[nsd-users] NSD 4.2.2rc2 pre-release
wouter at nlnetlabs.nl
Tue Aug 13 13:20:46 UTC 2019
NSD 4.2.2rc2 maintainer's pre-release is available:
This RC2 is made because there is a last-minute bugfix that fixes a
segfault, and it is nice to fold this into the release in progress.
- Fix #33: Fix segfault in service of remaining streams on exit.
- Fix error message for out of zone data to have more information.
Best regards, Wouter
On 8/6/19 11:55 AM, Wouter Wijngaards wrote:
> NSD 4.2.2rc1 maintainer's pre-release is available:
> sha256 7edc758b8700d53a10f613730a77702a0ab345259f24508584fe2f5ff8b37614
> pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.2.2rc1.tar.gz.asc
> This release fixes a number of, smaller, bugs. Several failures are
> fixed in the zone file parser, reported by fuzzing from Frederic Cambus.
> NSD now warns when a zonefile is parsed with SSHFP records in it with
> wrong lengths. The record itself is still managed normally, eg. does
> not cause the zone to stop loading. They are output into log, but the
> warnings are easily visible from the commandline using nsd-checkzone.
> BUG FIXES:
> - Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the
> dname_concatenate() function. Reported by Frederic Cambus.
> It causes the zone parser to crash on a malformed zone file,
> with assertions enabled, an assertion catches it.
> - Fix #19: Out-of-bounds read caused by improper validation of
> array index. Reported by Frederic Cambus. The zone parser
> fails on type SIG because of mismatched definition with RRSIG.
> - PR #23: Fix typo in nsd.conf man-page.
> - Fix that NSD warns for wrong length of the hash in SSHFP records.
> - Fix #25: NSD doesn't refresh zones after extended downtime,
> it refreshes the old zones.
> - Set no renegotiation on the SSL context to stop client
> session renegotiation.
> - Fix #29: SSHFP check NULL pointer dereference.
> - Fix #30: SSHFP check failure due to missing domain name.
> - Fix to timeval_add in minievent for remaining second in microseconds.
> - PR #31: nsd-control: Add missing stdio header.
> - PR #32: tsig: Fix compilation without HAVE_SSL.
> - Cleanup tls context on xfrd exit.
> Best regards, Wouter
> maintainers mailing list
> maintainers at nlnetlabs.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the nsd-users