Overview Repositories Revisions Requests Users Attributes Meta

Revisions of bind

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 980817 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 179) 
- Upgrade to 9.18.3:
  Bugs fixed:
  * Fix a crash in DNS-over-HTTPS (DoH) code caused by premature
    TLS stream socket object deletion.
  * RPZ NSIP and NSDNAME rule processing didn't handle stub and
    static-stub zones at or above the query name. This has now
    been addressed.
  * Fixed a deadlock that could occur if an rndc connection arrived
    during the shutdown of network interfaces.
  * Refactor the fctx_done() function to set fctx to NULL after
    detaching, so that reference counting errors will be easier to
    avoid.
  * udp_recv() in dispatch could trigger an INSIST when the
    callback's result indicated success but the response was
    canceled in the meantime.
  * Work around a jemalloc quirk which could trigger an
    out-of-memory condition in named over time.
  * If there was a pending negative cache DS entry, validations
    depending upon it could fail.
  * dig returned a 0 exit status on UDP connection failure.
  * Fix an assertion failure when using dig with +nssearch and
    +tcp options by starting the next query in the send_done()
    callback (like in the UDP mode) instead of doing that
    recursively in start_tcp(). Also ensure that queries
    interrupted while connecting are detached properly.
  * Don't remove CDS/CDNSKEY DELETE records on zone sign when
    using 'auto-dnssec maintain;'.
  This obsoletes the following patch:
  bind-define-local-instances-of-FALLTHROUGH-and-UNREACHABLE.patch
  [CVE-2022-1183, bsc#1199619]
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 926547 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 172) 
 (forwarded request 926001 from jmoellers)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 909191 from Josef Möllers's avatar Josef Möllers (jmoellers) (revision 170) 
- Update to 9.16.19
  * A race condition could occur where two threads were
    competing for the same set of key file locks, leading to
    a deadlock. This has been fixed. [GL #2786]
  * create_keydata() created an invalid placeholder keydata
    record upon a refresh failure, which prevented the
    database of managed keys from subsequently being read
    back. This has been fixed. [GL #2686]
  * KASP support was extended with the "check DS" feature.
    Zones with "dnssec-policy" and "parental-agents"
    configured now check for DS presence and can perform
    automatic KSK rollovers. [GL #1126]
  * Rescheduling a setnsec3param() task when a zone failed
    to load on startup caused a hang on shutdown. This has
    been fixed. [GL #2791]
  * The configuration-checking code failed to account for
    the inheritance rules of the "dnssec-policy" option.
    This has been fixed. [GL #2780]
  * If nsupdate sends an SOA request and receives a REFUSED
    response, it now fails over to the next available
    server. [GL #2758]
  * For UDP messages larger than the path MTU, named now
    sends an empty response with the TC (TrunCated) bit set.
    In addition, setting the DF (Don't Fragment) flag on
    outgoing UDP sockets was re-enabled. [GL #2790]
  * Views with recursion disabled are now configured with a
    default cache size of 2 MB unless "max-cache-size" is
    explicitly set. This prevents cache RBT hash tables from
    being needlessly preallocated for such views. [GL #2777]
  * Change 5644 inadvertently introduced a deadlock: when
    locking the key file mutex for each zone structure in a
    different view, the "in-view" logic was not considered.
    This has been fixed. [GL #2783]
  * Increasing "max-cache-size" for a running named instance
    (using "rndc reconfig") did not cause the hash tables
    used by cache databases to be grown accordingly. This
    has been fixed. [GL #2770]
  * Signed, insecure delegation responses prepared by named
    either lacked the necessary NSEC records or contained
    duplicate NSEC records when both wildcard expansion and
    CNAME chaining were required to prepare the response.
    This has been fixed. [GL #2759]
  * A bug that caused the NSEC3 salt to be changed on every
    restart for zones using KASP has been fixed. [GL #2725] (forwarded request 909186 from polslinux)
Displaying revisions 21 - 40 of 207
openSUSE Build Service is sponsored by
Places