diff --git a/baselibs.conf b/baselibs.conf index fc1c5c4..6bbde73 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,7 +1,7 @@ libbind9-1600 -libdns1601 -libirs1600 -libisc1601 +libdns1603 +libirs1601 +libisc1603 obsoletes "bind-libs- = " provides "bind-libs- = " libisccc1600 @@ -9,8 +9,8 @@ libisccfg1600 bind-devel requires -bind- requires "libbind9-1600- = " - requires "libdns1601- = " - requires "libirs1600- = " - requires "libisc1601- = " + requires "libdns1603- = " + requires "libirs1601- = " + requires "libisc1603- = " requires "libisccc1600- = " requires "libisccfg1600- = " diff --git a/bind-9.16.1.tar.xz b/bind-9.16.1.tar.xz deleted file mode 100644 index ff0128a..0000000 --- a/bind-9.16.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a913d7e78135b9123d233215b58102fa0f18130fb1e158465a1c2b6f3bd75e91 -size 4541768 diff --git a/bind-9.16.1.tar.xz.sha512.asc b/bind-9.16.1.tar.xz.sha512.asc deleted file mode 100644 index be4bd3e..0000000 --- a/bind-9.16.1.tar.xz.sha512.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Comment: GPGTools - https://gpgtools.org - -iQIzBAABCgAdFiEEFWiQaF6g32oTce8gF8xdsfAIhAcFAl5rbyAACgkQF8xdsfAI -hAdEOg/+Kg1jrzoAZRJVARYYV2crDGqe1bVhO3hQDu60m+irokA2lgPSIDNBO6y0 -hhJqQ9ApX43bjqYAfBC86JQnbkCPhadOJ3YZTaKJTJD7ID023IPo+r/U5FBkgP2V -e0feFcR6+vjqpj0GXquMSepby464+07AMdX6AwtP/psQabnU5WAe2PxNSC0T7RMu -lvnqPHrGEBS0sjTsZOQdata9es/kKAweS+5m+qj97gvWVXPqevyoQgUT1JCBa/Xg -hxSpeDx5ZHSPDpg8IIfpfcGYKzSivE71tMUXR0syIZCW2phLnWDF2RA5muAlWYvZ -geZBP7Upu12oXaYvZnFslOvfauHOyBgnhVe7L/gkfC3MV1tMkqxfzBu2rxQFr8Sz -DI/582oLzGu0zSoBi613/dTcH9+plkjs+GcRQbQ1uKQzKu0lSa4h2Kfz0GKJY3Ls -xOxgE/sM9Xh7JtMWrhg24i74AbtrZIfwMNqr0EC4SZy1uwvygqESu99OOw+A805A -nwsgJR0q1dCYJkIUXg8BI+elvsLpmgZHuTRQlCxTfI/p7QKpjNgCAVwxCY9udULL -yqm1v9oT/ExMBzlC+e+xz+p4zQ+xbQ2i9RH4fhzqjl3+XB1CQfKlOWkc6DXbionp -YkAipYwDW/YRblAhhKvQykrrcheeoINB5LQ6fo2RAOWsKozTOtU= -=qsqC ------END PGP SIGNATURE----- diff --git a/bind-9.16.3.tar.xz b/bind-9.16.3.tar.xz new file mode 100644 index 0000000..b88f203 --- /dev/null +++ b/bind-9.16.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:27ac6513de5f8d0db34b9f241da53baa15a14b2ad21338d0cde0826eaf564f7e +size 4573044 diff --git a/bind-9.16.3.tar.xz.sha512.asc b/bind-9.16.3.tar.xz.sha512.asc new file mode 100644 index 0000000..c40ba02 --- /dev/null +++ b/bind-9.16.3.tar.xz.sha512.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEElc7aJWscoKFfMC+1lSGn7V2s6RgFAl61B08ACgkQlSGn7V2s +6RhTuRAAls+mHx7QLKqb9cdDVssaXD5agWhLCgNoeC199W2fUzbvQv7c33mSx5BW +fdX0M//ngLfkvPe7IP0ggqrcnX2GB/i6VIGWl/yKJyxxyfgCyY2k9u094/S9NcaO +//e7hPRE8x9DcVBZTW8LmMMagULhtALeJlqUCeSq7554vMZgzn0wCx7EJnQC82oH +UD60Qq7TAIr5Uqziqc0Hu7yas1HEzrYBOGjsACFE1z1VJXXELyuZgq80yNj3GyRM +W6sy+OS1VobMXt/PQ6qbvQWf+62HppJ2rijpEcKKNEmHtrncvCjsPvuRjbYc1C+O +VULijbTBjxvFdvjYGNNKsShiI/OzBzHxyyZdkhhZqfzAwfuGNLIhXywVxhyo20Li +XhG2Sz7E7RIkyPqzxLQtiAoe0pGUDm+oC7rx5htZLSbQDZK/6xuxG0+wNuEHaJPS +LGYi3nLZ9U4wlXYZaEiIO2h0MlymN2XPf33sHxZYwSIhtUTGATAWKzodyQ72s1Fv +kB00w1AHdKyegxZ/ygwiIQeC4fFUwTRMG1HJ+gkmXNpRfMlkXMJdUuQHcdN19p1+ +/h0N0r1B5hu7sTwQTjPm0dh5kYeOts5WBd2CRterIajaLL3TYQ0QuKJ7/GKVJBWm +ynp9eVT/XYjnHVv9bs64Q50hO0c8wignw1Q7WzmXuhhb9J6AsB4= +=Trz0 +-----END PGP SIGNATURE----- diff --git a/bind.changes b/bind.changes index 2f56770..bc81e4a 100644 --- a/bind.changes +++ b/bind.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Fri May 15 13:43:46 UTC 2020 - Josef Möllers + +- Upgrade to version bind-9.16.3 + Fixing two security problems: + * Further limit the number of queries that can be triggered from + a request. Root and TLD servers are no longer exempt + from max-recursion-queries. Fetches for missing name server + address records are limited to 4 for any domain. (CVE-2020-8616) + * Replaying a TSIG BADTIME response as a request could trigger an + assertion failure. (CVE-2020-8617) + Also + * Add engine support to OpenSSL EdDSA implementation. + * Add engine support to OpenSSL ECDSA implementation. + * Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. + * Warn about AXFR streams with inconsistent message IDs. + * Make ISC rwlock implementation the default again. + For more see CHANGS file in source RPM. + [CVE-2020-8616, CVE-2020-8617, bsc#1171740, bind-9.16.3.tar.xz] + ------------------------------------------------------------------- Fri May 8 12:07:50 UTC 2020 - Josef Möllers diff --git a/bind.spec b/bind.spec index 64e3bb9..764f776 100644 --- a/bind.spec +++ b/bind.spec @@ -20,17 +20,17 @@ # Note that the sonums are LIBINTERFACE - LIBAGE %define bind9_sonum 1600 %define libbind9 libbind9-%{bind9_sonum} -%define dns_sonum 1601 +%define dns_sonum 1603 %define libdns libdns%{dns_sonum} -%define irs_sonum 1600 +%define irs_sonum 1601 %define libirs libirs%{irs_sonum} -%define isc_sonum 1601 +%define isc_sonum 1603 %define libisc libisc%{isc_sonum} %define isccc_sonum 1600 %define libisccc libisccc%{isccc_sonum} %define isccfg_sonum 1600 %define libisccfg libisccfg%{isccfg_sonum} -%define libns_sonum 1601 +%define libns_sonum 1603 %define VENDOR SUSE %if 0%{?suse_version} >= 1500 @@ -60,7 +60,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.16.1 +Version: 9.16.3 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0