pool/bind
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
..
compare: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

9 Commits
slfo-1.2 ... slfo-main

Author SHA256 Message Date
AutoGits PR Review Bot
17610e933e Merge commit '89c42ea3bb40cb2dd621c9099028590d0e4ac3906cc1be7eeabd9b7118acbc2e' into slfo-main 2026-01-28 01:37:25 +01:00
Ana Guerrero
89c42ea3bb Accepting request 1328514 from network 
- Upgrade to release 9.20.18
  (CVE-2025-13878)
  [bsc#1256997]

OBS-URL: https://build.opensuse.org/request/show/1328514
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=226
 2026-01-22 14:12:19 +00:00
Ana Guerrero
6fea36da26 Accepting request 1328116 from network 
- Remove packaging support for releases prior to SLES 15 SP4/Leap 15.4.
  - The builds have dependencies that are no longer met by these older
    releases.
- Fix Sphinx processing of documentation on SLES/Leap 15.

OBS-URL: https://build.opensuse.org/request/show/1328116
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=225
 2026-01-21 13:11:10 +00:00
Jorik Cronenberg
a91f43ebe7 Merge branch 'factory' into slfo-main 2025-11-26 16:22:27 +01:00
Ana Guerrero
bacd1752c7 Accepting request 1313051 from network 
- Upgrade to release 9.20.15
  [CVE-2025-8677, bsc#1252378]
  [CVE-2025-40778, bsc#1252379]
  [CVE-2025-40780, bsc#1252380]

OBS-URL: https://build.opensuse.org/request/show/1313051
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=224
 2025-10-23 16:31:35 +00:00
Ana Guerrero
2d9e3ed24f Accepting request 1304066 from network 
- Upgrade to release 9.20.13
  New Features:
  * Add a new option `manual-mode` to dnssec-policy.
  * Add a new option `servfail-until-ready` to response-policy
    zones.
  * Support for parsing HHIT and BRID records has been added.
  Removed Features:
  * Deprecate the `tkey-gssapi-credential` statement.
  * Obsolete the `tkey-domain` statement.
  Bug Fixes:
  * Prevent spurious SERVFAILs for certain 0-TTL resource records.
  * Fix unexpected termination if catalog-zones had undefined
    `default-primaries`.

OBS-URL: https://build.opensuse.org/request/show/1304066
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=223
 2025-09-12 19:09:04 +00:00
Ana Guerrero
bfa4772131 Accepting request 1300729 from network 
- Upgrade to release 9.20.12
  New Features:
  * Support for parsing DSYNC records has been added.
  Feature Changes:
  * Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS
    digest type 1.
  Bug Fixes:
  * Stale RRsets in a CNAME chain were not always refreshed.
  * Add RPZ extended DNS error for zones with a CNAME override
    policy configured.
  * Fix dig +keepopen option.
  * Log dropped or slipped responses in the query-errors category.
  * Fix synth-from-dnssec not working in some scenarios.
  * Clean enough memory when adding new ADB names/entries under
    memory pressure.
  * Prevent spurious validation failures.

OBS-URL: https://build.opensuse.org/request/show/1300729
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=222
 2025-08-22 15:46:54 +00:00
Ana Guerrero
6e7d2efcdb Accepting request 1294176 from network 
- Upgrade to release 9.20.11
  Security Fixes:
  * Fix a possible assertion failure when
    stale-answer-client-timeout is set to 0. In specific
    circumstances the named resolver process could exit with an
    assertion failure when stale answers were enabled and the
    stale-answer-client-timeout configuration option was set to 0.
    (CVE-2025-40777)
    [bsc#1246548]
  New Features:
  * Add support for the CO flag to dig.
  Bug Fixes:
  * Correct the default interface-interval from 60s to 60m.
  * Fix a purge-keys bug when using multiple views of a zone.
  * Use IPv6 queries in delv +ns.

OBS-URL: https://build.opensuse.org/request/show/1294176
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=221
 2025-07-18 13:57:39 +00:00
OBS User buildservice-autocommit
46c05310fc Updating link to change in openSUSE:Factory/bind revision 221 
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=a5caf20515f529078b9af27372ae9eaf
 2025-07-18 13:57:39 +00:00
2 changed files with 67 additions and 116 deletions
Expand all files Collapse all files

58
bind.changes
View File

@@ -1,9 +1,9 @@
-------------------------------------------------------------------
Wed Jan 21 13:56:49 UTC 2026 - Jorik Cronenberg <jorik.cronenberg@suse.com>
Wed Jan 21 13:03:10 UTC 2026 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Upgrade to release 9.20.18
Security Fixes:
* Fix incorrect length checks for BRID and HHIT records.
* Fix incorrect length checks for BRID and HHIT records.
(CVE-2025-13878)
[bsc#1256997]
@@ -41,7 +41,15 @@ Wed Jan 21 13:56:49 UTC 2026 - Jorik Cronenberg <jorik.cronenberg@suse.com>
* Skip buffer allocations if not logging.
-------------------------------------------------------------------
Wed Oct 22 14:27:45 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
Wed Dec 17 00:30:28 UTC 2025 - Jeff Mahoney <jeffm@suse.com>
- Remove packaging support for releases prior to SLES 15 SP4/Leap 15.4.
- The builds have dependencies that are no longer met by these older
releases.
- Fix Sphinx processing of documentation on SLES/Leap 15.
-------------------------------------------------------------------
Wed Oct 22 14:14:38 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Upgrade to release 9.20.15
Security Fixes:
@@ -54,28 +62,44 @@ Wed Oct 22 14:27:45 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
New Features:
* Add dnssec-policy keys configuration check to named-checkconf.
* Add a new option `manual-mode` to dnssec-policy.
* Add a new option `servfail-until-ready` to response-policy
zones.
* Support for parsing HHIT and BRID records has been added.
* Support for parsing DSYNC records has been added.
Removed Features:
* Deprecate the `tkey-gssapi-credential` statement.
* Obsolete the `tkey-domain` statement.
Feature Changes:
* Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS
digest type 1.
Bug Fixes:
* Missing DNSSEC information when CD bit is set in query.
* rndc sign during ZSK rollover will now replace signatures.
* Use signer name when disabling DNSSEC algorithms.
* Preserve cache when reload fails and reload the server again.
-------------------------------------------------------------------
Thu Sep 11 09:17:09 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Upgrade to release 9.20.13
New Features:
* Add a new option `manual-mode` to dnssec-policy.
* Add a new option `servfail-until-ready` to response-policy
zones.
* Support for parsing HHIT and BRID records has been added.
Removed Features:
* Deprecate the `tkey-gssapi-credential` statement.
* Obsolete the `tkey-domain` statement.
Bug Fixes:
* Prevent spurious SERVFAILs for certain 0-TTL resource records.
* Fix unexpected termination if catalog-zones had undefined
`default-primaries`.
-------------------------------------------------------------------
Thu Aug 21 08:57:20 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Upgrade to release 9.20.12
New Features:
* Support for parsing DSYNC records has been added.
Feature Changes:
* Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS
digest type 1.
Bug Fixes:
* Stale RRsets in a CNAME chain were not always refreshed.
* Add RPZ extended DNS error for zones with a CNAME override
policy configured.
@@ -85,8 +109,6 @@ Wed Oct 22 14:27:45 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
* Clean enough memory when adding new ADB names/entries under
memory pressure.
* Prevent spurious validation failures.
* Ensure file descriptors 0-2 are in use before using libuv
[bsc#1230649]
-------------------------------------------------------------------
Tue Jul 15 13:56:33 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>

125
bind.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package bind
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2026 SUSE LLC and contributors
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
#
# All modifications and additions to the file contributed by third parties
@@ -30,34 +30,9 @@
# end DLZ modules
%define VENDOR SUSE
%if 0%{?suse_version} >= 1500
%define with_systemd 1
%else
%define with_systemd 0
# Defines for user and group add
%define NAMED_UID 44
%define NAMED_UID_NAME named
%define NAMED_GID 44
%define NAMED_GID_NAME named
%define NAMED_COMMENT Name server daemon
%define NAMED_HOMEDIR %{_localstatedir}/lib/named
%define NAMED_SHELL /bin/false
%define GROUPADD_NAMED getent group %{NAMED_GID_NAME} >/dev/null || %{_sbindir}/groupadd -g %{NAMED_GID} -o -r %{NAMED_GID_NAME}
%define USERADD_NAMED getent passwd %{NAMED_UID_NAME} >/dev/null || %{_sbindir}/useradd -r -o -g %{NAMED_GID_NAME} -u %{NAMED_UID} -s %{NAMED_SHELL} -c "%{NAMED_COMMENT}" -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME}
%define USERMOD_NAMED getent passwd %{NAMED_UID_NAME} >/dev/null || %{_sbindir}/usermod -s %{NAMED_SHELL} -d %{NAMED_HOMEDIR} %{NAMED_UID_NAME}
%endif
%if 0%{?suse_version} < 1315
%define with_sfw2 1
%else
%define with_sfw2 0
%endif
%define dlz_modules_hash 5923650
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: bind
Version: 9.20.18
Release: 0
@@ -107,13 +82,8 @@ Provides: bind9 = %{version}
Provides: dns_daemon
Obsoletes: bind8 < %{version}
Obsoletes: bind9 < %{version}
%if %{with_systemd}
BuildRequires: sysuser-tools
%sysusers_requires
%else
Requires(post): %insserv_prereq
Requires(pre): shadow
%endif
%description
Berkeley Internet Name Domain (BIND) is an implementation of the Domain
@@ -252,8 +222,22 @@ for file in docu/README* config/{README,named.conf} sysconfig/named-named; do
done
popd
%if 0%{?sle_version} >= 150000 && 0%{?sle_version} <= 150400
# the Administration Reference Manual doesn't build with Leap/SLES due to an way too old Sphinx package
%if 0%{?suse_version} == 1500
# Sphinx in SLE15 doesn't allow :option:`+option` or :option:`cmd +option` so we
# replace it with :code:
sed -i -E 's#:option:(`[^`]*)\+([[:alnum:]_-]+)#:code:\1\+\2#g' bin/delv/delv.rst bin/dig/dig.rst bin/tools/mdig.rst doc/notes/notes-9.20.0.rst
# Liberal use of :any: confuses the version of Sphinx in SLES/Leap 15. Converting it to :code:
# will at least make it readable.
awk '
/^\.\. namedconf:statement::/ { in_stmt=1; print; next }
in_stmt && /^[^[:space:]]/ && $0 !~ /^$/ { in_stmt=0 }
in_stmt && /^[[:space:]]/ {
$0 = gensub(/:any:`([^`]+)`/, ":code:`\\1`", "g")
}
{ print }
' doc/arm/reference.rst > doc/arm/reference.rst.new && mv doc/arm/reference.rst.new doc/arm/reference.rst
# the Administration Reference Manual doesn't build with Leap/SLES 15 due to an way too old Sphinx package
# that is missing sphinx.util.docutils.ReferenceRole.
# patch68 disables this extension, and here, we're removing the :gl: tags in the notes
sed -i 's|:gl:||g' doc/notes/notes*.rst
@@ -286,9 +270,7 @@ export LDFLAGS="-pie"
--enable-fixed-rrset \
--enable-filter-aaaa \
--enable-dnstap \
%if %{with_systemd}
--with-systemd \
%endif
%if %{with check}
--enable-querytrace \
%endif
@@ -303,9 +285,7 @@ sed -i '
for d in arm; do
make -C doc/${d} SPHINXBUILD=sphinx-build doc
done
%if %{with_systemd}
%sysusers_generate_pre %{SOURCE72} named named.conf
%endif
# special build for the plugins
for d in dlz-modules-%{dlz_modules_hash}/modules/*; do
[ -e $d/Makefile ] && make -C $d
@@ -330,9 +310,6 @@ mkdir -p \
%{buildroot}/%{_rundir} \
%{buildroot}%{_includedir}/bind/dns \
%{buildroot}%{_libexecdir}/bind
%if %{with_sfw2}
mkdir -p %{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%endif
%make_install
# remove useless .h files
rm -rf %{buildroot}%{_includedir}
@@ -369,23 +346,16 @@ mv vendor-files/config/bind.reg %{buildroot}/%{_sysconfdir}/slp.reg.d
%endif
mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d
%if %{with_systemd}
for file in named; do
install -D -m 0644 vendor-files/system/${file}.service %{buildroot}%{_unitdir}/${file}.service
sed -e "s,@LIBEXECDIR@,%{_libexecdir},g" -i %{buildroot}%{_unitdir}/${file}.service
install -m 0755 vendor-files/system/${file}.prep %{buildroot}%{_libexecdir}/bind/${file}.prep
ln -s /sbin/service %{buildroot}%{_sbindir}/rc${file}
done
install -D -m 0644 %{SOURCE70} %{buildroot}%{_prefix}/lib/tmpfiles.d/bind.conf
install -D -m 0644 %{_sourcedir}/named.root %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/root.hint
install -m 0644 vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named
install -d -m 0755 %{buildroot}/%{_unitdir}/named.service.d
%else
for file in named; do
install -m 0754 vendor-files/init/${file} %{buildroot}%{_initddir}/${file}
ln -sf %{_initddir}/${file} %{buildroot}%{_sbindir}/rc${file}
done
%endif
for file in named; do
install -D -m 0644 vendor-files/system/${file}.service %{buildroot}%{_unitdir}/${file}.service
sed -e "s,@LIBEXECDIR@,%{_libexecdir},g" -i %{buildroot}%{_unitdir}/${file}.service
install -m 0755 vendor-files/system/${file}.prep %{buildroot}%{_libexecdir}/bind/${file}.prep
ln -s /sbin/service %{buildroot}%{_sbindir}/rc${file}
done
install -D -m 0644 %{SOURCE70} %{buildroot}%{_prefix}/lib/tmpfiles.d/bind.conf
install -D -m 0644 %{_sourcedir}/named.root %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/root.hint
install -m 0644 vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named
install -d -m 0755 %{buildroot}/%{_unitdir}/named.service.d
install -m 0644 %{_sourcedir}/named.root %{buildroot}%{_localstatedir}/lib/named/root.hint
mv vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_localstatedir}/lib/named
install -m 0755 vendor-files/tools/bind.genDDNSkey %{buildroot}/%{_bindir}/genDDNSkey
@@ -396,9 +366,6 @@ find %{buildroot}/%{_libdir} -type f -name '*.so*' -exec chmod 0755 {} +
for file in named-named; do
install -m 0644 vendor-files/sysconfig/${file} %{buildroot}%{_fillupdir}/sysconfig.${file}
done
%if %{with_sfw2}
install -m 644 vendor-files/sysconfig/SuSEFirewall.named %{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/bind
%endif
%if ! %{with check}
# Cleanup doc
rm doc/misc/Makefile*
@@ -424,24 +391,13 @@ done
# ---------------------------------------------------------------------------
# remove useless Makefiles and Makefile skeletons
find %{buildroot}/%{_defaultdocdir}/bind \( -name Makefile -o -name Makefile.in \) -exec rm {} +
%if %{with_systemd}
mkdir -p %{buildroot}%{_sysusersdir}
install -m 644 %{SOURCE72} %{buildroot}%{_sysusersdir}/
%endif
find %{buildroot}/usr/share/doc/packages/bind -name cfg_test* -exec rm {} \;
rm -rf %{buildroot}/usr/share/doc/packages/bind/misc/.libs
%if %{with_systemd}
%pre -f named.pre
%service_add_pre named.service
%else
%pre
%{GROUPADD_NAMED}
%{USERADD_NAMED}
# Might be an update.
%{USERMOD_NAMED}
%endif
%if %{with check}
%check
@@ -450,35 +406,15 @@ make test
%endif
%preun
%if %{with_systemd}
%service_del_preun named.service
%else
%stop_on_removal named
%endif
%post
%if %{with_systemd}
%{fillup_only -nsa named named}
%service_add_post named.service
%tmpfiles_create bind.conf
%else
%{fillup_and_insserv -nf named}
if [ -x %{_bindir}/systemctl ]; then
# make sure systemctl knows about the service
# Without this, systemctl status named would return
# Unit named.service could not be found.
# until systemctl daemon-reload has been executed
%{_bindir}/systemctl daemon-reload || :
fi
%endif
%postun
%if %{with_systemd}
%service_del_postun named.service
%else
%restart_on_update named
%insserv_cleanup
%endif
%post -n bind-utils -p /sbin/ldconfig
%postun -n bind-utils -p /sbin/ldconfig
@@ -490,18 +426,11 @@ fi
%dir %{_sysconfdir}/slp.reg.d
%attr(0644,root,root) %config /%{_sysconfdir}/slp.reg.d/bind.reg
%endif
%if %{with_systemd}
%{_unitdir}/named.service
%dir %{_unitdir}/named.service.d
%{_prefix}/lib/tmpfiles.d/bind.conf
%{_sysusersdir}/named.conf
%{_datadir}/factory
%else
%config /%{_sysconfdir}/init.d/named
%endif
%if %{with_sfw2}
%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/bind
%endif
%dir %{_sysconfdir}/crypto-policies
%dir %{_sysconfdir}/crypto-policies/back-ends
%{_bindir}/named-rrchecker