pool/nsd
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
86 Commits 1 Branch 0 Tags 377 KiB
1f62927206
Commit Graph

71 Commits

Author SHA256 Message Date
Adam Majer
1f62927206 Accepting request 1153049 from home:elvigia:branches:server:dns 
- As far as it is known the kernel has a working recvmmsg
  pass --enable-recvmmsg to configure.
- Don't --enable-mmap. Replacing malloc may sound attractive but
  all safety checks to prevent corruption included in libc are lost.

OBS-URL: https://build.opensuse.org/request/show/1153049
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=112
 2024-02-29 11:00:29 +00:00
Adam Majer
3db46678f4 Accepting request 1144903 from home:dimstar:Factory 
- Provide user/group symbol for user created during pre.

OBS-URL: https://build.opensuse.org/request/show/1144903
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=110
 2024-02-09 10:55:50 +00:00
Adam Majer
21ca85a488 Accepting request 1142480 from home:dirkmueller:Factory 
- update to 4.8.0:
  * Fix unit test kill_from_pidfile function for nonexistent
    files because the argument is evaluated before the test
    expression.
  * Fix rr-test to also convert the contents of the just written
    output file.
  * Fix test set to remove -f nsd.db and rm nsd.db commands.
  * Fix test set to remove difffile option.
  * Fix #14: Set timeout to 3s when servicing remaining TCP
    connections.
  * Fix: Always instate write handler after reading queries from
    TCP.
  * Answer first query on connections accepted just before
    reload.
  * Merge #305: faster stats. Statistics can be gathered while a
    reload is in progress.
  * Remove on-disk database.
  * Fix processing of consolidated IXFRs.
  * Fix for interprocess communication to set quit sync command
    from main process explicitly.
  * Merge #281: Proxy protocol. An implementation of PROXYv2 for
    NSD.
  * It can be configured with proxy-protocol-port: portnum with
    the port number of the interface on which proxy traffic is
    handled.
  * The interface can support proxy traffic for UDP, TCP and
    TLS.
  * Fix autoconf 2.69 warnings in configure.
  * Merge #287: Update nsd.conf.5.in.
  * Fix unused variable warning in unit test of udb.

OBS-URL: https://build.opensuse.org/request/show/1142480
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=109
 2024-02-08 14:35:05 +00:00
Adam Majer
e7f502d426 fix changes date 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=107
 2023-08-05 19:45:02 +00:00
Adam Majer
728df9c9df - Fix build for SLE12 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=106
 2023-08-05 19:41:51 +00:00
Adam Majer
4428c31df1 - Adapt spec file to work nicer with containers, like no systemd 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=103
 2023-08-05 18:54:54 +00:00
Adam Majer
1fa87d33f0 Accepting request 1095779 from home:amanzini:branches:server:dns 
- New upstream release 4.7.0
  This release adds a script for bash autocompletion for nsd-control. Also
  nsd-control can be configured to use unencrypted operation also when
  compiled without openssl. There is also a systemd service unit example
  file contributed. The dnstap log service can be contacted over TCP, with
  the dnstap-ip: ip option. It is also possible to use TLS, with
  dnstap-tls, it is enabled by default, and can be configured with the
  dnstap-server-name, dnstap-cert-bundle, dnstap-client-key-file and
  dnstap-client-cert-file options. 
  FEATURES:
    * Fix #267: Allow unencrypted local operation of nsd-control.
    * Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
    * dnstap over TLS, default enabled. Configured with the
      options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
      dnstap-tls-client-key-file and dnstap-tls-client-cert-file.
  BUGFIXES:
    see https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_7_0_REL

OBS-URL: https://build.opensuse.org/request/show/1095779
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=101
 2023-07-04 17:20:39 +00:00
Adam Majer
959d260acd Accepting request 1035137 from home:stroeder:network 
New upstream release 4.6.1

OBS-URL: https://build.opensuse.org/request/show/1035137
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=99
 2022-11-11 11:57:03 +00:00
Adam Majer
195b71a6d1 Accepting request 986175 from home:stroeder:network 
New upstream release 4.6.0

OBS-URL: https://build.opensuse.org/request/show/986175
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=97
 2022-07-01 10:20:48 +00:00
Adam Majer
c5f38ac57d Accepting request 977282 from home:stroeder:network 
New upstream release 4.5.0

OBS-URL: https://build.opensuse.org/request/show/977282
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=95
 2022-05-16 13:31:59 +00:00
Adam Majer
940ab4461a Accepting request 955695 from home:stroeder:network 
New upstream release 4.4.0

OBS-URL: https://build.opensuse.org/request/show/955695
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=94
 2022-02-21 11:42:30 +00:00
Michael Ströder
9351d7e6dc Accepting request 938256 from home:stroeder:network 
New upstream release 4.3.9

OBS-URL: https://build.opensuse.org/request/show/938256
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=93
 2021-12-09 18:31:36 +00:00
Michael Ströder
b5236723e3 Accepting request 931273 from home:stroeder:network 
- adjusted SystemCallFilter= in nsd.service

OBS-URL: https://build.opensuse.org/request/show/931273
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=92
 2021-11-13 22:46:24 +00:00
Michael Ströder
c0230520f1 Accepting request 925092 from home:stroeder:network 
- set RestrictAddressFamilies= in nsd.service

OBS-URL: https://build.opensuse.org/request/show/925092
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=91
 2021-10-13 12:52:27 +00:00
Michael Ströder
1c78b76f36 Accepting request 924959 from home:stroeder:network 
- reworked nsd.service:
  * directly start as User=_nsd
  * even more hardening
  * removed commented and unused directives

FWIW: This was successfully tested on Tumbleweed x86_64.

OBS-URL: https://build.opensuse.org/request/show/924959
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=90
 2021-10-12 20:46:21 +00:00
Michael Ströder
3625623c92 Accepting request 924957 from home:stroeder:network 
Added hardening to systemd service(s) (bsc#1181400)

(Re-ordered nsd.changes)

OBS-URL: https://build.opensuse.org/request/show/924957
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=89
 2021-10-12 20:03:47 +00:00
Michael Ströder
a970b4b2e3 Accepting request 924899 from home:jsegitz:branches:systemdhardening:server:dns 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/924899
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=88
 2021-10-12 19:53:30 +00:00
Michael Ströder
39cc06a6e7 Accepting request 924928 from home:stroeder:network 
New upstream release 4.3.8

OBS-URL: https://build.opensuse.org/request/show/924928
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=87
 2021-10-12 18:31:24 +00:00
Michael Ströder
c4d89ea595 Accepting request 907805 from home:stroeder:network 
New upstream release 4.3.7

OBS-URL: https://build.opensuse.org/request/show/907805
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=86
 2021-07-22 18:31:41 +00:00
Michael Ströder
7fc4c082ed Accepting request 883391 from home:stroeder:network 
New upstream release 4.3.6

OBS-URL: https://build.opensuse.org/request/show/883391
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=84
 2021-04-06 18:43:14 +00:00
Michael Ströder
80dd9114b1 Accepting request 866990 from home:stroeder:branches:server:dns 
New upstream release 4.3.5

OBS-URL: https://build.opensuse.org/request/show/866990
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=82
 2021-01-28 11:31:31 +00:00
Adam Majer
2c8506e8e2 - Fix that symlink does not interfere with chown of pidfile 
(bsc#1179191, CVE-2020-28935)

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=80
 2020-12-01 20:54:35 +00:00
Adam Majer
5a464ece91 Accepting request 852423 from home:stroeder:branches:server:dns 
New upstream release 4.3.4 with fix for CVE-2020-28935

OBS-URL: https://build.opensuse.org/request/show/852423
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=79
 2020-12-01 20:53:14 +00:00
Adam Majer
5b7b6c24bf Accepting request 840327 from home:stroeder:branches:server:dns 
New upstream release 4.3.3

OBS-URL: https://build.opensuse.org/request/show/840327
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=77
 2020-10-19 08:27:21 +00:00
Adam Majer
930b6ba833 Accepting request 820965 from home:stroeder:branches:server:dns 
New upstream release 4.3.2

OBS-URL: https://build.opensuse.org/request/show/820965
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=75
 2020-07-20 09:54:56 +00:00
Adam Majer
1028b4c4a6 Accepting request 794652 from home:stroeder:branches:server:dns 
New upstream release 4.3.1

OBS-URL: https://build.opensuse.org/request/show/794652
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=73
 2020-04-17 09:43:08 +00:00
Marguerite Su
89a74f451a Accepting request 786026 from home:stroeder:branches:server:dns 
New upstream release 4.3.0

OBS-URL: https://build.opensuse.org/request/show/786026
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=71
 2020-03-18 08:56:20 +00:00
Adam Majer
ebb8c821e6 - Update keyring as per https://nlnetlabs.nl/people/ 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=69
 2019-12-12 15:51:01 +00:00
Adam Majer
9a1c8c624c Accepting request 755665 from home:stroeder:branches:server:dns 
New upstream release 4.2.4

OBS-URL: https://build.opensuse.org/request/show/755665
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=68
 2019-12-12 11:32:11 +00:00
Adam Majer
a66803351a Fix .changes 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=66
 2019-11-20 13:41:38 +00:00
Adam Majer
4326999e05 - New upstream release 4.2.3: 
* confine-to-zone configures NSD to not return out-of-zone
    additional information.
  * pidfile "" allows to run NSD without a pidfile
  * adds support for readiness notification with READY_FD
  * fix excessive logging of ixfr failures, it stops the log when
    fallback to axfr is possible. log is enabled at high verbosity.
  * Fixup warnings during --disable-ipv6 compile.
  * The nsd.conf includes are sorted ascending, for include statements
    with a '*' from glob.
  * Fix log address and failure reason with tls handshake errors,
    squelches (the same as unbound) some unless high verbosity is used.
  * Number of different UDP handlers has been reduced to one.
    recvmmsg and sendmmsg implementations are now used on all platforms.
  * Socket options are now set in designated functions for easy reuse.
  * Socket setup has been simplified for easy reuse.
  * Configuration parser is now aware of the context in which
    an option was specified.
  * document that remote-control is a top-level nsd.conf attribute.
- Remove legacy upgrade of nsd users in %post (boo#1157331)boo#1157331)

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=65
 2019-11-20 13:40:55 +00:00
Adam Majer
45e4820b87 Accepting request 729935 from home:stroeder:branches:server:dns 
update to 4.2.2

OBS-URL: https://build.opensuse.org/request/show/729935
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=63
 2019-09-10 17:40:14 +00:00
Marguerite Su
b6d4704d73 Accepting request 714282 from home:stroeder:branches:server:dns 
New upstream release 4.2.1

OBS-URL: https://build.opensuse.org/request/show/714282
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=61
 2019-07-14 03:08:38 +00:00
Marcus Rueckert
9211fbd585 Accepting request 709249 from home:adamm:branches:server:dns 
- New upstream release 4.2.0:
  * Implement TCP fast open
  * Added DNS over TLS
  * TLS OCSP stapling support with the tls-service-ocsp option
  * New option hide-identity can be used in nsd.conf to stop NSD
    from responding with the hostname for probe queries that
    elicit the chaos class response, this is conform RFC4892
  * Disable TLS1.0, TLS1.1 and weak ciphers, enable CIPHER_SERVER_PREFERENCE

OBS-URL: https://build.opensuse.org/request/show/709249
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=59
 2019-06-11 18:52:40 +00:00
Marguerite Su
458e94affe Accepting request 688411 from home:stroeder:branches:server:dns 
Update to upstream release 4.1.27

OBS-URL: https://build.opensuse.org/request/show/688411
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=57
 2019-03-26 06:51:23 +00:00
Adam Majer
978f40fd41 Accepting request 654103 from home:stroeder:branches:server:dns 
Update to upstream release 4.1.26

OBS-URL: https://build.opensuse.org/request/show/654103
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=55
 2018-12-05 10:03:47 +00:00
Marguerite Su
ce705def19 Accepting request 638258 from home:stroeder:branches:server:dns 
- Update to upstream release 4.1.25

OBS-URL: https://build.opensuse.org/request/show/638258
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=53
 2018-09-26 00:40:49 +00:00
Adam Majer
f1e3ce31b3 Accepting request 629072 from home:stroeder:branches:server:dns 
Update to upstream release 4.1.24

OBS-URL: https://build.opensuse.org/request/show/629072
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=51
 2018-08-14 08:20:44 +00:00
Marguerite Su
070d679d50 Accepting request 626524 from home:stroeder:branches:server:dns 
- Update to upstream release 4.1.23:
  - Fix NSD time sensitive TSIG compare vulnerability.

OBS-URL: https://build.opensuse.org/request/show/626524
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=49
 2018-08-05 05:46:44 +00:00
Adam Majer
e0b1394f9e Changelog formatting fixes 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=47
 2018-07-03 11:02:43 +00:00
Adam Majer
33d39edb6d Accepting request 620433 from home:stroeder:branches:server:dns 
- Update to upstream release 4.1.22
4.1.22
================
FEATURES:
- refuse-any sends truncation (+TC) in reply to ANY queries over UDP,
  and allows TCP queries like normal.
- Use accept4 to speed up answer of TCP queries, on Linux, FreeBSD
  and OpenBSD.
BUG FIXES:
- Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.
- Fix to use same condition for nsec3 hash allocation and free.
4.1.21
================
FEATURES:
    - --enable-memclean cleans up memory for use with memory checkers,
      eg. valgrind.
    - refuse-any nsd.conf option that refuses queries of type ANY.
    - lower memory usage for tcp connections, so tcp-count can be
      higher.
BUG FIXES:
    - Fix unused variable warnings and uninit variable in statistics
      printout from clang analyzer.
    - Fix spelling error in xfr-inspect.
    - Fix #3562: explain build error when flex missing.
    - Fix buffer size warnings from compiler on filename lengths.
    - Fix #4093: Release notes not using 2018.

OBS-URL: https://build.opensuse.org/request/show/620433
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=46
 2018-07-03 10:58:40 +00:00
Adam Majer
493c369477 Accepting request 578628 from home:jubalh:branches:server:dns 
- Update to 4.1.20:
  + Fix memory leak in zone file read of unknown rr formatted RRs.
  + Fix memory leak when rehashing nsec3 after axfr or zonefile
    read, in the selectively allocated precompiled nsec3 hashes.

OBS-URL: https://build.opensuse.org/request/show/578628
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=44
 2018-02-21 11:35:23 +00:00
Adam Majer
4f8cb30f71 - Own missing ownership for %_tmpfilesdir 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=42
 2018-02-19 10:22:36 +00:00
Adam Majer
178e6d5492 - More specfile cleanup: 
+ Drop SysV support from package (and hence usage of fillup)
  + Don't redefine %_rundir
  + Drop useless BuildRequires on systemd-devel

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=40
 2018-02-16 08:15:09 +00:00
Adam Majer
4c25569d21 Accepting request 575619 from home:jengelh:branches:server:dns 
- Check group existence before creating it, for real.
- Stop deleting users from the system, it might remove a legitimate
  user that nsd unfortunately shared its name with.
- typographical edit in description for completeness

OBS-URL: https://build.opensuse.org/request/show/575619
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=39
 2018-02-12 12:25:36 +00:00
Adam Majer
7e18382f9f - Own the config zones directory 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=37
 2018-02-12 10:43:27 +00:00
Adam Majer
15a8757c21 - Create a system user, not a regular user 
- Check if user/group already exists and are in system range
- Do not ignore return values from user/group creation

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=36
 2018-02-12 09:05:22 +00:00
Marguerite Su
ab97dbe788 Accepting request 573085 from home:adamm:branches:server:dns 
- drop insserv requires on SLE12+ and openSUSE
- nsd-lintrpmrc: drop most overrides
- don't install config file as sample
- switch to using user/group names _nsd to match expected names
  as per recent rpmlint changes as not to conflict with admin
  created names.
- update and change current owner during upgrade

OBS-URL: https://build.opensuse.org/request/show/573085
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=34
 2018-02-10 01:08:20 +00:00
Adam Majer
6bdae24a72 Accepting request 561095 from home:stroeder:branches:server:dns 
update to 4.1.19

OBS-URL: https://build.opensuse.org/request/show/561095
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=33
 2018-01-03 08:11:07 +00:00
Adam Majer
8dda8812af Accepting request 546762 from home:stroeder:branches:server:dns 
- update to 4.1.18

OBS-URL: https://build.opensuse.org/request/show/546762
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=32
 2017-12-01 07:06:48 +00:00