mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
remove
This commit is contained in:
Mark Andrews
parent
0449d7c0a4
commit
154b0052a5
1 changed files with 0 additions and 192 deletions
|
|
@ -1,192 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<article xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xl="http://www.w3.org/1999/xlink" version="5.0">
|
||||
|
||||
<section>
|
||||
<title>Introduction</title>
|
||||
<para>
|
||||
BIND 9.4-ESV-R5rc1 is the first release
|
||||
candidate of BIND 9.4-ESV-R5.
|
||||
</para>
|
||||
<para>
|
||||
This document summarizes changes from BIND 9.4-ESV-R4 to BIND 9.4-ESV-R5rc1.
|
||||
Please see the CHANGES file in the source code release for a
|
||||
complete list of all changes.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Download</title>
|
||||
<para>
|
||||
The latest release of BIND 9 software can always be found
|
||||
on our web site at
|
||||
<link xl:href="http://www.isc.org/downloads/all">http://www.isc.org/downloads/all</link>.
|
||||
There you will find additional information about each release,
|
||||
source code, and some pre-compiled versions for certain operating
|
||||
systems.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Support</title>
|
||||
<para>Product support information is available on
|
||||
<link xl:href="http://www.isc.org/services/support">http://www.isc.org/services/support</link>
|
||||
for paid support options. Free support is provided by our user
|
||||
community via a mailing list. Information on all public email
|
||||
lists is available at
|
||||
<link xl:href="https://lists.isc.org/mailman/listinfo">https://lists.isc.org/mailman/listinfo</link>.
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>New Features</title>
|
||||
<section>
|
||||
<title>9.4-ESV-R5rc1</title>
|
||||
<para>None.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Feature Changes</title>
|
||||
<section>
|
||||
<title>9.4-ESV-R5rc1</title>
|
||||
<para>None.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Security Fixes</title>
|
||||
<section>
|
||||
<title>9.4-ESV-R5rc1</title>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled allows
|
||||
for a TCP DoS attack. Until there is a kernel fix, ISC is disabling
|
||||
SO_ACCEPTFILTER support in BIND. [RT #22589]
|
||||
</listitem>
|
||||
<listitem>
|
||||
named, set up to be a caching resolver, is vulnerable to a
|
||||
user querying a domain with very large resource record sets (RRSets)
|
||||
when trying to negatively cache the response. Due to an off-by-one
|
||||
error, caching the response could cause named to crash. [RT #24650]
|
||||
[CVE-2011-1910]
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Bug Fixes</title>
|
||||
<section>
|
||||
<title>9.4-ESV-R5rc1</title>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
Improved the mechanism for flagging database entries as negative
|
||||
cache records; the former method, RR type 0, could be ambiguous.
|
||||
[RT #24777]
|
||||
</listitem>
|
||||
<listitem>
|
||||
During RFC5011 processing some journal write errors were not detected.
|
||||
This could lead to managed-keys changes being committed but not
|
||||
recorded in the journal files, causing potential inconsistencies
|
||||
during later processing. [RT #20256]
|
||||
</listitem>
|
||||
<listitem>
|
||||
A potential NULL pointer deference in the DNS64 code could cause
|
||||
named to terminate unexpectedly. [RT #20256]
|
||||
</listitem>
|
||||
<listitem>
|
||||
A state variable relating to DNSSEC could fail to be set during
|
||||
some infrequently-executed code paths, allowing it to be used whilst
|
||||
in an unitialized state during cache updates, with unpredictable results.
|
||||
[RT #20256]
|
||||
</listitem>
|
||||
<listitem>
|
||||
A potential NULL pointer deference in DNSSEC signing code could
|
||||
cause named to terminate unexpectedly [RT #20256]
|
||||
</listitem>
|
||||
<listitem>
|
||||
Several cosmetic code changes were made to silence warnings
|
||||
generated by a static code analysis tool. [RT #20256]
|
||||
</listitem>
|
||||
<listitem>
|
||||
Cause named to terminate at startup or rndc reconfig
|
||||
reload to fail, if a log file specified in the
|
||||
conf file isn't a plain file. (RT #22771]
|
||||
</listitem>
|
||||
<listitem>
|
||||
Prior to this fix, when named was was writing a zone to disk (as slave,
|
||||
when resigning, etc.), it might not correctly preserve the case of domain
|
||||
name labels within RDATA, if the RDATA was not compressible. The result
|
||||
is that when reloading the zone from disk would, named could serve data
|
||||
that did not match the RRSIG for that data, due to case mismatch. named
|
||||
now correctly preserves case. After upgrading to fixed code, the operator
|
||||
should either resign the data (on the master) or delete the disk file
|
||||
on the slave and reload the zone. [RT #22863]
|
||||
</listitem>
|
||||
<listitem>
|
||||
Fix the zonechecks system test to fail on error (warning in 9.6,
|
||||
fatal in 9.7) to match behaviour for 9.4. [RT #22905]
|
||||
</listitem>
|
||||
<listitem>
|
||||
There was a bug in how the clients-per-query code worked with some
|
||||
query patterns. This could result, in rare circumstances, in having all
|
||||
the client query slots filled with queries for the same DNS label,
|
||||
essentially ignoring the max-clients-per-query setting.
|
||||
[RT #22972]
|
||||
</listitem>
|
||||
<listitem>
|
||||
Fixed precedence order bug with NS and DNAME records if both are present.
|
||||
(Also fixed timing of autosign test in 9.7+) [RT #23035]
|
||||
</listitem>
|
||||
<listitem>
|
||||
Changing TTL did not cause dnssec-signzone to generate new signatures.
|
||||
[RT #23330]
|
||||
</listitem>
|
||||
<listitem>
|
||||
If named encountered a CNAME instead of a DS record when walking
|
||||
the chain of trust down from the trust anchor, it incorrectly stopped
|
||||
validating. [RT #23338]
|
||||
</listitem>
|
||||
<listitem>
|
||||
RRSIG records could have time stamps too far in the future.
|
||||
[RT #23356]
|
||||
</listitem>
|
||||
<listitem>
|
||||
If running on a powerpc CPU and with atomic operations enabled,
|
||||
named could lock up. Added sync instructions to the end of atomic
|
||||
operations. [RT #23469]
|
||||
</listitem>
|
||||
<listitem>
|
||||
ixfr-from-differences {master|slave};
|
||||
failed to select the master/slave zones, resulting in on diff/journal
|
||||
file being created.
|
||||
[RT #23580]
|
||||
</listitem>
|
||||
<listitem>
|
||||
Remove bin/tests/system/logfileconfig/ns1/named.conf and
|
||||
add setup.sh in order to resolve changing named.conf issue. [RT #23687]
|
||||
</listitem>
|
||||
<listitem>
|
||||
The autosign tests attempted to open ports within reserved ranges. Test
|
||||
now avoids those ports.
|
||||
[RT #23957]
|
||||
</listitem>
|
||||
<listitem>
|
||||
Named could fail to validate zones list in a DLV that validated insecure
|
||||
without using DLV and had DS records in the parent zone. [RT #24631]
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Thank You</title>
|
||||
<para>
|
||||
Thank you to everyone who assisted us in making this release possible.
|
||||
If you would like to contribute to ISC to assist us in continuing to make
|
||||
quality open source software, please visit our donations page at
|
||||
<link xl:href="http://www.isc.org/supportisc">http://www.isc.org/supportisc</link>.
|
||||
</para>
|
||||
</section>
|
||||
</article>
|
||||
Loading…
Reference in a new issue