BIND 9.4-ESV-R3 is now available.
Mark Andrews
marka at isc.org
Tue Sep 28 20:15:17 UTC 2010
BIND 9.4-ESV-R3 is now available.
BIND 9.4-ESV-R3 is revision 2 of the extended release version
for BIND 9.4. It addresses a bug introduced in BIND 9.4-ESV-R1
and is recommend for anyone running BIND 9.4-ESV-R1.
BIND 9.4-ESV-R3 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/bind-9.4-ESV-R3.tar.gz.sha512.asc
The signature was generated with the ISC public key, which is
available at <https://www.isc.org/about/openpgp>.
A binary kit for Windows XP and Window 2003 is at
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip
The PGP signature of the binary kit for Windows XP and Window 2003 is at
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.4-ESV-R3/BIND9.4-ESV-R3.debug.zip.sha512.asc
Changes since 9.4.0.
--- 9.4-ESV-R3 released ---
2925. [bug] Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]
2921. [bug] The resolver could attempt to destroy a fetch context
too soon. [RT #19878]
2904. [bug] When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]
2900. [bug] The placeholder negative caching element was not
properly constructed triggering a INSIST in
dns_ncache_towire(). [RT #21346]
2890. [bug] Handle the introduction of new trusted-keys and
DS, DLV RRsets better. [RT #21097]
2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]
2678. [func] Treat DS queries as if "minimal-response yes;"
was set. [RT #20258]
2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
was set. [RT #18528]
--- 9.4-ESV-R2 released ---
2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]
--- 9.4-ESV-R1 released ---
2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
--- 9.4-ESV released ---
2831. [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]
2828. [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]
2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
2797. [bug] Don't decrement the dispatch manager's maxbuffers.
[RT #20613]
2790. [bug] Handle DS queries to stub zones. [RT #20440]
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
--- 9.4-ESVb1 released ---
2698. [cleanup] configure --enable-libbind is deprecated. [RT #20090]
2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
S_IFREG are defined after including <isc/stat.h>.
[RT #20309]
2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
[RT #20315]
2689. [bug] Correctly handle snprintf result. [RT #20306]
2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
to decide to fetch the destination address. [RT #20305]
2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
decoded. [RT #20269]
2672. [bug] Don't enable searching in 'host' when doing reverse
lookups. [RT #20218]
2525. [experimental] New logging category "query-errors" to provide detailed
internal information about query failures, especially
about server failures. (backported as a special
exception to the general policy) [RT #19027]
2670. [bug] Unexpected connect failures failed to log enough
information to be useful. [RT #20205]
2649. [bug] Set the domain for forward only zones. [RT #19944]
2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2642. [bug] nsupdate could dump core on solaris when reading
improperly formatted key files. [RT #20015]
2640. [security] A specially crafted update packet will cause named
to exit. [RT #20000]
2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
[RT #19959]
2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
[RT #19716]
2633. [bug] Handle 15 bit rand() functions. [RT #19783]
2632. [func] util/kit.sh: warn if documentation appears to be out of
date. [RT #19922]
2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
2621. [doc] Made copyright boilterplate consistent. [RT #19833]
2920. [bug] Delay thawing the zone until the reload of it has
completed successfully. [RT #19750]
2618. [bug] The sdb and sdlz db_interator_seek() methods could
loop infinitely. [RT #19847]
2617. [bug] ifconfig.sh failed to emit an error message when
run from the wrong location. [RT #19375]
2616. [bug] 'host' used the nameservers from resolv.conf even
when a explicit nameserver was specified. [RT #19852]
2615. [bug] "__attribute__((unused))" was in the wrong place
for ia64 gcc builds. [RT #19854]
2614. [port] win32: 'named -v' should automatically be executed
in the foreground. [RT #19844]
2610. [port] sunos: Change #2363 was not complete. [RT #19796]
2606. [bug] "delegation-only" was not being accepted in
delegation-only type zones. [RT #19717]
2605. [bug] Accept DS responses from delegation only zones.
[RT # 19296]
2603. [port] win32: handle .exe extension of named-checkzone and
named-comilezone argv[0] names under windows.
[RT #19767]
2602. [port] win32: fix debugging command line build of libisccfg.
[RT #19767]
2599. [bug] Address rapid memory growth when validation fails.
[RT #19654]
2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
2591. [bug] named could die when processing a update in
removed_orphaned_ds(). [RT #19507]
2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
[RT #19626]
2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
or SDB. [RT #19577]
2584. [bug] alpha: gcc optimization could break atomic operations.
[RT #19227]
2583. [port] netbsd: provide a control to not add the compile
date to the version string, -DNO_VERSION_DATE.
2582. [bug] Don't emit warning log message when we attempt to
remove non-existant journal. [RT #19516]
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
Requires MySQL 5.0.19 or later. [RT #19084]
2579. [bug] DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]
2573. [bug] Replacing a non-CNAME record with a CNAME record in a
single transaction in a signed zone failed. [RT #19397]
2568. [bug] Report when the write to indicate a otherwise
successful start fails. [RT #19360]
2567. [bug] dst__privstruct_writefile() could miss write errors.
write_public_key() could miss write errors.
[RT #19360]
2564. [bug] Only take EDNS fallback steps when processing timeouts.
[RT #19405]
2563. [bug] Dig could leak a socket causing it to wait forever
to exit. [RT #19359]
2562. [doc] ARM: miscellaneous improvements, reorganization,
and some new content.
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2557. [cleanup] PCI compliance:
* new libisc log module file
* isc_dir_chroot() now also changes the working
directory to "/".
* additional INSISTs
* additional logging when files can't be removed.
2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
2552. [bug] zero-no-soa-ttl-cache was not being honoured.
[RT #19340]
2551. [bug] Potential Reference leak on return. [RT #19341]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
[RT #19343]
2549. [port] linux: define NR_OPEN if not currently defined.
[RT #19344]
2547. [bug] openssl_link.c:mem_realloc() could reference an
out-of-range area of the source buffer. New public
function isc_mem_reallocate() was introduced to address
this bug. [RT #19313]
2545. [doc] ARM: Legal hostname checking (check-names) is
for SRV RDATA too. [RT #19304]
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2542. [doc] Update the description of dig +adflag. [RT #19290]
2539. [security] Update the interaction between recursion, allow-query,
allow-query-cache and allow-recursion. [RT #19198]
2536. [cleanup] Silence some warnings when -Werror=format-security is
specified. [RT #19083]
2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
2532. [bug] dig: check the question section of the response to
see if it matches the asked question. [RT #18495]
2531. [bug] Change #2207 was incomplete. [RT #19098]
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [bug] named could reuse cache on reload with
enabling/disabling validation. [RT #19119]
2523. [bug] Random type rdata freed by dns_nsec_typepresent().
[RT #19112]
2522. [security] Handle -1 from DSA_do_verify().
2521. [bug] Improve epoll cross compilation support. [RT #19047]
2519. [bug] dig/host with -4 or -6 didn't work if more than two
nameserver addresses of the excluded address family
preceded in resolv.conf. [RT #19081]
2517. [bug] dig +trace with -4 or -6 failed when it chose a
nameserver address of the excluded address type.
[RT #18843]
2516. [bug] glue sort for responses was performed even when not
needed. [RT #19039]
2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
a nameserver of the excluded address family.
[RT #18848]
2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
[RT #18885]
2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
[RT #19033]
2509. [bug] Specifying a fixed query source port was broken.
[RT #19051]
2506. [port] solaris: Check at configure time if
hack_shutup_pthreadonceinit is needed. [RT #19037]
2505. [port] Treat amd64 similarly to x86_64 when determining
atomic operation support. [RT #19031]
2504. [bug] Address race condition in the socket code. [RT #18899]
2503. [port] linux: improve compatibility with Linux Standard
Base. [RT #18793]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
function. [RT #18582]
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
[RT #18837]
2498. [bug] Removed a bogus function argument used with
ISC_SOCKET_USE_POLLWATCH: it could cause compiler
warning or crash named with the debug 1 level
of logging. [RT #18917]
2495. [bug] Tighten RRSIG checks. [RT #18795]
2494. [bug] dns/sdlz.h and dns/dlz.h were not being installed.
[RT #18826]
2487. [bug] Give TCP connections longer to complete. [RT #18675]
2485. [bug] Change update's the handling of obscured RRSIG
records. Not all orphand DS records were being
removed. [RT #18828]
2479. [bug] xfrout:covers was not properly initalized. [RT #18801]
2478. [bug] 'addresses' could be used uninitalized in
configure_forward(). [RT #18800]
2476. [doc] ARM: improve documentation for max-journal-size and
ixfr-from-differences. [RT #15909] [RT #18541]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
[RT #18297]
--- 9.4.3 released ---
2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
is cleared when IPV6_V6ONLY is set. [RT #18785]
2489. [port] solaris: Workaround Solaris's kernel bug about
/dev/poll:
http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
Define ISC_SOCKET_USE_POLLWATCH at build time to enable
this workaround. [RT #18870]
--- 9.4.3rc1 released ---
2473. [port] linux: raise the limit on open files to the possible
maximum value before spawning threads; 'files'
specified in named.conf doesn't seem to work with
threads as expected. [RT #18784]
2472. [port] linux: check the number of available cpu's before
calling chroot as it depends on "/proc". [RT #16923]
2471. [bug] named-checkzone was not reporting missing manditory
glue when sibling checks were disabled. [RT #18768]
2469. [port] solaris: Work around Solaris's select() limitations.
[RT #18769]
2468. [bug] Resolver could try unreachable servers multiple times.
[RT #18739]
2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
[RT #18302]
2465. [bug] Adb's handling of lame addresses was different
for IPv4 and IPv6. [RT #18738]
2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
API and glibc hides parts of the IPv6 Advanced Socket
API as a result. This is stupid as it breaks how the
two halves (Basic and Advanced) of the IPv6 Socket API
were designed to be used but we have to live with it.
Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
API. [RT #18388]
2462. [doc] Document -m (enable memory usage debugging)
option for dig. [RT #18757]
2461. [port] sunos: Change #2363 was not complete. [RT #17513]
2458. [doc] ARM: update and correction for max-cache-size.
[RT #18294]
2455. [bug] Stop metadata being transfered via axfr/ixfr.
[RT #18639]
2453. [bug] Remove NULL pointer dereference in dns_journal_print().
[RT #18316]
2449. [bug] libbind: Out of bounds reference in dns_ho.c:addrsort.
[RT #18044]
2445. [doc] ARM out-of-date on empty reverse zones (list includes
RFC1918 address, but these are not yet compiled in).
[RT #18578]
2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
(clear DF) for UDP responses and requests.
--- 9.4.3b3 released ---
2443. [bug] win32: UDP connect() would not generate an event,
and so connected UDP sockets would never clean up.
Fix this by doing an immediate WSAConnect() rather
than an io completion port type for UDP.
2438. [bug] Timeouts could be logged incorrectly under win32.
[RT #18617]
2437. [bug] Sockets could be closed too early, leading to
inconsistent states in the socket module. [RT #18298]
2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
2433. [tuning] Set initial timeout to 800ms.
2432. [bug] More Windows socket handling improvements. Stop
using I/O events and use IO Completion Ports
throughout. Rewrite the receive path logic to make
it easier to support multiple simultaneous
requestrs in the future. Add stricter consistency
checking as a compile-time option (define
ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
2430. [bug] win32: isc_interval_set() could round down to
zero if the input was less than NS_INTERVAL
nanoseconds. Round up instead. [RT #18549]
2429. [doc] nsupdate should be in section 1 of the man pages.
[RT #18283]
2426. [bug] libbind: inet_net_pton() can sometimes return the
wrong value if excessively large netmasks are
supplied. [RT #18512]
2425. [bug] named didn't detect unavailable query source addresses
at load time. [RT #18536]
2424. [port] configure now probes for a working epoll
implementation. Allow the use of kqueue,
epoll and /dev/poll to be selected at compile
time. [RT #18277]
2422. [bug] Handle the special return value of a empty node as
if it was a NXRRSET in the validator. [RT #18447]
2421. [func] Add new command line option '-S' for named to specify
the max number of sockets. [RT #18493]
Use caution: this option may not work for some
operating systems without rebuilding named.
2420. [bug] Windows socket handling cleanup. Let the io
completion event send out cancelled read/write
done events, which keeps us from writing to memeory
we no longer have ownership of. Add debugging
socket_log() function. Rework TCP socket handling
to not leak sockets.
2417. [bug] Connecting UDP sockets for outgoing queries could
unexpectedly fail with an 'address already in use'
error. [RT #18411]
2416. [func] Log file descriptors that cause exceeding the
internal maximum. [RT #18460]
2414. [bug] A masterdump context held the database lock too long,
causing various troubles such as dead lock and
recursive lock acquisition. [RT #18311, #18456]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2412. [bug] win32: address a resourse leak. [RT #18374]
2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
at compilation time. [RT #18433]
Note: with changes #2469 and #2421 above, there is no
need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
any more.
2410. [bug] Correctly delete m_versionInfo. [RT #18432]
2408. [bug] A duplicate TCP dispatch event could be sent, which
could then trigger an assertion failure in
resquery_response(). [RT #18275]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2404. [port] hpux: files unlimited support.
2403. [bug] TSIG context leak. [RT #18341]
2402. [port] Support Solaris 2.11 and over. [RT #18362]
2401. [bug] Expect to get E[MN]FILE errno internal_accept()
(from accept() or fcntl() system calls). [RT #18358]
2399. [bug] Abort timeout queries to reduce the number of open
UDP sockets. [RT #18367]
2398. [bug] Improve file descriptor management. New,
temporary, named.conf option reserved-sockets,
default 512. [RT #18344]
2396. [bug] Don't set SO_REUSEADDR for randomized ports.
[RT #18336]
2395. [port] Avoid warning and no effect from "files unlimited"
on Linux when running as root. [RT #18335]
2394. [bug] Default configuration options set the limit for
open files to 'unlimited' as described in the
documentation. [RT #18331]
2392. [bug] remove 'grep -q' from acl test script, some platforms
don't support it. [RT #18253]
2391 [port] hpux: cover additional recvmsg() error codes.
[RT #18301]
2390 [bug] dispatch.c could make a false warning on 'odd socket'.
[RT #18301].
2389 [bug] Move the "working directory writable" check to after
the ns_os_changeuser() call. [RT #18326]
2386. [func] Add warning about too small 'open files' limit.
[RT #18269]
--- 9.4.3b2 released ---
2385. [bug] A condition variable in socket.c could leak in
rare error handling [RT #17968].
2384. [security] Additional support for query port randomization (change
#2375) including performance improvement and port range
specification. [RT #17949, #18098]
2383. [bug] named could double queries when they resulted in
SERVFAIL due to overkilling EDNS0 failure detection.
[RT #18182]
2382. [doc] Add descriptions of IPSECKEY, SPF and SSHFP to ARM.
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
<prefix>/lib/{,mysql/}. [RT #18152]
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
proofs which, in turn, caused validation failures
for insecure zones immediately below a secure zone
the server was authoritative for. [RT #18112]
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
TLDs and supported RRs with TTLs [RT #17972]
2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
2376. [bug] Change #2144 was not complete.
2375. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949]
2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
2369. [bug] libbind: Array bounds overrun on read in bitncmp().
[RT #18054]
2364. [bug] named could trigger a assertion when serving a
malformed signed zone. [RT #17828]
2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
[RT #17513]
2361. [bug] "recursion" statistics counter could be counted
multiple times for a single query. [RT #17990]
--- 9.4.3b1 released ---
2358. [doc] Update host's default query description. [RT #17934]
2356. [bug] Built in mutex profiler was not scalable enough.
[RT #17436]
2353. [func] libbind: nsid support. [RT #17091]
2350. [port] win32: IPv6 support. [RT #17797]
2347. [bug] Delete now traverses the RB tree in the canonical
order. [RT #17451]
2345. [bug] named-checkconf failed to detect when forwarders
were set at both the options/view level and in
a root zone. [RT #17671]
2344. [bug] Improve "logging{ file ...; };" documentation.
[RT #17888]
2343. [bug] (Seemingly) duplicate IPv6 entries could be
created in ADB. [RT #17837]
2341. [bug] libbind: add missing -I../include for off source
tree builds. [RT #17606]
2340. [port] openbsd: interface configuration. [RT #17700]
2339. [port] tru64: support for libbind. [RT #17589]
2338. [bug] check_ds() could be called with a non DS rdataset.
[RT #17598]
2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
2335. [port] sunos: libbind and *printf() support for long long.
[RT #17513]
2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
bug in fromstruct_txt(). [RT #17609]
2333. [bug] Fix off by one error in isc_time_nowplusinterval().
[RT #17608]
2332. [contrib] query-loc-0.4.0. [RT #17602]
2331. [bug] Failure to regenerate any signatures was not being
reported nor being past back to the UPDATE client.
[RT #17570]
2330. [bug] Remove potential race condition when handling
over memory events. [RT #17572]
WARNING: API CHANGE: over memory callback
function now needs to call isc_mem_waterack().
See <isc/mem.h> for details.
2329. [bug] Clearer help text for dig's '-x' and '-i' options.
2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
M.ROOT-SERVERS.NET.
2326. [bug] It was possible to trigger a INSIST in the acache
processing.
2325. [port] Linux: use capset() function if available. [RT #17557]
2323. [port] tru64: namespace clash. [RT #17547]
2322. [port] MacOS: work around the limitation of setrlimit()
for RLIMIT_NOFILE. [RT #17526]
2319. [bug] Silence Coverity warnings in
lib/dns/rdata/in_1/apl_42.c. [RT #17469]
2318. [port] sunos fixes for libbind. [RT #17514]
2314. [bug] Uninitialized memory use on error path in
bin/named/lwdnoop.c. [RT #17476]
2313. [cleanup] Silence Coverity warnings. Handle private stacks.
[RT #17447] [RT #17478]
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
[RT #17458]
2311. [func] Update ACL regression test. [RT #17462]
2310. [bug] dig, host, nslookup: flush stdout before emitting
debug/fatal messages. [RT #17501]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
[RT #17495]
2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
2306. [bug] Remove potential race from lib/dns/resolver.c.
[RT #17470]
2305. [security] inet_network() buffer overflow. CVE-2008-0122.
2304. [bug] Check returns from all dns_rdata_tostruct() calls.
[RT #17460]
2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
[RT #17471]
2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
2301. [bug] Remove resource leak and fix error messages in
bin/tests/system/lwresd/lwtest.c. [RT #17474]
2300. [bug] Fixed failure to close open file in
bin/tests/names/t_names.c. [RT #17473]
2299. [bug] Remove unnecessary NULL check in
bin/nsupdate/nsupdate.c. [RT #17475]
2298. [bug] isc_mutex_lock() failure not caught in
bin/tests/timers/t_timers.c. [RT #17468]
2297. [bug] isc_entropy_createfilesource() failure not caught in
bin/tests/dst/t_dst.c. [RT #17467]
2296. [port] Allow docbook stylesheet location to be specified to
configure. [RT #17457]
2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
[RT #17459]
2293. [func] Add ACL regression test. [RT #17375]
2292. [bug] Log if the working directory is not writable.
[RT #17312]
2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
failure to set PR_SET_DUMPABLE. [RT #17312]
2290. [bug] Let AD in the query signal that the client wants AD
set in the response. [RT #17301]
2288. [port] win32: mark service as running when we have finished
loading. [RT #17441]
2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
2284. [bug] Memory leak in UPDATE prerequisite processing.
[RT #17377]
2283. [bug] TSIG keys were not attaching to the memory
context. TSIG keys should use the rings
memory context rather than the clients memory
context. [RT #17377]
2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
to protect applications from receiving spurious
SIGPIPE signals when using the resolver.
2278. [bug] win32: handle the case where Windows returns no
search list or DNS suffix. [RT #17354]
2277. [bug] Empty zone names were not correctly being caught at
in the post parse checks. [RT #17357]
2273. [bug] Adjust log level to WARNING when saving inconsistent
stub/slave master and journal files. [RT# 17279]
2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
[RT #17262]
2270. [bug] dns_db_closeversion() version->writer could be reset
before it is tested. [RT #17290]
2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
list.
2266. [bug] client.c:get_clientmctx() returned the same mctx
once the pool of mctx's was filled. [RT #17218]
2265. [bug] Test that the memory context's basic_table is non NULL
before freeing. [RT #17265]
2264. [bug] Server prefix length was being ignored. [RT #17308]
2263. [bug] "named-checkconf -z" failed to set default value
for "check-integrity". [RT #17306]
2262. [bug] Error status from all but the last view could be
lost. [RT #17292]
2260. [bug] Reported wrong clients-per-query when increasing the
value. [RT #17236]
2247. [doc] Sort doc/misc/options. [RT #17067]
2246. [bug] Make the startup of test servers (ans.pl) more
robust. [RT #17147]
--- 9.4.2 released ---
--- 9.4.2rc2 released ---
2259. [bug] Reverse incorrect LIBINTERFACE bump of libisc
in 9.4.2rc1. Applications built against 9.4.2rc1
will need to be rebuilt.
2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
[RT #17241]
2257. [bug] win32: Use the full path to vcredist_x86.exe when
calling it. [RT #17222]
2256. [bug] win32: Correctly register the installation location of
bindevt.dll. [RT #17159]
2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
when reading timer->idle allowing it to see
intermediate values as timer->idle was reset by
isc_timer_touch(). [RT #17243]
--- 9.4.2rc1 released ---
2251. [doc] Update memstatistics-file documentation to reflect
reality. Note there is behaviour change for BIND 9.5.
[RT #17113]
2249. [bug] Only set Authentic Data bit if client requested
DNSSEC, per RFC 3655 [RT #17175]
2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
2245. [bug] Validating lack of DS records at trust anchors wasn't
working. [RT #17151]
2238. [bug] It was possible to trigger a REQUIRE when a
validation was canceled. [RT #17106]
2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
2236. [bug] dnssec-signzone failed to preserve the case of
of wildcard owner names. [RT #17085]
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
2232. [bug] dns_adb_findaddrinfo() could fail and return
ISC_R_SUCCESS. [RT #17137]
2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
[RT #17088]
2230. [bug] We could INSIST reading a corrupted journal.
[RT #17132]
2228. [contrib] contrib: Change 2188 was incomplete.
2227. [cleanup] Tidied up the FAQ. [RT #17121]
2225. [bug] More support for systems with no IPv4 addresses.
[RT #17111]
2224. [bug] Defer journal compaction if a xfrin is in progress.
[RT #17119]
2223. [bug] Make a new journal when compacting. [RT #17119]
2221. [bug] Set the event result code to reflect the actual
record returned to caller when a cache update is
rejected due to a more credible answer existing.
[RT #17017]
2220. [bug] win32: Address a race condition in final shutdown of
the Windows socket code. [RT #17028]
2219. [bug] Apply zone consistency checks to additions, not
removals, when updating. [RT #17049]
2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
[RT #16976]
2216. [cleanup] Fix a number of errors reported by Coverity.
[RT #17094]
2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
2214. [bug] Deregister OpenSSL lock callback when cleaning
up. Reorder OpenSSL cleanup so that RAND_cleanup()
is called before the locks are destroyed. [RT #17098]
2213. [bug] SIG0 diagnostic failure messages were looking at the
wrong status code. [RT #17101]
2212. [func] 'host -m' now causes memory statistics and active
memory to be printed at exit. [RT 17028]
2210. [bug] Deleting class specific records via UPDATE could
fail. [RT #17074]
2209. [port] osx: linking against user supplied static OpenSSL
libraries failed as the system ones were still being
found. [RT #17078]
2208. [port] win32: make sure both build methods produce the
same output. [RT #17058]
2207. [port] Some implementations of getaddrinfo() fail to set
ai_canonname correctly. [RT #17061]
--- 9.4.2b1 released ---
2206. [security] "allow-query-cache" and "allow-recursion" now
cross inherit from each other.
If allow-query-cache is not set in named.conf then
allow-recursion is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.
If allow-recursion is not set in named.conf then
allow-query-cache is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.
[RT #16987]
2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
2203. [security] Query id generation was cryptographically weak.
[RT # 16915]
2202. [security] The default acls for allow-query-cache and
allow-recursion were not being applied. [RT #16960]
2200. [bug] The search for cached NSEC records was stopping to
early leading to excessive DLV queries. [RT #16930]
2199. [bug] win32: don't call WSAStartup() while loading dlls.
[RT #16911]
2198. [bug] win32: RegCloseKey() could be called when
RegOpenKeyEx() failed. [RT #16911]
2197. [bug] Add INSIST to catch negative responses which are
not setting the event result code appropriately.
[RT #16909]
2196. [port] win32: yield processor while waiting for once to
to complete. [RT #16958]
2194. [bug] Close journal before calling 'done' in xfrin.c.
2193. [port] win32: BINDInstall.exe is now linked statically.
[RT #16906]
2192. [port] win32: use vcredist_x86.exe to install Visual
Studio's redistributable dlls if building with
Visual Stdio 2005 or later.
2189. [bug] Handle socket() returning EINTR. [RT #15949]
2188. [contrib] queryperf: autoconf changes to make the search for
libresolv or libbind more robust. [RT #16299]
2187. [bug] query_addds(), query_addwildcardproof() and
query_addnxrrsetnsec() should take a version
argument. [RT #16368]
2186. [port] cygwin: libbind: check for struct sockaddr_storage
independently of IPv6. [RT #16482]
2185. [port] sunos: libbind: check for ssize_t, memmove() and
memchr(). [RT #16463]
2183. [bug] dnssec-signzone didn't handle offline private keys
well. [RT #16832]
2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
could return ISC_R_SUCCESS when they ran out of
memory. [RT #16365]
2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
2180. [cleanup] Remove bit test from 'compress_test' as they
are no longer needed. [RT #16497]
2178. [bug] 'rndc reload' of a slave or stub zone resulted in
a reference leak. [RT #16867]
2177. [bug] Array bounds overrun on read (rcodetext) at
debug level 10+. [RT #16798]
2176. [contrib] dbus update to handle race condition during
initialization (Bugzilla 235809). [RT #16842]
2175. [bug] win32: windows broadcast condition variable support
was broken. [RT #16592]
2174. [bug] I/O errors should always be fatal when reading
master files. [RT #16825]
2173. [port] win32: When compiling with MSVS 2005 SP1 we also
need to ship Microsoft.VC80.MFCLOC.
2171. [bug] Handle breaks in DNSSEC trust chains where the parent
servers are not DS aware (DS queries to the parent
return a referral to the child).
2170. [func] Add acache processing to test suite. [RT #16711]
2169. [bug] host, nslookup: when reporting NXDOMAIN report the
given name and not the last name searched for.
[RT #16763]
2168. [bug] nsupdate: in non-interactive mode treat syntax errors
as fatal errors. [RT #16785]
2167. [bug] When re-using a automatic zone named failed to
attach it to the new view. [RT #16786]
2166. [bug] When running in batch mode, dig could misinterpret
a server address as a name to be looked up, causing
unexpected output. [RT #16743]
2164. [bug] The code to determine how named-checkzone /
named-compilezone was called failed under windows.
[RT #16764]
2162. [func] Allow "rrset-order fixed" to be disabled at compile
time. [RT #16665]
2161. [bug] 'rndc flush' could report a false success. [RT #16698]
2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
from getifaddrs(). [RT #16708]
2159. [bug] Array bounds overrun in acache processing. [RT #16710]
2158. [bug] ns_client_isself() failed to initialize key
leading to a REQUIRE failure. [RT #16688]
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
resolver.c:validated() and resolver.c:cache_name().
Fix a memory leak in rbtdb.c:free_noqname().
Make lookup.c:lookup_find() robust against
event leaks. [RT #16685]
2155. [contrib] SQLite sdb module from jaboydjr at netwalk.com.
[RT #16694]
2153. [bug] nsupdate could leak memory. [RT #16691]
2152. [cleanup] Use sizeof(buf) instead of fixed number in
dighost.c:get_trusted_key(). [RT #16678]
2151. [bug] Missing newline in usage message for journalprint.
[RT #16679]
2150. [bug] 'rrset-order cyclic' uniformly distribute the
starting point for the first response for a given
RRset. [RT #16655]
2149. [bug] isc_mem_checkdestroyed() failed to abort on
if there were still active memory contexts.
[RT #16672]
2147. [bug] libbind: remove potential buffer overflow from
hmac_link.c. [RT #16437]
2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
SO_BSDCOMPAT" message. [RT #16641]
2145. [bug] Check DS/DLV digest lengths for known digests.
[RT #16622]
2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
[RT #16619]
2143. [bug] We failed to restart the IPv6 client when the
kernel failed to return the destination the
packet was sent to. [RT #16613]
2142. [bug] Handle master files with a modification time that
matches the epoch. [RT# 16612]
2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
equivalent of LDH checks). [RT #16609]
2140. [bug] libbind: missing unlock on pthread_key_create()
failures. [RT #16654]
2139. [bug] dns_view_find() was being called with wrong type
in adb.c. [RT #16670]
2119. [compat] libbind: allow res_init() to succeed enough to
return the default domain even if it was unable
to allocate memory.
--- 9.4.1 released ---
2172. [bug] query_addsoa() was being called with a non zone db.
[RT #16834]
--- 9.4.0 released ---
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-announce
mailing list