From 690c3ba2eb41926719981b33c0164600a845d151bd2dbeede97f9d2af3a82157 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20M=C3=B6llers?= <josef.moellers@suse.com>
Date: Thu, 29 Jul 2021 13:39:41 +0000
Subject: [PATCH] Accepting request 909186 from home:polslinux:branches:network

- Update to 9.16.19
  * A race condition could occur where two threads were
    competing for the same set of key file locks, leading to
    a deadlock. This has been fixed. [GL #2786]
  * create_keydata() created an invalid placeholder keydata
    record upon a refresh failure, which prevented the
    database of managed keys from subsequently being read
    back. This has been fixed. [GL #2686]
  * KASP support was extended with the "check DS" feature.
    Zones with "dnssec-policy" and "parental-agents"
    configured now check for DS presence and can perform
    automatic KSK rollovers. [GL #1126]
  * Rescheduling a setnsec3param() task when a zone failed
    to load on startup caused a hang on shutdown. This has
    been fixed. [GL #2791]
  * The configuration-checking code failed to account for
    the inheritance rules of the "dnssec-policy" option.
    This has been fixed. [GL #2780]
  * If nsupdate sends an SOA request and receives a REFUSED
    response, it now fails over to the next available
    server. [GL #2758]
  * For UDP messages larger than the path MTU, named now
    sends an empty response with the TC (TrunCated) bit set.
    In addition, setting the DF (Don't Fragment) flag on
    outgoing UDP sockets was re-enabled. [GL #2790]
  * Views with recursion disabled are now configured with a
    default cache size of 2 MB unless "max-cache-size" is
    explicitly set. This prevents cache RBT hash tables from
    being needlessly preallocated for such views. [GL #2777]
  * Change 5644 inadvertently introduced a deadlock: when
    locking the key file mutex for each zone structure in a
    different view, the "in-view" logic was not considered.
    This has been fixed. [GL #2783]
  * Increasing "max-cache-size" for a running named instance
    (using "rndc reconfig") did not cause the hash tables
    used by cache databases to be grown accordingly. This
    has been fixed. [GL #2770]
  * Signed, insecure delegation responses prepared by named
    either lacked the necessary NSEC records or contained
    duplicate NSEC records when both wildcard expansion and
    CNAME chaining were required to prepare the response.
    This has been fixed. [GL #2759]
  * A bug that caused the NSEC3 salt to be changed on every
    restart for zones using KASP has been fixed. [GL #2725]

OBS-URL: https://build.opensuse.org/request/show/909186
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=326
---
 bind-9.16.18.tar.xz            |  3 ---
 bind-9.16.18.tar.xz.sha512.asc | 17 ------------
 bind-9.16.19.tar.xz            |  3 +++
 bind-9.16.19.tar.xz.sha512.asc | 16 ++++++++++++
 bind.changes                   | 48 ++++++++++++++++++++++++++++++++++
 bind.spec                      |  2 +-
 named.root                     |  6 ++---
 7 files changed, 71 insertions(+), 24 deletions(-)
 delete mode 100644 bind-9.16.18.tar.xz
 delete mode 100644 bind-9.16.18.tar.xz.sha512.asc
 create mode 100644 bind-9.16.19.tar.xz
 create mode 100644 bind-9.16.19.tar.xz.sha512.asc

diff --git a/bind-9.16.18.tar.xz b/bind-9.16.18.tar.xz
deleted file mode 100644
index 6594a0f..0000000
--- a/bind-9.16.18.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3c6263a4364eb5dce233f9f22b90acfa1ec2488d534f91d21663d0ac25ce5e65
-size 5023512
diff --git a/bind-9.16.18.tar.xz.sha512.asc b/bind-9.16.18.tar.xz.sha512.asc
deleted file mode 100644
index 9767b87..0000000
--- a/bind-9.16.18.tar.xz.sha512.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - https://gpgtools.org
-
-iQIzBAABCgAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAmDMkCoACgkQxbTukxqf
-nf34bQ/9HZC8r+H+XFflVINL2MKmOvWYFlBimk437oTEsnFFB78bnsKhnud4p0av
-1Utz5NrFo0Ju3m6MRIe+dFgCSFKO1usf45WHsY3ROAXAcWpSkC24Qdw91Tc6jETE
-2YRBReIeHU0VC7ak5MxlFbKEfGtUHbpXSmmP89v6PA1ZD1uWi47IHhMs/d+eJXPQ
-DoPCQxiEZ4dzCRC0v0xzsbXlAXEUDTqLpMk6jcMTKQY5uwuKugOHzvuWLbJYtCZ/
-l9bqUnf1bvgMNFvqvC7Z76Nx4MdyaJVfpG65A8b/6i+7Ru4rPGjJck3sn4x3Lh6/
-U+b709bZpa3dyyw/nuONQNIG89MRKjjhkDesh8FadkvtBeo1HFRtGNic3RFVue0u
-vIX80leersVMTd2Yddq9vWNVNJS4kBpSzSN1fZxlZBMryvY5JPJXJi+yLxXyTxX/
-bMcyui8RIMvu9t3EVxUD6I6ob/bUC/lmGya9zmQ8DuRucRqCb9mPjNNTzdpVLw4l
-uv+1PmKtkfceHJikS8K/AMUYoKSdTyZbRAzGOro7Hv5GGVMH0iLrlyhI1BmzJN2i
-eBNIRvf9zRg/6/1sHj6omcDXcp0Smj8s5qhBbCEScSl7x1mWdNZy48m4IB5f8RFb
-dtKfsVvHqZ49/FB5XGV2mwGOwqxf/4EH/vlq2uZ+fK4Z74uH4+o=
-=mOJQ
------END PGP SIGNATURE-----
diff --git a/bind-9.16.19.tar.xz b/bind-9.16.19.tar.xz
new file mode 100644
index 0000000..32942ef
--- /dev/null
+++ b/bind-9.16.19.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:20bf727559302c933475904847041916bb6c279680c170babc01a76998e80ad3
+size 5039240
diff --git a/bind-9.16.19.tar.xz.sha512.asc b/bind-9.16.19.tar.xz.sha512.asc
new file mode 100644
index 0000000..899f532
--- /dev/null
+++ b/bind-9.16.19.tar.xz.sha512.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE6atueSM8BBbomT9FDAOvqQpZZ8QFAmDuC5IACgkQDAOvqQpZ
+Z8SEchAAn/4HOK04/Tt4PSv0hWGMBMXvbx/WKhVgQhGooGiHekPTM49kxjQCvFT8
+sSH9uq5FEGbL+98fM1r9qNkjl+tivZ9w7EhE/wahUNxacGzv87XE8QndVxCoUFE4
+NeU4D81yh665HxhZUCWXEgAUUWrZ6c6jBymKo/xkZw/ou53Xukk12IJb/PG2vv8O
+3vVDSBuZagcBu/hCzK8us0uCRsTQSHx6e0QKYABjXLr9bkSignI42sH8OjBzSmBi
+4ui21sa2UgR2Iw9t/v6QPHBnWxASUjBfiUOpYIXDMW1F/bAGShN1i3WMKn+vYsI+
+Q6fJpBjFmG5cwbWwgtuS+Gmm2E8gQCFA87h3u7t5WbZP/j2iiul06JARhVbEY3Kq
+06PqvAqkiFAiD1zidhsTax/vzOXcjjrWL07sx4Z8S57TAMZ2JpTw28ObFXyT4k6w
+zSzoRC8OY9lbesCvsMQMcuZDCayB6ssA38FzBKUFQmwwg96eFIAtkLKVklYibME8
+EKWd7GHur6ulpRd2IW608zeKRiunVJycI3LVMdJyJx2XmROMrivYxAnbcYOx+iT/
+gocuPgnsz45IWoqG2P/Q1RER12I01q7tmZflyYNiQdG3rIcwnfLXIoEYYDXotFzU
+bnRdcuQcjVWVe24lZnNNnW5r+5korVDzQ3wVGhcY8fM30YhqqFk=
+=7G5u
+-----END PGP SIGNATURE-----
diff --git a/bind.changes b/bind.changes
index 53f5488..31a4a73 100644
--- a/bind.changes
+++ b/bind.changes
@@ -1,3 +1,51 @@
+-------------------------------------------------------------------
+Thu Jul 29 13:14:28 UTC 2021 - Paolo Stivanin <info@paolostivanin.com>
+
+- Update to 9.16.19
+  * A race condition could occur where two threads were
+    competing for the same set of key file locks, leading to
+    a deadlock. This has been fixed. [GL #2786]
+  * create_keydata() created an invalid placeholder keydata
+    record upon a refresh failure, which prevented the
+    database of managed keys from subsequently being read
+    back. This has been fixed. [GL #2686]
+  * KASP support was extended with the "check DS" feature.
+    Zones with "dnssec-policy" and "parental-agents"
+    configured now check for DS presence and can perform
+    automatic KSK rollovers. [GL #1126]
+  * Rescheduling a setnsec3param() task when a zone failed
+    to load on startup caused a hang on shutdown. This has
+    been fixed. [GL #2791]
+  * The configuration-checking code failed to account for
+    the inheritance rules of the "dnssec-policy" option.
+    This has been fixed. [GL #2780]
+  * If nsupdate sends an SOA request and receives a REFUSED
+    response, it now fails over to the next available
+    server. [GL #2758]
+  * For UDP messages larger than the path MTU, named now
+    sends an empty response with the TC (TrunCated) bit set.
+    In addition, setting the DF (Don't Fragment) flag on
+    outgoing UDP sockets was re-enabled. [GL #2790]
+  * Views with recursion disabled are now configured with a
+    default cache size of 2 MB unless "max-cache-size" is
+    explicitly set. This prevents cache RBT hash tables from
+    being needlessly preallocated for such views. [GL #2777]
+  * Change 5644 inadvertently introduced a deadlock: when
+    locking the key file mutex for each zone structure in a
+    different view, the "in-view" logic was not considered.
+    This has been fixed. [GL #2783]
+  * Increasing "max-cache-size" for a running named instance
+    (using "rndc reconfig") did not cause the hash tables
+    used by cache databases to be grown accordingly. This
+    has been fixed. [GL #2770]
+  * Signed, insecure delegation responses prepared by named
+    either lacked the necessary NSEC records or contained
+    duplicate NSEC records when both wildcard expansion and
+    CNAME chaining were required to prepare the response.
+    This has been fixed. [GL #2759]
+  * A bug that caused the NSEC3 salt to be changed on every
+    restart for zones using KASP has been fixed. [GL #2725]
+
 -------------------------------------------------------------------
 Wed Jul 21 09:34:15 UTC 2021 - Josef Möllers <josef.moellers@suse.com>
 
diff --git a/bind.spec b/bind.spec
index 431cc48..85a4d85 100644
--- a/bind.spec
+++ b/bind.spec
@@ -45,7 +45,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.16.18
+Version:        9.16.19
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0
diff --git a/named.root b/named.root
index defb4ea..1dc6ce9 100644
--- a/named.root
+++ b/named.root
@@ -8,9 +8,9 @@
 ;           file                /domain/named.cache 
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
-; 
-;       last update:     November 11, 2020 
-;       related version of root zone:     2020111101
+;
+;       last update:     July 28, 2021
+;       related version of root zone:     2021072802
 ; 
 ; FORMERLY NS.INTERNIC.NET 
 ;