diff --git a/baselibs.conf b/baselibs.conf index c0e5de5..cd9792b 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,17 +1,17 @@ libbind9-1600 -libdns1610 +libdns1611 libirs1601 -libisc1608 +libisc1609 obsoletes "bind-libs- = " provides "bind-libs- = " libisccc1600 -libisccfg1602 -libns1606 +libisccfg1603 +libns1607 bind-devel requires -bind- requires "libbind9-1600- = " - requires "libdns1610- = " + requires "libdns1611- = " requires "libirs1601- = " - requires "libisc1608- = " + requires "libisc1609- = " requires "libisccc1600- = " - requires "libisccfg1602- = " + requires "libisccfg1603- = " diff --git a/bind-9.16.10.tar.xz b/bind-9.16.10.tar.xz deleted file mode 100644 index 5083e2d..0000000 --- a/bind-9.16.10.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bc47fc019c6205e6a6bfb839c544a1472321df0537ba905b846a4cbffe3362b3 -size 3269696 diff --git a/bind-9.16.10.tar.xz.sha512.asc b/bind-9.16.10.tar.xz.sha512.asc deleted file mode 100644 index 8062e77..0000000 --- a/bind-9.16.10.tar.xz.sha512.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEElc7aJWscoKFfMC+1lSGn7V2s6RgFAl/Xs+kACgkQlSGn7V2s -6RiWqhAAqJcELI++5TjipTsmV42navWlnHDD6ccpuhNDVGusX1+HA3n3n7ne8dNX -PrYtDU0ZiCr1yj6vBldtttD0MpRVfr3+UaLQesD1vVty+FffnzxaR0RhHiIe3X4U -220qypWsfSkf+lmSLuc1U1sSPkclhBMV43WDs06gJXGdU+qt+4pJfqdo1cnbZ7dG -0iWouSt/mkSGpX5XApC9foT0S8DUQumYv41eo40NCaoqd8DT8Yok8Xq2pdDDpzPg -3rCEuIixU8yVDvKLbEBrN2wxx60PFW77vMD1WAQjZTexbvNmFoWcmFVvSgkQRP1A -4nvQ8DAVSSOhoJlzXafDcpVOCyEJ68AHortryf+rVv48tVMkCgFzDa8SBjcrRP1r -uYcx0pJAQy2ZjTkjk6CJuInvPrYV7lq05X3PnXGsvVRvV3bJPqSqq5iHSYxY3BVh -tWNx8C7zpMdHoq7Si47v5/qLh92V8bVA9xWHAwtrs6xvojgwhl9iI0EkZRfjbzvW -HPqyEYbUBYppORuGoKgK5a8Jh8j/1slb8A7jrhaLXOrXrASbfvblAXTh7Uqk4lSe -OB33cqvn8x4eYYjrjdkss989RBT3m5GBmOrDaGsJT/BlvA3t/J2ViOQBf4DcuDdY -AsPf3kqMYorUaJo2hBFlqsJqHLcJn4+nlVvEVO9cmlZlX1vuYLU= -=cLza ------END PGP SIGNATURE----- diff --git a/bind-9.16.11.tar.xz b/bind-9.16.11.tar.xz new file mode 100644 index 0000000..1f22c05 --- /dev/null +++ b/bind-9.16.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0111f64dd7d8f515cfa129e181cce96ff82070d1b27f11a21f6856110d0699c1 +size 5007520 diff --git a/bind-9.16.11.tar.xz.sha512.asc b/bind-9.16.11.tar.xz.sha512.asc new file mode 100644 index 0000000..409cc75 --- /dev/null +++ b/bind-9.16.11.tar.xz.sha512.asc @@ -0,0 +1,28 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEJFV3TUL9/mucOD64/hACvFlwgR8FAmAGro0ACgkQ/hACvFlw +gR8c5Q//Z3W/1SLnIKxUIh+E6wzBOnfwh8BeiuMLHL3dEvWzDxg/MguJJTJN1s5t +ChzI72HRjMyyVbJRsU2ujVQdgh52ZTE8+0Ymt3YPYxQVFdguOSGEaTVN0Ikpjc+Z +5QuOPCUbUVuP7i7Mq4fmY0+lUJnx3eh3QhQx1sBtMj/wWH1BI6PzKfhx+YH9KT2e +dQEsBuAY7RaA8gFYo2GlbqGU83idlorgxol8ePnGOehp2Vo/vpvZ2dRDbkpixekr +Gdy3Uw6GAo/JboG50XnB/Yb+ftx5jV0oDN7bSbLpi1pWEBaqfF1aa+CGTX5qAqUW +e48boWTLtq7NR6ARnzKqyoklmjARy3N3ovks41DIIUvuNEUAu/8d3v3aaRIIyBG5 +Wc5ak0Kzqz64V/qXgHg30q2TWQb6BHcaAhvpjYmo91LW80So40Dz+a/vWOHX5N5y +27aPdfnP/+0JrUP3f0fm54TabR/WdLVJNQ2F2AZJ1R+F+e1b1Wbg7fEgeDdS44I8 +hDBS/glZyhAzS7k2c8R0QC61b7IBp64Y1cdCTRlLEJ4Y2PowprO6Kv1M1X4O2RMm +LxnFNcV44Is3GLSh82h3oqSLmBpsN5r5CWoFcxy6La1cwXywAviqXsTn4wOJTrbj +wmcrnPPx9NuFS7p/tqnaaKVhvhdgNshn727oH9P0SKhFMes3UACJAjMEAAEKAB0W +IQSVztolaxygoV8wL7WVIaftXazpGAUCYAaujQAKCRCVIaftXazpGPDkEADaDTOh +Tlm7xsiGs9STi5g4XmgWCo0VwhUYdy3rQG5u/pNM6FloWoooILvmrsSJThceocB3 +ivqOn3T1Tw3FI1DxfTBl1aa0AYARxGq4ehMZCvIvWqVOeMlODY2Ju8wHt50VCtn+ +phActtSiFseMBb1J5U/qEd6Q8M/ABDZQxzn9KYS5Nu7/a3dex9yNcvzrdoBDZA8M +37SV+ZJyEz658vxh9z7Rq3FmnAqUGsPT3lQVQzenl1vcLj4T9XUs3w1GLRW8NtY9 +9c3mcmYbngz0SQFbFhIvbBw+0KmhTR0qZmwRmXDVXMAjcOx9gsCLL7BtwkzbFS7u +qfSv1lbSi40UqsYOTZi6W5LcQ0zbcqOGm+1OGWW1nSIQIakXa0RPMRtMRgSBeefY +PdEiG05fQMBkDkHFfgl4rRVLNuK76sm/HhUpQe7orGb9y+yX/cfKPnQmVSQaJ6Fo +5wsENXfOXH1X6SvNlEhn4MLij4anb1y1oyuRZcOGYtexscdLUOQ4gDsZvzkYyudP +rLt/86tjOAU0Y9TkRlxa2X9tXqaE0ptOJtO3Q6XvRxZXI6NrWKXSjeiQxCPadEDt +TaKjznZkC1tqD/Po3/gY2BPQHBasBghr4JP/cMgo+cbOicYMw228sHUnhZSDFoHc +qXK9qeyaJfcsnwSEIE+OIW5SwdMawhHOXjhmSQ== +=k0j1 +-----END PGP SIGNATURE----- diff --git a/bind-chrootenv.conf b/bind-chrootenv.conf deleted file mode 100644 index 35a86ab..0000000 --- a/bind-chrootenv.conf +++ /dev/null @@ -1,17 +0,0 @@ -# See tmpfiles.d(5) for details -#Type Path Mode UID GID Age Argument -d /var/lib/named 1775 root named - - -d /var/lib/named/dev 755 root root - - -c /var/lib/named/dev/null 666 root root - 1:3 -c /var/lib/named/dev/random 666 root root - 1:8 -c /var/lib/named/dev/urandom 664 root root - 1:9 -d /var/lib/named/etc 755 root root - - -d /var/lib/named/etc/named.d 755 root root - - -d /var/lib/named/log 755 named named - - -d /var/lib/named/var - - - - - -d /var/lib/named/var/lib - - - - - -L /var/lib/named/var/lib/named - - - - ../.. -L /var/lib/named/var/log - - - - ../log -d /var/lib/named/var/run - - - - - -d /var/lib/named/var/run/named 755 named named - - -C /var/lib/named/usr/lib64/named - - - - /usr/lib64/named diff --git a/bind.changes b/bind.changes index 953600d..a3cacb7 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Thu Jan 21 08:00:03 UTC 2021 - Josef Möllers + +- Upgrade to version 9.16.11 + * Bug fixing (please check CHANGES file in the source RPM) + * Functional change: + policy none;", named now + permits a safe transition to insecure mode and publishes + the CDS and CDNSKEY DELETE records, as described in RFC 8078. + + Remove useless Makefiles and Makefile skeleton files in + /usr/share/doc/packages/bind/contrib/ + [bind.spec, bsc#1179040] + + *** MAJOR CHANGE *** + Changed protection of/against "named" from chroot jail to + systemd protection. This obsoletes subpackage named-chrootenv. + Kudos to Matthias Gerstner + [bind.spec, bind-chrootenv.conf, vendor-files.tar.bz2, bsc#1180294] + ------------------------------------------------------------------- Tue Dec 29 19:28:46 UTC 2020 - Dirk Müller diff --git a/bind.spec b/bind.spec index 8d7c29a..8618bdc 100644 --- a/bind.spec +++ b/bind.spec @@ -1,7 +1,7 @@ # # spec file for package bind # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,17 +20,17 @@ # Note that the sonums are LIBINTERFACE - LIBAGE %define bind9_sonum 1600 %define libbind9 libbind9-%{bind9_sonum} -%define dns_sonum 1610 +%define dns_sonum 1611 %define libdns libdns%{dns_sonum} %define irs_sonum 1601 %define libirs libirs%{irs_sonum} -%define isc_sonum 1608 +%define isc_sonum 1609 %define libisc libisc%{isc_sonum} %define isccc_sonum 1600 %define libisccc libisccc%{isccc_sonum} -%define isccfg_sonum 1602 +%define isccfg_sonum 1603 %define libisccfg libisccfg%{isccfg_sonum} -%define ns_sonum 1606 +%define ns_sonum 1607 %define libns libns%{ns_sonum} %define VENDOR SUSE @@ -61,7 +61,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.16.10 +Version: 9.16.11 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 @@ -78,7 +78,6 @@ Source40: dnszone-schema.txt Source60: dlz-schema.txt # configuation files for systemd-tmpfiles Source70: bind.conf -Source71: bind-chrootenv.conf Source72: named.conf Patch51: pie_compile.diff Patch52: named-bootconf.diff @@ -99,7 +98,6 @@ BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(libidn2) BuildRequires: pkgconfig(libuv) BuildRequires: pkgconfig(libxml-2.0) -Requires: %{name}-chrootenv Requires: %{name}-utils Requires(post): %fillup_prereq Requires(post): bind-utils @@ -215,17 +213,6 @@ Group: System/Libraries %description -n %{libisccfg} This BIND library contains the configuration file parser. -%package chrootenv -Summary: Chroot environment for BIND named -# We need the named user and group, have only one authoritative place -Group: Productivity/Networking/DNS/Servers -Requires(pre): %{name} - -%description chrootenv -This package contains all directories and files which are common to the -chroot environment of BIND named. Most is part of the -structure below %{_localstatedir}/lib/named. - %package devel Summary: Development Libraries and Header Files of BIND Group: Development/Libraries/C and C++ @@ -304,7 +291,7 @@ function replaceStrings() -i "${file}" } pushd vendor-files -for file in docu/README tools/createNamedConfInclude config/{README,named.conf} init/named system/named.init sysconfig/{named-common,named-named,syslog-named}; do +for file in docu/README* tools/createNamedConfInclude config/{README,named.conf} init/named system/named.init sysconfig/named-named; do replaceStrings ${file} done popd @@ -363,7 +350,7 @@ mkdir -p \ %{buildroot}/%{_datadir}/bind \ %{buildroot}/%{_datadir}/susehelp/meta/Administration/System \ %{buildroot}/%{_defaultdocdir}/bind \ - %{buildroot}%{_localstatedir}/lib/named/{etc/named.d,dev,dyn,log,master,slave,var/{lib,run/named}} \ + %{buildroot}%{_localstatedir}/lib/named/{etc/named.d,dev,dyn,master,slave,var/{lib,run/named}} \ %{buildroot}%{_mandir}/{man1,man3,man5,man8} \ %{buildroot}%{_fillupdir} \ %{buildroot}/%{_rundir} \ @@ -383,9 +370,6 @@ rm -f %{buildroot}/%{_libdir}/lib*.{la,a} mv vendor-files/config/named.conf %{buildroot}/%{_sysconfdir} mv vendor-files/config/bind.reg %{buildroot}/%{_sysconfdir}/slp.reg.d mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d -for file in named.conf.include; do - touch %{buildroot}/%{_sysconfdir}/${file} -done %if %{with_systemd} for file in named; do @@ -394,7 +378,6 @@ done ln -s /sbin/service %{buildroot}%{_sbindir}/rc${file} done install -D -m 0644 %{SOURCE70} %{buildroot}%{_prefix}/lib/tmpfiles.d/bind.conf - install -D -m 0644 %{SOURCE71} %{buildroot}%{_prefix}/lib/tmpfiles.d/bind-chrootenv.conf install -D -m 0644 ${RPM_SOURCE_DIR}/named.root %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/root.hint install -m 0644 vendor-files/config/{127.0.0,localhost}.zone %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named install -m 0644 bind.keys %{buildroot}%{_datadir}/factory%{_localstatedir}/lib/named/named.root.key @@ -413,12 +396,7 @@ cp -p ${RPM_SOURCE_DIR}/dnszone-schema.txt %{buildroot}/%{_sysconfdir}/openldap/ cp -p "%{SOURCE60}" "%{buildroot}/%{_sysconfdir}/openldap/schema/dlz.schema" install -m 0754 vendor-files/tools/ldapdump %{buildroot}/%{_datadir}/bind find %{buildroot}/%{_libdir} -type f -name '*.so*' -print0 | xargs -0 chmod 0755 -touch %{buildroot}%{_localstatedir}/lib/named%{_sysconfdir}/{localtime,named.conf.include,named.d/rndc.access.conf} -touch %{buildroot}%{_localstatedir}/lib/named/dev/log -ln -s ../.. %{buildroot}%{_localstatedir}/lib/named%{_localstatedir}/lib/named -ln -s ../log %{buildroot}%{_localstatedir}/lib/named%{_localstatedir} -ln -s ..%{_localstatedir}/lib/named%{_localstatedir}/run/named %{buildroot}/run -for file in named-common named-named syslog-named; do +for file in named-named; do install -m 0644 vendor-files/sysconfig/${file} %{buildroot}%{_fillupdir}/sysconfig.${file} done %if %{with_sfw2} @@ -428,7 +406,11 @@ install -m 644 vendor-files/sysconfig/SuSEFirewall.named %{buildroot}/%{_sysconf rm doc/misc/Makefile* find doc/arm -type f ! -name '*.html' -print0 | xargs -0 rm -f # Create doc as we want it in bind and not bind-doc -cp -a vendor-files/docu/README %{buildroot}/%{_defaultdocdir}/bind/README.%{VENDOR} +for file in vendor-files/docu/README*; do + basename=$( basename ${file}) + cp -a ${file} %{buildroot}/%{_defaultdocdir}/bind/${basename}.%{VENDOR} +done + mkdir -p vendor-files/config/ISC-examples cp -a bin/tests/*.conf* vendor-files/config/ISC-examples for d in arm; do @@ -441,6 +423,8 @@ for file in CHANGES COPYRIGHT README version contrib doc/misc vendor-files/confi echo "%doc %{_defaultdocdir}/bind/${basename}" >>filelist-bind-doc done # --------------------------------------------------------------------------- +# remove useless Makefiles and Makefile skeletons +find %{buildroot}/%{_defaultdocdir}/bind \( -name Makefile -o -name Makefile.in \) -exec rm {} + install -m 0644 bind.keys %{buildroot}%{_localstatedir}/lib/named/named.root.key %if %{with_systemd} mkdir -p %{buildroot}%{_sysusersdir} @@ -480,6 +464,11 @@ if [ -x %{_bindir}/systemctl ]; then %{_bindir}/systemctl daemon-reload || : fi %endif +# Create the rndc.key and named.conf.include* files so they exist when named is started +[ -e /etc/rndc.key ] || /usr/sbin/rndc-confgen -a -b 512 +[ -e /etc/named.conf.include ] || touch /etc/named.conf.include +[ -e /etc/named.conf.include.BINDconfig ] || touch /etc/named.conf.include.BINDconfig +chown named: /etc/rndc.key /etc/named.conf.include* %postun %if %{with_systemd} @@ -503,19 +492,12 @@ fi %postun -n %{libisccc} -p /sbin/ldconfig %post -n %{libisccfg} -p /sbin/ldconfig %postun -n %{libisccfg} -p /sbin/ldconfig -%post chrootenv -%{fillup_only -nsa named common} -%{fillup_only -nsa syslog named} -%if %{with_systemd} -%tmpfiles_create bind-chrootenv.conf -%endif %files %license LICENSE %attr(0644,root,named) %config(noreplace) /%{_sysconfdir}/named.conf %dir %{_sysconfdir}/slp.reg.d %attr(0644,root,root) %config /%{_sysconfdir}/slp.reg.d/bind.reg -%attr(0644,root,named) %ghost /%{_sysconfdir}/named.conf.include %if %{with_systemd} %config %{_unitdir}/named.service %{_sbindir}/named.init @@ -581,30 +563,6 @@ fi %files -n %{libisccfg} %{_libdir}/libisccfg.so.%{isccfg_sonum}* -%files chrootenv -%if %{with_systemd} -%{_prefix}/lib/tmpfiles.d/bind-chrootenv.conf -%endif -%dir %{_var}/lib/named%{_sysconfdir} -%dir %{_var}/lib/named%{_sysconfdir}/named.d -%dir %{_var}/lib/named/dev -%dir %{_var}/lib/named%{_localstatedir} -%dir %{_var}/lib/named%{_localstatedir}/lib -%dir %{_var}/lib/named%{_localstatedir}/run -%attr(-,named,named) %dir %{_var}/lib/named/log -%ghost %{_var}/lib/named%{_sysconfdir}/named.d/rndc.access.conf -%ghost %{_var}/lib/named/dev/log -%attr(0666, root, root) %dev(c, 1, 3) %{_var}/lib/named/dev/null -%attr(0666, root, root) %dev(c, 1, 8) %{_var}/lib/named/dev/random -%attr(0664, root, root) %dev(c, 1, 9) %{_var}/lib/named/dev/urandom -%{_var}/lib/named%{_localstatedir}/lib/named -%{_var}/lib/named%{_localstatedir}/log -%{_fillupdir}/sysconfig.named-common -%{_fillupdir}/sysconfig.syslog-named -%ghost %{_var}/lib/named%{_sysconfdir}/localtime -%attr(0644,root,named) %ghost %{_var}/lib/named%{_sysconfdir}/named.conf.include -%attr(-,named,named) %dir %{_var}/lib/named%{_localstatedir}/run/named - %files devel %dir %{_includedir}/isc %{_includedir}/isc/errno2result.h @@ -655,7 +613,7 @@ fi %{_sbindir}/rndc-confgen %{_sbindir}/tsig-keygen %dir %doc %{_defaultdocdir}/bind -%{_defaultdocdir}/bind/README.%{VENDOR} +%{_defaultdocdir}/bind/README*.%{VENDOR} %{_defaultdocdir}/bind/.clang-format.headers %{_mandir}/man1/arpaname.1%{ext_man} %{_mandir}/man1/delv.1%{ext_man} diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2 index 7bc1ccf..b456d6d 100644 --- a/vendor-files.tar.bz2 +++ b/vendor-files.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:869362e4b2919fa7ab4edb93d0397798b775c68c197d86edfb18c6e21b826b9b -size 23683 +oid sha256:557cf909bc65afb13c3f3b157677b58066fa0818c9d6b230718ad74431b82d31 +size 22842