diff options
-rw-r--r-- | debian/changelog | 17 | ||||
-rw-r--r-- | debian/patches/0002-Add-support-for-reporting-status-via-sd_notify.patch | 18 |
2 files changed, 26 insertions, 9 deletions
diff --git a/debian/changelog b/debian/changelog index 108b0ba..9afab47 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,20 @@ +bind9 (1:9.18.24-1) bookworm-security; urgency=high + + * New upstream version 9.18.24 + - CVE-2023-4408: Parsing large DNS messages may cause excessive CPU + load + - CVE-2023-5517: Querying RFC 1918 reverse zones may cause an assertion + failure when "nxdomain-redirect" is enabled + - CVE-2023-5679: Enabling both DNS64 and serve-stale may cause an + assertion failure during recursive resolution + - CVE-2023-6516: Specific recursive query patterns may lead to an + out-of-memory condition + - CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator + - CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust + CPU resources + + -- Ondřej Surý <ondrej@debian.org> Mon, 12 Feb 2024 17:28:03 +0100 + bind9 (1:9.18.19-1~deb12u1) bookworm-security; urgency=high * New upstream version 9.18.19 diff --git a/debian/patches/0002-Add-support-for-reporting-status-via-sd_notify.patch b/debian/patches/0002-Add-support-for-reporting-status-via-sd_notify.patch index dec22c7..bcc4f83 100644 --- a/debian/patches/0002-Add-support-for-reporting-status-via-sd_notify.patch +++ b/debian/patches/0002-Add-support-for-reporting-status-via-sd_notify.patch @@ -39,7 +39,7 @@ index 57a023b..38045f0 100644 + $(LIBXML2_LIBS) +endif HAVE_LIBXML2 diff --git a/bin/named/server.c b/bin/named/server.c -index 2f21fc5..6930d98 100644 +index bfe6df3..8e37c65 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -26,6 +26,10 @@ @@ -69,7 +69,7 @@ index 2f21fc5..6930d98 100644 /*% * Maximum ADB size for views that share a cache. Use this limit to suppress -@@ -9929,6 +9934,15 @@ view_loaded(void *arg) { +@@ -9923,6 +9928,15 @@ view_loaded(void *arg) { "FIPS mode is %s", FIPS_mode() ? "enabled" : "disabled"); #endif /* ifdef HAVE_FIPS_MODE */ @@ -85,7 +85,7 @@ index 2f21fc5..6930d98 100644 atomic_store(&server->reload_status, NAMED_RELOAD_DONE); isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, -@@ -10108,6 +10122,10 @@ shutdown_server(isc_task_t *task, isc_event_t *event) { +@@ -10102,6 +10116,10 @@ shutdown_server(isc_task_t *task, isc_event_t *event) { UNUSED(task); INSIST(task == server->task); @@ -96,7 +96,7 @@ index 2f21fc5..6930d98 100644 /* * We need to shutdown the interface before going * exclusive (which would pause the netmgr). -@@ -10528,6 +10546,10 @@ reload(named_server_t *server) { +@@ -10522,6 +10540,10 @@ reload(named_server_t *server) { isc_result_t result; atomic_store(&server->reload_status, NAMED_RELOAD_IN_PROGRESS); @@ -107,7 +107,7 @@ index 2f21fc5..6930d98 100644 CHECK(loadconfig(server)); -@@ -10544,6 +10566,12 @@ reload(named_server_t *server) { +@@ -10538,6 +10560,12 @@ reload(named_server_t *server) { atomic_store(&server->reload_status, NAMED_RELOAD_FAILED); } cleanup: @@ -120,7 +120,7 @@ index 2f21fc5..6930d98 100644 return (result); } -@@ -10903,6 +10931,10 @@ isc_result_t +@@ -10897,6 +10925,10 @@ isc_result_t named_server_reconfigcommand(named_server_t *server) { isc_result_t result; atomic_store(&server->reload_status, NAMED_RELOAD_IN_PROGRESS); @@ -131,7 +131,7 @@ index 2f21fc5..6930d98 100644 CHECK(loadconfig(server)); -@@ -10919,6 +10951,12 @@ named_server_reconfigcommand(named_server_t *server) { +@@ -10913,6 +10945,12 @@ named_server_reconfigcommand(named_server_t *server) { atomic_store(&server->reload_status, NAMED_RELOAD_FAILED); } cleanup: @@ -145,10 +145,10 @@ index 2f21fc5..6930d98 100644 } diff --git a/configure.ac b/configure.ac -index dc61f79..c3cd5d9 100644 +index 8aa7a90..8d1f0d3 100644 --- a/configure.ac +++ b/configure.ac -@@ -872,6 +872,26 @@ AS_CASE([$with_zlib], +@@ -849,6 +849,26 @@ AS_CASE([$with_zlib], AC_SUBST([ZLIB_CFLAGS]) AC_SUBST([ZLIB_LIBS]) |