bind: Update to 9.11.20

  For details see:
https://downloads.isc.org/isc/bind9/9.11.20/RELEASE-NOTES-bind-9.11.20.html

"Security Fixes

    It was possible to trigger an INSIST failure when a zone with
    an interior wildcard label was queried in a certain pattern. This
    was disclosed in CVE-2020-8619. [GL #1111] [GL #1718]

New Features

    dig and other tools can now print the Extended DNS Error (EDE)
    option when it appears in a request or a response. [GL #1835]

Bug Fixes

    When fully updating the NSEC3 chain for a large zone via IXFR,
    a temporary loss of performance could be experienced on the
    secondary server when answering queries for nonexistent data that
    required DNSSEC proof of non-existence (in other words, queries that
    required the server to find and to return NSEC3 data). The
    unnecessary processing step that was causing this delay has now been
    removed. [GL #1834]

    A data race in lib/dns/resolver.c:log_formerr() that could lead
    to an assertion failure was fixed. [GL #1808]

    Previously, provide-ixfr no; failed to return up-to-date responses
    when the serial number was greater than or equal to the current
    serial number. [GL #1714]

    named-checkconf -p could include spurious text in server-addresses
    statements due to an uninitialized DSCP value. This has been fixed.
    [GL #1812]

    The ARM has been updated to indicate that the TSIG session key is
    generated when named starts, regardless of whether it is needed. [GL
    #1842]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 config/rootfiles/common/bind | 9 +++++----
 lfs/bind                     | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)
  

Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

> On 19 Jun 2020, at 18:18, Matthias Fischer <matthias.fischer@ipfire.org> wrote:
> 
> For details see:
> https://downloads.isc.org/isc/bind9/9.11.20/RELEASE-NOTES-bind-9.11.20.html
> 
> "Security Fixes
> 
>    It was possible to trigger an INSIST failure when a zone with
>    an interior wildcard label was queried in a certain pattern. This
>    was disclosed in CVE-2020-8619. [GL #1111] [GL #1718]
> 
> New Features
> 
>    dig and other tools can now print the Extended DNS Error (EDE)
>    option when it appears in a request or a response. [GL #1835]
> 
> Bug Fixes
> 
>    When fully updating the NSEC3 chain for a large zone via IXFR,
>    a temporary loss of performance could be experienced on the
>    secondary server when answering queries for nonexistent data that
>    required DNSSEC proof of non-existence (in other words, queries that
>    required the server to find and to return NSEC3 data). The
>    unnecessary processing step that was causing this delay has now been
>    removed. [GL #1834]
> 
>    A data race in lib/dns/resolver.c:log_formerr() that could lead
>    to an assertion failure was fixed. [GL #1808]
> 
>    Previously, provide-ixfr no; failed to return up-to-date responses
>    when the serial number was greater than or equal to the current
>    serial number. [GL #1714]
> 
>    named-checkconf -p could include spurious text in server-addresses
>    statements due to an uninitialized DSCP value. This has been fixed.
>    [GL #1812]
> 
>    The ARM has been updated to indicate that the TSIG session key is
>    generated when named starts, regardless of whether it is needed. [GL
>    #1842]"
> 
> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
> ---
> config/rootfiles/common/bind | 9 +++++----
> lfs/bind                     | 4 ++--
> 2 files changed, 7 insertions(+), 6 deletions(-)
> 
> diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
> index d70ce3272..1fb79b894 100644
> --- a/config/rootfiles/common/bind
> +++ b/config/rootfiles/common/bind
> @@ -213,6 +213,7 @@ usr/bin/nsupdate
> #usr/include/isc/timer.h
> #usr/include/isc/tm.h
> #usr/include/isc/types.h
> +#usr/include/isc/utf8.h
> #usr/include/isc/util.h
> #usr/include/isc/version.h
> #usr/include/isc/xml.h
> @@ -271,11 +272,11 @@ usr/lib/libbind9.so.161.0.4
> #usr/lib/libdns.la
> #usr/lib/libdns.so
> usr/lib/libdns.so.1110
> -usr/lib/libdns.so.1110.0.2
> +usr/lib/libdns.so.1110.0.3
> #usr/lib/libisc.la
> #usr/lib/libisc.so
> usr/lib/libisc.so.1105
> -usr/lib/libisc.so.1105.0.2
> +usr/lib/libisc.so.1105.1.0
> #usr/lib/libisccc.la
> #usr/lib/libisccc.so
> usr/lib/libisccc.so.161
> @@ -283,11 +284,11 @@ usr/lib/libisccc.so.161.0.1
> #usr/lib/libisccfg.la
> #usr/lib/libisccfg.so
> usr/lib/libisccfg.so.163
> -usr/lib/libisccfg.so.163.0.7
> +usr/lib/libisccfg.so.163.0.8
> #usr/lib/liblwres.la
> #usr/lib/liblwres.so
> usr/lib/liblwres.so.161
> -usr/lib/liblwres.so.161.0.3
> +usr/lib/liblwres.so.161.0.4
> #usr/share/man/man1/dig.1
> #usr/share/man/man1/host.1
> #usr/share/man/man1/nslookup.1
> diff --git a/lfs/bind b/lfs/bind
> index 4d0602eda..9ea6b6549 100644
> --- a/lfs/bind
> +++ b/lfs/bind
> @@ -25,7 +25,7 @@
> 
> include Config
> 
> -VER        = 9.11.19
> +VER        = 9.11.20
> 
> THISAPP    = bind-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -43,7 +43,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = 41bc2c6509a4c324e16775b462608820
> +$(DL_FILE)_MD5 = bb64b1fd66a915af98fdf2ae2287ddb4
> 
> install : $(TARGET)
> 
> -- 
> 2.18.0
>