Accepting request 1236154 from network

- Add new dlz-modules source - Update to release 9.20.4 OBS-URL: https://build.opensuse.org/request/show/1236154 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=214
2025-01-12 10:10:14 +00:00 · 2025-01-12 10:10:14 +00:00 · 2130d9891b
commit 2130d9891b
parent 9c47788739
10 changed files with 147 additions and 32 deletions
--- a/15
+++ b/15
@ -0,0 +1,15 @@
+<services>
+  <service name="obs_scm" mode="manual">
+    <param name="scm">git</param>
+    <param name="url">https://gitlab.isc.org/isc-projects/dlz-modules.git</param>
+    <param name="revision">main</param>
+    <param name="versionformat">%h</param>
+    <param name="filename">dlz-modules</param>
+    <param name="package-meta">yes</param>
+  </service>
+  <service name="tar" mode="buildtime"/>
+  <service name="recompress" mode="buildtime">
+    <param name="file">*.tar</param>
+    <param name="compression">gz</param>
+  </service>
+</services>
--- a/bind-9.20.3.tar.xz
+++ b/bind-9.20.3.tar.xz
--- a/bind-9.20.3.tar.xz.asc
+++ b/bind-9.20.3.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmcFmzcACgkQUQpkKgbF
-LOy7HA//bEjc3SPdNiCQgodOj4w+7o4hmcnbxb7HWJcmV1kNlwHFB9ZzoQzVdFGI
-C9/+O3WMjk8EeLUYyip+ZMU6KEb55DwqSGX+TNPl+UiVZmIfCEmZ657KXhflcPjc
-xYEg2XzL8u2MuKLglEB8FK23zdki13bre/GcdfqMtHowZiln60KaPYR1VeS28m14
-4p4VzDfLSq2vrlzpLiT7KlSds2mHDfWWxXDNwFIPZ5vlvtLyzbozRQ9X8p1wseO7
-3jjUPMGNNcx0EYZQ88KbTtv2eLxrYK8NRU4M47iXpP5/AYAzsq1gD+7mYNxLeIv+
-hbL5X7hxLl5OMNU47tHM/xgRcrGppeDSeKEihr/+1Z9JPL3Zq+oS6XwlzH1KmxQ6
-6mi6Z1SgAQNlfrFC11fxSokS7C/lWIOmXKa19tdHbsAw/kU9Onk6gh1D4BVTbKfJ
-dbEl7/rJB14Er9+C6N3DB28HwgtlDC+ZLX79OqY9GN67LWHUkbGoKB7REkVQ0vMq
-JzU9L+R+8sJQXvgqj/Ei9KRA08QxdetTTtigA75yGzyn2HWgDl1CTfFIYCEDZr9T
-AJdim31gFlqIq1M8OwcynsthZswlFFwvHDpKuS9/AqXVaK1KSkpYfb+8gLl/l+bA
-dcMFEckN7J60Qhqx/BAyBk/6vZ3F6FBmotKMctq9rpvCf1coM/E=
-=vNN/
-----END PGP SIGNATURE-----
--- a/bind-9.20.4.tar.xz
+++ b/bind-9.20.4.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3a8e1a05e00e3e9bc02bdffded7862faf7726ba76ba997f42ab487777bd8210b
+size 5620536
--- a/bind-9.20.4.tar.xz.asc
+++ b/bind-9.20.4.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE2ZzOr4eXRwFPA41jGC4jV5Ri76oFAmdW77UACgkQGC4jV5Ri
+76pE3BAAxOXpxdb0MRWRDBIA4rMw8oscMy9e76h4B8MGsn25SEa7nJ5lFgp29HZ0
+vVZQu6dTd7chGHEi97wZjbsgvu2wwVQOANRpA349UY+UqPtXZOJi1d9OMNxZqJnU
+UZcNr9jCX+CvEfmmsIfMuOdL1rDJcD2qaeXVmFmwYiQdmG80RURqOXnSDhftSCYd
+o1mYryg+Sgyhlg8vo9RvVAPTwak9agnauDzaOXHhLvJYsmow40l6MSG70glep5Qs
+s9ekveQlXX8I/6IDSLtOk+BQVnn0EKL5GTa4/xq/skYDFZQ4id53/XG8yXmnAGK7
+gWbgr8Dh0P2h8caNP8nSDSiog1pFdIo9+W0pHWNICTKGbC2xP+oumUaPjK+XK4vI
+dvVpSTOYB/tHXl4SBq4Day4Sfa0DAhtPkKAkfK+g3L4QJrZLbjLpYLZCZv5vnr3a
+QE0fwrUiguElgWLs1Qx9yI09AYDSfCVwAsiS8GdgwvqJ0LM7kYVyR6AkSdHZTt/X
+/dQMRBK1Hx4HaGeX8/8EeXyFyiOp8ds36jJM+lYkVVe3AV1q2xa4+X7YJvI7XmmG
+QeqZ4KR3pxxBaoFcWlTXLqRJZZSy4yjaBxO5aQvErJ1wlY5FMbgqB9jdw9FOQj6w
+voFX+yyb7HfO2hAr7NEfNcDNJNWSh7BS3ZZk3EZR3fkVEEnrn8=
+=xbdk
+-----END PGP SIGNATURE-----
--- a/bind.changes
+++ b/bind.changes
@ -1,3 +1,89 @@
+-------------------------------------------------------------------
+Thu Dec 12 12:38:04 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Add new dlz-modules source
+- Update to release 9.20.4
+  New Features:
+  * Update built-in bind.keys file with the new 2025 IANA root key.
+  * Add an initial-ds entry to bind.keys for the new root key, ID
+    38696, which is scheduled for publication in January 2025.
+
+  Removed Features:
+  * Move contributed DLZ modules into a separate repository. DLZ
+    modules should not be used except in testing.
+  * The DLZ modules were not maintained, the DLZ interface itself
+    is going to be scheduled for removal, and the DLZ interface is
+    blocking. Any module that blocks the query to the database
+    blocks the whole server.
+  * The DLZ modules now live in
+    https://gitlab.isc.org/isc-projects/dlz-modules repository.
+
+  Feature Changes:
+  * dnssec-ksr now supports KSK rollovers.
+  * The tool now allows for KSK generation, as well as planned KSK
+    rollovers. When signing a bundle from a Key Signing Request
+    (KSR), only the key that is active in that time frame is used
+    for signing. Also, the CDS and CDNSKEY records are now added
+    and removed at the correct time.
+  * Print RFC 7314: EXPIRE option in transfer summary.
+  * Emit more helpful log messages for exceeding
+    max-records-per-type.
+  * The new log message is emitted when adding or updating an RRset
+    fails due to exceeding the max-records-per-type limit. The log
+    includes the owner name and type, corresponding zone name, and
+    the limit value. It will be emitted on loading a zone file,
+    inbound zone transfer (both AXFR and IXFR), handling a DDNS
+    update, or updating a cache DB. It’s especially helpful in the
+    case of zone transfer, since the secondary side doesn’t have
+    direct access to the offending zone data.
+  * It could also be used for max-types-per-name, but this change
+    doesn’t implement it yet as it’s much less likely to happen in
+    practice.
+  * Harden key management when key files have become unavailable.
+  * Prior to doing key management, BIND 9 will check if the key
+    files on disk match the expected keys. If key files for
+    previously observed keys have become unavailable, this will
+    prevent the internal key manager from running.
+
+  Bug Fixes:
+  * Use TLS for notifies if configured to do so.
+  * Notifies configured to use TLS will now be sent over TLS,
+    instead of plain text UDP or TCP. Also, failing to load the TLS
+    configuration for notify now results in an error.
+  * {&dns} is as valid as {?dns} in a SVCB’s dohpath.
+  * dig failed to parse a valid SVCB record with a dohpath URI
+    template containing a {&dns}, like
+    dohpath=/some/path?key=value{&dns}”.
+  * Fix NSEC3 closest encloser lookup for names with empty
+    non-terminals.
+  * A previous performance optimization for finding the NSEC3
+    closest encloser when generating authoritative responses could
+    cause servers to return incorrect NSEC3 records in some cases.
+    This has been fixed.
+  * recursive-clients statement with value 0 triggered an assertion
+    failure.
+  * BIND 9.20.0 broke recursive-clients 0;. This has now been
+    fixed.
+  * Parsing of hostnames in rndc.conf was broken.
+  * When DSCP support was removed, parsing of hostnames in
+    rndc.conf was accidentally broken, resulting in an assertion
+    failure. This has been fixed.
+  * dig options of the form [+-]option=<value> failed to display
+    the value on the printed command line. This has been fixed.
+  * Provide more visibility into TLS configuration errors by
+    logging SSL_CTX_use_certificate_chain_file() and
+    SSL_CTX_use_PrivateKey_file() errors individually.
+  * Fix a race condition when canceling ADB find which could cause
+    an assertion failure.
+  * SERVFAIL cache memory cleaning is now more aggressive; it no
+    longer consumes a lot of memory if the server encounters many
+    SERVFAILs at once.
+  * Fix trying the next primary XoT server when the previous one
+    was marked as unreachable.
+  * In some cases named failed to try the next primary server in
+    the primaries list when the previous one was marked as
+    unreachable. This has been fixed.
+
 -------------------------------------------------------------------
 Thu Dec 12 09:54:08 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>

--- a/bind.spec
+++ b/bind.spec
@ -1,7 +1,7 @@
 #
 # spec file for package bind
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 # Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
@ -52,12 +52,14 @@
 %define with_sfw2 0
 %endif

+%define dlz_modules_hash 5923650
+
 #Compat macro for new _fillupdir macro introduced in Nov 2017
 %if ! %{defined _fillupdir}
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.20.3
+Version:        9.20.4
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0
@ -68,6 +70,7 @@ Source1:        https://downloads.isc.org/isc/bind9/%{version}/bind-%{version}.t
 Source2:        vendor-files.tar.bz2
 # from http://www.isc.org/about/openpgp/ ... changes yearly apparently.
 Source3:        %{name}.keyring
+Source4:        dlz-modules-%{dlz_modules_hash}.tar.gz
 Source9:        https://www.internic.net/domain/named.root
 Source40:       dnszone-schema.txt
 Source60:       dlz-schema.txt
@ -232,6 +235,7 @@ possible string of labels in the query name that matches the wildcard.

 %prep
 %autosetup -p1 -a2
+%setup -T -D -a4

 # use the year from source gzip header instead of current one to make reproducible rpms
 year=$(perl -e 'sysread(STDIN, $h, 8); print (1900+(gmtime(unpack("l",substr($h,4))))[5])' < %{SOURCE0})
@ -308,8 +312,8 @@ done
 %sysusers_generate_pre %{SOURCE72} named named.conf
 %endif
 # special build for the plugins
-for d in contrib/dlz/modules/*; do
-	[ -e $d/Makefile ] && make -C $d
+for d in dlz-modules-%{dlz_modules_hash}/modules/*; do
+       [ -e $d/Makefile ] && make -C $d
 done

 %install
@ -340,25 +344,28 @@ rm -rf %{buildroot}%{_includedir}

 # Install the plugins
 mkdir -p %{buildroot}/%{_libdir}/bind-plugins
+pushd dlz-modules-%{dlz_modules_hash}/modules
 %if %{with_modules_perl}
-    install -m 0644 contrib/dlz/modules/perl/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 perl/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
 %if %{with_modules_mysql}
-    install -m 0644 contrib/dlz/modules/mysql/*.so %{buildroot}/%{_libdir}/bind-plugins
-    install -m 0644 contrib/dlz/modules/mysqldyn/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 mysql/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 mysqldyn/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
 %if %{with_modules_ldap}
-    install -m 0644 contrib/dlz/modules/ldap/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 ldap/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
 %if %{with_modules_bdbhpt}
-    install -m 0644 contrib/dlz/modules/bdbhpt/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 bdbhpt/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
 %if %{with_modules_sqlite3}
-    install -m 0644 contrib/dlz/modules/sqlite3/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 sqlite3/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
 %if %{with_modules_generic}
-    install -m 0644 contrib/dlz/modules/{filesystem,wildcard}/*.so %{buildroot}/%{_libdir}/bind-plugins
+    install -m 0644 {filesystem,wildcard}/*.so %{buildroot}/%{_libdir}/bind-plugins
 %endif
+popd
+
 # remove useless .la files
 rm -f %{buildroot}/%{_libdir}/lib*.{la,a} %{buildroot}/%{_libdir}/bind/*.la
 mv vendor-files/config/named.conf %{buildroot}/%{_sysconfdir}
--- a/dlz-modules-5923650.obscpio
+++ b/dlz-modules-5923650.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4c5e9ce87c314852fc1844bd930ac3ba2d5ed80e3a52cfcc0b58443d0ac98d5a
+size 478731
--- a/dlz-modules.obsinfo
+++ b/dlz-modules.obsinfo
@ -0,0 +1,4 @@
+name: dlz-modules
+version: 5923650
+mtime: 1731483151
+commit: 5923650dbb69eac5006938218d0bc11ad9b41696
--- a/named.root
+++ b/named.root
@ -9,8 +9,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ;
-;       last update:     November 20, 2024
-;       related version of root zone:     2024112001
+;       last update:     December 18, 2024
+;       related version of root zone:     2024121801
 ; 
 ; FORMERLY NS.INTERNIC.NET 
 ;