From patchwork Fri Jun 19 17:18:21 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthias Fischer <matthias.fischer@ipfire.org>
X-Patchwork-Id: 3209
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 49pQWC3TSTz3x19
	for <patchwork@web04.haj.ipfire.org>; Fri, 19 Jun 2020 17:18:31 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 49pQW95Lzxz1h7;
	Fri, 19 Jun 2020 17:18:29 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 49pQW921rGz2y5c;
	Fri, 19 Jun 2020 17:18:29 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 49pQW76ZKKz2xZx
 for <development@lists.ipfire.org>; Fri, 19 Jun 2020 17:18:27 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 49pQW6688LzcT
 for <development@lists.ipfire.org>; Fri, 19 Jun 2020 17:18:26 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1592587107;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc; bh=IhEmBvuujtLA1drcb/ysLGHBEY7oH9ul3euz75hl574=;
 b=DlokuGcezpcZYVDnT0D6bLRxz+HPLBhAR9T+CjNsM9NGkEP5s3aeKKKRgMUf8iuh3aams6
 GnLn3Vty/ppQfVCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1592587107;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc; bh=IhEmBvuujtLA1drcb/ysLGHBEY7oH9ul3euz75hl574=;
 b=qA6DcW3qJcPe+yu9TksSICG/HPa2KEPv0u8uB+lYh7Ix8pgotduzvgR1MibIyg6UCdnalH
 Ho9x8qpRvm2gBw/C/9cBNq4R4ijWT+a+Td/V4o6ZbpbWPY7cNQ4ZJnnoCRu46q7fm4KFTr
 nMn9+HBG3EWxl3zdzCZjfUWqX6Hpmz/FpwwHOvS493Q9ymdy43koqFVflij7JT935MQva0
 E8blbmF2ScORcBfjiw1p8Vp7PgLTsa2bzMacW1oX5pekZx/UnV7yqWQy1z0S5mDbvjKAIJ
 /vRfr5dFhn2wicPIVmeO42c5zzcumkzDK/TfWAXgBIeYWne9uKerCotztt11sQ==
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] bind: Update to 9.11.20
Date: Fri, 19 Jun 2020 19:18:21 +0200
Message-Id: <20200619171821.1184-1-matthias.fischer@ipfire.org>
Authentication-Results: mail01.ipfire.org;
 auth=pass smtp.mailfrom=matthias.fischer@ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

For details see:
https://downloads.isc.org/isc/bind9/9.11.20/RELEASE-NOTES-bind-9.11.20.html

"Security Fixes

    It was possible to trigger an INSIST failure when a zone with
    an interior wildcard label was queried in a certain pattern. This
    was disclosed in CVE-2020-8619. [GL #1111] [GL #1718]

New Features

    dig and other tools can now print the Extended DNS Error (EDE)
    option when it appears in a request or a response. [GL #1835]

Bug Fixes

    When fully updating the NSEC3 chain for a large zone via IXFR,
    a temporary loss of performance could be experienced on the
    secondary server when answering queries for nonexistent data that
    required DNSSEC proof of non-existence (in other words, queries that
    required the server to find and to return NSEC3 data). The
    unnecessary processing step that was causing this delay has now been
    removed. [GL #1834]

    A data race in lib/dns/resolver.c:log_formerr() that could lead
    to an assertion failure was fixed. [GL #1808]

    Previously, provide-ixfr no; failed to return up-to-date responses
    when the serial number was greater than or equal to the current
    serial number. [GL #1714]

    named-checkconf -p could include spurious text in server-addresses
    statements due to an uninitialized DSCP value. This has been fixed.
    [GL #1812]

    The ARM has been updated to indicate that the TSIG session key is
    generated when named starts, regardless of whether it is needed. [GL
    #1842]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/common/bind | 9 +++++----
 lfs/bind                     | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
index d70ce3272..1fb79b894 100644
--- a/config/rootfiles/common/bind
+++ b/config/rootfiles/common/bind
@@ -213,6 +213,7 @@ usr/bin/nsupdate
 #usr/include/isc/timer.h
 #usr/include/isc/tm.h
 #usr/include/isc/types.h
+#usr/include/isc/utf8.h
 #usr/include/isc/util.h
 #usr/include/isc/version.h
 #usr/include/isc/xml.h
@@ -271,11 +272,11 @@ usr/lib/libbind9.so.161.0.4
 #usr/lib/libdns.la
 #usr/lib/libdns.so
 usr/lib/libdns.so.1110
-usr/lib/libdns.so.1110.0.2
+usr/lib/libdns.so.1110.0.3
 #usr/lib/libisc.la
 #usr/lib/libisc.so
 usr/lib/libisc.so.1105
-usr/lib/libisc.so.1105.0.2
+usr/lib/libisc.so.1105.1.0
 #usr/lib/libisccc.la
 #usr/lib/libisccc.so
 usr/lib/libisccc.so.161
@@ -283,11 +284,11 @@ usr/lib/libisccc.so.161.0.1
 #usr/lib/libisccfg.la
 #usr/lib/libisccfg.so
 usr/lib/libisccfg.so.163
-usr/lib/libisccfg.so.163.0.7
+usr/lib/libisccfg.so.163.0.8
 #usr/lib/liblwres.la
 #usr/lib/liblwres.so
 usr/lib/liblwres.so.161
-usr/lib/liblwres.so.161.0.3
+usr/lib/liblwres.so.161.0.4
 #usr/share/man/man1/dig.1
 #usr/share/man/man1/host.1
 #usr/share/man/man1/nslookup.1
diff --git a/lfs/bind b/lfs/bind
index 4d0602eda..9ea6b6549 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 9.11.19
+VER        = 9.11.20
 
 THISAPP    = bind-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 41bc2c6509a4c324e16775b462608820
+$(DL_FILE)_MD5 = bb64b1fd66a915af98fdf2ae2287ddb4
 
 install : $(TARGET)