Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

nsd-4.1.20-lp150.1.2 RPM for aarch64

From OpenSuSE Ports Leap 15.0 for aarch64

Name: nsd Distribution: openSUSE Leap 15.0
Version: 4.1.20 Vendor: openSUSE
Release: lp150.1.2 Build date: Tue May 8 23:18:39 2018
Group: Productivity/Networking/DNS/Servers Build host: obs-arm-3
Size: 2571116 Source RPM: nsd-4.1.20-lp150.1.2.src.rpm
Summary: An authoritative-only domain name server
NSD is a complete implementation of an authoritative domain name server, developed
by NLnet Labs, with the purpose of creating more diversity in the DNS landscape.






* Wed Feb 21 2018
  - Update to 4.1.20:
    + Fix memory leak in zone file read of unknown rr formatted RRs.
    + Fix memory leak when rehashing nsec3 after axfr or zonefile
      read, in the selectively allocated precompiled nsec3 hashes.
* Mon Feb 19 2018
  - Own missing ownership for %_tmpfilesdir
* Fri Feb 16 2018
  - More specfile cleanup:
    + Drop SysV support from package (and hence usage of fillup)
    + Don't redefine %_rundir
    + Drop useless BuildRequires on systemd-devel
* Mon Feb 12 2018
  - Check group existence before creating it, for real.
  - Stop deleting users from the system, it might remove a legitimate
    user that nsd unfortunately shared its name with.
* Mon Feb 12 2018
  - Create a system user, not a regular user
  - Check if user/group already exists and are in system range
  - Do not ignore return values from user/group creation
  - Own the config zones directory
* Mon Feb 05 2018
  - drop insserv requires on SLE12+ and openSUSE
  - nsd-lintrpmrc: drop most overrides
  - don't install config file as sample
  - switch to using user/group names _nsd to match expected names
    as per recent rpmlint changes as not to conflict with admin
    created names.
  - update and change current owner during upgrade
* Tue Jan 02 2018
  - update to 4.1.19 with the following bug fixes:
    * ignore fallthrough compiler warning in flex EOF rule.
    * Fix warnings emitted by clang for --enable-packed.  Alignment is not
      a problem for x86_64, don't enable packed when the platform
      requires aligned access.
    * Fix spelling error in xfr-inspect.
    * Fix 3392: Fix regression in 4.1.18 for notify lists with ip4
      and ip6 targets.
* Thu Nov 30 2017
  - update to 4.1.18
    - Features
    * xfr-inspect, it is not installed, it prints xfr files from /tmp made
      with 'make xfr-inspect' in the source dir.
    * retry timeout between sending notifies dropped from 15 to 3 sec.
    * NSD sends 16 notifies simultaneously.
    * configure --enable-packed reduces memory usage, at expense of unaligned
      reads. Saves about 17%.
    * Save memory by selectively allocate precompiled nsec3 hashes, saves
      about 16% memory.
    * make ip-transparent option work on OpenBSD.
    * Save about 2% memory by changing usage count size in name tree.
    * Fix #2871: Increase number of sockets for xfrd transfers.
    - Bugfixes
    * Fix gcc 7.1.1 warnings.
    * Fix writev compile warning on FreeBSD.
    * Fix #1446: A corrupted zone file "propagates" to good ones.
    * nsd-control zonestatus prints wait time between attempts, for zones
      that are in that waiting time.
    * Fix collision printout of nsec3 to print name, hash and reverse.
    * Fix #1567: Change crit to err log level for gettimeofday failure. Add
      defines for compile without syslog.
    * Fix crash for DS query when parent and child zones both configured in
      nsd.conf and parent zone has not loaded properly.
* Mon Sep 04 2017
  - update to 4.1.17
    - Features
    * zone parser parses type AVC (it has TXT format).
    * Fix #1272: use writev to put tcp length field with data for
      outgoing zone transfer requests.
    - Bugfixes
    * Fix potential null pointer in nsec3 adjustment tree.
    * Fix text format of deletes for CDS and CDNSKEY, single 0 to
      represent empty base64 or hex string.
* Mon May 08 2017
  - update to 4.1.16
    - Features
    * zone parser can parse acronyms for algorithms ED25519 and ED448.
    * Fix 1243: Option to make NSD emit really minimal responses,
      minimal-responses: yes in nsd.conf.
    - Bugfixes
    * Calculate new udb index after growing the array, fix from Chaofeng Liu.
    * Fix missing _t to _type conversion for disable-radix-tree option.
    * Printout serial error with hint it may be too big.
    * Fix 1228: OpenSSL include is not guarded with HAVE_SSL
    * Patch for expire state in multi-master when masters includes broken
      master, from Manabu Sonoda.
    * minor manpage fix.
* Mon Apr 24 2017
  - update to 4.1.15
    * Fix nsd-control and ipv6 only.
    * Squelch zone transfer error address family not supported by protocol at
      low verbosity levels.
    * Fix #1195: Fix so that NSD fails on non-compliant values for Serial.
    * Fix to rename _t typedefs because POSIX reserves them.
    * Fix that nsec3 hash collisions only reported on verbosity level 3.
* Fri Jan 13 2017
  - update to 4.1.14
    - Features
    * Fix #1132 for SERVFAIL zones perform backoff, and remembers the timeout
      on next startup.
    - Bugfixes
    * Fix null memcpy for radixtree with single link element.
    * Robust fix against missing master in tcp_open for xfrd.
    * Fix wildcards in include: config statements with chroot enabled.
    * suppress compile warning in lex files.
    * Fix to try every master once, then wait for timeout or notify.
    * Save backoff timeout into xfrd.state file, this file has a higher
      version number now. Old files are skipped silently (causes refresh) and
      created as new files upon exit.
    * Fix restart of zone transfers when new config becomes available.
* Tue Oct 11 2016
  - fix tmpfiles-nsd.conf to point to /run instead of /var/run
  - add nsd-rpmlintrc to not display some bogus errors
  - put log files into /var/log/nsd/
  - put sample config in documentation directory
  - update to 4.1.13
    - multi-master-check: yes can be used to check all masters for
      the last version, using the higher version from the
      configured masters
    - Support RR type OPENPGPKEY from RFC 7929.
    - Can config key algorithms with the digest name, eg. 'sha256'.
    - configure --disable-radix-tree for about 15% lower memory
    - for type SRV add A/AAAA to the additional section (if
      possible), just like we already do for type MX.
    - more extensible edns option handling.
    - When tcp is more than half full, use short timeout for tcp
    - Patch for {max,min}-{refresh,retry}-time
    - Fix #790: size-limit-xfr can stop NSD from downloading
      infinite zone transfer data size, from Toshifumi Sakaguchi.
      Fixes CVE-2016-6173f
    - Fix compile warnings about unused result from write and
      strtol. and signcompare in minmax retrytime.
    - Fix #812: fix that make depend fails after distribution.
    - Fix #817: xfrd update failed loop.
    - Add robustness against unallocated data in nsec3 trees.
    - Fix README spelling error of BSD license
    - Fix multimaster for not tried full zone transfer for a
      expired zone.
    - Fix #827: fix compile with openssl 1.1.0 with api=1.1.0.
    - Fix malformed edns query assertion failure
    - Fix build without IPv6, patch from Zdenek Kaspar.
    - Fix #783: Trying to run a root server without having
      configured it silently gives wrong answers.
    - Fix #782: Serve DS record but parent zone has no NS record.
    - Fix nsec3 missing for nsec3 signed parent and child for DS at
* Mon Aug 08 2016
  - reword description and summary
  - add signature file and basic keyring (currently only contains
    signature of the released version since upstream doesn't seem
    to distribute a real keyring)
  - remove redundant nsec3 configure option which are enabled by default
  - remove obsolete --enable-draft-rrtypes configure
* Wed Jun 29 2016
  - update to 4.1.10
    - ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket
      option for Linux, binds to interfaces and addresses that are
    - NSD includes AAAA before A for queries over IPV6 (in
      delegations).  And TC is set if no glue can be provided with
      a delegation because of packet size.
    - print notice that nsd is starting before taking off.
    - BUG FIXES:
    - Fix for openssl 1.1.0, HMAC_CTX size not exported from
    - Fix #751: NSD fails to occlude names below a DNAME.
    - If set without nsd.db print "" as the default in the man
    - Fix #755: NSD spins after a zone update and a lot of TCP
    - Fix for NSEC3 with zone signed without exact match for empty
      nonterminals, the answer for that domain gets closest
    - #772 Document that recvmmsg has IPv6 problems on some linux
* Tue May 10 2016
  - update to 4.1.9
    - Change the nsd.db file version because of nanosecond precision
  - changes from 4.1.8
    - #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch
      from Daisuke Higashi.
    - #739: zonefile changes when mtime is small are detected on
      reload, if filesystem supports precision mtime values.
    - RR type CSYNC (RFC7477) syntax is supported.
    - take advantage of arc4random_uniform if available, patch from
      Loganaden Velvindron.
    - Fix flto check for OSX clang.
    - Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on
    - Fix #736: segfault during zone transfer.
    - Fix #744: Fix that NSD replies for configured but unloaded zone
      with SERVFAIL, not REFUSED.
* Tue Dec 29 2015
  - update to 4.1.7
    - support configure --with-dbfile="" for nodb mode by default,
      where there is no binary database, but nsd reads and writes
    - reuseport: no is the default, because the feature is not
    - configure --enable-ratelimit-default-is-off with
    - -enable-ratelimit to set the default ratelimit to disabled but
      available in nsd.conf.
    - version: "string" option to set chaos version query reply
    - Fix zones updates from nsd parent event loop when there are a
      lot of interfaces.
    - portability fixes.
    - patch from Doug Hogan for SSL_OP_NO_SSLvx options, for the new
      defaults in the ssl libraries.
    - updated contrib/nsd.spec, from Bálint Szigeti, with new
      configure options.
    - Allocate less memory for TSIG digest.
    - Fix #721: Fix wrong error code (FORMERR) returned for unknown
      opcode.  NOTIMP expected.
    - Fix zonec ttl mismatch printout to include more information.
    - Fix TCP responses when REUSEPORT is in use by turning it off.
    - Document default in manpage for rrl-slip, ip4 and 6
    - Explain rrl-slip better in documentation.
    - Document that ratelimit qps and slip are updated in reconfig.
    - Fix up defaults in manpage.
* Thu Nov 26 2015
  - enable zone stats
* Wed Nov 25 2015
  - update to 4.1.6
    - Fix compile of zonec error message on FreeBSD.
    - nsd-checkconf warns for master zones with no zonefile
    - Fix start failure when many file descriptors are in use.
    - The servfail rcode is not printed with a space in the middle.
    - fixup file descriptor fixup nicer.
    - print failed token for config syntax error or parse error.
    - Fix #711: Document that debug-mode yes is used for staying
      attached to the supervisor console.
    - Document verbosity 3 prints more information.
    - print on pgp signature creation.
    - Fix typo in zonec.c inside error message.
    - Fix #701: Fix that AD=1 set in a BADVERS response.
    - Fix #706: default port 53 not opened on ip4 because of
      getaddrinfo hints initialisation failure.
    - Fix #698 formatting errors and typos in
    - Add --enable-pie and --enable-relro-now options.
    - Admitted axfrs are logged at verbosity 1.  Refused at verbosity
    - Fixed checkconf test for reuseport setting.
    - SO_REUSEPORT does not work on FreeBSD.  Enabled by default on
      Linux, not enabled by default on other OSes.
    - Fix that notify from nsd-control contains soa serial.
    - squelch SO_REUSEPORT failure on verbosity less than 3.
    - removed hardcoded interface limit, --with-max-ips removed.
    - SO_REUSEPORT support.
    - Fix #618: documented need to list ip-addresses seperately in
      nsd.conf if there are multiple, because the source address of
      replies can otherwise go wrong.
    - Fix that for expired zones NSD performs an AXFR and accepts
      newer and older serial numbers.
    - Document that minimal responses only minimizes responses to fit
      in one datagram.  It does not minimize smaller responses.
    - Fix NSID response for short edns sizes.
    - Trunk contains 4.1.4 in development.
    - improve nsd-control usage text. (23 june - added to 4.1.3)
    - RFC7553 RR Type URI support.
    - Fix redefined macro lex warning for freebsd flex.
    - Fix that formerrors are ratelimited.
    - max-interfaces raised to 32.
    - removed unused defines for unofficial tsig-hmac algorithm
      codes.  The TSIG algorithm is identified by name in the config
    - hmac sha224, sha384 and sha512 support, patch from David
    - Fix crash in zone parser for relative dname after error in
    - Test for zone parser failures
    - nsd-control addzones and delzones read list of zones from
    - Fix task and zonestat files to be stored in a subdirectory in
      tmp to stop privilege elevation.
    - printout names for successful addition and removal with bulk
    - Fix #665: when removing subdomain, nsd does not reparse parent
    - trunk contains 4.1.3(upcoming).
    - Made log message more consistent, changed 'axfr refused' log
      message to be more consistent with other messages.  Also notify
    - verbosity 2 logs axfr refused and notify refused.  verbosity 1
      contains less log messages.
    - Fix #654: Fix contradiction in notify logging verbosity level.
    - Incoming notifies have serial number logged (at verbosity 1).
    - Fix #655: Fix contradiction in verbosity for zone transfers.
    - Use reallocarray for integer overflow protection, patch
      submitted by Loganaden Velvindron.
    - Fix allocation integer overflow checks.
    - Fix buffer overflow in config parse of domain name, reported by
      John Van de Meulebrouck Brendgard.
    - Updated default keylength in nsd-control-setup to 3k.
    - Fix use after free after zonefile syntax error followed by ttl
      or origin directive, reported by John Van de Meulebrouck
    - Fix syntax error followed by too many TXT elements parse crash
      reported by John Van de Meulebrouck Brendgard.
    - Fix origin directive from unused old value and subdomain parser
      failure, reported by John Van de Meulebrouck Brendgard.
    - Fix b64pton out of bounds error on invalid zonefile input
      reported by John Van de Meulebrouck Brendgard.
    - Fix segfault on double origin in zone reader (thanks John Van
      de Meulebrouck Brendgard).
    - Remove dead code domain_table_iterate.
    - Fix segfault in zone reader on invalid input reported by John
      Van de Meulebrouck Brendgard.
    - Fix #642: Change 'zone read with no errors' to '.. with
      success'.  Patch from Benedikt Heine.
* Tue Oct 13 2015
  - ignore absence of the systemd-tmpfiles command
* Wed Mar 11 2015
  - update to 4.1.1
    - RFC 7344: CDS and CDNSKEY (read record types).
    - per zone statistics with --enable-zone-stats, config zone with
      zonestats: "name", zones configured with the same string are
    - Disabled use of SSLv3 in nsd-control.
    - nsd-checkconf -f prints out full name of pidfile (with dir).
    - Synthesize CNAMEs with same TTL as DNAME.
    - Fix that expired zones stay expired after a server restart.
    - Fix "xfrd_handle_ipc: bad mode" log errors when compiled with
    - -disable-bind8-stats.
    - Fix #616: retry xfer for zones with no content after command.
    - Fix char used as array index warnings on NetBSD.
    - Fix that queries for noname CH TXT are REFUSED instead of
    - Fixes for wildcard addition and deletion, speedup for some
    - Fix that failure to add tcp to tcp base does not leak the
    - Patch nsd_munin_ from Philip Paeps to use type ABSOLUTE.
    - Fix spinning NSD with lots of failing transfers, due to pointer
      comparison using void pointer subtraction (from Otto Moerbeek).
    - Fix bug#637: fix that nsd.db grows limitlessly, an off by one
      on one megabyte free chunks, created during AXFRs of large
      zones, that caused the one megabyte chunk to be leaked.
    - Fix casts for ctype functions (from Todd Miller).
    - correct some hyphen-used-as-minus-sign (from Andreas Schulze)
      in man pages.
    - Fix zonesdir chroot error message.
* Mon Dec 15 2014
  - update to 4.1.0
    see /usr/share/doc/packages/NSD-4-features for the important
* Sun Dec 29 2013
  - update to 4.0.0
    see /usr/share/doc/packages/NSD-4-features for the important
  - added systemd support
* Wed Aug 15 2012
  - update to 3.2.13: (bnc#774600)
    see /usr/share/doc/packages/nsd/ChangeLog
    This fixes VU#517036 CVE-2012-2979 and VU#624931 CVE-2012-2978.
* Tue Apr 12 2011
  - update to 3.2.8
    see /usr/share/doc/packages/nsd/ChangeLog
* Wed Sep 01 2010
  - fixed build
* Mon Feb 01 2010
  - use the pid when sending signnals to nsd



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Apr 9 10:42:46 2022