Accepting request 435127 from home:adamm:branches:server:dns

- fix tmpfiles-nsd.conf to point to /run instead of /var/run
- add nsd-rpmlintrc to not display some bogus errors
- put log files into /var/log/nsd/
- put sample config in documentation directory
- update to 4.1.13
  - FEATURES
    - multi-master-check: yes can be used to check all masters for
      the last version, using the higher version from the
      configured masters
    - Support RR type OPENPGPKEY from RFC 7929.
    - Can config key algorithms with the digest name, eg. 'sha256'.
    - configure --disable-radix-tree for about 15% lower memory
      usage.
    - for type SRV add A/AAAA to the additional section (if
      possible), just like we already do for type MX.
    - more extensible edns option handling.
    - When tcp is more than half full, use short timeout for tcp
      session.
    - Patch for {max,min}-{refresh,retry}-time
    - Fix #790: size-limit-xfr can stop NSD from downloading
      infinite zone transfer data size, from Toshifumi Sakaguchi.
      Fixes CVE-2016-6173f
  - BUGFIXES
    - Fix compile warnings about unused result from write and
      strtol. and signcompare in minmax retrytime.
    - Fix #812: fix that make depend fails after distribution.
    - Fix #817: xfrd update failed loop.
    - Add robustness against unallocated data in nsec3 trees.
    - Fix README spelling error of BSD license
    - Fix multimaster for not tried full zone transfer for a

OBS-URL: https://build.opensuse.org/request/show/435127
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=27
This commit is contained in:
Marcus Rückert 2016-10-19 10:36:57 +00:00 committed by Git OBS Bridge
parent e0e23724fb
commit b9ec3da843
8 changed files with 101 additions and 35 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3a757014046752a0b0b11c1a2e22a36bb796f89f6939147ed3226556b4298727
size 1075892

View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXX/YJAAoJEJ9vHC1+BF+N4FsP/1P5FHe23x2USPNSgjRMfb+G
dPr8xkngUzZ5NPAH3LjQmPODV5FyWDCCRPB0LQzjiDZm4rVq1z+o4oGxjOxfWBwl
KZwWhxyoIfLBs3/Sz3PZ+jaOFWrIuYyOXeBXHc8vH6jfpvBd/ZtmMz3m9rK1M4WE
TAHY9Y8R10AJbSLD9A+DGcrN87zT8z5s9DnI2utgTRS+0VJNr5daXVLI9IqAYRx1
pe1sZs+1tLtu/KFW6ytkCuHoAuGnN0Y8eBYxde7kMGy0fDiRSk3Hwr3hDIsq83nR
LgWNCofTq7GKLzag/4ULDzkctkOwAjGvvID3/rBBp0nZFex4uJ2p7XVqgVNNPIbh
EXGDpz6K6M3QEqeetW8/9MJ1vAunTzqRp1phqY2+CYrSRKzSPKsl5Zi/gK4i74q4
cg7KBiJAtm6x/Encf7WHIS0fuuKg0++cz0Jo+EEUmja0QJhFeI1ncIDF+7KEP9lN
M0E6p59u6xr1h46teOC5n5HGmmt1TkEW4MSr0WvvBDJHC7rogLYrESwwcw/jGAin
ZCMzPuKosE9hLEbWgSgy/IyfXSaU3JvgUN/J4HIRZt0h3okPnrS2McwdYx5sjRqr
hkahA2tYGVinNj7n5HHYio6rUQirR7YrpaBqkiNmaW/PU0klYvV1cUQKl+vAL7s3
xjrIAUNsLb24cSJbjGGf
=E4/n
-----END PGP SIGNATURE-----

3
nsd-4.1.13.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c45cd4ba2101a027e133b2be44db9378e27602e05f09a5ef25019e1ae45291af
size 1085701

16
nsd-4.1.13.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJX6ieOAAoJEJ9vHC1+BF+N0fwQALDKHw6BmJ4NcPSoPDIurzEC
4y3oOdUMXZN1/0qw7UUh3/0y4eQkmRd6MRqlkU9DdJAaZGFy119GVj5b5aaxG/hT
Qs3wgh6F5KCJyL64+EYAwtvViLRzFCM5QCpWCOPZUjvCEhj3C1wLNjEodmBX76iR
L5kcbW1RwBUgyVv+H1DS92vsB3gNz27vncw+7ZxDKflr0KxYjR6Xw8lGBFmZb/O+
uaVWvFRhQzw5dvC5ldorb9mKpPekAuFACaH0X+3SUFHRTagzBSnMCg8bBKqLz+nX
KgA7D4DOKYFMWN/g+wlsf14LDmhbxfNnAHg6gyrG9CjkP8T0VPdDreIDlZSfC6v3
4zq5Fau6cDCvat65OhCHMSenRI0rpryAXeKA3+2NnCQFaqg8kvq/UdZDq6HT/+bM
TTnGuJp8qoOu0piuTI1IHiHqfwY0jSIwQWUn5ofesWNjn5TDGIEx1NQ6ROsr03tx
lJnW02h7A8OO8oREvgv1u5XX1IbUPTwyyf0STspxCTQxUKkVSjXa6pmEjhnZiAIB
qZIX7YhAlSO3XS5BI701cPvRbc+Y71VayN8ZBhtUFx7rrjU9ZSTFTx4UuQ8xEP37
+Lob8QtPFZeI6lsCmTCZ//ILMgbyQsbgsSz/4bcnJB9CA21sPTSpEGJMeyOpWVsL
lHotrAEv8pqgPeWFXObg
=goPn
-----END PGP SIGNATURE-----

22
nsd-rpmlintrc Normal file
View File

@ -0,0 +1,22 @@
# failed check. chroot immediately follows chdir
addFilter("W: missing-call-to-chdir-with-chroot /usr/sbin/nsd")
# We create our group/user
addFilter("W: non-standard-uid /var/lib/nsd/nsd.db nsd")
addFilter("W: non-standard-uid /var/log/nsd nsd")
addFilter("W: non-standard-uid /var/log/nsd/nsd.log nsd")
addFilter("W: non-standard-uid /var/lib/nsd/xfrd.state nsd")
addFilter("W: non-standard-uid /var/lib/nsd nsd")
addFilter("W: non-standard-uid /var/lib/nsd/ixfr.db nsd")
addFilter("W: non-standard-gid /var/lib/nsd/nsd.db nsd")
addFilter("W: non-standard-gid /var/log/nsd nsd")
addFilter("W: non-standard-gid /etc/nsd nsd")
addFilter("W: non-standard-gid /var/log/nsd/nsd.log nsd")
addFilter("W: non-standard-gid /etc/nsd/nsd.conf.sample nsd")
addFilter("W: non-standard-gid /etc/nsd/nsd.conf nsd")
addFilter("W: non-standard-gid /var/lib/nsd/xfrd.state nsd")
addFilter("W: non-standard-gid /var/lib/nsd nsd")
addFilter("W: non-standard-gid /var/lib/nsd/ixfr.db nsd")
addFilter("W: non-standard-gid /run/nsd nsd")
addFilter("W: non-standard-uid /run/nsd nsd")

View File

@ -1,3 +1,47 @@
-------------------------------------------------------------------
Tue Oct 11 11:36:47 UTC 2016 - adam.majer@suse.de
- fix tmpfiles-nsd.conf to point to /run instead of /var/run
- add nsd-rpmlintrc to not display some bogus errors
- put log files into /var/log/nsd/
- put sample config in documentation directory
- update to 4.1.13
- FEATURES
- multi-master-check: yes can be used to check all masters for
the last version, using the higher version from the
configured masters
- Support RR type OPENPGPKEY from RFC 7929.
- Can config key algorithms with the digest name, eg. 'sha256'.
- configure --disable-radix-tree for about 15% lower memory
usage.
- for type SRV add A/AAAA to the additional section (if
possible), just like we already do for type MX.
- more extensible edns option handling.
- When tcp is more than half full, use short timeout for tcp
session.
- Patch for {max,min}-{refresh,retry}-time
- Fix #790: size-limit-xfr can stop NSD from downloading
infinite zone transfer data size, from Toshifumi Sakaguchi.
Fixes CVE-2016-6173f
- BUGFIXES
- Fix compile warnings about unused result from write and
strtol. and signcompare in minmax retrytime.
- Fix #812: fix that make depend fails after distribution.
- Fix #817: xfrd update failed loop.
- Add robustness against unallocated data in nsec3 trees.
- Fix README spelling error of BSD license
- Fix multimaster for not tried full zone transfer for a
expired zone.
- Fix #827: fix compile with openssl 1.1.0 with api=1.1.0.
- Fix malformed edns query assertion failure
- Fix build without IPv6, patch from Zdenek Kaspar.
- Fix #783: Trying to run a root server without having
configured it silently gives wrong answers.
- Fix #782: Serve DS record but parent zone has no NS record.
- Fix nsec3 missing for nsec3 signed parent and child for DS at
zonecut.
-------------------------------------------------------------------
Mon Aug 8 13:10:49 UTC 2016 - adam.majer@suse.de

View File

@ -20,7 +20,7 @@
%{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d}
Name: nsd
Version: 4.1.10
Version: 4.1.13
Release: 0
#
License: BSD-3-Clause
@ -71,7 +71,7 @@ export LDFLAGS="${LDFLAGS} -pie -Wl,-z,relro,-z,now"
--with-dbfile=%{home}/nsd.db \
--with-xfrdfile=%{home}/xfrd.state \
--with-pidfile=%{pidfile} \
--with-logfile=/var/log/nsd.log \
--with-logfile=/var/log/nsd/nsd.log \
--enable-root-server \
--enable-bind8-stats \
--enable-zone-stats \
@ -86,24 +86,21 @@ mv -f doc/CREDITS.utf8 doc/CREDITS
%install
make install DESTDIR="%{buildroot}"
for i in %{buildroot}%{configdir}/*.sample ; do
cp -v $i ${i%%.sample}
done
cp -v %{buildroot}%{configdir}/nsd.conf.sample %{buildroot}%{configdir}/nsd.conf
chmod -Rv o= %{buildroot}%{configdir}/
#
install -d -m 0700 %{buildroot}%{home} \
%{buildroot}%{_rundir}/%{name}
#
install -d -m 0755 %{buildroot}/var/log/
touch %{buildroot}%{home}/{nsd.db,ixfr.db,xfrd.state} %{buildroot}/var/log/nsd.log
install -d -m 0755 %{buildroot}/var/log/nsd/
touch %{buildroot}%{home}/{nsd.db,ixfr.db,xfrd.state} %{buildroot}/var/log/nsd/nsd.log
%if %{with systemd}
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/nsd.service
install -D -m 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/nsd.conf
ln -s -f /usr/sbin/service %{buildroot}%{_sbindir}/rc%{name}
%else
install -D -m 0755 %{S:3} %{buildroot}%{_sysconfdir}/init.d/%{name}
install -D -m 0755 %{S:3} %{buildroot}%{_sysconfdir}/init.d/%{name}
ln -s -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
%endif
@ -114,19 +111,19 @@ ln -s -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
%{_sbindir}/groupadd -r %{name} &>/dev/null ||:
%{_sbindir}/useradd -g %{name} -s /bin/false -r -c "user for %{name}" -d %{home} %{name} &>/dev/null ||:
%if %{with systemd}
%service_add_pre %{name}.service
%service_add_pre %{name}.service
%endif
%post
%fillup_only %{name}
%if %{with systemd}
systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || :
%service_add_post %{name}.service
%service_add_post %{name}.service
%endif
%preun
%if %{with systemd}
%service_del_preun %{name}.service
%service_del_preun %{name}.service
%else
%stop_on_removal %{name}
%endif
@ -142,6 +139,8 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || :
%files
%defattr(-,root,root)
%doc doc/*
%{configdir}/nsd.conf.sample
%config
%doc contrib/
%if %{with systemd}
%{_unitdir}/nsd.service
@ -169,7 +168,9 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf || :
%ghost %config %attr(640,%{name},%{name}) %{home}/ixfr.db
%ghost %config %attr(640,%{name},%{name}) %{home}/xfrd.state
#
%ghost %attr(640,%{name},%{name}) /var/log/nsd.log
#
%dir %attr(750,%{name},%{name}) /var/log/nsd
%ghost %attr(640,%{name},%{name}) /var/log/nsd/nsd.log
%ghost %attr(750,%{name},%{name}) %{_rundir}/%{name}
%changelog

View File

@ -1 +1 @@
D /var/run/nsd 0755 nsd nsd -
D /run/nsd 0755 nsd nsd -