Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2023-09-22 21:47:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new.1770 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Fri Sep 22 21:47:10 2023 rev:202 rq:1112571 version:9.18.19 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2023-09-12 21:02:18.334939018 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new.1770/bind.changes 2023-09-22 21:47:58.870095490 +0200 @@ -1,0 +2,54 @@ +Tue Sep 19 13:28:53 UTC 2023 - Jorik Cronenberg <jorik.cronenb...@suse.com> + +- Update to release 9.18.19 + Security Fixes: + * Previously, sending a specially crafted message over the + control channel could cause the packet-parsing code to run out + of available stack memory, causing named to terminate + unexpectedly. This has been fixed. (CVE-2023-3341) + [bsc#1215472] + * A flaw in the networking code handling DNS-over-TLS queries + could cause named to terminate unexpectedly due to an assertion + failure under significant DNS-over-TLS query load. This has + been fixed. (CVE-2023-4236) + [bsc#1215471] + + Removed Features: + * The dnssec-must-be-secure option has been deprecated and will + be removed in a future release. + + Feature Changes: + * If the server command is specified, nsupdate now honors the + nsupdate -v option for SOA queries by sending both the UPDATE + request and the initial query over TCP. + + Bug Fixes: + * The value of the If-Modified-Since header in the statistics + channel was not being correctly validated for its length, + potentially allowing an authorized user to trigger a buffer + overflow. Ensuring the statistics channel is configured + correctly to grant access exclusively to authorized users is + essential (see the statistics-channels block definition and + usage section). + * The Content-Length header in the statistics channel was lacking + proper bounds checking. A negative or excessively large value + could potentially trigger an integer overflow and result in an + assertion failure. + * Several memory leaks caused by not clearing the OpenSSL error + stack were fixed. + * The introduction of krb5-subdomain-self-rhs and + ms-subdomain-self-rhs UPDATE policies accidentally caused named + to return SERVFAIL responses to deletion requests for + non-existent PTR and SRV records. This has been fixed. + * The stale-refresh-time feature was mistakenly disabled when the + server cache was flushed by rndc flush. This has been fixed. + * BINDâs memory consumption has been improved by implementing + dedicated jemalloc memory arenas for sending buffers. This + optimization ensures that memory usage is more efficient and + better manages the return of memory pages to the operating + system. + * Previously, partial writes in the TLS DNS code were not + accounted for correctly, which could have led to DNS message + corruption. This has been fixed. + +------------------------------------------------------------------- Old: ---- bind-9.18.18.tar.xz bind-9.18.18.tar.xz.asc New: ---- bind-9.18.19.tar.xz bind-9.18.19.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.H8Hmav/_old 2023-09-22 21:48:00.530155754 +0200 +++ /var/tmp/diff_new_pack.H8Hmav/_new 2023-09-22 21:48:00.530155754 +0200 @@ -56,7 +56,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.18.18 +Version: 9.18.19 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 ++++++ bind-9.18.18.tar.xz -> bind-9.18.19.tar.xz ++++++ ++++ 39794 lines of diff (skipped)