Accepting request 1005207 from network

OBS-URL: https://build.opensuse.org/request/show/1005207
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bind?expand=0&rev=185

bind-9.18.6.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d43a0fed03c774d1685d203598218c0b7774a88fcc390a0170710d5feb7fbff1
-size 5171132

bind-9.18.6.tar.xz.sha512.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE4l6wzxzoBJ1H8dmmM+EOShg6jkYFAmL0AkwACgkQM+EOShg6
-jkaylw/9Evr/sUupCkvNFVt+FtqlnfBDt8WCSlwPaSr5TVU+JCX+0SnNkIrST5Ho
-wOACBRks6ATzvtL4pAnr+DRJFen+G0WL57YJsR6geKKm78W7WzV49zG3FSad6RTq
-FyXoRNClteBttitPd0ubCHhHAqPcrmbVAlS+79l/8Q//r+llV99gY4h8ZVQC2f2I
-rnrJzprT3ZwwCqTyV03zigBcRINS9+/Ij/MlRoG5VGldSaDJB0dLMlJMzeIWeiLG
-aeHRTDB5q64HXS6zpzcYZcs6cG80lMFpYqMFP8+FZml1mz8PEhvhTb5cM94Ar1b1
-Iy/QMLzORneSCHq62o4Tc2jgFTv6y7LqRHnCujt+I0UpOt26tV5O/kr/CbMrgx9R
-mU/PScStLU5m38vwGrIfLegx9fauHPvQckM5Mbvv5E/ntFaza7r7aedjj5cMY92N
-uEHUKknYFP+nIRPEpaN/oIkkbVcRq99LviI2tlVUrkHR/siNy2Y/eHXm1nLs9s3y
-4mdns0dx0/d+sewaL4jpS9+EynDoy3IiAXpo2CMR8no/AIm2nqwrCtcR/slmsdUr
-P5lwlJZoyz4tsjFHTRyeEk4ciMEwDoIFQ+hwQovAL7Vq/2lIgXcvvQn0IX96n2SS
-cmFovsMMN7Y6LE/Tfx8CuHyP2bGs+V3wyepk3p2lJWrIWjJ7a/s=
-=2oT4
------END PGP SIGNATURE-----

bind-9.18.7.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9e2acf1698f49d70ad12ffbad39ec6716a7da524e9ebd98429c7c70ba1262981
+size 5626820

bind-9.18.7.tar.xz.sha512.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE4l6wzxzoBJ1H8dmmM+EOShg6jkYFAmMfNs4ACgkQM+EOShg6
+jkY1aRAAySGOpDT4MFnuTI5w7RdWjMNclOGJoFK6ihbkF6lQDrRqRuYlmAq9UwW2
+KR+rAAAqAHk/EmDzsmq15OcsJdJOMrJTp88YEI4EdAcInOK4xbjDl73P0oOnlRjJ
+/8Aw2awrDPjMPoEoF9YBLPfU1Q2Vlunybzlq9sZ7eUWpp1qSa6x3EoWS/bB/f66G
+FhWpbEqdkBOCW8osm3svSOTCkYhlimX6Y2bTyhjSUdfS8q5rwYoiDEsbzjgoMS5l
+eNQb0bexCEBmaTjzARGXo2JzGcNMu9aeee3noeusTV/x3r5zgOjl/TDkx7Y4CAaN
+qtWeoYVp4p4ulisaFqP1bHuksUVgez+2SzrqJ0NpvhLZzbi5dRnsHT93iDcoR+X/
+yjyVQFiunZq3kU46Cf8gT29fxfyi3C/3BVxMkdZz2kI4LwRWvAng7mk9tfKH/2/d
+d44hvv0R4Mdv38/zd8m2pddh8A7rY7l7CbPrKe0V6UTsnErFi/B14fLu58vQHlZL
+8SBBLT2YSiJFQRMfcbCwVTW9r54pqb+MJxkBCgGMDAULOqdBSXfydQdEkbkC1R9i
+u522mH5/VafntJabrxWa4blz/2pClTWswCYCT9LIb8wTFgU+n99+1ozIW7arLFMe
+/ncipDqQffaC+DY88PlF5AOhG4I7hqbJR6yVrPaIL7On+2vIn+A=
+=/BQv
+-----END PGP SIGNATURE-----

bind-fix-mysql-bindings.patch

@@ -1,22 +0,0 @@
---- a/contrib/dlz/modules/mysql/Makefile
-+++ b/contrib/dlz/modules/mysql/Makefile
-@@ -27,7 +27,7 @@ prefix = /usr
- libdir = $(prefix)/lib/bind9
- 
- CFLAGS=-fPIC -g -I../include $(shell mysql_config --cflags)
--LDAP_LIBS=$(shell mysql_config --libs)
-+MYSQL_LIBS=$(shell mysql_config --libs)
- 
- all: dlz_mysql_dynamic.so
- 
---- a/contrib/dlz/modules/mysqldyn/Makefile
-+++ b/contrib/dlz/modules/mysqldyn/Makefile
-@@ -27,7 +27,7 @@ prefix = /usr
- libdir = $(prefix)/lib/bind9
- 
- CFLAGS=-fPIC -g -I../include $(shell mysql_config --cflags)
--LDAP_LIBS=$(shell mysql_config --libs)
-+MYSQL_LIBS=$(shell mysql_config --libs)
- 
- all: dlz_mysqldyn_mod.so
- 

bind.changes

@@ -1,3 +1,52 @@
+-------------------------------------------------------------------
+Wed Sep 21 11:49:07 UTC 2022 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to bind release 9.18.7
+  Security Fixes:
+  * Previously, there was no limit to the number of database lookups
+    performed while processing large delegations, which could be
+    abused to severely impact the performance of named running as a
+    recursive resolver. This has been fixed. (CVE-2022-2795)
+  * When an HTTP connection was reused to request statistics from the
+    stats channel, the content length of successive responses could
+    grow in size past the end of the allocated buffer.
+    This has been fixed. (CVE-2022-2881)
+  * Memory leaks in code handling Diffie-Hellman (DH) keys were fixed
+    that could be externally triggered, when using TKEY records in DH
+    mode with OpenSSL 3.0.0 and later versions. (CVE-2022-2906)
+  * named running as a resolver with the stale-answer-client-timeout
+    option set to 0 could crash with an assertion failure, when there
+    was a stale CNAME in the cache for the incoming query.
+    This has been fixed. (CVE-2022-3080)
+  * Memory leaks were fixed that could be externally triggered in the
+    DNSSEC verification code for the EdDSA algorithm. (CVE-2022-38178)
+
+  Feature Changes:
+  * Response Rate Limiting (RRL) code now treats all QNAMEs that are
+    subject to wildcard processing within a given zone as the same
+    name, to prevent circumventing the limits enforced by RRL.
+  * Zones using dnssec-policy now require dynamic DNS or
+    inline-signing to be configured explicitly.
+  * When reconfiguring dnssec-policy from using NSEC with an NSEC-only
+    DNSKEY algorithm (e.g. RSASHA1) to a policy that uses NSEC3,
+    BIND 9 no longer fails to sign the zone; instead, it keeps using
+    NSEC until the offending DNSKEY records have been removed from the
+    zone, then switches to using NSEC3.
+  * A backward-compatible approach was implemented for encoding
+    internationalized domain names (IDN) in dig and converting the
+    domain to IDNA2008 form; if that fails, BIND tries an IDNA2003
+    conversion.
+
+  Bug Fixes:
+  * A serve-stale bug was fixed, where BIND would try to return stale
+    data from cache for lookups that received duplicate queries or
+    queries that would be dropped. This bug resulted in premature
+    SERVFAIL responses, and has now been resolved.
+
+  This obsoletes the following patch:
+  * bind-fix-mysql-bindings.patch
+  [bsc#1203614, bsc#1203615, bsc#1203616, bsc#1203618, bsc#1203620]
+
 -------------------------------------------------------------------
 Thu Aug 18 14:57:33 UTC 2022 - Jorik Cronenberg <jorik.cronenberg@suse.com>
 

bind.spec

@@ -56,7 +56,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.18.6
+Version:        9.18.7
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0
@@ -75,7 +75,6 @@ Source70:       bind.conf
 # configuation file for systemd-sysusers
 Source72:       named.conf
 Patch56:        bind-ldapdump-use-valid-host.patch
-Patch57:        bind-fix-mysql-bindings.patch
 BuildRequires:  libcap-devel
 BuildRequires:  libopenssl-devel
 BuildRequires:  libtool