webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 01:12:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

bind: Update to 9.16.37

Browse Source 
For details for 9.16.36 and 9.16.37 see:
https://downloads.isc.org/isc/bind9/9.16.37/doc/arm/html/notes.html#notes-for-bind-9-16-37

"Notes for BIND 9.16.37
Security Fixes

    An UPDATE message flood could cause named to exhaust all available
    memory. This flaw was addressed by adding a new update-quota option
    that controls the maximum number of outstanding DNS UPDATE messages
    that named can hold in a queue at any given time (default: 100).
    (CVE-2022-3094)

    ISC would like to thank Rob Schulhof from Infoblox for bringing this
    vulnerability to our attention. [GL #3523]

    named could crash with an assertion failure when an RRSIG query was
    received and stale-answer-client-timeout was set to a non-zero value.
    This has been fixed. (CVE-2022-3736)

    ISC would like to thank Borja Marcos from Sarenet (with assistance by
    Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to
    our attention. [GL #3622]

    named running as a resolver with the stale-answer-client-timeout option
    set to any value greater than 0 could crash with an assertion failure,
    when the recursive-clients soft quota was reached. This has been fixed.
    (CVE-2022-3924)

    ISC would like to thank Maksym Odinintsev from AWS for bringing this
    vulnerability to our attention. [GL #3619]

New Features

    The new update-quota option can be used to control the number of
    simultaneous DNS UPDATE messages that can be processed to update an
    authoritative zone on a primary server, or forwarded to the primary
    server by a secondary server. The default is 100. A new statistics
    counter has also been added to record events when this quota is
    exceeded, and the version numbers for the XML and JSON statistics
    schemas have been updated. [GL #3523]

Feature Changes

    The Differentiated Services Code Point (DSCP) feature in BIND has been
    deprecated. Configuring DSCP values in named.conf now causes a warning
    to be logged. Note that this feature has only been partly operational
    since the new Network Manager was introduced in BIND 9.16.0. [GL #3773]

    The catalog zone implementation has been optimized to work with
    hundreds of thousands of member zones. [GL #3744]

Bug Fixes

    In certain query resolution scenarios (e.g. when following CNAME
    records), named configured to answer from stale cache could return a
    SERVFAIL response despite a usable, non-stale answer being present in
    the cache. This has been fixed. [GL #3678]

...

Notes for BIND 9.16.36
Feature Changes

    The auto-dnssec option has been deprecated and will be removed in a
    future BIND 9.19.x release. Please migrate to dnssec-policy. [GL #3667]

Bug Fixes

    When a catalog zone was removed from the configuration, in some cases a
    dangling pointer could cause the named process to crash. This has been
    fixed. [GL #3683]

    When a zone was deleted from a server, a key management object related
    to that zone was inadvertently kept in memory and only released upon
    shutdown. This could lead to constantly increasing memory use on
    servers with a high rate of changes affecting the set of zones being
    served. This has been fixed. [GL #3727]

    In certain cases, named waited for the resolution of outstanding
    recursive queries to finish before shutting down. This was unintended
    and has been fixed. [GL #3183]

    The zone <name>/<class>: final reference detached log message was moved
    from the INFO log level to the DEBUG(1) log level to prevent the
    named-checkzone tool from superfluously logging this message in
    non-debug mode. [GL #3707]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
This commit is contained in:
Matthias Fischer
2023-01-26 20:40:27 +01:00
committed by Peter Müller
parent e9d952c1b1
commit 249819695d
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
config/rootfiles/common/bind
View File

@@ -271,24 +271,24 @@ usr/bin/nsupdate
#usr/include/pk11/site.h
#usr/include/pkcs11
#usr/include/pkcs11/pkcs11.h
usr/lib/libbind9-9.16.35.so
usr/lib/libbind9-9.16.37.so
#usr/lib/libbind9.la
#usr/lib/libbind9.so
usr/lib/libdns-9.16.35.so
usr/lib/libdns-9.16.37.so
#usr/lib/libdns.la
#usr/lib/libdns.so
usr/lib/libirs-9.16.35.so
usr/lib/libirs-9.16.37.so
#usr/lib/libirs.la
#usr/lib/libirs.so
usr/lib/libisc-9.16.35.so
usr/lib/libisc-9.16.37.so
#usr/lib/libisc.la
#usr/lib/libisc.so
usr/lib/libisccc-9.16.35.so
usr/lib/libisccc-9.16.37.so
#usr/lib/libisccc.la
#usr/lib/libisccc.so
usr/lib/libisccfg-9.16.35.so
usr/lib/libisccfg-9.16.37.so
#usr/lib/libisccfg.la
#usr/lib/libisccfg.so
usr/lib/libns-9.16.35.so
usr/lib/libns-9.16.37.so
#usr/lib/libns.la
#usr/lib/libns.so

6
lfs/bind
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -25,7 +25,7 @@
include Config
VER = 9.16.35
VER = 9.16.37
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = c3d23e939c882e9bebe2aa83d91ab40bfe8c4b9882890acdb0908d4bfe16f00a98b87ba9155da68e75936be5d057ec025efa80541bf86a08a5bb85e4b4bd10e2
$(DL_FILE)_BLAKE2 = 3b18f7c780ce04e296498e30c09628ad8eb89f38afdb032700455f193a3f8556029cd2e3d3c42861965d5fc776f56f761b8d21a74a0f95d82338e65fb519acfb
install : $(TARGET)