Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2015-08-10 09:12:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2015-07-21 13:26:39.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new/bind.changes 2015-08-10 09:12:28.000000000 +0200 @@ -1,0 +2,35 @@ +Wed Jul 29 19:24:40 UTC 2015 - [email protected] + +- Update to version 9.10.2-P3 + Security Fixes + * A specially crafted query could trigger an assertion failure in message.c. + This flaw was discovered by Jonathan Foote, and is disclosed in + CVE-2015-5477. [RT #39795] + * On servers configured to perform DNSSEC validation, an assertion failure + could be triggered on answers from a specially configured server. + This flaw was discovered by Breno Silveira Soares, and is disclosed + in CVE-2015-4620. [RT #39795] + Bug Fixes + * Asynchronous zone loads were not handled correctly when the zone load was + already in progress; this could trigger a crash in zt.c. [RT #37573] + * Several bugs have been fixed in the RPZ implementation: + + Policy zones that did not specifically require recursion could be treated + as if they did; consequently, setting qname-wait-recurse no; was + sometimes ineffective. This has been corrected. In most configurations, + behavioral changes due to this fix will not be noticeable. [RT #39229] + + The server could crash if policy zones were updated (e.g. via + rndc reload or an incoming zone transfer) while RPZ processing + was still ongoing for an active query. [RT #39415] + + On servers with one or more policy zones configured as slaves, if a + policy zone updated during regular operation (rather than at startup) + using a full zone reload, such as via AXFR, a bug could allow the RPZ + summary data to fall out of sync, potentially leading to an assertion + failure in rpz.c when further incremental updates were made to the zone, + such as via IXFR. [RT #39567] + + The server could match a shorter prefix than what was + available in CLIENT-IP policy triggers, and so, an unexpected + action could be taken. This has been corrected. [RT #39481] + + The server could crash if a reload of an RPZ zone was initiated while + another reload of the same zone was already in progress. [RT #39649] + +------------------------------------------------------------------- Old: ---- bind-9.10.2-P2.tar.gz bind-9.10.2-P2.tar.gz.asc New: ---- bind-9.10.2-P3.tar.gz bind-9.10.2-P3.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.70nCz8/_old 2015-08-10 09:12:30.000000000 +0200 +++ /var/tmp/diff_new_pack.70nCz8/_new 2015-08-10 09:12:30.000000000 +0200 @@ -18,8 +18,8 @@ Name: bind %define pkg_name bind -%define pkg_vers 9.10.2-P2 -%define rpm_vers 9.10.2P2 +%define pkg_vers 9.10.2-P3 +%define rpm_vers 9.10.2P3 %define idn_vers 1.0 Summary: Domain Name System (DNS) Server (named) License: ISC ++++++ bind-9.10.2-P2.tar.gz -> bind-9.10.2-P3.tar.gz ++++++ /work/SRC/openSUSE:Factory/bind/bind-9.10.2-P2.tar.gz /work/SRC/openSUSE:Factory/.bind.new/bind-9.10.2-P3.tar.gz differ: char 5, line 1
