-3096. [bug] Set KRB5_KTNAME before calling log_cred() in
- dst_gssapi_acceptctx(). [RT #24004]
+
+ --- 9.6-ESV-R5b1 released ---
3095. [bug] Handle isolated reserved ports in the port range.
[RT #23957]
-3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
- and add setup.sh in order to resolve changing
- named.conf issue. [RT #23687]
+3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
+ and add setup.sh in order to resolve changing
+ named.conf issue. [RT #23687]
3083. [bug] NOTIFY messages were not being sent when generating
a NSEC3 chain incrementally. [RT #23702]
3042. [bug] dig +trace could fail attempting to use IPv6
addresses on systems with only IPv4 connectivity.
- [RT #23797]
+ [RT #23297]
3041. [bug] dnssec-signzone failed to generate new signatures on
ttl changes. [RT #23330]
3036. [bug] Check built-in zone arguments to see if the zone
is re-usable or not. [RT #21914]
-3035. [cleanup] Simplify by using strlcpy. [RT #22521]
+3035. [cleanup] Simplify by using strlcpy. [RT #22521]
3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
3026. [bug] lib/isc/httpd.c: check that we have enough space
after calling grow_headerspace() and if not
re-call grow_headerspace() until we do. [RT #22521]
-
+
3025. [bug] Fixed a possible deadlock due to zone resigning.
[RT #22964]
signing records for any remaining DNSKEY changes.
[RT #22590]
+ --- 9.6-ESV-R4 released ---
+
--- 9.6.3 released ---
3009. [bug] clients-per-query code didn't work as expected with
2905. [port] aix: set use_atomic=yes with native compiler.
[RT #21402]
-2904. [bug] When using DLV, sub-zones of the zones in the DLV,
+2904. [bug] When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]
2790. [bug] Handle DS queries to stub zones. [RT #20440]
-2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
+2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2786. [bug] Additional could be promoted to answer. [RT #20663]
2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
-2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
+2623. [bug] Named started searches for DS non-optimally. [RT #19915]
-2621. [doc] Made copyright boilterplate consistent. [RT #19833]
+2621. [doc] Made copyright boilerplate consistent. [RT #19833]
2620. [bug] Delay thawing the zone until the reload of it has
completed successfully. [RT #19750]
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
-2528. [cleanup] Silence spurious configure warning about
+2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [bug] named could reuse cache on reload with
enabling/disabling validation. [RT #19119]
-2525. [experimental] New logging category "query-errors" to provide detailed
+2525. [func] New logging category "query-errors" to provide detailed
internal information about query failures, especially
about server failures. [RT #19027]
2441. [bug] isc_radix_insert() could copy radix tree nodes
incompletely. [RT #18573]
-2440. [bug] named-checkconf used an incorrect test to determine
+2440. [bug] named-checkconf used an incorrect test to determine
if an ACL was set to none.
-2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
+2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
[RT #18559]
-2438. [bug] Timeouts could be logged incorrectly under win32.
+2438. [bug] Timeouts could be logged incorrectly under win32.
2437. [bug] Sockets could be closed too early, leading to
inconsistent states in the socket module. [RT #18298]
2433. [tuning] Set initial timeout to 800ms.
-2432. [bug] More Windows socket handling improvements. Stop
+2432. [bug] More Windows socket handling improvements. Stop
using I/O events and use IO Completion Ports
throughout. Rewrite the receive path logic to make
it easier to support multiple simultaneous
epoll and /dev/poll to be selected at compile
time. [RT #18277]
-2423. [security] Randomize server selection on queries, so as to
+2423. [security] Randomize server selection on queries, so as to
make forgery a little more difficult. Instead of
always preferring the server with the lowest RTT,
pick a server with RTT within the same 128
Use caution: this option may not work for some
operating systems without rebuilding named.
-2420. [bug] Windows socket handling cleanup. Let the io
+2420. [bug] Windows socket handling cleanup. Let the io
completion event send out canceled read/write
done events, which keeps us from writing to memory
we no longer have ownership of. Add debugging
2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
[RT #17513]
-2315. [bug] Used incorrect address family for mapped IPv4
+2315. [bug] Used incorrect address family for mapped IPv4
addresses in acl.c. [RT #17519]
2314. [bug] Uninitialized memory use on error path in
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
[RT #17458]
-2311. [bug] IPv6 addresses could match IPv4 ACL entries and
+2311. [bug] IPv6 addresses could match IPv4 ACL entries and
vice versa. [RT #17462]
2310. [bug] dig, host, nslookup: flush stdout before emitting
debug/fatal messages. [RT #17501]
-2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
- [RT #17455]
+2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
+ [RT #17455]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
[RT #17495]
2292. [bug] Log if the working directory is not writable.
[RT #17312]
-2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
+2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
failure to set PR_SET_DUMPABLE. [RT #17312]
2290. [bug] Let AD in the query signal that the client wants AD
2280. [func] Allow the experimental http server to be reached
over IPv6 as well as IPv4. [RT #17332]
-2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
+2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
to protect applications from receiving spurious
SIGPIPE signals when using the resolver.
--- 9.5.0b1 released ---
-2267. [bug] Radix tree node_num value could be set incorrectly,
- causing positive ACL matches to look like negative
- ones. [RT #17311]
+2267. [bug] Radix tree node_num value could be set incorrectly,
+ causing positive ACL matches to look like negative
+ ones. [RT #17311]
2266. [bug] client.c:get_clientmctx() returned the same mctx
once the pool of mctx's was filled. [RT #17218]
2262. [bug] Error status from all but the last view could be
lost. [RT #17292]
-2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
+2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
2260. [bug] Reported wrong clients-per-query when increasing the
value. [RT #17236]
2657. [cleanup] Lower "journal file <path> does not exist, creating it"
log level to debug 1. [RT #20058]
-2655. [doc] Document that key-directory does not affect
- bind.keys, rndc.key or session.key. [RT #20155]
-
2654. [bug] Improve error reporting on duplicated names for
deny-answer-xxx. [RT #20164]
"insecurity proof failed" instead of "not
insecure". [RT #19400]
-2537. [func] Added more statistics counters including those on socket
- I/O events and query RTT histograms. [RT #18802]
+2525. [experimental] New logging category "query-errors" to provide detailed
+ internal information about query failures, especially
+ about server failures. [RT #19027]
+
+2537. [func] Added more statistics counters including those on socket
+ I/O events and query RTT histograms. [RT #18802]
+
+2655. [doc] Document that key-directory does not affect
+ rndc.key. [RT #20155]
+
+2834. [bug] HMAC-SHA* keys that were longer than the algorithm
+ digest length were used incorrectly, leading to
+ interoperability problems with other DNS
+ implementations. This has been corrected.
+ (Note: If an oversize key is in use, and
+ compatibility is needed with an older release of
+ BIND, the new tool "isc-hmac-fixup" can convert
+ the key secret to a form that will work with all
+ versions.) [RT #20751]
+
+2840. [bug] Temporary fixed pkcs11-destroy usage check.
+ [RT #20760]
+
+3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
+ for refreshing managed-keys. [RT #22296]
+
+3013. [bug] The DNS64 ttl was not always being set as expected.
+ [RT #23034]
+
+3017. [doc] dnssec-keyfromlabel -I was not properly documented.
+ [RT #22887]
+
+3020. [bug] auto-dnssec failed to correctly update the zone when
+ changing the DNSKEY RRset. [RT #23232]
+
+3021. [bug] Change #3010 was incomplete. [RT #22296]
+
+3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
+ [RT #23246]
+
+3038. [bug] Install <dns/rpz.h>. [RT #23342]
+
+3045. [removed] Replaced by change #3050.
+
+3048. [bug] Fully separate view key mangement. [RT #23419]
+
+3050. [bug] The autosign system test was timing dependent.
+ Wait for the initial autosigning to complete
+ before running the rest of the test. [RT #23035]
+
+3052. [test] Fixed last autosign test report. [RT #23256]
+
+3054. [bug] Added elliptic curve support check in
+ GOST OpenSSL engine detection. [RT #23485]
+
+3057. [bug] "rndc secroots" would abort after the first error
+ and so could miss some views. [RT #23488]
+
+3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
+ [RT #20256]
+
+3073. [bug] managed-keys changes were not properly being recorded.
+ [RT #20256]
+
+3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant
+ timestamp when determining which keys are active.
+ [RT #23642]
+
+3077. [bug] zone.c:zone_refreshkeys() incorrectly called
+ dns_zone_attach(), use zone->irefs instead. [RT #23303]
+
+3082. [port] strtok_r is threads only. [RT #23747]
+
+3086. [bug] Running dnssec-settime -f on an old-style key will
+ now force an update to the new key format even if no
+ other change has been specified, using "-P now -A now"
+ as default values. [RT #22474]
+
+3087. [bug] DDNS updates using SIG(0) with update-policy match
+ type "external" could cause a crash. [RT #23735]
+
+3091. [bug] Fixed a bug in which zone keys that were published
+ and then subsequently activated could fail to trigger
+ automatic signing. [RT #22911]
+
+3094. [doc] Expand dns64 documentation.
+
+3096. [bug] Set KRB5_KTNAME before calling log_cred() in
+ dst_gssapi_acceptctx(). [RT #24004]
-2525. [func] New logging category "query-errors" to provide detailed
- internal information about query failures, especially
- about server failures. [RT #19027]
+2655. [doc] Document that key-directory does not affect
+ bind.keys, rndc.key or session.key. [RT #20155]
+2810. [doc] Clarified the process of transitioning an NSEC3 zone
+ to insecure. [RT #20746]
projects / thirdparty / bind9.git / commitdiff
