From: Mark Andrews <marka@isc.org>
Date: Tue, 31 May 2011 00:06:31 +0000 (+0000)
Subject: update for 9.4-ESV-R5rc1 retag
X-Git-Tag: v9.4-ESV-R5~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0df807f2dcf9202f6959c5225bbb1d320079c280;p=thirdparty%2Fbind9.git

update for 9.4-ESV-R5rc1 retag
---

diff --git a/RELEASE-NOTES-BIND-9.4-ESV.html b/RELEASE-NOTES-BIND-9.4-ESV.html
index e2ff4d90f03..3be8ee77713 100644
--- a/RELEASE-NOTES-BIND-9.4-ESV.html
+++ b/RELEASE-NOTES-BIND-9.4-ESV.html
@@ -1,50 +1,33 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--
- - Copyright (C) 2010, 2011  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: RELEASE-NOTES-BIND-9.4-ESV.html,v 1.1.2.6 2011/05/24 00:16:01 tbox Exp $ -->
-
 <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" href="release-notes.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article"><div class="titlepage"><hr /></div>
 
-  <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2601536"></a>Introduction</h2></div></div></div>
+  <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2691638"></a>Introduction</h2></div></div></div>
     
     <p>
-			BIND 9.4-ESV-R5 is a maintenance release for BIND 9.4-ESV.
+			BIND 9.4-ESV-R5rc1 is the first release
+			candidate of BIND 9.4-ESV-R5.
 		</p>
     <p>
-			This document summarizes changes from BIND 9.4-ESV-R4 to BIND 9.4-ESV-R5.
+			This document summarizes changes from BIND 9.4-ESV-R4 to BIND 9.4-ESV-R5rc1.
 			Please see the CHANGES file in the source code release for a
 			complete list of all changes.
 		</p>
   </div>
 
-  <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468037"></a>Download</h2></div></div></div>
+  <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558148"></a>Download</h2></div></div></div>
     
     <p>
 			The latest release of BIND 9 software can always be found
 	 		on our web site at
-      <a class="ulink" href="http://www.isc.org/software/bind" target="_top">http://www.isc.org/software/bind</a>.
+      <a class="ulink" href="http://www.isc.org/downloads/all" target="_top">http://www.isc.org/downloads/all</a>.
   		There you will find additional information about each release,
  			source code, and some pre-compiled versions for certain operating
  			systems.
 		</p>
   </div>
 
-  <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468082"></a>Support</h2></div></div></div>
+  <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2691576"></a>Support</h2></div></div></div>
     
     <p>Product support information is available on
       <a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
@@ -55,37 +38,43 @@
     </p>
   </div>
 
-  <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468026"></a>New Features</h2></div></div></div>
+  <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558212"></a>New Features</h2></div></div></div>
     
-		<div class="section" title="9.4-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3468048"></a>9.4-ESV-R5</h3></div></div></div>
+		<div class="section" title="9.4-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3558218"></a>9.4-ESV-R5rc1</h3></div></div></div>
 			
 			<p>None.</p>
 		</div>
   </div>
 
-  <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2601537"></a>Feature Changes</h2></div></div></div>
+  <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558228"></a>Feature Changes</h2></div></div></div>
     
-		<div class="section" title="9.4-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3468141"></a>9.4-ESV-R5</h3></div></div></div>
+		<div class="section" title="9.4-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3558234"></a>9.4-ESV-R5rc1</h3></div></div></div>
 			
 			<p>None.</p>
 		</div>
   </div>
 
-  <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468153"></a>Security Fixes</h2></div></div></div>
+  <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558244"></a>Security Fixes</h2></div></div></div>
     
-		<div class="section" title="9.4-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3468158"></a>9.4-ESV-R5</h3></div></div></div>
+		<div class="section" title="9.4-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3558250"></a>9.4-ESV-R5rc1</h3></div></div></div>
 			
 			<div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
 A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled allows
 for a TCP DoS attack. Until there is a kernel fix, ISC is disabling
 SO_ACCEPTFILTER support in BIND. [RT #22589]
+</li><li class="listitem">
+named, set up to be a caching resolver, is vulnerable to a
+user querying a domain with very large resource record sets (RRSets)
+when trying to negatively cache the response. Due to an off-by-one
+error, caching the response could cause named to crash. [RT #24650]
+[CVE-2011-1910]
 </li></ul></div>
 		</div>
   </div>
 
-  <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468175"></a>Bug Fixes</h2></div></div></div>
+  <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558275"></a>Bug Fixes</h2></div></div></div>
     
-		<div class="section" title="9.4-ESV-R5"><div class="titlepage"><div><div><h3 class="title"><a id="id3468180"></a>9.4-ESV-R5</h3></div></div></div>
+		<div class="section" title="9.4-ESV-R5rc1"><div class="titlepage"><div><div><h3 class="title"><a id="id3558280"></a>9.4-ESV-R5rc1</h3></div></div></div>
 			
 	    <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
 During RFC5011 processing some journal write errors were not detected.
@@ -157,11 +146,14 @@ add setup.sh in order to resolve changing named.conf issue. [RT #23687]
 The autosign tests attempted to open ports within reserved ranges. Test
 now avoids those ports.
 [RT #23957]
+</li><li class="listitem">
+Named could fail to validate zones list in a DLV that validated insecure
+without using DLV and had DS records in the parent zone. [RT #24631]
 </li></ul></div>
 		</div>
   </div>
 
-  <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3468296"></a>Thank You</h2></div></div></div>
+  <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3558396"></a>Thank You</h2></div></div></div>
     
     <p>
       Thank you to everyone who assisted us in making this release possible.
diff --git a/RELEASE-NOTES-BIND-9.4-ESV.pdf b/RELEASE-NOTES-BIND-9.4-ESV.pdf
index 40bdce8155b..a138ec839c2 100644
Binary files a/RELEASE-NOTES-BIND-9.4-ESV.pdf and b/RELEASE-NOTES-BIND-9.4-ESV.pdf differ
diff --git a/RELEASE-NOTES-BIND-9.4-ESV.txt b/RELEASE-NOTES-BIND-9.4-ESV.txt
index f810985eb8f..12cf76b14fc 100644
--- a/RELEASE-NOTES-BIND-9.4-ESV.txt
+++ b/RELEASE-NOTES-BIND-9.4-ESV.txt
@@ -2,16 +2,16 @@
 
 Introduction
 
-   BIND 9.4-ESV-R5 is a maintenance release for BIND 9.4-ESV.
+   BIND 9.4-ESV-R5rc1 is the first release candidate of BIND 9.4-ESV-R5.
 
    This document summarizes changes from BIND 9.4-ESV-R4 to BIND
-   9.4-ESV-R5. Please see the CHANGES file in the source code release for
-   a complete list of all changes.
+   9.4-ESV-R5rc1. Please see the CHANGES file in the source code release
+   for a complete list of all changes.
 
 Download
 
    The latest release of BIND 9 software can always be found on our web
-   site at http://www.isc.org/software/bind. There you will find
+   site at http://www.isc.org/downloads/all. There you will find
    additional information about each release, source code, and some
    pre-compiled versions for certain operating systems.
 
@@ -25,27 +25,32 @@ Support
 
 New Features
 
-9.4-ESV-R5
+9.4-ESV-R5rc1
 
    None.
 
 Feature Changes
 
-9.4-ESV-R5
+9.4-ESV-R5rc1
 
    None.
 
 Security Fixes
 
-9.4-ESV-R5
+9.4-ESV-R5rc1
 
      * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
        allows for a TCP DoS attack. Until there is a kernel fix, ISC is
        disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
+     * named, set up to be a caching resolver, is vulnerable to a user
+       querying a domain with very large resource record sets (RRSets)
+       when trying to negatively cache the response. Due to an off-by-one
+       error, caching the response could cause named to crash. [RT #24650]
+       [CVE-2011-1910]
 
 Bug Fixes
 
-9.4-ESV-R5
+9.4-ESV-R5rc1
 
      * During RFC5011 processing some journal write errors were not
        detected. This could lead to managed-keys changes being committed
@@ -99,6 +104,9 @@ Bug Fixes
        setup.sh in order to resolve changing named.conf issue. [RT #23687]
      * The autosign tests attempted to open ports within reserved ranges.
        Test now avoids those ports. [RT #23957]
+     * Named could fail to validate zones list in a DLV that validated
+       insecure without using DLV and had DS records in the parent zone.
+       [RT #24631]
 
 Thank You