Update to 9.18.11 (#2164395)

Resolves: CVE-2022-3094 CVE-2022-3736 CVE-2022-3924

https://downloads.isc.org/isc/bind9/9.18.11/doc/arm/html/notes.html#notes-for-bind-9-18-11
This commit is contained in:
Petr Menšík 2023-01-27 17:25:00 +01:00
parent e1fa37e19c
commit 6db5408538
4 changed files with 20 additions and 15 deletions

2
.gitignore vendored
View File

@ -198,3 +198,5 @@ bind-9.7.2b1.tar.gz
/bind-9.18.9.tar.xz.asc /bind-9.18.9.tar.xz.asc
/bind-9.18.10.tar.xz /bind-9.18.10.tar.xz
/bind-9.18.10.tar.xz.asc /bind-9.18.10.tar.xz.asc
/bind-9.18.11.tar.xz
/bind-9.18.11.tar.xz.asc

View File

@ -1,4 +1,4 @@
From 3446425cf03f2b5a7cbf6af47bd167f72e4135aa Mon Sep 17 00:00:00 2001 From 196642ce544dbffcaa4f8651f2abbb3ff16af278 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:46:45 +0200 Date: Thu, 2 Aug 2018 23:46:45 +0200
Subject: [PATCH] FIPS tests changes Subject: [PATCH] FIPS tests changes
@ -534,10 +534,10 @@ index 4af25b0..9f202d5 100644
}; };
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 93939ff..3f78622 100644 index f8d0408..bef7174 100644
--- a/bin/tests/system/checkconf/good.conf --- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf +++ b/bin/tests/system/checkconf/good.conf
@@ -280,6 +280,6 @@ dyndb "name" "library.so" { @@ -281,6 +281,6 @@ dyndb "name" "library.so" {
system; system;
}; };
key "mykey" { key "mykey" {
@ -546,7 +546,7 @@ index 93939ff..3f78622 100644
secret "qwertyuiopasdfgh"; secret "qwertyuiopasdfgh";
}; };
diff --git a/bin/tests/system/cookie/ns1/named.conf.in b/bin/tests/system/cookie/ns1/named.conf.in diff --git a/bin/tests/system/cookie/ns1/named.conf.in b/bin/tests/system/cookie/ns1/named.conf.in
index 1304303..e9c28c6 100644 index 025f8d0..20ebca3 100644
--- a/bin/tests/system/cookie/ns1/named.conf.in --- a/bin/tests/system/cookie/ns1/named.conf.in
+++ b/bin/tests/system/cookie/ns1/named.conf.in +++ b/bin/tests/system/cookie/ns1/named.conf.in
@@ -18,7 +18,7 @@ key rndc_key { @@ -18,7 +18,7 @@ key rndc_key {
@ -652,10 +652,10 @@ index 706b7fc..2565ab4 100644
grep "test string" "$fnb" > /dev/null && grep "test string" "$fnb" > /dev/null &&
grep "test string" "$fnc" > /dev/null && grep "test string" "$fnc" > /dev/null &&
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
index 2b67360..a734584 100644 index b502ea7..461f256 100644
--- a/bin/tests/system/nsupdate/ns1/named.conf.in --- a/bin/tests/system/nsupdate/ns1/named.conf.in
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in +++ b/bin/tests/system/nsupdate/ns1/named.conf.in
@@ -39,7 +39,7 @@ controls { @@ -40,7 +40,7 @@ controls {
}; };
key altkey { key altkey {
@ -665,7 +665,7 @@ index 2b67360..a734584 100644
}; };
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
index c85eef5..428b6b1 100644 index 43137fe..be0b6b4 100644
--- a/bin/tests/system/nsupdate/ns2/named.conf.in --- a/bin/tests/system/nsupdate/ns2/named.conf.in
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in +++ b/bin/tests/system/nsupdate/ns2/named.conf.in
@@ -34,7 +34,7 @@ controls { @@ -34,7 +34,7 @@ controls {
@ -708,7 +708,7 @@ index 50056dc..a4a1a3f 100644
$TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key $TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key
$TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key $TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index d612a22..9f18e57 100755 index 9b80dd4..6671104 100755
--- a/bin/tests/system/nsupdate/tests.sh --- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh
@@ -841,7 +841,12 @@ fi @@ -841,7 +841,12 @@ fi
@ -969,7 +969,7 @@ index c2b57dd..ea744f8 100644
}; };
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
index a6de312..ebcadb1 100644 index 1d11bdf..456f9c5 100644
--- a/bin/tests/system/upforwd/tests.sh --- a/bin/tests/system/upforwd/tests.sh
+++ b/bin/tests/system/upforwd/tests.sh +++ b/bin/tests/system/upforwd/tests.sh
@@ -80,7 +80,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi @@ -80,7 +80,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
@ -977,10 +977,10 @@ index a6de312..ebcadb1 100644
echo_i "updating zone (signed) ($n)" echo_i "updating zone (signed) ($n)"
ret=0 ret=0
-$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1 -$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1
+$NSUPDATE -y hmac-sha256:update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1 +$NSUPDATE -y ${DEFAULT_HMAC}:update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1
local 10.53.0.1
server 10.53.0.3 ${PORT} server 10.53.0.3 ${PORT}
update add updated.example. 600 A 10.10.10.1 update add updated.example. 600 A 10.10.10.1
update add updated.example. 600 TXT Foo
-- --
2.39.0 2.39.0

View File

@ -62,8 +62,8 @@ Conflicts: %1 \
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind Name: bind
License: MPL-2.0 License: MPL-2.0
Version: 9.18.10 Version: 9.18.11
Release: 2%{?dist} Release: 1%{?dist}
Epoch: 32 Epoch: 32
Url: https://www.isc.org/downloads/bind/ Url: https://www.isc.org/downloads/bind/
# #
@ -951,6 +951,9 @@ fi;
%endif %endif
%changelog %changelog
* Fri Jan 27 2023 Petr Menšík <pemensik@redhat.com> - 32:9.18.11-1
- Update to 9.18.11 (#2164395)
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.18.10-2 * Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 32:9.18.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

View File

@ -1,2 +1,2 @@
SHA512 (bind-9.18.10.tar.xz) = 517b070e28cc3c3ab6bc47d353d00ea5d365c0f46859d80c4712df97da759de5176126efe7d53887a2f141d06e61adfe4c0036df8e79db1ca93b0818a1d65b5e SHA512 (bind-9.18.11.tar.xz) = 1f71560efca3b6886d71861c76d4a11d59c28f0ffed684f040a59dd9c14be594985a3f15e6d610a4d88a40a16a19e259977d4a254e146469323d15587b23f3ad
SHA512 (bind-9.18.10.tar.xz.asc) = 6d872807d0b0c87e0cec10a8f4d9cf6b6dacbf7a6c65250862e2ec3cf01a1366c7141aec36b82fe3f2320a60e9b551ebfe3d62e4ea3b60ad6e34179a1d019bbc SHA512 (bind-9.18.11.tar.xz.asc) = fb093a98c8a3f8eb12b03aee65bd88df9e17bed45810d963f7e74c00d470807b5dea73f9601c51a66b2f52e2b6fb16549c0733f3fe54d6c5a74c5c7dde63075f