[nsd-users] NSD 4.2.2rc2 pre-release

Wouter Wijngaards wouter at nlnetlabs.nl
Tue Aug 13 13:20:46 UTC 2019


Hi,

NSD 4.2.2rc2 maintainer's pre-release is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.2.2rc2.tar.gz
sha256 22b59d6e749322e7fc83b3fda12c5bf8c6a1a7b83f9dda0bd278f25d7dd2b02d
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.2.2rc2.tar.gz

This RC2 is made because there is a last-minute bugfix that fixes a
segfault, and it is nice to fold this into the release in progress.

Additional changes:
- Fix #33: Fix segfault in service of remaining streams on exit.
- Fix error message for out of zone data to have more information.

Best regards, Wouter

On 8/6/19 11:55 AM, Wouter Wijngaards wrote:
> Hi,
> 
> NSD 4.2.2rc1 maintainer's pre-release is available:
> https://nlnetlabs.nl/downloads/nsd/nsd-4.2.2rc1.tar.gz
> sha256 7edc758b8700d53a10f613730a77702a0ab345259f24508584fe2f5ff8b37614
> pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.2.2rc1.tar.gz.asc
> 
> 
> This release fixes a number of, smaller, bugs.  Several failures are
> fixed in the zone file parser, reported by fuzzing from Frederic Cambus.
> 
> NSD now warns when a zonefile is parsed with SSHFP records in it with
> wrong lengths.  The record itself is still managed normally, eg. does
> not cause the zone to stop loading.  They are output into log, but the
> warnings are easily visible from the commandline using nsd-checkzone.
> 
> 
> 4.2.2
> ================
> BUG FIXES:
> - Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the
>   dname_concatenate() function.  Reported by Frederic Cambus.
>   It causes the zone parser to crash on a malformed zone file,
>   with assertions enabled, an assertion catches it.
> - Fix #19: Out-of-bounds read caused by improper validation of
>   array index.  Reported by Frederic Cambus.  The zone parser
>   fails on type SIG because of mismatched definition with RRSIG.
> - PR #23: Fix typo in nsd.conf man-page.
> - Fix that NSD warns for wrong length of the hash in SSHFP records.
> - Fix #25: NSD doesn't refresh zones after extended downtime,
>   it refreshes the old zones.
> - Set no renegotiation on the SSL context to stop client
>   session renegotiation.
> - Fix #29: SSHFP check NULL pointer dereference.
> - Fix #30: SSHFP check failure due to missing domain name.
> - Fix to timeval_add in minievent for remaining second in microseconds.
> - PR #31: nsd-control: Add missing stdio header.
> - PR #32: tsig: Fix compilation without HAVE_SSL.
> - Cleanup tls context on xfrd exit.
> 
> 
> Best regards, Wouter
> 
> 
> _______________________________________________
> maintainers mailing list
> maintainers at nlnetlabs.nl
> https://nlnetlabs.nl/mailman/listinfo/maintainers
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20190813/c8b52a01/attachment.bin>


More information about the nsd-users mailing list