Updating link to change in openSUSE:Factory/bind revision 202

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=bcdc6915a88de27ff8edbaf4e872e82d

bind-9.18.18.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160
-size 5490428

bind-9.18.18.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE2ZzOr4eXRwFPA41jGC4jV5Ri76oFAmTQ1kIACgkQGC4jV5Ri
-76qw9xAAh5ijFBTgfhOCyJn7gQpH6zOFTQpYfhkMozbHxydxUsMNo7uko+Lh2k14
-BhsC3ccU8HrePI4hTgY3slAqGAGsxpLz1BIDoLkqsTsfbZchJF/mr9jv3oBtzvdj
-V3B+51M3abyE95Ogt9Qct9TBfhST8BjkSlUAxIiJejC7gyGoDGkgvX3SPelJZjcb
-3MWLtu4yq4AQhPdFdoY39eb0O/i2ZAU/yP2Rh0EgBWZ1Cuicn65n7J47WnYvwxI2
-NjJdM+vjdCByl833WnPVo92K2VEWx143YlDili9GUqybcob1K+nA73WQ+Ub83+Lv
-7oXm+58IcC1gKQXP8xY8+Y42lz4FOOvth8lFP394kut5Fk6KhEPEbtB7sNksna0i
-hOd9ukDZSOqpTdJdGL/QQV5Y0kwsdGYW6PQlsLwcyQ5qDVWBxWlkRoT8D45/ul6+
-4VBnIerG3ya1WfDyu+2uIGw7Xvt7KZaI9j39NUZYFxtfYXT6xELVF+sq/dlD76au
-8eVGbG4qU4GsA6Q+ykvxKHlNWFbm8UbS4BsVGqGnV0GUXXB0vDJwxxpkJMUeS6NA
-87OqFqCfjGRQtfxIKEyheMMZCHYM7hWE2lXBkpuCg9v8QET0iPA13xbl15HQlV2S
-Bpzc788BPGTM+UkMVPrpPw8kAbDhIHbPN2aV7qUUm1sq5jZrQis=
-=o+pr
------END PGP SIGNATURE-----

bind-9.18.19.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc
+size 5508464

bind-9.18.19.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmUAGbIACgkQUQpkKgbF
+LOzRaw/8D7NZfasW7by/PkDGS4QKRa/BeTupTZB6DaeXme1pv8E0YcZI/dsxdeLD
+YmAa+soyRsXncnqujdwLG9nYV+vLZacfgV9n6e59fSZFK+NhEAzcPq/Q8Q0nFr5D
+m8ygn71Ux6//lufM3CCNDkNXp7hr008++tzNreiZYbwdSJPQWUlzYn//Je3M6z9v
+CldLn1j6aNtt+SdDeuDwNnabFBo9h0Yu2OKKsNimF0Sf0tlbhkJdL7lVTl0frOte
+GyyQPsLIEMEiJ/e7+fdlmYXxYaa61ha37dFTxlRMpYP2lL7rfpoyMY+bTVUcisKC
+8rle150L7xlDZ0z7VT39QJHEqnJxeKduXmVSUsAG3+VFnilcv6bvLhUxLG8ej/Z1
+yaCa0IaqvTydblMZ8kVqM6wNex4InKrx8Ku6YTv5VEKC/BnjukLhAaUeqEWFie+o
+NIiIIbp7Ut4a8J2JytcRMMjuLkvgBkXACGkOvP9nNlTw3fWMzlOVZ6Q6GIolT/k0
+ApH5YdofJoBALMlARDgZJWFpeyXwl1PsDW3KS9uh6wKiMW76YqqCfsLiLtwqvPzj
+AxBJTXOPUC3Hh1ReO7n9eTiWbEGSS1MQYtF0aglpuUzrJsmNb0Scvx6g0zYfCMkv
+yjZUuFXgrXpaoiiCI5hifwwVzwaSwCaUErxk9csyrs+6eS6ud38=
+=v7Aj
+-----END PGP SIGNATURE-----

bind.changes

@@ -1,3 +1,57 @@
+-------------------------------------------------------------------
+Tue Sep 19 13:28:53 UTC 2023 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to release 9.18.19
+  Security Fixes:
+  * Previously, sending a specially crafted message over the
+    control channel could cause the packet-parsing code to run out
+    of available stack memory, causing named to terminate
+    unexpectedly. This has been fixed. (CVE-2023-3341)
+    [bsc#1215472]
+  * A flaw in the networking code handling DNS-over-TLS queries
+    could cause named to terminate unexpectedly due to an assertion
+    failure under significant DNS-over-TLS query load. This has
+    been fixed. (CVE-2023-4236)
+    [bsc#1215471]
+
+  Removed Features:
+  * The dnssec-must-be-secure option has been deprecated and will
+    be removed in a future release.
+
+  Feature Changes:
+  * If the server command is specified, nsupdate now honors the
+    nsupdate -v option for SOA queries by sending both the UPDATE
+    request and the initial query over TCP.
+
+  Bug Fixes:
+  * The value of the If-Modified-Since header in the statistics
+    channel was not being correctly validated for its length,
+    potentially allowing an authorized user to trigger a buffer
+    overflow. Ensuring the statistics channel is configured
+    correctly to grant access exclusively to authorized users is
+    essential (see the statistics-channels block definition and
+    usage section).
+  * The Content-Length header in the statistics channel was lacking
+    proper bounds checking. A negative or excessively large value
+    could potentially trigger an integer overflow and result in an
+    assertion failure.
+  * Several memory leaks caused by not clearing the OpenSSL error
+    stack were fixed.
+  * The introduction of krb5-subdomain-self-rhs and
+    ms-subdomain-self-rhs UPDATE policies accidentally caused named
+    to return SERVFAIL responses to deletion requests for
+    non-existent PTR and SRV records. This has been fixed.
+  * The stale-refresh-time feature was mistakenly disabled when the
+    server cache was flushed by rndc flush. This has been fixed.
+  * BIND’s memory consumption has been improved by implementing
+    dedicated jemalloc memory arenas for sending buffers. This
+    optimization ensures that memory usage is more efficient and
+    better manages the return of memory pages to the operating
+    system.
+  * Previously, partial writes in the TLS DNS code were not
+    accounted for correctly, which could have led to DNS message
+    corruption. This has been fixed.
+
 -------------------------------------------------------------------
 Mon Sep 11 07:44:13 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 

bind.spec

@@ -56,7 +56,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.18.18
+Version:        9.18.19
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0