------------------------------------------------------------------- Sat Sep 17 19:36:58 UTC 2011 - jengelh@medozas.de - Remove redundant tags/sections from specfile - Use %_smp_mflags for parallel build ------------------------------------------------------------------- Fri Sep 16 15:48:23 CEST 2011 - ug@suse.de - very first restart can create broken chroot (bnc#718441) ------------------------------------------------------------------- Mon Sep 5 11:41:49 CEST 2011 - ug@suse.de * fixed SSL in chroot environment (bnc#715881) ------------------------------------------------------------------- Mon Sep 5 10:19:34 CEST 2011 - ug@suse.de * Added a new include file with function typedefs for the DLZ "dlopen" driver. [RT #23629] * Added a tool able to generate malformed packets to allow testing of how named handles them. [RT #24096] * The root key is now provided in the file bind.keys allowing DNSSEC validation to be switched on at start up by adding "dnssec-validation auto;" to named.conf. If the root key provided has expired, named will log the expiration and validation will not work. More information and the most current copy of bind.keys can be found at http://www.isc.org/bind-keys. *Please note this feature was actually added in 9.8.0 but was not included in the 9.8.0 release notes. [RT #21727] * If named is configured with a response policy zone (RPZ) and a query of type RRSIG is received for a name configured for RRset replacement in that RPZ, it will trigger an INSIST and crash the server. RRSIG. [RT #24280] * named, set up to be a caching resolver, is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache the response. Due to an off-by-one error, caching the response could cause named to crash. [RT #24650] [CVE-2011-1910] * Using Response Policy Zone (RPZ) to query a wildcard CNAME label with QUERY type SIG/RRSIG, it can cause named to crash. Fix is query type independant. [RT #24715] * Using Response Policy Zone (RPZ) with DNAME records and querying the subdomain of that label can cause named to crash. Now logs that DNAME is not supported. [RT #24766] * Change #2912 populated the message section in replies to UPDATE requests, which some Windows clients wanted. This exposed a latent bug that allowed the response message to crash named. With this fix, change 2912 has been reduced to copy only the zone section to the reply. A more complete fix for the latent bug will be released later. [RT #24777] * many bugfixes (see CHANGELOG) * 9.8.1 ------------------------------------------------------------------- Wed Aug 31 09:36:54 UTC 2011 - rhafer@suse.de - Fixed the ldapdump tool to also respect the "uri" setting in /etc/openldap/ldap.conf (bnc#710430) ------------------------------------------------------------------- Tue Jul 5 15:24:10 CEST 2011 - ug@suse.de * Using Response Policy Zone (RPZ) with DNAME records and querying the subdomain of that label can cause named to crash. Now logs that DNAME is not supported. [RT #24766] * If named is configured to be both authoritative and resursive and receives a recursive query for a CNAME in a zone that it is authoritative for, if that CNAME also points to a zone the server is authoritative for, the recursive part of name will not follow the CNAME change and the response will not be a complete CNAME chain. [RT #24455] * Using Response Policy Zone (RPZ) to query a wildcard CNAME label with QUERY type SIG/RRSIG, it can cause named to crash. Fix is query type independant. [RT #24715] [CVE-2011-1907] * Change #2912 (see CHANGES) exposed a latent bug in the DNS message processing code that could allow certain UPDATE requests to crash named. This was fixed by disambiguating internal database representation vs DNS wire format data. [RT #24777] [CVE-2011-2464] * 9.8.0-P4 ------------------------------------------------------------------- Tue Jun 7 16:37:56 CEST 2011 - ug@suse.de - A large RRSET from a remote authoritative server that results in the recursive resolver trying to negatively cache the response can hit an off by one code error in named, resulting in named crashing. [RT #24650] [CVE-2011-1910] - Zones that have a DS record in the parent zone but are also listed in a DLV and won't validate without DLV could fail to validate. [RT #24631] ------------------------------------------------------------------- Mon May 23 19:55:15 UTC 2011 - crrodriguez@opensuse.org - Build with -DNO_VERSION_DATE to avoid timestamps in binaries. ------------------------------------------------------------------- Thu May 19 11:52:49 CEST 2011 - meissner@suse.de - buildreq update-desktop-files for newer rpms ------------------------------------------------------------------- Thu May 5 16:59:49 CEST 2011 - ug@suse.de - The ADB hash table stores informations about which authoritative servers to query about particular domains - BIND now supports a new zone type, static-stub - BIND now supports Response Policy Zones - BIND 9.8.0 now has DNS64 support - Dynamically Loadable Zones (DLZ) now support dynamic updates. - Added a "dlopen" DLZ driver, allowing the creation of external DLZ drivers that can be loaded as shared objects at runtime rather than having to be linked with named - named now retains GSS-TSIG keys across restarts - There is a new update-policy match type "external". - bugfixes - version to 9.8.0 ------------------------------------------------------------------- Thu Feb 24 11:14:09 CET 2011 - ug@suse.de - fixed security issue VUL-0: bind: IXFR or DDNS update combined with high query rate DoS vulnerability (CVE-2011-0414 bnc#674431) - version to 9.7.3 ------------------------------------------------------------------- Wed Jan 5 16:58:06 CET 2011 - meissner@suse.de - ifdef the sysvinit specific prereqs for openSUSE 11.4 and later ------------------------------------------------------------------- Thu Dec 9 15:21:15 UTC 2010 - mvyskocil@suse.cz - fix bnc#656509 - direct mount of /proc in chroot ------------------------------------------------------------------- Tue Dec 7 22:04:48 UTC 2010 - coolo@novell.com - prereq init scripts syslog and network ------------------------------------------------------------------- Thu Dec 2 17:38:44 CET 2010 - ug@suse.de - fixed VUL-0: bind: Key algorithm rollover bug bnc#657102, CVE-2010-3614 - fixed VUL-0: bind: allow-query processed incorrectly bnc#657120, CVE-2010-3615 - fixed VUL-0: bind: cache incorrectly allows a ncache entry and a rrsig for the same type bnc#657129, CVE-2010-3613 ------------------------------------------------------------------- Tue Nov 23 14:38:49 CET 2010 - ug@suse.de - fixed return code of "rcnamed status" - added gssapi support ------------------------------------------------------------------- Tue Oct 12 13:53:16 CEST 2010 - ug@suse.de - Zones may be dynamically added and removed with the "rndc addzone" and "rndc delzone" commands. These dynamically added zones are written to a per-view configuration file. Do not rely on the configuration file name nor contents as this will change in a future release. This is an experimental feature at this time. - Added new "filter-aaaa-on-v4" access control list to select which IPv4 clients have AAAA record filtering applied. - A new command "rndc secroots" was added to dump a combined summary of the currently managed keys combined with statically configured trust anchors. - Added support to load new keys into managed zones without signing immediately with "rndc loadkeys". Added support to link keys with "dnssec-keygen -S" and "dnssec-settime -S". - Documentation improvements - ORCHID prefixes were removed from the automatic empty zone list. - Improved handling of GSSAPI security contexts. Specifically, better memory management of cached contexts, limited lifetime of a context to 1 hour, and added a "realm" command to nsupdate to allow selection of a non-default realm name. - The contributed tool "ztk" was updated to version 1.0. - version 9.7.1 to 9.7.2-P2 ------------------------------------------------------------------- Mon Jul 26 15:33:02 CEST 2010 - ug@suse.de - chrooted bind failed to start (bnc#625019) ------------------------------------------------------------------- Mon Jun 21 12:43:15 CEST 2010 - ug@suse.de - genrandom: add support for the generation of multiple files. - Update empty-zones list to match draft-ietf-dnsop-default-local-zones-13. - Incrementally write the master file after performing a AXFR. - Add AAAA address for L.ROOT-SERVERS.NET. - around 50 bugs fixed (see CHANGELOG for details) - version 9.7.1 ------------------------------------------------------------------- Thu May 20 10:10:13 CEST 2010 - ug@suse.de - Handle broken DNSSEC trust chains better. [RT #15619] - Named could return SERVFAIL for negative responses from unsigned zones. [RT #21131 - version 9.7.0-P2 ------------------------------------------------------------------- Sat May 1 12:18:57 UTC 2010 - aj@suse.de - Handle /var/run on tmpfs. - do not use run_ldconfig. ------------------------------------------------------------------- Wed Feb 24 18:30:08 UTC 2010 - jengelh@medozas.de - Enable DLZ-LDAP (supersedes sdb_ldap) and add a patch ------------------------------------------------------------------- Wed Feb 17 12:27:56 CET 2010 - ug@suse.de - Fully automatic signing of zones by "named". - Simplified configuration of DNSSEC Lookaside Validation (DLV). - Simplified configuration of Dynamic DNS, using the "ddns-confgen" command line tool or the "local" update-policy option. (As a side effect, this also makes it easier to configure automatic zone re-signing.) - New named option "attach-cache" that allows multiple views to share a single cache. - DNS rebinding attack prevention. - New default values for dnssec-keygen parameters. - Support for RFC 5011 automated trust anchor maintenance - Smart signing: simplified tools for zone signing and key maintenance. - The "statistics-channels" option is now available on Windows. - A new DNSSEC-aware libdns API for use by non-BIND9 applications - On some platforms, named and other binaries can now print out a stack backtrace on assertion failure, to aid in debugging. - A "tools only" installation mode on Windows, which only installs dig, host, nslookup and nsupdate. - Improved PKCS#11 support, including Keyper support and explicit OpenSSL engine selection. - version 9.7.0 ------------------------------------------------------------------- Wed Jan 20 10:06:22 CET 2010 - ug@suse.de - [security] Do not attempt to validate or cache out-of-bailiwick data returned with a secure answer; it must be re-fetched from its original source and validated in that context. [RT #20819] - [security] Cached CNAME or DNAME RR could be returned to clients without DNSSEC validation. [RT #20737] - [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712] - version 9.6.1-P3 ------------------------------------------------------------------- Mon Jan 4 14:29:43 CET 2010 - ug@suse.de - removed the syntax check for include files (bnc#567593) ------------------------------------------------------------------- Tue Dec 15 20:01:44 CET 2009 - jengelh@medozas.de - add baselibs.conf as a source - enable parallel building - add baselibs for SPARC - package documentation as noarch ------------------------------------------------------------------- Wed Nov 25 09:44:13 CET 2009 - ug@suse.de - Security fix When validating, track whether pending data was from the additional section or not and only return it if validates as secure. [RT #20438] CVE-2009-4022 bnc#558260 - update from P1 to P2 ------------------------------------------------------------------- Fri Nov 20 10:08:50 CET 2009 - ug@suse.de - added localhost for ipv6 to default config (bnc#539529) ------------------------------------------------------------------- Wed Nov 18 10:43:10 CET 2009 - ug@suse.de - fixed apparmor profile (bnc#544181) ------------------------------------------------------------------- Tue Nov 3 19:09:08 UTC 2009 - coolo@novell.com - updated patches to apply with fuzz=0 ------------------------------------------------------------------- Wed Sep 30 15:44:32 CEST 2009 - ug@suse.de - using start_daemon instead of startproc (bnc#539532) ------------------------------------------------------------------- Mon Aug 10 15:30:23 CEST 2009 - ug@suse.de - version update to 9.6.1-P1 (security fix CVE-2009-0696) bnc#526185 ------------------------------------------------------------------- Tue Jun 30 12:49:37 CEST 2009 - ug@suse.de - enabled MySQL DLZ (Dynamically Loadable Zones) ------------------------------------------------------------------- Tue Jun 16 11:13:40 CEST 2009 - ug@suse.de - around 50 bugfixes against 9.6.0p1 See changelog for details - version 9.6.1 ------------------------------------------------------------------- Thu Apr 9 11:27:57 CEST 2009 - ug@suse.de - not all include files were copied into chroot (bnc#466800) ------------------------------------------------------------------- Tue Mar 3 11:08:59 CET 2009 - ug@suse.de - /etc/named.conf does not include /etc/named.d/forwarders.conf by default (bnc#480334) ------------------------------------------------------------------- Wed Feb 18 16:02:47 CET 2009 - ug@suse.de - mount /proc into chroot environment to support multi CPU systems (bnc#470828) ------------------------------------------------------------------- Wed Jan 28 10:53:30 CET 2009 - ug@suse.de - key names with spaces are allowed by genDDNSkey now (bnc#459739) - a missing /etc/named.conf.include could lead to an error while "restart" (bnc#455888) - version update to 9.6.0-P1 - Full NSEC3 support - Automatic zone re-signing - New update-policy methods tcp-self and 6to4-self - The BIND 8 resolver library, libbind, has been removed from the BIND 9 distribution ------------------------------------------------------------------- Wed Dec 10 12:34:56 CET 2008 - olh@suse.de - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293) ------------------------------------------------------------------- Wed Nov 26 09:53:06 CET 2008 - ug@suse.de - fix for removed /etc/named.d directory (bnc#448995) ------------------------------------------------------------------- Tue Nov 11 16:54:01 CET 2008 - ro@suse.de - SLE-11 uses PPC64 instead of PPC, adapt baselibs.conf ------------------------------------------------------------------- Thu Oct 30 12:34:56 CET 2008 - olh@suse.de - obsolete old -XXbit packages (bnc#437293) ------------------------------------------------------------------- Wed Oct 1 14:34:21 CEST 2008 - ug@suse.de - should start/stop fixed (bnc#430901) ------------------------------------------------------------------- Fri Sep 5 15:33:27 CEST 2008 - mrueckert@suse.de - delete the static libraries aswell - added missiong requires to the baselibs.conf ------------------------------------------------------------------- Mon Sep 1 14:49:33 CEST 2008 - sschober@suse.de - Create and copy /etc/named.conf.include to change root jail. Fix by Frank Hollmann. ------------------------------------------------------------------- Mon Aug 18 10:20:31 CEST 2008 - ug@suse.de - "should-stop" in lwresd init script fixed ------------------------------------------------------------------- Wed Aug 13 15:46:00 CEST 2008 - sschober@suse.de - Copy complete /etc/named.d to change root jail (bnc#408145). ------------------------------------------------------------------- Tue Aug 12 16:39:27 CEST 2008 - ug@suse.de - performance improvement over the P1 releases, namely + significantly remedying the port allocation issues + allowing TCP queries and zone transfers while issuing as many outstanding UDP queries as possible + additional security of port randomization at the same level as P1 - also includes fixes for several bugs in the 9.5.0 base code - 9.5.0-P2 ------------------------------------------------------------------- Sun Jul 27 11:51:38 CEST 2008 - aj@suse.de - Remove .la files, they only introduce more problems and require libxml2.la installation. ------------------------------------------------------------------- Wed Jul 16 12:50:46 CEST 2008 - ug@suse.de - BIND 9.5 offers many new features, including many behind-the-scenes improvements. For the most part, the non-visible features help ISC's customers who have run into the upper-end of what BIND 9.4 could handle. See CHANGES for details - Statistics Counters / server - Cache cleaning enhancements - GSS TSIG - DHCID Resource Record (RR) - Handling EDNS timeouts - version 9.5.0 ------------------------------------------------------------------- Mon Jun 9 14:18:10 CEST 2008 - ug@suse.de - VUL-0: spoofing made easier due to non-random UDP source port VU#800113 (bnc#396963) ------------------------------------------------------------------- Tue May 6 13:46:43 CEST 2008 - ug@suse.de - capset support fixed (bnc#386653) ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support ------------------------------------------------------------------- Tue Feb 26 16:51:13 CET 2008 - ug@suse.de - root.hint file updated (#361094) ------------------------------------------------------------------- Thu Dec 6 17:05:39 CET 2007 - ug@suse.de - version 9.4.2 (more than 50 bugs fixed. See changelog. for details) - root.hint file updated ------------------------------------------------------------------- Thu Jul 26 13:46:45 CEST 2007 - mt@suse.de - Bug #294403: updated to security release 9.4.1-P1 fixing: CVE-2007-2926: cryptographically weak query ids [RT #16915]. CVE-2007-2925: allow-query-cache/allow-recursion default acls not set [RT #16987], [RT #16960]. ------------------------------------------------------------------- Sat May 26 23:43:35 CEST 2007 - ro@suse.de - added ldconfig to postinstall script for bind-libs ------------------------------------------------------------------- Tue May 15 12:19:20 CEST 2007 - ug@suse.de - added apparmor profile ------------------------------------------------------------------- Wed May 2 10:30:56 CEST 2007 - ug@suse.de - version 9.4.1 - query_addsoa() was being called with a non zone db. [RT #16834] ------------------------------------------------------------------- Fri Mar 30 12:51:52 CEST 2007 - ug@suse.de - libidnkitres.la moved to bind-libs for runidn ------------------------------------------------------------------- Thu Mar 29 12:06:57 CEST 2007 - rguenther@suse.de - Package .la files in -devel subpackage. - Do not package useless .la files. - Make -devel package depend on -libs package, not -utils package. ------------------------------------------------------------------- Mon Mar 5 17:32:56 CET 2007 - ug@suse.de - SuSEFirewall service file added (#246920) fate #300687 ------------------------------------------------------------------- Tue Feb 27 14:53:22 CET 2007 - ug@suse.de - version 9.3.4 to 9.4.0 - too many changes to list them all here. Please see the CHANGELOG for details - LDAP backend dropped ------------------------------------------------------------------- Thu Jan 25 15:22:49 CET 2007 - ug@suse.de - Bug #238634 - [security] Serialise validation of type ANY responses. [RT #16555] - [security] It was possible to dereference a freed fetch context. [RT #16584] - version 9.3.3 to 9.3.4 ------------------------------------------------------------------- Fri Jan 19 10:38:46 CET 2007 - ug@suse.de - version 9.3.2 to 9.3.3 - lots of bugfixes (see changelog for details) ------------------------------------------------------------------- Tue Jan 2 15:50:59 CET 2007 - ug@suse.de - load of bind during boot fails if ip-up starts modify_resolvconf at the same time (#221948) ------------------------------------------------------------------- Fri Nov 10 12:07:56 CET 2006 - ug@suse.de - security fix (#218303) workarounds OpenSSL's recently discovered RSA signature verification issue (CVE-2006-4339) by using the exponent 65537 (0x10001) instead of the widely used 3. ------------------------------------------------------------------- Tue Oct 17 20:39:31 CEST 2006 - poeml@suse.de - there is no SuSEconfig.syslog script anymore, thus remove the YaST hint from the sysconfig template ------------------------------------------------------------------- Mon Oct 16 09:50:14 CEST 2006 - ug@suse.de - typo in sysconfig file fixed (#212337) ------------------------------------------------------------------- Fri Sep 1 14:58:28 CEST 2006 - ug@suse.de - security fix Bug #201424 VUL-0: bind: two denial-of-service attacks VU#697164 BIND INSIST failure due to excessive recursive queries VU#915404 BIND assertion failure during SIG query processing ------------------------------------------------------------------- Tue Aug 15 14:28:09 CEST 2006 - ug@suse.de - update messages removed ------------------------------------------------------------------- Fri Aug 4 13:48:56 CEST 2006 - ug@suse.de - moved the la files to bind-utils (#182448) ------------------------------------------------------------------- Thu Jul 6 12:11:11 CEST 2006 - ug@suse.de - fix for the nsupdate man page (#92730) thanx to Werner ------------------------------------------------------------------- Wed May 17 13:00:02 CEST 2006 - ug@suse.de - fix for ldapdump script (#175587) ------------------------------------------------------------------- Mon Mar 13 16:57:01 CET 2006 - ug@suse.de - typos fixed (#157611) ------------------------------------------------------------------- Wed Feb 8 14:59:58 CET 2006 - ug@suse.de - fixed #148527 a broken symlink in the chroot jail is in the way ------------------------------------------------------------------- Fri Jan 27 00:49:18 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Wed Jan 25 14:27:11 CET 2006 - ug@suse.de - fixed #145169 (follow symlinks during chroot jail creation) ------------------------------------------------------------------- Sat Jan 14 22:13:30 CET 2006 - schwab@suse.de - Don't remove sources. ------------------------------------------------------------------- Mon Jan 2 11:05:18 CET 2006 - ug@suse.de - version update from 9.3.1 to 9.3.2 ------------------------------------------------------------------- Mon Nov 21 12:16:32 CET 2005 - ug@suse.de - fixed an insecure tmp file bug in the named-bootconf.sh contrib script ------------------------------------------------------------------- Mon Sep 26 01:27:01 CEST 2005 - ro@suse.de - added LDAP_DEPRECATED to CFLAGS ------------------------------------------------------------------- Fri Jul 22 16:50:27 CEST 2005 - lmuelle@suse.de - Copy the right default file if /etc/sysconfig/named is missing while calling the lwresd init script; [#97187]. ------------------------------------------------------------------- Fri Jun 17 15:14:52 CEST 2005 - ug@suse.de - compilation with -fpie and -pie now which makes it harder to use exploits with fixed memory addresses. ------------------------------------------------------------------- Wed Apr 13 14:06:42 CEST 2005 - mls@suse.de - fix SLP registration ------------------------------------------------------------------- Fri Mar 25 18:29:09 CET 2005 - schwab@suse.de - Fix leak in lwres library [#74529]. ------------------------------------------------------------------- Fri Mar 11 18:28:37 CET 2005 - ug@suse.de - version update from 9.3.0 to 9.3.1 - fixed bug #72153 lwresd doesn't notice if name server is unreachable and times out ------------------------------------------------------------------- Fri Mar 11 16:41:26 CET 2005 - ug@suse.de - rndc dropped from the lwresd init script it conflicts with a running bind ------------------------------------------------------------------- Mon Mar 7 14:34:28 CET 2005 - ug@suse.de - lwresd init script "status" changed. rndc is not used anymore ------------------------------------------------------------------- Wed Feb 16 11:16:40 CET 2005 - ug@suse.de - lwresd name string changed (just beautify) ------------------------------------------------------------------- Fri Feb 4 11:23:14 CET 2005 - ug@suse.de - changed the "insserv" behaviour on updates - fixed empty lwresd.conf file in chroot env. ------------------------------------------------------------------- Thu Feb 3 17:48:21 CET 2005 - ug@suse.de - empty lwresd.conf file fix (Bug #49081) - lwresd is on by default now during boot ------------------------------------------------------------------- Fri Jan 21 14:46:24 CET 2005 - ug@suse.de - sdb-ldap activated (ldapdb.c version from 16.01.2005) - fixed security problem bug #49927 - remote denial-of-service An incorrect assumption in the validator (authvalidated) can result in a REQUIRE (internal consistancy) test failing and named exiting. ------------------------------------------------------------------- Tue Nov 30 11:39:04 CET 2004 - ug@suse.de - fixed #48659 "rclwresd status" answered with OKAY even if only bind was running "rcnamed status" answered with OKAY even if only lwresd was running ------------------------------------------------------------------- Fri Nov 19 14:41:32 CET 2004 - ug@suse.de - SLP support via /etc/slp.reg.d/bind.reg file added ------------------------------------------------------------------- Thu Nov 4 14:52:17 CET 2004 - ug@suse.de - version update to 9.3.0 - ldapdump script bug fixed (#44452) - dnssec-makekeyset and dnssec-signkey activated in Makefile of bin/dnssec/ ------------------------------------------------------------------- Wed Oct 13 14:30:07 CEST 2004 - lmuelle@suse.de - Add condrestart to the named init script and use same code as in skeleton to restart. - Enhance check if named or lwresd are still running if the init script is called with stop. ------------------------------------------------------------------- Mon Sep 27 17:03:38 CEST 2004 - lmuelle@suse.de - Update to version 9.2.4. - Use defines for named user and group settings. - Add PreReq groupadd and useradd to the chrootenv and lwresd package, [#46050]. - Ensure to remove temp sysconfig file in %post. - Remove warning from createNamedConfInclude script if a file is already included in /etc/named.conf as we take care of such include statements in the named init script anyway. - Remove NAMED_CONF_INCLUDE_FILES fillup from include statements of /etc/named.conf in the %post of the bind package by the same reason. ------------------------------------------------------------------- Sat Sep 18 18:29:40 CEST 2004 - lmuelle@suse.de - Add all filenames from include statements of named.conf to NAMED_CONF_INCLUDE_FILES in the named init script, [#40610]. ------------------------------------------------------------------- Thu Sep 16 12:16:14 CEST 2004 - lmuelle@suse.de - Add $remote_fs to Required-Start and Required-Stop of lwresd init script. - Add Provides: dns_daemon to the lwresd package. - Remove $time from Should-Start and Should-Stop, [#45433]. ------------------------------------------------------------------- Wed Sep 15 14:14:53 CEST 2004 - lmuelle@suse.de - Remove conflicts from bind and bind-lwrewsd package, [#45335]. - Use rndc in lwresd init script if rndc is available. ------------------------------------------------------------------- Thu Sep 9 17:02:25 CEST 2004 - lmuelle@suse.de - Create /etc/rndc.key if bind-lwresd is installed and we install bind-utils or if bind-utils is installed and we install bind-lwresd. - Use 0644 instead of 0640 for the named.conf file. - Split bind-doc from bind-utils. - Use one sysconfig file for lwresd and named. - Split common named and lwresd sysconfig settings from them unique to named. - Rename lwres to bind-lwresd and lwres-devel to bind-libs. - Ensure to create user and group 'named' in the %pre of bind-lwresd and bind-chrootenv. ------------------------------------------------------------------- Tue Sep 7 02:17:05 CEST 2004 - lmuelle@suse.de - Remove %run_ldconfig from %post of the bind package. - Move vendor files to an own tar ball. - Create new sub packages lwres, lwres-devel, and bind-chrootenv, [#44711]. - Use new update message mechanism, [#44344]. ------------------------------------------------------------------- Sun Jun 20 10:21:37 CEST 2004 - lmuelle@suse.de - Quote definition of NOM_PATH_FILE in configure.in. ------------------------------------------------------------------- Mon May 31 15:47:51 CEST 2004 - lmuelle@suse.de - Add BIND.desktop file for SuSEhelp. ------------------------------------------------------------------- Wed May 19 14:30:07 CEST 2004 - lmuelle@suse.de - Add -d, directroy option to genDDNSkey [#40786]. - Update ldapdump to version 1.1. This Version has better keyfile checks and throws an error message if a keyfile can't be found, instead of just barfing perl errors. ------------------------------------------------------------------- Wed May 12 12:43:37 CEST 2004 - lmuelle@suse.de - Update ldapdump; don't use .zone suffix for zone files. ------------------------------------------------------------------- Wed Apr 28 15:18:40 CEST 2004 - lmuelle@suse.de - Add /etc/openldap/schema/dnszone.schema to the bind-utils package. - Add /usr/share/bind/ldapdump to the bind package. - Add idnkit programs and libraries. - Add idn patches for dig, host, and nslookup. - Ensure to call functions initializeNamed, checkAndCopyConfigFiles, and namedCheckConf in the named init script only one time. Let namedCheckConf check the configuration inside the chroot. - Check all configuration files in named init script while called with probe. - Add NAMED_INITIALIZE_SCRIPTS to sysconfig.named. This allows to call arbitrary scripts before named is started, restarted, or reloaded. Therewith it's also possible to disable createNamedConfInclude entirely. - createNamedConfInclude always overwrite .SuSEconfig file [#33768]. - Rename SuSEconfig.named to createNamedConfInclude and move it to /usr/share/bind. ------------------------------------------------------------------- Sat Mar 13 21:06:48 CET 2004 - schwab@suse.de - Fix path to docs in sample named.conf. ------------------------------------------------------------------- Tue Feb 24 18:47:38 CET 2004 - poeml@suse.de - add genDDNSkey to bind-utils (formerly in dhcp-server package) - allow --keyfile and --keyname to be used with genDDNSkey, and allow using /dev/urandom to avoid blocking - in the init script, use rndc (if possible) in order to shut down, so named will flush pending changes to dynamical zones - when restarting named, make sure it is stopped before trying to start it again [#34937] - update root zone (dated Jan 29, 2004) ------------------------------------------------------------------- Thu Feb 12 09:32:30 CET 2004 - kukuk@suse.de - Fix group of named.conf.include in filelist - Build with -fno-strict-aliasing ------------------------------------------------------------------- Wed Oct 15 15:32:00 CEST 2003 - lmuelle@suse.de - update to version 9.2.3; includes the new zone type "delegation-only" to foil Verisign's sitefinder games - move root.hint to an extra source file, named.root - use /etc/named.d and /var/lib/named/master directory in the example configuration from the sample-config directory - supress superfluous warning in SuSEconfig.named if /etc/named.conf.include is empty - create /etc/rndc.key in the init script if it's missing - call namedCheckConf after checkAndCopyConfigFiles to allow us to start named after checkAndCopyConfigFiles fixed a problem - call SuSEconfig -module named not direct in the init script - add norootforbuild to the spec file - set owner of /etc/named.d and /etc/named.d/rndc-access.conf to root: - add additional x while testing strings in the init script - always include /etc/rndc.key in rndc-access.conf - remove absolet stdtime.diff - remove ip6rev.diff, as one part is included upstream and the other isn't possible any longer ------------------------------------------------------------------- Wed Oct 8 17:19:25 CEST 2003 - schwab@suse.de - Fix typo in last change. ------------------------------------------------------------------- Mon Sep 29 15:37:35 CEST 2003 - kukuk@suse.de - Create named.conf.include if it does not exist [Bug #31683] - Don't add rndc-access.conf at update [Bug #31696] ------------------------------------------------------------------- Fri Sep 19 13:01:53 CEST 2003 - kukuk@suse.de - Fix all useradd calls ------------------------------------------------------------------- Mon Sep 15 08:35:06 CEST 2003 - kukuk@suse.de - Fix Requires and Provides [Bug #30717] ------------------------------------------------------------------- Fri Aug 29 12:29:03 CEST 2003 - kukuk@suse.de - Call useradd with -r for system accounts [Bug #29611] ------------------------------------------------------------------- Thu Aug 28 20:06:46 CEST 2003 - lmuelle@suse.de - call sbin/SuSEconfig --module named and not directly the script in the %post section - check if rndc is accessible in the init script ------------------------------------------------------------------- Tue Aug 26 17:35:10 CEST 2003 - lmuelle@suse.de - add Config: syslog-ng to sysconfig.syslog-named ------------------------------------------------------------------- Sat Aug 23 01:29:39 CEST 2003 - lmuelle@suse.de - add NAMED_ARGS to sysconfig.named - use -r /dev/urandom while calling rndc-confgen in the post section ------------------------------------------------------------------- Thu Aug 21 16:46:12 CEST 2003 - lmuelle@suse.de - rename package from bind9 to bind - add stop_on_removal and restart_on_update macros to preun and postun section fix bug #29048 - add default /etc/named.d/rndc-access.conf - add SuSEconfig.named - add all included files to NAMED_CONF_INCLUDE_FILES of /etc/sysconfig/named while update if NAMED_CONF_INCLUDE_FILES is empty - add additional sysconfig meta data - remove -u from the copy in prepare_chroot() of the init script due to the rist of a wrong system time - unify init scripts; add one space at the end to all echos - document new features in the README.{SuSE,UnitedLinux} - fix bug #28585 ------------------------------------------------------------------- Mon May 26 15:52:42 CEST 2003 - lmuelle@suse.de - add -u to copy in prepare_chroot() of the init script, #25687 - fix output format in init script ------------------------------------------------------------------- Fri Apr 11 15:01:00 CEST 2003 - mludvig@suse.cz - Make nibble queries instead of bitstring ones for IPv6 addresses. - Differentiate between 6bone (3ffe::/16, .ip6.int) and other addresses (!3ffe::/16, ip6.arpa). ------------------------------------------------------------------- Wed Mar 12 13:58:35 CET 2003 - lmuelle@suse.de - fix try-restart part of init skript - set PATH to "/sbin:/usr/sbin:/bin:/usr/bin", #21295 ------------------------------------------------------------------- Mon Mar 10 18:40:40 CET 2003 - lmuelle@suse.de - remove %ghost from /var/lib/named/var/log ------------------------------------------------------------------- Mon Mar 10 18:03:36 CET 2003 - lmuelle@suse.de - add null logging for lame-servers to logging example in named.conf - fix file section - change /var/run/named to a sym link pointing to /var/lib/named/var/run/named, #24768 ------------------------------------------------------------------- Wed Mar 5 17:09:20 CET 2003 - lmuelle@suse.de - remove empty.zone due to possibility of CIDR addressing - remove rndc.conf; rndc also uses rndc.key, fix bug #17751 - create rndc.key with 512bit sized key in %post - remove %pre of utils package - create additional sub directories log, dyn and master in /var/lib/named - add a non active logging example to named.conf ------------------------------------------------------------------- Tue Mar 4 17:50:58 CET 2003 - lmuelle@suse.de - update to version 9.2.2; maintenance/ bugfix release ------------------------------------------------------------------- Sat Mar 1 17:41:47 CET 2003 - ro@suse.de - also create named user/group in utils preinstall ------------------------------------------------------------------- Thu Feb 27 23:53:01 CET 2003 - ro@suse.de - create named user/group in preinstall and install ------------------------------------------------------------------- Thu Feb 27 14:00:59 CET 2003 - lmuelle@suse.de - set /etc/named.conf to root:named and 0640 - add an example to additional info mail for dynamic updates - add more information to the README - add sysconfig file for chroot jail; default is yes - add chroot features to init script for start and reload ------------------------------------------------------------------- Mon Feb 24 16:56:17 CET 2003 - lmuelle@suse.de - add separate binaries to PreReq - add --localstatedir=/var to configure call - add and autocreate /etc/rndc.{conf,key} - move rndc binaries and man pages to utils package - fix %post in case of update - set ownership of /var/lib/named to root: - add a README - fix init script to return correspondig message to checkproc return code - remove umlauts from %post mail - add additional info mail about ownership of /var/lib/named if journal files are used ------------------------------------------------------------------- Mon Feb 17 22:48:21 CET 2003 - lmuelle@suse.de - update bind9 to version 9.2.1 - move /var/named to /var/lib/named - remove obsolete patches (bison, ltconfig_ppc64, manpages, security) ------------------------------------------------------------------- Wed Nov 13 01:43:18 CET 2002 - ro@suse.de - fix build with current bison (end all rules with ";") ------------------------------------------------------------------- Sat Sep 7 16:31:04 CEST 2002 - kukuk@suse.de - Fix running bind9 as user named [Bug #18417] ------------------------------------------------------------------- Mon Aug 19 15:22:43 CEST 2002 - ro@suse.de - added prereqs (#17807) ------------------------------------------------------------------- Mon Aug 19 12:50:37 CEST 2002 - okir@suse.de - Added patch to make named run as non-root user - added "-u named" option to init script invocation of named ------------------------------------------------------------------- Sun Jul 28 13:38:54 CEST 2002 - kukuk@suse.de - Remove yacc from neededforbuild ------------------------------------------------------------------- Sat Jul 27 18:17:13 CEST 2002 - adrian@suse.de - add %run_ldconfig ------------------------------------------------------------------- Mon Jul 22 09:57:32 CEST 2002 - kukuk@suse.de - Move .so symlinks to devel package - Move liblwres shared library to utils package - make lib64 clean ------------------------------------------------------------------- Wed Jul 10 22:29:04 CEST 2002 - olh@suse.de - hack ltconfig for ppc64 to build shared libs ------------------------------------------------------------------- Wed Jul 10 16:36:30 MEST 2002 - draht@suse.de - move /usr/bin/nsupdate to bindutil (#16944) ------------------------------------------------------------------- Mon Jun 3 10:59:07 CEST 2002 - okir@suse.de - Applied security fix for remote DoS (CERT VU#739123) ------------------------------------------------------------------- Fri Dec 14 17:55:36 CET 2001 - ro@suse.de - removed START_NAMED ------------------------------------------------------------------- Wed Sep 5 20:32:15 CEST 2001 - pthomas@suse.de - Fix incorrect .so references in lwres manpages. ------------------------------------------------------------------- Sun Aug 12 15:04:44 CEST 2001 - kukuk@suse.de - Fix path to perl interpreter ------------------------------------------------------------------- Wed Jul 4 09:06:38 CEST 2001 - bodammer@suse.de - Update to bind-9.1.3 (release) - Config-files moved away from bind-9.1.3.dif ------------------------------------------------------------------- Mon Jul 2 11:49:12 CEST 2001 - bodammer@suse.de - update to bind-9.1.3rc3 - "Implicit declaration of function time" in context.c fixed ------------------------------------------------------------------- Mon Jun 25 10:48:06 CEST 2001 - bodammer@suse.de - update to bind-9.1.3rc2 ------------------------------------------------------------------- Tue May 29 11:09:59 CEST 2001 - bodammer@suse.de - update to bind-9.1.3rc1 ------------------------------------------------------------------- Thu May 10 14:41:05 CEST 2001 - bodammer@suse.de - initscript fix: don't start bind in runlevel 2 [bug #7956] ------------------------------------------------------------------- Tue May 8 15:53:04 CEST 2001 - mfabian@suse.de - bzip2 sources ------------------------------------------------------------------- Tue May 8 10:03:00 CEST 2001 - bodammer@suse.de - install a new named.conf with comments ------------------------------------------------------------------- Mon May 7 13:38:25 CEST 2001 - bodammer@suse.de - update to bind-9.1.2 (release) ------------------------------------------------------------------- Tue Apr 24 12:18:01 CEST 2001 - bodammer@suse.de - little modification to named.conf ------------------------------------------------------------------- Thu Mar 29 13:21:29 CEST 2001 - bodammer@suse.de - update to bind-9.1.1 (release) ------------------------------------------------------------------- Tue Mar 27 10:50:55 CEST 2001 - bodammer@suse.de - update to bind-9.1.1rc7 ------------------------------------------------------------------- Fri Mar 23 10:39:53 CET 2001 - bodammer@suse.de - update to bind-9.1.1rc6 ------------------------------------------------------------------- Thu Mar 15 14:47:49 CET 2001 - bodammer@suse.de - update to bind-9.1.1rc5 - new initscript more LSB conform ------------------------------------------------------------------- Mon Mar 12 13:34:23 CET 2001 - bodammer@suse.de - update to bind-9.1.1rc4 ------------------------------------------------------------------- Tue Feb 27 17:05:04 CET 2001 - bodammer@suse.de - initscript fix: now checks for a running named ------------------------------------------------------------------- Tue Feb 27 09:18:09 CET 2001 - bodammer@suse.de - update to bind-9.1.1rc3 ------------------------------------------------------------------- Thu Feb 15 15:04:08 CET 2001 - sf@suse.de - added suse_update_config ------------------------------------------------------------------- Wed Feb 14 13:27:11 CET 2001 - bodammer@suse.de - update to bind-9.1.1rc2 ------------------------------------------------------------------- Mon Feb 12 18:04:03 CET 2001 - bodammer@suse.de - subpackages bind9-util and bind9-devel created ------------------------------------------------------------------- Thu Feb 8 12:08:50 CET 2001 - bodammer@suse.de - update to bind-9.1.1rc1 - missing headerfile included in stdtime.c ------------------------------------------------------------------- Thu Jan 18 09:40:33 CET 2001 - bodammer@suse.de - update to bind-9.1.0 ------------------------------------------------------------------- Tue Nov 28 19:01:37 CET 2000 - bodammer@suse.de - Fix location of rcscript ------------------------------------------------------------------- Thu Nov 23 23:46:02 CET 2000 - ro@suse.de - added insserv calls ------------------------------------------------------------------- Thu Nov 23 22:40:37 CET 2000 - bodammer@suse.de - rcscript update ------------------------------------------------------------------- Mon Nov 13 18:19:00 CET 2000 - bodammer@suse.de - update to bind-9.0.1 ------------------------------------------------------------------- Fri Oct 6 18:09:53 CEST 2000 - kukuk@suse.de - change group tag ------------------------------------------------------------------- Mon Sep 18 11:07:47 CEST 2000 - bodammer@suse.de - update to bind-9.0.0 ( first release version ) ------------------------------------------------------------------- Wed Aug 30 13:19:52 CEST 2000 - bodammer@suse.de - update to bind-9.0.0rc5 ------------------------------------------------------------------- Wed Aug 16 09:30:11 CEST 2000 - bodammer@suse.de - update to bind-9.0.0rc3 ------------------------------------------------------------------- Thu Aug 10 19:50:49 CEST 2000 - bodammer@suse.de - update to bind-9.0.0rc2 - nslookup renamed to nslookup9 ------------------------------------------------------------------- Thu Jul 13 09:53:58 CEST 2000 - bodammer@suse.de - update to bind-9.0.0rc1 (release candidate) ------------------------------------------------------------------- Mon Jul 3 23:10:21 CEST 2000 - bodammer@suse.de - update to bind-9.0.0b5 - host renamed to host9 ------------------------------------------------------------------- Fri Jun 16 10:55:41 CEST 2000 - bodammer@suse.de - update to bind-9.0.0b4 ------------------------------------------------------------------- Thu May 25 18:19:21 CEST 2000 - bodammer@suse.de - dig renamed to dig9 to avoid conflicts with dig from bindutil - libtool-fix added - option -f added to suse_update_config-macro ------------------------------------------------------------------- Wed May 24 10:10:43 CEST 2000 - bodammer@suse.de - update to bind-9.0.0b3 - configure option added to build shared libraries ------------------------------------------------------------------- Mon May 15 15:49:35 CEST 2000 - schwab@suse.de - Update config files. - Fix 64-bit bug. ------------------------------------------------------------------- Fri May 12 16:24:15 CEST 2000 - bodammer@suse.de - update to bind9-snap-20000510 ------------------------------------------------------------------- Tue May 2 09:44:15 CEST 2000 - bodammer@suse.de - update to bind9-snap-20000427a ------------------------------------------------------------------- Wed Apr 19 10:27:15 CEST 2000 - bodammer@suse.de - update to bind9-snap-20000414 ------------------------------------------------------------------- Tue Mar 28 19:03:17 CEST 2000 - bodammer@suse.de - update to bind-9.0.0b2 ------------------------------------------------------------------- Mon Feb 7 21:26:09 CET 2000 - bodammer@suse.de - first public beta version bind-9.0.0b1