Import bind 9.20.23 (previous was 9.20.22)
Security Fixes
Limit resolver server list size. (CVE-2026-3592)
When resolving a domain with many nameservers that shared overlapping
IP addresses (e.g., 10 NS records all pointing at the same set of
addresses), BIND could previously waste time querying duplicate
addresses and build up excessively large server lists. Addresses
in the resolver's server list are now deduplicated so that each
unique IP is only queried once per resolution attempt, regardless
of how many NS records point to it. The number of addresses stored
per nameserver name is also now capped at six (combined A and AAAA),
preventing memory and CPU overhead from domains with unusually
large NS/glue sets.
ISC would like to thank Shuhan Zhang from Tsinghua University for
reporting this issue. [GL #5641]
[222 lines not shown]
PR bin/60275 discard some arriving signals
The PR is only peripherally relevant to this, but it is all much
the same problem, over a fork() trapped signals are maintained,
and sh does not really want that.
In this case, when there is a vfork() a signal arriving for a
child (whether or not it should arrive and be processed) can be
treated as if it arrived for the parent, and cause a trap action
to be executed by the parent. (Never observed to have happened,
as best I am aware, but certainly looks as if it could.)
Avoid that, by making sure that the child process never records
a signal as having occurred, when it is being a vfork child
(while the parent is sharing memory with it).
Doing this meant making one variable that was previously local
to eval.c globally visible (exposing it in eval.h), and then
because the same name is used as a parameter in many other
[17 lines not shown]
membar_ops(3): Clarify language about membar_datadep_consumer.
I must have deleted a sentence about the temptation to pair it with
membar_producer in some earlier revision; let's write a new such
sentence.
crypto(4): Nix spurious mutex_exit; add missing bounds checks.
Consistently use `foo = kmem_alloc(n * sizeof(*foo), ...)' instead of
`sizeof(struct whatever_foo_is)'. Makes it easier for a reader to
notice a discrepancy this way.
Move CRYPTODEV_OPS_MAX to cryptodev_internal.h so it can be used by
the compat ocryptodev.c shims too. I think this is waaaaaaaaaaaaay
too high, by the way. For example, it looks like qat(4) puts a limit
of 16384 on the number of sessions. Other devices like hifn(4) look
like they're limited to numbers of sessions ranging from 2 to around
256.
PR kern/60281: crypto(4): bugs in reference counting and test
crypto(4): Omit needless locking in fcrypt_dtor.
We must have exclusive access to the object for this function to work
at all, so if removing the locks appeared to cause issues, it would
necessarily happen only because there is a bug somewhere else.
PR kern/60281: crypto(4): bugs in reference counting and test
crypto(4): Disentangle initialization and attachment goo.
Lotta unnecessary boilerplate deleted here!
Disable module unloading: can't be done safely. Explain precisely
why it can't be done safely.
This also fixes annoying `crypto: unable to register devsw, error 17'
messages in rump dmesg by having exactly one path to devsw_attach.
PR kern/60281: crypto(4): bugs in reference counting and test
crypto(4): Fix missing membars on reference count release.
If two threads A and B both hold references, we need to ensure that
memory ops in thread A happen before memory free in thread B in:
thread A thread B notes
-------- -------- -----
memory ops
atomic_dec(&refcnt) goes from 2 to 1
atomic_dec(&refcnt) goes from 1 to 0
memory free
This requires a membar_release in thread A before the atomic_dec (or
atomic_dec with memory_order_release), and a membar_acquire in thread
B after the atomic_dec is found to have brought the reference count
down to zero (or atomic_dec wiht memory_order_acquire).
kern/60281: crypto(4): bugs in reference counting and test
crypto(4): Take reference _before_ releasing the lock.
Otherwise nothing ensures the object will still exist by the time we
try to take the reference.
Also guard against too many references, since this is only a 32-bit
reference count.
PR kern/60281: crypto(4): bugs in reference counting and test
crypto(4): Make test more reliable, and test more.
1. New thread to concurrently create and destroy sessions.
(There should really be multiple threads to concurrently compete
with each other to create and destroy sessions, but this is
already surfacing more crashes, as I expected.)
2. Handle EBUSY in CIOCFSESSION in case there is a concurrent
CIOCCRYPT, as we are trying to test.
3. Handle CIOCCRYPT failure if a concurrent CIOCFSESSION beat us to
it, as we are trying to test
4. Dump core if the threads get stuck for too long.
5. Provide stack traces from the test program or rump server if they
dump core.
PR kern/60281: crypto(4): bugs in reference counting and test
Pull up following revision(s) (requested by hgutch in ticket #292):
external/mit/xorg/tools/fc-cache/Makefile: revision 1.24
Build fc-cache tool with -std=gnu99 instead of -std=c99 to get necessary
function prototypes on gcc-14/glibc build hosts.
Pull up following revision(s) (requested by isaki in ticket #1268):
etc/etc.luna68k/MAKEDEV.conf: revision 1.12
luna68k: Add missing audio devices to MAKEDEV.
Pull up following revision(s) (requested by isaki in ticket #291):
etc/etc.luna68k/MAKEDEV.conf: revision 1.12
luna68k: Add missing audio devices to MAKEDEV.
