* [PATCH] bind: Update to 9.16.44
@ 2023-09-22 19:04 Matthias Fischer
2023-10-09 7:44 ` Adolf Belka
0 siblings, 1 reply; 2+ messages in thread
From: Matthias Fischer @ 2023-09-22 19:04 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3290 bytes --]
For details see:
https://downloads.isc.org/isc/bind9/9.16.44/doc/arm/html/notes.html#notes-for-bind-9-16-44
Changes since 9.16.40:
9.16.44:
"Previously, sending a specially crafted message
over the control channel could cause the packet-parsing
code to run out of available stack memory, causing named
to terminate unexpectedly. This has been fixed. (CVE-2023-3341)"
9.16.43:
"Processing already-queued queries received over TCP could cause
an assertion failure, when the server was reconfigured at the
same time or the cache was being flushed. This has been fixed."
9.16.42:
"The overmem cleaning process has been improved, to prevent the
cache from significantly exceeding the configured max-cache-size
limit. (CVE-2023-2828)
A query that prioritizes stale data over lookup triggers a fetch
to refresh the stale data in cache. If the fetch is aborted for
exceeding the recursion quota, it was possible for named to enter
an infinite callback loop and crash due to stack overflow. This
has been fixed. (CVE-2023-2911)
Previously, it was possible for a delegation from cache to be
returned to the client after the stale-answer-client-timeout
duration. This has been fixed."
9.16.41:
"When removing delegations from an opt-out range, empty-non-terminal
NSEC3 records generated by those delegations were not cleaned up.
This has been fixed."
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
config/rootfiles/common/bind | 14 +++++++-------
lfs/bind | 4 ++--
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
index eeeee6e94..ca3f17011 100644
--- a/config/rootfiles/common/bind
+++ b/config/rootfiles/common/bind
@@ -271,24 +271,24 @@ usr/bin/nsupdate
#usr/include/pk11/site.h
#usr/include/pkcs11
#usr/include/pkcs11/pkcs11.h
-usr/lib/libbind9-9.16.40.so
+usr/lib/libbind9-9.16.44.so
#usr/lib/libbind9.la
#usr/lib/libbind9.so
-usr/lib/libdns-9.16.40.so
+usr/lib/libdns-9.16.44.so
#usr/lib/libdns.la
#usr/lib/libdns.so
-usr/lib/libirs-9.16.40.so
+usr/lib/libirs-9.16.44.so
#usr/lib/libirs.la
#usr/lib/libirs.so
-usr/lib/libisc-9.16.40.so
+usr/lib/libisc-9.16.44.so
#usr/lib/libisc.la
#usr/lib/libisc.so
-usr/lib/libisccc-9.16.40.so
+usr/lib/libisccc-9.16.44.so
#usr/lib/libisccc.la
#usr/lib/libisccc.so
-usr/lib/libisccfg-9.16.40.so
+usr/lib/libisccfg-9.16.44.so
#usr/lib/libisccfg.la
#usr/lib/libisccfg.so
-usr/lib/libns-9.16.40.so
+usr/lib/libns-9.16.44.so
#usr/lib/libns.la
#usr/lib/libns.so
diff --git a/lfs/bind b/lfs/bind
index 850e3f93a..6779bb3d9 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
include Config
-VER = 9.16.40
+VER = 9.16.44
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1ebfec11cc6902480113b1edadcbdb2f819050d779aaa1556ef79491c580a28106d3eff186da89bdecec03025e4e672342602f54e6b0e6f9619a181a1399e070
+$(DL_FILE)_BLAKE2 = cdca8289639d900ab8162e4b0252a495fa0c579b9399326c7df42699346c2f0bca24762dad29de187f142c0896f4012c3f5f3785126d325e7d30ccb73f1530d8
install : $(TARGET)
--
2.34.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] bind: Update to 9.16.44
2023-09-22 19:04 [PATCH] bind: Update to 9.16.44 Matthias Fischer
@ 2023-10-09 7:44 ` Adolf Belka
0 siblings, 0 replies; 2+ messages in thread
From: Adolf Belka @ 2023-10-09 7:44 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3629 bytes --]
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
On 22/09/2023 21:04, Matthias Fischer wrote:
> For details see:
> https://downloads.isc.org/isc/bind9/9.16.44/doc/arm/html/notes.html#notes-for-bind-9-16-44
>
> Changes since 9.16.40:
>
> 9.16.44:
> "Previously, sending a specially crafted message
> over the control channel could cause the packet-parsing
> code to run out of available stack memory, causing named
> to terminate unexpectedly. This has been fixed. (CVE-2023-3341)"
>
> 9.16.43:
> "Processing already-queued queries received over TCP could cause
> an assertion failure, when the server was reconfigured at the
> same time or the cache was being flushed. This has been fixed."
>
> 9.16.42:
> "The overmem cleaning process has been improved, to prevent the
> cache from significantly exceeding the configured max-cache-size
> limit. (CVE-2023-2828)
>
> A query that prioritizes stale data over lookup triggers a fetch
> to refresh the stale data in cache. If the fetch is aborted for
> exceeding the recursion quota, it was possible for named to enter
> an infinite callback loop and crash due to stack overflow. This
> has been fixed. (CVE-2023-2911)
>
> Previously, it was possible for a delegation from cache to be
> returned to the client after the stale-answer-client-timeout
> duration. This has been fixed."
>
> 9.16.41:
> "When removing delegations from an opt-out range, empty-non-terminal
> NSEC3 records generated by those delegations were not cleaned up.
> This has been fixed."
>
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> config/rootfiles/common/bind | 14 +++++++-------
> lfs/bind | 4 ++--
> 2 files changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
> index eeeee6e94..ca3f17011 100644
> --- a/config/rootfiles/common/bind
> +++ b/config/rootfiles/common/bind
> @@ -271,24 +271,24 @@ usr/bin/nsupdate
> #usr/include/pk11/site.h
> #usr/include/pkcs11
> #usr/include/pkcs11/pkcs11.h
> -usr/lib/libbind9-9.16.40.so
> +usr/lib/libbind9-9.16.44.so
> #usr/lib/libbind9.la
> #usr/lib/libbind9.so
> -usr/lib/libdns-9.16.40.so
> +usr/lib/libdns-9.16.44.so
> #usr/lib/libdns.la
> #usr/lib/libdns.so
> -usr/lib/libirs-9.16.40.so
> +usr/lib/libirs-9.16.44.so
> #usr/lib/libirs.la
> #usr/lib/libirs.so
> -usr/lib/libisc-9.16.40.so
> +usr/lib/libisc-9.16.44.so
> #usr/lib/libisc.la
> #usr/lib/libisc.so
> -usr/lib/libisccc-9.16.40.so
> +usr/lib/libisccc-9.16.44.so
> #usr/lib/libisccc.la
> #usr/lib/libisccc.so
> -usr/lib/libisccfg-9.16.40.so
> +usr/lib/libisccfg-9.16.44.so
> #usr/lib/libisccfg.la
> #usr/lib/libisccfg.so
> -usr/lib/libns-9.16.40.so
> +usr/lib/libns-9.16.44.so
> #usr/lib/libns.la
> #usr/lib/libns.so
> diff --git a/lfs/bind b/lfs/bind
> index 850e3f93a..6779bb3d9 100644
> --- a/lfs/bind
> +++ b/lfs/bind
> @@ -25,7 +25,7 @@
>
> include Config
>
> -VER = 9.16.40
> +VER = 9.16.44
>
> THISAPP = bind-$(VER)
> DL_FILE = $(THISAPP).tar.xz
> @@ -43,7 +43,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 1ebfec11cc6902480113b1edadcbdb2f819050d779aaa1556ef79491c580a28106d3eff186da89bdecec03025e4e672342602f54e6b0e6f9619a181a1399e070
> +$(DL_FILE)_BLAKE2 = cdca8289639d900ab8162e4b0252a495fa0c579b9399326c7df42699346c2f0bca24762dad29de187f142c0896f4012c3f5f3785126d325e7d30ccb73f1530d8
>
> install : $(TARGET)
>
--
Sent from my laptop
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-10-09 7:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-22 19:04 [PATCH] bind: Update to 9.16.44 Matthias Fischer
2023-10-09 7:44 ` Adolf Belka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox