From: Mark Andrews Date: Sun, 24 Jul 2011 07:52:48 +0000 (+0000) Subject: remove X-Git-Tag: v9.4-ESV-R5~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=154b0052a539c0885f782bb47cb382a7112b6940;p=thirdparty%2Fbind9.git remove --- diff --git a/RELEASE-NOTES-BIND-9.4-ESV.xml b/RELEASE-NOTES-BIND-9.4-ESV.xml deleted file mode 100644 index e4e3aac453c..00000000000 --- a/RELEASE-NOTES-BIND-9.4-ESV.xml +++ /dev/null @@ -1,192 +0,0 @@ - -
- -
- Introduction - - BIND 9.4-ESV-R5rc1 is the first release - candidate of BIND 9.4-ESV-R5. - - - This document summarizes changes from BIND 9.4-ESV-R4 to BIND 9.4-ESV-R5rc1. - Please see the CHANGES file in the source code release for a - complete list of all changes. - -
- -
- Download - - The latest release of BIND 9 software can always be found - on our web site at - http://www.isc.org/downloads/all. - There you will find additional information about each release, - source code, and some pre-compiled versions for certain operating - systems. - -
- -
- Support - Product support information is available on - http://www.isc.org/services/support - for paid support options. Free support is provided by our user - community via a mailing list. Information on all public email - lists is available at - https://lists.isc.org/mailman/listinfo. - -
- -
- New Features -
- 9.4-ESV-R5rc1 - None. -
-
- -
- Feature Changes -
- 9.4-ESV-R5rc1 - None. -
-
- -
- Security Fixes -
- 9.4-ESV-R5rc1 - - -A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled allows -for a TCP DoS attack. Until there is a kernel fix, ISC is disabling -SO_ACCEPTFILTER support in BIND. [RT #22589] - - -named, set up to be a caching resolver, is vulnerable to a -user querying a domain with very large resource record sets (RRSets) -when trying to negatively cache the response. Due to an off-by-one -error, caching the response could cause named to crash. [RT #24650] -[CVE-2011-1910] - - -
-
- -
- Bug Fixes -
- 9.4-ESV-R5rc1 - - -Improved the mechanism for flagging database entries as negative -cache records; the former method, RR type 0, could be ambiguous. -[RT #24777] - - -During RFC5011 processing some journal write errors were not detected. -This could lead to managed-keys changes being committed but not -recorded in the journal files, causing potential inconsistencies -during later processing. [RT #20256] - - -A potential NULL pointer deference in the DNS64 code could cause -named to terminate unexpectedly. [RT #20256] - - -A state variable relating to DNSSEC could fail to be set during -some infrequently-executed code paths, allowing it to be used whilst -in an unitialized state during cache updates, with unpredictable results. -[RT #20256] - - -A potential NULL pointer deference in DNSSEC signing code could -cause named to terminate unexpectedly [RT #20256] - - -Several cosmetic code changes were made to silence warnings -generated by a static code analysis tool. [RT #20256] - - -Cause named to terminate at startup or rndc reconfig -reload to fail, if a log file specified in the -conf file isn't a plain file. (RT #22771] - - -Prior to this fix, when named was was writing a zone to disk (as slave, -when resigning, etc.), it might not correctly preserve the case of domain -name labels within RDATA, if the RDATA was not compressible. The result -is that when reloading the zone from disk would, named could serve data -that did not match the RRSIG for that data, due to case mismatch. named -now correctly preserves case. After upgrading to fixed code, the operator -should either resign the data (on the master) or delete the disk file -on the slave and reload the zone. [RT #22863] - - -Fix the zonechecks system test to fail on error (warning in 9.6, -fatal in 9.7) to match behaviour for 9.4. [RT #22905] - - -There was a bug in how the clients-per-query code worked with some -query patterns. This could result, in rare circumstances, in having all -the client query slots filled with queries for the same DNS label, -essentially ignoring the max-clients-per-query setting. -[RT #22972] - - -Fixed precedence order bug with NS and DNAME records if both are present. -(Also fixed timing of autosign test in 9.7+) [RT #23035] - - -Changing TTL did not cause dnssec-signzone to generate new signatures. -[RT #23330] - - -If named encountered a CNAME instead of a DS record when walking -the chain of trust down from the trust anchor, it incorrectly stopped -validating. [RT #23338] - - -RRSIG records could have time stamps too far in the future. -[RT #23356] - - -If running on a powerpc CPU and with atomic operations enabled, -named could lock up. Added sync instructions to the end of atomic -operations. [RT #23469] - - -ixfr-from-differences {master|slave}; -failed to select the master/slave zones, resulting in on diff/journal -file being created. -[RT #23580] - - -Remove bin/tests/system/logfileconfig/ns1/named.conf and -add setup.sh in order to resolve changing named.conf issue. [RT #23687] - - -The autosign tests attempted to open ports within reserved ranges. Test -now avoids those ports. -[RT #23957] - - -Named could fail to validate zones list in a DLV that validated insecure -without using DLV and had DS records in the parent zone. [RT #24631] - - -
-
- -
- Thank You - - Thank you to everyone who assisted us in making this release possible. - If you would like to contribute to ISC to assist us in continuing to make - quality open source software, please visit our donations page at - http://www.isc.org/supportisc. - -
-