Accepting request 1189415 from network
Update to new major version 9.20.0 OBS-URL: https://build.opensuse.org/request/show/1189415 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=209
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
parent
3a8d291da8
commit
988973e7e6
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ea3f3d8cfa2f6ae78c8722751d008f54bc17a3aed2be3f7399eb7bf5f4cda8f1
|
||||
size 5524000
|
||||
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmY6DEcACgkQUQpkKgbF
|
||||
LOwbQQ/7B3netZ0er8j5iMfTsalXKrgdTafhwN5SEQdZuxWKFBiuGZmydiDUqr9i
|
||||
YMyAhpsf3+uHGtvn5NeDkp2J+RDwZW5qqv+o+cjTVso0VbrzRmnhkSXagV1++10i
|
||||
rZtHNGp4cFXU6nSXczsWSPhE51vKCvMxqA0xPONRpnczto8yw+GYhgaoCeOdO0Y9
|
||||
k+ZoeUgVyEK4KGg60RvxqEchA7T883BZD9zUCr1/E9DwTqUAe22CfQ6j6IXIq5Cl
|
||||
cFYqgy1AcG+YvVFhwaA0PPBW+b+RevXW7FRILQ/oELwyjZrMjS+3Z0uATPy7AjL+
|
||||
Zkh22BPsAQebSsUAbX6p59I8XyxzdxJwMXSC/jYaIhknFLvC4v6L3QlGOpY7DviD
|
||||
v03n6a2n0PdXdm1WzbG8S+hcVNrlzXqaYT4HAFjrBpTWvvRP3+JXel7OLSRDDuyQ
|
||||
J5Y6nZiMLnhAmN2QfqM5vFXHgEACN8zHC1vYoPdmMScWFiW1d48Q4RKvY1oVmSJZ
|
||||
c/4ZCqZMOZXbe+6gvYO8xJXBTveX/inS4no05JNork2s7gkr/hcGk2NDly8+yTIx
|
||||
STdiOHtcKyuv0YV1yfY5WFN9i0nHQsbrcpsmWVNyX/zqle3Qjg4d4zBhqUryDDX6
|
||||
XaIE7cWt26h98U4Hzx1Iq9jhnlqERUY+AX+8w1q2zZ2VjXKcNV8=
|
||||
=YjPE
|
||||
-----END PGP SIGNATURE-----
|
||||
BIN
bind-9.20.0.tar.xz
(Stored with Git LFS)
Normal file
BIN
bind-9.20.0.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
bind-9.20.0.tar.xz.asc
Normal file
16
bind-9.20.0.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmaNMyYACgkQUQpkKgbF
|
||||
LOzwnBAAgICQ7MC0rkXZxD/8X3vatdpDZ4MkUvkhOR+J4kkKWBuSqZJQvuWA8XeS
|
||||
/rycCHWFeUf3V9Wj6XbCPa1l4eV5rAnSVJtHHoDoK9Tt/1H6HCd0v2b270a9q1pU
|
||||
ra5Jdi/ZP76iRYAAse8FpRymMcjEk/aXnnnOsCACOY8MNvxC83mmrciPJJxloEBy
|
||||
9zGPGzkvnYTM1H/qSR0GrUsGLtzKPiXbvtsRo9jI3f8kL9Tdxw9IlmH0OY14L26L
|
||||
QKgaFC4Sa3J2PmELLCORtvUEDeKi9FAG9+6ua3h7ork2n/cARmOhvmZ8FFgLlB1e
|
||||
7GSWCMujw+h44vNJrz1w14Bm1sN3k9PgY34i7ter/WA6ZTFDIWyhQh5tHrbjsdyv
|
||||
DTlE8EvVNIg4fYMCew57yedXqzWO6bavwFlsiPyjXyG9+k9xSeQEYuuLGismF3gQ
|
||||
AGXPyUUAiqhnyQd1uCf8qK5sgkH39+g5TRFl5oSvZavOAr/GtzsNhAo5Ii5ia8qL
|
||||
mUVESk+Jyl4/rKJAAMwWtdl8mk8RYx1BF0XAG/mnvC81HBcuiu5aRBa5N3p8Kg+W
|
||||
cUMPOjDhXn90pxEcD1MSg6nH1P0sVVOYWaQvJ1FtzKUp7JKNJus0yjgQarF5VI/l
|
||||
7VSUi36dGSlDyM4EvspS/KAnItErzA8Vn40R9x8qbmzjD1Ka5LU=
|
||||
=wneo
|
||||
-----END PGP SIGNATURE-----
|
||||
61
bind.changes
61
bind.changes
@ -1,3 +1,64 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 24 09:03:08 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
- Update to new major version 9.20.0
|
||||
For a complete list of all changes see:
|
||||
* https://bind9.readthedocs.io/en/v9.20.0/notes.html
|
||||
* The CHANGES file in the source RPM
|
||||
|
||||
Some noteworthy changes:
|
||||
* Added new BuildRequires liburcu for lock free data structures.
|
||||
* A new DNSSEC tool dnssec-ksr has been added to create Key
|
||||
Signing Request (KSR) and Signed Key Response (SKR) files.
|
||||
* /etc/bind.keys and /var/lib/named/named.root.key have been
|
||||
removed as the correct defaults are pre-compiled and there is
|
||||
no need to configure bind.keys manually.
|
||||
* The functions that were in the libbind9 shared library have
|
||||
been moved to the libisc and libisccfg libraries. The now-empty
|
||||
libbind9 has been removed and is no longer installed.
|
||||
* The irs_resconf module has been moved to the libdns shared
|
||||
library. The now-empty libirs library has been removed and is
|
||||
no longer installed.
|
||||
|
||||
Security Fixes:
|
||||
* A malicious DNS client that sent many queries over TCP but
|
||||
never read the responses could cause a server to respond slowly
|
||||
or not at all for other clients. This has been fixed.
|
||||
(CVE-2024-0760)
|
||||
[bsc#1228255]
|
||||
* It is possible to craft excessively large resource records
|
||||
sets, which have the effect of slowing down database
|
||||
processing. This has been addressed by adding a configurable
|
||||
limit to the number of records that can be stored per name and
|
||||
type in a cache or zone database. The default is 100, which can
|
||||
be tuned with the new max-records-per-type option.
|
||||
* It is possible to craft excessively large numbers of resource
|
||||
record types for a given owner name, which has the effect of
|
||||
slowing down database processing. This has been addressed by
|
||||
adding a configurable limit to the number of records that can
|
||||
be stored per name and type in a cache or zone database. The
|
||||
default is 100, which can be tuned with the new
|
||||
max-types-per-name option. (CVE-2024-1737)
|
||||
[bsc#1228256]
|
||||
* Validating DNS messages signed using the SIG(0) protocol (RFC
|
||||
2931) could cause excessive CPU load, leading to a
|
||||
denial-of-service condition. Support for SIG(0) message
|
||||
validation was removed from this version of named.
|
||||
(CVE-2024-1975)
|
||||
[bsc#1228257]
|
||||
* Due to a logic error, lookups that triggered serving stale data
|
||||
and required lookups in local authoritative zone data could
|
||||
have resulted in an assertion failure. This has been fixed.
|
||||
* Potential data races were found in our DoH implementation,
|
||||
related to HTTP/2 session object management and endpoints set
|
||||
object management after reconfiguration. These issues have been
|
||||
fixed.
|
||||
* When looking up the NS records of parent zones as part of
|
||||
looking up DS records, it was possible for named to trigger an
|
||||
assertion failure if serve-stale was enabled. This has been
|
||||
fixed. (CVE-2024-4076)
|
||||
[bsc#1228258]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 17 16:05:37 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
|
||||
|
||||
|
||||
13
bind.spec
13
bind.spec
@ -56,7 +56,7 @@
|
||||
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
||||
%endif
|
||||
Name: bind
|
||||
Version: 9.18.27
|
||||
Version: 9.20.0
|
||||
Release: 0
|
||||
Summary: Domain Name System (DNS) Server (named)
|
||||
License: MPL-2.0
|
||||
@ -92,6 +92,7 @@ BuildRequires: pkgconfig(krb5)
|
||||
BuildRequires: pkgconfig(libidn2)
|
||||
BuildRequires: pkgconfig(libmaxminddb)
|
||||
BuildRequires: pkgconfig(libnghttp2)
|
||||
BuildRequires: pkgconfig(liburcu)
|
||||
BuildRequires: pkgconfig(libuv)
|
||||
BuildRequires: pkgconfig(libxml-2.0)
|
||||
Requires: %{name}-utils
|
||||
@ -375,7 +376,6 @@ mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d
|
||||
install -D -m 0644 %{SOURCE70} %{buildroot}%{_prefix}/lib/tmpfiles.d/bind.conf
|
||||
install -D -m 0644 %{_sourcedir}/named.root %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/root.hint
|
||||
install -m 0644 vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named
|
||||
install -m 0644 bind.keys %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/named.root.key
|
||||
install -d -m 0755 %{buildroot}/%{_unitdir}/named.service.d
|
||||
%else
|
||||
for file in named; do
|
||||
@ -422,7 +422,6 @@ done
|
||||
# ---------------------------------------------------------------------------
|
||||
# remove useless Makefiles and Makefile skeletons
|
||||
find %{buildroot}/%{_defaultdocdir}/bind \( -name Makefile -o -name Makefile.in \) -exec rm {} +
|
||||
install -m 0644 bind.keys %{buildroot}%{_localstatedir}/lib/named/named.root.key
|
||||
%if %{with_systemd}
|
||||
mkdir -p %{buildroot}%{_sysusersdir}
|
||||
install -m 644 %{SOURCE72} %{buildroot}%{_sysusersdir}/
|
||||
@ -532,7 +531,6 @@ fi
|
||||
%config %{_var}/lib/named/root.hint
|
||||
%config %{_var}/lib/named/127.0.0.zone
|
||||
%config %{_var}/lib/named/localhost.zone
|
||||
%config %{_var}/lib/named/named.root.key
|
||||
%dir %{_libexecdir}/bind
|
||||
%{_libexecdir}/bind/named.prep
|
||||
%dir %{_libdir}/bind-plugins
|
||||
@ -571,7 +569,6 @@ fi
|
||||
%files utils
|
||||
%dir %{_sysconfdir}/named.d
|
||||
%config(noreplace) %{_sysconfdir}/named.d/rndc-access.conf
|
||||
%config(noreplace) %{_sysconfdir}/bind.keys
|
||||
%dir %{_sysconfdir}/openldap
|
||||
%dir %{_sysconfdir}/openldap/schema
|
||||
%attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/dnszone.schema
|
||||
@ -594,20 +591,17 @@ fi
|
||||
%{_bindir}/dnssec-verify
|
||||
%{_bindir}/dnssec-cds
|
||||
%{_bindir}/dnstap-read
|
||||
%{_bindir}/dnssec-ksr
|
||||
%{_sbindir}/ddns-confgen
|
||||
%{_sbindir}/rndc
|
||||
%{_sbindir}/rndc-confgen
|
||||
%{_sbindir}/tsig-keygen
|
||||
%{_libdir}/libbind9-%{version}.so
|
||||
%{_libdir}/libdns-%{version}.so
|
||||
%{_libdir}/libirs-%{version}.so
|
||||
%{_libdir}/libisc-%{version}.so
|
||||
%{_libdir}/libisccc-%{version}.so
|
||||
%{_libdir}/libisccfg-%{version}.so
|
||||
%{_libdir}/libns-%{version}.so
|
||||
%{_libdir}/libbind9.so
|
||||
%{_libdir}/libdns.so
|
||||
%{_libdir}/libirs.so
|
||||
%{_libdir}/libisc.so
|
||||
%{_libdir}/libisccc.so
|
||||
%{_libdir}/libisccfg.so
|
||||
@ -634,6 +628,7 @@ fi
|
||||
%{_mandir}/man1/named-journalprint.1%{ext_man}
|
||||
%{_mandir}/man1/nsec3hash.1%{ext_man}
|
||||
%{_mandir}/man1/dnstap-read.1%{ext_man}
|
||||
%{_mandir}/man1/dnssec-ksr.1.gz
|
||||
%{_mandir}/man5/rndc.conf.5%{ext_man}
|
||||
%{_mandir}/man8/ddns-confgen.8%{ext_man}
|
||||
%{_mandir}/man8/rndc.8%{ext_man}
|
||||
|
||||
BIN
vendor-files.tar.bz2
(Stored with Git LFS)
BIN
vendor-files.tar.bz2
(Stored with Git LFS)
Binary file not shown.
Loading…
Reference in New Issue
Block a user