Hello community, here is the log from the commit of package bind for openSUSE:Factory checked in at 2020-05-26 17:13:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/bind (Old) and /work/SRC/openSUSE:Factory/.bind.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "bind" Tue May 26 17:13:59 2020 rev:151 rq:807723 version:9.16.3 Changes: -------- --- /work/SRC/openSUSE:Factory/bind/bind.changes 2020-05-12 22:28:23.443375866 +0200 +++ /work/SRC/openSUSE:Factory/.bind.new.2738/bind.changes 2020-05-26 17:14:03.503291979 +0200 @@ -1,0 +2,20 @@ +Fri May 15 13:43:46 UTC 2020 - Josef Möllers <[email protected]> + +- Upgrade to version bind-9.16.3 + Fixing two security problems: + * Further limit the number of queries that can be triggered from + a request. Root and TLD servers are no longer exempt + from max-recursion-queries. Fetches for missing name server + address records are limited to 4 for any domain. (CVE-2020-8616) + * Replaying a TSIG BADTIME response as a request could trigger an + assertion failure. (CVE-2020-8617) + Also + * Add engine support to OpenSSL EdDSA implementation. + * Add engine support to OpenSSL ECDSA implementation. + * Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. + * Warn about AXFR streams with inconsistent message IDs. + * Make ISC rwlock implementation the default again. + For more see CHANGS file in source RPM. + [CVE-2020-8616, CVE-2020-8617, bsc#1171740, bind-9.16.3.tar.xz] + +------------------------------------------------------------------- Old: ---- bind-9.16.1.tar.xz bind-9.16.1.tar.xz.sha512.asc New: ---- bind-9.16.3.tar.xz bind-9.16.3.tar.xz.sha512.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ bind.spec ++++++ --- /var/tmp/diff_new_pack.C3rRY6/_old 2020-05-26 17:14:04.543294234 +0200 +++ /var/tmp/diff_new_pack.C3rRY6/_new 2020-05-26 17:14:04.547294243 +0200 @@ -20,17 +20,17 @@ # Note that the sonums are LIBINTERFACE - LIBAGE %define bind9_sonum 1600 %define libbind9 libbind9-%{bind9_sonum} -%define dns_sonum 1601 +%define dns_sonum 1603 %define libdns libdns%{dns_sonum} -%define irs_sonum 1600 +%define irs_sonum 1601 %define libirs libirs%{irs_sonum} -%define isc_sonum 1601 +%define isc_sonum 1603 %define libisc libisc%{isc_sonum} %define isccc_sonum 1600 %define libisccc libisccc%{isccc_sonum} %define isccfg_sonum 1600 %define libisccfg libisccfg%{isccfg_sonum} -%define libns_sonum 1601 +%define libns_sonum 1603 %define VENDOR SUSE %if 0%{?suse_version} >= 1500 @@ -60,7 +60,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: bind -Version: 9.16.1 +Version: 9.16.3 Release: 0 Summary: Domain Name System (DNS) Server (named) License: MPL-2.0 ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.C3rRY6/_old 2020-05-26 17:14:04.587294329 +0200 +++ /var/tmp/diff_new_pack.C3rRY6/_new 2020-05-26 17:14:04.587294329 +0200 @@ -1,7 +1,7 @@ libbind9-1600 -libdns1601 -libirs1600 -libisc1601 +libdns1603 +libirs1601 +libisc1603 obsoletes "bind-libs-<targettype> = <version>" provides "bind-libs-<targettype> = <version>" libisccc1600 @@ -9,8 +9,8 @@ bind-devel requires -bind-<targettype> requires "libbind9-1600-<targettype> = <version>" - requires "libdns1601-<targettype> = <version>" - requires "libirs1600-<targettype> = <version>" - requires "libisc1601-<targettype> = <version>" + requires "libdns1603-<targettype> = <version>" + requires "libirs1601-<targettype> = <version>" + requires "libisc1603-<targettype> = <version>" requires "libisccc1600-<targettype> = <version>" requires "libisccfg1600-<targettype> = <version>" ++++++ bind-9.16.1.tar.xz -> bind-9.16.3.tar.xz ++++++ ++++ 22774 lines of diff (skipped)
