From patchwork Fri Sep 22 19:04:56 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthias Fischer <matthias.fischer@ipfire.org>
X-Patchwork-Id: 7246
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RshXz60cMz3ws3
	for <patchwork@web04.haj.ipfire.org>; Fri, 22 Sep 2023 19:05:07 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4RshXw3BcGz1lr;
	Fri, 22 Sep 2023 19:05:04 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RshXw1mJ8z2xZS;
	Fri, 22 Sep 2023 19:05:04 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RshXt2Rg7z2xCR
 for <development@lists.ipfire.org>; Fri, 22 Sep 2023 19:05:02 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4RshXs4Hkrz1kZ
 for <development@lists.ipfire.org>; Fri, 22 Sep 2023 19:05:01 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1695409501;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=NYVQJcRUz8m24J3m4hbJZ3HYNWiSjvOff+zV5UFqfeY=;
 b=30t4xsSAgj6w/KCEiM2/x3YfeWSJfsjrMrHO3wv8AVsIMHCOOHy7v8/TNB4KhL1/aBg+Xj
 vnCBzVE0gjQwshDA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1695409501;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=NYVQJcRUz8m24J3m4hbJZ3HYNWiSjvOff+zV5UFqfeY=;
 b=DaNKwnco1nRmmIALduauzh9zT144kalF6c7rdPVhbxTo1Zrd3zkIk5YWKRDj2J45BBiwCq
 LnPgj1eJXGG+PSTGCMSD9N2ZiX3BOZdrmxT6xYfMcVbGI6zsMmL7/5fIuUSExfdJY0x2IE
 eNkT+hvqsycGmb1yU1i/Ro9/gStk+63qB3YHSS6IEIZ0iuAAlYON7Fw7T9U3lsGDWLxdqC
 Z7Kycq3c39C0MBUWpZVGeRU/QAHZ2rEod7KHyRLAIq4cSljvm4VUlHbAkhCSPEr+/Y6Va+
 nVceg8LHOdddDHXagTnzDeQOxqmWpa5WFo8mOcZ597V+6gezVaN45jWjzTBueQ==
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] bind: Update to 9.16.44
Date: Fri, 22 Sep 2023 21:04:56 +0200
Message-Id: <20230922190456.3406340-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

For details see:
https://downloads.isc.org/isc/bind9/9.16.44/doc/arm/html/notes.html#notes-for-bind-9-16-44

Changes since 9.16.40:

9.16.44:
"Previously, sending a specially crafted message
over the control channel could cause the packet-parsing
code to run out of available stack memory, causing named
to terminate unexpectedly. This has been fixed. (CVE-2023-3341)"

9.16.43:
"Processing already-queued queries received over TCP could cause
an assertion failure, when the server was reconfigured at the
same time or the cache was being flushed. This has been fixed."

9.16.42:
"The overmem cleaning process has been improved, to prevent the
cache from significantly exceeding the configured max-cache-size
limit. (CVE-2023-2828)

A query that prioritizes stale data over lookup triggers a fetch
to refresh the stale data in cache. If the fetch is aborted for
exceeding the recursion quota, it was possible for named to enter
an infinite callback loop and crash due to stack overflow. This
has been fixed. (CVE-2023-2911)

Previously, it was possible for a delegation from cache to be
returned to the client after the stale-answer-client-timeout
duration. This has been fixed."

9.16.41:
"When removing delegations from an opt-out range, empty-non-terminal
NSEC3 records generated by those delegations were not cleaned up.
This has been fixed."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/bind | 14 +++++++-------
 lfs/bind                     |  4 ++--
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
index eeeee6e94..ca3f17011 100644
--- a/config/rootfiles/common/bind
+++ b/config/rootfiles/common/bind
@@ -271,24 +271,24 @@ usr/bin/nsupdate
 #usr/include/pk11/site.h
 #usr/include/pkcs11
 #usr/include/pkcs11/pkcs11.h
-usr/lib/libbind9-9.16.40.so
+usr/lib/libbind9-9.16.44.so
 #usr/lib/libbind9.la
 #usr/lib/libbind9.so
-usr/lib/libdns-9.16.40.so
+usr/lib/libdns-9.16.44.so
 #usr/lib/libdns.la
 #usr/lib/libdns.so
-usr/lib/libirs-9.16.40.so
+usr/lib/libirs-9.16.44.so
 #usr/lib/libirs.la
 #usr/lib/libirs.so
-usr/lib/libisc-9.16.40.so
+usr/lib/libisc-9.16.44.so
 #usr/lib/libisc.la
 #usr/lib/libisc.so
-usr/lib/libisccc-9.16.40.so
+usr/lib/libisccc-9.16.44.so
 #usr/lib/libisccc.la
 #usr/lib/libisccc.so
-usr/lib/libisccfg-9.16.40.so
+usr/lib/libisccfg-9.16.44.so
 #usr/lib/libisccfg.la
 #usr/lib/libisccfg.so
-usr/lib/libns-9.16.40.so
+usr/lib/libns-9.16.44.so
 #usr/lib/libns.la
 #usr/lib/libns.so
diff --git a/lfs/bind b/lfs/bind
index 850e3f93a..6779bb3d9 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 9.16.40
+VER        = 9.16.44
 
 THISAPP    = bind-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 1ebfec11cc6902480113b1edadcbdb2f819050d779aaa1556ef79491c580a28106d3eff186da89bdecec03025e4e672342602f54e6b0e6f9619a181a1399e070
+$(DL_FILE)_BLAKE2 = cdca8289639d900ab8162e4b0252a495fa0c579b9399326c7df42699346c2f0bca24762dad29de187f142c0896f4012c3f5f3785126d325e7d30ccb73f1530d8
 
 install : $(TARGET)