BIND 9.5.1b3 is now available.

Mark Andrews Mark_Andrews at isc.org
Tue Nov 11 06:10:51 UTC 2008


		BIND 9.5.1b3 is now available.

	BIND 9.5.1b3 is a maintenance release for BIND 9.5.

BIND 9.5.1b3 can be downloaded from

        ftp://ftp.isc.org/isc/bind9/9.5.1b3/bind-9.5.1b3.tar.gz

The PGP signature of the distribution is at

        ftp://ftp.isc.org/isc/bind9/9.5.1b3/bind-9.5.1b3.tar.gz.asc
        ftp://ftp.isc.org/isc/bind9/9.5.1b3/bind-9.5.1b3.tar.gz.sha256.asc
        ftp://ftp.isc.org/isc/bind9/9.5.1b3/bind-9.5.1b3.tar.gz.sha512.asc

The signature was generated with the ISC public key, which is
available at <http://www.isc.org/about/openpgp/pgpkey2006.txt>.

A binary kit for Windows XP and Window 2003 is at

	ftp://ftp.isc.org/isc/bind9/9.5.1b3/BIND9.5.1b3.zip
	ftp://ftp.isc.org/isc/bind9/9.5.1b3/BIND9.5.1b3.debug.zip

The PGP signature of the binary kit for Windows XP and Window 2003 is at
        
	ftp://ftp.isc.org/isc/bind9/9.5.1b3/BIND9.5.1b3.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.5.1b3/BIND9.5.1b3.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.5.1b3/BIND9.5.1b3.zip.sha512.asc
	ftp://ftp.isc.org/isc/bind9/9.5.1b3/BIND9.5.1b3.debug.zip.asc
	ftp://ftp.isc.org/isc/bind9/9.5.1b3/BIND9.5.1b3.debug.zip.sha256.asc
	ftp://ftp.isc.org/isc/bind9/9.5.1b3/BIND9.5.1b3.debug.zip.sha512.asc

Changes since 9.5.0.

	--- 9.5.1b3 released ---

2475.	[bug]		LRU cache cleanup under overmem condition could purge
			particular entries more aggresively. [RT #17628]

2474.	[bug]		ACL structures could be allocated with insufficient
			space, causing an array overrun. [RT #18765]

2473.	[port]		linux: raise the limit on open files to the possible
			maximum value before spawning threads; 'files'
		        specified in named.conf doesn't seem to work with
			threads as expected. [RT #18784]

2472.	[port]		linux: check the number of available cpu's before
			calling chroot as it depends on "/proc". [RT #16923]

2471.	[bug]		named-checkzone was not reporting missing manditory
			glue when sibling checks were disabled. [RT #18768]

2470.	[bug]		Elements of the isc_radix_node_t could be incorrectly
			overwritten.  [RT# 18719]

2469.	[port]		solaris: Work around Solaris's select() limitations.
			[RT #18769]

2468.	[bug]		Resolver could try unreachable servers multiple times.
			[RT #18739]

2467.	[bug]		Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]

2466.	[doc]		ARM: explain max-cache-ttl 0 SERVFAIL issue.
			[RT #18302]

2465.	[bug]		Adb's handling of lame addresses was different
			for IPv4 and IPv6. [RT #18738]

2464.	[port]		linux: check that a capability is present before
			trying to set it. [RT #18135]

2463.   [port]          linux: POSIX doesn't include the IPv6 Advanced Socket
			API and glibc hides parts of the IPv6 Advanced Socket
			API as a result.  This is stupid as it breaks how the
			two halves (Basic and Advanced) of the IPv6 Socket API				were designed to be used but we have to live with it.
			Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
			API. [RT #18388]

2462.	[doc]		Document -m (enable memory usage debugging)
			option for dig. [RT #18757]

2461.	[port]		sunos: Change #2363 was not complete. [RT #17513]

2458.	[doc]		ARM: update and correction for max-cache-size.
			[RT #18294]

2457.	[tuning]	max-cache-size is reverted to 0, the previous
			default.  It should be safe because expired cache
			entries are also purged. [RT #18684]

2456.	[bug]		In ACLs, ::/0 and 0.0.0.0/0 would both match any
			address, regardless of family.  They now correctly
			distinguish IPv4 from IPv6.  [RT #18559]
                        
2455.	[bug]		Stop metadata being transfered via axfr/ixfr.
			[RT #18639]

2453.	[bug]		Remove NULL pointer dereference in dns_journal_print().
			[RT #18316]

2451.	[port]		solaris: handle runtime linking better. [RT #18356]

2449.	[bug]		libbind: Out of bounds reference in dns_ho.c:addrsort.
			[RT #18044]

2445.	[doc]		ARM out-of-date on empty reverse zones (list includes
			RFC1918 address, but these are not yet compiled in).
			[RT #18578]

2444.	[port]		Linux, FreeBSD, AIX: Turn off path mtu discovery
			(clear DF) for UDP responses and requests.

2387.	[bug]		Silence compiler warnings in lib/isc/radix.c.
			[RT #18147] [RT #18258]

2369.	[bug]		libbind: Array bounds overrun on read in bitncmp().
			[RT #18054]

	--- 9.5.1b2 released ---

2443.	[bug]		win32: UDP connect() would not generate an event,
			and so connected UDP sockets would never clean up.
			Fix this by doing an immediate WSAConnect() rather
			than an io completion port type for UDP.

2442.	[bug]		A lock could be destroyed twice. [RT# 18626]

2441.   [bug]           isc_radix_insert() could copy radix tree nodes
			incompletely. [RT #18573]

2440.   [bug]		named-checkconf used an incorrect test to determine
			if an ACL was set to none.

2439.   [bug]           Potential NULL dereference in dns_acl_isanyornone().
                        [RT #18559]
        
2438.	[bug]		Timeouts could be logged incorrectly under win32.
			[RT #18617]

2437.	[bug]		Sockets could be closed too early, leading to
			inconsistent states in the socket module. [RT #18298]

2436.	[security]	win32: UDP client handler can be shutdown. [RT #18576]

2435.	[bug]		Fixed an ACL memory leak affecting win32.

2434.	[bug]		Fixed a minor error-reporting bug in
			lib/isc/win32/socket.c.

2433.	[tuning]	Set initial timeout to 800ms.

2432.	[bug]		More Windows socket handling improvements.  Stop
			using I/O events and use IO Completion Ports
			throughout.  Rewrite the receive path logic to make
			it easier to support multiple simultaneous
			requestrs in the future.  Add stricter consistency
			checking as a compile-time option (define
			ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).

2431.	[bug]		Acl processing could leak memory. [RT #18323]

2430.	[bug]		win32: isc_interval_set() could round down to
			zero if the input was less than NS_INTERVAL
			nanoseconds.  Round up instead. [RT #18549]

2429.	[doc]		nsupdate should be in section 1 of the man pages.
			[RT #18283]

2428.	[bug]		dns_iptable_merge() mishandled merges of negative
			tables. [RT #18409]

2426.	[bug]		libbind: inet_net_pton() can sometimes return the
			wrong value if excessively large netmasks are
			supplied. [RT #18512]

2425.	[bug]		named didn't detect unavailable query source addresses
			at load time. [RT #18536]

2424.	[port]		configure now probes for a working epoll
			implementation.  Allow the use of kqueue,
			epoll and /dev/poll to be selected at compile
			time. [RT #18277]
			
2422.	[bug]		Handle the special return value of a empty node as
			if it was a NXRRSET in the validator. [RT #18447]

2421.	[func]		Add new command line option '-S' for named to specify
			the max number of sockets. [RT #18493]
			Use caution: this option may not work for some
			operating systems without rebuilding named.

2420.	[bug]		Windows socket handling cleanup.  Let the io
			completion event send out cancelled read/write
			done events, which keeps us from writing to memeory
			we no longer have ownership of.  Add debugging
			socket_log() function.  Rework TCP socket handling
			to not leak sockets.

2419.	[cleanup]	Document that isc_socket_create() and isc_socket_open()
			should not be used for isc_sockettype_fdwatch sockets.
			[RT #18521]

2418.	[bug]		AXFR request on a DLZ could trigger a REQUIRE failure
			[RT #18430]

2417.	[bug]		Connecting UDP sockets for outgoing queries could
			unexpectedly fail with an 'address already in use'
			error. [RT #18411]

2416.	[func]		Log file descriptors that cause exceeding the
			internal maximum. [RT #18460]

2415.	[bug]		'rndc dumpdb' could trigger various assertion failures
			in rbtdb.c. [RT #18455]

2414.	[bug]		A masterdump context held the database lock too long,
			causing various troubles such as dead lock and
			recursive lock acquisition. [RT #18311, #18456]

2413.	[bug]		Fixed an unreachable code path in socket.c. [RT #18442]

2412.	[bug]		win32: address a resourse leak. [RT #18374]

2411.	[bug]		Allow using a larger number of sockets than FD_SETSIZE
			for select().  To enable this, set ISC_SOCKET_MAXSOCKETS
			at compilation time.  [RT #18433]

2410.	[bug]		Correctly delete m_versionInfo. [RT #18432]

2409.	[bug]		Only log that we disabled EDNS processing if we were
			subsequently successful.  [RT #18029]

2408.	[bug]		A duplicate TCP dispatch event could be sent, which
			could then trigger an assertion failure in
			resquery_response().  [RT #18275]

2407.	[port]		hpux: test for sys/dyntune.h. [RT #18421]

2405.   [cleanup]       The default value for dnssec-validation was changed to
                        "yes" in 9.5.0-P1 and all subsequent releases; this
                        was inadvertently omitted from CHANGES at the time.

2404.	[port]		hpux: files unlimited support.

2403.	[bug]		TSIG context leak. [RT #18341]

2402.	[port]		Support Solaris 2.11 and over. [RT #18362]

2401.	[bug]		Expect to get E[MN]FILE errno internal_accept()
			(from accept() or fcntl() system calls). [RT #18358]

2400.	[bug]		Log if kqueue()/epoll_create()/open(/dev/poll) fails.
			[RT #18297]

2398.	[bug]           Improve file descriptor management.  New,
			temporary, named.conf option reserved-sockets,
			default 512. [RT #18344]

2397.	[bug]		gssapi_functions bad declaration. [RT #18355]

2396.	[bug]		Don't set SO_REUSEADDR for randomized ports.
			[RT #18336]

2395.	[port]		Avoid warning and no effect from "files unlimited"
			on Linux when running as root. [RT #18335]

2394.	[bug]		Default configuration options set the limit for
			open files to 'unlimited' as described in the
			documentation. [RT #18331]

2393.	[bug]		nested acls containing keys could trigger an
			assertion in acl.c. [RT #18166]

2392.	[bug]		remove 'grep -q' from acl test script, some platforms
			don't support it. [RT #18253]

2391.	[port]		hpux: cover additional recvmsg() error codes.
			[RT #18301]

2390.	[bug]		dispatch.c could make a false warning on 'odd socket'.
			[RT #18301].

2389.	[bug]		Move the "working directory writable" check to after
			the ns_os_changeuser() call. [RT #18326]

2388.	[bug]		Avoid using tables for layout purposes in
			statistics XSL [RT #18159].

2386.	[func]		Add warning about too small 'open files' limit.
			[RT #18269]

	--- 9.5.1b1 released ---

2385.	[bug]		A condition variable in socket.c could leak in
			rare error handling [RT #17968].

2384.	[security]	Additional support for query port randomization (change
			#2375) including performance improvement and port range
			specification.  [RT #17949, #18098]

2383.	[bug]		named could double queries when they resulted in
			SERVFAIL due to overkilling EDNS0 failure detection.
			[RT #18182]

2382.	[doc]		Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
			to ARM.

2381.	[port]		dlz/mysql: support multiple install layouts for
			mysql.  <prefix>/include/{,mysql/}mysql.h and
			<prefix>/lib/{,mysql/}. [RT #18152]

2380.	[bug]		dns_view_find() was not returning NXDOMAIN/NXRRSET
			proofs which, in turn, caused validation failures
			for insecure zones immediately below a secure zone
			the server was authoritative for. [RT #18112] 

2379.	[contrib]	queryperf/gen-data-queryperf.py: removed redundant
			TLDs and supported RRs with TTLs [RT #17972]

2378.	[bug]		gssapi_functions{} had a redundant member in BIND 9.5.
			[RT #18169]

2377.	[bug]		Address race condition in dnssec-signzone. [RT #18142]

2376.	[bug]		Change #2144 was not complete.

2375.	[security]	Fully randomize UDP query ports to improve
			forgery resilience. [RT #17949]

2373.	[bug]		Default values of zone ACLs were re-parsed each time a
			new zone was configured, causing an overconsumption
			of memory. [RT #18092]

	--- 9.5.0 released ---



More information about the bind-announce mailing list