#9542: bind9-9.11.2
-------------------------+-----------------------
Reporter: bdubbs@… | Owner: bdubbs@…
Type: enhancement | Status: assigned
Priority: normal | Milestone: 8.1
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Comment (by bdubbs@…):
4653. [bug] Reorder includes to move @DST_OPENSSL_INC@ and
@ISC_OPENSSL_INC@ after shipped include directories.
[RT #45581]
4649. [bug] The wrong zone was logged when a catalog zone is added.
[RT #45520]
4648. [bug] "rndc reconfig" on a slave no longer causes all member
zones of configured catalog zones to be removed from
configuration. [RT #45310]
4647. [bug] Change 4643 broke verification of TSIG signed TCP
message sequences where not all the messages contain
TSIG records. These may be used in AXFR and IXFR
responses. [RT #45509]
4645. [bug] Fix PKCS#11 RSA parsing when MD5 is disabled.
4643. [security] An error in TSIG handling could permit unauthorized
zone transfers or zone updates. (CVE-2017-3142)
(CVE-2017-3143) [RT #45383]
4642. [cleanup] Add more logging of RFC 5011 events affecting the
status of managed keys: newly observed keys,
deletion of revoked keys, etc. [RT #45354]
4641. [cleanup] Parallel builds (make -j) could fail with --with-atf /
--enable-developer. [RT #45373]
4640. [bug] If query_findversion failed in query_getdb due to
memory failure the error status was incorrectly
discarded. [RT #45331]
4639. [bug] Fix a regression in --with-tuning reporting introduced
by change 4488. [RT #45396]
4638. [bug] Reloading or reconfiguring named could fail on
some platforms when LMDB was in use. [RT #45203]
4636. [bug] Normalize rpz policy zone names when checking for
existence. [RT #45358]
4635. [bug] Fix RPZ NSDNAME logging that was logging
failures as NSIP. [RT #45052]
4634. [contrib] check5011.pl needs to handle optional space before
semi-colon in +multi-line output. [RT #45352]
4633. [maint] Updated AAAA (2001:500:200::b) for B.ROOT-SERVERS.NET.
4632. [security] The BIND installer on Windows used an unquoted
service path, which can enable privilege escalation.
(CVE-2017-3141) [RT #45229]
4631. [security] Some RPZ configurations could go into an infinite
query loop when encountering responses with TTL=0.
(CVE-2017-3140) [RT #45181]
4630. [bug] "dyndb" is dependent on dlopen existing / being
enabled. [RT #45291]
4629. [bug] dns_client_startupdate could not be called with a
running client. [RT #45277]
4628. [bug] Fixed a potential reference leak in query_getdb().
[RT #45247]
4626. [test] Added more tests for handling of different record
ordering in CNAME and DNAME responses. [QA #430]
4625. [bug] Running "rndc addzone" and "rndc delzone" at close
to the same time could trigger a deadlock if using
LMDB. [RT #45209]
4623. [bug] Use --with-protobuf-c and --with-libfstrm to find
protoc-c and fstrm_capture. [RT #45187]
4622. [bug] Remove unnecessary escaping of semicolon in CAA and
URI records. [RT #45216]
4621. [port] Force alignment of oid arrays to silence loader
warnings. [RT #45131]
4620. [port] Handle EPFNOSUPPORT being returned when probing
to see if a socket type is supported. [RT #45214]
4619. [bug] Call isc_mem_put instead of isc_mem_free in
bin/named/server.c:setup_newzones. [RT #45202]
4618. [bug] Check isc_mem_strdup results in dns_view_setnewzones.
Add logging for lmdb call failures. [RT #45204]
4617. [test] Update rndc system test to be more delay tolerant.
[RT #45177]
4616. [bug] When using LMDB, zones deleted using "rndc delzone"
were not correctly removed from the new-zone
database. [RT #45185]
4615. [bug] AD could be set on truncated answer with no records
present in the answer and authority sections.
[RT #45140]
4614. [test] Fixed an error in the sockaddr unit test. [RT #45146]
4612. [bug] Silence 'may be use uninitalised' warning and simplify
the code in lwres/getaddinfo:process_answer.
[RT #45158]
4611. [bug] The default LMDB mapsize was too low and caused
errors after few thousand zones were added using
rndc addzone. A new config option "lmdb-mapsize"
has been introduced to configure the LMDB
mapsize depending on operational needs.
[RT #44954]
4609. [cleanup] Rearrange makefiles to enable parallel execution
(i.e. "make -j"). [RT #45078]
4608. [func] DiG now warns about .local queries which are reserved
for Multicast DNS. [RT #44783]
4606. [port] Stop using experimental "Experimental keys on scalar"
feature of perl as it has been removed. [RT #45012]
4604. [bug] Don't use ERR_load_crypto_strings() when building
with OpenSSL 1.1.0. [RT #45117]
4603. [doc] Automatically generate named.conf(5) man page
from doc/misc/options. Thanks to Tony Finch.
[RT #43525]
4602. [func] Threads are now set to human-readable
names to assist debugging, when supported by
the OS. [RT #43234]
4601. [bug] Reject incorrect RSA key lengths during key
generation and and sign/verify context
creation. [RT #45043]
4600. [bug] Adjust RPZ trigger counts only when the entry
being deleted exists. [RT #43386]
4599. [bug] Fix inconsistencies in inline signing time
comparison that were introduced with the
introduction of rdatasetheader->resign_lsb.
[RT #42112]
4597. [bug] The validator now ignores SHA-1 DS digest type
when a DS record with SHA-384 digest type is
present and is a supported digest type.
[RT #45017]
4596. [bug] Validate glue before adding it to the additional
section. This also fixes incorrect TTL capping
when the RRSIG expired earlier than the TTL.
[RT #45062]
4593. [doc] Update README using markdown, remove outdated FAQ
file in favor of the knowledge base.
4592. [bug] A race condition on shutdown could trigger an
assertion failure in dispatch.c. [RT #43822]
4591. [port] Addressed some python 3 compatibility issues.
Thanks to Ville Skytta. [RT #44955] [RT #44956]
4590. [bug] Support for PTHREAD_MUTEX_ADAPTIVE_NP was not being
properly detected. [RT #44871]
4589. [cleanup] "configure -q" is now silent. [RT #44829]
4588. [bug] nsupdate could send queries for TKEY to the wrong
server when using GSSAPI. Thanks to Tomas Hozza.
[RT #39893]
4587. [bug] named-checkzone failed to handle occulted data below
DNAMEs correctly. [RT #44877]
4586. [func] dig, host and nslookup now use TCP for ANY queries.
[RT #44687]
4585. [port] win32: Set CompileAS value. [RT #42474]
4584. [bug] A number of memory usage statistics were not properly
reported when they exceeded 4G. [RT #44750]
4574. [bug] Dig leaked memory with multiple +subnet options.
[RT #44683]
4555. [func] dig +ednsopt: EDNS options can now be specified by
name in addition to numeric value. [RT #44461]
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/9542#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
