diff options
| author |   Soumya Sambu <soumya.sambu@windriver.com> | 2024-02-23 06:19:12 +0000 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-02-24 16:10:19 +0000 |
| commit | d7f31aba343948dbaadafc8c0c66f78e6ffb46e3 (patch) | |
| tree | 09e40d2439043a0fb9c338dc7a184e36e0be86e7 /meta/recipes-connectivity/bind | |
| parent | dc5a7c76761ed47e0456228956de900d806063bb (diff) | |
| download | openembedded-core-d7f31aba343948dbaadafc8c0c66f78e6ffb46e3.tar.gz | |
bind: Upgrade 9.18.21 -> 9.18.24
Changelog:
=========
9.18.24:
- Fix case insensitive setting for isc_ht hashtable.
[GL #4568]
9.18.23:
- Specific DNS answers could cause a denial-of-service
condition due to DNS validation taking a long time.
(CVE-2023-50387) [GL #4424]
- Change 6315 inadvertently introduced regressions that
could cause named to crash. [GL #4234]
- Under some circumstances, the DoT code in client
mode could process more than one message at a time when
that was not expected. That has been fixed. [GL #4487]
9.18.22:
- Limit isc_task_send() overhead for RBTDB tree pruning.
[GL #4383]
- Restore DNS64 state when handling a serve-stale timeout.
(CVE-2023-5679) [GL #4334]
- Specific queries could trigger an assertion check with
nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]
- Speed up parsing of DNS messages with many different
names. (CVE-2023-4408) [GL #4234]
- Address race conditions in dns_tsigkey_find().
[GL #4182]
- Conversion from NSEC3 signed to NSEC signed could
temporarily put the zone into a state where it was
treated as unsigned until the NSEC chain was built.
Additionally conversion from one set of NSEC3 parameters
to another could also temporarily put the zone into a
state where it was treated as unsigned until the new
NSEC3 chain was built. [GL #1794] [GL #4495]
- Memory leak in zone.c:sign_zone. When named signed a
zone it could leak dst_keys due to a misplaced
'continue'. [GL #4488]
- Log more details about the cause of "not exact" errors.
[GL #4500]
- The wrong time was being used to determine what RRSIGs
where to be generated when dnssec-policy was in use.
[GL #4494]
- The "trust-anchor-telemetry" statement is no longer
marked as experimental. This silences a relevant log
message that was emitted even when the feature was
explicitly disabled. [GL #4497]
- Fix statistics export to use full 64 bit signed numbers
instead of truncating values to unsigned 32 bits.
[GL #4467]
- NetBSD has added 'hmac' to libc which collides with our
use of 'hmac'. [GL #4478]
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/bind')
| -rw-r--r-- | meta/recipes-connectivity/bind/bind_9.18.24.bb (renamed from meta/recipes-connectivity/bind/bind_9.18.21.bb) | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/bind/bind_9.18.21.bb b/meta/recipes-connectivity/bind/bind_9.18.24.bb index f5fb4bd1e5..2874990320 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.21.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.24.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "a556be22505d9ea4f9c6717aee9c549739c68498aff3ca69035787ecc648fec5" +SRC_URI[sha256sum] = "709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2 |