<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="/source/rss.xsl.xml"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
    <title>Changes in missing</title>
    <description></description>
    <language>en</language>
    <copyright>Copyright 2015</copyright>
    <generator>Java</generator><item>
        <title>8aaca124c0ad52af9550477f296b63debc7b4c98 - Import bind-9.18.24 (previous was 9.16.42)</title>
        <link>http://src.rcs.uwaterloo.ca:8080/source/history/netbsd-src/external/mpl/bind/dist/missing#8aaca124c0ad52af9550477f296b63debc7b4c98</link>
        <description>Import bind-9.18.24 (previous was 9.16.42)	--- 9.18.24 released ---6343.	[bug]		Fix case insensitive setting for isc_ht hashtable.			[GL #4568]	--- 9.18.23 released ---6322.	[security]	Specific DNS answers could cause a denial-of-service			condition due to DNS validation taking a long time.			(CVE-2023-50387) [GL #4424]6321.	[security]	Change 6315 inadvertently introduced regressions that			could cause named to crash. [GL #4234]6320.	[bug]		Under some circumstances, the DoT code in client			mode could process more than one message at a time when			that was not expected. That has been fixed. [GL #4487]	--- 9.18.22 released ---6319.	[func]		Limit isc_task_send() overhead for RBTDB tree pruning.			[GL #4383]6317.	[security]	Restore DNS64 state when handling a serve-stale timeout.			(CVE-2023-5679) [GL #4334]6316.	[security]	Specific queries could trigger an assertion check with			nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]6315.	[security]	Speed up parsing of DNS messages with many different			names. (CVE-2023-4408) [GL #4234]6314.	[bug]		Address race conditions in dns_tsigkey_find().			[GL #4182]6312.	[bug]		Conversion from NSEC3 signed to NSEC signed could			temporarily put the zone into a state where it was			treated as unsigned until the NSEC chain was built.			Additionally conversion from one set of NSEC3 parameters			to another could also temporarily put the zone into a			state where it was treated as unsigned until the new			NSEC3 chain was built. [GL #1794] [GL #4495]6310.	[bug]		Memory leak in zone.c:sign_zone. When named signed a			zone it could leak dst_keys due to a misplaced			&apos;continue&apos;. [GL #4488]6306.	[func]		Log more details about the cause of &quot;not exact&quot; errors.			[GL #4500]6304.	[bug]		The wrong time was being used to determine what RRSIGs			where to be generated when dnssec-policy was in use.			[GL #4494]6302.	[func]		The &quot;trust-anchor-telemetry&quot; statement is no longer			marked as experimental. This silences a relevant log			message that was emitted even when the feature was			explicitly disabled. [GL #4497]6300.	[bug]		Fix statistics export to use full 64 bit signed numbers			instead of truncating values to unsigned 32 bits.			[GL #4467]6299.	[port]		NetBSD has added &apos;hmac&apos; to libc which collides with our			use of &apos;hmac&apos;. [GL #4478]	--- 9.18.21 released ---6297.	[bug]		Improve LRU cleaning behaviour. [GL #4448]6296.	[func]		The &quot;resolver-nonbackoff-tries&quot; and			&quot;resolver-retry-interval&quot; options are deprecated;			a warning will be logged if they are used. [GL #4405]6294.	[bug]		BIND might sometimes crash after startup or			re-configuration when one &apos;tls&apos; entry is used multiple			times to connect to remote servers due to initialisation			attempts from contexts of multiple threads. That has			been fixed. [GL #4464]6290.	[bug]		Dig +yaml will now report &quot;no servers could be reached&quot;			also for UDP setup failure when no other servers or			tries are left. [GL #1229]6287.	[bug]		Recognize escapes when reading the public key from file.			[GL !8502]6286.	[bug]		Dig +yaml will now report &quot;no servers could be reached&quot;			on TCP connection failure as well as for UDP timeouts.			[GL #4396]6282.	[func]		Deprecate AES-based DNS cookies. [GL #4421]	--- 9.18.20 released ---6280.	[bug]		Fix missing newlines in the output of &quot;rndc nta -dump&quot;.			[GL !8454]6277.	[bug]		Take into account local authoritative zones when			falling back to serve-stale. [GL #4355]6275.	[bug]		Fix assertion failure when using lock-file configuration			option together -X argument to named. [GL #4386]6274.	[bug]		The &apos;lock-file&apos; file was being removed when it			shouldn&apos;t have been making it ineffective if named was			started 3 or more times. [GL #4387]6271.	[bug]		Fix a shutdown race in dns__catz_update_cb(). [GL #4381]6269.	[maint]		B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and			2801:1b8:10::b. [GL #4101]6267.	[func]		The timeouts for resending zone refresh queries over UDP			were lowered to enable named to more quickly determine			that a primary is down. [GL #4260]6265.	[bug]		Don&apos;t schedule resign operations on the raw version			of an inline-signing zone. [GL #4350]6261.	[bug]		Fix a possible assertion failure on an error path in			resolver.c:fctx_query(), when using an uninitialized			link. [GL #4331]6254.	[cleanup]	Add semantic patch to do an explicit cast from char			to unsigned char in ctype.h class of functions.			[GL #4327]6252.	[test]		Python system tests have to be executed by invoking			pytest directly. Executing them with the legacy test			runner is no longer supported. [GL #4250]6250.	[bug]		The wrong covered value was being set by			dns_ncache_current for RRSIG records in the returned			rdataset structure. This resulted in TYPE0 being			reported as the covered value of the RRSIG when dumping			the cache contents. [GL #4314]	--- 9.18.19 released ---6246.	[security]	Fix use-after-free error in TLS DNS code when sending			data. (CVE-2023-4236) [GL #4242]6245.	[security]	Limit the amount of recursion that can be performed			by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]6244.	[bug]		Adjust log levels on malformed messages to NOTICE when			transferring in a zone. [GL #4290]6241.	[bug]		Take into account the possibility of partial TLS writes			in TLS DNS code. That helps to prevent DNS messages			corruption on long DNS over TLS streams. [GL #4255]6240.	[bug]		Use dedicated per-worker thread jemalloc memory			arenas for send buffers allocation to reduce memory			consumption and avoid lock contention. [GL #4038]6239.	[func]		Deprecate the &apos;dnssec-must-be-secure&apos; option.			[GL #3700]6237.	[bug]		Address memory leaks due to not clearing OpenSSL error			stack. [GL #4159]6235.	[doc]		Clarify BIND 9 time formats. [GL #4266]6234.	[bug]		Restore stale-refresh-time value after flushing the			cache. [GL #4278]6232.	[bug]		Following the introduction of krb5-subdomain-self-rhs			and ms-subdomain-self-rhs update rules, removal of			nonexistent PTR and SRV records via UPDATE could fail.			[GL #4280]6231.	[func]		Make nsupdate honor -v for SOA requests if the server			is specified. [GL #1181]6230.	[bug]		Prevent an unnecessary query restart if a synthesized			CNAME target points to the CNAME owner. [GL #3835]6227.	[bug]		Check the statistics-channel HTTP Content-length			to prevent negative or overflowing values from			causing a crash. [GL #4125]6224.	[bug]		Check the If-Modified-Since value length to prevent			out-of-bounds write. [GL #4124]	--- 9.18.18 released ---6220.	[func]		Deprecate the &apos;dialup&apos; and &apos;heartbeat-interval&apos;			options. [GL #3700]6219.	[bug]		Ignore &apos;max-zone-ttl&apos; on &apos;dnssec-policy insecure&apos;.			[GL #4032]6215.	[protocol]	Return REFUSED to GSS-API TKEY requests if GSS-API			support is not configured. [GL #4225]6213.	[bug]		Mark a primary server as temporarily unreachable if the			TCP connection attempt times out. [GL #4215]6212.	[bug]		Don&apos;t process detach and close netmgr events when			the netmgr has been paused. [GL #4200]	--- 9.18.17 released ---6206.	[bug]		Add shutdown checks in dns_catz_dbupdate_callback() to			avoid a race with dns_catz_shutdown_catzs(). [GL #4171]6205.	[bug]		Restore support to read legacy HMAC-MD5 K file pairs.			[GL #4154]6204.	[bug]		Use NS records for relaxed QNAME-minimization mode.			This reduces the number of queries named makes when			resolving, as it allows the non-existence of NS RRsets			at non-referral nodes to be cached in addition to the			referrals that are normally cached. [GL #3325]6200.	[bug]		Fix nslookup erroneously reporting a timeout when the			input is delayed. [GL #4044]6199.	[bug]		Improve HTTP Connection: header protocol conformance			in the statistics channel. [GL #4126]6198.	[func]		Remove the holes in the isc_result_t enum to compact			the isc_result tables. [GL #4149]6197.	[bug]		Fix a data race between the dns_zone and dns_catz			modules when registering/unregistering a database			update notification callback for a catalog zone.			[GL #4132]6196.	[cleanup]	Report &quot;permission denied&quot; instead of &quot;unexpected error&quot;			when trying to update a zone file on a read-only file			system. Thanks to Midnight Veil. [GL #4134]6193.	[bug]		Fix a catz db update notification callback registration			logic error, which could crash named when receiving an			AXFR update for a catalog zone while the previous update			process of the catalog zone was already running.			[GL #4136]6166.	[func]		Retry without DNS COOKIE on FORMERR if it appears that			the FORMERR was due to the presence of a DNS COOKIE			option. [GL #4049]

            List of files:
            /netbsd-src/external/mpl/bind/dist/missing</description>
        <pubDate>Wed, 21 Feb 2024 21:53:59 +0000</pubDate>
        <dc:creator>christos &lt;christos@NetBSD.org&gt;</dc:creator>
    </item>
</channel>
</rss>
