Hello community,
here is the log from the commit of package bind for openSUSE:Factory checked in
at 2020-08-31 17:14:50
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/bind (Old)
and /work/SRC/openSUSE:Factory/.bind.new.3399 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind"
Mon Aug 31 17:14:50 2020 rev:155 rq:830242 version:9.16.6
Changes:
--------
--- /work/SRC/openSUSE:Factory/bind/bind.changes 2020-08-20
22:24:33.995861713 +0200
+++ /work/SRC/openSUSE:Factory/.bind.new.3399/bind.changes 2020-08-31
17:14:55.717043468 +0200
@@ -1,0 +2,39 @@
+Fri Aug 28 09:38:11 UTC 2020 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Require /sbin/start_daemon: both init scripts, the one used in
+ systemd context as well as legacy sysv, make use of start_daemon.
+
+-------------------------------------------------------------------
+Tue Aug 18 12:13:49 UTC 2020 - Josef Möllers <josef.moell...@suse.com>
+
+- Upgrade to version 9.16.6
+ Fixes five vilnerabilities:
+ 5481. [security] "update-policy" rules of type "subdomain" were
+ incorrectly treated as "zonesub" rules, which allowed
+ keys used in "subdomain" rules to update names
outside
+ of the specified subdomains. The problem was fixed by
+ making sure "subdomain" rules are again processed as
+ described in the ARM. (CVE-2020-8624) [GL #2055]
+
+ 5480. [security] When BIND 9 was compiled with native PKCS#11
support, it
+ was possible to trigger an assertion failure in code
+ determining the number of bits in the PKCS#11 RSA
public
+ key with a specially crafted packet. (CVE-2020-8623)
+ [GL #2037]
+
+ 5479. [security] named could crash in certain query resolution
scenarios
+ where QNAME minimization and forwarding were both
+ enabled. (CVE-2020-8621) [GL #1997]
+
+ 5478. [security] It was possible to trigger an assertion failure by
+ sending a specially crafted large TCP DNS message.
+ (CVE-2020-8620) [GL #1996]
+
+ 5476. [security] It was possible to trigger an assertion failure when
+ verifying the response to a TSIG-signed request.
+ (CVE-2020-8622) [GL #2028]
+ For the less severe bugs fixed, see the CHANGES file.
+ [bsc#1175443, CVE-2020-8624, CVE-2020-8623, CVE-2020-8621,
+ CVE-2020-8620, CVE-2020-8622]
+
+-------------------------------------------------------------------
Old:
----
bind-9.16.5.tar.xz
bind-9.16.5.tar.xz.sha512.asc
New:
----
bind-9.16.6.tar.xz
bind-9.16.6.tar.xz.sha512.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ bind.spec ++++++
--- /var/tmp/diff_new_pack.XgNIjO/_old 2020-08-31 17:14:56.905044075 +0200
+++ /var/tmp/diff_new_pack.XgNIjO/_new 2020-08-31 17:14:56.909044078 +0200
@@ -24,7 +24,7 @@
%define libdns libdns%{dns_sonum}
%define irs_sonum 1601
%define libirs libirs%{irs_sonum}
-%define isc_sonum 1605
+%define isc_sonum 1606
%define libisc libisc%{isc_sonum}
%define isccc_sonum 1600
%define libisccc libisccc%{isccc_sonum}
@@ -60,7 +60,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: bind
-Version: 9.16.5
+Version: 9.16.6
Release: 0
Summary: Domain Name System (DNS) Server (named)
License: MPL-2.0
@@ -106,6 +106,8 @@
Provides: dns_daemon
Obsoletes: bind8 < %{version}
Obsoletes: bind9 < %{version}
+# named.init (systemd) and init/named both call start_daemon, so unconditional
require it
+Requires: /sbin/start_daemon
%if %{with_systemd}
BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-shadow
@@ -524,6 +526,7 @@
%{_datadir}/bind/ldapdump
%ghost %{_rundir}/named
%{_fillupdir}/sysconfig.named-named
+%attr(1775,root,named) %dir %{_var}/lib/named
%dir %{_var}/lib/named/master
%attr(-,named,named) %dir %{_var}/lib/named/dyn
%attr(-,named,named) %dir %{_var}/lib/named/slave
@@ -559,7 +562,6 @@
%if %{with_systemd}
%{_prefix}/lib/tmpfiles.d/bind-chrootenv.conf
%endif
-%attr(1775,root,named) %dir %{_var}/lib/named
%dir %{_var}/lib/named%{_sysconfdir}
%dir %{_var}/lib/named%{_sysconfdir}/named.d
%dir %{_var}/lib/named/dev
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.XgNIjO/_old 2020-08-31 17:14:56.961044104 +0200
+++ /var/tmp/diff_new_pack.XgNIjO/_new 2020-08-31 17:14:56.961044104 +0200
@@ -1,7 +1,7 @@
libbind9-1600
libdns1605
libirs1601
-libisc1605
+libisc1606
obsoletes "bind-libs-<targettype> = <version>"
provides "bind-libs-<targettype> = <version>"
libisccc1600
@@ -11,6 +11,6 @@
requires "libbind9-1600-<targettype> = <version>"
requires "libdns1605-<targettype> = <version>"
requires "libirs1601-<targettype> = <version>"
- requires "libisc1605-<targettype> = <version>"
+ requires "libisc1606-<targettype> = <version>"
requires "libisccc1600-<targettype> = <version>"
requires "libisccfg1600-<targettype> = <version>"
++++++ bind-9.16.5.tar.xz -> bind-9.16.6.tar.xz ++++++
++++ 7632 lines of diff (skipped)
