BIND 8.4.6 Release (8.4.6-REL)
Mark Andrews
Mark_Andrews at isc.org
Tue Jan 25 23:28:26 UTC 2005
BIND 8.4.6 Release (8.4.6-REL)
BIND 8.4.6-REL is a security release of BIND 8.4.
It is possible to remotely trigger a overrun causing a
denial of service. If you are running BIND 8.4.4 or
BIND 8.4.5 you should upgrade.
the distribution files are:
ftp://ftp.isc.org/isc/bind/src/8.4.6/bind-src.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.4.6/bind-doc.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.4.6/bind-contrib.tar.gz
the pgp signature files are:
ftp://ftp.isc.org/isc/bind/src/8.4.6/bind-src.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.4.6/bind-doc.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.4.6/bind-contrib.tar.gz.asc
Windows NT / Windows 2000 binary distribution.
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.6/readme1st.txt
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.6/BIND8.4.6.zip
ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.6/BIND8.4.6.zip.asc
top of CHANGES says:
--- 8.4.6-REL released --- (Tue Nov 16 19:55:10 PST 2004)
1688. [bug] named incorrectly parsed ownernames that started
with @.
1687. [bug] It was possible to overflow the q_usedns array.
1686. [bug] named-xfer didn't fully comment out ignored records.
1685. [port] aix5: add support for aix5.
1684. [port] 64 bit size_t issues / compiler warnings.
--- 8.4.5-REL released --- (Sun Sep 19 17:13:31 PDT 2004)
1683. [port] Solaris 4 - Solaris 6 need -lposix4 not -lrt for
clock_gettime().
--- 8.4.5-RC7 released --- (Wed Sep 1 01:14:17 PDT 2004)
1682. [bug] gethostby*_r() implementations that copied the return
pointer got NULL returned on success.
1681. [contrib] experimental named-xfer patch for possible future
inclusion. namedxfer-timer-patch.diff
1680. [bug] named-xfer: improve netread() logging.
1679. [bug] A bad length check was introduced by change #1661
in dns_ho.c.
1678. [bug] IXFR from a slave failed.
1677. [bug] IN6_IS_ADDR_MC_NODELOCAL() addresses can also have
symbolic scope id's.
--- 8.4.5-RC6 released --- (Tue Aug 10 20:50:14 PDT 2004)
1676. [port] Solaris 8 has if_nametoindex().
1675. [bug] match any returned scope when a scope is not specified
on non global scope address in resolv.conf.
1674. [bug] getaddrinfo() failed to set sin6_scope_id correctly
on some platforms.
1673. [bug] named-xfer could fail to transfer some valid ixfr
streams.
1672. [bug] libbind: failed to print unknown types and classes
above 4095. didn't correctly print unknown records
with zero length.
1671. [bug] named-xfer didn't handle zero length unknown records.
1670. [bug] named-xfer logged the port twice.
1669. [bug] Only test the gcc minor version when the major version
is known.
--- 8.4.5-RC5 released --- (Wed Jun 30 00:09:19 PDT 2004)
1668. [port] solaris: allow applications compiling against
libbind to be compiled with "cc -Xc".
1667. [bug] merge_log() didn't handle NAPTR records.
1666. [bug] IXFR merge failures should force the next transfer
attempt to be a AXFR.
1665. [port] getnameinfo() was broken on machines with 8 octet
longs.
1664. [doc] document "dig -b".
1663. [bug] RES_NO_NIBBLE2 and RES_DEBUG2 where the same
value.
--- 8.4.5-RC4 released --- (Wed Jun 9 23:26:59 PDT 2004)
1662. [cleanup] signed/unsigned issues in res_send.c and
res_mkupdate.c.
--- 8.4.5-RC3 released --- (Mon May 17 02:01:11 DST 2004)
1661. [cleanup] indiscriminate use strlcat/strlcpy make auditing
harder.
1660. [port] freebsd: FreeBSD 5 has a getgrnet_r() implementation.
Make our implementation call compatible.
--- 8.4.5-RC2 released --- (Tue Apr 27 21:59:01 PDT 2004)
1659. [port] decunix/ibm: gethostbyname_r() only supported a
small number of addresses.
--- 8.4.5-RC1 released --- (Mon Apr 12 05:51:41 PDT 2004)
1658. [bug] reduce the notify delay when reloading a single
zone.
1657. [bug] gmtime_r() called incorrectly.
1656. [bug] master serial number overflows were not detected.
1655. [bug] when printing NAPTR records to zone files escapes
were not being escaped causing them to be lost when
re-read.
1654. [port] linux: move/fix prototypes for getnetgrent(),
setnetgrent(), endnetgrent(), innetgr(),
gethostbyaddr_r(), gethostbyname_r(),
gethostent_r(), getnetbyname_r(), getnetbyaddr_r(),
getnetent_r(), getprotobyname_r(),
getprotobynumber_r(), getprotoent_r(),
getservbyname_r(), getservbyport_r(), getservent_r()
and getnetgrent_r().
1653. [func] The event library has new functions evUTCTime(),
evConfigTimer(), evSetOption() and evGetOption().
1652. [bug] linux: set sin6_scope_id for link local when scaning
the interface table.
1651. [port] solaris: namespace collision in dnssafe/ammd5.c
1650. [bug] NODATA responses from forwarders that followed
a CNAME were not handled correctly.
1649. [bug] res_nsend() failed to handle EPROTONOSUPPORT,
EPFNOSUPPORT and EAFNOSUPPORT.
1648. [protocol] Add DNAME support to nsupdate and res_mkupdate.
Note: DNAME is not supported by named. If you
need server side DNAME support please use BIND 9.
1647. [func] nsupdate: add "send" from BIND 9.
1646. [protocol] Do not make reverse queries under IP6.INT by default.
To get the old behaviour set "options v6revmode:both"
in resolv.conf.
1645. [bug] named-xfer: misformated address/port pairs in log
messages.
1644. [cleanup] remove unused variable from res_hnok().
1643. [bug] Update root hints, B.ROOT-SERVERS.NET 192.228.79.201.
1642. [bug] evWaitFor() and evDo() were being passed non-matching
tags.
1641. [bug] "CH" was missing from list to class names.
Note: this will impact lookups of the Swiss top
level domain "CH" and the unqualified hostname "CH".
1640. [contrib] rfc1101 removed.
--- 8.4.4 released --- (Thu Jan 15 18:07:14 PST 2004)
1639. [port] linux: glibc compatibility.
1638. [bug] "controls { inet * ....; };" was broken.
1637. [bug] if the current lookup requires self glue allow nslookup
to signal that the caller may call check the parent.
1636. [bug] fully reset the query control structure after following
a cname.
1635. [bug] delayed sysqueries were not being subject to sysquery
chaining distance test.
1634. [bug] improve sysquery() duplicate detection.
1633. [port] linux: maintain binary compatability with linux's
struct addrinfo.
1632. [port] solaris: maintain binary compatability with
sun's struct addrinfo.
1631. [cleanup] only attempt to open the IPv6 query source if
HAS_INET6_STRUCTS is defined.
1630. [debug] tracing for more resolver options.
1629. [bug] track which nameservers we have made a sysquery()
for.
1628. [bug] don't lookup missing alternate addresses for
lame servers.
1627. [bug] named-xfer: failure to supply manditory option -f
resulted in a core dump.
1626. [port] decunix: used -std1 rather than -std.
1625. [bug] forward-only wasn't working correctly.
1624. [port] decunix: provide ALIGN macro.
1623. [bug] change #1614 contained a error stopped the
presence AAAA records delaying the A lookups.
1622. [bug] restore missing "/" from query log.
1621. [port] hpux: make include/arpa/inet.h compatible with
that distributed by HP when _XOPEN_SOURCE_EXTENDED
is defined.
1620. [port] decunix: silence "-std1" warnings in ns_main.c.
1619. [port] decunix: remove duplicate typedefs.
1618. [func] report amount of time is seconds since the host
statistics were last cleared or server started.
--- 8.4.3 released --- (Mon Nov 24 17:27:52 PST 2003)
1617. [cleanup] don't pre-fetch missing additional address records if
we have one of A/AAAA.
1616. [func] turn on "preferred-glue A;" (if not specified in
named.conf) if the answer space is a standard UDP
message size or smaller.
1615. [func] when query logging log whether TSIG (S) and/or EDNS (E)
was used to make the query.
1614. [cleanup] on dual (IPv4+IPv6) stack servers delay the lookup of
missing glue if we have glue for one family.
1613. [cleanup] notify: don't lookup A/AAAA records for nameservers
if we don't support the address at the transport level.
1612. [func] named now takes arguements -4 and -6 to limit the
IP transport used for making queries.
1611. [debug] better packet tracing in debug output (+ some lint).
1610. [bug] don't explictly declare errno use <errno.h>.
1609. [bug] drop_port() was being called with ports in network
order rather than host order.
1608. [port] sun: force alignment of answer in dig.c.
1607. [bug] do not attempt to prime cache when recursion and
fetch-glue are disabled.
1606. [bug] sysquery duplicate detection was broken when
using forwarders.
1605. [port] sun: force alignment of newmsg in ns_resp.c.
1604. [bug] heap_delete() sometimes violated the heap invariant,
causing timer events not to be posted when due.
1603. [port] ds_remove_gen() mishandled removal IPv6 interfaces.
1602. [port] linux: work around a non-standard __P macro.
1601. [bug] dig could report the wrong server address on transfers.
1600. [bug] debug_freestr() prototype mismatch.
1599. [bug] res_nsearch() save statp->res_h_errno instead of
h_errno.
1598. [bug] dprint_ip_match_list() fails to print the mask
correctly.
1597. [bug] use the actual presentation length of the IP address
to determine if sprintf() is safe in write_tsig_info().
--- 8.4.2 released --- (Thu Sep 4 06:58:22 PDT 2003)
1596. [port] winnt: set USELOOPBACK in port_after.h
1595. [bug] dig: strcat used instead of strcpy.
1594. [bug] if only a single nameserver was listed in resolv.conf
IPv6 default server was also being used.
1593. [port] irix: update port/irix/irix_patch.
1592. [port] irix: provide a sysctl() based getifaddrs()
implementation.
1591. [port] irix: sa_len is a macro.
1590. [port] irix: doesn't have msg_control (NO_MSG_CONTROL)
1589. [port] linux: uninitalised variable.
1588. [port] solaris: provide ALIGN.
1587. [port] NGR_R_END_RESULT was not correct for some ports.
1586. [port] winnt: revert to old socket behaviour for UDP
sockets (Windows 2000 SP2 and later).
1585. [port] solaris: named-xfer needs <fcntl.h>.
1584. [port] bsdos: explictly include <netinet6/in6.h> for
4.0 and 4.1.
1583. [bug] add -X to named-xfer usage message.
1582. [bug] ns_ownercontext() failed to set the correct owner
context for AAAA records. ns_ptrcontext() failed
to return the correct context for IP6.ARPA.
1581. [bug] apply anti-cache poison techniques to negative
answers.
1580. [bug] inet_net_pton() didn't fully handle implicit
multicast IPv4 network addresses.
1579. [bug] ifa_addr can be NULL.
1578. [bug] named-xfer: wrong arguement passed to getnameinfo().
1577. [func] return referrals for glue (NS/A/AAAA) if recursion
is not desired (hp->rd = 0).
1576. [bug] res_nsendsigned() incorrectly printed the truncated
UDP response when RES_IGNTC was not set.
1575. [bug] tcp_send() passed the wrong length to evConnect().
1574. [bug] res_nsendsigned() failed to handle truncation
cleanly.
1573. [bug] tsig_size was not being copied by ns_forw().
1572. [port] bsdos: missing #include <ifaddrs.h>.
1571. [bug] AA was sometimes incorrectly set.
1570. [port] decunix: change #1544 broke OSF1 3.2C.
1569. [bug] remove extraneous closes.
1568. [cleanup] reduce the memory footprint for large numbers of
zones.
1567. [port] winnt: install MSVC70.DLL and MFC70.DLL.
1566. [bug] named failed to locate keys declared in masters
clause.
1565. [bug] named-xfer was failing to use TSIG.
1564. [port] linux: allow static linkage to work.
1563. [bug] ndc getargs_closure failed to NUL terminate strings.
1562. [bug] handle non-responsive servers better.
1561. [bug] rtt estimates were not being updated for IPv6
addresses.
1560. [port] linux: add runtime support to handle old kernels
that don't know about msg_control.
1559. [port] named, named-xfer: ensure that stdin, stdout and
stderr are open.
--- 8.4.1-P1 released --- (Sun Jun 15 17:35:10 PDT 2003)
1558. [port] sunos4 doesn't have msg_control (NO_MSG_CONTROL).
1557. [port] linux: socket returns EINVAL for unsupported family.
1556. [bug] reference through NULL pointer.
1555. [bug] sortlist wasn't being applied to AAAA queries.
1554. [bug] IPv4 access list elements of the form number/number
(e.g. 127/8) were not correctly defined.
1553. [bug] getifaddrs*() failed to set ifa_dstaddr for point
to point links (overwrote ifa_addr).
1552. [bug] buffer overruns in getifaddrs*() if the server has
point to point links.
1551. [port] freebsd: USE_IFNAMELINKIDS should be conditionally
defined.
1550. [port] TruCluster support didn't build.
1549. [port] Solaris 9 has /dev/random.
--- 8.4.1-REL released --- (Sun Jun 8 15:11:32 PDT 2003)
1548. [port] winnt: make recv visible from libbind.
1547. [port] cope with spurious EINVAL from evRead.
1546. [cleanup] dig now reports version 8.4.
1545. [bug] getifaddrs_sun6 was broken.
1544. [port] hpux 10.20 has a broken recvfrom(). Revert to recv()
in named-xfer and work around deprecated recv() in
OSF.
1543. [bug] named failed to send notifies to servers that live
in zones it was authoritative for.
1542. [bug] set IPV6_USE_MIN_MTU on IPv6 sockets if the kernel
supports it.
1541. [bug] getifaddrs_sun6() should be a no-op on early SunOS
releases.
--- 8.4.0-REL released --- (Sun Jun 1 17:49:31 PDT 2003)
More information about the bind-announce
mailing list