From 31dd84489f3217565f87583acdb633b3b2e9cc785eb0f8c4c16fbaac672fdec3 Mon Sep 17 00:00:00 2001 From: Ana Guerrero Date: Sun, 25 Aug 2024 10:09:38 +0000 Subject: [PATCH] Accepting request 1195688 from network - Update to release 9.20.1 OBS-URL: https://build.opensuse.org/request/show/1195688 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=210 --- bind-9.20.0.tar.xz | 3 -- bind-9.20.0.tar.xz.asc | 16 --------- bind-9.20.1.tar.xz | 3 ++ bind-9.20.1.tar.xz.asc | 16 +++++++++ bind.changes | 81 ++++++++++++++++++++++++++++++++++++++++++ bind.spec | 2 +- 6 files changed, 101 insertions(+), 20 deletions(-) delete mode 100644 bind-9.20.0.tar.xz delete mode 100644 bind-9.20.0.tar.xz.asc create mode 100644 bind-9.20.1.tar.xz create mode 100644 bind-9.20.1.tar.xz.asc diff --git a/bind-9.20.0.tar.xz b/bind-9.20.0.tar.xz deleted file mode 100644 index 669dbef..0000000 --- a/bind-9.20.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cc580998017b51f273964058e8cb3aa5482bc785243dea71e5556ec565a13347 -size 5760416 diff --git a/bind-9.20.0.tar.xz.asc b/bind-9.20.0.tar.xz.asc deleted file mode 100644 index 9f46a95..0000000 --- a/bind-9.20.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmaNMyYACgkQUQpkKgbF -LOzwnBAAgICQ7MC0rkXZxD/8X3vatdpDZ4MkUvkhOR+J4kkKWBuSqZJQvuWA8XeS -/rycCHWFeUf3V9Wj6XbCPa1l4eV5rAnSVJtHHoDoK9Tt/1H6HCd0v2b270a9q1pU -ra5Jdi/ZP76iRYAAse8FpRymMcjEk/aXnnnOsCACOY8MNvxC83mmrciPJJxloEBy -9zGPGzkvnYTM1H/qSR0GrUsGLtzKPiXbvtsRo9jI3f8kL9Tdxw9IlmH0OY14L26L -QKgaFC4Sa3J2PmELLCORtvUEDeKi9FAG9+6ua3h7ork2n/cARmOhvmZ8FFgLlB1e -7GSWCMujw+h44vNJrz1w14Bm1sN3k9PgY34i7ter/WA6ZTFDIWyhQh5tHrbjsdyv -DTlE8EvVNIg4fYMCew57yedXqzWO6bavwFlsiPyjXyG9+k9xSeQEYuuLGismF3gQ -AGXPyUUAiqhnyQd1uCf8qK5sgkH39+g5TRFl5oSvZavOAr/GtzsNhAo5Ii5ia8qL -mUVESk+Jyl4/rKJAAMwWtdl8mk8RYx1BF0XAG/mnvC81HBcuiu5aRBa5N3p8Kg+W -cUMPOjDhXn90pxEcD1MSg6nH1P0sVVOYWaQvJ1FtzKUp7JKNJus0yjgQarF5VI/l -7VSUi36dGSlDyM4EvspS/KAnItErzA8Vn40R9x8qbmzjD1Ka5LU= -=wneo ------END PGP SIGNATURE----- diff --git a/bind-9.20.1.tar.xz b/bind-9.20.1.tar.xz new file mode 100644 index 0000000..44b278e --- /dev/null +++ b/bind-9.20.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fe6ddff74921410d33b62b5723ac23912e8d50138ef66d7a30dc2c421129aeb0 +size 5789604 diff --git a/bind-9.20.1.tar.xz.asc b/bind-9.20.1.tar.xz.asc new file mode 100644 index 0000000..08b79b5 --- /dev/null +++ b/bind-9.20.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE2ZzOr4eXRwFPA41jGC4jV5Ri76oFAma987IACgkQGC4jV5Ri +76r2Rg/9FnbrOwZrN4HWUeQ7ewyPq+ZaaHFZXXucXSwIXAkAAouW7lzhkMnUSSXV +SjUTOyLJAsFtVPrizR1yR9OrrnBIUniQfE/oB9WEiKTsVfA2FuoHyKWRiOrUQ2XP +8BjJD/hSbdQ7ByHENMcrjVpwK3r/QO+rroUgCIcV375hVfmcsYJI0pbxu2wEj5En +0nqTjObLv3AdnGj65+/I4xwkC/GhIGFhhW2SHQGpTldeajag/ODouu4KuZA5BrLi +whYkyTgC+rIQicF6EIyg8nGFDR28jUSPSGpSfYn/nMvtfU9Wl3Z4ug9TiMh5kdV3 +3b8MFJqvm0FYcCXgON1twLlO05XKlYLLU9+Y6CpWHTELTZRV01NPiUOEtLytMJTx +DDY7C8bgR7iTv2gwgdxQlOI4Kkee9uB4nqZ468hy9flC29SYW8YKX46i8W+vV6wj +BcoJBhKnJ/tSgF39gY2rCRU2jpRjw8oDMYpzBK6e0Ks4dtZYXvLto+aHQj8IS1Q4 +3Z2NhGowtqqeKfL6HGzmQHO8QLUgwgXUVELjO9ySiwxY7fMqbAK6CuP28dNlR0dU +HhU0cnd383YoeEX0ph5zGRyCOifPPOzBXT8y70OkcqEPbyD4y16pvg41db73NX3V +IOqEK7Bm5iPl4ygcFnGTfbG/VxVKnYiQBaBBuo33AeWLwtl6ugs= +=wNju +-----END PGP SIGNATURE----- diff --git a/bind.changes b/bind.changes index fea5750..36e7866 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,84 @@ +------------------------------------------------------------------- +Fri Aug 23 09:26:22 UTC 2024 - Jorik Cronenberg + +- Update to release 9.20.1 + New Features: + * Implement rndc retransfer -force. + * A new optional argument -force has been added to the command + rndc retransfer. When it is specified, named aborts the ongoing + zone transfer (if there is one) and starts a new transfer. + * dig now reports a missing QUESTION section for messages with + opcode QUERY. + * Query responses should contain the QUESTION section, with some + exceptions. dig was not reporting this. + + Feature Changes: + * Tighten max-recursion-queries and add max-query-restarts + configuration statement. + * There were cases when the max-recursion-queries quota was + ineffective. It was possible to craft zones that would cause a + resolver to waste resources by sending excessive queries while + attempting to resolve a name. This has been addressed by + correcting errors in the implementation of + max-recursion-queries and by reducing the default value from + 100 to 32. + * In addition, a new max-query-restarts configuration statement + has been added, which limits the number of times a recursive + server will follow CNAME or DNAME records before terminating + resolution. This was previously a hard-coded limit of 16 but is + now configurable with a default value of 11. + * ISC would like to thank Huayi Duan, Marco Bearzi, Jodok Vieli, + and Cagin Tanir from NetSec group, ETH Zurich for discovering + and notifying us about the issue. + * Allow shorter resolver-query-timeout configuration. + * The minimum allowed value of resolver-query-timeout was lowered + from its previous value of 10 000 milliseconds (which is still + the default) to 301 milliseconds. Note however that values of 1 + to 300 inclusive are interpreted as seconds before applying the + limit. A value of zero is interpreted as the default. + * Raise the log level of priming failures. + * When a priming query is complete, it was previously logged at + level DEBUG(1), regardless of success or failure. It is now + logged to NOTICE in the case of failure. + + Bug Fixes: + * Fix a crash caused by valid TSIG signatures with invalid time. + * An assertion failure was triggered when the TSIG had a valid + cryptographic signature but the time was invalid. This could + happen when the times between the primary and secondary servers + were not synchronised. The crash has now been fixed. + * Return SERVFAIL for a too long CNAME chain. + * When following long CNAME chains, named was returning NOERROR + (along with a partial answer) instead of SERVFAIL, if the chain + exceeded the maximum length. This has been fixed. + * Reconfigure catz member zones during named reconfiguration. + * During a reconfiguration, named wasn’t reconfiguring catalog + zones’ member zones. This has been fixed. + * Update key lifetime and metadata after dnssec-policy + reconfiguration. + * Adjust key state and timing metadata if dnssec-policy key + lifetime configuration is updated, so that it also affects + existing keys. + * Fix a crash during zone modification. + * Fix an assertion failure that could happen when an + authoritative zone was modified while the server was generating + an answer from that zone. + * Fix assertion failure when executing named-checkconf -v to + print its version. + * Fix generation of 6to4-self name expansion from IPv4 address. + * The period between the most significant nibble of the encoded + IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing, + resulting in the wrong name being checked. This has been fixed. + * dig +yaml was producing unexpected and/or invalid YAML. output. + * SVBC ALPN text parsing failed to reject zero-length ALPN. + * Fix false QNAME minimisation error being reported. + * Remove the false positive success resolving log message when + QNAME minimisation is in effect and the final result is an + NXDOMAIN. + * Fix --enable-tracing build on systems without dtrace. + * A missing util/dtrace.sh file prevented builds on systems + without the dtrace utility. This has been corrected. + ------------------------------------------------------------------- Wed Jul 24 09:03:08 UTC 2024 - Jorik Cronenberg diff --git a/bind.spec b/bind.spec index f2c74e8..553c59a 100644 --- a/bind.spec +++ b/bind.spec @@ -56,7 +56,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.20.0 +Version: 9.20.1 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0