Accepting request 859291 from home:dirkmueller:branches:network

- update to 9.16.10: New Features: * NSEC3 support was added to KASP. A new option for dnssec-policy, nsec3param, can be used to set the desired NSEC3 parameters. NSEC3 salt collisions are automatically prevented during resalting. [GL #1620] * A new configuration option, stale-refresh-time, has been introduced. It allows a stale RRset to be served directly from cache for a period of time after a failed lookup, before a new attempt to refresh it is made. [GL #2066] Feature Changes: * The default value of max-recursion-queries was increased from 75 to 100. Since the queries sent towards root and TLD servers are now included in the count (as a result of the fix for CVE-2020-8616), max-recursion-queries has a higher chance of being exceeded by non-attack queries, which is the main reason for increasing its default value. [GL #2305] The default value of nocookie-udp-size was restored back to 4096 bytes. Since max-udp-size is the upper bound for nocookie-udp-size, this change relieves the operator from having to change nocookie-udp-size together with max-udp-size in order to increase the default EDNS buffer size limit. nocookie-udp-size can still be set to a value lower than max-udp-size, if desired. [GL #2250] Bug Fixes: Handling of missing DNS COOKIE responses over UDP was tightened by falling back to TCP. [GL #2275] The CNAME synthesized from a DNAME was incorrectly followed when the QTYPE was CNAME or ANY. [GL #2280] Building with native PKCS#11 support for AEP Keyper has been broken since BIND 9.16.6. This has been fixed. [GL #2315] named could crash with an assertion failure if a TCP connection were closed while a request was still being processed. [GL #2227] named acting as a resolver could incorrectly treat signed zones with no DS record at the parent as bogus. Such zones should be treated as insecure. This OBS-URL: https://build.opensuse.org/request/show/859291 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=306
2021-01-07 11:50:54 +00:00 · 2021-01-07 11:50:54 +00:00 · b585e7fb90
commit b585e7fb90
parent d00771e830
8 changed files with 87 additions and 33 deletions
--- a/baselibs.conf
+++ b/baselibs.conf
@ -1,17 +1,17 @@
 libbind9-1600
-libdns1608
+libdns1610
 libirs1601
-libisc1607
+libisc1608
 	obsoletes "bind-libs-<targettype> = <version>"
 	provides "bind-libs-<targettype> = <version>"
 libisccc1600
-libisccfg1601
+libisccfg1602
-libns1605
+libns1606
 bind-devel
 	requires -bind-<targettype>
 	requires "libbind9-1600-<targettype> = <version>"
-	requires "libdns1608-<targettype> = <version>"
+	requires "libdns1610-<targettype> = <version>"
 	requires "libirs1601-<targettype> = <version>"
-	requires "libisc1607-<targettype> = <version>"
+	requires "libisc1608-<targettype> = <version>"
 	requires "libisccc1600-<targettype> = <version>"
-	requires "libisccfg1601-<targettype> = <version>"
+	requires "libisccfg1602-<targettype> = <version>"
--- a/bind-9.16.10.tar.xz
+++ b/bind-9.16.10.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:bc47fc019c6205e6a6bfb839c544a1472321df0537ba905b846a4cbffe3362b3
 size 3269696
--- a/bind-9.16.10.tar.xz.sha512.asc
+++ b/bind-9.16.10.tar.xz.sha512.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEElc7aJWscoKFfMC+1lSGn7V2s6RgFAl/Xs+kACgkQlSGn7V2s
 6RiWqhAAqJcELI++5TjipTsmV42navWlnHDD6ccpuhNDVGusX1+HA3n3n7ne8dNX
 PrYtDU0ZiCr1yj6vBldtttD0MpRVfr3+UaLQesD1vVty+FffnzxaR0RhHiIe3X4U
 220qypWsfSkf+lmSLuc1U1sSPkclhBMV43WDs06gJXGdU+qt+4pJfqdo1cnbZ7dG
 0iWouSt/mkSGpX5XApC9foT0S8DUQumYv41eo40NCaoqd8DT8Yok8Xq2pdDDpzPg
 3rCEuIixU8yVDvKLbEBrN2wxx60PFW77vMD1WAQjZTexbvNmFoWcmFVvSgkQRP1A
 4nvQ8DAVSSOhoJlzXafDcpVOCyEJ68AHortryf+rVv48tVMkCgFzDa8SBjcrRP1r
 uYcx0pJAQy2ZjTkjk6CJuInvPrYV7lq05X3PnXGsvVRvV3bJPqSqq5iHSYxY3BVh
 tWNx8C7zpMdHoq7Si47v5/qLh92V8bVA9xWHAwtrs6xvojgwhl9iI0EkZRfjbzvW
 HPqyEYbUBYppORuGoKgK5a8Jh8j/1slb8A7jrhaLXOrXrASbfvblAXTh7Uqk4lSe
 OB33cqvn8x4eYYjrjdkss989RBT3m5GBmOrDaGsJT/BlvA3t/J2ViOQBf4DcuDdY
 AsPf3kqMYorUaJo2hBFlqsJqHLcJn4+nlVvEVO9cmlZlX1vuYLU=
 =cLza
 -----END PGP SIGNATURE-----
--- a/bind-9.16.8.tar.xz
+++ b/bind-9.16.8.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:9e9b9c563692be86ec41f670f6b70e26c14e72445c742d7b5eb4db7d2b5e8d31
 size 3253744
--- a/bind-9.16.8.tar.xz.sha512.asc
+++ b/bind-9.16.8.tar.xz.sha512.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEElc7aJWscoKFfMC+1lSGn7V2s6RgFAl+N4mQACgkQlSGn7V2s
 6Rh6mQ//TrRXM01M4lfZ1zFMn+59OB2ihOrkzUELo0F6MtDGXOBFwQBg6YfG5EI3
 /3UCdE04LoI52IS/KXqylsZ+on0iyDATnIxcZXj4C88/3PwnbzPCjwws2+hbj/C2
 cEcHl2HiQ3brRly3XptceViJ6yJwAErrzRD4yIP7fY1bAHaXqeGj7focmA+DEqrA
 5K5BEl5Yyxc96EF11AyWEpKFzQyQrTnRaUANll1V8k/JY5405DQQGyM6Dfc/yeHc
 xi9xGk7tckIsZ4kyq0k7KrC1W49mgPngVLa/Cm3AORPXWs3V8ypPN88xRxil4oR0
 Q8cFAxUbe7XifQnHmQSnfwT+9DNcb/xA9HMpVnSAr9blI3/BtH++tvvS6spxtJSO
 crRYT9gNhKlGOsVa3ZjdX4yXwbiw8F1fJ06Ii+94iL3hRH/f9LnFY4DFMw36z5aR
 fsI9SbjCKZEMcAOhhCU1jlrEU8JLf0StlyNaGNJvP0ErJMZCGqCq3qtjJiIMVNDx
 U8/7ARZlj67U4haUjqc+vPEou2uGShUMjJTMJmkyU0JD3XtOvLaDoQlpqrYg08TU
 OvHB2f0XWzb60qGnZzZ6vjot6VEcdTT32atEvTp0YnZ41uVg/2vof+4rWXb+9ty3
 5Spl9ThsBAkXkcOwqOf81ybwuQKdDbfdm1XFTP3SLAjfdIRrjkE=
 =c3U6
 -----END PGP SIGNATURE-----
--- a/bind.changes
+++ b/bind.changes
@ -1,3 +1,57 @@
 -------------------------------------------------------------------
 Tue Dec 29 19:28:46 UTC 2020 - Dirk Müller <dmueller@suse.com>
 - update to 9.16.10:
  New Features:
  * NSEC3 support was added to KASP. A new option for dnssec-policy,
  nsec3param, can be used to set the desired NSEC3 parameters. NSEC3 salt
  collisions are automatically prevented during resalting. [GL #1620]
  * A new configuration option, stale-refresh-time, has been introduced. It allows
  a stale RRset to be served directly from cache for a period of time after a
  failed lookup, before a new attempt to refresh it is made. [GL #2066]
  Feature Changes:
  * The default value of max-recursion-queries was increased from 75 to 100.
  Since the queries sent towards root and TLD servers are now included in the
  count (as a result of the fix for CVE-2020-8616), max-recursion-queries has
  a higher chance of being exceeded by non-attack queries, which is the main
  reason for increasing its default value. [GL #2305]
  The default value of nocookie-udp-size was restored back to 4096 bytes. Since
  max-udp-size is the upper bound for nocookie-udp-size, this change relieves the
  operator from having to change nocookie-udp-size together with max-udp-size in
  order to increase the default EDNS buffer size limit. nocookie-udp-size can
  still be set to a value lower than max-udp-size, if desired. [GL #2250]
  Bug Fixes:
  Handling of missing DNS COOKIE responses over UDP was tightened by falling
  back to TCP. [GL #2275]
  The CNAME synthesized from a DNAME was incorrectly followed when the QTYPE was
  CNAME or ANY. [GL #2280]
  Building with native PKCS#11 support for AEP Keyper has been broken since BIND
  9.16.6. This has been fixed. [GL #2315]
  named could crash with an assertion failure if a TCP connection were closed
  while a request was still being processed. [GL #2227]
  named acting as a resolver could incorrectly treat signed zones with no DS
  record at the parent as bogus. Such zones should be treated as insecure. This
  has been fixed. [GL #2236]
  After a Negative Trust Anchor (NTA) is added, BIND performs periodic checks
  to see if it is still necessary. If BIND encountered a failure while creating a
  query to perform such a check, it attempted to dereference a NULL pointer,
  resulting in a crash. [GL #2244]
  A problem obtaining glue records could prevent a stub zone from functioning
  properly, if the authoritative server for the zone were configured for minimal
  responses. [GL #1736]
  UV_EOF is no longer treated as a TCP4RecvErr or a TCP6RecvErr. [GL #2208]
 -------------------------------------------------------------------
 Wed Nov 11 10:55:46 UTC 2020 - Josef Möllers <josef.moellers@suse.com>
--- a/bind.spec
+++ b/bind.spec
@ -20,17 +20,17 @@
 # Note that the sonums are LIBINTERFACE - LIBAGE
 %define bind9_sonum 1600
 %define libbind9 libbind9-%{bind9_sonum}
-%define dns_sonum 1608
+%define dns_sonum 1610
 %define libdns libdns%{dns_sonum}
 %define irs_sonum 1601
 %define libirs libirs%{irs_sonum}
-%define isc_sonum 1607
+%define isc_sonum 1608
 %define libisc libisc%{isc_sonum}
 %define isccc_sonum 1600
 %define libisccc libisccc%{isccc_sonum}
-%define isccfg_sonum 1601
+%define isccfg_sonum 1602
 %define libisccfg libisccfg%{isccfg_sonum}
-%define ns_sonum 1605
+%define ns_sonum 1606
 %define libns libns%{ns_sonum}
 %define	VENDOR SUSE
@ -61,7 +61,7 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.16.8
+Version:        9.16.10
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0
--- a/named.root
+++ b/named.root
@ -9,8 +9,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ; 
-;       last update:     February 20, 2020 
+;       last update:     November 11, 2020 
-;       related version of root zone:     2020022000
+;       related version of root zone:     2020111101
 ; 
 ; FORMERLY NS.INTERNIC.NET 
 ;