For details for 9.16.36 and 9.16.37 see:
https://downloads.isc.org/isc/bind9/9.16.37/doc/arm/html/notes.html#notes-for-bind-9-16-37
"Notes for BIND 9.16.37
Security Fixes
An UPDATE message flood could cause named to exhaust all available
memory. This flaw was addressed by adding a new update-quota option
that controls the maximum number of outstanding DNS UPDATE messages
that named can hold in a queue at any given time (default: 100).
(CVE-2022-3094)
ISC would like to thank Rob Schulhof from Infoblox for bringing this
vulnerability to our attention. [GL #3523]
named could crash with an assertion failure when an RRSIG query was
received and stale-answer-client-timeout was set to a non-zero value.
This has been fixed. (CVE-2022-3736)
ISC would like to thank Borja Marcos from Sarenet (with assistance by
Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to
our attention. [GL #3622]
named running as a resolver with the stale-answer-client-timeout option
set to any value greater than 0 could crash with an assertion failure,
when the recursive-clients soft quota was reached. This has been fixed.
(CVE-2022-3924)
ISC would like to thank Maksym Odinintsev from AWS for bringing this
vulnerability to our attention. [GL #3619]
New Features
The new update-quota option can be used to control the number of
simultaneous DNS UPDATE messages that can be processed to update an
authoritative zone on a primary server, or forwarded to the primary
server by a secondary server. The default is 100. A new statistics
counter has also been added to record events when this quota is
exceeded, and the version numbers for the XML and JSON statistics
schemas have been updated. [GL #3523]
Feature Changes
The Differentiated Services Code Point (DSCP) feature in BIND has been
deprecated. Configuring DSCP values in named.conf now causes a warning
to be logged. Note that this feature has only been partly operational
since the new Network Manager was introduced in BIND 9.16.0. [GL #3773]
The catalog zone implementation has been optimized to work with
hundreds of thousands of member zones. [GL #3744]
Bug Fixes
In certain query resolution scenarios (e.g. when following CNAME
records), named configured to answer from stale cache could return a
SERVFAIL response despite a usable, non-stale answer being present in
the cache. This has been fixed. [GL #3678]
...
Notes for BIND 9.16.36
Feature Changes
The auto-dnssec option has been deprecated and will be removed in a
future BIND 9.19.x release. Please migrate to dnssec-policy. [GL #3667]
Bug Fixes
When a catalog zone was removed from the configuration, in some cases a
dangling pointer could cause the named process to crash. This has been
fixed. [GL #3683]
When a zone was deleted from a server, a key management object related
to that zone was inadvertently kept in memory and only released upon
shutdown. This could lead to constantly increasing memory use on
servers with a high rate of changes affecting the set of zones being
served. This has been fixed. [GL #3727]
In certain cases, named waited for the resolution of outstanding
recursive queries to finish before shutting down. This was unintended
and has been fixed. [GL #3183]
The zone <name>/<class>: final reference detached log message was moved
from the INFO log level to the DEBUG(1) log level to prevent the
named-checkzone tool from superfluously logging this message in
non-debug mode. [GL #3707]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
#usr/include/pk11/site.h
#usr/include/pkcs11
#usr/include/pkcs11/pkcs11.h
-usr/lib/libbind9-9.16.35.so
+usr/lib/libbind9-9.16.37.so
#usr/lib/libbind9.la
#usr/lib/libbind9.so
-usr/lib/libdns-9.16.35.so
+usr/lib/libdns-9.16.37.so
#usr/lib/libdns.la
#usr/lib/libdns.so
-usr/lib/libirs-9.16.35.so
+usr/lib/libirs-9.16.37.so
#usr/lib/libirs.la
#usr/lib/libirs.so
-usr/lib/libisc-9.16.35.so
+usr/lib/libisc-9.16.37.so
#usr/lib/libisc.la
#usr/lib/libisc.so
-usr/lib/libisccc-9.16.35.so
+usr/lib/libisccc-9.16.37.so
#usr/lib/libisccc.la
#usr/lib/libisccc.so
-usr/lib/libisccfg-9.16.35.so
+usr/lib/libisccfg-9.16.37.so
#usr/lib/libisccfg.la
#usr/lib/libisccfg.so
-usr/lib/libns-9.16.35.so
+usr/lib/libns-9.16.37.so
#usr/lib/libns.la
#usr/lib/libns.so
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 9.16.35
+VER = 9.16.37
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = c3d23e939c882e9bebe2aa83d91ab40bfe8c4b9882890acdb0908d4bfe16f00a98b87ba9155da68e75936be5d057ec025efa80541bf86a08a5bb85e4b4bd10e2
+$(DL_FILE)_BLAKE2 = 3b18f7c780ce04e296498e30c09628ad8eb89f38afdb032700455f193a3f8556029cd2e3d3c42861965d5fc776f56f761b8d21a74a0f95d82338e65fb519acfb
install : $(TARGET)
projects / ipfire-2.x.git / commitdiff
