BIND 9.8.2 is now available

Dennis Clarke dclarke at blastwave.org
Mon Apr 9 23:22:05 UTC 2012 

Hello there ISC folks.
Me again from Blastwave :-)

Small problem with the 9.8.2 tarball :

$ ls $SRC/bind-9*
/export/medusa/src/bind-9.8.1-P1.tar.gz
/export/medusa/src/bind-9.8.2.tar.gz
$ gzip -dc /export/medusa/src/bind-9.8.2.tar.gz | tar -xf -
$ cd bind-9.8.2

$ ls -lo REL*
-rw-r--r--   1 sysadmin   16744 Mar 22 19:20 RELEASE-NOTES-BIND-9.8.1.html
-rw-r--r--   1 sysadmin   62760 Mar 22 19:20 RELEASE-NOTES-BIND-9.8.1.pdf
-rw-r--r--   1 sysadmin   14419 Mar 22 19:20 RELEASE-NOTES-BIND-9.8.1.txt

$ cat version
# $Id$
#
# This file must follow /bin/sh rules.  It is imported directly via # configure.
#
MAJORVER=9
MINORVER=8
PATCHVER=2
RELEASETYPE=
RELEASEVER=

Looks like the release notes for 9.8.1 are in the 9.8.2 tarball.

If I check the MD5 hash I see the pdf is the same as the 9.8.1-P1 release.

Just a FYI there.

Dennis

ps: I hit this when doing the Solaris SVR4 packages and my package
    prototype kept complaining that I had 9.8.1 Release notes. Yup.

-- 
--
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x1D936C72FA35B44B
+-------------------------+-----------------------------------+
| Dennis Clarke           | Solaris and Linux and Open Source |
| dclarke at blastwave.org   | Respect for open standards.       |
+-------------------------+-----------------------------------+
-----------------------------------------------------------





> Introduction
>
>   BIND 9.8.2 is the latest production release of BIND 9.8.
>
>   This document summarizes changes from BIND 9.8.1 to BIND 9.8.2. Please see
the CHANGES file in the source code release for a complete list of all
changes.
>
> Download
>
>   The latest versions of BIND 9 software can always be found on our web site
at http://www.isc.org/downloads/all. There you will find additional
information about each release, source code, and
>   pre-compiled versions for Microsoft Windows operating systems.
>
> Support
>
>   Product support information is available on
>   http://www.isc.org/services/support for paid support options. Free support
is provided by our user community via a mailing list.
>   Information on all public email lists is available at
>   https://lists.isc.org/mailman/listinfo.
>
> Security Fixes
>
>   + BIND 9 nameservers performing recursive queries could cache an
>     invalid record and subsequent queries for that record could
>     crash the resolvers with an assertion failure. [RT #26590]
>     [CVE-2011-4313]
>
> Feature Changes
>
>   + RPZ implementation now conforms to version 3 of the specification.
>     [RT #27316]
>
>   + It is now possible to explicitly disable DLV in named.conf by
>     specifying "dnssec-lookaside no;". This is the default, but the ability
to configure it makes it clearly visible to administrators. [RT #24858]
>
>   + --enable-developer, a new composite argument to the configure
>     script, enables a set of build options normally disabled but frequently
selected in test or development builds, specifically:
enable_fixed_rrset, with_atf, enable_filter_aaaa, enable_rpz_nsip,
enable_rpz_nsdname, and with_dlz_filesystem (and on Linux and Darwin,
also enable_exportlib) [RT #27103]
>
> Bug Fixes
>   + Named could dereference a NULL pointer in  zmgr_start_xfrin_ifquota
>     if the zone was being removed. [RT #28419]
>
>   + A parser bug could cause named to crash while reading a malformed
>     zone file. [RT #28467]
>
>   + Fixed a problem preventing proper use of 64 bit time values in
>     libbind. [RT # 26542]
>
>   + isccc/cc.c:table_fromwire could fail to free an allocated object on
>     error, leading to a possible memory leak condition. [RT #28265]
>
>   + Fixed a build error on systems without ENOTSUP.  [RT #28200]
>
>   + The header file isc/hmacsha.h is now installed when building BIND.
>     [RT #28169]
>
>   + Resolves spurious test failures in ans.pl by updating it to work
>     correctly with Net::DNS 0.68 [RT  #28028]
>
>   + The managed key maintenance timer could fail to restart after 'rndc
>     reconfig' resulting in managed keys not being properly added to
managed-keys.bind [RT #27686]
>
>   + Corrects a potential overflow problem in the computation of
>     RRSIG expiration times. [RT #23311]
>
>   + The maximum number of NSEC3 iterations for a DNSKEY RRset was
>     not being properly computed.  [RT #26543]
>
>   + Error reporting has been improved for failures encountered
>     when sending or receiving network packets.  In particular
>     some memory allocation failures were being logged as "unexpected error"
- these will now be reported accurately.  A new
>     ISC_R_UNSET result code has also been added to cover those
>     situations where there is no error code returned by the OS
>     sockets implementation.  [RT #27336]
>
>   + Corrects an INSIST failure by addressing race conditions in
>     the handling of rbtnode.deadlink. [RT #27738]
>
>   + SOA refresh queries could be treated as cancelled despite
>     succeeding over the loopback interface. [RT #27782]
>
>   + When replacing an NS RRset, BIND now restricts the TTL of the
>     new NS RRset to no more than that of the NS RRset it replaces to fix a
timing problem that can arise when removing a delegation. [RT
#27792/27884]
>
>   + Raw zones with with more than 512 records in a RRset previously
>     failed to load. [RT #27863]
>
>   + Make sure automatic key maintenance is started when "rndc reconfig"
>     is issued if "auto-dnssec maintain" is turned on. [RT #26805]
>
>   + Windows builds are now restricted to a single listener thread
>     until incompatibility with the multiple listeners code can be addressed
[RT #27696]
>
>   + AAAA responses could be returned in the additional section even
>     when filter-aaaa-on-v4 was in use. [RT #27292]
>
>   + An error handling an out of memory condition could cause a stored
>     rdataset to be freed twice using DNS64. [RT #27762]
>
>   + Some query patterns could cause responses not to be returned
>     in cyclic order though "rrset-order cyclic" was set.  [RT
>     #27170/27185]
>
>   + named-compilezone now longer emits "dump zone to <file>" message
>     when writing to stdout.  [RT #27109]
>
>   + Sets isc_socket_ipv6only() on the IPv6 control channels.  This
>     addresses IPv6 socket binding problems that can occur in some
configurations when bindv6only=1 is set globally.   [RT #22249]
>
>   + named now reports a syntax error when a TXT record longer than
>     255 characters is configured.  [RT #26956]
>
>   + Addresses race conditions in the resolver code that can cause
>     named to abort.   [RT #26889]
>
>   + Fixed a bug that could cause named to crash while loading a
>     zone with invalid DNSKEY records.  [RT #26913]
>
>   + Prevents  dig -6 +trace from terminating with an error when
>     encountering a root nameserver without an AAAA record. RT #26906]
>
>   + Prevents DNSKEY state change events from being missed by ensuring
>     that the timestamps used to determine which keys are in use are set
appropriately.  [RT #26874]
>
>   + When processing a list of keys, named now consistently compares
>     them with the same timestamp. [RT #26883]
>
>   + Fixed a corner case race condition in the validator that may
>     cause an assert in a multi-threaded build of BIND.  [RT #26478]
>
>   + Poor error handling could cause named to hang during shutdown.
>     [RT #26372]
>
>   + named now correctly validates DNSSEC positive wildcard responses
>     from NSEC3 signed zones. [RT #26200]
>
>   + Fixes a problem with the computation of tags for revoked keys.
>     [RT #26186]
>
>   + Corrects a problem with change #3186.  dns_db_rpz_findips()
>     could fail to set the database version correctly, causing an assertion
failure. [RT #26180]
>
>   + Master servers that had previously been marked as unreachable
>     because of failed zone transfer attempts will now be removed from the
"unreachable" list (i.e. considered reachable again) if the slave
receives a NOTIFY message from them. [RT #25960]
>
>   + Fixes a bug in zone.c where failure to delete signatures could
>     lead to an assertion failure and subsequent abort. [RT #25880]
>
>   + Corrects a problem validating root DS responses. [RT #25726]
>
>   + Fixes a problem whereby "rndc dumpdb" could cause an assertion
>     failure and abort by attempting to print an empty rdataset [RT #25452]
>
>   + The order in which we process the reactivation of a dead node
>     in cache and the incrementing of its reference count created a small
timing window during which an inconsistency could be
>     detected and an assert occur in a multi-threaded environment. This
should no longer occur.  [RT #23219]
>
>   + 'dig -y' would crash when passed an unknown TSIG algorithm. dig
>     now handles unknown TSIG algorithms more gracefully. [RT #25522]
>
>   + Servers that received negative responses from a forwarder were
>     failing to cache the answers correctly, resulting in multiple queries
for the same non-existent name being sent to the
>     forwarders instead of answers being provided to clients from cache
(until TTL expiry).  [RT #25380]
>
>   + Corrected a bug which could cause a slave server with
>     "allow-update-forwarding" set to become unresponsive if the
>     master it is trying to reach is off-line or unreachable. [RT #24711]
>
>   + Socket errors during during recursion were sometimes not handled
>     correctly which could lead to a named assert when an associated query
structure was used after it had already been freed [RT #22208]
>
>   + The logging level for DNSSEC validation failures due to expired
>     or not-yet-valid RRSIGs has been increased to log level "info" to make
it easier to diagnose these problems. Examples of the new log messages
are given below:
>
>       03-Nov-2011 22:40:55.335 validating @0x7fccc401e5a0:
>       pastdate-A.test.dnssec-tools.org A: verify failed due to bad signature
(keyid=19442): RRSIG has expired
>
>       03-Nov-2011 22:41:31.335 validating @0x12b5d80:
>       futuredate-A.test.dnssec-tools.org A: verify failed due to bad
signature (keyid=19442): RRSIG validity period has not begun
>
>     [RT #21796]
>
>   + This change can reduce the time when a server is unavailable
>     during "rndc reconfig" for servers with large and complex
>     configurations.  This is achieved by completing the parsing of the
configuration files in entirety before entering the exclusive phase.
(Note that it does not reduce the total time spent in "rndc reconfig",
and it has no measurable impact on server
>     initial start-up times.) [RT #21373]
>
>   + Direct queries for type RRSIG or SIG (sometimes used while
>     testing) could be handled incorrectly in the case where there is no
answer available. [RT #21050]
>
> Thank You
>
>   Thank you to everyone who assisted us in making this release
>   possible.  If you would like to contribute to ISC to assist us in
continuing to make quality open source software, please visit our
donations page at http://www.isc.org/supportisc.
>
> (c) 2001-2012 Internet Systems Consortium
> _______________________________________________
> bind-announce mailing list
> bind-announce at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-announce
>

More information about the bind-users mailing list