From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] bind: Update to 9.11.20 Date: Sat, 20 Jun 2020 17:55:51 +0100 Message-ID: In-Reply-To: <20200619171821.1184-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6487330935891696535==" List-Id: --===============6487330935891696535== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Michael Tremer > On 19 Jun 2020, at 18:18, Matthias Fischer = wrote: >=20 > For details see: > https://downloads.isc.org/isc/bind9/9.11.20/RELEASE-NOTES-bind-9.11.20.html >=20 > "Security Fixes >=20 > It was possible to trigger an INSIST failure when a zone with > an interior wildcard label was queried in a certain pattern. This > was disclosed in CVE-2020-8619. [GL #1111] [GL #1718] >=20 > New Features >=20 > dig and other tools can now print the Extended DNS Error (EDE) > option when it appears in a request or a response. [GL #1835] >=20 > Bug Fixes >=20 > When fully updating the NSEC3 chain for a large zone via IXFR, > a temporary loss of performance could be experienced on the > secondary server when answering queries for nonexistent data that > required DNSSEC proof of non-existence (in other words, queries that > required the server to find and to return NSEC3 data). The > unnecessary processing step that was causing this delay has now been > removed. [GL #1834] >=20 > A data race in lib/dns/resolver.c:log_formerr() that could lead > to an assertion failure was fixed. [GL #1808] >=20 > Previously, provide-ixfr no; failed to return up-to-date responses > when the serial number was greater than or equal to the current > serial number. [GL #1714] >=20 > named-checkconf -p could include spurious text in server-addresses > statements due to an uninitialized DSCP value. This has been fixed. > [GL #1812] >=20 > The ARM has been updated to indicate that the TSIG session key is > generated when named starts, regardless of whether it is needed. [GL > #1842]" >=20 > Signed-off-by: Matthias Fischer > --- > config/rootfiles/common/bind | 9 +++++---- > lfs/bind | 4 ++-- > 2 files changed, 7 insertions(+), 6 deletions(-) >=20 > diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind > index d70ce3272..1fb79b894 100644 > --- a/config/rootfiles/common/bind > +++ b/config/rootfiles/common/bind > @@ -213,6 +213,7 @@ usr/bin/nsupdate > #usr/include/isc/timer.h > #usr/include/isc/tm.h > #usr/include/isc/types.h > +#usr/include/isc/utf8.h > #usr/include/isc/util.h > #usr/include/isc/version.h > #usr/include/isc/xml.h > @@ -271,11 +272,11 @@ usr/lib/libbind9.so.161.0.4 > #usr/lib/libdns.la > #usr/lib/libdns.so > usr/lib/libdns.so.1110 > -usr/lib/libdns.so.1110.0.2 > +usr/lib/libdns.so.1110.0.3 > #usr/lib/libisc.la > #usr/lib/libisc.so > usr/lib/libisc.so.1105 > -usr/lib/libisc.so.1105.0.2 > +usr/lib/libisc.so.1105.1.0 > #usr/lib/libisccc.la > #usr/lib/libisccc.so > usr/lib/libisccc.so.161 > @@ -283,11 +284,11 @@ usr/lib/libisccc.so.161.0.1 > #usr/lib/libisccfg.la > #usr/lib/libisccfg.so > usr/lib/libisccfg.so.163 > -usr/lib/libisccfg.so.163.0.7 > +usr/lib/libisccfg.so.163.0.8 > #usr/lib/liblwres.la > #usr/lib/liblwres.so > usr/lib/liblwres.so.161 > -usr/lib/liblwres.so.161.0.3 > +usr/lib/liblwres.so.161.0.4 > #usr/share/man/man1/dig.1 > #usr/share/man/man1/host.1 > #usr/share/man/man1/nslookup.1 > diff --git a/lfs/bind b/lfs/bind > index 4d0602eda..9ea6b6549 100644 > --- a/lfs/bind > +++ b/lfs/bind > @@ -25,7 +25,7 @@ >=20 > include Config >=20 > -VER =3D 9.11.19 > +VER =3D 9.11.20 >=20 > THISAPP =3D bind-$(VER) > DL_FILE =3D $(THISAPP).tar.gz > @@ -43,7 +43,7 @@ objects =3D $(DL_FILE) >=20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >=20 > -$(DL_FILE)_MD5 =3D 41bc2c6509a4c324e16775b462608820 > +$(DL_FILE)_MD5 =3D bb64b1fd66a915af98fdf2ae2287ddb4 >=20 > install : $(TARGET) >=20 > --=20 > 2.18.0 >=20 --===============6487330935891696535==--