diff --git a/baselibs.conf b/baselibs.conf deleted file mode 100644 index cd9792b..0000000 --- a/baselibs.conf +++ /dev/null @@ -1,17 +0,0 @@ -libbind9-1600 -libdns1611 -libirs1601 -libisc1609 - obsoletes "bind-libs- = " - provides "bind-libs- = " -libisccc1600 -libisccfg1603 -libns1607 -bind-devel - requires -bind- - requires "libbind9-1600- = " - requires "libdns1611- = " - requires "libirs1601- = " - requires "libisc1609- = " - requires "libisccc1600- = " - requires "libisccfg1603- = " diff --git a/bind-9.16.11.tar.xz b/bind-9.16.11.tar.xz deleted file mode 100644 index 1f22c05..0000000 --- a/bind-9.16.11.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0111f64dd7d8f515cfa129e181cce96ff82070d1b27f11a21f6856110d0699c1 -size 5007520 diff --git a/bind-9.16.11.tar.xz.sha512.asc b/bind-9.16.11.tar.xz.sha512.asc deleted file mode 100644 index 409cc75..0000000 --- a/bind-9.16.11.tar.xz.sha512.asc +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEJFV3TUL9/mucOD64/hACvFlwgR8FAmAGro0ACgkQ/hACvFlw -gR8c5Q//Z3W/1SLnIKxUIh+E6wzBOnfwh8BeiuMLHL3dEvWzDxg/MguJJTJN1s5t -ChzI72HRjMyyVbJRsU2ujVQdgh52ZTE8+0Ymt3YPYxQVFdguOSGEaTVN0Ikpjc+Z -5QuOPCUbUVuP7i7Mq4fmY0+lUJnx3eh3QhQx1sBtMj/wWH1BI6PzKfhx+YH9KT2e -dQEsBuAY7RaA8gFYo2GlbqGU83idlorgxol8ePnGOehp2Vo/vpvZ2dRDbkpixekr -Gdy3Uw6GAo/JboG50XnB/Yb+ftx5jV0oDN7bSbLpi1pWEBaqfF1aa+CGTX5qAqUW -e48boWTLtq7NR6ARnzKqyoklmjARy3N3ovks41DIIUvuNEUAu/8d3v3aaRIIyBG5 -Wc5ak0Kzqz64V/qXgHg30q2TWQb6BHcaAhvpjYmo91LW80So40Dz+a/vWOHX5N5y -27aPdfnP/+0JrUP3f0fm54TabR/WdLVJNQ2F2AZJ1R+F+e1b1Wbg7fEgeDdS44I8 -hDBS/glZyhAzS7k2c8R0QC61b7IBp64Y1cdCTRlLEJ4Y2PowprO6Kv1M1X4O2RMm -LxnFNcV44Is3GLSh82h3oqSLmBpsN5r5CWoFcxy6La1cwXywAviqXsTn4wOJTrbj -wmcrnPPx9NuFS7p/tqnaaKVhvhdgNshn727oH9P0SKhFMes3UACJAjMEAAEKAB0W -IQSVztolaxygoV8wL7WVIaftXazpGAUCYAaujQAKCRCVIaftXazpGPDkEADaDTOh -Tlm7xsiGs9STi5g4XmgWCo0VwhUYdy3rQG5u/pNM6FloWoooILvmrsSJThceocB3 -ivqOn3T1Tw3FI1DxfTBl1aa0AYARxGq4ehMZCvIvWqVOeMlODY2Ju8wHt50VCtn+ -phActtSiFseMBb1J5U/qEd6Q8M/ABDZQxzn9KYS5Nu7/a3dex9yNcvzrdoBDZA8M -37SV+ZJyEz658vxh9z7Rq3FmnAqUGsPT3lQVQzenl1vcLj4T9XUs3w1GLRW8NtY9 -9c3mcmYbngz0SQFbFhIvbBw+0KmhTR0qZmwRmXDVXMAjcOx9gsCLL7BtwkzbFS7u -qfSv1lbSi40UqsYOTZi6W5LcQ0zbcqOGm+1OGWW1nSIQIakXa0RPMRtMRgSBeefY -PdEiG05fQMBkDkHFfgl4rRVLNuK76sm/HhUpQe7orGb9y+yX/cfKPnQmVSQaJ6Fo -5wsENXfOXH1X6SvNlEhn4MLij4anb1y1oyuRZcOGYtexscdLUOQ4gDsZvzkYyudP -rLt/86tjOAU0Y9TkRlxa2X9tXqaE0ptOJtO3Q6XvRxZXI6NrWKXSjeiQxCPadEDt -TaKjznZkC1tqD/Po3/gY2BPQHBasBghr4JP/cMgo+cbOicYMw228sHUnhZSDFoHc -qXK9qeyaJfcsnwSEIE+OIW5SwdMawhHOXjhmSQ== -=k0j1 ------END PGP SIGNATURE----- diff --git a/bind-9.16.12.tar.xz b/bind-9.16.12.tar.xz new file mode 100644 index 0000000..2692b86 --- /dev/null +++ b/bind-9.16.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9914af9311fd349cab441097898d94fb28d0bfd9bf6ed04fe1f97f042644da7f +size 5017756 diff --git a/bind-9.16.12.tar.xz.sha512.asc b/bind-9.16.12.tar.xz.sha512.asc new file mode 100644 index 0000000..4097e23 --- /dev/null +++ b/bind-9.16.12.tar.xz.sha512.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEJFV3TUL9/mucOD64/hACvFlwgR8FAmAiI6sACgkQ/hACvFlw +gR9S7RAAtZCXjLtug5s2t+YqVUgKP3TKEgvJxSvZfZlEnQkkM9APg84UZKOc5XDY +Zzw1bJSuZ4f18KlJaJmQ++Y0XP++kv+tMJOcl8mkCUi/FKcfWCOW0qUy/ygb7ks6 +yarpxjuZ6DN+5xwOvJW9o1QiX5K0WYK2KdjsqfIrvf8HQqs4Ydgi9h2KtbkWBXp5 +Te6CLFSRfX2j2Ddbx1ggCzT3ztYNLT1trX+O7/wlISNl3ZS1wK475UlqA1qZc/lM +xE95p8KDR5+CHXJJNs7qr0jBS9WcB2N28yGJKAnCXw9tTEGtqa+QksgCthphmzQX +3vbB5KhcP1ho9pl/lyjh0Tnxm1Q9AbD42vMo6waGSRtIOMFK9Cjngulx5Wo5Aa3W +F3Ij95yMZmIo+WMCmdE6ejOL2r/JpiVYPWuR/1UHOFJbs+ZJSCSO4Ka7wauIraST +tpUUi6J/d6oTvx12IJb/A7jznX0n5o70N6I11lei5Os3N6V5BlU1+BN7aaeNoZzp +lgMsTJGhkD7IbdBRgl2qCsYI+jQr4nE0WpEEDwrio+ZEpBMs16WXcZBwUD6f9rW7 +Gl+Z6EhmhdWuMygngCXGfcGopmFJeFdDCbdnHCWjj+qWSc5JtdjB7+8iE/73frvr +TQ9ASrU4AwclNeEc3nVDuGC692h3w1IrOwHxFw2hIuwOJnPoj/U= +=y7e9 +-----END PGP SIGNATURE----- diff --git a/bind.changes b/bind.changes index a3cacb7..9833edf 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,53 @@ +------------------------------------------------------------------- +Thu Feb 18 08:44:47 UTC 2021 - Josef Möllers + +- *** MAJOR CHANGES *** + * The libraries shipped with bind are now named after the bind + version (eg libisc-9.16.10.so), not some kind of artificial + number (eg libisc.so.1608)! + * For the time being (ie until the next upgrade), + new BIND option "stale-answer-client-timeout" + will be disabled (in /etc/named.conf): "stale-answer-enable no;" + * All libraries are now in bind-utils as they are used by bind + and bind-utils only and bind requires bind-utils. + This affects libdns, libirs, libisc, libisccc, libisccfg, + libns + * Dropped the devel packages as the libraries are used + internally only. + + * Update to 9.16.12 + Bugs fixed: + - KASP incorrectly set signature validity to the value of + the DNSKEY signature validity. + - Fix off-by-one bug in ISC SPNEGO implementation. + (CVE-2020-8625) + - Dig now reports unknown dash options while pre-parsing + the options. This prevents "-multi" instead of "+multi" + from reporting memory usage before ending option parsing + with "Invalid option: -lti". + - Fixed a crash in "dnssec-keyfromlabel" when using ECDSA + keys. + - Emit useful error message when "rndc retransfer" is + applied to a zone of inappropriate type. + - Improve performance of the DNSSEC verification code by + reducing the number of repeated calls to + dns_dnssec_keyfromrdata(). + - named failed to start when its configuration included a + zone with a non-builtin "allow-update" ACL attached. + - Address potential double free in generatexml(). + - When migrating to KASP, BIND 9 considered keys with the + "Inactive" and/or "Delete" timing metadata to be + possible active keys. + - Fix the "three is a crowd" key rollover bug in KASP by + correctly implementing Equation (2) of the "Flexible and + Robust Key Rollover" paper. + + * dnssec-keygen can no longer generate HMAC keys. + Use tsig-keygen instead. + genDDNSkey script was modified to reflect this. + [vendor-files/tools/bind.genDDNSkey, bsc#1180933, CVE-2020-8625, + bsc#1182246, bsc#1182483] + ------------------------------------------------------------------- Thu Jan 21 08:00:03 UTC 2021 - Josef Möllers diff --git a/bind.spec b/bind.spec index 8618bdc..b2e87c6 100644 --- a/bind.spec +++ b/bind.spec @@ -16,23 +16,6 @@ # -# Don't forget to update the package names also in baselibs.conf -# Note that the sonums are LIBINTERFACE - LIBAGE -%define bind9_sonum 1600 -%define libbind9 libbind9-%{bind9_sonum} -%define dns_sonum 1611 -%define libdns libdns%{dns_sonum} -%define irs_sonum 1601 -%define libirs libirs%{irs_sonum} -%define isc_sonum 1609 -%define libisc libisc%{isc_sonum} -%define isccc_sonum 1600 -%define libisccc libisccc%{isccc_sonum} -%define isccfg_sonum 1603 -%define libisccfg libisccfg%{isccfg_sonum} -%define ns_sonum 1607 -%define libns libns%{ns_sonum} - %define VENDOR SUSE %if 0%{?suse_version} >= 1500 %define with_systemd 1 @@ -61,7 +44,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.16.11 +Version: 9.16.12 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 @@ -69,7 +52,6 @@ Group: Productivity/Networking/DNS/Servers URL: http://isc.org/sw/bind/ Source: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.xz Source1: vendor-files.tar.bz2 -Source2: baselibs.conf Source3: ftp://ftp.isc.org/isc/bind9/%{version}/bind-%{version}.tar.xz.sha512.asc # from http://www.isc.org/about/openpgp/ ... changes yearly apparently. Source4: %{name}.keyring @@ -127,113 +109,6 @@ Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. -%package -n %{libbind9} -Summary: BIND9 shared library used by BIND -Group: System/Libraries - -%description -n %{libbind9} -This library contains a few utility functions used by the BIND -server and utilities. - -%package -n %{libdns} -Summary: DNS library used by BIND -Group: System/Libraries - -%description -n %{libdns} -This subpackage contains the "DNS client" module. This is a higher -level API that provides an interface to name resolution, single DNS -transaction with a particular server, and dynamic update. Regarding -name resolution, it supports advanced features such as DNSSEC -validation and caching. This module supports both synchronous and -asynchronous mode. - -It also contains the Advanced Database (ADB) and Simple Database -(SDB) APIs. ADB allows user-written routines to replace BIND’s -internal database function for both nominated and all zones. SDB -allows a user-written driver to supply zone data either from -alternate data sources (for instance, a relational database) or using -specialized algorithms (for instance, for load-balancing). -[Book links for SDB: "Pro DNS and BIND 10", R. Aitchison, Apress] - -%package -n %{libirs} -Summary: The BIND Information Retrieval System library -Group: System/Libraries - -%description -n %{libirs} -libirs provides an interface to parse the traditional resolv.conf file and an -"advanced" configuration file related to the DNS library for configuration -parameters that would be beyond the capability of the resolv.conf file. -Specifically, it is intended to provide DNSSEC related configuration -parameters. By default, the path to this configuration file is %{_sysconfdir}/dns.conf. - -%package -n libirs-devel -Summary: Development files for IRS -Group: Development/Libraries/C and C++ -Requires: %{libirs} = %{version} - -%description -n libirs-devel -libirs provides an interface to parse the traditional resolv.conf file and an -"advanced" configuration file related to the DNS library for configuration -parameters that would be beyond the capability of the resolv.conf file. This -subpackage contains the header files needed for building programs with it. - -%package -n %{libisc} -Summary: ISC shared library used by BIND -Group: System/Libraries -Provides: bind-libs = %{version}-%{release} -Obsoletes: bind-libs < %{version}-%{release} - -%description -n %{libisc} -This library contains miscellaneous utility function used by the BIND -server and utilities. It includes functions for assertion handling, -balanced binary (AVL) trees, bit masks comparison, event based -programs, heap-based priority queues, memory handling, and program -logging. - -%package -n %{libns} -Summary: NS shared library used by BIND -Group: System/Libraries - -%description -n %{libns} -This library contains miscellaneous utility function used by the BIND -server and utilities. - -%package -n %{libisccc} -Summary: Command Channel Library used by BIND -Group: System/Libraries - -%description -n %{libisccc} -This library is used for communicating with BIND servers' -administrative command channel (port 953 by default). - -%package -n %{libisccfg} -Summary: Exported ISC configuration shared library -Group: System/Libraries - -%description -n %{libisccfg} -This BIND library contains the configuration file parser. - -%package devel -Summary: Development Libraries and Header Files of BIND -Group: Development/Libraries/C and C++ -Requires: %{libbind9} = %{version} -Requires: %{libdns} = %{version} -Requires: %{libirs} = %{version} -Requires: %{libisccc} = %{version} -Requires: %{libisccfg} = %{version} -Requires: %{libisc} = %{version} -Requires: %{libns} = %{version} -Provides: bind8-devel -Provides: bind9-devel -Obsoletes: bind8-devel < %{version} -Obsoletes: bind9-devel < %{version} - -%description devel -This package contains the header files, libraries, and documentation -for building programs using the libraries of the Berkeley Internet Name -Domain (BIND) Domain Name System implementation of the Domain Name -System (DNS) protocols. - %package doc Summary: BIND documentation Group: Documentation/Other @@ -360,10 +235,9 @@ mkdir -p \ mkdir -p %{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %endif %make_install -# install errno2result.h, some dynamic DB plugins could use it. -install -m 0755 -d %{buildroot}%{_includedir}/isc/ -install -m 0644 lib/isc/unix/errno2result.h %{buildroot}%{_includedir}/isc/ install -m 0644 .clang-format.headers %{buildroot}/%{_defaultdocdir}/bind +# remove useless .h files +rm -rf %{buildroot}%{_includedir} # remove useless .la files rm -f %{buildroot}/%{_libdir}/lib*.{la,a} @@ -478,20 +352,8 @@ chown named: /etc/rndc.key /etc/named.conf.include* %insserv_cleanup %endif -%post -n %{libbind9} -p /sbin/ldconfig -%postun -n %{libbind9} -p /sbin/ldconfig -%post -n %{libdns} -p /sbin/ldconfig -%postun -n %{libdns} -p /sbin/ldconfig -%post -n %{libirs} -p /sbin/ldconfig -%postun -n %{libirs} -p /sbin/ldconfig -%post -n %{libisc} -p /sbin/ldconfig -%postun -n %{libisc} -p /sbin/ldconfig -%post -n %{libns} -p /sbin/ldconfig -%postun -n %{libns} -p /sbin/ldconfig -%post -n %{libisccc} -p /sbin/ldconfig -%postun -n %{libisccc} -p /sbin/ldconfig -%post -n %{libisccfg} -p /sbin/ldconfig -%postun -n %{libisccfg} -p /sbin/ldconfig +%post -n bind-utils -p /sbin/ldconfig +%postun -n bind-utils -p /sbin/ldconfig %files %license LICENSE @@ -539,39 +401,6 @@ chown named: /etc/rndc.key /etc/named.conf.include* %config %{_var}/lib/named/named.root.key %dir %{_libexecdir}/bind -%files -n %{libbind9} -%{_libdir}/libbind9.so.%{bind9_sonum}* - -%files -n %{libdns} -%{_libdir}/libdns.so.%{dns_sonum}* - -%files -n %{libirs} -%{_libdir}/libirs.so.%{irs_sonum}* - -%files -n libirs-devel -%{_libdir}/libirs.so - -%files -n %{libisc} -%{_libdir}/libisc.so.%{isc_sonum}* - -%files -n %{libns} -%{_libdir}/libns.so.%{ns_sonum}* - -%files -n %{libisccc} -%{_libdir}/libisccc.so.%{isccc_sonum}* - -%files -n %{libisccfg} -%{_libdir}/libisccfg.so.%{isccfg_sonum}* - -%files devel -%dir %{_includedir}/isc -%{_includedir}/isc/errno2result.h -%{_libdir}/libbind9.so -%{_libdir}/libdns.so -%{_libdir}/libisc*.so -%{_libdir}/libns.so -%{_includedir}/bind - %files doc -f filelist-bind-doc %dir %doc %{_defaultdocdir}/bind %doc %{_datadir}/susehelp @@ -612,6 +441,21 @@ chown named: /etc/rndc.key /etc/named.conf.include* %{_sbindir}/rndc %{_sbindir}/rndc-confgen %{_sbindir}/tsig-keygen +# Library files, formerly in their own, separate packages: +%{_libdir}/libbind9-%{version}.so +%{_libdir}/libdns-%{version}.so +%{_libdir}/libirs-%{version}.so +%{_libdir}/libisc-%{version}.so +%{_libdir}/libisccc-%{version}.so +%{_libdir}/libisccfg-%{version}.so +%{_libdir}/libns-%{version}.so +%{_libdir}/libbind9.so +%{_libdir}/libdns.so +%{_libdir}/libirs.so +%{_libdir}/libisc.so +%{_libdir}/libisccc.so +%{_libdir}/libisccfg.so +%{_libdir}/libns.so %dir %doc %{_defaultdocdir}/bind %{_defaultdocdir}/bind/README*.%{VENDOR} %{_defaultdocdir}/bind/.clang-format.headers diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2 index b456d6d..ccd7a97 100644 --- a/vendor-files.tar.bz2 +++ b/vendor-files.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:557cf909bc65afb13c3f3b157677b58066fa0818c9d6b230718ad74431b82d31 -size 22842 +oid sha256:93b7926ddc7e3cd4ea25f7df009544e2653b9c0a7d38811780a7d30e1faf8cf6 +size 22350