diff --git a/bind-9.18.10.tar.xz b/bind-9.18.10.tar.xz deleted file mode 100644 index 1844032..0000000 --- a/bind-9.18.10.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f415a92feb62568b50854a063cb231e257351f8672186d0ab031a49b3de2cac6 -size 5261572 diff --git a/bind-9.18.10.tar.xz.sha512.asc b/bind-9.18.10.tar.xz.sha512.asc deleted file mode 100644 index 09a0e58..0000000 --- a/bind-9.18.10.tar.xz.sha512.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Comment: GPGTools - https://gpgtools.org - -iQIzBAABCgAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAmObPesACgkQxbTukxqf -nf1gbhAAk+vJ/TxU53Y+255n8EZ+397ob3zS3benKHGCD30JkmY8hhfCIwn5eXrZ -7xUG71JP7VThltJ9h8Qbw5x/bKrThXtCXHYg8/5Ok7HL4QyvjJ3CQ7DMDAMHVHfc -vO8iYCGJ9izcgvtNiPs0fkUUQzMbVBsD/OH9iyyF/vGbt/02IRNYTLekFnM/H1jc -kU4m4kKw1xlA3cQMq3jxVxhyb9flHUujuUPOp7sp4D1wx+jiWQaD9vBWed5nTwgl -k/Z4h1tRJhewjaU+KbTTRgpT3b061//M7nhF4b9WNBRhGLJGKO2Ibd6e6HOTxxHu -0ELue1enBvqM7Wc1OqAgcfvKhRZLCEyPyX1SqxRw33no1uFw4pwsf5HrJMy02ZDB -OgeJZsEUy7g+MC27xFbzzReDU4Osk0nxxg57QVUn2dS/E2mtKi3BTXZlJQvG3VSX -oTM2/SOotgYTVjH+GBIYpV5V0lPHEh+DoSkefYIuG1MfJLRPbP1JDrrmBxF1N3Bk -3utgIuYUBdIU3heB21ZnVHRwPDAOMyqIaylfxwWUuWs9tl/Y5vbZeJBZl7Y/tXlS -BuxMi2zUNZNAd8cYTSxja8Cw5I3NF29dfQ2F2NU8VR8Dmp2Sw6UqxaQr0Sr6Zc8K -Y5/973OPjgDxRqYnMWQV2UT60ge0ortcnwaNIHeGUA5zLONLAyo= -=g2rP ------END PGP SIGNATURE----- diff --git a/bind-9.18.11.tar.xz b/bind-9.18.11.tar.xz new file mode 100644 index 0000000..738ded3 --- /dev/null +++ b/bind-9.18.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158 +size 5284184 diff --git a/bind-9.18.11.tar.xz.sha512.asc b/bind-9.18.11.tar.xz.sha512.asc new file mode 100644 index 0000000..601371c --- /dev/null +++ b/bind-9.18.11.tar.xz.sha512.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE4l6wzxzoBJ1H8dmmM+EOShg6jkYFAmPGp7oACgkQM+EOShg6 +jkYWUQ/9GE7nNzbwDSoV/fGf642TpY0cCV07rhxy4HEk7ke6Agzp4oSZco2crTG/ +xZCmEC9LWXGNM4BdA4KtCe/mKQhqUsxa2N5OJKCV0hoT6l07GXkta7yrWijIsNKK +usLU4j4DECOxlCeiZbtw09qGBkz7cAXyll2Jo7uO/kcDUWbWYjm0IbmOc3vNlpBu +PH57fauptJjIsOYqn46/gPXfIubR+mcDHfJBbo8lalWZcGwoLv438jD5mfNE0eIO +e8tt3yB+OY1W/fxtpXnKpwDVUBrTcmpJULMqzFRzfsQLp6YgQVCdTCeicHWmuwrO +rhX08W8eBgyzPFCBNtyQfjTrViv0tXg9jdbOpRWPdXu4zcLkMkBPf9B2CvvKtN/k +1VcfG0VMeVFEpIV7GywzKEGuJeAldFmKfSyMRQZM+yc+SZqGOmE3YKKpIQQSVhoz +MI7MvYrglRNUCuBWKnuzHvPb/PwSWfB9fq+l5WvBHMdeXHiZHfuDe53vhO3t7RaV +flyb24vIhGA1UqQTdykn3xIhKzZVl6RuYS9sKzM/OtopLKRqUpYGc+KKxjAQY8OY +NZapOd3MbKz1Yzz15qYDuhjOuOPTYZVA3dDHrNJKu9gkRQmI6rSWaOimxt8yP2Er +rlYZSM++AZEeqAFpkohxyLXpwj1/3O00Hbkewj4kdb6zviMSdi4= +=Hd/a +-----END PGP SIGNATURE----- diff --git a/bind.changes b/bind.changes index 37ebb26..d7fdddb 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,71 @@ +------------------------------------------------------------------- +Tue Jan 24 13:39:10 UTC 2023 - Jorik Cronenberg + +- Update to release 9.18.11 + Security Fixes: + * An UPDATE message flood could cause named to exhaust all + available memory. This flaw was addressed by adding a new + update-quota option that controls the maximum number of + outstanding DNS UPDATE messages that named can hold in a queue + at any given time (default: 100). (CVE-2022-3094) + * named could crash with an assertion failure when an RRSIG query + was received and stale-answer-client-timeout was set to a + non-zero value. This has been fixed. (CVE-2022-3736) + * named running as a resolver with the + stale-answer-client-timeout option set to any value greater + than 0 could crash with an assertion failure, when the + recursive-clients soft quota was reached. This has been fixed. + (CVE-2022-3924) + + New Features: + * The new update-quota option can be used to control the number + of simultaneous DNS UPDATE messages that can be processed to + update an authoritative zone on a primary server, or forwarded + to the primary server by a secondary server. The default is + 100. A new statistics counter has also been added to record + events when this quota is exceeded, and the version numbers for + the XML and JSON statistics schemas have been updated. + + Removed Features: + * The Differentiated Services Code Point (DSCP) feature in BIND + has been non-operational since the new Network Manager was + introduced in BIND 9.16. It is now marked as obsolete, and + vestigial code implementing it has been removed. Configuring + DSCP values in named.conf now causes a warning to be logged. + + Feature Changes: + * The catalog zone implementation has been optimized to work with + hundreds of thousands of member zones. + + Bug Fixes: + * A rare assertion failure was fixed in outgoing TCP DNS + connection handling. + * Large zone transfers over TLS (XoT) could fail. This has been + fixed. + * In addition to a previously fixed bug, another similar issue + was discovered where quotas could be erroneously reached for + servers, including any configured forwarders, resulting in + SERVFAIL answers being sent to clients. This has been fixed. + * In certain query resolution scenarios (e.g. when following + CNAME records), named configured to answer from stale cache + could return a SERVFAIL response despite a usable, non-stale + answer being present in the cache. This has been fixed. + * When an outgoing request timed out, named would retry up to + three times with the same server instead of trying the next + available name server. This has been fixed. + * Recently used ADB names and ADB entries (IP addresses) could + get cleaned when ADB was under memory pressure. To mitigate + this, only actual ADB names and ADB entries are now counted + (excluding internal memory structures used for “housekeeping”) + and recently used (<= 10 seconds) ADB names and entries are + excluded from the overmem memory cleaner. + * The “Prohibited” Extended DNS Error was inadvertently set in + some NOERROR responses. This has been fixed. + * Previously, TLS session resumption could have led to handshake + failures when client certificates were used for authentication + (Mutual TLS). This has been fixed. + [bsc#1207471, bsc#1207473, bsc#1207475] + ------------------------------------------------------------------- Wed Jan 4 16:42:37 UTC 2023 - Thiago Macieira diff --git a/bind.spec b/bind.spec index 3a0b5b6..18f0592 100644 --- a/bind.spec +++ b/bind.spec @@ -56,7 +56,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.18.10 +Version: 9.18.11 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0