bind-9.20.0.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmaNMyYACgkQUQpkKgbF
|
||||
LOzwnBAAgICQ7MC0rkXZxD/8X3vatdpDZ4MkUvkhOR+J4kkKWBuSqZJQvuWA8XeS
|
||||
/rycCHWFeUf3V9Wj6XbCPa1l4eV5rAnSVJtHHoDoK9Tt/1H6HCd0v2b270a9q1pU
|
||||
ra5Jdi/ZP76iRYAAse8FpRymMcjEk/aXnnnOsCACOY8MNvxC83mmrciPJJxloEBy
|
||||
9zGPGzkvnYTM1H/qSR0GrUsGLtzKPiXbvtsRo9jI3f8kL9Tdxw9IlmH0OY14L26L
|
||||
QKgaFC4Sa3J2PmELLCORtvUEDeKi9FAG9+6ua3h7ork2n/cARmOhvmZ8FFgLlB1e
|
||||
7GSWCMujw+h44vNJrz1w14Bm1sN3k9PgY34i7ter/WA6ZTFDIWyhQh5tHrbjsdyv
|
||||
DTlE8EvVNIg4fYMCew57yedXqzWO6bavwFlsiPyjXyG9+k9xSeQEYuuLGismF3gQ
|
||||
AGXPyUUAiqhnyQd1uCf8qK5sgkH39+g5TRFl5oSvZavOAr/GtzsNhAo5Ii5ia8qL
|
||||
mUVESk+Jyl4/rKJAAMwWtdl8mk8RYx1BF0XAG/mnvC81HBcuiu5aRBa5N3p8Kg+W
|
||||
cUMPOjDhXn90pxEcD1MSg6nH1P0sVVOYWaQvJ1FtzKUp7JKNJus0yjgQarF5VI/l
|
||||
7VSUi36dGSlDyM4EvspS/KAnItErzA8Vn40R9x8qbmzjD1Ka5LU=
|
||||
=wneo
|
||||
-----END PGP SIGNATURE-----
|
||||
111
bind.changes
111
bind.changes
@ -1,3 +1,114 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 24 09:03:08 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Update to new major version 9.20.0
|
||||
For a complete list of all changes see:
|
||||
* https://bind9.readthedocs.io/en/v9.20.0/notes.html
|
||||
* The CHANGES file in the source RPM
|
||||
|
||||
Some noteworthy changes:
|
||||
* Added new BuildRequires liburcu for lock free data structures.
|
||||
* A new DNSSEC tool dnssec-ksr has been added to create Key
|
||||
Signing Request (KSR) and Signed Key Response (SKR) files.
|
||||
* /etc/bind.keys and /var/lib/named/named.root.key have been
|
||||
removed as the correct defaults are pre-compiled and there is
|
||||
no need to configure bind.keys manually.
|
||||
* The functions that were in the libbind9 shared library have
|
||||
been moved to the libisc and libisccfg libraries. The now-empty
|
||||
libbind9 has been removed and is no longer installed.
|
||||
* The irs_resconf module has been moved to the libdns shared
|
||||
library. The now-empty libirs library has been removed and is
|
||||
no longer installed.
|
||||
|
||||
Security Fixes:
|
||||
* A malicious DNS client that sent many queries over TCP but
|
||||
never read the responses could cause a server to respond slowly
|
||||
or not at all for other clients. This has been fixed.
|
||||
(CVE-2024-0760)
|
||||
[bsc#1228255]
|
||||
* It is possible to craft excessively large resource records
|
||||
sets, which have the effect of slowing down database
|
||||
processing. This has been addressed by adding a configurable
|
||||
limit to the number of records that can be stored per name and
|
||||
type in a cache or zone database. The default is 100, which can
|
||||
be tuned with the new max-records-per-type option.
|
||||
* It is possible to craft excessively large numbers of resource
|
||||
record types for a given owner name, which has the effect of
|
||||
slowing down database processing. This has been addressed by
|
||||
adding a configurable limit to the number of records that can
|
||||
be stored per name and type in a cache or zone database. The
|
||||
default is 100, which can be tuned with the new
|
||||
max-types-per-name option. (CVE-2024-1737)
|
||||
[bsc#1228256]
|
||||
* Validating DNS messages signed using the SIG(0) protocol (RFC
|
||||
2931) could cause excessive CPU load, leading to a
|
||||
denial-of-service condition. Support for SIG(0) message
|
||||
validation was removed from this version of named.
|
||||
(CVE-2024-1975)
|
||||
[bsc#1228257]
|
||||
* Due to a logic error, lookups that triggered serving stale data
|
||||
and required lookups in local authoritative zone data could
|
||||
have resulted in an assertion failure. This has been fixed.
|
||||
* Potential data races were found in our DoH implementation,
|
||||
related to HTTP/2 session object management and endpoints set
|
||||
object management after reconfiguration. These issues have been
|
||||
fixed.
|
||||
* When looking up the NS records of parent zones as part of
|
||||
looking up DS records, it was possible for named to trigger an
|
||||
assertion failure if serve-stale was enabled. This has been
|
||||
fixed. (CVE-2024-4076)
|
||||
[bsc#1228258]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 17 16:05:37 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Update to release 9.18.27
|
||||
New Features:
|
||||
* A new option signatures-jitter has been added to dnssec-policy
|
||||
to allow signature expirations to be spread out over a period
|
||||
of time.
|
||||
|
||||
Feature Changes:
|
||||
* DNSSEC signatures that are not valid because the current time
|
||||
falls outside the signature inception and expiration dates are
|
||||
skipped instead of causing an immediate validation failure.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Apr 21 21:17:19 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Update to release 9.18.26
|
||||
New Features:
|
||||
* The statistics channel now includes counters that indicate the
|
||||
number of currently connected TCP IPv4/IPv6 clients.
|
||||
* Added RESOLVER.ARPA to the built in empty zones.
|
||||
|
||||
Bug Fixes:
|
||||
* Changes to listen-on statements were ignored on reconfiguration
|
||||
unless the port or interface address was changed, making it
|
||||
impossible to change a related listener transport type. That
|
||||
issue has been fixed.
|
||||
* A bug in the keymgr code unintentionally slowed down some
|
||||
DNSSEC key rollovers. This has been fixed.
|
||||
* Some ISO 8601 durations were accepted erroneously, leading to
|
||||
shorter durations than expected. This has been fixed.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 20 13:39:16 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Update to release 9.18.25
|
||||
Bug Fixes:
|
||||
* A regression in cache-cleaning code enabled memory use to grow
|
||||
significantly more quickly than before, until the configured
|
||||
max-cache-size limit was reached. This has been fixed.
|
||||
* Using rndc flush inadvertently caused cache cleaning to become
|
||||
less effective. This could ultimately lead to the configured
|
||||
max-cache-size limit being exceeded and has now been fixed.
|
||||
* The logic for cleaning up expired cached DNS records was
|
||||
tweaked to be more aggressive. This change helps with enforcing
|
||||
max-cache-ttl and max-ncache-ttl in a timely manner. [GL #4591]
|
||||
* It was possible to trigger a use-after-free assertion when the
|
||||
overmem cache cleaning was initiated. This has been fixed.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 13 15:15:21 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
|
||||
13
bind.spec
13
bind.spec
@ -56,7 +56,7 @@
|
||||
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
||||
%endif
|
||||
Name: bind
|
||||
Version: 9.18.24
|
||||
Version: 9.20.0
|
||||
Release: 0
|
||||
Summary: Domain Name System (DNS) Server (named)
|
||||
License: MPL-2.0
|
||||
@ -92,6 +92,7 @@ BuildRequires: pkgconfig(krb5)
|
||||
BuildRequires: pkgconfig(libidn2)
|
||||
BuildRequires: pkgconfig(libmaxminddb)
|
||||
BuildRequires: pkgconfig(libnghttp2)
|
||||
BuildRequires: pkgconfig(liburcu)
|
||||
BuildRequires: pkgconfig(libuv)
|
||||
BuildRequires: pkgconfig(libxml-2.0)
|
||||
Requires: %{name}-utils
|
||||
@ -375,7 +376,6 @@ mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d
|
||||
install -D -m 0644 %{SOURCE70} %{buildroot}%{_prefix}/lib/tmpfiles.d/bind.conf
|
||||
install -D -m 0644 %{_sourcedir}/named.root %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/root.hint
|
||||
install -m 0644 vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named
|
||||
install -m 0644 bind.keys %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/named.root.key
|
||||
install -d -m 0755 %{buildroot}/%{_unitdir}/named.service.d
|
||||
%else
|
||||
for file in named; do
|
||||
@ -422,7 +422,6 @@ done
|
||||
# ---------------------------------------------------------------------------
|
||||
# remove useless Makefiles and Makefile skeletons
|
||||
find %{buildroot}/%{_defaultdocdir}/bind \( -name Makefile -o -name Makefile.in \) -exec rm {} +
|
||||
install -m 0644 bind.keys %{buildroot}%{_localstatedir}/lib/named/named.root.key
|
||||
%if %{with_systemd}
|
||||
mkdir -p %{buildroot}%{_sysusersdir}
|
||||
install -m 644 %{SOURCE72} %{buildroot}%{_sysusersdir}/
|
||||
@ -532,7 +531,6 @@ fi
|
||||
%config %{_var}/lib/named/root.hint
|
||||
%config %{_var}/lib/named/127.0.0.zone
|
||||
%config %{_var}/lib/named/localhost.zone
|
||||
%config %{_var}/lib/named/named.root.key
|
||||
%dir %{_libexecdir}/bind
|
||||
%{_libexecdir}/bind/named.prep
|
||||
%dir %{_libdir}/bind-plugins
|
||||
@ -571,7 +569,6 @@ fi
|
||||
%files utils
|
||||
%dir %{_sysconfdir}/named.d
|
||||
%config(noreplace) %{_sysconfdir}/named.d/rndc-access.conf
|
||||
%config(noreplace) %{_sysconfdir}/bind.keys
|
||||
%dir %{_sysconfdir}/openldap
|
||||
%dir %{_sysconfdir}/openldap/schema
|
||||
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dnszone.schema
|
||||
@ -594,20 +591,17 @@ fi
|
||||
%{_bindir}/dnssec-verify
|
||||
%{_bindir}/dnssec-cds
|
||||
%{_bindir}/dnstap-read
|
||||
%{_bindir}/dnssec-ksr
|
||||
%{_sbindir}/ddns-confgen
|
||||
%{_sbindir}/rndc
|
||||
%{_sbindir}/rndc-confgen
|
||||
%{_sbindir}/tsig-keygen
|
||||
%{_libdir}/libbind9-%{version}.so
|
||||
%{_libdir}/libdns-%{version}.so
|
||||
%{_libdir}/libirs-%{version}.so
|
||||
%{_libdir}/libisc-%{version}.so
|
||||
%{_libdir}/libisccc-%{version}.so
|
||||
%{_libdir}/libisccfg-%{version}.so
|
||||
%{_libdir}/libns-%{version}.so
|
||||
%{_libdir}/libbind9.so
|
||||
%{_libdir}/libdns.so
|
||||
%{_libdir}/libirs.so
|
||||
%{_libdir}/libisc.so
|
||||
%{_libdir}/libisccc.so
|
||||
%{_libdir}/libisccfg.so
|
||||
@ -634,6 +628,7 @@ fi
|
||||
%{_mandir}/man1/named-journalprint.1%{ext_man}
|
||||
%{_mandir}/man1/nsec3hash.1%{ext_man}
|
||||
%{_mandir}/man1/dnstap-read.1%{ext_man}
|
||||
%{_mandir}/man1/dnssec-ksr.1.gz
|
||||
%{_mandir}/man5/rndc.conf.5%{ext_man}
|
||||
%{_mandir}/man8/ddns-confgen.8%{ext_man}
|
||||
%{_mandir}/man8/rndc.8%{ext_man}
|
||||
|
||||
BIN
vendor-files.tar.bz2
(Stored with Git LFS)
BIN
vendor-files.tar.bz2
(Stored with Git LFS)
Binary file not shown.
Loading…
Reference in New Issue
Block a user