From: Noah Meyerhans Date: Sat, 28 Mar 2026 15:31:50 +0000 (-0400) Subject: bind: bump to 9.20.21 X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=d6d7d2325aac8ed2680470e3b56b2dca830efb53;p=openwrt-packages.git bind: bump to 9.20.21 Fixes several security issues: - CVE-2026-1519 Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. - CVE-2026-3104 Fix memory leaks in code preparing DNSSEC proofs of non-existence. - CVE-2026-3119 Prevent a crash in code processing queries containing a TKEY record. - CVE-2026-3591 Fix a stack use-after-return flaw in SIG(0) handling code. Signed-off-by: Noah Meyerhans --- diff --git a/net/bind/Makefile b/net/bind/Makefile index fa709878d..497b0aa44 100644 --- a/net/bind/Makefile +++ b/net/bind/Makefile @@ -9,8 +9,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bind -PKG_VERSION:=9.20.18 -PKG_RELEASE:=2 +PKG_VERSION:=9.20.21 +PKG_RELEASE:=1 USERID:=bind=57:bind=57 PKG_MAINTAINER:=Noah Meyerhans @@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:= \ https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \ https://ftp.isc.org/isc/bind9/$(PKG_VERSION) -PKG_HASH:=dfc546c990ac4515529cd45c4dd995862b18ae8a2d0cb29208e8896a5d325331 +PKG_HASH:=15e1b5a227d2890f7c4e823a6ea018de70ee2f3a0e859cbff3d82aad8590de03 PKG_INSTALL:=1 PKG_BUILD_FLAGS:=no-mips16 diff --git a/net/bind/patches/fix-usr-allow-rndc-addzone#1.patch b/net/bind/patches/fix-usr-allow-rndc-addzone#1.patch index 9d7f313e5..a08f69331 100644 --- a/net/bind/patches/fix-usr-allow-rndc-addzone#1.patch +++ b/net/bind/patches/fix-usr-allow-rndc-addzone#1.patch @@ -13,7 +13,7 @@ restore the automatic zone to the view. --- a/bin/named/server.c +++ b/bin/named/server.c -@@ -13946,6 +13946,7 @@ do_addzone(named_server_t *server, ns_cf +@@ -13931,6 +13931,7 @@ do_addzone(named_server_t *server, ns_cf bool redirect, isc_buffer_t **text) { isc_result_t result, tresult; dns_zone_t *zone = NULL; @@ -21,7 +21,7 @@ restore the automatic zone to the view. #ifndef HAVE_LMDB FILE *fp = NULL; bool cleanup_config = false; -@@ -13964,7 +13965,13 @@ do_addzone(named_server_t *server, ns_cf +@@ -13949,7 +13950,13 @@ do_addzone(named_server_t *server, ns_cf } else { result = dns_view_findzone(view, name, DNS_ZTFIND_EXACT, &zone); if (result == ISC_R_SUCCESS) { @@ -36,7 +36,7 @@ restore the automatic zone to the view. } } if (result != ISC_R_NOTFOUND) { -@@ -13973,6 +13980,10 @@ do_addzone(named_server_t *server, ns_cf +@@ -13958,6 +13965,10 @@ do_addzone(named_server_t *server, ns_cf isc_loopmgr_pause(named_g_loopmgr); @@ -47,7 +47,7 @@ restore the automatic zone to the view. #ifndef HAVE_LMDB /* * Make sure we can open the configuration save file -@@ -14077,6 +14088,11 @@ do_addzone(named_server_t *server, ns_cf +@@ -14062,6 +14073,11 @@ do_addzone(named_server_t *server, ns_cf /* Remove the zone from the zone table */ dns_view_delzone(view, zone); goto cleanup; @@ -59,7 +59,7 @@ restore the automatic zone to the view. } /* Flag the zone as having been added at runtime */ -@@ -14093,6 +14109,22 @@ do_addzone(named_server_t *server, ns_cf +@@ -14078,6 +14094,22 @@ do_addzone(named_server_t *server, ns_cf cleanup: