Overview
Request 980817 accepted
- Upgrade to 9.18.3:
Bugs fixed:
* Fix a crash in DNS-over-HTTPS (DoH) code caused by premature
TLS stream socket object deletion.
* RPZ NSIP and NSDNAME rule processing didn't handle stub and
static-stub zones at or above the query name. This has now
been addressed.
* Fixed a deadlock that could occur if an rndc connection arrived
during the shutdown of network interfaces.
* Refactor the fctx_done() function to set fctx to NULL after
detaching, so that reference counting errors will be easier to
avoid.
* udp_recv() in dispatch could trigger an INSIST when the
callback's result indicated success but the response was
canceled in the meantime.
* Work around a jemalloc quirk which could trigger an
out-of-memory condition in named over time.
* If there was a pending negative cache DS entry, validations
depending upon it could fail.
* dig returned a 0 exit status on UDP connection failure.
* Fix an assertion failure when using dig with +nssearch and
+tcp options by starting the next query in the send_done()
callback (like in the UDP mode) instead of doing that
recursively in start_tcp(). Also ensure that queries
interrupted while connecting are detached properly.
* Don't remove CDS/CDNSKEY DELETE records on zone sign when
using 'auto-dnssec maintain;'.
This obsoletes the following patch:
bind-define-local-instances-of-FALLTHROUGH-and-UNREACHABLE.patch
[CVE-2022-1183, bsc#1199619]
For reference:
Apr 14 01:20:31 susetest named.prep[26292]: /usr/libexec/bind/named.prep: line 59: /usr/sbin/named-checkconf: No such file or directory Apr 14 01:20:31 susetest systemd[1]: named.service: Control process exited, code=exited, status=6/NOTCONFIGURED
Request History
dirkmueller created request
- Upgrade to 9.18.3:
Bugs fixed:
* Fix a crash in DNS-over-HTTPS (DoH) code caused by premature
TLS stream socket object deletion.
* RPZ NSIP and NSDNAME rule processing didn't handle stub and
static-stub zones at or above the query name. This has now
been addressed.
* Fixed a deadlock that could occur if an rndc connection arrived
during the shutdown of network interfaces.
* Refactor the fctx_done() function to set fctx to NULL after
detaching, so that reference counting errors will be easier to
avoid.
* udp_recv() in dispatch could trigger an INSIST when the
callback's result indicated success but the response was
canceled in the meantime.
* Work around a jemalloc quirk which could trigger an
out-of-memory condition in named over time.
* If there was a pending negative cache DS entry, validations
depending upon it could fail.
* dig returned a 0 exit status on UDP connection failure.
* Fix an assertion failure when using dig with +nssearch and
+tcp options by starting the next query in the send_done()
callback (like in the UDP mode) instead of doing that
recursively in start_tcp(). Also ensure that queries
interrupted while connecting are detached properly.
* Don't remove CDS/CDNSKEY DELETE records on zone sign when
using 'auto-dnssec maintain;'.
This obsoletes the following patch:
bind-define-local-instances-of-FALLTHROUGH-and-UNREACHABLE.patch
[CVE-2022-1183, bsc#1199619]
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
dimstar_suse set openSUSE:Factory:Staging:E as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:E"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:E"
dimstar accepted review
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:E got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:E got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:E got accepted.