Date: Mon, 19 Aug 2019 10:21:10 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 239964] [MAINTAINER] dns/nsd Upgrade to version 4.2.2 Message-ID: <bug-239964-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D239964 Bug ID: 239964 Summary: [MAINTAINER] dns/nsd Upgrade to version 4.2.2 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #206695 maintainer-approval+ Flags: Created attachment 206695 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D206695&action= =3Dedit patch to upgrade This release fixes a number of, smaller, bugs. Several failures are fixed in the zone file parser, reported by fuzzing from Frederic Cambus. NSD now warns when a zonefile is parsed with SSHFP records in it with wrong lengths. The record itself is still managed normally, eg. does not cause the zone to stop loading. They are output into log, but the warnings are easily visible from the commandline using nsd-checkzone. The release also fixes a segfault on exit, that originated from a fix in 4.2.1. 4.2.2 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D BUG FIXES: - Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the dname_concatenate() function. Reported by Frederic Cambus. It causes the zone parser to crash on a malformed zone file, with assertions enabled, an assertion catches it. - Fix #19: Out-of-bounds read caused by improper validation of array index. Reported by Frederic Cambus. The zone parser fails on type SIG because of mismatched definition with RRSIG. - PR #23: Fix typo in nsd.conf man-page. - Fix that NSD warns for wrong length of the hash in SSHFP records. - Fix #25: NSD doesn't refresh zones after extended downtime, it refreshes the old zones. - Set no renegotiation on the SSL context to stop client session renegotiation. - Fix #29: SSHFP check NULL pointer dereference. - Fix #30: SSHFP check failure due to missing domain name. - Fix to timeval_add in minievent for remaining second in microseconds. - PR #31: nsd-control: Add missing stdio header. - PR #32: tsig: Fix compilation without HAVE_SSL. - Cleanup tls context on xfrd exit. - Fix #33: Fix segfault in service of remaining streams on exit. - Fix error message for out of zone data to have more information. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-239964-7788>