Accepting request 807719 from home:jmoellers:branches:network

OBS-URL: https://build.opensuse.org/request/show/807719
OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=279

baselibs.conf

@@ -1,7 +1,7 @@
 libbind9-1600
-libdns1601
-libirs1600
-libisc1601
+libdns1603
+libirs1601
+libisc1603
 	obsoletes "bind-libs-<targettype> = <version>"
 	provides "bind-libs-<targettype> = <version>"
 libisccc1600
@@ -9,8 +9,8 @@ libisccfg1600
 bind-devel
 	requires -bind-<targettype>
 	requires "libbind9-1600-<targettype> = <version>"
-	requires "libdns1601-<targettype> = <version>"
-	requires "libirs1600-<targettype> = <version>"
-	requires "libisc1601-<targettype> = <version>"
+	requires "libdns1603-<targettype> = <version>"
+	requires "libirs1601-<targettype> = <version>"
+	requires "libisc1603-<targettype> = <version>"
 	requires "libisccc1600-<targettype> = <version>"
 	requires "libisccfg1600-<targettype> = <version>"

bind-9.16.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a913d7e78135b9123d233215b58102fa0f18130fb1e158465a1c2b6f3bd75e91
-size 4541768

bind-9.16.1.tar.xz.sha512.asc

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - https://gpgtools.org
-
-iQIzBAABCgAdFiEEFWiQaF6g32oTce8gF8xdsfAIhAcFAl5rbyAACgkQF8xdsfAI
-hAdEOg/+Kg1jrzoAZRJVARYYV2crDGqe1bVhO3hQDu60m+irokA2lgPSIDNBO6y0
-hhJqQ9ApX43bjqYAfBC86JQnbkCPhadOJ3YZTaKJTJD7ID023IPo+r/U5FBkgP2V
-e0feFcR6+vjqpj0GXquMSepby464+07AMdX6AwtP/psQabnU5WAe2PxNSC0T7RMu
-lvnqPHrGEBS0sjTsZOQdata9es/kKAweS+5m+qj97gvWVXPqevyoQgUT1JCBa/Xg
-hxSpeDx5ZHSPDpg8IIfpfcGYKzSivE71tMUXR0syIZCW2phLnWDF2RA5muAlWYvZ
-geZBP7Upu12oXaYvZnFslOvfauHOyBgnhVe7L/gkfC3MV1tMkqxfzBu2rxQFr8Sz
-DI/582oLzGu0zSoBi613/dTcH9+plkjs+GcRQbQ1uKQzKu0lSa4h2Kfz0GKJY3Ls
-xOxgE/sM9Xh7JtMWrhg24i74AbtrZIfwMNqr0EC4SZy1uwvygqESu99OOw+A805A
-nwsgJR0q1dCYJkIUXg8BI+elvsLpmgZHuTRQlCxTfI/p7QKpjNgCAVwxCY9udULL
-yqm1v9oT/ExMBzlC+e+xz+p4zQ+xbQ2i9RH4fhzqjl3+XB1CQfKlOWkc6DXbionp
-YkAipYwDW/YRblAhhKvQykrrcheeoINB5LQ6fo2RAOWsKozTOtU=
-=qsqC
------END PGP SIGNATURE-----

bind-9.16.3.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:27ac6513de5f8d0db34b9f241da53baa15a14b2ad21338d0cde0826eaf564f7e
+size 4573044

bind-9.16.3.tar.xz.sha512.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEElc7aJWscoKFfMC+1lSGn7V2s6RgFAl61B08ACgkQlSGn7V2s
+6RhTuRAAls+mHx7QLKqb9cdDVssaXD5agWhLCgNoeC199W2fUzbvQv7c33mSx5BW
+fdX0M//ngLfkvPe7IP0ggqrcnX2GB/i6VIGWl/yKJyxxyfgCyY2k9u094/S9NcaO
+//e7hPRE8x9DcVBZTW8LmMMagULhtALeJlqUCeSq7554vMZgzn0wCx7EJnQC82oH
+UD60Qq7TAIr5Uqziqc0Hu7yas1HEzrYBOGjsACFE1z1VJXXELyuZgq80yNj3GyRM
+W6sy+OS1VobMXt/PQ6qbvQWf+62HppJ2rijpEcKKNEmHtrncvCjsPvuRjbYc1C+O
+VULijbTBjxvFdvjYGNNKsShiI/OzBzHxyyZdkhhZqfzAwfuGNLIhXywVxhyo20Li
+XhG2Sz7E7RIkyPqzxLQtiAoe0pGUDm+oC7rx5htZLSbQDZK/6xuxG0+wNuEHaJPS
+LGYi3nLZ9U4wlXYZaEiIO2h0MlymN2XPf33sHxZYwSIhtUTGATAWKzodyQ72s1Fv
+kB00w1AHdKyegxZ/ygwiIQeC4fFUwTRMG1HJ+gkmXNpRfMlkXMJdUuQHcdN19p1+
+/h0N0r1B5hu7sTwQTjPm0dh5kYeOts5WBd2CRterIajaLL3TYQ0QuKJ7/GKVJBWm
+ynp9eVT/XYjnHVv9bs64Q50hO0c8wignw1Q7WzmXuhhb9J6AsB4=
+=Trz0
+-----END PGP SIGNATURE-----

bind.changes

@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Fri May 15 13:43:46 UTC 2020 - Josef Möllers <josef.moellers@suse.com>
+
+- Upgrade to version bind-9.16.3
+  Fixing two security problems:
+  * Further limit the number of queries that can be triggered from
+    a request.  Root and TLD servers are no longer exempt
+    from max-recursion-queries.  Fetches for missing name server
+    address records are limited to 4 for any domain. (CVE-2020-8616)
+  * Replaying a TSIG BADTIME response as a request could trigger an
+    assertion failure. (CVE-2020-8617)
+  Also
+  * Add engine support to OpenSSL EdDSA implementation.
+  * Add engine support to OpenSSL ECDSA implementation.
+  * Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.
+  * Warn about AXFR streams with inconsistent message IDs.
+  * Make ISC rwlock implementation the default again.
+  For more see CHANGS file in source RPM.
+  [CVE-2020-8616, CVE-2020-8617, bsc#1171740, bind-9.16.3.tar.xz]
+
 -------------------------------------------------------------------
 Fri May  8 12:07:50 UTC 2020 - Josef Möllers <josef.moellers@suse.com>
 

bind.spec

@@ -20,17 +20,17 @@
 # Note that the sonums are LIBINTERFACE - LIBAGE
 %define bind9_sonum 1600
 %define libbind9 libbind9-%{bind9_sonum}
-%define dns_sonum 1601
+%define dns_sonum 1603
 %define libdns libdns%{dns_sonum}
-%define irs_sonum 1600
+%define irs_sonum 1601
 %define libirs libirs%{irs_sonum}
-%define isc_sonum 1601
+%define isc_sonum 1603
 %define libisc libisc%{isc_sonum}
 %define isccc_sonum 1600
 %define libisccc libisccc%{isccc_sonum}
 %define isccfg_sonum 1600
 %define libisccfg libisccfg%{isccfg_sonum}
-%define libns_sonum 1601
+%define libns_sonum 1603
 
 %define	VENDOR SUSE
 %if 0%{?suse_version} >= 1500
@@ -60,7 +60,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           bind
-Version:        9.16.1
+Version:        9.16.3
 Release:        0
 Summary:        Domain Name System (DNS) Server (named)
 License:        MPL-2.0