From 9a758fbe13505b055f10f85c34c37609d30ad7e0 Mon Sep 17 00:00:00 2001
From: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
Date: Sat, 28 Mar 2026 18:25:58 +0000
Subject: [PATCH 1/2] Upgrade bind to 9.20.21 for CVE-2026-3591, CVE-2026-3119,
 CVE-2026-3104, CVE-2026-1519

---
 SPECS/bind/bind.signatures.json | 2 +-
 SPECS/bind/bind.spec            | 5 ++++-
 cgmanifest.json                 | 4 ++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/SPECS/bind/bind.signatures.json b/SPECS/bind/bind.signatures.json
index d5caa38c41d..ea68aefcbd5 100644
--- a/SPECS/bind/bind.signatures.json
+++ b/SPECS/bind/bind.signatures.json
@@ -14,6 +14,6 @@
     "named.rwtab": "6a4c84b6709211d09f2d71491d4c66d1d4c0115a9db247a5ed2a9db10e575735",
     "named.sysconfig": "8f8eff846667b7811358e289e9fe594de17d0e47f2b8cebf7840ad8db7f34816",
     "setup-named-chroot.sh": "786fbc88c7929fadf217cf2286f2eb03b6fba14843e5da40ad43c0022dd71c3a",
-    "bind-9.20.18.tar.xz": "dfc546c990ac4515529cd45c4dd995862b18ae8a2d0cb29208e8896a5d325331"
+    "bind-9.20.21.tar.xz": "15e1b5a227d2890f7c4e823a6ea018de70ee2f3a0e859cbff3d82aad8590de03"
   }
 }
diff --git a/SPECS/bind/bind.spec b/SPECS/bind/bind.spec
index b140f5a3221..8df2c589867 100644
--- a/SPECS/bind/bind.spec
+++ b/SPECS/bind/bind.spec
@@ -9,7 +9,7 @@
 
 Summary:        Domain Name System software
 Name:           bind
-Version:        9.20.18
+Version:        9.20.21
 Release:        1%{?dist}
 License:        ISC
 Vendor:         Microsoft Corporation
@@ -536,6 +536,9 @@ fi;
 %{_mandir}/man1/named-nzd2nzf.1*
 
 %changelog
+* Sat Mar 28 2026 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 9.20.21-1
+- Auto-upgrade to 9.20.21 - for CVE-2026-3591, CVE-2026-3119, CVE-2026-3104, CVE-2026-1519
+
 * Wed Jan 21 2026 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 9.20.18-1
 - Auto-upgrade to 9.20.18 - for CVE-2025-13878
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 3749fcf0064..96d39fab327 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1107,8 +1107,8 @@
         "type": "other",
         "other": {
           "name": "bind",
-          "version": "9.20.18",
-          "downloadUrl": "https://ftp.isc.org/isc/bind9/9.20.18/bind-9.20.18.tar.xz"
+          "version": "9.20.21",
+          "downloadUrl": "https://ftp.isc.org/isc/bind9/9.20.21/bind-9.20.21.tar.xz"
         }
       }
     },

From 6a693d2d8412a12277f974b21cc874e075ed9d63 Mon Sep 17 00:00:00 2001
From: Kanishk Bansal <kanbansal@microsoft.com>
Date: Sat, 28 Mar 2026 18:50:52 +0000
Subject: [PATCH 2/2] Adjust Patches

Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
---
 ...maybe-uninitialized-warning-in-dlz_mysqldyn_mod.patch | 9 +++++----
 SPECS/bind/nongit-fix.patch                              | 9 +++++----
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/SPECS/bind/fix-maybe-uninitialized-warning-in-dlz_mysqldyn_mod.patch b/SPECS/bind/fix-maybe-uninitialized-warning-in-dlz_mysqldyn_mod.patch
index 9054348416c..03d3e8ec683 100644
--- a/SPECS/bind/fix-maybe-uninitialized-warning-in-dlz_mysqldyn_mod.patch
+++ b/SPECS/bind/fix-maybe-uninitialized-warning-in-dlz_mysqldyn_mod.patch
@@ -1,8 +1,9 @@
-From daa392c65a4a578985fb3188ee81b1e80ee1791c Mon Sep 17 00:00:00 2001
-From: Tobias Brick <tobiasb@microsoft.com>
-Date: Mon, 24 Feb 2025 18:17:20 +0000
+From f396312a54ea526e9aded068980b3ea4c861893a Mon Sep 17 00:00:00 2001
+From: Kanishk Bansal <kanbansal@microsoft.com>
+Date: Sat, 28 Mar 2026 18:49:42 +0000
 Subject: [PATCH] fix maybe-uninitialized warning in dlz_mysqldyn_mod.c
 
+Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
 ---
  build/contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)
@@ -30,5 +31,5 @@ index bdd0bcc..4488b94 100644
  	if (querystr == NULL) {
  		goto fail;
 -- 
-2.45.3
+2.45.4
 
diff --git a/SPECS/bind/nongit-fix.patch b/SPECS/bind/nongit-fix.patch
index 02c68306214..a8184e8e30d 100644
--- a/SPECS/bind/nongit-fix.patch
+++ b/SPECS/bind/nongit-fix.patch
@@ -1,18 +1,19 @@
-From 440bfb303f5c0f5824dc744bb6cf41bc87899609 Mon Sep 17 00:00:00 2001
+From f4d5596e9d6dda29c7de19d0463240ac761764ef Mon Sep 17 00:00:00 2001
 From: Kanishk Bansal <kanbansal@microsoft.com>
-Date: Wed, 21 Jan 2026 21:40:19 +0000
+Date: Sat, 28 Mar 2026 18:44:03 +0000
 Subject: [PATCH] nongit-fix.patch
 
+Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
 ---
  configure.ac | 6 ++++--
  1 file changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 057ae04..35102b8 100644
+index c09513f..d354724 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -19,7 +19,7 @@ m4_define([bind_VERSION_MINOR], 20)dnl
- m4_define([bind_VERSION_PATCH], 18)dnl
+ m4_define([bind_VERSION_PATCH], 21)dnl
  m4_define([bind_VERSION_EXTRA], )dnl
  m4_define([bind_DESCRIPTION], [(Stable Release)])dnl
 -m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl