The NetBSD Project

CVS log for src/external/mpl/bind/dist/lib/dns/rbt.c

[BACK] Up to [cvs.NetBSD.org] / src / external / mpl / bind / dist / lib / dns

Request diff between arbitrary revisions


Default branch: MAIN
Current tag: bind-9-16-37


Revision 1.1.1.9 / (download) - annotate - [select for diffs] (vendor branch), Wed Jan 25 20:36:45 2023 UTC (14 months ago) by christos
Branch: ISC
CVS Tags: bind-9-16-37
Changes since 1.1.1.8: +32 -14 lines
Diff to previous 1.1.1.8 (colored)

Import bind-9.16.37 (previous was bind-9.16.33)

	--- 9.16.37 released ---

6067.	[security]	Fix serve-stale crash when recursive clients soft quota
			is reached. (CVE-2022-3924) [GL #3619]

6066.	[security]	Handle RRSIG lookups when serve-stale is active.
			(CVE-2022-3736) [GL #3622]

6064.	[security]	An UPDATE message flood could cause named to exhaust all
			available memory. This flaw was addressed by adding a
			new "update-quota" statement that controls the number of
			simultaneous UPDATE messages that can be processed or
			forwarded. The default is 100. A stats counter has been
			added to record events when the update quota is
			exceeded, and the XML and JSON statistics version
			numbers have been updated. (CVE-2022-3094) [GL #3523]

6062.	[func]		The DSCP implementation, which has only been
			partly operational since 9.16.0, is now marked as
			deprecated. Configuring DSCP values in named.conf
			will cause a warning will be logged. [GL #3773]

6060.	[bug]		Fix a use-after-free bug in dns_zonemgr_releasezone()
			by detaching from the zone manager outside of the write
			lock. [GL #3768]

6059.	[bug]		In some serve stale scenarios, like when following an
			expired CNAME record, named could return SERVFAIL if the
			previous request wasn't successful. Consider non-stale
			data when in serve-stale mode. [GL #3678]

6058.	[bug]		Prevent named from crashing when "rndc delzone"
			attempts to delete a zone added by a catalog zone.
			[GL #3745]

6050.	[bug]		Changes to the RPZ response-policy min-update-interval
			and add-soa options now take effect as expected when
			named is reconfigured. [GL #3740]

6048.	[bug]		Fix a log message error in dns_catz_update_from_db(),
			where serials with values of 2^31 or larger were logged
			incorrectly as negative numbers. [GL #3742]

6045.	[cleanup]	The list of supported DNSSEC algorithms changed log
			level from "warning" to "notice" to match named's other
			startup messages. [GL !7217]

6044.	[bug]		There was an "RSASHA236" typo in a log message.
			[GL !7206]

	--- 9.16.36 released ---

6043.	[bug]		The key file IO locks objects would never get
			deleted from the hashtable due to off-by-one error.
			[GL #3727]

6042.	[bug]		ANY responses could sometimes have the wrong TTL.
			[GL #3613]

6040.	[bug]		Speed up the named shutdown time by explicitly
			canceling all recursing ns_client objects for
			each ns_clientmgr. [GL #3183]

6039.	[bug]		Removing a catalog zone from catalog-zones without
			also removing the referenced zone could leave a
			dangling pointer. [GL #3683]

6031.	[bug]		Move the "final reference detached" log message
			from dns_zone unit to the DEBUG(1) log level.
			[GL #3707]

6024.	[func]		Deprecate 'auto-dnssec'. [GL #3667]

6021.	[bug]		Use the current domain name when checking answers from
			a dual-stack-server. [GL #3607]

6020.	[bug]		Ensure 'named-checkconf -z' respects the check-wildcard
			option when loading a zone.  [GL #1905]

6017.	[bug]		The view's zone table was not locked when it should
			have been leading to race conditions when external
			extensions that manipulate the zone table where in
			use. [GL #3468]

	--- 9.16.35 released ---

6013.	[bug]		Fix a crash that could happen when you change
			a dnssec-policy zone with NSEC3 to start using
			inline-signing. [GL #3591]

6009.	[bug]		Don't trust a placeholder KEYDATA from the managed-keys
			zone by adding it into secroots. [GL #2895]

6008.	[bug]		Fixed a race condition that could cause a crash
			in dns_zone_synckeyzone(). [GL #3617]

6002.	[bug]		Fix a resolver prefetch bug when the record's TTL value
			is equal to the configured prefetch eligibility value,
			but the record was erroneously not treated as eligible
			for prefetching. [GL #3603]

6001.	[bug]		Always call dns_adb_endudpfetch() after calling
			dns_adb_beginudpfetch() for UDP queries in resolver.c,
			in order to adjust back the quota. [GL #3598]

6000.	[bug]		Fix a startup issue on Solaris systems with many
			(reportedly > 510) CPUs. Thanks to Stacey Marshall from
			Oracle for deep investigation of the problem. [GL #3563]

5999.	[bug]		rpz-ip rules could be ineffective in some scenarios
			with CD=1 queries. [GL #3247]

5998.	[bug]		The RecursClients statistics counter could overflow
			in certain resolution scenarios. [GL #3584]

5996.	[bug]		Fix a couple of bugs in cfg_print_duration(), which
			could result in generating incomplete duration values
			when printing the configuration using named-checkconf.
			[GL !6880]

	--- 9.16.34 released ---

5991.	[protocol]	Add support for parsing and validating "dohpath" to
			SVCB. [GL #3544]

5988.	[bug]		Some out of memory conditions in opensslrsa_link.c
			could lead to memory leaks. [GL #3551]

5984.	[func]		'named -V' now reports the list of supported
			DNSSEC/DS/HMAC algorithms and the supported TKEY modes.
			[GL #3541]

5983.	[bug]		Changing just the TSIG key names for primaries in
			catalog zones' member zones was not effective.
			[GL #3557]

5973.	[bug]		Fixed a possible invalid detach in UPDATE
			processing. [GL #3522]

5963.	[bug]		Ensure struct named_server is properly initialized.
			[GL #6531]

5921.	[test]		Convert system tests to use a default DNSKEY algorithm
			where the test is not DNSKEY algorithm specific.
			[GL #3440]

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>