From patchwork Fri Nov 21 16:39:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 9301 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1 raw public key) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4dCgth0cdsz3wjS for ; Fri, 21 Nov 2025 16:40:12 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4dCgtg4wtTz3sp for ; Fri, 21 Nov 2025 16:40:11 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4dCgtg49cSz2yyn for ; Fri, 21 Nov 2025 16:40:11 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4dCgtd0507z2xGj for ; Fri, 21 Nov 2025 16:40:09 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4dCgtb6sxhzs0; Fri, 21 Nov 2025 16:40:07 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1763743208; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=tTSVbe6re2WfU6n7CTCoNXm+q3tliQ+GRp11wZ58Fns=; b=RHEoVYckV62jISBn36BBmcow7WjOz2ZfXRnE9zD8kN0ucVRaMN862mZlw6EEzrV+OYEQgA 8di1kCdPVqeblJCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1763743208; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=tTSVbe6re2WfU6n7CTCoNXm+q3tliQ+GRp11wZ58Fns=; b=KsAFInnQWA+GPtucaFaBPoN0beRWcA2/yN7JvG9cZE9rPrISwdgaDRJ1oymB3yeqLGzU9I bnRBDSGjDmVM/SVZ8kPm8C5Gblq7Q7hVXqpj7voSbBrKSnHCNFOXk9X9NdB88dXv85kBvI kXH3R6RRGyYeve5iwxVXxZGDtDeF6GaYVx6u8dLhpPu9GE+UbHtJjuS+YfLM42QBPz9HDt nnsjUNvaqhYeDGXLEtA0Dk+V8/+Kv+qehFZ+VhhnqlMI+hKSY0bqx0HvZTENarIkayhWy2 YgBnCK0GD899J+OE7CoCz/xGfLqKcqu4uky+J9oWnprNF6Str4DiJxvo2WATBQ== From: Matthias Fischer To: development@lists.ipfire.org Cc: Matthias Fischer Subject: [PATCH] bind: Update ot 9.20.16 Date: Fri, 21 Nov 2025 17:39:59 +0100 Message-ID: <20251121164001.3523889-1-matthias.fischer@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 For details see: https://downloads.isc.org/isc/bind9/9.20.16/doc/arm/html/notes.html#notes-for-bind-9-20-16 "Notes for BIND 9.20.16 Bug Fixes Skip unsupported algorithms when looking for a signing key. A mix of supported and unsupported DNSSEC algorithms in the same zone could cause validation failures. Unsupported algorithms are now ignored when looking for signing keys. [GL #5622] Fix dnssec-keygen key collision checking for KEY RRtype keys. The dnssec-keygen utility program failed to detect possible KEY ID collisions with existing keys generated using the non-default -T KEY option (e.g., for SIG(0)). This has been fixed. [GL #5506] dnssec-verify now uses exit code 1 when failing due to illegal options. Previously, dnssec-verify exited with code 0 if the options could not be parsed. This has been fixed. [GL #5574] Prevent assertion failures of dig when a server is specified before the -b option. Previously, dig could exit with an assertion failure when a server was specified before the dig -b option. This has been fixed. [GL #5609] Skip buffer allocations if not logging. Previously, we allocated a 2KB buffer for IXFR change logging, regardless of the log level. This results in a 28% speedup in some scenarios." Signed-off-by: Matthias Fischer --- config/rootfiles/common/bind | 10 +++++----- lfs/bind | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index eff7149ca..90ce93c01 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -241,18 +241,18 @@ usr/bin/nsupdate #usr/include/ns/types.h #usr/include/ns/update.h #usr/include/ns/xfrout.h -usr/lib/libdns-9.20.15.so +usr/lib/libdns-9.20.16.so #usr/lib/libdns.la #usr/lib/libdns.so -usr/lib/libisc-9.20.15.so +usr/lib/libisc-9.20.16.so #usr/lib/libisc.la #usr/lib/libisc.so -usr/lib/libisccc-9.20.15.so +usr/lib/libisccc-9.20.16.so #usr/lib/libisccc.la #usr/lib/libisccc.so -usr/lib/libisccfg-9.20.15.so +usr/lib/libisccfg-9.20.16.so #usr/lib/libisccfg.la #usr/lib/libisccfg.so -usr/lib/libns-9.20.15.so +usr/lib/libns-9.20.16.so #usr/lib/libns.la #usr/lib/libns.so diff --git a/lfs/bind b/lfs/bind index e5f8de750..fc86eb54a 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@ include Config -VER = 9.20.15 +VER = 9.20.16 THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = f272fc5e7a107b28cb71b55d2e87cfb2b215612c38289483044445f6c5ae57b0eb7003a368386122fb1fed551ac7be2e4e9bb34c2f8908e379e1aaf4e761c394 +$(DL_FILE)_BLAKE2 = 1a083efbd7a95df8c9c05966681be577cb119f1a75292cbf65a31cdf0fc7677a70834be4f8599984635b9ea09a909c1453b489e920e5f27502ab2b496aa278b0 install : $(TARGET)