diff --git a/bind-9.16.12.tar.xz b/bind-9.16.12.tar.xz deleted file mode 100644 index 2692b86..0000000 --- a/bind-9.16.12.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9914af9311fd349cab441097898d94fb28d0bfd9bf6ed04fe1f97f042644da7f -size 5017756 diff --git a/bind-9.16.12.tar.xz.sha512.asc b/bind-9.16.12.tar.xz.sha512.asc deleted file mode 100644 index 4097e23..0000000 --- a/bind-9.16.12.tar.xz.sha512.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEJFV3TUL9/mucOD64/hACvFlwgR8FAmAiI6sACgkQ/hACvFlw -gR9S7RAAtZCXjLtug5s2t+YqVUgKP3TKEgvJxSvZfZlEnQkkM9APg84UZKOc5XDY -Zzw1bJSuZ4f18KlJaJmQ++Y0XP++kv+tMJOcl8mkCUi/FKcfWCOW0qUy/ygb7ks6 -yarpxjuZ6DN+5xwOvJW9o1QiX5K0WYK2KdjsqfIrvf8HQqs4Ydgi9h2KtbkWBXp5 -Te6CLFSRfX2j2Ddbx1ggCzT3ztYNLT1trX+O7/wlISNl3ZS1wK475UlqA1qZc/lM -xE95p8KDR5+CHXJJNs7qr0jBS9WcB2N28yGJKAnCXw9tTEGtqa+QksgCthphmzQX -3vbB5KhcP1ho9pl/lyjh0Tnxm1Q9AbD42vMo6waGSRtIOMFK9Cjngulx5Wo5Aa3W -F3Ij95yMZmIo+WMCmdE6ejOL2r/JpiVYPWuR/1UHOFJbs+ZJSCSO4Ka7wauIraST -tpUUi6J/d6oTvx12IJb/A7jznX0n5o70N6I11lei5Os3N6V5BlU1+BN7aaeNoZzp -lgMsTJGhkD7IbdBRgl2qCsYI+jQr4nE0WpEEDwrio+ZEpBMs16WXcZBwUD6f9rW7 -Gl+Z6EhmhdWuMygngCXGfcGopmFJeFdDCbdnHCWjj+qWSc5JtdjB7+8iE/73frvr -TQ9ASrU4AwclNeEc3nVDuGC692h3w1IrOwHxFw2hIuwOJnPoj/U= -=y7e9 ------END PGP SIGNATURE----- diff --git a/bind-9.16.15.tar.xz b/bind-9.16.15.tar.xz new file mode 100644 index 0000000..236e0a0 --- /dev/null +++ b/bind-9.16.15.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:98b6f432d878a7bf8f57eb7b3c28be27278cf6b9989154bfe6c81104b38e7839 +size 5025688 diff --git a/bind-9.16.15.tar.xz.sha512.asc b/bind-9.16.15.tar.xz.sha512.asc new file mode 100644 index 0000000..c1eb1f1 --- /dev/null +++ b/bind-9.16.15.tar.xz.sha512.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEJFV3TUL9/mucOD64/hACvFlwgR8FAmB+oqoACgkQ/hACvFlw +gR85vRAAvIAItbIcVnNlYRSN5Pmgmcu7XsJF9lTP5m0DM++zF2puStoMfDm4t6tY +k+iV1SwgoNjAOhGpdnhczjNIhct0xImHaqpITcVjRwzNkoAStIkCr+g974EZcYEY +Q0mFowpefARhTUo3IbdkvN87lS+/yYNb7D3rHpluef4fexc29dbLnN8hvkkdiYEV +RAcJaXGjpjoqsxgiVbrhrQk2NA3Y5zKgyJsqMHF9bhSvX8y6cpi1y48W3+S6b31h +9Tx8f9DfoOWPl28rrL93iQTWc+SCK+BPUhP8kaIbEfJjX/CMWKAPjRxk8NPfkqs6 +IgwWsm15sNO2kXc8f2Tg976w1rElaDaWkjPLvQbD8/Yk8sInYSz9sFCoAQ6A7irk +0eVxzFS9Os/cjlf4n+v3b9MsYQ2f40uEP61LZ5hfC5puqfYx4c6pyRFjGvZzX90B +rpx4F94v94M+1lKlBELHhcTOvsiN3RjTti+qnHel02iKPw3AMu22Y9gCQ5d/OxwQ +WJSsvYfFhMt4h9e6Ejx6nQ1lHkC5G/i2ipGJmDFHZwUkXhMvOcAZsc/+EQEUjAyE +oH4gb49xTwrlZFidqmcSh6az/v53UZ396MGNJvQISaCeM3caenn5FCAcEFYngEj1 +Vp96Qmt4qJRI7YpdL2phFgZAmnPOr6h+ej6esdY+nwLUwwqf+DU= +=GxCr +-----END PGP SIGNATURE----- diff --git a/bind.changes b/bind.changes index 053635f..66d0ba2 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Mon May 3 12:35:44 UTC 2021 - Josef Möllers + +- Upgrade to bind 9.16.15 + Major changes: + * A specially crafted GSS-TSIG query could cause a buffer + overflow in the ISC implementation of SPNEGO. + (CVE-2021-25216) + + * named crashed when a DNAME record placed in the ANSWER + section during DNAME chasing turned out to be the final + answer to a client query. (CVE-2021-25215) + + * Insufficient IXFR checks could result in named serving a + zone without an SOA record at the apex, leading to a + RUNTIME_CHECK assertion failure when the zone was + subsequently refreshed. This has been fixed by adding an + owner name check for all SOA records which are included + in a zone transfer. (CVE-2021-25214) + More changes see CHANGES in the source package. + + [bsc#1185345,CVE-2021-25214,CVE-2021-25215,CVE-2021-25216] + ------------------------------------------------------------------- Thu Apr 8 09:23:22 UTC 2021 - Josef Möllers diff --git a/bind.spec b/bind.spec index 18b9cf1..8633a6b 100644 --- a/bind.spec +++ b/bind.spec @@ -44,7 +44,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.16.12 +Version: 9.16.15 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 @@ -246,7 +246,8 @@ mv vendor-files/config/rndc-access.conf %{buildroot}/%{_sysconfdir}/named.d %if %{with_systemd} for file in named; do install -D -m 0644 vendor-files/system/${file}.service %{buildroot}%{_unitdir}/${file}.service - install -m 0755 vendor-files/system/${file}.prep %{buildroot}/%{_libexecdir}/bind/${file}.prep + sed -e "s,@LIBEXECDIR@,%{_libexecdir},g" -i %{buildroot}%{_unitdir}/${file}.service + install -m 0755 vendor-files/system/${file}.prep %{buildroot}%{_libexecdir}/bind/${file}.prep ln -s /sbin/service %{buildroot}%{_sbindir}/rc${file} done install -D -m 0644 %{SOURCE70} %{buildroot}%{_prefix}/lib/tmpfiles.d/bind.conf diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2 index 3beecd8..ded36a3 100644 --- a/vendor-files.tar.bz2 +++ b/vendor-files.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:56de813052a7071d9ce7d93432c776c256dc2a4d4b750dfaa021d67b659f72a6 -size 19324 +oid sha256:4c916821240c2cb1af02b8ed0de7b4c216a756492a7c66094d174cf04376031e +size 19365