diff --git a/baselibs.conf b/baselibs.conf index 9335a2e..c0e5de5 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,17 +1,17 @@ libbind9-1600 -libdns1608 +libdns1610 libirs1601 -libisc1607 +libisc1608 obsoletes "bind-libs- = " provides "bind-libs- = " libisccc1600 -libisccfg1601 -libns1605 +libisccfg1602 +libns1606 bind-devel requires -bind- requires "libbind9-1600- = " - requires "libdns1608- = " + requires "libdns1610- = " requires "libirs1601- = " - requires "libisc1607- = " + requires "libisc1608- = " requires "libisccc1600- = " - requires "libisccfg1601- = " + requires "libisccfg1602- = " diff --git a/bind-9.16.10.tar.xz b/bind-9.16.10.tar.xz new file mode 100644 index 0000000..5083e2d --- /dev/null +++ b/bind-9.16.10.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bc47fc019c6205e6a6bfb839c544a1472321df0537ba905b846a4cbffe3362b3 +size 3269696 diff --git a/bind-9.16.10.tar.xz.sha512.asc b/bind-9.16.10.tar.xz.sha512.asc new file mode 100644 index 0000000..8062e77 --- /dev/null +++ b/bind-9.16.10.tar.xz.sha512.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEElc7aJWscoKFfMC+1lSGn7V2s6RgFAl/Xs+kACgkQlSGn7V2s +6RiWqhAAqJcELI++5TjipTsmV42navWlnHDD6ccpuhNDVGusX1+HA3n3n7ne8dNX +PrYtDU0ZiCr1yj6vBldtttD0MpRVfr3+UaLQesD1vVty+FffnzxaR0RhHiIe3X4U +220qypWsfSkf+lmSLuc1U1sSPkclhBMV43WDs06gJXGdU+qt+4pJfqdo1cnbZ7dG +0iWouSt/mkSGpX5XApC9foT0S8DUQumYv41eo40NCaoqd8DT8Yok8Xq2pdDDpzPg +3rCEuIixU8yVDvKLbEBrN2wxx60PFW77vMD1WAQjZTexbvNmFoWcmFVvSgkQRP1A +4nvQ8DAVSSOhoJlzXafDcpVOCyEJ68AHortryf+rVv48tVMkCgFzDa8SBjcrRP1r +uYcx0pJAQy2ZjTkjk6CJuInvPrYV7lq05X3PnXGsvVRvV3bJPqSqq5iHSYxY3BVh +tWNx8C7zpMdHoq7Si47v5/qLh92V8bVA9xWHAwtrs6xvojgwhl9iI0EkZRfjbzvW +HPqyEYbUBYppORuGoKgK5a8Jh8j/1slb8A7jrhaLXOrXrASbfvblAXTh7Uqk4lSe +OB33cqvn8x4eYYjrjdkss989RBT3m5GBmOrDaGsJT/BlvA3t/J2ViOQBf4DcuDdY +AsPf3kqMYorUaJo2hBFlqsJqHLcJn4+nlVvEVO9cmlZlX1vuYLU= +=cLza +-----END PGP SIGNATURE----- diff --git a/bind-9.16.8.tar.xz b/bind-9.16.8.tar.xz deleted file mode 100644 index 50ccc96..0000000 --- a/bind-9.16.8.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9e9b9c563692be86ec41f670f6b70e26c14e72445c742d7b5eb4db7d2b5e8d31 -size 3253744 diff --git a/bind-9.16.8.tar.xz.sha512.asc b/bind-9.16.8.tar.xz.sha512.asc deleted file mode 100644 index 6df5d1f..0000000 --- a/bind-9.16.8.tar.xz.sha512.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEElc7aJWscoKFfMC+1lSGn7V2s6RgFAl+N4mQACgkQlSGn7V2s -6Rh6mQ//TrRXM01M4lfZ1zFMn+59OB2ihOrkzUELo0F6MtDGXOBFwQBg6YfG5EI3 -/3UCdE04LoI52IS/KXqylsZ+on0iyDATnIxcZXj4C88/3PwnbzPCjwws2+hbj/C2 -cEcHl2HiQ3brRly3XptceViJ6yJwAErrzRD4yIP7fY1bAHaXqeGj7focmA+DEqrA -5K5BEl5Yyxc96EF11AyWEpKFzQyQrTnRaUANll1V8k/JY5405DQQGyM6Dfc/yeHc -xi9xGk7tckIsZ4kyq0k7KrC1W49mgPngVLa/Cm3AORPXWs3V8ypPN88xRxil4oR0 -Q8cFAxUbe7XifQnHmQSnfwT+9DNcb/xA9HMpVnSAr9blI3/BtH++tvvS6spxtJSO -crRYT9gNhKlGOsVa3ZjdX4yXwbiw8F1fJ06Ii+94iL3hRH/f9LnFY4DFMw36z5aR -fsI9SbjCKZEMcAOhhCU1jlrEU8JLf0StlyNaGNJvP0ErJMZCGqCq3qtjJiIMVNDx -U8/7ARZlj67U4haUjqc+vPEou2uGShUMjJTMJmkyU0JD3XtOvLaDoQlpqrYg08TU -OvHB2f0XWzb60qGnZzZ6vjot6VEcdTT32atEvTp0YnZ41uVg/2vof+4rWXb+9ty3 -5Spl9ThsBAkXkcOwqOf81ybwuQKdDbfdm1XFTP3SLAjfdIRrjkE= -=c3U6 ------END PGP SIGNATURE----- diff --git a/bind.changes b/bind.changes index d5b18de..953600d 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,57 @@ +------------------------------------------------------------------- +Tue Dec 29 19:28:46 UTC 2020 - Dirk Müller + +- update to 9.16.10: + New Features: + * NSEC3 support was added to KASP. A new option for dnssec-policy, + nsec3param, can be used to set the desired NSEC3 parameters. NSEC3 salt + collisions are automatically prevented during resalting. [GL #1620] + + * A new configuration option, stale-refresh-time, has been introduced. It allows + a stale RRset to be served directly from cache for a period of time after a + failed lookup, before a new attempt to refresh it is made. [GL #2066] + + Feature Changes: + * The default value of max-recursion-queries was increased from 75 to 100. + Since the queries sent towards root and TLD servers are now included in the + count (as a result of the fix for CVE-2020-8616), max-recursion-queries has + a higher chance of being exceeded by non-attack queries, which is the main + reason for increasing its default value. [GL #2305] + + The default value of nocookie-udp-size was restored back to 4096 bytes. Since + max-udp-size is the upper bound for nocookie-udp-size, this change relieves the + operator from having to change nocookie-udp-size together with max-udp-size in + order to increase the default EDNS buffer size limit. nocookie-udp-size can + still be set to a value lower than max-udp-size, if desired. [GL #2250] + + Bug Fixes: + Handling of missing DNS COOKIE responses over UDP was tightened by falling + back to TCP. [GL #2275] + + The CNAME synthesized from a DNAME was incorrectly followed when the QTYPE was + CNAME or ANY. [GL #2280] + + Building with native PKCS#11 support for AEP Keyper has been broken since BIND + 9.16.6. This has been fixed. [GL #2315] + + named could crash with an assertion failure if a TCP connection were closed + while a request was still being processed. [GL #2227] + + named acting as a resolver could incorrectly treat signed zones with no DS + record at the parent as bogus. Such zones should be treated as insecure. This + has been fixed. [GL #2236] + + After a Negative Trust Anchor (NTA) is added, BIND performs periodic checks + to see if it is still necessary. If BIND encountered a failure while creating a + query to perform such a check, it attempted to dereference a NULL pointer, + resulting in a crash. [GL #2244] + + A problem obtaining glue records could prevent a stub zone from functioning + properly, if the authoritative server for the zone were configured for minimal + responses. [GL #1736] + + UV_EOF is no longer treated as a TCP4RecvErr or a TCP6RecvErr. [GL #2208] + ------------------------------------------------------------------- Wed Nov 11 10:55:46 UTC 2020 - Josef Möllers diff --git a/bind.spec b/bind.spec index e0c6c2b..8d7c29a 100644 --- a/bind.spec +++ b/bind.spec @@ -20,17 +20,17 @@ # Note that the sonums are LIBINTERFACE - LIBAGE %define bind9_sonum 1600 %define libbind9 libbind9-%{bind9_sonum} -%define dns_sonum 1608 +%define dns_sonum 1610 %define libdns libdns%{dns_sonum} %define irs_sonum 1601 %define libirs libirs%{irs_sonum} -%define isc_sonum 1607 +%define isc_sonum 1608 %define libisc libisc%{isc_sonum} %define isccc_sonum 1600 %define libisccc libisccc%{isccc_sonum} -%define isccfg_sonum 1601 +%define isccfg_sonum 1602 %define libisccfg libisccfg%{isccfg_sonum} -%define ns_sonum 1605 +%define ns_sonum 1606 %define libns libns%{ns_sonum} %define VENDOR SUSE @@ -61,7 +61,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.16.8 +Version: 9.16.10 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 diff --git a/named.root b/named.root index 416c3b3..defb4ea 100644 --- a/named.root +++ b/named.root @@ -9,8 +9,8 @@ ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; -; last update: February 20, 2020 -; related version of root zone: 2020022000 +; last update: November 11, 2020 +; related version of root zone: 2020111101 ; ; FORMERLY NS.INTERNIC.NET ;