From cc91d0126a5975964b6c5efb0fda0750a0a34123ed1bb7339c97547896e38150 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Fri, 21 Aug 2020 08:19:08 +0000 Subject: [PATCH 1/2] Accepting request 828392 from home:jmoellers:branches:network OBS-URL: https://build.opensuse.org/request/show/828392 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=294 --- baselibs.conf | 4 ++-- bind-9.16.5.tar.xz | 3 --- bind-9.16.5.tar.xz.sha512.asc | 16 ---------------- bind-9.16.6.tar.xz | 3 +++ bind-9.16.6.tar.xz.sha512.asc | 16 ++++++++++++++++ bind.changes | 33 +++++++++++++++++++++++++++++++++ bind.spec | 6 +++--- 7 files changed, 57 insertions(+), 24 deletions(-) delete mode 100644 bind-9.16.5.tar.xz delete mode 100644 bind-9.16.5.tar.xz.sha512.asc create mode 100644 bind-9.16.6.tar.xz create mode 100644 bind-9.16.6.tar.xz.sha512.asc diff --git a/baselibs.conf b/baselibs.conf index 7723e59..bd575f5 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,7 +1,7 @@ libbind9-1600 libdns1605 libirs1601 -libisc1605 +libisc1606 obsoletes "bind-libs- = " provides "bind-libs- = " libisccc1600 @@ -11,6 +11,6 @@ bind-devel requires "libbind9-1600- = " requires "libdns1605- = " requires "libirs1601- = " - requires "libisc1605- = " + requires "libisc1606- = " requires "libisccc1600- = " requires "libisccfg1600- = " diff --git a/bind-9.16.5.tar.xz b/bind-9.16.5.tar.xz deleted file mode 100644 index 188a397..0000000 --- a/bind-9.16.5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6378b3e51fef11a8be4794dc48e8111ba92d211c0dfd129a0c296ed06a3dc075 -size 3474044 diff --git a/bind-9.16.5.tar.xz.sha512.asc b/bind-9.16.5.tar.xz.sha512.asc deleted file mode 100644 index f3d6533..0000000 --- a/bind-9.16.5.tar.xz.sha512.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEElc7aJWscoKFfMC+1lSGn7V2s6RgFAl8FgvoACgkQlSGn7V2s -6Rjs5w/9HXyiZa70O33fV0a99rUBpe37NQYOjX8A+mpyUwXHVImrl1+LedO9vZ/J -rLklxvvdLn6nOpKpdXcK/m3kF8jc3QZtDCIQnfGCvfnI5lgUB4IjG/rgv4fR+UtI -ojH2Gbqa+thR4Su9PRFi7DEejf43tlfQEDv8dnWQwbWVzjNgqNe1veoDfzlT1mC/ -ZfbCI2+05o85npFSah894Nsjadt43DDmN0iYBETR72R7Ei5nJh+Phj/nURcTnARl -+DChXPZ+KQJTM5EBtp1BAN0WolA6JhEl2zXSnFuNBy8fF461ZiTbUVCS79Noknv1 -dVQaS/yHPKwUFr5LajunPNpyIIeGxyrFzfM49LZATMgWKyJqRyyajKYVm0D6Nn8h -y/W4dshTmGC+dgmXKKUCkFjo10RRfjSj2Dt/ebogk8rPaIcAgXIVad7Ah7bcmmtt -vocC/vt1lljBce15JuMgMfTLBftLk0nKZle9cU+3u3LX64gsWpj4IixbA9uLq3S/ -toiGvsiJzrWyRJo2sP58wcuDmOoW1kr5DprwAesZXyaDST1wLXeoofNk1S9bEOpn -SQO+BGn2vA9yYkFSahOJV4ywBMGroJh8OtLKsQEiZnsFNns7dBrlYHvHiK2f6PqL -dkSBt4BuZ0HgmNBP+t1DYWS7yZbb8qS3Pl6BF30UNcGSy1Hw+68= -=gGse ------END PGP SIGNATURE----- diff --git a/bind-9.16.6.tar.xz b/bind-9.16.6.tar.xz new file mode 100644 index 0000000..855505f --- /dev/null +++ b/bind-9.16.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b567b0f3b47dd03b345a4848af7f2acdd3f5cea2bd804edd85d9ef50743571cb +size 3228368 diff --git a/bind-9.16.6.tar.xz.sha512.asc b/bind-9.16.6.tar.xz.sha512.asc new file mode 100644 index 0000000..59a5bed --- /dev/null +++ b/bind-9.16.6.tar.xz.sha512.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEElc7aJWscoKFfMC+1lSGn7V2s6RgFAl8y/TMACgkQlSGn7V2s +6RgfMxAAiH5qVsc+WNxZaE6h1AYL2VQogs1T5qc9gDHj12Aka8jBKobeK4Uj5qCv +s/l1p77AsanT4oSs6cPtpSbw3IlxLeysesWBCy4dbOxTNKtbaWEnAoUleOn7vnum +E2LYnH56gpWn83x+Tsc17L63VKkrn6sYJnQz1cYFmuyAdbv0WpmCqyMpnJ/OY366 +dr/bHNxUaYoCKeXP9PZAvRprzBH1HDSZ7iee6ecudwsUQoChsrFqWaIRGWDnj5qk +11EfrxTqUoIx/eGUN5LMVSuH+sRxg79CEJ9k9n04Wwcg002Ls8C49QQNL1aPL0lH +qsU5rT8z/2EO8JjcjiT6HHERsrz+0Z2x3AFkIyuwjdyQYEKxzWIYNx9SdmUiNRKd +iF/TucC6rozxUndkh2/8dwoZQL2AHgW3UJD4VtonRSptq28ZRH7FShT035gS+B6s +H1vyUGUbmyGaFo5vezA5VyqBFrih0qknrXVUhm0mcrmcCBMo9fKhfmv/6umvXrnn +mS+5oTNL+rpzgxYpPKzlwpxOrGIgjT8tBlh2efx+N3/DQaKVbCz/YLZGmGTKgbeY +t1RzBO7iN4u1jtTS2q+uZzXNXANAbl0GemNEGWgHLti7VwRZWGa598Y4qRQyLO7L +jOj+0AiV1GfOmWXpT9t0+apPkmoJAuNSJ4xoVw45eLjjAzU3jIc= +=uesI +-----END PGP SIGNATURE----- diff --git a/bind.changes b/bind.changes index 34d099c..5a30261 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Tue Aug 18 12:13:49 UTC 2020 - Josef Möllers + +- Upgrade to version 9.16.6 + Fixes five vilnerabilities: + 5481. [security] "update-policy" rules of type "subdomain" were + incorrectly treated as "zonesub" rules, which allowed + keys used in "subdomain" rules to update names outside + of the specified subdomains. The problem was fixed by + making sure "subdomain" rules are again processed as + described in the ARM. (CVE-2020-8624) [GL #2055] + + 5480. [security] When BIND 9 was compiled with native PKCS#11 support, it + was possible to trigger an assertion failure in code + determining the number of bits in the PKCS#11 RSA public + key with a specially crafted packet. (CVE-2020-8623) + [GL #2037] + + 5479. [security] named could crash in certain query resolution scenarios + where QNAME minimization and forwarding were both + enabled. (CVE-2020-8621) [GL #1997] + + 5478. [security] It was possible to trigger an assertion failure by + sending a specially crafted large TCP DNS message. + (CVE-2020-8620) [GL #1996] + + 5476. [security] It was possible to trigger an assertion failure when + verifying the response to a TSIG-signed request. + (CVE-2020-8622) [GL #2028] + For the less severe bugs fixed, see the CHANGES file. + [bsc#1175443, CVE-2020-8624, CVE-2020-8623, CVE-2020-8621, + CVE-2020-8620, CVE-2020-8622] + ------------------------------------------------------------------- Thu Aug 6 12:35:10 UTC 2020 - Josef Möllers diff --git a/bind.spec b/bind.spec index 7302688..0f3d3c0 100644 --- a/bind.spec +++ b/bind.spec @@ -24,7 +24,7 @@ %define libdns libdns%{dns_sonum} %define irs_sonum 1601 %define libirs libirs%{irs_sonum} -%define isc_sonum 1605 +%define isc_sonum 1606 %define libisc libisc%{isc_sonum} %define isccc_sonum 1600 %define libisccc libisccc%{isccc_sonum} @@ -60,7 +60,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.16.5 +Version: 9.16.6 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 @@ -524,6 +524,7 @@ fi %{_datadir}/bind/ldapdump %ghost %{_rundir}/named %{_fillupdir}/sysconfig.named-named +%attr(1775,root,named) %dir %{_var}/lib/named %dir %{_var}/lib/named/master %attr(-,named,named) %dir %{_var}/lib/named/dyn %attr(-,named,named) %dir %{_var}/lib/named/slave @@ -559,7 +560,6 @@ fi %if %{with_systemd} %{_prefix}/lib/tmpfiles.d/bind-chrootenv.conf %endif -%attr(1775,root,named) %dir %{_var}/lib/named %dir %{_var}/lib/named%{_sysconfdir} %dir %{_var}/lib/named%{_sysconfdir}/named.d %dir %{_var}/lib/named/dev From c61c37b69fc959b370e1a1688b52b94a21509620f7a106628f185c859585c034 Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Fri, 28 Aug 2020 10:01:48 +0000 Subject: [PATCH 2/2] Accepting request 830239 from home:dimstar:Factory - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. OBS-URL: https://build.opensuse.org/request/show/830239 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=295 --- bind.changes | 6 ++++++ bind.spec | 2 ++ 2 files changed, 8 insertions(+) diff --git a/bind.changes b/bind.changes index 5a30261..8d5c328 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Aug 28 09:38:11 UTC 2020 - Dominique Leuenberger + +- Require /sbin/start_daemon: both init scripts, the one used in + systemd context as well as legacy sysv, make use of start_daemon. + ------------------------------------------------------------------- Tue Aug 18 12:13:49 UTC 2020 - Josef Möllers diff --git a/bind.spec b/bind.spec index 0f3d3c0..7689ae2 100644 --- a/bind.spec +++ b/bind.spec @@ -106,6 +106,8 @@ Provides: bind9 = %{version} Provides: dns_daemon Obsoletes: bind8 < %{version} Obsoletes: bind9 < %{version} +# named.init (systemd) and init/named both call start_daemon, so unconditional require it +Requires: /sbin/start_daemon %if %{with_systemd} BuildRequires: systemd-rpm-macros BuildRequires: sysuser-shadow