Accepting request 859291 from home:dirkmueller:branches:network

- update to 9.16.10: New Features: * NSEC3 support was added to KASP. A new option for dnssec-policy, nsec3param, can be used to set the desired NSEC3 parameters. NSEC3 salt collisions are automatically prevented during resalting. [GL #1620] * A new configuration option, stale-refresh-time, has been introduced. It allows a stale RRset to be served directly from cache for a period of time after a failed lookup, before a new attempt to refresh it is made. [GL #2066] Feature Changes: * The default value of max-recursion-queries was increased from 75 to 100. Since the queries sent towards root and TLD servers are now included in the count (as a result of the fix for CVE-2020-8616), max-recursion-queries has a higher chance of being exceeded by non-attack queries, which is the main reason for increasing its default value. [GL #2305] The default value of nocookie-udp-size was restored back to 4096 bytes. Since max-udp-size is the upper bound for nocookie-udp-size, this change relieves the operator from having to change nocookie-udp-size together with max-udp-size in order to increase the default EDNS buffer size limit. nocookie-udp-size can still be set to a value lower than max-udp-size, if desired. [GL #2250] Bug Fixes: Handling of missing DNS COOKIE responses over UDP was tightened by falling back to TCP. [GL #2275] The CNAME synthesized from a DNAME was incorrectly followed when the QTYPE was CNAME or ANY. [GL #2280] Building with native PKCS#11 support for AEP Keyper has been broken since BIND 9.16.6. This has been fixed. [GL #2315] named could crash with an assertion failure if a TCP connection were closed while a request was still being processed. [GL #2227] named acting as a resolver could incorrectly treat signed zones with no DS record at the parent as bogus. Such zones should be treated as insecure. This OBS-URL: https://build.opensuse.org/request/show/859291 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=306
2021-01-07 11:50:54 +00:00 · 2021-01-07 11:50:54 +00:00 · b585e7fb90
commit b585e7fb90
parent d00771e830
8 changed files with 87 additions and 33 deletions
--- a/baselibs.conf
+++ b/baselibs.conf
@ -1,17 +1,17 @@
 libbind9-1600
-libdns1608
+libdns1610
 libirs1601
-libisc1607
+libisc1608
 	obsoletes "bind-libs-<targettype> = <version>"
 	provides "bind-libs-<targettype> = <version>"
 libisccc1600
-libisccfg1601
-libns1605
+libisccfg1602
+libns1606
 bind-devel
 	requires -bind-<targettype>
 	requires "libbind9-1600-<targettype> = <version>"
-	requires "libdns1608-<targettype> = <version>"
+	requires "libdns1610-<targettype> = <version>"
 	requires "libirs1601-<targettype> = <version>"
-	requires "libisc1607-<targettype> = <version>"
+	requires "libisc1608-<targettype> = <version>"
 	requires "libisccc1600-<targettype> = <version>"
-	requires "libisccfg1601-<targettype> = <version>"
+	requires "libisccfg1602-<targettype> = <version>"
--- a/bind-9.16.10.tar.xz
+++ b/bind-9.16.10.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bc47fc019c6205e6a6bfb839c544a1472321df0537ba905b846a4cbffe3362b3
+size 3269696
--- a/bind-9.16.10.tar.xz.sha512.asc
+++ b/bind-9.16.10.tar.xz.sha512.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEElc7aJWscoKFfMC+1lSGn7V2s6RgFAl/Xs+kACgkQlSGn7V2s
+6RiWqhAAqJcELI++5TjipTsmV42navWlnHDD6ccpuhNDVGusX1+HA3n3n7ne8dNX
+PrYtDU0ZiCr1yj6vBldtttD0MpRVfr3+UaLQesD1vVty+FffnzxaR0RhHiIe3X4U
+220qypWsfSkf+lmSLuc1U1sSPkclhBMV43WDs06gJXGdU+qt+4pJfqdo1cnbZ7dG
+0iWouSt/mkSGpX5XApC9foT0S8DUQumYv41eo40NCaoqd8DT8Yok8Xq2pdDDpzPg
+3rCEuIixU8yVDvKLbEBrN2wxx60PFW77vMD1WAQjZTexbvNmFoWcmFVvSgkQRP1A
+4nvQ8DAVSSOhoJlzXafDcpVOCyEJ68AHortryf+rVv48tVMkCgFzDa8SBjcrRP1r
+uYcx0pJAQy2ZjTkjk6CJuInvPrYV7lq05X3PnXGsvVRvV3bJPqSqq5iHSYxY3BVh
+tWNx8C7zpMdHoq7Si47v5/qLh92V8bVA9xWHAwtrs6xvojgwhl9iI0EkZRfjbzvW
+HPqyEYbUBYppORuGoKgK5a8Jh8j/1slb8A7jrhaLXOrXrASbfvblAXTh7Uqk4lSe
+OB33cqvn8x4eYYjrjdkss989RBT3m5GBmOrDaGsJT/BlvA3t/J2ViOQBf4DcuDdY
+AsPf3kqMYorUaJo2hBFlqsJqHLcJn4+nlVvEVO9cmlZlX1vuYLU=
+=cLza
+-----END PGP SIGNATURE-----
--- a/bind-9.16.8.tar.xz
+++ b/bind-9.16.8.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9e9b9c563692be86ec41f670f6b70e26c14e72445c742d7b5eb4db7d2b5e8d31
-size 3253744
--- a/bind-9.16.8.tar.xz.sha512.asc
+++ b/bind-9.16.8.tar.xz.sha512.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEElc7aJWscoKFfMC+1lSGn7V2s6RgFAl+N4mQACgkQlSGn7V2s
-6Rh6mQ//TrRXM01M4lfZ1zFMn+59OB2ihOrkzUELo0F6MtDGXOBFwQBg6YfG5EI3
-/3UCdE04LoI52IS/KXqylsZ+on0iyDATnIxcZXj4C88/3PwnbzPCjwws2+hbj/C2
-cEcHl2HiQ3brRly3XptceViJ6yJwAErrzRD4yIP7fY1bAHaXqeGj7focmA+DEqrA
-5K5BEl5Yyxc96EF11AyWEpKFzQyQrTnRaUANll1V8k/JY5405DQQGyM6Dfc/yeHc
-xi9xGk7tckIsZ4kyq0k7KrC1W49mgPngVLa/Cm3AORPXWs3V8ypPN88xRxil4oR0
-Q8cFAxUbe7XifQnHmQSnfwT+9DNcb/xA9HMpVnSAr9blI3/BtH++tvvS6spxtJSO
-crRYT9gNhKlGOsVa3ZjdX4yXwbiw8F1fJ06Ii+94iL3hRH/f9LnFY4DFMw36z5aR
-fsI9SbjCKZEMcAOhhCU1jlrEU8JLf0StlyNaGNJvP0ErJMZCGqCq3qtjJiIMVNDx
-U8/7ARZlj67U4haUjqc+vPEou2uGShUMjJTMJmkyU0JD3XtOvLaDoQlpqrYg08TU
-OvHB2f0XWzb60qGnZzZ6vjot6VEcdTT32atEvTp0YnZ41uVg/2vof+4rWXb+9ty3
-5Spl9ThsBAkXkcOwqOf81ybwuQKdDbfdm1XFTP3SLAjfdIRrjkE=
-=c3U6
-----END PGP SIGNATURE-----
--- a/bind.changes
+++ b/bind.changes
@ -1,3 +1,57 @@
+-------------------------------------------------------------------
+Tue Dec 29 19:28:46 UTC 2020 - Dirk Müller <dmueller@suse.com>
+
+- update to 9.16.10:
+  New Features:
+  * NSEC3 support was added to KASP. A new option for dnssec-policy,
+  nsec3param, can be used to set the desired NSEC3 parameters. NSEC3 salt
+  collisions are automatically prevented during resalting. [GL #1620]
+
+  * A new configuration option, stale-refresh-time, has been introduced. It allows
+  a stale RRset to be served directly from cache for a period of time after a
+  failed lookup, before a new attempt to refresh it is made. [GL #2066]
+
+  Feature Changes:
+  * The default value of max-recursion-queries was increased from 75 to 100.
+  Since the queries sent towards root and TLD servers are now included in the
+  count (as a result of the fix for CVE-2020-8616), max-recursion-queries has
+  a higher chance of being exceeded by non-attack queries, which is the main
+  reason for increasing its default value. [GL #2305]
+
+  The default value of nocookie-udp-size was restored back to 4096 bytes. Since
+  max-udp-size is the upper bound for nocookie-udp-size, this change relieves the
+  operator from having to change nocookie-udp-size together with max-udp-size in
+  order to increase the default EDNS buffer size limit. nocookie-udp-size can
+  still be set to a value lower than max-udp-size, if desired. [GL #2250]
+
+  Bug Fixes:
+  Handling of missing DNS COOKIE responses over UDP was tightened by falling
+  back to TCP. [GL #2275]
+
+  The CNAME synthesized from a DNAME was incorrectly followed when the QTYPE was
+  CNAME or ANY. [GL #2280]
+
+  Building with native PKCS#11 support for AEP Keyper has been broken since BIND
+  9.16.6. This has been fixed. [GL #2315]
+
+  named could crash with an assertion failure if a TCP connection were closed
+  while a request was still being processed. [GL #2227]
+
+  named acting as a resolver could incorrectly treat signed zones with no DS
+  record at the parent as bogus. Such zones should be treated as insecure. This
+  has been fixed. [GL #2236]
+
+  After a Negative Trust Anchor (NTA) is added, BIND performs periodic checks
+  to see if it is still necessary. If BIND encountered a failure while creating a
+  query to perform such a check, it attempted to dereference a NULL pointer,
+  resulting in a crash. [GL #2244]
+
+  A problem obtaining glue records could prevent a stub zone from functioning
+  properly, if the authoritative server for the zone were configured for minimal
+  responses. [GL #1736]
+
+  UV_EOF is no longer treated as a TCP4RecvErr or a TCP6RecvErr. [GL #2208]
+
 -------------------------------------------------------------------
 Wed Nov 11 10:55:46 UTC 2020 - Josef Möllers <josef.moellers@suse.com>

--- a/bind.spec
+++ b/bind.spec
@ -20,17 +20,17 @@
 # Note that the sonums are LIBINTERFACE - LIBAGE
 %define bind9_sonum 1600
 %define libbind9 libbind9-%{bind9_sonum}
-%define dns_sonum 1608
+%define dns_sonum 1610
 %define libdns libdns%{dns_sonum}
 %define irs_sonum 1601
 %define libirs libirs%{irs_sonum}
-%define isc_sonum 1607
+%define isc_sonum 1608
 %define libisc libisc%{isc_sonum}
 %define isccc_sonum 1600
 %define libisccc libisccc%{isccc_sonum}
-%define isccfg_sonum 1601
+%define isccfg_sonum 1602
 %define libisccfg libisccfg%{isccfg_sonum}
-%define ns_sonum 1605
+%define ns_sonum 1606
 %define libns libns%{ns_sonum}

 %define	VENDOR SUSE
@ -61,7 +61,7 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.16.8
+Version:        9.16.10
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0
--- a/named.root
+++ b/named.root
@ -9,8 +9,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ; 
-;       last update:     February 20, 2020 
-;       related version of root zone:     2020022000
+;       last update:     November 11, 2020 
+;       related version of root zone:     2020111101
 ; 
 ; FORMERLY NS.INTERNIC.NET 
 ;