Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package bind for openSUSE:Factory checked in
at 2023-01-26 13:57:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bind (Old)
and /work/SRC/openSUSE:Factory/.bind.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind"
Thu Jan 26 13:57:06 2023 rev:191 rq:1060984 version:9.18.11
Changes:
--------
--- /work/SRC/openSUSE:Factory/bind/bind.changes 2023-01-06
17:05:34.160185965 +0100
+++ /work/SRC/openSUSE:Factory/.bind.new.32243/bind.changes 2023-01-26
13:57:59.796003630 +0100
@@ -1,0 +2,68 @@
+Tue Jan 24 13:39:10 UTC 2023 - Jorik Cronenberg <jorik.cronenb...@suse.com>
+
+- Update to release 9.18.11
+ Security Fixes:
+ * An UPDATE message flood could cause named to exhaust all
+ available memory. This flaw was addressed by adding a new
+ update-quota option that controls the maximum number of
+ outstanding DNS UPDATE messages that named can hold in a queue
+ at any given time (default: 100). (CVE-2022-3094)
+ * named could crash with an assertion failure when an RRSIG query
+ was received and stale-answer-client-timeout was set to a
+ non-zero value. This has been fixed. (CVE-2022-3736)
+ * named running as a resolver with the
+ stale-answer-client-timeout option set to any value greater
+ than 0 could crash with an assertion failure, when the
+ recursive-clients soft quota was reached. This has been fixed.
+ (CVE-2022-3924)
+
+ New Features:
+ * The new update-quota option can be used to control the number
+ of simultaneous DNS UPDATE messages that can be processed to
+ update an authoritative zone on a primary server, or forwarded
+ to the primary server by a secondary server. The default is
+ 100. A new statistics counter has also been added to record
+ events when this quota is exceeded, and the version numbers for
+ the XML and JSON statistics schemas have been updated.
+
+ Removed Features:
+ * The Differentiated Services Code Point (DSCP) feature in BIND
+ has been non-operational since the new Network Manager was
+ introduced in BIND 9.16. It is now marked as obsolete, and
+ vestigial code implementing it has been removed. Configuring
+ DSCP values in named.conf now causes a warning to be logged.
+
+ Feature Changes:
+ * The catalog zone implementation has been optimized to work with
+ hundreds of thousands of member zones.
+
+ Bug Fixes:
+ * A rare assertion failure was fixed in outgoing TCP DNS
+ connection handling.
+ * Large zone transfers over TLS (XoT) could fail. This has been
+ fixed.
+ * In addition to a previously fixed bug, another similar issue
+ was discovered where quotas could be erroneously reached for
+ servers, including any configured forwarders, resulting in
+ SERVFAIL answers being sent to clients. This has been fixed.
+ * In certain query resolution scenarios (e.g. when following
+ CNAME records), named configured to answer from stale cache
+ could return a SERVFAIL response despite a usable, non-stale
+ answer being present in the cache. This has been fixed.
+ * When an outgoing request timed out, named would retry up to
+ three times with the same server instead of trying the next
+ available name server. This has been fixed.
+ * Recently used ADB names and ADB entries (IP addresses) could
+ get cleaned when ADB was under memory pressure. To mitigate
+ this, only actual ADB names and ADB entries are now counted
+ (excluding internal memory structures used for âhousekeepingâ)
+ and recently used (<= 10 seconds) ADB names and entries are
+ excluded from the overmem memory cleaner.
+ * The âProhibitedâ Extended DNS Error was inadvertently set in
+ some NOERROR responses. This has been fixed.
+ * Previously, TLS session resumption could have led to handshake
+ failures when client certificates were used for authentication
+ (Mutual TLS). This has been fixed.
+ [bsc#1207471, bsc#1207473, bsc#1207475]
+
+-------------------------------------------------------------------
Old:
----
bind-9.18.10.tar.xz
bind-9.18.10.tar.xz.sha512.asc
New:
----
bind-9.18.11.tar.xz
bind-9.18.11.tar.xz.sha512.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ bind.spec ++++++
--- /var/tmp/diff_new_pack.Vo1r4A/_old 2023-01-26 13:58:00.680008398 +0100
+++ /var/tmp/diff_new_pack.Vo1r4A/_new 2023-01-26 13:58:00.700008505 +0100
@@ -56,7 +56,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: bind
-Version: 9.18.10
+Version: 9.18.11
Release: 0
Summary: Domain Name System (DNS) Server (named)
License: MPL-2.0
++++++ bind-9.18.10.tar.xz -> bind-9.18.11.tar.xz ++++++
++++ 18019 lines of diff (skipped)
