For details see: https://downloads.isc.org/isc/bind9/9.11.20/RELEASE-NOTES-bind-9.11.20.html
"Security Fixes
It was possible to trigger an INSIST failure when a zone with an interior wildcard label was queried in a certain pattern. This was disclosed in CVE-2020-8619. [GL #1111] [GL #1718]
New Features
dig and other tools can now print the Extended DNS Error (EDE) option when it appears in a request or a response. [GL #1835]
Bug Fixes
When fully updating the NSEC3 chain for a large zone via IXFR, a temporary loss of performance could be experienced on the secondary server when answering queries for nonexistent data that required DNSSEC proof of non-existence (in other words, queries that required the server to find and to return NSEC3 data). The unnecessary processing step that was causing this delay has now been removed. [GL #1834]
A data race in lib/dns/resolver.c:log_formerr() that could lead to an assertion failure was fixed. [GL #1808]
Previously, provide-ixfr no; failed to return up-to-date responses when the serial number was greater than or equal to the current serial number. [GL #1714]
named-checkconf -p could include spurious text in server-addresses statements due to an uninitialized DSCP value. This has been fixed. [GL #1812]
The ARM has been updated to indicate that the TSIG session key is generated when named starts, regardless of whether it is needed. [GL #1842]"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- config/rootfiles/common/bind | 9 +++++---- lfs/bind | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index d70ce3272..1fb79b894 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -213,6 +213,7 @@ usr/bin/nsupdate #usr/include/isc/timer.h #usr/include/isc/tm.h #usr/include/isc/types.h +#usr/include/isc/utf8.h #usr/include/isc/util.h #usr/include/isc/version.h #usr/include/isc/xml.h @@ -271,11 +272,11 @@ usr/lib/libbind9.so.161.0.4 #usr/lib/libdns.la #usr/lib/libdns.so usr/lib/libdns.so.1110 -usr/lib/libdns.so.1110.0.2 +usr/lib/libdns.so.1110.0.3 #usr/lib/libisc.la #usr/lib/libisc.so usr/lib/libisc.so.1105 -usr/lib/libisc.so.1105.0.2 +usr/lib/libisc.so.1105.1.0 #usr/lib/libisccc.la #usr/lib/libisccc.so usr/lib/libisccc.so.161 @@ -283,11 +284,11 @@ usr/lib/libisccc.so.161.0.1 #usr/lib/libisccfg.la #usr/lib/libisccfg.so usr/lib/libisccfg.so.163 -usr/lib/libisccfg.so.163.0.7 +usr/lib/libisccfg.so.163.0.8 #usr/lib/liblwres.la #usr/lib/liblwres.so usr/lib/liblwres.so.161 -usr/lib/liblwres.so.161.0.3 +usr/lib/liblwres.so.161.0.4 #usr/share/man/man1/dig.1 #usr/share/man/man1/host.1 #usr/share/man/man1/nslookup.1 diff --git a/lfs/bind b/lfs/bind index 4d0602eda..9ea6b6549 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@
include Config
-VER = 9.11.19 +VER = 9.11.20
THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 41bc2c6509a4c324e16775b462608820 +$(DL_FILE)_MD5 = bb64b1fd66a915af98fdf2ae2287ddb4
install : $(TARGET)
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 19 Jun 2020, at 18:18, Matthias Fischer matthias.fischer@ipfire.org wrote:
For details see: https://downloads.isc.org/isc/bind9/9.11.20/RELEASE-NOTES-bind-9.11.20.html
"Security Fixes
It was possible to trigger an INSIST failure when a zone with an interior wildcard label was queried in a certain pattern. This was disclosed in CVE-2020-8619. [GL #1111] [GL #1718]
New Features
dig and other tools can now print the Extended DNS Error (EDE) option when it appears in a request or a response. [GL #1835]
Bug Fixes
When fully updating the NSEC3 chain for a large zone via IXFR, a temporary loss of performance could be experienced on the secondary server when answering queries for nonexistent data that required DNSSEC proof of non-existence (in other words, queries that required the server to find and to return NSEC3 data). The unnecessary processing step that was causing this delay has now been removed. [GL #1834]
A data race in lib/dns/resolver.c:log_formerr() that could lead to an assertion failure was fixed. [GL #1808]
Previously, provide-ixfr no; failed to return up-to-date responses when the serial number was greater than or equal to the current serial number. [GL #1714]
named-checkconf -p could include spurious text in server-addresses statements due to an uninitialized DSCP value. This has been fixed. [GL #1812]
The ARM has been updated to indicate that the TSIG session key is generated when named starts, regardless of whether it is needed. [GL #1842]"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
config/rootfiles/common/bind | 9 +++++---- lfs/bind | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index d70ce3272..1fb79b894 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -213,6 +213,7 @@ usr/bin/nsupdate #usr/include/isc/timer.h #usr/include/isc/tm.h #usr/include/isc/types.h +#usr/include/isc/utf8.h #usr/include/isc/util.h #usr/include/isc/version.h #usr/include/isc/xml.h @@ -271,11 +272,11 @@ usr/lib/libbind9.so.161.0.4 #usr/lib/libdns.la #usr/lib/libdns.so usr/lib/libdns.so.1110 -usr/lib/libdns.so.1110.0.2 +usr/lib/libdns.so.1110.0.3 #usr/lib/libisc.la #usr/lib/libisc.so usr/lib/libisc.so.1105 -usr/lib/libisc.so.1105.0.2 +usr/lib/libisc.so.1105.1.0 #usr/lib/libisccc.la #usr/lib/libisccc.so usr/lib/libisccc.so.161 @@ -283,11 +284,11 @@ usr/lib/libisccc.so.161.0.1 #usr/lib/libisccfg.la #usr/lib/libisccfg.so usr/lib/libisccfg.so.163 -usr/lib/libisccfg.so.163.0.7 +usr/lib/libisccfg.so.163.0.8 #usr/lib/liblwres.la #usr/lib/liblwres.so usr/lib/liblwres.so.161 -usr/lib/liblwres.so.161.0.3 +usr/lib/liblwres.so.161.0.4 #usr/share/man/man1/dig.1 #usr/share/man/man1/host.1 #usr/share/man/man1/nslookup.1 diff --git a/lfs/bind b/lfs/bind index 4d0602eda..9ea6b6549 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@
include Config
-VER = 9.11.19 +VER = 9.11.20
THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 41bc2c6509a4c324e16775b462608820 +$(DL_FILE)_MD5 = bb64b1fd66a915af98fdf2ae2287ddb4
install : $(TARGET)
-- 2.18.0