From patchwork Thu Feb 20 23:37:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 8475 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YzV6S327cz3wbt for ; Thu, 20 Feb 2025 23:37:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4YzV6P4pyZzpn; Thu, 20 Feb 2025 23:37:17 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YzV6P3KR8z32ZX; Thu, 20 Feb 2025 23:37:17 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4YzV6K5WHGz30XF for ; Thu, 20 Feb 2025 23:37:13 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4YzV6J5kVGzbB for ; Thu, 20 Feb 2025 23:37:12 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1740094632; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=I8QPzmx7AI7aBNqsZ268mZA7jjP/M+8isgPRqlScips=; b=DZTcJjKTVPHXwAJLVJlqbHSmTgoNWbvUxWV4Nv6SW8XQSV9kc60IPG1Ixk6CiZ27N+3KNG UGozkpJuQLqTSrCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1740094632; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=I8QPzmx7AI7aBNqsZ268mZA7jjP/M+8isgPRqlScips=; b=qsWZBTEpKqivQzUdm3iUMcb8BM2MkTCGDeV75D8/rAhJnnhQH5DTJ0Jo28awrgTsr4YRXT sqF4ZkHUMizpzh+lKLjx/kPVMPIUfigHPDCDiApj3QyGLswDo95rFXAePQ6jJYotAcM8Yj I3wf1BqOMk9F3YAyxvaS+Odwa7PNRHry1GKugXTHeaO/SvJjquxCqkwes+ls9aNEi59twN SrMt43FGJDXlzX2FwnthOAnu/OVVBXY9vg/oLZndxxZXO/OEbpwuyBdj2yP75UwMwwho0m Q5n/DARAlWadlvsPWznh7g9YBwcgCUuRJAgMMtSLWfoJ7rwbg/oNrhiQZ7we4Q== From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] bind: Update to 9.20.6 Date: Fri, 21 Feb 2025 00:37:04 +0100 Message-ID: <20250220233706.1200-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: HPPPN5FQOXNGYT5HINISS5DZ3M4F7GG3 X-Message-ID-Hash: HPPPN5FQOXNGYT5HINISS5DZ3M4F7GG3 X-MailFrom: matthias.fischer@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: For details see: https://downloads.isc.org/isc/bind9/9.20.5/doc/arm/html/notes.html#notes-for-bind-9-20-6 "Notes for BIND 9.20.6 New Features Adds support for EDE code 1 and 2. Support was added for EDE codes 1 and 2, which might occur during DNSSEC validation in the case of an unsupported RRSIG algorithm or DNSKEY digest. [GL #2715] Add an rndc command to toggle jemalloc profiling. The new command is rndc memprof; the memory profiling status is also reported inside rndc status. The status shows whether named can toggle memory profiling, and whether the server is built with jemalloc. [GL #4759] Add support for multiple extended DNS errors. The Extended DNS Error (EDE) mechanism may raise errors during a DNS resolution. named is now able to add up to three EDE codes in a DNS response. If there are duplicate error codes, only the first one is part of the DNS response. [GL #5085] Print the expiration time of stale records. BIND now prints the expiration time of any stale RRsets in the cache dump. Bug Fixes Recently expired records could be returned with a timestamp in future. Under rare circumstances, an RRSet that expired at the time of the query could be returned with a TTL in the future. This has been fixed. As a side effect, the expiration time of expired RRSets is no longer returned in a cache dump. [GL #5094] YAML string not terminated in negative response in delv. [GL #5098] Fix a bug in dnssec-signzone related to keys being offline. When dnssec-signzone was called on an already-signed zone and the private key file was unavailable, a signature that needed to be refreshed was dropped without being able to generate a replacement. This has been fixed. [GL #5126] Apply the memory limit only to ADB database items. Under heavy load, a resolver could exhaust the memory available for storing the information in the Address Database (ADB), effectively discarding previously stored information in the ADB. The memory used to retrieve and provide information from the ADB is no longer subject to the same memory limits that are applied to the Address Database. [GL #5127] Avoid unnecessary locking in the zone/cache database. Lock contention among many worker threads referring to the same database node at the same time is now prevented. This improves zone and cache database performance for any heavily contended database nodes. [GL #5130] Fix reporting of Extended DNS Error 22 (No Reachable Authority). This error code was previously not reported in some applicable situations. This has been fixed. [GL #5137]" Signed-off-by: Matthias Fischer --- config/rootfiles/common/bind | 10 +++++----- lfs/bind | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index c0ef2a3f2..2eee6aa5b 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -239,18 +239,18 @@ usr/bin/nsupdate #usr/include/ns/types.h #usr/include/ns/update.h #usr/include/ns/xfrout.h -usr/lib/libdns-9.20.5.so +usr/lib/libdns-9.20.6.so #usr/lib/libdns.la #usr/lib/libdns.so -usr/lib/libisc-9.20.5.so +usr/lib/libisc-9.20.6.so #usr/lib/libisc.la #usr/lib/libisc.so -usr/lib/libisccc-9.20.5.so +usr/lib/libisccc-9.20.6.so #usr/lib/libisccc.la #usr/lib/libisccc.so -usr/lib/libisccfg-9.20.5.so +usr/lib/libisccfg-9.20.6.so #usr/lib/libisccfg.la #usr/lib/libisccfg.so -usr/lib/libns-9.20.5.so +usr/lib/libns-9.20.6.so #usr/lib/libns.la #usr/lib/libns.so diff --git a/lfs/bind b/lfs/bind index cad711ed2..c23fb1a9d 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@ include Config -VER = 9.20.5 +VER = 9.20.6 THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = bf470c9c881b865baeaf469f94601bb6884d9989c0eee634b6f8dd88d4bafa07b138ec56dfe6e333d8ea729b483b6f41272992c6e036217fb9df1a9d23d0db29 +$(DL_FILE)_BLAKE2 = 2ee3770517a811f64899993ead37d919e746960a72e754546d6cfcab4e57b034392254eda7341efd1b7fdd976225b951c42cf52ed462a7a136829dbdad43312d install : $(TARGET)