Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Pullup ticket #6726 - requested by taca
net/bind916: security fix
Revisions pulled up:
- net/bind916/Makefile 1.51-1.52
- net/bind916/builtin.mk 1.2
- net/bind916/distinfo 1.43-1.44
- net/bind916/patches/patch-lib_isc_siphash.c 1.4
- net/bind916/patches/patch-lib_ns_update.c 1.3
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Jan 9 06:48:53 UTC 2023
Modified Files:
pkgsrc/net/bind916: Makefile distinfo
Log Message:
net/bind916: update to 9.16.36
9.16.36 (2022-12-21)
Feature Changes
* The auto-dnssec option has been deprecated and will be removed in a future
BIND 9.19.x release. Please migrate to dnssec-policy. [GL #3667]
Bug Fixes
* When a catalog zone was removed from the configuration, in some cases a
dangling pointer could cause the named process to crash. This has been
fixed. [GL #3683]
* When a zone was deleted from a server, a key management object related to
that zone was inadvertently kept in memory and only released upon
shutdown. This could lead to constantly increasing memory use on servers
with a high rate of changes affecting the set of zones being served. This
has been fixed. [GL #3727]
* In certain cases, named waited for the resolution of outstanding recursive
queries to finish before shutting down. This was unintended and has been
fixed. [GL #3183]
* The zone <name>/<class>: final reference detached log message \
was moved
from the INFO log level to the DEBUG(1) log level to prevent the
named-checkzone tool from superfluously logging this message in non-debug
mode. [GL #3707]
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Jan 26 13:32:47 UTC 2023
Modified Files:
pkgsrc/net/bind916: Makefile builtin.mk distinfo
pkgsrc/net/bind916/patches: patch-lib_isc_siphash.c
patch-lib_ns_update.c
Log Message:
net/bind916: update to 9.16.37
--- 9.16.37 released ---
6067. [security] Fix serve-stale crash when recursive clients soft quota
is reached. (CVE-2022-3924) [GL #3619]
6066. [security] Handle RRSIG lookups when serve-stale is active.
(CVE-2022-3736) [GL #3622]
6064. [security] An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated. (CVE-2022-3094) [GL #3523]
6062. [func] The DSCP implementation, which has only been
partly operational since 9.16.0, is now marked as
deprecated. Configuring DSCP values in named.conf
will cause a warning will be logged. [GL #3773]
6060. [bug] Fix a use-after-free bug in dns_zonemgr_releasezone()
by detaching from the zone manager outside of the write
lock. [GL #3768]
6059. [bug] In some serve stale scenarios, like when following an
expired CNAME record, named could return SERVFAIL if the
previous request wasn't successful. Consider non-stale
data when in serve-stale mode. [GL #3678]
6058. [bug] Prevent named from crashing when "rndc delzone"
attempts to delete a zone added by a catalog zone.
[GL #3745]
6050. [bug] Changes to the RPZ response-policy min-update-interval
and add-soa options now take effect as expected when
named is reconfigured. [GL #3740]
6048. [bug] Fix a log message error in dns_catz_update_from_db(),
where serials with values of 2^31 or larger were logged
incorrectly as negative numbers. [GL #3742]
6045. [cleanup] The list of supported DNSSEC algorithms changed log
level from "warning" to "notice" to match named's other
startup messages. [GL !7217]
6044. [bug] There was an "RSASHA236" typo in a log message.
[GL !7206]