Overview

Request 980817 accepted

- Upgrade to 9.18.3:
Bugs fixed:
* Fix a crash in DNS-over-HTTPS (DoH) code caused by premature
TLS stream socket object deletion.
* RPZ NSIP and NSDNAME rule processing didn't handle stub and
static-stub zones at or above the query name. This has now
been addressed.
* Fixed a deadlock that could occur if an rndc connection arrived
during the shutdown of network interfaces.
* Refactor the fctx_done() function to set fctx to NULL after
detaching, so that reference counting errors will be easier to
avoid.
* udp_recv() in dispatch could trigger an INSIST when the
callback's result indicated success but the response was
canceled in the meantime.
* Work around a jemalloc quirk which could trigger an
out-of-memory condition in named over time.
* If there was a pending negative cache DS entry, validations
depending upon it could fail.
* dig returned a 0 exit status on UDP connection failure.
* Fix an assertion failure when using dig with +nssearch and
+tcp options by starting the next query in the send_done()
callback (like in the UDP mode) instead of doing that
recursively in start_tcp(). Also ensure that queries
interrupted while connecting are detached properly.
* Don't remove CDS/CDNSKEY DELETE records on zone sign when
using 'auto-dnssec maintain;'.
This obsoletes the following patch:
bind-define-local-instances-of-FALLTHROUGH-and-UNREACHABLE.patch
[CVE-2022-1183, bsc#1199619]

Loading...


Fabian Vogt's avatar

For reference:

Apr 14 01:20:31 susetest named.prep[26292]: /usr/libexec/bind/named.prep: line 59: /usr/sbin/named-checkconf: No such file or directory
Apr 14 01:20:31 susetest systemd[1]: named.service: Control process exited, code=exited, status=6/NOTCONFIGURED

@jmoellers


Request History
Dirk Mueller's avatar

dirkmueller created request

- Upgrade to 9.18.3:
Bugs fixed:
* Fix a crash in DNS-over-HTTPS (DoH) code caused by premature
TLS stream socket object deletion.
* RPZ NSIP and NSDNAME rule processing didn't handle stub and
static-stub zones at or above the query name. This has now
been addressed.
* Fixed a deadlock that could occur if an rndc connection arrived
during the shutdown of network interfaces.
* Refactor the fctx_done() function to set fctx to NULL after
detaching, so that reference counting errors will be easier to
avoid.
* udp_recv() in dispatch could trigger an INSIST when the
callback's result indicated success but the response was
canceled in the meantime.
* Work around a jemalloc quirk which could trigger an
out-of-memory condition in named over time.
* If there was a pending negative cache DS entry, validations
depending upon it could fail.
* dig returned a 0 exit status on UDP connection failure.
* Fix an assertion failure when using dig with +nssearch and
+tcp options by starting the next query in the send_done()
callback (like in the UDP mode) instead of doing that
recursively in start_tcp(). Also ensure that queries
interrupted while connecting are detached properly.
* Don't remove CDS/CDNSKEY DELETE records on zone sign when
using 'auto-dnssec maintain;'.
This obsoletes the following patch:
bind-define-local-instances-of-FALLTHROUGH-and-UNREACHABLE.patch
[CVE-2022-1183, bsc#1199619]


Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources


Factory Auto's avatar

factory-auto accepted review

Check script succeeded


Saul Goodman's avatar

licensedigger accepted review

The legal review is accepted preliminary. The package may require actions later on.


Dominique Leuenberger's avatar

dimstar_suse set openSUSE:Factory:Staging:E as a staging project

Being evaluated by staging project "openSUSE:Factory:Staging:E"


Dominique Leuenberger's avatar

dimstar_suse accepted review

Picked "openSUSE:Factory:Staging:E"


Dominique Leuenberger's avatar

dimstar accepted review


Dominique Leuenberger's avatar

dimstar_suse accepted review

Staging Project openSUSE:Factory:Staging:E got accepted.


Dominique Leuenberger's avatar

dimstar_suse approved review

Staging Project openSUSE:Factory:Staging:E got accepted.


Dominique Leuenberger's avatar

dimstar_suse accepted request

Staging Project openSUSE:Factory:Staging:E got accepted.

openSUSE Build Service is sponsored by