Accepting request 435127 from home:adamm:branches:server:dns

- fix tmpfiles-nsd.conf to point to /run instead of /var/run
- add nsd-rpmlintrc to not display some bogus errors
- put log files into /var/log/nsd/
- put sample config in documentation directory
- update to 4.1.13
  - FEATURES
    - multi-master-check: yes can be used to check all masters for
      the last version, using the higher version from the
      configured masters
    - Support RR type OPENPGPKEY from RFC 7929.
    - Can config key algorithms with the digest name, eg. 'sha256'.
    - configure --disable-radix-tree for about 15% lower memory
      usage.
    - for type SRV add A/AAAA to the additional section (if
      possible), just like we already do for type MX.
    - more extensible edns option handling.
    - When tcp is more than half full, use short timeout for tcp
      session.
    - Patch for {max,min}-{refresh,retry}-time
    - Fix #790: size-limit-xfr can stop NSD from downloading
      infinite zone transfer data size, from Toshifumi Sakaguchi.
      Fixes CVE-2016-6173f
  - BUGFIXES
    - Fix compile warnings about unused result from write and
      strtol. and signcompare in minmax retrytime.
    - Fix #812: fix that make depend fails after distribution.
    - Fix #817: xfrd update failed loop.
    - Add robustness against unallocated data in nsec3 trees.
    - Fix README spelling error of BSD license
    - Fix multimaster for not tried full zone transfer for a

OBS-URL: https://build.opensuse.org/request/show/435127
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=27

nsd-4.1.10.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3a757014046752a0b0b11c1a2e22a36bb796f89f6939147ed3226556b4298727
-size 1075892

nsd-4.1.10.tar.gz.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJXX/YJAAoJEJ9vHC1+BF+N4FsP/1P5FHe23x2USPNSgjRMfb+G
-dPr8xkngUzZ5NPAH3LjQmPODV5FyWDCCRPB0LQzjiDZm4rVq1z+o4oGxjOxfWBwl
-KZwWhxyoIfLBs3/Sz3PZ+jaOFWrIuYyOXeBXHc8vH6jfpvBd/ZtmMz3m9rK1M4WE
-TAHY9Y8R10AJbSLD9A+DGcrN87zT8z5s9DnI2utgTRS+0VJNr5daXVLI9IqAYRx1
-pe1sZs+1tLtu/KFW6ytkCuHoAuGnN0Y8eBYxde7kMGy0fDiRSk3Hwr3hDIsq83nR
-LgWNCofTq7GKLzag/4ULDzkctkOwAjGvvID3/rBBp0nZFex4uJ2p7XVqgVNNPIbh
-EXGDpz6K6M3QEqeetW8/9MJ1vAunTzqRp1phqY2+CYrSRKzSPKsl5Zi/gK4i74q4
-cg7KBiJAtm6x/Encf7WHIS0fuuKg0++cz0Jo+EEUmja0QJhFeI1ncIDF+7KEP9lN
-M0E6p59u6xr1h46teOC5n5HGmmt1TkEW4MSr0WvvBDJHC7rogLYrESwwcw/jGAin
-ZCMzPuKosE9hLEbWgSgy/IyfXSaU3JvgUN/J4HIRZt0h3okPnrS2McwdYx5sjRqr
-hkahA2tYGVinNj7n5HHYio6rUQirR7YrpaBqkiNmaW/PU0klYvV1cUQKl+vAL7s3
-xjrIAUNsLb24cSJbjGGf
-=E4/n
------END PGP SIGNATURE-----

nsd-4.1.13.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c45cd4ba2101a027e133b2be44db9378e27602e05f09a5ef25019e1ae45291af
+size 1085701

nsd-4.1.13.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJX6ieOAAoJEJ9vHC1+BF+N0fwQALDKHw6BmJ4NcPSoPDIurzEC
+4y3oOdUMXZN1/0qw7UUh3/0y4eQkmRd6MRqlkU9DdJAaZGFy119GVj5b5aaxG/hT
+Qs3wgh6F5KCJyL64+EYAwtvViLRzFCM5QCpWCOPZUjvCEhj3C1wLNjEodmBX76iR
+L5kcbW1RwBUgyVv+H1DS92vsB3gNz27vncw+7ZxDKflr0KxYjR6Xw8lGBFmZb/O+
+uaVWvFRhQzw5dvC5ldorb9mKpPekAuFACaH0X+3SUFHRTagzBSnMCg8bBKqLz+nX
+KgA7D4DOKYFMWN/g+wlsf14LDmhbxfNnAHg6gyrG9CjkP8T0VPdDreIDlZSfC6v3
+4zq5Fau6cDCvat65OhCHMSenRI0rpryAXeKA3+2NnCQFaqg8kvq/UdZDq6HT/+bM
+TTnGuJp8qoOu0piuTI1IHiHqfwY0jSIwQWUn5ofesWNjn5TDGIEx1NQ6ROsr03tx
+lJnW02h7A8OO8oREvgv1u5XX1IbUPTwyyf0STspxCTQxUKkVSjXa6pmEjhnZiAIB
+qZIX7YhAlSO3XS5BI701cPvRbc+Y71VayN8ZBhtUFx7rrjU9ZSTFTx4UuQ8xEP37
++Lob8QtPFZeI6lsCmTCZ//ILMgbyQsbgsSz/4bcnJB9CA21sPTSpEGJMeyOpWVsL
+lHotrAEv8pqgPeWFXObg
+=goPn
+-----END PGP SIGNATURE-----

nsd-rpmlintrc

@@ -0,0 +1,22 @@
+# failed check. chroot immediately follows chdir
+addFilter("W: missing-call-to-chdir-with-chroot /usr/sbin/nsd")
+
+# We create our group/user
+addFilter("W: non-standard-uid /var/lib/nsd/nsd.db nsd")
+addFilter("W: non-standard-uid /var/log/nsd nsd")
+addFilter("W: non-standard-uid /var/log/nsd/nsd.log nsd")
+addFilter("W: non-standard-uid /var/lib/nsd/xfrd.state nsd")
+addFilter("W: non-standard-uid /var/lib/nsd nsd")
+addFilter("W: non-standard-uid /var/lib/nsd/ixfr.db nsd")
+addFilter("W: non-standard-gid /var/lib/nsd/nsd.db nsd")
+addFilter("W: non-standard-gid /var/log/nsd nsd")
+addFilter("W: non-standard-gid /etc/nsd nsd")
+addFilter("W: non-standard-gid /var/log/nsd/nsd.log nsd")
+addFilter("W: non-standard-gid /etc/nsd/nsd.conf.sample nsd")
+addFilter("W: non-standard-gid /etc/nsd/nsd.conf nsd")
+addFilter("W: non-standard-gid /var/lib/nsd/xfrd.state nsd")
+addFilter("W: non-standard-gid /var/lib/nsd nsd")
+addFilter("W: non-standard-gid /var/lib/nsd/ixfr.db nsd")
+
+addFilter("W: non-standard-gid /run/nsd nsd")
+addFilter("W: non-standard-uid /run/nsd nsd")

nsd.changes

@@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Tue Oct 11 11:36:47 UTC 2016 - adam.majer@suse.de
+
+- fix tmpfiles-nsd.conf to point to /run instead of /var/run
+- add nsd-rpmlintrc to not display some bogus errors
+- put log files into /var/log/nsd/
+- put sample config in documentation directory
+- update to 4.1.13
+  - FEATURES
+    - multi-master-check: yes can be used to check all masters for
+      the last version, using the higher version from the
+      configured masters
+    - Support RR type OPENPGPKEY from RFC 7929.
+    - Can config key algorithms with the digest name, eg. 'sha256'.
+    - configure --disable-radix-tree for about 15% lower memory
+      usage.
+    - for type SRV add A/AAAA to the additional section (if
+      possible), just like we already do for type MX.
+    - more extensible edns option handling.
+    - When tcp is more than half full, use short timeout for tcp
+      session.
+    - Patch for {max,min}-{refresh,retry}-time
+    - Fix #790: size-limit-xfr can stop NSD from downloading
+      infinite zone transfer data size, from Toshifumi Sakaguchi.
+      Fixes CVE-2016-6173f
+
+  - BUGFIXES
+    - Fix compile warnings about unused result from write and
+      strtol. and signcompare in minmax retrytime.
+    - Fix #812: fix that make depend fails after distribution.
+    - Fix #817: xfrd update failed loop.
+    - Add robustness against unallocated data in nsec3 trees.
+    - Fix README spelling error of BSD license
+    - Fix multimaster for not tried full zone transfer for a
+      expired zone.
+    - Fix #827: fix compile with openssl 1.1.0 with api=1.1.0.
+    - Fix malformed edns query assertion failure
+    - Fix build without IPv6, patch from Zdenek Kaspar.
+    - Fix #783: Trying to run a root server without having
+      configured it silently gives wrong answers.
+    - Fix #782: Serve DS record but parent zone has no NS record.
+    - Fix nsec3 missing for nsec3 signed parent and child for DS at
+      zonecut.
+
 -------------------------------------------------------------------
 Mon Aug  8 13:10:49 UTC 2016 - adam.majer@suse.de
 

nsd.spec

@@ -20,7 +20,7 @@
 %{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d}
 
 Name:           nsd
-Version:        4.1.10
+Version:        4.1.13
 Release:        0
 #
 License:        BSD-3-Clause
@@ -71,7 +71,7 @@ export LDFLAGS="${LDFLAGS} -pie -Wl,-z,relro,-z,now"
     --with-dbfile=%{home}/nsd.db       \
     --with-xfrdfile=%{home}/xfrd.state \
     --with-pidfile=%{pidfile}          \
-    --with-logfile=/var/log/nsd.log    \
+    --with-logfile=/var/log/nsd/nsd.log \
     --enable-root-server               \
     --enable-bind8-stats               \
     --enable-zone-stats                \
@@ -86,24 +86,21 @@ mv -f doc/CREDITS.utf8 doc/CREDITS
 
 %install
 make install DESTDIR="%{buildroot}"
-for i in %{buildroot}%{configdir}/*.sample ; do
+cp -v %{buildroot}%{configdir}/nsd.conf.sample %{buildroot}%{configdir}/nsd.conf
-    cp -v $i ${i%%.sample}
-done
-
 chmod -Rv o= %{buildroot}%{configdir}/
 #
 install -d -m 0700 %{buildroot}%{home}            \
                    %{buildroot}%{_rundir}/%{name}
 #
-install -d -m 0755 %{buildroot}/var/log/
+install -d -m 0755 %{buildroot}/var/log/nsd/
-touch %{buildroot}%{home}/{nsd.db,ixfr.db,xfrd.state} %{buildroot}/var/log/nsd.log
+touch %{buildroot}%{home}/{nsd.db,ixfr.db,xfrd.state} %{buildroot}/var/log/nsd/nsd.log
 
 %if %{with systemd}
 install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/nsd.service
 install -D -m 0644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/nsd.conf
 ln -s -f /usr/sbin/service    %{buildroot}%{_sbindir}/rc%{name}
 %else
-install -D -m 0755 %{S:3}              %{buildroot}%{_sysconfdir}/init.d/%{name}
+install -D -m 0755 %{S:3}     %{buildroot}%{_sysconfdir}/init.d/%{name}
 ln -s -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
 %endif
 
@@ -114,19 +111,19 @@ ln -s -f %{_sysconfdir}/init.d/%{name} %{buildroot}%{_sbindir}/rc%{name}
 %{_sbindir}/groupadd -r %{name} &>/dev/null ||:
 %{_sbindir}/useradd  -g %{name} -s /bin/false -r -c "user for %{name}" -d %{home} %{name} &>/dev/null ||:
 %if %{with systemd}
-%service_add_pre    %{name}.service
+%service_add_pre %{name}.service
 %endif
 
 %post
 %fillup_only %{name}
 %if %{with systemd}
 systemd-tmpfiles --create  %{_tmpfilesdir}/%{name}.conf || :
-%service_add_post   %{name}.service
+%service_add_post %{name}.service
 %endif
 
 %preun
 %if %{with systemd}
-%service_del_preun  %{name}.service
+%service_del_preun %{name}.service
 %else
 %stop_on_removal %{name}
 %endif
@@ -142,6 +139,8 @@ systemd-tmpfiles --create  %{_tmpfilesdir}/%{name}.conf || :
 %files
 %defattr(-,root,root)
 %doc doc/*
+%{configdir}/nsd.conf.sample
+%config
 %doc contrib/
 %if %{with systemd}
 %{_unitdir}/nsd.service
@@ -169,7 +168,9 @@ systemd-tmpfiles --create  %{_tmpfilesdir}/%{name}.conf || :
 %ghost %config %attr(640,%{name},%{name}) %{home}/ixfr.db
 %ghost %config %attr(640,%{name},%{name}) %{home}/xfrd.state
 #
-%ghost %attr(640,%{name},%{name}) /var/log/nsd.log
+%dir   %attr(750,%{name},%{name}) /var/log/nsd
-#
+%ghost %attr(640,%{name},%{name}) /var/log/nsd/nsd.log
+%ghost %attr(750,%{name},%{name}) %{_rundir}/%{name}
+
 
 %changelog

tmpfiles-nsd.conf

@@ -1 +1 @@
-D /var/run/nsd 0755 nsd nsd -
+D /run/nsd 0755 nsd nsd -