- 5962. [placeholder]
+5975. [func] Implement TLS transport support for dns_request and
+ dns_dispatch. [GL #3529]
+
+5974. [bug] Fix an assertion failure in dispatch caused by
+ extra read callback call. [GL #3545]
+
+5973. [bug] Fixed a possible invalid detach in UPDATE
+ processing. [GL #3522]
+
+5972. [bug] Gracefully handle when the statschannel HTTP connection
+ gets cancelled during sending data back to the client.
+ [GL #3542]
+
+5971. [func] Add libsystemd sd_notify() support. [GL #1176]
+
+5970. [func] Log the reason why a query was refused. [GL !6669]
+
+5969. [bug] DNSSEC signing statistics failed to identify the
+ algorithm involved. The key names have been changed
+ to be the algorithm number followed by "+" followed
+ by the key id (e.g. "8+54274"). [GL #3525]
+
+5968. [cleanup] Remove 'resolve' binary from tests. [GL !6733]
+
+5967. [cleanup] Flagged the obsolete "random-device" option as
+ ancient; it is now an error to configure it. [GL #3399]
+
+5966. [func] You can now specify if a server must return a DNS
+ COOKIE before accepting the response over UDP.
+ [GL #2295]
+
+ server <prefix> { require-cookie <yes_or_no>; };
+
+5965. [cleanup] Move the duplicated ASCII case conversion tables to
+ isc_ascii where they can be shared, and replace the
+ various hot-path tolower() loops with calls to new
+ isc_ascii implementations. [GL !6516]
+
+5964. [func] When an international domain name is not valid, DiG will
+ now pass it through unchanged, instead of stopping with
+ an error message. [GL #3527]
+
+5963. [bug] Ensure struct named_server is properly initialized.
+ [GL #6531]
+
+ --- 9.19.5 released ---
- 5961. [placeholder]
-
- 5960. [placeholder]
+ 5962. [security] Fix memory leak in EdDSA verify processing.
+ (CVE-2022-38178) [GL #3487]
- 5959. [placeholder]
-
- 5958. [placeholder]
+ 5961. [placeholder]
- 5957. [placeholder]
+ 5960. [security] Fix serve-stale crash that could happen when
+ stale-answer-client-timeout was set to 0 and there was
+ a stale CNAME in the cache for an incoming query.
+ (CVE-2022-3080) [GL #3517]
+
+ 5959. [security] Fix memory leaks in the DH code when using OpenSSL 3.0.0
+ and later versions. The openssldh_compare(),
+ openssldh_paramcompare(), and openssldh_todns()
+ functions were affected. (CVE-2022-2906) [GL #3491]
+
+ 5958. [security] When an HTTP connection was reused to get
+ statistics from the stats channel, and zlib
+ compression was in use, each successive
+ response sent larger and larger blocks of memory,
+ potentially reading past the end of the allocated
+ buffer. (CVE-2022-2881) [GL #3493]
+
+ 5957. [security] Prevent excessive resource use while processing large
+ delegations. (CVE-2022-2795) [GL #3394]
5956. [func] Make RRL code treat all QNAMEs that are subject to
wildcard processing within a given zone as the same
projects / thirdparty / bind9.git / commitdiff
