diff --git a/bind-9.18.6.tar.xz b/bind-9.18.6.tar.xz deleted file mode 100644 index a126f62..0000000 --- a/bind-9.18.6.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d43a0fed03c774d1685d203598218c0b7774a88fcc390a0170710d5feb7fbff1 -size 5171132 diff --git a/bind-9.18.6.tar.xz.sha512.asc b/bind-9.18.6.tar.xz.sha512.asc deleted file mode 100644 index ce1d664..0000000 --- a/bind-9.18.6.tar.xz.sha512.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEE4l6wzxzoBJ1H8dmmM+EOShg6jkYFAmL0AkwACgkQM+EOShg6 -jkaylw/9Evr/sUupCkvNFVt+FtqlnfBDt8WCSlwPaSr5TVU+JCX+0SnNkIrST5Ho -wOACBRks6ATzvtL4pAnr+DRJFen+G0WL57YJsR6geKKm78W7WzV49zG3FSad6RTq -FyXoRNClteBttitPd0ubCHhHAqPcrmbVAlS+79l/8Q//r+llV99gY4h8ZVQC2f2I -rnrJzprT3ZwwCqTyV03zigBcRINS9+/Ij/MlRoG5VGldSaDJB0dLMlJMzeIWeiLG -aeHRTDB5q64HXS6zpzcYZcs6cG80lMFpYqMFP8+FZml1mz8PEhvhTb5cM94Ar1b1 -Iy/QMLzORneSCHq62o4Tc2jgFTv6y7LqRHnCujt+I0UpOt26tV5O/kr/CbMrgx9R -mU/PScStLU5m38vwGrIfLegx9fauHPvQckM5Mbvv5E/ntFaza7r7aedjj5cMY92N -uEHUKknYFP+nIRPEpaN/oIkkbVcRq99LviI2tlVUrkHR/siNy2Y/eHXm1nLs9s3y -4mdns0dx0/d+sewaL4jpS9+EynDoy3IiAXpo2CMR8no/AIm2nqwrCtcR/slmsdUr -P5lwlJZoyz4tsjFHTRyeEk4ciMEwDoIFQ+hwQovAL7Vq/2lIgXcvvQn0IX96n2SS -cmFovsMMN7Y6LE/Tfx8CuHyP2bGs+V3wyepk3p2lJWrIWjJ7a/s= -=2oT4 ------END PGP SIGNATURE----- diff --git a/bind-9.18.7.tar.xz b/bind-9.18.7.tar.xz new file mode 100644 index 0000000..6865a3d --- /dev/null +++ b/bind-9.18.7.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9e2acf1698f49d70ad12ffbad39ec6716a7da524e9ebd98429c7c70ba1262981 +size 5626820 diff --git a/bind-9.18.7.tar.xz.sha512.asc b/bind-9.18.7.tar.xz.sha512.asc new file mode 100644 index 0000000..adceb3f --- /dev/null +++ b/bind-9.18.7.tar.xz.sha512.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE4l6wzxzoBJ1H8dmmM+EOShg6jkYFAmMfNs4ACgkQM+EOShg6 +jkY1aRAAySGOpDT4MFnuTI5w7RdWjMNclOGJoFK6ihbkF6lQDrRqRuYlmAq9UwW2 +KR+rAAAqAHk/EmDzsmq15OcsJdJOMrJTp88YEI4EdAcInOK4xbjDl73P0oOnlRjJ +/8Aw2awrDPjMPoEoF9YBLPfU1Q2Vlunybzlq9sZ7eUWpp1qSa6x3EoWS/bB/f66G +FhWpbEqdkBOCW8osm3svSOTCkYhlimX6Y2bTyhjSUdfS8q5rwYoiDEsbzjgoMS5l +eNQb0bexCEBmaTjzARGXo2JzGcNMu9aeee3noeusTV/x3r5zgOjl/TDkx7Y4CAaN +qtWeoYVp4p4ulisaFqP1bHuksUVgez+2SzrqJ0NpvhLZzbi5dRnsHT93iDcoR+X/ +yjyVQFiunZq3kU46Cf8gT29fxfyi3C/3BVxMkdZz2kI4LwRWvAng7mk9tfKH/2/d +d44hvv0R4Mdv38/zd8m2pddh8A7rY7l7CbPrKe0V6UTsnErFi/B14fLu58vQHlZL +8SBBLT2YSiJFQRMfcbCwVTW9r54pqb+MJxkBCgGMDAULOqdBSXfydQdEkbkC1R9i +u522mH5/VafntJabrxWa4blz/2pClTWswCYCT9LIb8wTFgU+n99+1ozIW7arLFMe +/ncipDqQffaC+DY88PlF5AOhG4I7hqbJR6yVrPaIL7On+2vIn+A= +=/BQv +-----END PGP SIGNATURE----- diff --git a/bind-fix-mysql-bindings.patch b/bind-fix-mysql-bindings.patch deleted file mode 100644 index fa2e5b6..0000000 --- a/bind-fix-mysql-bindings.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- a/contrib/dlz/modules/mysql/Makefile -+++ b/contrib/dlz/modules/mysql/Makefile -@@ -27,7 +27,7 @@ prefix = /usr - libdir = $(prefix)/lib/bind9 - - CFLAGS=-fPIC -g -I../include $(shell mysql_config --cflags) --LDAP_LIBS=$(shell mysql_config --libs) -+MYSQL_LIBS=$(shell mysql_config --libs) - - all: dlz_mysql_dynamic.so - ---- a/contrib/dlz/modules/mysqldyn/Makefile -+++ b/contrib/dlz/modules/mysqldyn/Makefile -@@ -27,7 +27,7 @@ prefix = /usr - libdir = $(prefix)/lib/bind9 - - CFLAGS=-fPIC -g -I../include $(shell mysql_config --cflags) --LDAP_LIBS=$(shell mysql_config --libs) -+MYSQL_LIBS=$(shell mysql_config --libs) - - all: dlz_mysqldyn_mod.so - diff --git a/bind.changes b/bind.changes index 91f4ac2..916cc0b 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,52 @@ +------------------------------------------------------------------- +Wed Sep 21 11:49:07 UTC 2022 - Jorik Cronenberg + +- Update to bind release 9.18.7 + Security Fixes: + * Previously, there was no limit to the number of database lookups + performed while processing large delegations, which could be + abused to severely impact the performance of named running as a + recursive resolver. This has been fixed. (CVE-2022-2795) + * When an HTTP connection was reused to request statistics from the + stats channel, the content length of successive responses could + grow in size past the end of the allocated buffer. + This has been fixed. (CVE-2022-2881) + * Memory leaks in code handling Diffie-Hellman (DH) keys were fixed + that could be externally triggered, when using TKEY records in DH + mode with OpenSSL 3.0.0 and later versions. (CVE-2022-2906) + * named running as a resolver with the stale-answer-client-timeout + option set to 0 could crash with an assertion failure, when there + was a stale CNAME in the cache for the incoming query. + This has been fixed. (CVE-2022-3080) + * Memory leaks were fixed that could be externally triggered in the + DNSSEC verification code for the EdDSA algorithm. (CVE-2022-38178) + + Feature Changes: + * Response Rate Limiting (RRL) code now treats all QNAMEs that are + subject to wildcard processing within a given zone as the same + name, to prevent circumventing the limits enforced by RRL. + * Zones using dnssec-policy now require dynamic DNS or + inline-signing to be configured explicitly. + * When reconfiguring dnssec-policy from using NSEC with an NSEC-only + DNSKEY algorithm (e.g. RSASHA1) to a policy that uses NSEC3, + BIND 9 no longer fails to sign the zone; instead, it keeps using + NSEC until the offending DNSKEY records have been removed from the + zone, then switches to using NSEC3. + * A backward-compatible approach was implemented for encoding + internationalized domain names (IDN) in dig and converting the + domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 + conversion. + + Bug Fixes: + * A serve-stale bug was fixed, where BIND would try to return stale + data from cache for lookups that received duplicate queries or + queries that would be dropped. This bug resulted in premature + SERVFAIL responses, and has now been resolved. + + This obsoletes the following patch: + * bind-fix-mysql-bindings.patch + [bsc#1203614, bsc#1203615, bsc#1203616, bsc#1203618, bsc#1203620] + ------------------------------------------------------------------- Thu Aug 18 14:57:33 UTC 2022 - Jorik Cronenberg diff --git a/bind.spec b/bind.spec index e2af52a..ce267de 100644 --- a/bind.spec +++ b/bind.spec @@ -56,7 +56,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.18.6 +Version: 9.18.7 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 @@ -75,7 +75,6 @@ Source70: bind.conf # configuation file for systemd-sysusers Source72: named.conf Patch56: bind-ldapdump-use-valid-host.patch -Patch57: bind-fix-mysql-bindings.patch BuildRequires: libcap-devel BuildRequires: libopenssl-devel BuildRequires: libtool