Accepting request 1201972 from network

Update to release 9.20.2

OBS-URL: https://build.opensuse.org/request/show/1201972
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=211

bind-9.20.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fe6ddff74921410d33b62b5723ac23912e8d50138ef66d7a30dc2c421129aeb0
-size 5789604

bind-9.20.1.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE2ZzOr4eXRwFPA41jGC4jV5Ri76oFAma987IACgkQGC4jV5Ri
-76r2Rg/9FnbrOwZrN4HWUeQ7ewyPq+ZaaHFZXXucXSwIXAkAAouW7lzhkMnUSSXV
-SjUTOyLJAsFtVPrizR1yR9OrrnBIUniQfE/oB9WEiKTsVfA2FuoHyKWRiOrUQ2XP
-8BjJD/hSbdQ7ByHENMcrjVpwK3r/QO+rroUgCIcV375hVfmcsYJI0pbxu2wEj5En
-0nqTjObLv3AdnGj65+/I4xwkC/GhIGFhhW2SHQGpTldeajag/ODouu4KuZA5BrLi
-whYkyTgC+rIQicF6EIyg8nGFDR28jUSPSGpSfYn/nMvtfU9Wl3Z4ug9TiMh5kdV3
-3b8MFJqvm0FYcCXgON1twLlO05XKlYLLU9+Y6CpWHTELTZRV01NPiUOEtLytMJTx
-DDY7C8bgR7iTv2gwgdxQlOI4Kkee9uB4nqZ468hy9flC29SYW8YKX46i8W+vV6wj
-BcoJBhKnJ/tSgF39gY2rCRU2jpRjw8oDMYpzBK6e0Ks4dtZYXvLto+aHQj8IS1Q4
-3Z2NhGowtqqeKfL6HGzmQHO8QLUgwgXUVELjO9ySiwxY7fMqbAK6CuP28dNlR0dU
-HhU0cnd383YoeEX0ph5zGRyCOifPPOzBXT8y70OkcqEPbyD4y16pvg41db73NX3V
-IOqEK7Bm5iPl4ygcFnGTfbG/VxVKnYiQBaBBuo33AeWLwtl6ugs=
-=wNju
------END PGP SIGNATURE-----

bind-9.20.2.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a31dba2aaa1b371902dd0474eb3963f47b7ffed2bd9ece7da4834e23210d6067
+size 5865060

bind-9.20.2.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE2ZzOr4eXRwFPA41jGC4jV5Ri76oFAmbgCJsACgkQGC4jV5Ri
+76qSZxAAk5KO9HWrXNVyJyzlCm2Menw76TH1l1UlG+lb7FuCON7kQQxk08z+UwfK
+VCKBcErL0Fw8bIgcL6J8Z18cu0GBigPFIeUz8o+AlebbqRA/Jww2ww8/MnqhGuEJ
+arFZbjX3tJl9CnCwSYiKxJE0BM0mUuiqYMYbdSZf5ETQ7s+7fkzZcsb3gCnLJLLz
+SHtzavzxPGT3+DhXAnJFY8i8Lu9CsOcy6+MCYjQpXcOPG3IU73B9yj9ttBZuoErF
+gyH8MCfAWxmkKBv2fK2CB71qhoVyl8lulK1U+223Nmp8DQ/CCMvC6sGPcn/TIZlL
+ah8KKjW7p9AuVXFYWrXvNFG5nBs4HfZ1pyo22c3nAnG4Y99alPozq5SYJmQpVsRG
+/LOJNsjdLO9XKDq/lvyLs1d6wZjIZenPrzeAmLcN+Dtu1+KWT3inbXCrFKR9hffa
+bvG12KK4jVaO7nUHybOo/RXL5x0T1YYIL9JkMwVEnARC0K7txkR5ukRTKnM0dOqq
+i99JZdqpJEP+3Ormgvn+Z4WW+WT6+xhMG/F7B5TH1cIJKrz8O7rFyg+nZzLd4C8l
+8UivpXFwzl6MHots8aAcBrKZxOqBq6ncJXKsLqasWJLUYvmH8dQ3kgj6VenzMCVH
+yQJg+UMxCcbrekVE8zhIe61FAYpOJfWhk0kWEiq7H0smWnfe86Y=
+=p5Z3
+-----END PGP SIGNATURE-----

bind.changes

@@ -1,3 +1,83 @@
+-------------------------------------------------------------------
+Thu Sep 19 08:57:57 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to release 9.20.2
+  New Features:
+  * Support for Offline KSK implemented.
+  * Add a new configuration option offline-ksk to enable Offline
+    KSK key management. Signed Key Response (SKR) files created
+    with dnssec-ksr (or other programs) can now be imported into
+    named with the new rndc skr -import command. Rather than
+    creating new DNSKEY, CDS, and CDNSKEY records and generating
+    signatures covering these types, these records are loaded from
+    the currently active bundle from the imported SKR.
+  * The implementation is loosely based on
+    draft-icann-dnssec-keymgmt-01.txt.
+  * Print the full path of the working directory in startup log
+    messages.
+  * named now prints its initial working directory during startup,
+    and the changed working directory when loading or reloading its
+    configuration file, if it has a valid directory option defined.
+  * Support a restricted key tag range when generating new keys.
+  * When multiple signers are being used to sign a zone, it is
+    useful to be able to specify a restricted range of key tags to
+    be used by an operator to sign the zone. The range can be
+    specified with tag-range in dnssec-policy’s keys (for named and
+    dnssec-ksr) and with the new options dnssec-keyfromlabel -M and
+    dnssec-keygen -M.
+
+  Feature Changes:
+  * Exempt prefetches from the fetches-per-zone and
+    fetches-per-server quotas.
+  * Fetches generated automatically as a result of prefetch are now
+    exempt from the fetches-per-zone and fetches-per-server quotas.
+    This should help in maintaining the cache from which query
+    responses can be given.
+  * Follow the number of CPUs set by taskset/cpuset.
+  * Administrators may wish to constrain the set of cores that
+    named runs on via the taskset, cpuset, or numactl programs (or
+    equivalents on other OSes).
+  * If the admin has used taskset, named now automatically uses the
+    given number of CPUs rather than the system-wide count.
+
+  Bug Fixes:
+  * Delay the release of root privileges until after configuring
+    controls.
+  * Delay relinquishing root privileges until the control channel
+    has been configured, for the benefit of systems that require
+    root to use privileged port numbers. This mostly affects
+    systems without fine- grained privilege systems (i.e., other
+    than Linux).
+  * Fix a rare assertion failure when shutting down incoming
+    transfer.
+  * A very rare assertion failure could be triggered when the
+    incoming transfer was either forcefully shut down, or it
+    finished during the printing of the details about the
+    statistics channel. This has been fixed.
+  * Fix algorithm rollover bug when there are two keys with the
+    same keytag.
+  * If there was an algorithm rollover and two keys of different
+    algorithms shared the same keytags, there was the possibility
+    that the check of whether the key matched a specific state
+    could be performed against the wrong key. This has been fixed
+    by not only checking for the matching key tag but also the key
+    algorithm.
+  * Fix an assertion failure in validate_dnskey_dsset_done().
+  * Under rare circumstances, named could terminate unexpectedly
+    when validating a DNSKEY resource record if the validation had
+    been canceled in the meantime. This has been fixed.
+
+  Known Issues:
+  * Long-running tasks in offloaded threads (e.g. the loading of
+    RPZ zones or processing zone transfers) may block the
+    resolution of queries during these operations and cause the
+    queries to time out. To work around the issue, the
+    UV_THREADPOOL_SIZE environment variable can be set to a larger
+    value before starting named. The recommended value is the
+    number of RPZ zones (or number of transfers) plus the number of
+    threads BIND should use, which is typically the number of CPUs.
+
+
 -------------------------------------------------------------------
 Fri Aug 23 09:26:22 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
 

bind.spec

@@ -56,7 +56,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.20.1
+Version:        9.20.2
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0