Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package bind for openSUSE:Factory checked in at 2021-06-01 10:32:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bind (Old)
and /work/SRC/openSUSE:Factory/.bind.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind"
Tue Jun 1 10:32:51 2021 rev:166 rq:895166 version:9.16.16
Changes:
--------
--- /work/SRC/openSUSE:Factory/bind/bind.changes 2021-05-15 23:16:27.096674209 +0200
+++ /work/SRC/openSUSE:Factory/.bind.new.1898/bind.changes 2021-06-01 10:32:52.992345339 +0200
@@ -1,0 +2,67 @@
+Fri May 21 07:23:04 UTC 2021 - Josef M��llers
+
+- vendor-files/system/named.prep was missing a $
+ [bsc#1186278, vendor-files.tar.bz2]
+
+-------------------------------------------------------------------
+Thu May 20 06:21:17 UTC 2021 - Josef M��llers
+
+- Upgrade to bind 9.16.16
+ * Feature Changes
+ + DNSSEC responses containing NSEC3 records with iteration counts
+ greater than 150 are now treated as insecure. [GL #2445]
+ + The maximum supported number of NSEC3 iterations that can be
+ configured for a zone has been reduced to 150. [GL #2642]
+ + The default value of the max-ixfr-ratio option was changed to
+ unlimited, for better backwards compatibility in the stable
+ release series. [GL #2671]
+ + Zones that want to transition from secure to insecure mode
+ without becoming bogus in the process must now have their
+ dnssec-policy changed first to insecure, rather than none. After
+ the DNSSEC records have been removed from the zone, the
+ dnssec-policy can be set to none or removed from the
+ configuration. Setting the dnssec-policy to insecure causes CDS
+ and CDNSKEY DELETE records to be published. [GL #2645]
+ + The implementation of the ZONEMD RR type has been updated to
+ match RFC 8976. [GL #2658]
+ + The draft-vandijk-dnsop-nsec-ttl IETF draft was implemented:
+ NSEC(3) TTL values are now set to the minimum of the SOA MINIMUM
+ value or the SOA TTL. [GL #2347]
+ * Bug Fixes
+ + It was possible for corrupt journal files generated by an earlier
+ version of named to cause problems after an upgrade. This has been
+ fixed. [GL #2670]
+ + TTL values in cache dumps were reported incorrectly when
+ stale-cache-enable was set to yes. This has been fixed.
+ [GL #389] [GL #2289]
+ + A deadlock could occur when multiple rndc addzone, rndc delzone,
+ and/or rndc modzone commands were invoked simultaneously for
+ different zones. This has been fixed. [GL #2626]
+ + named and named-checkconf did not report an error when multiple
+ zones with the dnssec-policy option set were using the same zone
+ file. This has been fixed. [GL #2603]
+ + If dnssec-policy was active and a private key file was temporarily
+ offline during a rekey event, named could incorrectly introduce
+ replacement keys and break a signed zone. This has been fixed.
+ [GL #2596]
+ + When generating zone signing keys, KASP now also checks for key
+ ID conflicts among newly created keys, rather than just between
+ new and existing ones. [GL #2628]
+
+-------------------------------------------------------------------
+Tue May 18 06:57:16 UTC 2021 - Josef M��llers
+
+- In /usr/libexec/bind/named.prep the order of arguments for
+ "ln -s" was wrong.
+ [vendor-files/system/named.prep, bsc#1186057]
+
+-------------------------------------------------------------------
+Mon May 17 14:20:08 UTC 2021 - Josef M��llers
+
+- "systemctl reload named" does not work:
+ * the "kill" command is in /usr/bin, not in /sbin,
+ * the order of the options/arguments was wrong, and
+ * the "-p" option is wrong (it's not like strace's "-p").
+ [bsc#1186046, vendor-files/system/named.service]
+
+-------------------------------------------------------------------
Old:
----
bind-9.16.15.tar.xz
bind-9.16.15.tar.xz.sha512.asc
New:
----
bind-9.16.16.tar.xz
bind-9.16.16.tar.xz.sha512.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ bind.spec ++++++
--- /var/tmp/diff_new_pack.a64ce8/_old 2021-06-01 10:32:53.716346572 +0200
+++ /var/tmp/diff_new_pack.a64ce8/_new 2021-06-01 10:32:53.720346579 +0200
@@ -45,7 +45,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: bind
-Version: 9.16.15
+Version: 9.16.16
Release: 0
Summary: Domain Name System (DNS) Server (named)
License: MPL-2.0
++++++ bind-9.16.15.tar.xz -> bind-9.16.16.tar.xz ++++++
++++ 18942 lines of diff (skipped)
++++++ vendor-files.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/system/named.prep new/vendor-files/system/named.prep
--- old/vendor-files/system/named.prep 2021-04-09 15:00:15.466033258 +0200
+++ new/vendor-files/system/named.prep 2021-05-21 09:22:32.915895196 +0200
@@ -23,7 +23,7 @@
: ${ETC_RNDC_KEY:=/etc/rndc.key}
: ${NEW_RNDC_KEY:=/var/lib/named/rndc.key}
: ${RNDC_KEYSIZE:=512}
-: {RNDC_BIN:="/usr/sbin/rndc"}
+: ${RNDC_BIN:="/usr/sbin/rndc"}
: ${NAMED_CONF:="/etc/named.conf"}
# Run all scripts defined in NAMED_INITIALIZE_SCRIPTS (/etc/sysconfig/named)
@@ -42,7 +42,7 @@
[ -d /var/lib/named ] || mkdir /var/lib/named
chown named: /var/lib/named
[ -f "$ETC_RNDC_KEY" ] && mv "$ETC_RNDC_KEY" "$NEW_RNDC_KEY"
- ln -s "$ETC_RNDC_KEY" "$NEW_RNDC_KEY" # This may create a dangling symlink
+ ln -s "$NEW_RNDC_KEY" "$ETC_RNDC_KEY" # This may create a dangling symlink
fi
# If rndc.key does not exist in the new directory, create it
if [ ! -f $NEW_RNDC_KEY ]; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/system/named.service new/vendor-files/system/named.service
--- old/vendor-files/system/named.service 2021-05-07 13:58:47.035292125 +0200
+++ new/vendor-files/system/named.service 2021-05-18 08:42:40.098219214 +0200
@@ -11,7 +11,7 @@
EnvironmentFile=/etc/sysconfig/named
ExecStartPre=+@LIBEXECDIR@/bind/named.prep
ExecStart=/usr/sbin/named -u named $NAMED_ARGS
-ExecReload=/sbin/kill -p $MAINPID -HUP
+ExecReload=/usr/bin/kill -HUP $MAINPID
ProtectSystem=strict
ReadWritePaths=/var/lib/named /run/named
PrivateDevices=yes