Updating link to change in openSUSE:Factory/bind revision 191

OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=8573380be7e7f2887d06bd1ddddfccf9

bind-9.18.10.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f415a92feb62568b50854a063cb231e257351f8672186d0ab031a49b3de2cac6
-size 5261572

bind-9.18.10.tar.xz.sha512.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - https://gpgtools.org
-
-iQIzBAABCgAdFiEEqtu6UHTxQC97adVrxbTukxqfnf0FAmObPesACgkQxbTukxqf
-nf1gbhAAk+vJ/TxU53Y+255n8EZ+397ob3zS3benKHGCD30JkmY8hhfCIwn5eXrZ
-7xUG71JP7VThltJ9h8Qbw5x/bKrThXtCXHYg8/5Ok7HL4QyvjJ3CQ7DMDAMHVHfc
-vO8iYCGJ9izcgvtNiPs0fkUUQzMbVBsD/OH9iyyF/vGbt/02IRNYTLekFnM/H1jc
-kU4m4kKw1xlA3cQMq3jxVxhyb9flHUujuUPOp7sp4D1wx+jiWQaD9vBWed5nTwgl
-k/Z4h1tRJhewjaU+KbTTRgpT3b061//M7nhF4b9WNBRhGLJGKO2Ibd6e6HOTxxHu
-0ELue1enBvqM7Wc1OqAgcfvKhRZLCEyPyX1SqxRw33no1uFw4pwsf5HrJMy02ZDB
-OgeJZsEUy7g+MC27xFbzzReDU4Osk0nxxg57QVUn2dS/E2mtKi3BTXZlJQvG3VSX
-oTM2/SOotgYTVjH+GBIYpV5V0lPHEh+DoSkefYIuG1MfJLRPbP1JDrrmBxF1N3Bk
-3utgIuYUBdIU3heB21ZnVHRwPDAOMyqIaylfxwWUuWs9tl/Y5vbZeJBZl7Y/tXlS
-BuxMi2zUNZNAd8cYTSxja8Cw5I3NF29dfQ2F2NU8VR8Dmp2Sw6UqxaQr0Sr6Zc8K
-Y5/973OPjgDxRqYnMWQV2UT60ge0ortcnwaNIHeGUA5zLONLAyo=
-=g2rP
------END PGP SIGNATURE-----

bind-9.18.11.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158
+size 5284184

bind-9.18.11.tar.xz.sha512.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE4l6wzxzoBJ1H8dmmM+EOShg6jkYFAmPGp7oACgkQM+EOShg6
+jkYWUQ/9GE7nNzbwDSoV/fGf642TpY0cCV07rhxy4HEk7ke6Agzp4oSZco2crTG/
+xZCmEC9LWXGNM4BdA4KtCe/mKQhqUsxa2N5OJKCV0hoT6l07GXkta7yrWijIsNKK
+usLU4j4DECOxlCeiZbtw09qGBkz7cAXyll2Jo7uO/kcDUWbWYjm0IbmOc3vNlpBu
+PH57fauptJjIsOYqn46/gPXfIubR+mcDHfJBbo8lalWZcGwoLv438jD5mfNE0eIO
+e8tt3yB+OY1W/fxtpXnKpwDVUBrTcmpJULMqzFRzfsQLp6YgQVCdTCeicHWmuwrO
+rhX08W8eBgyzPFCBNtyQfjTrViv0tXg9jdbOpRWPdXu4zcLkMkBPf9B2CvvKtN/k
+1VcfG0VMeVFEpIV7GywzKEGuJeAldFmKfSyMRQZM+yc+SZqGOmE3YKKpIQQSVhoz
+MI7MvYrglRNUCuBWKnuzHvPb/PwSWfB9fq+l5WvBHMdeXHiZHfuDe53vhO3t7RaV
+flyb24vIhGA1UqQTdykn3xIhKzZVl6RuYS9sKzM/OtopLKRqUpYGc+KKxjAQY8OY
+NZapOd3MbKz1Yzz15qYDuhjOuOPTYZVA3dDHrNJKu9gkRQmI6rSWaOimxt8yP2Er
+rlYZSM++AZEeqAFpkohxyLXpwj1/3O00Hbkewj4kdb6zviMSdi4=
+=Hd/a
+-----END PGP SIGNATURE-----

bind.changes

@@ -1,3 +1,71 @@
+-------------------------------------------------------------------
+Tue Jan 24 13:39:10 UTC 2023 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to release 9.18.11
+  Security Fixes:
+  * An UPDATE message flood could cause named to exhaust all
+    available memory. This flaw was addressed by adding a new
+    update-quota option that controls the maximum number of
+    outstanding DNS UPDATE messages that named can hold in a queue
+    at any given time (default: 100). (CVE-2022-3094)
+  * named could crash with an assertion failure when an RRSIG query
+    was received and stale-answer-client-timeout was set to a
+    non-zero value. This has been fixed. (CVE-2022-3736)
+  * named running as a resolver with the
+    stale-answer-client-timeout option set to any value greater
+    than 0 could crash with an assertion failure, when the
+    recursive-clients soft quota was reached. This has been fixed.
+    (CVE-2022-3924)
+
+  New Features:
+  * The new update-quota option can be used to control the number
+    of simultaneous DNS UPDATE messages that can be processed to
+    update an authoritative zone on a primary server, or forwarded
+    to the primary server by a secondary server. The default is
+    100. A new statistics counter has also been added to record
+    events when this quota is exceeded, and the version numbers for
+    the XML and JSON statistics schemas have been updated.
+
+  Removed Features:
+  * The Differentiated Services Code Point (DSCP) feature in BIND
+    has been non-operational since the new Network Manager was
+    introduced in BIND 9.16. It is now marked as obsolete, and
+    vestigial code implementing it has been removed. Configuring
+    DSCP values in named.conf now causes a warning to be logged.
+
+  Feature Changes:
+  * The catalog zone implementation has been optimized to work with
+    hundreds of thousands of member zones.
+
+  Bug Fixes:
+  * A rare assertion failure was fixed in outgoing TCP DNS
+    connection handling.
+  * Large zone transfers over TLS (XoT) could fail. This has been
+    fixed.
+  * In addition to a previously fixed bug, another similar issue
+    was discovered where quotas could be erroneously reached for
+    servers, including any configured forwarders, resulting in
+    SERVFAIL answers being sent to clients. This has been fixed.
+  * In certain query resolution scenarios (e.g. when following
+    CNAME records), named configured to answer from stale cache
+    could return a SERVFAIL response despite a usable, non-stale
+    answer being present in the cache. This has been fixed.
+  * When an outgoing request timed out, named would retry up to
+    three times with the same server instead of trying the next
+    available name server. This has been fixed.
+  * Recently used ADB names and ADB entries (IP addresses) could
+    get cleaned when ADB was under memory pressure. To mitigate
+    this, only actual ADB names and ADB entries are now counted
+    (excluding internal memory structures used for “housekeeping”)
+    and recently used (<= 10 seconds) ADB names and entries are
+    excluded from the overmem memory cleaner.
+  * The “Prohibited” Extended DNS Error was inadvertently set in
+    some NOERROR responses. This has been fixed.
+  * Previously, TLS session resumption could have led to handshake
+    failures when client certificates were used for authentication
+    (Mutual TLS). This has been fixed.
+  [bsc#1207471, bsc#1207473, bsc#1207475]
+
 -------------------------------------------------------------------
 Wed Jan  4 16:42:37 UTC 2023 - Thiago Macieira <thiago@kde.org>
 

bind.spec

@@ -56,7 +56,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.18.10
+Version:        9.18.11
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0