+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<article xmlns="http://docbook.org/ns/docbook"
- xmlns:xl="http://www.w3.org/1999/xlink" version="5.0">
-
- <section>
- <title>Introduction</title>
- <para>
- BIND 9.4-ESV-R5rc1 is the first release
- candidate of BIND 9.4-ESV-R5.
- </para>
- <para>
- This document summarizes changes from BIND 9.4-ESV-R4 to BIND 9.4-ESV-R5rc1.
- Please see the CHANGES file in the source code release for a
- complete list of all changes.
- </para>
- </section>
-
- <section>
- <title>Download</title>
- <para>
- The latest release of BIND 9 software can always be found
- on our web site at
- <link xl:href="http://www.isc.org/downloads/all">http://www.isc.org/downloads/all</link>.
- There you will find additional information about each release,
- source code, and some pre-compiled versions for certain operating
- systems.
- </para>
- </section>
-
- <section>
- <title>Support</title>
- <para>Product support information is available on
- <link xl:href="http://www.isc.org/services/support">http://www.isc.org/services/support</link>
- for paid support options. Free support is provided by our user
- community via a mailing list. Information on all public email
- lists is available at
- <link xl:href="https://lists.isc.org/mailman/listinfo">https://lists.isc.org/mailman/listinfo</link>.
- </para>
- </section>
-
- <section>
- <title>New Features</title>
- <section>
- <title>9.4-ESV-R5rc1</title>
- <para>None.</para>
- </section>
- </section>
-
- <section>
- <title>Feature Changes</title>
- <section>
- <title>9.4-ESV-R5rc1</title>
- <para>None.</para>
- </section>
- </section>
-
- <section>
- <title>Security Fixes</title>
- <section>
- <title>9.4-ESV-R5rc1</title>
- <itemizedlist>
-<listitem>
-A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled allows
-for a TCP DoS attack. Until there is a kernel fix, ISC is disabling
-SO_ACCEPTFILTER support in BIND. [RT #22589]
-</listitem>
-<listitem>
-named, set up to be a caching resolver, is vulnerable to a
-user querying a domain with very large resource record sets (RRSets)
-when trying to negatively cache the response. Due to an off-by-one
-error, caching the response could cause named to crash. [RT #24650]
-[CVE-2011-1910]
-</listitem>
- </itemizedlist>
- </section>
- </section>
-
- <section>
- <title>Bug Fixes</title>
- <section>
- <title>9.4-ESV-R5rc1</title>
- <itemizedlist>
-<listitem>
-Improved the mechanism for flagging database entries as negative
-cache records; the former method, RR type 0, could be ambiguous.
-[RT #24777]
-</listitem>
-<listitem>
-During RFC5011 processing some journal write errors were not detected.
-This could lead to managed-keys changes being committed but not
-recorded in the journal files, causing potential inconsistencies
-during later processing. [RT #20256]
-</listitem>
-<listitem>
-A potential NULL pointer deference in the DNS64 code could cause
-named to terminate unexpectedly. [RT #20256]
-</listitem>
-<listitem>
-A state variable relating to DNSSEC could fail to be set during
-some infrequently-executed code paths, allowing it to be used whilst
-in an unitialized state during cache updates, with unpredictable results.
-[RT #20256]
-</listitem>
-<listitem>
-A potential NULL pointer deference in DNSSEC signing code could
-cause named to terminate unexpectedly [RT #20256]
-</listitem>
-<listitem>
-Several cosmetic code changes were made to silence warnings
-generated by a static code analysis tool. [RT #20256]
-</listitem>
-<listitem>
-Cause named to terminate at startup or rndc reconfig
-reload to fail, if a log file specified in the
-conf file isn't a plain file. (RT #22771]
-</listitem>
-<listitem>
-Prior to this fix, when named was was writing a zone to disk (as slave,
-when resigning, etc.), it might not correctly preserve the case of domain
-name labels within RDATA, if the RDATA was not compressible. The result
-is that when reloading the zone from disk would, named could serve data
-that did not match the RRSIG for that data, due to case mismatch. named
-now correctly preserves case. After upgrading to fixed code, the operator
-should either resign the data (on the master) or delete the disk file
-on the slave and reload the zone. [RT #22863]
-</listitem>
-<listitem>
-Fix the zonechecks system test to fail on error (warning in 9.6,
-fatal in 9.7) to match behaviour for 9.4. [RT #22905]
-</listitem>
-<listitem>
-There was a bug in how the clients-per-query code worked with some
-query patterns. This could result, in rare circumstances, in having all
-the client query slots filled with queries for the same DNS label,
-essentially ignoring the max-clients-per-query setting.
-[RT #22972]
-</listitem>
-<listitem>
-Fixed precedence order bug with NS and DNAME records if both are present.
-(Also fixed timing of autosign test in 9.7+) [RT #23035]
-</listitem>
-<listitem>
-Changing TTL did not cause dnssec-signzone to generate new signatures.
-[RT #23330]
-</listitem>
-<listitem>
-If named encountered a CNAME instead of a DS record when walking
-the chain of trust down from the trust anchor, it incorrectly stopped
-validating. [RT #23338]
-</listitem>
-<listitem>
-RRSIG records could have time stamps too far in the future.
-[RT #23356]
-</listitem>
-<listitem>
-If running on a powerpc CPU and with atomic operations enabled,
-named could lock up. Added sync instructions to the end of atomic
-operations. [RT #23469]
-</listitem>
-<listitem>
-ixfr-from-differences {master|slave};
-failed to select the master/slave zones, resulting in on diff/journal
-file being created.
-[RT #23580]
-</listitem>
-<listitem>
-Remove bin/tests/system/logfileconfig/ns1/named.conf and
-add setup.sh in order to resolve changing named.conf issue. [RT #23687]
-</listitem>
-<listitem>
-The autosign tests attempted to open ports within reserved ranges. Test
-now avoids those ports.
-[RT #23957]
-</listitem>
-<listitem>
-Named could fail to validate zones list in a DLV that validated insecure
-without using DLV and had DS records in the parent zone. [RT #24631]
-</listitem>
- </itemizedlist>
- </section>
- </section>
-
- <section>
- <title>Thank You</title>
- <para>
- Thank you to everyone who assisted us in making this release possible.
- If you would like to contribute to ISC to assist us in continuing to make
- quality open source software, please visit our donations page at
- <link xl:href="http://www.isc.org/supportisc">http://www.isc.org/supportisc</link>.
- </para>
- </section>
-</article>
projects / thirdparty / bind9.git / commitdiff
