webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
72df13821d0ab4e35d68ffaa2c5b67e7dcdb817a
bpfire/lfs/bind
Matthias Fischer 249819695d bind: Update to 9.16.37 
For details for 9.16.36 and 9.16.37 see:
https://downloads.isc.org/isc/bind9/9.16.37/doc/arm/html/notes.html#notes-for-bind-9-16-37

"Notes for BIND 9.16.37
Security Fixes

    An UPDATE message flood could cause named to exhaust all available
    memory. This flaw was addressed by adding a new update-quota option
    that controls the maximum number of outstanding DNS UPDATE messages
    that named can hold in a queue at any given time (default: 100).
    (CVE-2022-3094)

    ISC would like to thank Rob Schulhof from Infoblox for bringing this
    vulnerability to our attention. [GL #3523]

    named could crash with an assertion failure when an RRSIG query was
    received and stale-answer-client-timeout was set to a non-zero value.
    This has been fixed. (CVE-2022-3736)

    ISC would like to thank Borja Marcos from Sarenet (with assistance by
    Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to
    our attention. [GL #3622]

    named running as a resolver with the stale-answer-client-timeout option
    set to any value greater than 0 could crash with an assertion failure,
    when the recursive-clients soft quota was reached. This has been fixed.
    (CVE-2022-3924)

    ISC would like to thank Maksym Odinintsev from AWS for bringing this
    vulnerability to our attention. [GL #3619]

New Features

    The new update-quota option can be used to control the number of
    simultaneous DNS UPDATE messages that can be processed to update an
    authoritative zone on a primary server, or forwarded to the primary
    server by a secondary server. The default is 100. A new statistics
    counter has also been added to record events when this quota is
    exceeded, and the version numbers for the XML and JSON statistics
    schemas have been updated. [GL #3523]

Feature Changes

    The Differentiated Services Code Point (DSCP) feature in BIND has been
    deprecated. Configuring DSCP values in named.conf now causes a warning
    to be logged. Note that this feature has only been partly operational
    since the new Network Manager was introduced in BIND 9.16.0. [GL #3773]

    The catalog zone implementation has been optimized to work with
    hundreds of thousands of member zones. [GL #3744]

Bug Fixes

    In certain query resolution scenarios (e.g. when following CNAME
    records), named configured to answer from stale cache could return a
    SERVFAIL response despite a usable, non-stale answer being present in
    the cache. This has been fixed. [GL #3678]

...

Notes for BIND 9.16.36
Feature Changes

    The auto-dnssec option has been deprecated and will be removed in a
    future BIND 9.19.x release. Please migrate to dnssec-policy. [GL #3667]

Bug Fixes

    When a catalog zone was removed from the configuration, in some cases a
    dangling pointer could cause the named process to crash. This has been
    fixed. [GL #3683]

    When a zone was deleted from a server, a key management object related
    to that zone was inadvertently kept in memory and only released upon
    shutdown. This could lead to constantly increasing memory use on
    servers with a high rate of changes affecting the set of zones being
    served. This has been fixed. [GL #3727]

    In certain cases, named waited for the resolution of outstanding
    recursive queries to finish before shutting down. This was unintended
    and has been fixed. [GL #3183]

    The zone <name>/<class>: final reference detached log message was moved
    from the INFO log level to the DEBUG(1) log level to prevent the
    named-checkzone tool from superfluously logging this message in
    non-debug mode. [GL #3707]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
2023-01-26 23:14:56 +00:00

113 lines
4.2 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 9.16.37
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
export CPPFLAGS = -DDIG_SIGCHASE
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 3b18f7c780ce04e296498e30c09628ad8eb89f38afdb032700455f193a3f8556029cd2e3d3c42861965d5fc776f56f761b8d21a74a0f95d82338e65fb519acfb
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
cd $(DIR_APP) && STD_CDEFINES="$(CPPFLAGS)" \
./configure \
--prefix=/usr \
--enable-threads \
--with-libtool \
--without-python \
--disable-linux-caps \
--disable-static
# Build required libraries
cd $(DIR_APP) && make -C lib/isc $(MAKETUNING)
cd $(DIR_APP) && make -C lib/isccc $(MAKETUNING)
cd $(DIR_APP) && make -C lib/dns $(MAKETUNING)
cd $(DIR_APP) && make -C lib/ns $(MAKETUNING)
cd $(DIR_APP) && make -C lib/isccfg $(MAKETUNING)
cd $(DIR_APP) && make -C lib/bind9 $(MAKETUNING)
cd $(DIR_APP) && make -C lib/irs $(MAKETUNING)
cd $(DIR_APP) && make -C bin/dig $(MAKETUNING)
cd $(DIR_APP) && make -C bin/nsupdate $(MAKETUNING)
# Install utility programs
cd $(DIR_APP) && make -C lib/isc install
cd $(DIR_APP) && make -C lib/isccc install
cd $(DIR_APP) && make -C lib/dns install
cd $(DIR_APP) && make -C lib/ns install
cd $(DIR_APP) && make -C lib/isccfg install
cd $(DIR_APP) && make -C lib/bind9 install
cd $(DIR_APP) && make -C lib/irs install
cd $(DIR_APP) && make -C bin/dig install
cd $(DIR_APP) && make -C bin/nsupdate install
install -v -m 644 $(DIR_SRC)/config/bind/trusted-key.key \
/etc/trusted-key.key
@rm -rf $(DIR_APP)
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink