Revisions of bind
Dominique Leuenberger (dimstar_suse)
accepted
request 1034322
from
Jorik Cronenberg (jcronenberg)
(revision 187)
Fabian Vogt (favogt_factory)
accepted
request 1008629
from
Jorik Cronenberg (jcronenberg)
(revision 186)
Dominique Leuenberger (dimstar_suse)
accepted
request 1005207
from
Jorik Cronenberg (jcronenberg)
(revision 185)
Dominique Leuenberger (dimstar_suse)
accepted
request 998091
from
Dirk Mueller (dirkmueller)
(revision 184)
Dominique Leuenberger (dimstar_suse)
accepted
request 993089
from
Jorik Cronenberg (jcronenberg)
(revision 183)
Dominique Leuenberger (dimstar_suse)
accepted
request 992020
from
Reinhard Max (rmax)
(revision 182)
Richard Brown (RBrownFactory)
accepted
request 990523
from
Dirk Mueller (dirkmueller)
(revision 181)
Dominique Leuenberger (dimstar_suse)
accepted
request 983574
from
Dirk Mueller (dirkmueller)
(revision 180)
Dominique Leuenberger (dimstar_suse)
accepted
request 980817
from
Dirk Mueller (dirkmueller)
(revision 179)
- Upgrade to 9.18.3: Bugs fixed: * Fix a crash in DNS-over-HTTPS (DoH) code caused by premature TLS stream socket object deletion. * RPZ NSIP and NSDNAME rule processing didn't handle stub and static-stub zones at or above the query name. This has now been addressed. * Fixed a deadlock that could occur if an rndc connection arrived during the shutdown of network interfaces. * Refactor the fctx_done() function to set fctx to NULL after detaching, so that reference counting errors will be easier to avoid. * udp_recv() in dispatch could trigger an INSIST when the callback's result indicated success but the response was canceled in the meantime. * Work around a jemalloc quirk which could trigger an out-of-memory condition in named over time. * If there was a pending negative cache DS entry, validations depending upon it could fail. * dig returned a 0 exit status on UDP connection failure. * Fix an assertion failure when using dig with +nssearch and +tcp options by starting the next query in the send_done() callback (like in the UDP mode) instead of doing that recursively in start_tcp(). Also ensure that queries interrupted while connecting are detached properly. * Don't remove CDS/CDNSKEY DELETE records on zone sign when using 'auto-dnssec maintain;'. This obsoletes the following patch: bind-define-local-instances-of-FALLTHROUGH-and-UNREACHABLE.patch [CVE-2022-1183, bsc#1199619]
Dominique Leuenberger (dimstar_suse)
accepted
request 977470
from
Marcus Meissner (msmeissn)
(revision 178)
Dominique Leuenberger (dimstar_suse)
accepted
request 948355
from
Josef Möllers (jmoellers)
(revision 177)
Dominique Leuenberger (dimstar_suse)
accepted
request 947977
from
Marcus Meissner (msmeissn)
(revision 176)
Dominique Leuenberger (dimstar_suse)
accepted
request 942722
from
Dirk Mueller (dirkmueller)
(revision 175)
Dominique Leuenberger (dimstar_suse)
accepted
request 935520
from
Josef Möllers (jmoellers)
(revision 174)
Dominique Leuenberger (dimstar_suse)
accepted
request 934423
from
Dirk Mueller (dirkmueller)
(revision 173)
Dominique Leuenberger (dimstar_suse)
accepted
request 926547
from
Marcus Meissner (msmeissn)
(revision 172)
(forwarded request 926001 from jmoellers)
Dominique Leuenberger (dimstar_suse)
accepted
request 914627
from
Josef Möllers (jmoellers)
(revision 171)
Dominique Leuenberger (dimstar_suse)
accepted
request 909191
from
Josef Möllers (jmoellers)
(revision 170)
- Update to 9.16.19 * A race condition could occur where two threads were competing for the same set of key file locks, leading to a deadlock. This has been fixed. [GL #2786] * create_keydata() created an invalid placeholder keydata record upon a refresh failure, which prevented the database of managed keys from subsequently being read back. This has been fixed. [GL #2686] * KASP support was extended with the "check DS" feature. Zones with "dnssec-policy" and "parental-agents" configured now check for DS presence and can perform automatic KSK rollovers. [GL #1126] * Rescheduling a setnsec3param() task when a zone failed to load on startup caused a hang on shutdown. This has been fixed. [GL #2791] * The configuration-checking code failed to account for the inheritance rules of the "dnssec-policy" option. This has been fixed. [GL #2780] * If nsupdate sends an SOA request and receives a REFUSED response, it now fails over to the next available server. [GL #2758] * For UDP messages larger than the path MTU, named now sends an empty response with the TC (TrunCated) bit set. In addition, setting the DF (Don't Fragment) flag on outgoing UDP sockets was re-enabled. [GL #2790] * Views with recursion disabled are now configured with a default cache size of 2 MB unless "max-cache-size" is explicitly set. This prevents cache RBT hash tables from being needlessly preallocated for such views. [GL #2777] * Change 5644 inadvertently introduced a deadlock: when locking the key file mutex for each zone structure in a different view, the "in-view" logic was not considered. This has been fixed. [GL #2783] * Increasing "max-cache-size" for a running named instance (using "rndc reconfig") did not cause the hash tables used by cache databases to be grown accordingly. This has been fixed. [GL #2770] * Signed, insecure delegation responses prepared by named either lacked the necessary NSEC records or contained duplicate NSEC records when both wildcard expansion and CNAME chaining were required to prepare the response. This has been fixed. [GL #2759] * A bug that caused the NSEC3 salt to be changed on every restart for zones using KASP has been fixed. [GL #2725] (forwarded request 909186 from polslinux)
Dominique Leuenberger (dimstar_suse)
accepted
request 907489
from
Marcus Meissner (msmeissn)
(revision 169)
Dominique Leuenberger (dimstar_suse)
accepted
request 902727
from
Marcus Meissner (msmeissn)
(revision 168)
Displaying revisions 21 - 40 of 207