commit bind for openSUSE:Factory - openSUSE Commits

1 Jun 2021

Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package bind for openSUSE:Factory checked in at 2021-06-01 10:32:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bind (Old)
 and      /work/SRC/openSUSE:Factory/.bind.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind"
Tue Jun  1 10:32:51 2021 rev:166 rq:895166 version:9.16.16
Changes:
--------

--- /work/SRC/openSUSE:Factory/bind/bind.changes	2021-05-15 23:16:27.096674209 +0200
+++ /work/SRC/openSUSE:Factory/.bind.new.1898/bind.changes	2021-06-01 10:32:52.992345339 +0200
@@ -1,0 +2,67 @@
+Fri May 21 07:23:04 UTC 2021 - Josef M��llers josef.moellers@suse.com
+
+- vendor-files/system/named.prep was missing a $
+  [bsc#1186278, vendor-files.tar.bz2]
+
+-------------------------------------------------------------------
+Thu May 20 06:21:17 UTC 2021 - Josef M��llers josef.moellers@suse.com
+
+- Upgrade to bind 9.16.16
+  * Feature Changes
+    + DNSSEC responses containing NSEC3 records with iteration counts
+      greater than 150 are now treated as insecure. [GL #2445]
+    + The maximum supported number of NSEC3 iterations that can be
+      configured for a zone has been reduced to 150. [GL #2642]
+    + The default value of the max-ixfr-ratio option was changed to
+      unlimited, for better backwards compatibility in the stable
+      release series. [GL #2671]
+    + Zones that want to transition from secure to insecure mode
+      without becoming bogus in the process must now have their
+      dnssec-policy changed first to insecure, rather than none. After
+      the DNSSEC records have been removed from the zone, the
+      dnssec-policy can be set to none or removed from the
+      configuration. Setting the dnssec-policy to insecure causes CDS
+      and CDNSKEY DELETE records to be published. [GL #2645]
+    + The implementation of the ZONEMD RR type has been updated to
+      match RFC 8976. [GL #2658]
+    + The draft-vandijk-dnsop-nsec-ttl IETF draft was implemented:
+      NSEC(3) TTL values are now set to the minimum of the SOA MINIMUM
+      value or the SOA TTL. [GL #2347]
+  * Bug Fixes
+    + It was possible for corrupt journal files generated by an earlier
+      version of named to cause problems after an upgrade. This has been
+      fixed. [GL #2670]
+    + TTL values in cache dumps were reported incorrectly when
+      stale-cache-enable was set to yes. This has been fixed.
+      [GL #389] [GL #2289]
+    + A deadlock could occur when multiple rndc addzone, rndc delzone,
+      and/or rndc modzone commands were invoked simultaneously for
+      different zones. This has been fixed. [GL #2626]
+    + named and named-checkconf did not report an error when multiple
+      zones with the dnssec-policy option set were using the same zone
+      file. This has been fixed. [GL #2603]
+    + If dnssec-policy was active and a private key file was temporarily
+      offline during a rekey event, named could incorrectly introduce
+      replacement keys and break a signed zone. This has been fixed.
+      [GL #2596]
+    + When generating zone signing keys, KASP now also checks for key
+      ID conflicts among newly created keys, rather than just between
+      new and existing ones. [GL #2628]
+
+-------------------------------------------------------------------
+Tue May 18 06:57:16 UTC 2021 - Josef M��llers josef.moellers@suse.com
+
+- In /usr/libexec/bind/named.prep the order of arguments for
+  "ln -s" was wrong.
+  [vendor-files/system/named.prep, bsc#1186057]
+
+-------------------------------------------------------------------
+Mon May 17 14:20:08 UTC 2021 - Josef M��llers josef.moellers@suse.com
+
+- "systemctl reload named" does not work:
+  * the "kill" command is in /usr/bin, not in /sbin,
+  *  the order of the options/arguments was wrong, and
+  * the "-p" option is wrong (it's not like strace's "-p").
+  [bsc#1186046, vendor-files/system/named.service]
+
+-------------------------------------------------------------------
Old:
----
  bind-9.16.15.tar.xz
  bind-9.16.15.tar.xz.sha512.asc
New:
----
  bind-9.16.16.tar.xz
  bind-9.16.16.tar.xz.sha512.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ bind.spec ++++++
--- /var/tmp/diff_new_pack.a64ce8/_old	2021-06-01 10:32:53.716346572 +0200
+++ /var/tmp/diff_new_pack.a64ce8/_new	2021-06-01 10:32:53.720346579 +0200
@@ -45,7 +45,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.16.15
+Version:        9.16.16
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0
++++++ bind-9.16.15.tar.xz -> bind-9.16.16.tar.xz ++++++
++++ 18942 lines of diff (skipped)
++++++ vendor-files.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/system/named.prep new/vendor-files/system/named.prep
--- old/vendor-files/system/named.prep	2021-04-09 15:00:15.466033258 +0200
+++ new/vendor-files/system/named.prep	2021-05-21 09:22:32.915895196 +0200
@@ -23,7 +23,7 @@
 : ${ETC_RNDC_KEY:=/etc/rndc.key}
 : ${NEW_RNDC_KEY:=/var/lib/named/rndc.key}
 : ${RNDC_KEYSIZE:=512}
-: {RNDC_BIN:="/usr/sbin/rndc"}
+: ${RNDC_BIN:="/usr/sbin/rndc"}
 : ${NAMED_CONF:="/etc/named.conf"}
# Run all scripts defined in NAMED_INITIALIZE_SCRIPTS (/etc/sysconfig/named)
@@ -42,7 +42,7 @@
     [ -d /var/lib/named ] || mkdir /var/lib/named
     chown named: /var/lib/named
     [ -f "$ETC_RNDC_KEY" ] && mv "$ETC_RNDC_KEY" "$NEW_RNDC_KEY"
-    ln -s "$ETC_RNDC_KEY" "$NEW_RNDC_KEY"	# This may create a dangling symlink
+    ln -s "$NEW_RNDC_KEY" "$ETC_RNDC_KEY"	# This may create a dangling symlink
 fi
 # If rndc.key does not exist in the new directory, create it
 if [ ! -f $NEW_RNDC_KEY ]; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/system/named.service new/vendor-files/system/named.service
--- old/vendor-files/system/named.service	2021-05-07 13:58:47.035292125 +0200
+++ new/vendor-files/system/named.service	2021-05-18 08:42:40.098219214 +0200
@@ -11,7 +11,7 @@
 EnvironmentFile=/etc/sysconfig/named
 ExecStartPre=+@LIBEXECDIR@/bind/named.prep
 ExecStart=/usr/sbin/named -u named $NAMED_ARGS
-ExecReload=/sbin/kill -p $MAINPID -HUP
+ExecReload=/usr/bin/kill -HUP $MAINPID
 ProtectSystem=strict
 ReadWritePaths=/var/lib/named /run/named
 PrivateDevices=yes

    