From patchwork Fri Dec 19 18:44:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthias Fischer X-Patchwork-Id: 9383 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4dXxKS0W3xz3wnb for ; Fri, 19 Dec 2025 18:44:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4dXxKR4mwTz44D for ; Fri, 19 Dec 2025 18:44:43 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4dXxKR43bZz331g for ; Fri, 19 Dec 2025 18:44:43 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4dXxKN63Bpz2xHk for ; Fri, 19 Dec 2025 18:44:40 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4dXxKG5yjKz2jt; Fri, 19 Dec 2025 18:44:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1766169875; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=WPOKrgI/JweJIOeswDTL/r8CelU1ejtHdzhUw9dJj0c=; b=WHUt7cfySAN9686tKmzJPQ+kkmTlWq0/Eq3S9IJQZzat4H9G8/x5gf9WMoRdOE2HNcNS27 t4HTIJ/UioWVHxDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1766169875; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=WPOKrgI/JweJIOeswDTL/r8CelU1ejtHdzhUw9dJj0c=; b=mUrr4b18xWboAyohg67futjuQVVaTc32JgcWLFcrjOLRshrqIDU7RqWUnP84GdcQQV/0ex mxKpXoxX7k0MCGhEZKlO66HjMalExpGCG4+O73PiS9eFlI6qhKyJd8cnQYE5C9+mPrG7UH TTKs/0gYxrlDzTUT9xozm3cfi016Qp6F5I+HLZVaTJMTwyoBecT3Cvj3LdYweSZB0z/hXP 3BOqqFhc4fX2xMaqZuFRy52uYcARqzZDE1rsJNng1ORbLoXZA5plmEhG/hXLN9ZiMsC+v+ jJ+WhJ4EJD7Q7LLq7Bm/uBPhj2u7On3IKqVwkG5IsyB9bJnpBLH2SbJ0P5IJ3Q== From: Matthias Fischer To: development@lists.ipfire.org Cc: Matthias Fischer Subject: [PATCH] bind: Update to 9.20.17 Date: Fri, 19 Dec 2025 19:44:19 +0100 Message-ID: <20251219184424.259423-1-matthias.fischer@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 For details see: https://downloads.isc.org/isc/bind9/9.20.17/doc/arm/html/notes.html#notes-for-bind-9-20-17 "Notes for BIND 9.20.17 Feature Changes Reduce the number of outgoing queries. Reduce the number of outgoing queries when resolving the nameservers for delegation points. This helps a DNS resolver with a cold cache resolve client queries with complex delegation chains and redirections. [GL !11148] Provide more information when memory allocation fails. BIND now provides more information about the failure when memory allocation fails. [GL !11272] Bug Fixes Adding NSEC3 opt-out records could leave invalid records in chain. When creating an NSEC3 opt-out chain, a node in the chain could be removed too soon. The previous NSEC3 would therefore not be found, resulting in invalid NSEC3 records being left in the zone. This has been fixed. [GL #5671] Fix spurious timeouts while resolving names. Sometimes, loops in the resolving process (e.g., to resolve or validate ns1.example.com, we need to resolve ns1.example.com) were not properly detected, leading to a spurious 10-second delay. This has been fixed, and such loops are properly detected. [GL #3033] [GL #5578] Fix bug where zone switches from NSEC3 to NSEC after retransfer. When a zone was re-transferred but the zone journal on an inline-signing secondary was out of sync, the zone could fall back to using NSEC records instead of NSEC3. This has been fixed. [GL #5527] AMTRELAY type 0 presentation format handling was wrong. RFC 8777 specifies a placeholder value of . for the gateway field when the gateway type is 0 (no gateway). This was not being checked for, nor was it emitted when displaying the record. This has been corrected. Instances of this record will need the placeholder period added to them when upgrading. [GL #5639] Fix parsing bug in remote-servers with key or TLS. The remote-servers clause enables the following pattern using a named server-list: remote-servers a { 1.2.3.4; ... }; remote-servers b { a key foo; }; However, such a configuration was wrongly rejected, with an unexpected token 'foo' error. This configuration is now accepted. [GL #5646] Fix DoT reconfigure/reload bug in the resolver. If client-side TLS transport was in use (for example, when forwarding queries to a DoT server), named could terminate unexpectedly when reconfiguring or reloading. This has been fixed. [GL #5653]" Signed-off-by: Matthias Fischer --- config/rootfiles/common/bind | 10 +++++----- lfs/bind | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index 90ce93c01..fce491479 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -241,18 +241,18 @@ usr/bin/nsupdate #usr/include/ns/types.h #usr/include/ns/update.h #usr/include/ns/xfrout.h -usr/lib/libdns-9.20.16.so +usr/lib/libdns-9.20.17.so #usr/lib/libdns.la #usr/lib/libdns.so -usr/lib/libisc-9.20.16.so +usr/lib/libisc-9.20.17.so #usr/lib/libisc.la #usr/lib/libisc.so -usr/lib/libisccc-9.20.16.so +usr/lib/libisccc-9.20.17.so #usr/lib/libisccc.la #usr/lib/libisccc.so -usr/lib/libisccfg-9.20.16.so +usr/lib/libisccfg-9.20.17.so #usr/lib/libisccfg.la #usr/lib/libisccfg.so -usr/lib/libns-9.20.16.so +usr/lib/libns-9.20.17.so #usr/lib/libns.la #usr/lib/libns.so diff --git a/lfs/bind b/lfs/bind index fc86eb54a..786ae69ee 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@ include Config -VER = 9.20.16 +VER = 9.20.17 THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 1a083efbd7a95df8c9c05966681be577cb119f1a75292cbf65a31cdf0fc7677a70834be4f8599984635b9ea09a909c1453b489e920e5f27502ab2b496aa278b0 +$(DL_FILE)_BLAKE2 = a3bfb881f3439750ddc1d94da674ed91e6447f101f2c20eb5f4472614b45b5f2af73f197712e18c891e774ed6e95fc811df1e3494c2b863b2544da19790ecf05 install : $(TARGET)