------- Blind-Carbon-Copy
To: bind-annou...@isc.org
From: Mark Andrews <ma...@isc.org>
Subject: BIND 9.5.2rc1 is now available.
Date: Wed, 16 Sep 2009 14:45:09 +1000
Sender: ma...@drugs.dv.isc.org
BIND 9.5.2rc1 is now available.
BIND 9.5.2rc1 is a maintenance release candidate for BIND 9.5.
BIND 9.5.2rc1 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/bind-9.5.2rc1.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/bind-9.5.2rc1.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/bind-9.5.2rc1.tar.gz.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/bind-9.5.2rc1.tar.gz.sha512.asc
The signature was generated with the ISC public key, which is
available at <https://www.isc.org/about/openpgp>.
A binary kit for Windows XP and Window 2003 is at
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/BIND9.5.2rc1.zip
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/BIND9.5.2rc1.debug.zip
The PGP signature of the binary kit for Windows XP and Window 2003 is at
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/BIND9.5.2rc1.zip.asc
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/BIND9.5.2rc1.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/BIND9.5.2rc1.zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/BIND9.5.2rc1.debug.zip.asc
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/BIND9.5.2rc1.debug.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.5.2rc1/BIND9.5.2rc1.debug.zip.sha512.asc
Changes since 9.5.0.
--- 9.5.2rc1 released ---
2672. [bug] Don't enable searching in 'host' when doing reverse
lookups. [RT #20218]
2670. [bug] Unexpected connect failures failed to log enough
information to be useful. [RT #20205]
2663. [func] win32: allow named to run as a service using
"NT AUTHORITY\LocalService" as the account. [RT #19977]
2656. [func] win32: add a "tools only" check box to the installer
which causes it to only install dig, host, nslookup,
nsupdate and relevent dlls. [RT #19998]
2655. [doc] Document that key-directory does not affect
rndc.key. [RT #20155]
--- 9.5.2b1 released ---
2649. [bug] Set the domain for forward only zones. [RT #19944]
2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
which default to 64 bits. [RT #19927]
2642. [bug] nsupdate could dump core on solaris when reading
improperly formatted key files. [RT #20015]
2640. [security] A specially crafted update packet will cause named
to exit. [RT #20000]
2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
[RT #19959]
2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
[RT #19716]
2633. [bug] Handle 15 bit rand() functions. [RT #19783]
2632. [func] util/kit.sh: warn if documentation appears to be out of
date. [RT #19922]
2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
2621. [doc] Made copyright boilterplate consistent. [RT #19833]
2920. [bug] Delay thawing the zone until the reload of it has
completed successfully. [RT #19750]
2618. [bug] The sdb and sdlz db_interator_seek() methods could
loop infinitely. [RT #19847]
2617. [bug] ifconfig.sh failed to emit an error message when
run from the wrong location. [RT #19375]
2616. [bug] 'host' used the nameservers from resolv.conf even
when a explicit nameserver was specified. [RT #19852]
2615. [bug] "__attribute__((unused))" was in the wrong place
for ia64 gcc builds. [RT #19854]
2614. [port] win32: 'named -v' should automatically be executed
in the foreground. [RT #19844]
2610. [port] sunos: Change #2363 was not complete. [RT #19796]
2606. [bug] "delegation-only" was not being accepted in
delegation-only type zones. [RT #19717]
2605. [bug] Accept DS responses from delegation only zones.
[RT # 19296]
2603. [port] win32: handle .exe extension of named-checkzone and
named-comilezone argv[0] names under windows.
[RT #19767]
2602. [port] win32: fix debugging command line build of libisccfg.
[RT #19767]
2599. [bug] Address rapid memory growth when validation fails.
[RT #19654]
2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
long, leading to inefficient memory usage or rejecting
newer cache entries in the worst case. [RT #19563]
2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
2591. [bug] named could die when processing a update in
removed_orphaned_ds(). [RT #19507]
2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
[RT #19626]
2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
or SDB. [RT #19577]
2585. [bug] Uninitialized socket name could be referenced via a
statistics channel, triggering an assertion failure in
XML rendering. [RT #19427]
2584. [bug] alpha: gcc optimization could break atomic operations.
[RT #19227]
2583. [port] netbsd: provide a control to not add the compile
date to the version string, -DNO_VERSION_DATE.
2582. [bug] Don't emit warning log message when we attempt to
remove non-existant journal. [RT #19516]
2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
Requires MySQL 5.0.19 or later. [RT #19084]
2580. [bug] UpdateRej statistics counter could be incremented twice
for one rejection. [RT #19476]
2579. [bug] DNSSEC lookaside validation failed to handle unknown
algorithms. [RT #19479]
2577. [doc] Clarified some statistics counters. [RT #19454]
2573. [bug] Replacing a non-CNAME record with a CNAME record in a
single transaction in a signed zone failed. [RT #19397]
2568. [bug] Report when the write to indicate a otherwise
successful start fails. [RT #19360]
2567. [bug] dst__privstruct_writefile() could miss write errors.
write_public_key() could miss write errors.
[RT #19360]
2564. [bug] Only take EDNS fallback steps when processing timeouts.
[RT #19405]
2563. [bug] Dig could leak a socket causing it to wait forever
to exit. [RT #19359]
2562. [doc] ARM: miscellaneous improvements, reorganization,
and some new content.
2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
2557. [cleanup] PCI compliance:
* new libisc log module file
* isc_dir_chroot() now also changes the working
directory to "/".
* additional INSISTs
* additional logging when files can't be removed.
2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
2552. [bug] zero-no-soa-ttl-cache was not being honoured.
[RT #19340]
2551. [bug] Potential Reference leak on return. [RT #19341]
2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
[RT #19343]
2549. [port] linux: define NR_OPEN if not currently defined.
[RT #19344]
2547. [bug] openssl_link.c:mem_realloc() could reference an
out-of-range area of the source buffer. New public
function isc_mem_reallocate() was introduced to address
this bug. [RT #19313]
2545. [doc] ARM: Legal hostname checking (check-names) is
for SRV RDATA too. [RT #19304]
2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
2542. [doc] Update the description of dig +adflag. [RT #19290]
2541. [bug] Conditionally update dispatch manager statistics.
[RT #19247]
2539. [security] Update the interaction between recursion, allow-query,
allow-query-cache and allow-recursion. [RT #19198]
2538. [bug] cache/ADB memory could grow over max-cache-size,
especially with threads and smaller max-cache-size
values. [RT #19240]
2537. [experimental] Added more statistics counters including those on socket
I/O events and query RTT histograms. [RT #18802]
2536. [cleanup] Silence some warnings when -Werror=format-security is
specified. [RT #19083]
2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
2532. [bug] dig: check the question section of the response to
see if it matches the asked question. [RT #18495]
2531. [bug] Change #2207 was incomplete. [RT #19098]
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [bug] named could reuse cache on reload with
enabling/disabling validation. [RT #19119]
2525. [experimental] New logging category "query-errors" to provide detailed
internal information about query failures, especially
about server failures. [RT #19027]
2523. [bug] Random type rdata freed by dns_nsec_typepresent().
[RT #19112]
2522. [security] Handle -1 from DSA_do_verify().
2521. [bug] Improve epoll cross compilation support. [RT #19047]
2519. [bug] dig/host with -4 or -6 didn't work if more than two
nameserver addresses of the excluded address family
preceded in resolv.conf. [RT #19081]
2517. [bug] dig +trace with -4 or -6 failed when it chose a
nameserver address of the excluded address type.
[RT #18843]
2516. [bug] glue sort for responses was performed even when not
needed. [RT #19039]
2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
a nameserver of the excluded address family.
[RT #18848]
2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
[RT #18885]
2506. [port] solaris: Check at configure time if
hack_shutup_pthreadonceinit is needed. [RT #19037]
2505. [port] Treat amd64 similarly to x86_64 when determining
atomic operation support. [RT #19031]
2503. [port] linux: improve compatibility with Linux Standard
Base. [RT #18793]
2502. [cleanup] isc_radix: Improve compliance with coding style,
document function in <isc/radix.h>. [RT #18534]
2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
function. [RT #18582]
2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
[RT #18837]
--- 9.5.1 released ---
2520. [bug] Update xml statistics version number to 2.0 as change
#2388 made the schema incompatible to the previous
version. [RT #19080]
--- 9.5.1rc2 released ---
2513 [bug] Fix windows cli build. [RT #19062]
2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
[RT #19033]
2509. [bug] Specifying a fixed query source port was broken.
[RT #19051]
2504. [bug] Address race condition in the socket code. [RT #18899]
--- 9.5.1rc1 released ---
2498. [bug] Removed a bogus function argument used with
ISC_SOCKET_USE_POLLWATCH: it could cause compiler
warning or crash named with the debug 1 level
of logging. [RT #18917]
2496. [bug] Add sanity length checks to NSID option. [RT #18813]
2495. [bug] Tighten RRSIG checks. [RT #18795]
2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
installed. [RT #18826]
2493. [bug] The linux capabilites code was not correctly cleaning
up after itself. [RT #18767]
2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
is cleared when IPV6_V6ONLY is set. [RT #18785]
2489. [port] solaris: Workaround Solaris's kernel bug about
/dev/poll:
http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
Define ISC_SOCKET_USE_POLLWATCH at build time to enable
this workaround. [RT #18870]
2487. [bug] Give TCP connections longer to complete. [RT #18675]
2485. [bug] Change update's the handling of obscured RRSIG
records. Not all orphand DS records were being
removed. [RT #18828]
2482. [port] libxml2: support versions 2.7.* in addition
to 2.6.*. [RT #18806]
2479. [bug] xfrout:covers was not properly initalized. [RT #18801]
2478. [bug] 'addresses' could be used uninitalized in
configure_forward(). [RT #18800]
2476. [doc] ARM: improve documentation for max-journal-size and
ixfr-from-differences. [RT #15909] [RT #18541]
--- 9.5.1b3 released ---
2475. [bug] LRU cache cleanup under overmem condition could purge
particular entries more aggressively. [RT #17628]
2474. [bug] ACL structures could be allocated with insufficient
space, causing an array overrun. [RT #18765]
2473. [port] linux: raise the limit on open files to the possible
maximum value before spawning threads; 'files'
specified in named.conf doesn't seem to work with
threads as expected. [RT #18784]
2472. [port] linux: check the number of available cpu's before
calling chroot as it depends on "/proc". [RT #16923]
2471. [bug] named-checkzone was not reporting missing mandatory
glue when sibling checks were disabled. [RT #18768]
2470. [bug] Elements of the isc_radix_node_t could be incorrectly
overwritten. [RT# 18719]
2469. [port] solaris: Work around Solaris's select() limitations.
[RT #18769]
2468. [bug] Resolver could try unreachable servers multiple times.
[RT #18739]
2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
[RT #18302]
2465. [bug] Adb's handling of lame addresses was different
for IPv4 and IPv6. [RT #18738]
2464. [port] linux: check that a capability is present before
trying to set it. [RT #18135]
2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
API and glibc hides parts of the IPv6 Advanced Socket
API as a result. This is stupid as it breaks how the
two halves (Basic and Advanced) of the IPv6 Socket API
were designed to be used but we have to live with it.
Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
API. [RT #18388]
2462. [doc] Document -m (enable memory usage debugging)
option for dig. [RT #18757]
2461. [port] sunos: Change #2363 was not complete. [RT #17513]
2458. [doc] ARM: update and correction for max-cache-size.
[RT #18294]
2457. [tuning] max-cache-size is reverted to 0, the previous
default. It should be safe because expired cache
entries are also purged. [RT #18684]
2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
address, regardless of family. They now correctly
distinguish IPv4 from IPv6. [RT #18559]
2455. [bug] Stop metadata being transferred via axfr/ixfr.
[RT #18639]
2453. [bug] Remove NULL pointer dereference in dns_journal_print().
[RT #18316]
2451. [port] solaris: handle runtime linking better. [RT #18356]
2449. [bug] libbind: Out of bounds reference in dns_ho.c:addrsort.
[RT #18044]
2445. [doc] ARM out-of-date on empty reverse zones (list includes
RFC1918 address, but these are not yet compiled in).
[RT #18578]
2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
(clear DF) for UDP responses and requests.
2387. [bug] Silence compiler warnings in lib/isc/radix.c.
[RT #18147] [RT #18258]
2369. [bug] libbind: Array bounds overrun on read in bitncmp().
[RT #18054]
--- 9.5.1b2 released ---
2443. [bug] win32: UDP connect() would not generate an event,
and so connected UDP sockets would never clean up.
Fix this by doing an immediate WSAConnect() rather
than an io completion port type for UDP.
2442. [bug] A lock could be destroyed twice. [RT# 18626]
2441. [bug] isc_radix_insert() could copy radix tree nodes
incompletely. [RT #18573]
2440. [bug] named-checkconf used an incorrect test to determine
if an ACL was set to none.
2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
[RT #18559]
2438. [bug] Timeouts could be logged incorrectly under win32.
[RT #18617]
2437. [bug] Sockets could be closed too early, leading to
inconsistent states in the socket module. [RT #18298]
2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
2435. [bug] Fixed an ACL memory leak affecting win32.
2434. [bug] Fixed a minor error-reporting bug in
lib/isc/win32/socket.c.
2433. [tuning] Set initial timeout to 800ms.
2432. [bug] More Windows socket handling improvements. Stop
using I/O events and use IO Completion Ports
throughout. Rewrite the receive path logic to make
it easier to support multiple simultaneous
requesters in the future. Add stricter consistency
checking as a compile-time option (define
ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
2431. [bug] Acl processing could leak memory. [RT #18323]
2430. [bug] win32: isc_interval_set() could round down to
zero if the input was less than NS_INTERVAL
nanoseconds. Round up instead. [RT #18549]
2429. [doc] nsupdate should be in section 1 of the man pages.
[RT #18283]
2428. [bug] dns_iptable_merge() mishandled merges of negative
tables. [RT #18409]
2426. [bug] libbind: inet_net_pton() can sometimes return the
wrong value if excessively large net masks are
supplied. [RT #18512]
2425. [bug] named didn't detect unavailable query source addresses
at load time. [RT #18536]
2424. [port] configure now probes for a working epoll
implementation. Allow the use of kqueue,
epoll and /dev/poll to be selected at compile
time. [RT #18277]
2422. [bug] Handle the special return value of a empty node as
if it was a NXRRSET in the validator. [RT #18447]
2421. [func] Add new command line option '-S' for named to specify
the max number of sockets. [RT #18493]
Use caution: this option may not work for some
operating systems without rebuilding named.
2420. [bug] Windows socket handling cleanup. Let the io
completion event send out cancelled read/write
done events, which keeps us from writing to memory
we no longer have ownership of. Add debugging
socket_log() function. Rework TCP socket handling
to not leak sockets.
2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
should not be used for isc_sockettype_fdwatch sockets.
[RT #18521]
2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
[RT #18430]
2417. [bug] Connecting UDP sockets for outgoing queries could
unexpectedly fail with an 'address already in use'
error. [RT #18411]
2416. [func] Log file descriptors that cause exceeding the
internal maximum. [RT #18460]
2415. [bug] 'rndc dumpdb' could trigger various assertion failures
in rbtdb.c. [RT #18455]
2414. [bug] A masterdump context held the database lock too long,
causing various troubles such as dead lock and
recursive lock acquisition. [RT #18311, #18456]
2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
2412. [bug] win32: address a resourse leak. [RT #18374]
2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
at compilation time. [RT #18433]
Note: with changes #2469 and #2421 above, there is no
need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
any more.
2410. [bug] Correctly delete m_versionInfo. [RT #18432]
2409. [bug] Only log that we disabled EDNS processing if we were
subsequently successful. [RT #18029]
2408. [bug] A duplicate TCP dispatch event could be sent, which
could then trigger an assertion failure in
resquery_response(). [RT #18275]
2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2405. [cleanup] The default value for dnssec-validation was changed to
"yes" in 9.5.0-P1 and all subsequent releases; this
was inadvertently omitted from CHANGES at the time.
2404. [port] hpux: files unlimited support.
2403. [bug] TSIG context leak. [RT #18341]
2402. [port] Support Solaris 2.11 and over. [RT #18362]
2401. [bug] Expect to get E[MN]FILE errno internal_accept()
(from accept() or fcntl() system calls). [RT #18358]
2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
[RT #18297]
2398. [bug] Improve file descriptor management. New,
temporary, named.conf option reserved-sockets,
default 512. [RT #18344]
2397. [bug] gssapi_functions bad declaration. [RT #18355]
2396. [bug] Don't set SO_REUSEADDR for randomized ports.
[RT #18336]
2395. [port] Avoid warning and no effect from "files unlimited"
on Linux when running as root. [RT #18335]
2394. [bug] Default configuration options set the limit for
open files to 'unlimited' as described in the
documentation. [RT #18331]
2393. [bug] nested acls containing keys could trigger an
assertion in acl.c. [RT #18166]
2392. [bug] remove 'grep -q' from acl test script, some platforms
don't support it. [RT #18253]
2391. [port] hpux: cover additional recvmsg() error codes.
[RT #18301]
2390. [bug] dispatch.c could make a false warning on 'odd socket'.
[RT #18301].
2389. [bug] Move the "working directory writable" check to after
the ns_os_changeuser() call. [RT #18326]
2388. [bug] Avoid using tables for layout purposes in
statistics XSL [RT #18159].
2386. [func] Add warning about too small 'open files' limit.
[RT #18269]
--- 9.5.1b1 released ---
2385. [bug] A condition variable in socket.c could leak in
rare error handling [RT #17968].
2384. [security] Additional support for query port randomization (change
#2375) including performance improvement and port range
specification. [RT #17949, #18098]
2383. [bug] named could double queries when they resulted in
SERVFAIL due to overkilling EDNS0 failure detection.
[RT #18182]
2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
to ARM.
2381. [port] dlz/mysql: support multiple install layouts for
mysql. <prefix>/include/{,mysql/}mysql.h and
<prefix>/lib/{,mysql/}. [RT #18152]
2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
proofs which, in turn, caused validation failures
for insecure zones immediately below a secure zone
the server was authoritative for. [RT #18112]
2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
TLDs and supported RRs with TTLs [RT #17972]
2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
[RT #18169]
2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
2376. [bug] Change #2144 was not complete.
2375. [security] Fully randomize UDP query ports to improve
forgery resilience. [RT #17949]
2373. [bug] Default values of zone ACLs were re-parsed each time a
new zone was configured, causing an overconsumption
of memory. [RT #18092]
--- 9.5.0 released ---
------- End of Blind-Carbon-Copy
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
