From 7128c44787e893bff02c1c9ea2158fb223ce52c1 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Mon, 4 Jan 2016 16:05:44 -0800 Subject: [PATCH] [v9_9] clean up relnotes to include only things added since 9.9.8 --- doc/arm/notes.xml | 191 ++-------------------------------------------- 1 file changed, 5 insertions(+), 186 deletions(-) diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index c50739fb2a..2cbfca5e83 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -56,44 +56,6 @@ lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] - - - An incorrect boundary check in the OPENPGPKEY rdatatype - could trigger an assertion failure. This flaw is disclosed - in CVE-2015-5986. [RT #40286] - - - - - A buffer accounting error could trigger an assertion failure - when parsing certain malformed DNSSEC keys. - - - This flaw was discovered by Hanno Böck of the Fuzzing - Project, and is disclosed in CVE-2015-5722. [RT #40212] - - - - - A specially crafted query could trigger an assertion failure - in message.c. - - - This flaw was discovered by Jonathan Foote, and is disclosed - in CVE-2015-5477. [RT #40046] - - - - - On servers configured to perform DNSSEC validation, an - assertion failure could be triggered on answers from - a specially configured server. - - - This flaw was discovered by Breno Silveira Soares, and is - disclosed in CVE-2015-4620. [RT #39795] - - Specific APL data could trigger an INSIST. This flaw @@ -106,68 +68,12 @@
New Features - - - New quotas have been added to limit the queries that are - sent by recursive resolvers to authoritative servers - experiencing denial-of-service attacks. When configured, - these options can both reduce the harm done to authoritative - servers and also avoid the resource exhaustion that can be - experienced by recursives when they are being used as a - vehicle for such an attack. - - - NOTE: These options are not available by default; use - configure --enable-fetchlimit to include - them in the build. - - - - - limits the number of - simultaneous queries that can be sent to any single - authoritative server. The configured value is a starting - point; it is automatically adjusted downward if the server is - partially or completely non-responsive. The algorithm used to - adjust the quota can be configured via the - option. - - - - - limits the number of - simultaneous queries that can be sent for names within a - single domain. (Note: Unlike "fetches-per-server", this - value is not self-tuning.) - - - - - Statistics counters have also been added to track the number - of queries affected by these quotas. - - - - - An --enable-querytrace configure switch is - now available to enable very verbose query tracelogging. This - option can only be set at compile time. This option has a - negative performance impact and should be used only for - debugging. [RT #37520] - - The following types have been implemented: CSYNC, NINFO, RKEY, SINK, TA, TALINK. - - - - - EDNS COOKIE options content is now displayed as - "COOKIE: <hexvalue>". - - + +
Feature Changes @@ -178,40 +84,10 @@ Updated the compiled in addresses for H.ROOT-SERVERS.NET. - - - Large inline-signing changes should be less disruptive. - Signature generation is now done incrementally; the number - of signatures to be generated in each quantum is controlled - by "sig-signing-signatures number;". - [RT #37927] - - - - - Retrieving the local port range from net.ipv4.ip_local_port_range - on Linux is now supported. - - - - - Active Directory names of the form gc._msdcs.<forest> are - now accepted as valid hostnames when using the - option. <forest> is still - restricted to letters, digits and hyphens. - - - - - Names containing rich text are now accepted as valid - hostnames in PTR records in DNS-SD reverse lookup zones, - as specified in RFC 6763. [RT #37889] - - The default preferred glue is now the address type of the - transport the query was received over. + transport the query was received over. @@ -229,71 +105,14 @@
-
Porting Changes - - - - - The Microsoft Windows install tool - BINDInstall.exe which requires a - non-free version of Visual Studio to be built, now uses two - files (lists of flags and files) created by the Configure - perl script with all the needed information which were - previously compiled in the binary. Read - win32utils/build.txt for more details. - [RT #38915] - - - -
Bug Fixes - - Asynchronous zone loads were not handled correctly when the - zone load was already in progress; this could trigger a crash - in zt.c. [RT #37573] + + None. - - - A race during shutdown or reconfiguration could - cause an assertion failure in mem.c. [RT #38979] - - - - - Some answer formatting options didn't work correctly with - dig +short. [RT #39291] - - - - - Malformed records of some types, including NSAP and UNSPEC, - could trigger assertion failures when loading text zone files. - [RT #40274] [RT #40285] - - - - - Fixed a possible crash in ratelimiter.c caused by NOTIFY - messages being removed from the wrong rate limiter queue. - [RT #40350] - - - - - The default of random - was inconsistently applied. [RT #40456] - - - - - BADVERS responses from broken authoritative name servers were - not handled correctly. [RT #40427] - -
End of Life