--- - branch: MAIN date: Wed Feb 8 00:13:44 UTC 2023 files: - new: '1.6' old: '1.5' path: pkgsrc/net/bind918/Makefile pathrev: pkgsrc/net/bind918/Makefile@1.6 type: modified - new: '1.2' old: '1.1' path: pkgsrc/net/bind918/PLIST pathrev: pkgsrc/net/bind918/PLIST@1.2 type: modified - new: '1.4' old: '1.3' path: pkgsrc/net/bind918/distinfo pathrev: pkgsrc/net/bind918/distinfo@1.4 type: modified - new: '0' old: '1.1' path: pkgsrc/net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh pathrev: pkgsrc/net/bind918/patches/patch-bin_tests_system_keyfromlabel_tests.sh@0 type: deleted - new: '1.2' old: '1.1' path: pkgsrc/net/bind918/patches/patch-lib_isc_siphash.c pathrev: pkgsrc/net/bind918/patches/patch-lib_isc_siphash.c@1.2 type: modified - new: '1.2' old: '1.1' path: pkgsrc/net/bind918/patches/patch-lib_isc_time.c pathrev: pkgsrc/net/bind918/patches/patch-lib_isc_time.c@1.2 type: modified - new: '1.2' old: '1.1' path: pkgsrc/net/bind918/patches/patch-lib_ns_update.c pathrev: pkgsrc/net/bind918/patches/patch-lib_ns_update.c@1.2 type: modified id: 20230208T001344Z.b37f02503c10775cbd3c86a8634fe5381a02f340 log: "net/bind918: update to 9.18.11\n\nApproved by MAINTAINER (sekiya@).\n\n\t--- 9.18.11 released ---\n\n6067.\t[security]\tFix serve-stale crash when recursive clients soft quota\n\t\t\tis reached. (CVE-2022-3924) [GL #3619]\n\n6066.\t[security]\tHandle RRSIG lookups when serve-stale is active.\n\t\t\t(CVE-2022-3736) [GL #3622]\n\n6064.\t[security]\tAn UPDATE message flood could cause named to exhaust all\n\t\t\tavailable memory. This flaw was addressed by adding a\n\t\t\tnew \"update-quota\" statement that controls the number of\n\t\t\tsimultaneous UPDATE messages that can be processed or\n\t\t\tforwarded. The default is 100. A stats counter has been\n\t\t\tadded to record events when the update quota is\n\t\t\texceeded, and the XML and JSON statistics version\n\t\t\tnumbers have been updated. (CVE-2022-3094) [GL #3523]\n\n6062.\t[func]\t\tThe DSCP implementation, which has been\n\t\t\tnonfunctional for some time, is now marked as\n\t\t\tobsolete and the implementation has been removed.\n\t\t\tConfiguring DSCP values in named.conf has no\n\t\t\teffect, and a warning will be logged that\n\t\t\tthe feature should no longer be used. [GL #3773]\n\n6061.\t[bug]\t\tFix unexpected \"Prohibited\" extended DNS error\n\t\t\ton allow-recursion. [GL #3743]\n\n6060.\t[bug]\t\tFix a use-after-free bug in dns_zonemgr_releasezone()\n\t\t\tby detaching from the zone manager outside of the write\n\t\t\tlock. [GL #3768]\n\n6059.\t[bug]\t\tIn some serve stale scenarios, like when following an\n\t\t\texpired CNAME record, named could return SERVFAIL if the\n\t\t\tprevious request wasn't successful. Consider non-stale\n\t\t\tdata when in serve-stale mode. [GL #3678]\n\n6058.\t[bug]\t\tPrevent named from crashing when \"rndc delzone\"\n\t\t\tattempts to delete a zone added by a catalog zone.\n\t\t\t[GL #3745]\n\n6053.\t[bug]\t\tFix an ADB quota management bug in resolver. [GL #3752]\n\n6051.\t[bug]\t\tImprove thread safety in the dns_dispatch unit.\n\t\t\t[GL #3178] [GL #3636]\n\n6050.\t[bug]\t\tChanges to the RPZ response-policy min-update-interval\n\t\t\tand add-soa options now take effect as expected when\n\t\t\tnamed is reconfigured. [GL #3740]\n\n6049.\t[bug]\t\tExclude ABD hashtables from the ADB memory\n\t\t\tovermem checks and don't clean ADB names\n\t\t\tand ADB entries used in the last 10 seconds\n\t\t\t(ADB_CACHE_MINIMUM). [GL #3739]\n\n6048.\t[bug]\t\tFix a log message error in dns_catz_update_from_db(),\n\t\t\twhere serials with values of 2^31 or larger were logged\n\t\t\tincorrectly as negative numbers. [GL #3742]\n\n6047.\t[bug]\t\tTry the next server instead of trying the same\n\t\t\tserver again on an outgoing query timeout.\n\t\t\t[GL #3637]\n\n6046.\t[bug]\t\tTLS session resumption might lead to handshake\n\t\t\tfailures when client certificates are used for\n\t\t\tauthentication (Mutual TLS). This has been fixed.\n\t\t\t[GL #3725]\n\n6045.\t[cleanup]\tThe list of supported DNSSEC algorithms changed log\n\t\t\tlevel from \"warning\" to \"notice\" to match named's other\n\t\t\tstartup messages. [GL !7217]\n\n6044.\t[bug]\t\tThere was an \"RSASHA236\" typo in a log message.\n\t\t\t[GL !7206]\n\n5830.\t[func]\t\tImplement incremental resizing of isc_ht hash tables to\n\t\t\tperform the rehashing gradually. The catalog zone\n\t\t\timplementation has been optimized to work with hundreds\n\t\t\tof thousands of member zones. [GL #3212] [GL #3744]\n" module: pkgsrc subject: 'CVS commit: pkgsrc/net/bind918' unixtime: '1675815224' user: taca