b020b54fa6
Fixes the following security issues: - CVE-2024-0760: A flood of DNS messages over TCP may make the server unstable https://kb.isc.org/docs/cve-2024-0760 - CVE-2024-1737: BIND's database will be slow if a very large number of RRs exist at the same name https://kb.isc.org/docs/cve-2024-1737 - CVE-2024-1975: SIG(0) can be used to exhaust CPU resources https://kb.isc.org/docs/cve-2024-1975 - CVE-2024-4076: Assertion failure when serving both stale cache data and authoritative zone content https://kb.isc.org/docs/cve-2024-4076 Bind 9.16.x is EOL since April 2024. See here for what version should be used in production: https://kb.isc.org/docs/aa-01540 Remove patch 0001 as CC_FOR_BUILD is used in upstream code to compile host utility gen. Use BIND_AUTORECONF = YES to avoid a Debian 12 libtool bug. Otherwise rndc linking fails. See here for a bug report to bind9 project: https://gitlab.isc.org/isc-projects/bind9/-/issues/4840 See here for a changelog: https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html COPYRIGHT file has been updated, following Copyright holders were added: Copyright Joyent, Inc. and other Node contributors. All rights reserved. Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Reviewed-by: Petr Vorel <petr.vorel@gmail.com> Signed-off-by: Arnout Vandecappelle <arnout@mind.be> (cherry picked from commit c9515c8b63bc9bc84b52b731c2c72031acd240d2) [Peter: mark as security bump] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 lines
308 B
Plaintext
5 lines
308 B
Plaintext
# Verified from https://ftp.isc.org/isc/bind9/9.18.28/bind-9.18.28.tar.xz.asc
|
|
# with key 706B6C28620E76F91D11F7DF510A642A06C52CEC
|
|
sha256 e7cce9a165f7b619eefc4832f0a8dc16b005d29e3890aed6008c506ea286a5e7 bind-9.18.28.tar.xz
|
|
sha256 9734825d67a3ac967b2c2f7c9a83c9e5db1c2474dbe9599157c3a4188749ebd4 COPYRIGHT
|