aboutsummaryrefslogtreecommitdiffstats
path: root/CHANGES
diff options
context:
space:
mode:
authorDoug Barton <dougb@FreeBSD.org>2011-08-02 05:18:50 +0000
committerDoug Barton <dougb@FreeBSD.org>2011-08-02 05:18:50 +0000
commit0842d663b7cfb84b478ec937fc1dbc640ceae92b (patch)
tree4385ddab756952a705f233916d0536e76fe9cc58 /CHANGES
parent6a50a75ead6b2f11f0321914c033e8c8670cbb60 (diff)
downloadsrc-0842d663b7cfb84b478ec937fc1dbc640ceae92b.tar.gz
src-0842d663b7cfb84b478ec937fc1dbc640ceae92b.zip
Vendor import of BIND 9.6-ESV-R5vendor/bind9/9.6-ESV-R5
Notes
Notes: svn path=/vendor/bind9/dist-9.6/; revision=224590 svn path=/vendor/bind9/9.6-ESV-R5/; revision=224591; tag=vendor/bind9/9.6-ESV-R5
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES241
1 files changed, 211 insertions, 30 deletions
diff --git a/CHANGES b/CHANGES
index 4a7cadadbf37..2aed92f842fd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,27 +1,208 @@
- --- 9.6-ESV-R4-P3 released ---
+ --- 9.6-ESV-R5 released ---
+
+3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
+ See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
+ [RT #24950]
+
+3132. [bug] Workaround for excessive startup time with large
+ number of zones; allow setting of an environment
+ variable to tune the number of tasks, default is 8,
+ recommends 200 zones per task. If you have 200000
+ zones set the BIND9_ZONE_TASKS_HINT environment
+ variable to 1000 before starting named:
+
+ csh: setenv BIND9_ZONE_TASKS_HINT 1000
+ sh: BIND9_ZONE_TASKS_HINT=1000;
+ export BIND9_ZONE_TASKS_HINT
+
+ Applicable to 9.7, 9.6, auto-tuned in 9.8 and up.
+ [RT #25084]
+
+ --- 9.6-ESV-R5rc1 released ---
+
+3124. [bug] Use an rdataset attribute flag to indicate
3124. [bug] Use an rdataset attribute flag to indicate
negative-cache records rather than using rrtype 0;
this will prevent problems when that rrtype is
- used in actual DNS packets. [RT #24777]
-
- --- 9.6-ESV-R4-P2 released (withdrawn) ---
+ used in actual DNS packets. [RT #24777]
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
- --- 9.6-ESV-R4-P1 released ---
-
3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
trigger an off-by-one error in the ncache code
and crash named. [RT #24650]
-3120. [bug] Named could fail to validate zones listed in a DLV
+3120. [bug] Named could fail to validate zones list in a DLV
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]
+3118. [bug] nsupdate could dump core on shutdown when using
+ SIG(0) keys. [RT #24604]
+
+3113. [doc] Document the relationship between serial-query-rate
+ and NOTIFY messages.
+
+3112. [doc] Add missing descriptions of the update policy name
+ types "ms-self", "ms-subdomain", "krb5-self" and
+ "krb5-subdomain", which allow machines to update
+ their own records, to the BIND 9 ARM.
+
+3110. [bug] dnssec-signzone: Wrong error message could appear
+ when attempting to sign with no KSK. [RT #24369]
+
+3104. [bug] Better support for cross-compiling. [RT #24367]
+
+3099. [test] "dlz" system test now runs but gives R:SKIPPED if
+ not compiled with --with-dlz-filesystem. [RT #24146]
+
+3097. [test] Add a tool to test handling of malformed packets.
+ [RT #24096]
+
+ --- 9.6-ESV-R5b1 released ---
+
+3095. [bug] Handle isolated reserved ports in the port range.
+ [RT #23957]
+
+3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
+ and add setup.sh in order to resolve changing
+ named.conf issue. [RT #23687]
+
+3083. [bug] NOTIFY messages were not being sent when generating
+ a NSEC3 chain incrementally. [RT #23702]
+
+3081. [bug] Failure of DNAME substitution did not return
+ YXDOMAIN. [RT #23591]
+
+3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
+ [RT #23587]
+
+3079. [bug] Handle isc_event_allocate failures in t_tasks.
+ [RT #23572]
+
+3074. [bug] Make the adb cache read through for zone data and
+ glue learn for zone named is authoritative for.
+ [RT #22842]
+
+3071. [bug] has_nsec could be used unintialised in
+ update.c:next_active. [RT #20256]
+
+3069. [cleanup] Silence warnings messages from clang static analysis.
+ [RT #20256]
+
+3068. [bug] Named failed to build with a OpenSSL without engine
+ support. [RT #23473]
+
+3067. [bug] ixfr-from-differences {master|slave}; failed to
+ select the master/slave zones. [RT #23580]
+
+3065. [bug] RRSIG could have time stamps too far in the future.
+ [RT #23356]
+
+3064. [bug] powerpc: add sync instructions to the end of atomic
+ operations. [RT #23469]
+
+3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
+
+3059. [test] Added a regression test for change #3023.
+
+3058. [bug] Cause named to terminate at startup or rndc reconfig/
+ reload to fail, if a log file specified in the conf
+ file isn't a plain file. [RT #22771]
+
+3053. [bug] Under a sustained high query load with a finite
+ max-cache-size, it was possible for cache memory
+ to be exhausted and not recovered. [RT #23371]
+
+3051. [bug] NS records obsure DNAME records at the bottom of the
+ zone if both are present. [RT #23035]
+
+3046. [bug] Use RRSIG original TTL to compute validated RRset
+ and RRSIG TTL. [RT #23332]
+
+3044. [bug] Hold the socket manager lock while freeing the socket.
+ [RT #23333]
+
+3043. [test] Merged in the NetBSD ATF test framework (currently
+ version 0.12) for development of future unit tests.
+ Use configure --with-atf to build ATF internally
+ or configure --with-atf=prefix to use an external
+ copy. [RT #23209]
+
+3042. [bug] dig +trace could fail attempting to use IPv6
+ addresses on systems with only IPv4 connectivity.
+ [RT #23297]
+
+3041. [bug] dnssec-signzone failed to generate new signatures on
+ ttl changes. [RT #23330]
+
+3040. [bug] Named failed to validate insecure zones where a node
+ with a CNAME existed between the trust anchor and the
+ top of the zone. [RT #23338]
+
+3037. [doc] Update COPYRIGHT to contain all the individual
+ copyright notices that cover various parts.
+
+3036. [bug] Check built-in zone arguments to see if the zone
+ is re-usable or not. [RT #21914]
+
+3035. [cleanup] Simplify by using strlcpy. [RT #22521]
+
+3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
+
+3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
+ [RT #22521]
+
+3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
+
+3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
+ [RT #22521]
+
+3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
+ [RT #22521]
+
+3029. [bug] isc_netaddr_format() handle a zero sized buffer.
+ [RT #22521]
+
+3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
+ [RT #22521]
+
+3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
+ catch NULL pointer dereferences before they happen.
+ [RT #22521]
+
+3026. [bug] lib/isc/httpd.c: check that we have enough space
+ after calling grow_headerspace() and if not
+ re-call grow_headerspace() until we do. [RT #22521]
+
+3025. [bug] Fixed a possible deadlock due to zone resigning.
+ [RT #22964]
+
+3023. [bug] Named could be left in an inconsistent state when
+ receiving multiple AXFR response messages that were
+ not all TSIG-signed. [RT #23254]
+
+3019. [test] Test: check apex NSEC3 records after adding DNSKEY
+ record via UPDATE. [RT #23229]
+
+3018. [bug] Named failed to check for the "none;" acl when deciding
+ if a zone may need to be re-signed. [RT #23120]
+
+3016. [bug] rndc usage missing '-b'. [RT #22937]
+
+3015. [port] win32: fix IN6_IS_ADDR_LINKLOCAL and
+ IN6_IS_ADDR_SITELOCAL macros. [RT #22724]
+
+3014. [bug] Fix the zonechecks system test to match expected
+ behaviour for 9.6 and to fail on error. [RT #22905]
+
+3012. [bug] Remove DNSKEY TTL change pairs before generating
+ signing records for any remaining DNSKEY changes.
+ [RT #22590]
+
--- 9.6-ESV-R4 released ---
--- 9.6.3 released ---
@@ -72,7 +253,7 @@
2976. [bug] named could die on exit after negotiating a GSS-TSIG
key. [RT #22573]
-2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the
+2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() acquired the
wrong lock which could lead to server deadlock.
[RT #22614]
@@ -172,7 +353,7 @@
2905. [port] aix: set use_atomic=yes with native compiler.
[RT #21402]
-2904. [bug] When using DLV, sub-zones of the zones in the DLV,
+2904. [bug] When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]
@@ -420,7 +601,7 @@
2790. [bug] Handle DS queries to stub zones. [RT #20440]
-2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
+2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2786. [bug] Additional could be promoted to answer. [RT #20663]
@@ -616,9 +797,9 @@
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
-2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
+2623. [bug] Named started searches for DS non-optimally. [RT #19915]
-2621. [doc] Made copyright boilterplate consistent. [RT #19833]
+2621. [doc] Made copyright boilerplate consistent. [RT #19833]
2620. [bug] Delay thawing the zone until the reload of it has
completed successfully. [RT #19750]
@@ -848,13 +1029,13 @@
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
-2528. [cleanup] Silence spurious configure warning about
+2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [bug] named could reuse cache on reload with
enabling/disabling validation. [RT #19119]
-2525. [experimental] New logging category "query-errors" to provide detailed
+2525. [func] New logging category "query-errors" to provide detailed
internal information about query failures, especially
about server failures. [RT #19027]
@@ -1111,13 +1292,13 @@
2441. [bug] isc_radix_insert() could copy radix tree nodes
incompletely. [RT #18573]
-2440. [bug] named-checkconf used an incorrect test to determine
+2440. [bug] named-checkconf used an incorrect test to determine
if an ACL was set to none.
-2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
+2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
[RT #18559]
-2438. [bug] Timeouts could be logged incorrectly under win32.
+2438. [bug] Timeouts could be logged incorrectly under win32.
2437. [bug] Sockets could be closed too early, leading to
inconsistent states in the socket module. [RT #18298]
@@ -1131,7 +1312,7 @@
2433. [tuning] Set initial timeout to 800ms.
-2432. [bug] More Windows socket handling improvements. Stop
+2432. [bug] More Windows socket handling improvements. Stop
using I/O events and use IO Completion Ports
throughout. Rewrite the receive path logic to make
it easier to support multiple simultaneous
@@ -1166,7 +1347,7 @@
epoll and /dev/poll to be selected at compile
time. [RT #18277]
-2423. [security] Randomize server selection on queries, so as to
+2423. [security] Randomize server selection on queries, so as to
make forgery a little more difficult. Instead of
always preferring the server with the lowest RTT,
pick a server with RTT within the same 128
@@ -1180,7 +1361,7 @@
Use caution: this option may not work for some
operating systems without rebuilding named.
-2420. [bug] Windows socket handling cleanup. Let the io
+2420. [bug] Windows socket handling cleanup. Let the io
completion event send out canceled read/write
done events, which keeps us from writing to memory
we no longer have ownership of. Add debugging
@@ -1502,7 +1683,7 @@
2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
[RT #17513]
-2315. [bug] Used incorrect address family for mapped IPv4
+2315. [bug] Used incorrect address family for mapped IPv4
addresses in acl.c. [RT #17519]
2314. [bug] Uninitialized memory use on error path in
@@ -1514,14 +1695,14 @@
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
[RT #17458]
-2311. [bug] IPv6 addresses could match IPv4 ACL entries and
+2311. [bug] IPv6 addresses could match IPv4 ACL entries and
vice versa. [RT #17462]
2310. [bug] dig, host, nslookup: flush stdout before emitting
debug/fatal messages. [RT #17501]
-2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
- [RT #17455]
+2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
+ [RT #17455]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
[RT #17495]
@@ -1573,7 +1754,7 @@
2292. [bug] Log if the working directory is not writable.
[RT #17312]
-2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
+2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
failure to set PR_SET_DUMPABLE. [RT #17312]
2290. [bug] Let AD in the query signal that the client wants AD
@@ -1611,7 +1792,7 @@
2280. [func] Allow the experimental http server to be reached
over IPv6 as well as IPv4. [RT #17332]
-2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
+2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
to protect applications from receiving spurious
SIGPIPE signals when using the resolver.
@@ -1646,9 +1827,9 @@
--- 9.5.0b1 released ---
-2267. [bug] Radix tree node_num value could be set incorrectly,
- causing positive ACL matches to look like negative
- ones. [RT #17311]
+2267. [bug] Radix tree node_num value could be set incorrectly,
+ causing positive ACL matches to look like negative
+ ones. [RT #17311]
2266. [bug] client.c:get_clientmctx() returned the same mctx
once the pool of mctx's was filled. [RT #17218]
@@ -1664,7 +1845,7 @@
2262. [bug] Error status from all but the last view could be
lost. [RT #17292]
-2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
+2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
2260. [bug] Reported wrong clients-per-query when increasing the
value. [RT #17236]