From patchwork Tue Mar 22 17:32:03 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Matthias Fischer <matthias.fischer@ipfire.org>
X-Patchwork-Id: 5382
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4KNJTG3wxPz3xlr
	for <patchwork@web04.haj.ipfire.org>; Tue, 22 Mar 2022 17:32:18 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4KNJTD6mTdzLX;
	Tue, 22 Mar 2022 17:32:16 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4KNJTD5vFtz2xqt;
	Tue, 22 Mar 2022 17:32:16 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
 client-signature ECDSA (P-384) client-digest SHA384)
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4KNJTC17Htz2xMX
 for <development@lists.ipfire.org>; Tue, 22 Mar 2022 17:32:15 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4KNJTB1phGzLX
 for <development@lists.ipfire.org>; Tue, 22 Mar 2022 17:32:14 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1647970334;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=5Fvsel4+niC+HIy8S41ABNCe/HN6KSFN0YsE8IwsxAA=;
 b=5vySUx8jjlZFrBYrjODKVERr/uiryJ0Ttb+XLhJi83QhViA7NU1DsL3yAtAiVShgrzaNuY
 MVmVwHR9kpeccgCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1647970334;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=5Fvsel4+niC+HIy8S41ABNCe/HN6KSFN0YsE8IwsxAA=;
 b=NIUDDPVJPVnMEt7WeZueez/NcEXOP5ucyAzBKtgpjoUPHtjvi54tt3ffGniPp3Yxt18DpZ
 SvvA4c2QPl8f5heNShPhB+R0ffecmilGk8nJkX+fNfJDgVBTqS2iSWw0n2n/vkbXpZvfMZ
 U/VbxMlCgk8YE4N6v9PdhchOCBaUW786OtTgZxN7hN4QZ019B0BsYxISt6CqwcAdY0vBm5
 3f3++4fxDUOjksWwRCe+drCmocrPJWfQybYLJPNo3lrJ5UoQifb0Pp/XSVo+pG+7KR0jqf
 vSBYntbPrMmca2tIH4c+bj30x0Pq1MmW85y4d3pqr8bN8+IQq62sIyjgvEoGbQ==
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] bind: Update to 9.16.27
Date: Tue, 22 Mar 2022 18:32:03 +0100
Message-Id: <20220322173203.1633-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

For details see:
https://downloads.isc.org/isc/bind9/9.16.27/doc/arm/html/notes.html#notes-for-bind-9-16-27

"Security Fixes

    The rules for acceptance of records into the cache have been
    tightened to prevent the possibility of poisoning if forwarders send
    records outside the configured bailiwick. (CVE-2021-25220)

    ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from
    Network and Information Security Lab, Tsinghua University, and
    Changgen Zou from Qi An Xin Group Corp. for bringing this
    vulnerability to our attention. [GL #2950]

    TCP connections with keep-response-order enabled could leave the TCP
    sockets in the CLOSE_WAIT state when the client did not properly
    shut down the connection. (CVE-2022-0396) [GL #3112]

Feature Changes

    DEBUG(1)-level messages were added when starting and ending the BIND
    9 task-exclusive mode that stops normal DNS operation (e.g. for
    reconfiguration, interface scans, and other events that require
    exclusive access to a shared resource). [GL #3137]

Bug Fixes

    The max-transfer-time-out and max-transfer-idle-out options were not
    implemented when the BIND 9 networking stack was refactored in 9.16.
    The missing functionality has been re-implemented and outgoing zone
    transfers now time out properly when not progressing. [GL #1897]

    TCP connections could hang indefinitely if the other party did not
    read sent data, causing the TCP write buffers to fill. This has been
    fixed by adding a “write” timer. Connections that are hung while
    writing now time out after the tcp-idle-timeout period has elapsed.
    [GL #3132]

    The statistics counter representing the current number of clients
    awaiting recursive resolution results (RecursClients) could
    be miscalculated in certain resolution scenarios, potentially
    causing the value of the counter to drop below zero. This has been
    fixed. [GL #3147]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/common/bind | 14 +++++++-------
 lfs/bind                     |  4 ++--
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
index c0e56854a..df3df4f47 100644
--- a/config/rootfiles/common/bind
+++ b/config/rootfiles/common/bind
@@ -274,24 +274,24 @@ usr/bin/nsupdate
 #usr/include/pk11/site.h
 #usr/include/pkcs11
 #usr/include/pkcs11/pkcs11.h
-usr/lib/libbind9-9.16.26.so
+usr/lib/libbind9-9.16.27.so
 #usr/lib/libbind9.la
 #usr/lib/libbind9.so
-usr/lib/libdns-9.16.26.so
+usr/lib/libdns-9.16.27.so
 #usr/lib/libdns.la
 #usr/lib/libdns.so
-usr/lib/libirs-9.16.26.so
+usr/lib/libirs-9.16.27.so
 #usr/lib/libirs.la
 #usr/lib/libirs.so
-usr/lib/libisc-9.16.26.so
+usr/lib/libisc-9.16.27.so
 #usr/lib/libisc.la
 #usr/lib/libisc.so
-usr/lib/libisccc-9.16.26.so
+usr/lib/libisccc-9.16.27.so
 #usr/lib/libisccc.la
 #usr/lib/libisccc.so
-usr/lib/libisccfg-9.16.26.so
+usr/lib/libisccfg-9.16.27.so
 #usr/lib/libisccfg.la
 #usr/lib/libisccfg.so
-usr/lib/libns-9.16.26.so
+usr/lib/libns-9.16.27.so
 #usr/lib/libns.la
 #usr/lib/libns.so
diff --git a/lfs/bind b/lfs/bind
index 72c85f5f5..d8970a2af 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
 
 include Config
 
-VER        = 9.16.26
+VER        = 9.16.27
 
 THISAPP    = bind-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 799696f44e0d61659fa0efaa3c5fe5d8
+$(DL_FILE)_MD5 = db71eecaf698660da37581c42ce9f904
 
 install : $(TARGET)