From: Soumya Sambu <soumya.sa...@windriver.com>
Changelog:
=========
9.18.24:
- Fix case insensitive setting for isc_ht hashtable.
[GL #4568]
9.18.23:
- Specific DNS answers could cause a denial-of-service
condition due to DNS validation taking a long time.
(CVE-2023-50387) [GL #4424]
- Change 6315 inadvertently introduced regressions that
could cause named to crash. [GL #4234]
- Under some circumstances, the DoT code in client
mode could process more than one message at a time when
that was not expected. That has been fixed. [GL #4487]
9.18.22:
- Limit isc_task_send() overhead for RBTDB tree pruning.
[GL #4383]
- Restore DNS64 state when handling a serve-stale timeout.
(CVE-2023-5679) [GL #4334]
- Specific queries could trigger an assertion check with
nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]
- Speed up parsing of DNS messages with many different
names. (CVE-2023-4408) [GL #4234]
- Address race conditions in dns_tsigkey_find().
[GL #4182]
- Conversion from NSEC3 signed to NSEC signed could
temporarily put the zone into a state where it was
treated as unsigned until the NSEC chain was built.
Additionally conversion from one set of NSEC3 parameters
to another could also temporarily put the zone into a
state where it was treated as unsigned until the new
NSEC3 chain was built. [GL #1794] [GL #4495]
- Memory leak in zone.c:sign_zone. When named signed a
zone it could leak dst_keys due to a misplaced
'continue'. [GL #4488]
- Log more details about the cause of "not exact" errors.
[GL #4500]
- The wrong time was being used to determine what RRSIGs
where to be generated when dnssec-policy was in use.
[GL #4494]
- The "trust-anchor-telemetry" statement is no longer
marked as experimental. This silences a relevant log
message that was emitted even when the feature was
explicitly disabled. [GL #4497]
- Fix statistics export to use full 64 bit signed numbers
instead of truncating values to unsigned 32 bits.
[GL #4467]
- NetBSD has added 'hmac' to libc which collides with our
use of 'hmac'. [GL #4478]
(cherry-pick from Oe-Core rev d7f31aba343948dbaadafc8c0c66f78e6ffb46e3)
Signed-off-by: Soumya Sambu <soumya.sa...@windriver.com>
Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org>
Signed-off-by: Lee Chee Yang <chee.yang....@intel.com>
---
.../bind/{bind_9.18.21.bb => bind_9.18.24.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind_9.18.21.bb => bind_9.18.24.bb}
(97%)
diff --git a/meta/recipes-connectivity/bind/bind_9.18.21.bb
b/meta/recipes-connectivity/bind/bind_9.18.24.bb
similarity index 97%
rename from meta/recipes-connectivity/bind/bind_9.18.21.bb
rename to meta/recipes-connectivity/bind/bind_9.18.24.bb
index f5fb4bd1e5..2874990320 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.21.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.24.bb
@@ -20,7 +20,7 @@ SRC_URI =
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] =
"a556be22505d9ea4f9c6717aee9c549739c68498aff3ca69035787ecc648fec5"
+SRC_URI[sha256sum] =
"709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/";
# follow the ESV versions divisible by 2
--
2.37.3
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196924):
https://lists.openembedded.org/g/openembedded-core/message/196924
Mute This Topic: https://lists.openembedded.org/mt/104859414/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
