| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | bind: upgrade 9.18.24 -> 9.18.25 | Wang Mingyu | 2024-04-16 | 1 | -113/+0 |
| | | | | | | | | | | | | | | | | | | | | | Changelog: ============ -Create the pruning task in the dns_cache_flush(), so the cache pruning still works after the flush. -Improve the TTL-based cleaning by removing the expired headers from the heap, so they don't block the next cleaning round and clean more than a single item for each new addition to the RBTDB. -Revert change 6319 and decrease lock contention during RBTDB tree pruning by not cleaning up nodes recursively within a single prune_tree() call. -Address use after free in expire_lru_headers. (From OE-Core rev: 17cecd0d9d0d734d408701d861692ca5987f4ad9) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||||
| * | bind: Upgrade 9.18.21 -> 9.18.24 | Soumya Sambu | 2024-02-24 | 1 | -0/+113 |
| Changelog: ========= 9.18.24: - Fix case insensitive setting for isc_ht hashtable. [GL #4568] 9.18.23: - Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. (CVE-2023-50387) [GL #4424] - Change 6315 inadvertently introduced regressions that could cause named to crash. [GL #4234] - Under some circumstances, the DoT code in client mode could process more than one message at a time when that was not expected. That has been fixed. [GL #4487] 9.18.22: - Limit isc_task_send() overhead for RBTDB tree pruning. [GL #4383] - Restore DNS64 state when handling a serve-stale timeout. (CVE-2023-5679) [GL #4334] - Specific queries could trigger an assertion check with nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281] - Speed up parsing of DNS messages with many different names. (CVE-2023-4408) [GL #4234] - Address race conditions in dns_tsigkey_find(). [GL #4182] - Conversion from NSEC3 signed to NSEC signed could temporarily put the zone into a state where it was treated as unsigned until the NSEC chain was built. Additionally conversion from one set of NSEC3 parameters to another could also temporarily put the zone into a state where it was treated as unsigned until the new NSEC3 chain was built. [GL #1794] [GL #4495] - Memory leak in zone.c:sign_zone. When named signed a zone it could leak dst_keys due to a misplaced 'continue'. [GL #4488] - Log more details about the cause of "not exact" errors. [GL #4500] - The wrong time was being used to determine what RRSIGs where to be generated when dnssec-policy was in use. [GL #4494] - The "trust-anchor-telemetry" statement is no longer marked as experimental. This silences a relevant log message that was emitted even when the feature was explicitly disabled. [GL #4497] - Fix statistics export to use full 64 bit signed numbers instead of truncating values to unsigned 32 bits. [GL #4467] - NetBSD has added 'hmac' to libc which collides with our use of 'hmac'. [GL #4478] (From OE-Core rev: d7f31aba343948dbaadafc8c0c66f78e6ffb46e3) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | |||||
 |
index : linux/poky.git | |
| Mirror of git.yoctoproject.org/poky | N/A |
| summaryrefslogtreecommitdiffstats |