pool/nsd
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73 Commits 1 Branch 0 Tags 377 KiB
9351d7e6dc
Commit Graph

73 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Michael Ströder
9351d7e6dc Accepting request 938256 from home:stroeder:network 
New upstream release 4.3.9

OBS-URL: https://build.opensuse.org/request/show/938256
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=93
 2021-12-09 18:31:36 +00:00
Michael Ströder
b5236723e3 Accepting request 931273 from home:stroeder:network 
- adjusted SystemCallFilter= in nsd.service

OBS-URL: https://build.opensuse.org/request/show/931273
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=92
 2021-11-13 22:46:24 +00:00
Michael Ströder
c0230520f1 Accepting request 925092 from home:stroeder:network 
- set RestrictAddressFamilies= in nsd.service

OBS-URL: https://build.opensuse.org/request/show/925092
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=91
 2021-10-13 12:52:27 +00:00
Michael Ströder
1c78b76f36 Accepting request 924959 from home:stroeder:network 
- reworked nsd.service:
  * directly start as User=_nsd
  * even more hardening
  * removed commented and unused directives

FWIW: This was successfully tested on Tumbleweed x86_64.

OBS-URL: https://build.opensuse.org/request/show/924959
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=90
 2021-10-12 20:46:21 +00:00
Michael Ströder
3625623c92 Accepting request 924957 from home:stroeder:network 
Added hardening to systemd service(s) (bsc#1181400)

(Re-ordered nsd.changes)

OBS-URL: https://build.opensuse.org/request/show/924957
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=89
 2021-10-12 20:03:47 +00:00
Michael Ströder
a970b4b2e3 Accepting request 924899 from home:jsegitz:branches:systemdhardening:server:dns 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/924899
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=88
 2021-10-12 19:53:30 +00:00
Michael Ströder
39cc06a6e7 Accepting request 924928 from home:stroeder:network 
New upstream release 4.3.8

OBS-URL: https://build.opensuse.org/request/show/924928
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=87
 2021-10-12 18:31:24 +00:00
Michael Ströder
c4d89ea595 Accepting request 907805 from home:stroeder:network 
New upstream release 4.3.7

OBS-URL: https://build.opensuse.org/request/show/907805
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=86
 2021-07-22 18:31:41 +00:00
Michael Ströder
7fc4c082ed Accepting request 883391 from home:stroeder:network 
New upstream release 4.3.6

OBS-URL: https://build.opensuse.org/request/show/883391
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=84
 2021-04-06 18:43:14 +00:00
Michael Ströder
80dd9114b1 Accepting request 866990 from home:stroeder:branches:server:dns 
New upstream release 4.3.5

OBS-URL: https://build.opensuse.org/request/show/866990
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=82
 2021-01-28 11:31:31 +00:00
Adam Majer
2c8506e8e2 - Fix that symlink does not interfere with chown of pidfile 
(bsc#1179191, CVE-2020-28935)

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=80
 2020-12-01 20:54:35 +00:00
Adam Majer
5a464ece91 Accepting request 852423 from home:stroeder:branches:server:dns 
New upstream release 4.3.4 with fix for CVE-2020-28935

OBS-URL: https://build.opensuse.org/request/show/852423
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=79
 2020-12-01 20:53:14 +00:00
Adam Majer
5b7b6c24bf Accepting request 840327 from home:stroeder:branches:server:dns 
New upstream release 4.3.3

OBS-URL: https://build.opensuse.org/request/show/840327
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=77
 2020-10-19 08:27:21 +00:00
Adam Majer
930b6ba833 Accepting request 820965 from home:stroeder:branches:server:dns 
New upstream release 4.3.2

OBS-URL: https://build.opensuse.org/request/show/820965
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=75
 2020-07-20 09:54:56 +00:00
Adam Majer
1028b4c4a6 Accepting request 794652 from home:stroeder:branches:server:dns 
New upstream release 4.3.1

OBS-URL: https://build.opensuse.org/request/show/794652
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=73
 2020-04-17 09:43:08 +00:00
Marguerite Su
89a74f451a Accepting request 786026 from home:stroeder:branches:server:dns 
New upstream release 4.3.0

OBS-URL: https://build.opensuse.org/request/show/786026
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=71
 2020-03-18 08:56:20 +00:00
Adam Majer
ebb8c821e6 - Update keyring as per https://nlnetlabs.nl/people/ 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=69
 2019-12-12 15:51:01 +00:00
Adam Majer
9a1c8c624c Accepting request 755665 from home:stroeder:branches:server:dns 
New upstream release 4.2.4

OBS-URL: https://build.opensuse.org/request/show/755665
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=68
 2019-12-12 11:32:11 +00:00
Adam Majer
a66803351a Fix .changes 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=66
 2019-11-20 13:41:38 +00:00
Adam Majer
4326999e05 - New upstream release 4.2.3: 
* confine-to-zone configures NSD to not return out-of-zone
    additional information.
  * pidfile "" allows to run NSD without a pidfile
  * adds support for readiness notification with READY_FD
  * fix excessive logging of ixfr failures, it stops the log when
    fallback to axfr is possible. log is enabled at high verbosity.
  * Fixup warnings during --disable-ipv6 compile.
  * The nsd.conf includes are sorted ascending, for include statements
    with a '*' from glob.
  * Fix log address and failure reason with tls handshake errors,
    squelches (the same as unbound) some unless high verbosity is used.
  * Number of different UDP handlers has been reduced to one.
    recvmmsg and sendmmsg implementations are now used on all platforms.
  * Socket options are now set in designated functions for easy reuse.
  * Socket setup has been simplified for easy reuse.
  * Configuration parser is now aware of the context in which
    an option was specified.
  * document that remote-control is a top-level nsd.conf attribute.
- Remove legacy upgrade of nsd users in %post (boo#1157331)boo#1157331)

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=65
 2019-11-20 13:40:55 +00:00
Adam Majer
45e4820b87 Accepting request 729935 from home:stroeder:branches:server:dns 
update to 4.2.2

OBS-URL: https://build.opensuse.org/request/show/729935
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=63
 2019-09-10 17:40:14 +00:00
Marguerite Su
b6d4704d73 Accepting request 714282 from home:stroeder:branches:server:dns 
New upstream release 4.2.1

OBS-URL: https://build.opensuse.org/request/show/714282
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=61
 2019-07-14 03:08:38 +00:00
Marcus Rueckert
9211fbd585 Accepting request 709249 from home:adamm:branches:server:dns 
- New upstream release 4.2.0:
  * Implement TCP fast open
  * Added DNS over TLS
  * TLS OCSP stapling support with the tls-service-ocsp option
  * New option hide-identity can be used in nsd.conf to stop NSD
    from responding with the hostname for probe queries that
    elicit the chaos class response, this is conform RFC4892
  * Disable TLS1.0, TLS1.1 and weak ciphers, enable CIPHER_SERVER_PREFERENCE

OBS-URL: https://build.opensuse.org/request/show/709249
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=59
 2019-06-11 18:52:40 +00:00
Marguerite Su
458e94affe Accepting request 688411 from home:stroeder:branches:server:dns 
Update to upstream release 4.1.27

OBS-URL: https://build.opensuse.org/request/show/688411
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=57
 2019-03-26 06:51:23 +00:00
Adam Majer
978f40fd41 Accepting request 654103 from home:stroeder:branches:server:dns 
Update to upstream release 4.1.26

OBS-URL: https://build.opensuse.org/request/show/654103
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=55
 2018-12-05 10:03:47 +00:00
Marguerite Su
ce705def19 Accepting request 638258 from home:stroeder:branches:server:dns 
- Update to upstream release 4.1.25

OBS-URL: https://build.opensuse.org/request/show/638258
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=53
 2018-09-26 00:40:49 +00:00
Adam Majer
f1e3ce31b3 Accepting request 629072 from home:stroeder:branches:server:dns 
Update to upstream release 4.1.24

OBS-URL: https://build.opensuse.org/request/show/629072
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=51
 2018-08-14 08:20:44 +00:00
Marguerite Su
070d679d50 Accepting request 626524 from home:stroeder:branches:server:dns 
- Update to upstream release 4.1.23:
  - Fix NSD time sensitive TSIG compare vulnerability.

OBS-URL: https://build.opensuse.org/request/show/626524
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=49
 2018-08-05 05:46:44 +00:00
Adam Majer
e0b1394f9e Changelog formatting fixes 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=47
 2018-07-03 11:02:43 +00:00
Adam Majer
33d39edb6d Accepting request 620433 from home:stroeder:branches:server:dns 
- Update to upstream release 4.1.22
4.1.22
================
FEATURES:
- refuse-any sends truncation (+TC) in reply to ANY queries over UDP,
  and allows TCP queries like normal.
- Use accept4 to speed up answer of TCP queries, on Linux, FreeBSD
  and OpenBSD.
BUG FIXES:
- Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.
- Fix to use same condition for nsec3 hash allocation and free.
4.1.21
================
FEATURES:
    - --enable-memclean cleans up memory for use with memory checkers,
      eg. valgrind.
    - refuse-any nsd.conf option that refuses queries of type ANY.
    - lower memory usage for tcp connections, so tcp-count can be
      higher.
BUG FIXES:
    - Fix unused variable warnings and uninit variable in statistics
      printout from clang analyzer.
    - Fix spelling error in xfr-inspect.
    - Fix #3562: explain build error when flex missing.
    - Fix buffer size warnings from compiler on filename lengths.
    - Fix #4093: Release notes not using 2018.

OBS-URL: https://build.opensuse.org/request/show/620433
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=46
 2018-07-03 10:58:40 +00:00
Adam Majer
493c369477 Accepting request 578628 from home:jubalh:branches:server:dns 
- Update to 4.1.20:
  + Fix memory leak in zone file read of unknown rr formatted RRs.
  + Fix memory leak when rehashing nsec3 after axfr or zonefile
    read, in the selectively allocated precompiled nsec3 hashes.

OBS-URL: https://build.opensuse.org/request/show/578628
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=44
 2018-02-21 11:35:23 +00:00
Adam Majer
4f8cb30f71 - Own missing ownership for %_tmpfilesdir 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=42
 2018-02-19 10:22:36 +00:00
Dominique Leuenberger
e5eddfb2cd Accepting request 577170 from server:dns 
Remove non-systemd things, obsolete fillup usage and
obsolete requirements. To Factory and Beyond! :D

OBS-URL: https://build.opensuse.org/request/show/577170
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nsd?expand=0&rev=1
 2018-02-16 20:45:11 +00:00
Adam Majer
178e6d5492 - More specfile cleanup: 
+ Drop SysV support from package (and hence usage of fillup)
  + Don't redefine %_rundir
  + Drop useless BuildRequires on systemd-devel

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=40
 2018-02-16 08:15:09 +00:00
Adam Majer
4c25569d21 Accepting request 575619 from home:jengelh:branches:server:dns 
- Check group existence before creating it, for real.
- Stop deleting users from the system, it might remove a legitimate
  user that nsd unfortunately shared its name with.
- typographical edit in description for completeness

OBS-URL: https://build.opensuse.org/request/show/575619
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=39
 2018-02-12 12:25:36 +00:00
Adam Majer
62b4809376 Typo removal, no-op 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=38
 2018-02-12 11:11:37 +00:00
Adam Majer
7e18382f9f - Own the config zones directory 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=37
 2018-02-12 10:43:27 +00:00
Adam Majer
15a8757c21 - Create a system user, not a regular user 
- Check if user/group already exists and are in system range
- Do not ignore return values from user/group creation

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=36
 2018-02-12 09:05:22 +00:00
Adam Majer
1e575e0155 Remove obsolete file 
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=35
 2018-02-12 07:32:53 +00:00
Marguerite Su
ab97dbe788 Accepting request 573085 from home:adamm:branches:server:dns 
- drop insserv requires on SLE12+ and openSUSE
- nsd-lintrpmrc: drop most overrides
- don't install config file as sample
- switch to using user/group names _nsd to match expected names
  as per recent rpmlint changes as not to conflict with admin
  created names.
- update and change current owner during upgrade

OBS-URL: https://build.opensuse.org/request/show/573085
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=34
 2018-02-10 01:08:20 +00:00
Adam Majer
6bdae24a72 Accepting request 561095 from home:stroeder:branches:server:dns 
update to 4.1.19

OBS-URL: https://build.opensuse.org/request/show/561095
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=33
 2018-01-03 08:11:07 +00:00
Adam Majer
8dda8812af Accepting request 546762 from home:stroeder:branches:server:dns 
- update to 4.1.18

OBS-URL: https://build.opensuse.org/request/show/546762
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=32
 2017-12-01 07:06:48 +00:00
Marcus Rueckert
9448366b88 Accepting request 520865 from home:stroeder:branches:server:dns 
- update to 4.1.17
  - Features
    * zone parser parses type AVC (it has TXT format).
    * Fix #1272: use writev to put tcp length field with data for
      outgoing zone transfer requests.
  - Bugfixes
    * Fix potential null pointer in nsec3 adjustment tree.
    * Fix text format of deletes for CDS and CDNSKEY, single 0 to
      represent empty base64 or hex string.

OBS-URL: https://build.opensuse.org/request/show/520865
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=31
 2017-09-05 10:52:10 +00:00
Michael Ströder
783bfb1032 Accepting request 493611 from home:stroeder:branches:server:dns 
update to 4.1.16

OBS-URL: https://build.opensuse.org/request/show/493611
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=30
 2017-05-09 07:58:57 +00:00
Adam Majer
87cb031061 Accepting request 490699 from home:stroeder:branches:server:dns 
update to 4.1.15

OBS-URL: https://build.opensuse.org/request/show/490699
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=29
 2017-04-24 15:38:12 +00:00
Adam Majer
871d54aee8 Accepting request 450090 from home:stroeder:branches:server:dns 
update to 4.1.14

OBS-URL: https://build.opensuse.org/request/show/450090
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=28
 2017-01-13 14:40:56 +00:00
Marcus Rueckert
b9ec3da843 Accepting request 435127 from home:adamm:branches:server:dns 
- fix tmpfiles-nsd.conf to point to /run instead of /var/run
- add nsd-rpmlintrc to not display some bogus errors
- put log files into /var/log/nsd/
- put sample config in documentation directory
- update to 4.1.13
  - FEATURES
    - multi-master-check: yes can be used to check all masters for
      the last version, using the higher version from the
      configured masters
    - Support RR type OPENPGPKEY from RFC 7929.
    - Can config key algorithms with the digest name, eg. 'sha256'.
    - configure --disable-radix-tree for about 15% lower memory
      usage.
    - for type SRV add A/AAAA to the additional section (if
      possible), just like we already do for type MX.
    - more extensible edns option handling.
    - When tcp is more than half full, use short timeout for tcp
      session.
    - Patch for {max,min}-{refresh,retry}-time
    - Fix #790: size-limit-xfr can stop NSD from downloading
      infinite zone transfer data size, from Toshifumi Sakaguchi.
      Fixes CVE-2016-6173f
  - BUGFIXES
    - Fix compile warnings about unused result from write and
      strtol. and signcompare in minmax retrytime.
    - Fix #812: fix that make depend fails after distribution.
    - Fix #817: xfrd update failed loop.
    - Add robustness against unallocated data in nsec3 trees.
    - Fix README spelling error of BSD license
    - Fix multimaster for not tried full zone transfer for a

OBS-URL: https://build.opensuse.org/request/show/435127
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=27
 2016-10-19 10:36:57 +00:00
Marguerite Su
e0e23724fb Accepting request 417983 from home:adamm:branches:server:dns 
- reword description and summary
- add signature file and basic keyring (currently only contains
  signature of the released version since upstream doesn't seem
  to distribute a real keyring)
- remove redundant nsec3 configure option which are enabled by default
- remove obsolete --enable-draft-rrtypes configure

OBS-URL: https://build.opensuse.org/request/show/417983
OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=26
 2016-08-10 01:30:03 +00:00
Marcus Rueckert
3e004dc595 - update to 4.1.10 
- FEATURES:
    - ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket
      option for Linux, binds to interfaces and addresses that are
      down.
    - NSD includes AAAA before A for queries over IPV6 (in
      delegations).  And TC is set if no glue can be provided with
      a delegation because of packet size.
    - print notice that nsd is starting before taking off.
  - BUG FIXES:
    - Fix for openssl 1.1.0, HMAC_CTX size not exported from
      openssl.
    - Fix #751: NSD fails to occlude names below a DNAME.
    - If set without nsd.db print "" as the default in the man
      pages.
    - Fix #755: NSD spins after a zone update and a lot of TCP
      queries.
    - Fix for NSEC3 with zone signed without exact match for empty
      nonterminals, the answer for that domain gets closest
      encloser.
    - #772 Document that recvmmsg has IPv6 problems on some linux
      kernels.

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=25
 2016-06-29 01:14:06 +00:00
Marcus Rueckert
090bbd0971 - update to 4.1.9 
- Change the nsd.db file version because of nanosecond precision
    fix.
- changes from 4.1.8
  - #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch
    from Daisuke Higashi.
  - #739: zonefile changes when mtime is small are detected on
    reload, if filesystem supports precision mtime values.
  - RR type CSYNC (RFC7477) syntax is supported.
  - take advantage of arc4random_uniform if available, patch from
    Loganaden Velvindron.
  - Fix flto check for OSX clang.
  - Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on
    Linux.
  - Fix #736: segfault during zone transfer.
  - Fix #744: Fix that NSD replies for configured but unloaded zone
    with SERVFAIL, not REFUSED.

OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=24
 2016-05-10 22:01:59 +00:00