bind: Update to 9.16.27

For details see:
https://downloads.isc.org/isc/bind9/9.16.27/doc/arm/html/notes.html#notes-for-bind-9-16-27

"Security Fixes

    The rules for acceptance of records into the cache have been
    tightened to prevent the possibility of poisoning if forwarders send
    records outside the configured bailiwick. (CVE-2021-25220)

    ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from
    Network and Information Security Lab, Tsinghua University, and
    Changgen Zou from Qi An Xin Group Corp. for bringing this
    vulnerability to our attention. [GL #2950]

    TCP connections with keep-response-order enabled could leave the TCP
    sockets in the CLOSE_WAIT state when the client did not properly
    shut down the connection. (CVE-2022-0396) [GL #3112]

Feature Changes

    DEBUG(1)-level messages were added when starting and ending the BIND
    9 task-exclusive mode that stops normal DNS operation (e.g. for
    reconfiguration, interface scans, and other events that require
    exclusive access to a shared resource). [GL #3137]

Bug Fixes

    The max-transfer-time-out and max-transfer-idle-out options were not
    implemented when the BIND 9 networking stack was refactored in 9.16.
    The missing functionality has been re-implemented and outgoing zone
    transfers now time out properly when not progressing. [GL #1897]

    TCP connections could hang indefinitely if the other party did not
    read sent data, causing the TCP write buffers to fill. This has been
    fixed by adding a “write” timer. Connections that are hung while
    writing now time out after the tcp-idle-timeout period has elapsed.
    [GL #3132]

    The statistics counter representing the current number of clients
    awaiting recursive resolution results (RecursClients) could
    be miscalculated in certain resolution scenarios, potentially
    causing the value of the counter to drop below zero. This has been
    fixed. [GL #3147]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
index c0e56854a30c79f3c748923338d3f65b46b70342..df3df4f47a6c63bc3f2dd8f204d1b4f7e2328ee3 100644 (file)
--- a/config/rootfiles/common/bind
+++ b/config/rootfiles/common/bind
@@ -274,24 +274,24 @@ usr/bin/nsupdate
 #usr/include/pk11/site.h
 #usr/include/pkcs11
 #usr/include/pkcs11/pkcs11.h
-usr/lib/libbind9-9.16.26.so
+usr/lib/libbind9-9.16.27.so
 #usr/lib/libbind9.la
 #usr/lib/libbind9.so
-usr/lib/libdns-9.16.26.so
+usr/lib/libdns-9.16.27.so
 #usr/lib/libdns.la
 #usr/lib/libdns.so
-usr/lib/libirs-9.16.26.so
+usr/lib/libirs-9.16.27.so
 #usr/lib/libirs.la
 #usr/lib/libirs.so
-usr/lib/libisc-9.16.26.so
+usr/lib/libisc-9.16.27.so
 #usr/lib/libisc.la
 #usr/lib/libisc.so
-usr/lib/libisccc-9.16.26.so
+usr/lib/libisccc-9.16.27.so
 #usr/lib/libisccc.la
 #usr/lib/libisccc.so
-usr/lib/libisccfg-9.16.26.so
+usr/lib/libisccfg-9.16.27.so
 #usr/lib/libisccfg.la
 #usr/lib/libisccfg.so
-usr/lib/libns-9.16.26.so
+usr/lib/libns-9.16.27.so
 #usr/lib/libns.la
 #usr/lib/libns.so

diff --git a/lfs/bind b/lfs/bind
index 72c85f5f538148a15fbf45ded297238f9babd3ed..d8970a2af1d459be35c99213bbf1a6a72e75339b 100644 (file)
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 9.16.26
+VER        = 9.16.27
 
 THISAPP    = bind-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 799696f44e0d61659fa0efaa3c5fe5d8
+$(DL_FILE)_MD5 = db71eecaf698660da37581c42ce9f904
 
 install : $(TARGET)