From: Michał Kępień Date: Wed, 21 Sep 2022 11:04:58 +0000 (+0200) Subject: Merge tag 'v9_19_5' X-Git-Tag: v9.19.6~49 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2ee16067c5eb07f2ba7d4296dcf788e08222d178;p=thirdparty%2Fbind9.git Merge tag 'v9_19_5' BIND 9.19.5 --- 2ee16067c5eb07f2ba7d4296dcf788e08222d178 diff --cc CHANGES index 443aefc7433,5a101aaa5b4..c407e684b43 --- a/CHANGES +++ b/CHANGES @@@ -1,59 -1,29 +1,74 @@@ +5975. [func] Implement TLS transport support for dns_request and + dns_dispatch. [GL #3529] + +5974. [bug] Fix an assertion failure in dispatch caused by + extra read callback call. [GL #3545] + +5973. [bug] Fixed a possible invalid detach in UPDATE + processing. [GL #3522] + +5972. [bug] Gracefully handle when the statschannel HTTP connection + gets cancelled during sending data back to the client. + [GL #3542] + +5971. [func] Add libsystemd sd_notify() support. [GL #1176] + +5970. [func] Log the reason why a query was refused. [GL !6669] + +5969. [bug] DNSSEC signing statistics failed to identify the + algorithm involved. The key names have been changed + to be the algorithm number followed by "+" followed + by the key id (e.g. "8+54274"). [GL #3525] + +5968. [cleanup] Remove 'resolve' binary from tests. [GL !6733] + +5967. [cleanup] Flagged the obsolete "random-device" option as + ancient; it is now an error to configure it. [GL #3399] + +5966. [func] You can now specify if a server must return a DNS + COOKIE before accepting the response over UDP. + [GL #2295] + + server { require-cookie ; }; + +5965. [cleanup] Move the duplicated ASCII case conversion tables to + isc_ascii where they can be shared, and replace the + various hot-path tolower() loops with calls to new + isc_ascii implementations. [GL !6516] + +5964. [func] When an international domain name is not valid, DiG will + now pass it through unchanged, instead of stopping with + an error message. [GL #3527] + +5963. [bug] Ensure struct named_server is properly initialized. + [GL #6531] + - 5962. [placeholder] + --- 9.19.5 released --- - 5961. [placeholder] - - 5960. [placeholder] + 5962. [security] Fix memory leak in EdDSA verify processing. + (CVE-2022-38178) [GL #3487] - 5959. [placeholder] - - 5958. [placeholder] + 5961. [placeholder] - 5957. [placeholder] + 5960. [security] Fix serve-stale crash that could happen when + stale-answer-client-timeout was set to 0 and there was + a stale CNAME in the cache for an incoming query. + (CVE-2022-3080) [GL #3517] + + 5959. [security] Fix memory leaks in the DH code when using OpenSSL 3.0.0 + and later versions. The openssldh_compare(), + openssldh_paramcompare(), and openssldh_todns() + functions were affected. (CVE-2022-2906) [GL #3491] + + 5958. [security] When an HTTP connection was reused to get + statistics from the stats channel, and zlib + compression was in use, each successive + response sent larger and larger blocks of memory, + potentially reading past the end of the allocated + buffer. (CVE-2022-2881) [GL #3493] + + 5957. [security] Prevent excessive resource use while processing large + delegations. (CVE-2022-2795) [GL #3394] 5956. [func] Make RRL code treat all QNAMEs that are subject to wildcard processing within a given zone as the same diff --cc doc/arm/notes.rst index c29c9f5552d,cba7ae00585..ab28b4955ce --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@@ -36,7 -36,7 +36,8 @@@ The latest versions of BIND 9 software https://www.isc.org/download/. There you will find additional information about each release, and source code. +.. include:: ../notes/notes-current.rst + .. include:: ../notes/notes-9.19.5.rst .. include:: ../notes/notes-9.19.4.rst .. include:: ../notes/notes-9.19.3.rst .. include:: ../notes/notes-9.19.2.rst