From b54c333035954a43aecdfcd1e280e02bea0977cfb0625d8ad5633b34e57f0137 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Fri, 22 Sep 2023 19:47:10 +0000 Subject: [PATCH] Updating link to change in openSUSE:Factory/bind revision 202 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=bcdc6915a88de27ff8edbaf4e872e82d --- bind-9.18.18.tar.xz | 3 --- bind-9.18.18.tar.xz.asc | 16 ------------ bind-9.18.19.tar.xz | 3 +++ bind-9.18.19.tar.xz.asc | 16 ++++++++++++ bind.changes | 54 +++++++++++++++++++++++++++++++++++++++++ bind.spec | 2 +- 6 files changed, 74 insertions(+), 20 deletions(-) delete mode 100644 bind-9.18.18.tar.xz delete mode 100644 bind-9.18.18.tar.xz.asc create mode 100644 bind-9.18.19.tar.xz create mode 100644 bind-9.18.19.tar.xz.asc diff --git a/bind-9.18.18.tar.xz b/bind-9.18.18.tar.xz deleted file mode 100644 index b62db9b..0000000 --- a/bind-9.18.18.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160 -size 5490428 diff --git a/bind-9.18.18.tar.xz.asc b/bind-9.18.18.tar.xz.asc deleted file mode 100644 index 7724b46..0000000 --- a/bind-9.18.18.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEE2ZzOr4eXRwFPA41jGC4jV5Ri76oFAmTQ1kIACgkQGC4jV5Ri -76qw9xAAh5ijFBTgfhOCyJn7gQpH6zOFTQpYfhkMozbHxydxUsMNo7uko+Lh2k14 -BhsC3ccU8HrePI4hTgY3slAqGAGsxpLz1BIDoLkqsTsfbZchJF/mr9jv3oBtzvdj -V3B+51M3abyE95Ogt9Qct9TBfhST8BjkSlUAxIiJejC7gyGoDGkgvX3SPelJZjcb -3MWLtu4yq4AQhPdFdoY39eb0O/i2ZAU/yP2Rh0EgBWZ1Cuicn65n7J47WnYvwxI2 -NjJdM+vjdCByl833WnPVo92K2VEWx143YlDili9GUqybcob1K+nA73WQ+Ub83+Lv -7oXm+58IcC1gKQXP8xY8+Y42lz4FOOvth8lFP394kut5Fk6KhEPEbtB7sNksna0i -hOd9ukDZSOqpTdJdGL/QQV5Y0kwsdGYW6PQlsLwcyQ5qDVWBxWlkRoT8D45/ul6+ -4VBnIerG3ya1WfDyu+2uIGw7Xvt7KZaI9j39NUZYFxtfYXT6xELVF+sq/dlD76au -8eVGbG4qU4GsA6Q+ykvxKHlNWFbm8UbS4BsVGqGnV0GUXXB0vDJwxxpkJMUeS6NA -87OqFqCfjGRQtfxIKEyheMMZCHYM7hWE2lXBkpuCg9v8QET0iPA13xbl15HQlV2S -Bpzc788BPGTM+UkMVPrpPw8kAbDhIHbPN2aV7qUUm1sq5jZrQis= -=o+pr ------END PGP SIGNATURE----- diff --git a/bind-9.18.19.tar.xz b/bind-9.18.19.tar.xz new file mode 100644 index 0000000..b6e9940 --- /dev/null +++ b/bind-9.18.19.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc +size 5508464 diff --git a/bind-9.18.19.tar.xz.asc b/bind-9.18.19.tar.xz.asc new file mode 100644 index 0000000..3739bb8 --- /dev/null +++ b/bind-9.18.19.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEcGtsKGIOdvkdEfffUQpkKgbFLOwFAmUAGbIACgkQUQpkKgbF +LOzRaw/8D7NZfasW7by/PkDGS4QKRa/BeTupTZB6DaeXme1pv8E0YcZI/dsxdeLD +YmAa+soyRsXncnqujdwLG9nYV+vLZacfgV9n6e59fSZFK+NhEAzcPq/Q8Q0nFr5D +m8ygn71Ux6//lufM3CCNDkNXp7hr008++tzNreiZYbwdSJPQWUlzYn//Je3M6z9v +CldLn1j6aNtt+SdDeuDwNnabFBo9h0Yu2OKKsNimF0Sf0tlbhkJdL7lVTl0frOte +GyyQPsLIEMEiJ/e7+fdlmYXxYaa61ha37dFTxlRMpYP2lL7rfpoyMY+bTVUcisKC +8rle150L7xlDZ0z7VT39QJHEqnJxeKduXmVSUsAG3+VFnilcv6bvLhUxLG8ej/Z1 +yaCa0IaqvTydblMZ8kVqM6wNex4InKrx8Ku6YTv5VEKC/BnjukLhAaUeqEWFie+o +NIiIIbp7Ut4a8J2JytcRMMjuLkvgBkXACGkOvP9nNlTw3fWMzlOVZ6Q6GIolT/k0 +ApH5YdofJoBALMlARDgZJWFpeyXwl1PsDW3KS9uh6wKiMW76YqqCfsLiLtwqvPzj +AxBJTXOPUC3Hh1ReO7n9eTiWbEGSS1MQYtF0aglpuUzrJsmNb0Scvx6g0zYfCMkv +yjZUuFXgrXpaoiiCI5hifwwVzwaSwCaUErxk9csyrs+6eS6ud38= +=v7Aj +-----END PGP SIGNATURE----- diff --git a/bind.changes b/bind.changes index 573b594..36a4e54 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,57 @@ +------------------------------------------------------------------- +Tue Sep 19 13:28:53 UTC 2023 - Jorik Cronenberg + +- Update to release 9.18.19 + Security Fixes: + * Previously, sending a specially crafted message over the + control channel could cause the packet-parsing code to run out + of available stack memory, causing named to terminate + unexpectedly. This has been fixed. (CVE-2023-3341) + [bsc#1215472] + * A flaw in the networking code handling DNS-over-TLS queries + could cause named to terminate unexpectedly due to an assertion + failure under significant DNS-over-TLS query load. This has + been fixed. (CVE-2023-4236) + [bsc#1215471] + + Removed Features: + * The dnssec-must-be-secure option has been deprecated and will + be removed in a future release. + + Feature Changes: + * If the server command is specified, nsupdate now honors the + nsupdate -v option for SOA queries by sending both the UPDATE + request and the initial query over TCP. + + Bug Fixes: + * The value of the If-Modified-Since header in the statistics + channel was not being correctly validated for its length, + potentially allowing an authorized user to trigger a buffer + overflow. Ensuring the statistics channel is configured + correctly to grant access exclusively to authorized users is + essential (see the statistics-channels block definition and + usage section). + * The Content-Length header in the statistics channel was lacking + proper bounds checking. A negative or excessively large value + could potentially trigger an integer overflow and result in an + assertion failure. + * Several memory leaks caused by not clearing the OpenSSL error + stack were fixed. + * The introduction of krb5-subdomain-self-rhs and + ms-subdomain-self-rhs UPDATE policies accidentally caused named + to return SERVFAIL responses to deletion requests for + non-existent PTR and SRV records. This has been fixed. + * The stale-refresh-time feature was mistakenly disabled when the + server cache was flushed by rndc flush. This has been fixed. + * BIND’s memory consumption has been improved by implementing + dedicated jemalloc memory arenas for sending buffers. This + optimization ensures that memory usage is more efficient and + better manages the return of memory pages to the operating + system. + * Previously, partial writes in the TLS DNS code were not + accounted for correctly, which could have led to DNS message + corruption. This has been fixed. + ------------------------------------------------------------------- Mon Sep 11 07:44:13 UTC 2023 - Pedro Monreal diff --git a/bind.spec b/bind.spec index b346e3d..b97f6a9 100644 --- a/bind.spec +++ b/bind.spec @@ -56,7 +56,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.18.18 +Version: 9.18.19 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0