From: Michał Kępień <michal@isc.org>
Date: Wed, 25 Jan 2023 20:16:00 +0000 (+0100)
Subject: Merge tag 'v9_19_9'
X-Git-Tag: v9.19.10~16
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=4e934bae0b710cd3da9ac20972df068dc0572571;p=thirdparty%2Fbind9.git

Merge tag 'v9_19_9'

BIND 9.19.9
---

4e934bae0b710cd3da9ac20972df068dc0572571
diff --cc CHANGES
index bee2498184e,c68ec98b3af..f73e609c15a
--- a/CHANGES
+++ b/CHANGES
@@@ -1,49 -1,10 +1,53 @@@
 +6078.	[func]		Cleanup the memory statistic counters to a bare
 +			minumum - InUse with Malloced as alias. [GL #3718]
 +
 +6077.	[func]		Implement query forwarding to DoT-enabled upstream
 +			servers. [GL #3726]
 +
 +6076.	[bug]		Handle OS errors when creating UDP and TCP sockets
 +			more gracefully. [GL #3800]
 +
 +6075.	[bug]		Add missing node lock when setting node->wild in
 +			add_wildcard_magic. [GL #3799]
 +
 +6074.	[func]		Refactor the isc_nm_xfr_allowed() function to return
 +			isc_result_t instead of boolean. [GL #3808]
 +
 +6073.	[bug]		Set RD=1 on DS requests to parental-agents. [GL #3783]
 +
 +6072.	[bug]		Avoid the OpenSSL lock contention when initializing
 +			Message Digest Contexts by using explicit algorithm
 +			fetching, initializing static contexts for every
 +			supported algorithms, and initializing the new context
 +			by copying the static copy. [GL #3795]
 +
 +6071.	[func]		The use of "port" when configuring query-source,
 +			transfer-source, notify-source and parental-source
 +			addresses has been deprecated, along with the
 +			use-v[46]-udp-ports and avoid-v[46]-udp-ports
 +			options. A warning will be logged when these
 +			options are used. In a future release, they
 +			will be removed. [GL #3781]
 +
 +6070.	[func]		DSCP parsing has now been fully removed, and
 +			configuration of DSCP values in named.conf is a
 +			configuration error. [GL #3789]
 +
 +6069.	[bug]		Detach from the view in zone_shutdown() to
 +			release the memory held by the dead view
 +			early. [GL #3801]
 +
 +6068.	[bug]		Downloading a zone via TLS from a server which does
 +			not negotiate "dot" ALPN token could crash BIND
 +			on shutdown. That has been fixed. [GL #3767]
 +
- 6067.	[placeholder]
+ 	--- 9.19.9 released ---
  
- 6066.	[placeholder]
+ 6067.	[security]	Fix serve-stale crash when recursive clients soft quota
+ 			is reached. (CVE-2022-3924) [GL #3619]
+ 
+ 6066.	[security]	Handle RRSIG lookups when serve-stale is active.
+ 			(CVE-2022-3736) [GL #3622]
  
  6065.	[placeholder]
  
diff --cc doc/arm/notes.rst
index f720d729076,b0f4f11abd9..a72405a7ce5
--- a/doc/arm/notes.rst
+++ b/doc/arm/notes.rst
@@@ -38,7 -38,7 +38,8 @@@ information about each release, and sou
  
  .. include:: ../notes/notes-known-issues.rst
  
 +.. include:: ../notes/notes-current.rst
+ .. include:: ../notes/notes-9.19.9.rst
  .. include:: ../notes/notes-9.19.8.rst
  .. include:: ../notes/notes-9.19.7.rst
  .. include:: ../notes/notes-9.19.6.rst
diff --cc doc/man/named.conf.5in
index ea9e2b86c4c,6c3f026a132..2ed67975ae3
--- a/doc/man/named.conf.5in
+++ b/doc/man/named.conf.5in
@@@ -359,8 -360,9 +359,9 @@@ options 
  	udp\-receive\-buffer <integer>;
  	udp\-send\-buffer <integer>;
  	update\-check\-ksk <boolean>;
+ 	update\-quota <integer>;
 -	use\-v4\-udp\-ports { <portrange>; ... };
 -	use\-v6\-udp\-ports { <portrange>; ... };
 +	use\-v4\-udp\-ports { <portrange>; ... }; // deprecated
 +	use\-v6\-udp\-ports { <portrange>; ... }; // deprecated
  	v6\-bias <integer>;
  	validate\-except { <string>; ... };
  	version ( <quoted_string> | none );
diff --cc doc/misc/options
index e6e8d67816e,f6a8c3cc730..355b5961897
--- a/doc/misc/options
+++ b/doc/misc/options
@@@ -302,8 -303,9 +302,9 @@@ options 
  	udp-receive-buffer <integer>;
  	udp-send-buffer <integer>;
  	update-check-ksk <boolean>;
+ 	update-quota <integer>;
 -	use-v4-udp-ports { <portrange>; ... };
 -	use-v6-udp-ports { <portrange>; ... };
 +	use-v4-udp-ports { <portrange>; ... }; // deprecated
 +	use-v6-udp-ports { <portrange>; ... }; // deprecated
  	v6-bias <integer>;
  	validate-except { <string>; ... };
  	version ( <quoted_string> | none );
diff --cc lib/isccfg/namedconf.c
index 2e92d2d4875,0ceead9e19c..96183ec065f
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@@ -1339,12 -1349,11 +1339,13 @@@ static cfg_clausedef_t options_clauses[
  	{ "treat-cr-as-space", NULL, CFG_CLAUSEFLAG_ANCIENT },
  	{ "udp-receive-buffer", &cfg_type_uint32, 0 },
  	{ "udp-send-buffer", &cfg_type_uint32, 0 },
+ 	{ "update-quota", &cfg_type_uint32, 0 },
  	{ "use-id-pool", NULL, CFG_CLAUSEFLAG_ANCIENT },
  	{ "use-ixfr", NULL, CFG_CLAUSEFLAG_ANCIENT },
 -	{ "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
 -	{ "use-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },
 +	{ "use-v4-udp-ports", &cfg_type_bracketed_portlist,
 +	  CFG_CLAUSEFLAG_DEPRECATED },
 +	{ "use-v6-udp-ports", &cfg_type_bracketed_portlist,
 +	  CFG_CLAUSEFLAG_DEPRECATED },
  	{ "version", &cfg_type_qstringornone, 0 },
  	{ NULL, NULL, 0 }
  };