From: Mark Andrews Date: Mon, 15 Jul 2013 07:28:54 +0000 (+1000) Subject: 9.6-ESV-R10rc1 X-Git-Tag: v9.6-ESV-R10rc1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=166b96197972fe3358ba02be71e56f5bf833031e;p=thirdparty%2Fbind9.git 9.6-ESV-R10rc1 --- diff --git a/CHANGES b/CHANGES index 3d3c4585cc0..3fb47d4495c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ + --- 9.6-ESV-R10rc1 released --- + 3615. [cleanup] "configure" now finishes by printing a summary of optional BIND features and whether they are active or inactive. ("configure --enable-full-report" @@ -12,7 +14,6 @@ the win32 build depends on are converted to DOS newline format. [RT #22067] - --- 9.6-ESV-R10b1 released --- 3605. [port] win32: Addressed several compatibility issues diff --git a/EXCLUDED b/EXCLUDED index 06cbba4a0d3..f64f41e4bad 100644 --- a/EXCLUDED +++ b/EXCLUDED @@ -1,15 +1,63 @@ -3582. [bug] Silence false positive warning regarding missing file - directive for inline slave zones. [RT #33662] +3619. [bug] Fixed a bug in RPZ with "recursive-only no;" + [RT #33776] -3579. [maint] Updates to PKCS#11 openssl patches, supporting - versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463] +3617. [bug] Named was failing to answer queries during + "rndc reload" [RT #34098] + +3616. [bug] Change #3613 was incomplete. [RT #34177] + +3613. [bug] named could crash when deleting inline-signing + zones with "rndc delzone". [RT #34066] + +3612. [port] Check whether to use -ljson or -ljson-c. [RT #34115] + +3610. [cleanup] win32: Some executables had been omitted from the + installer. [RT #34116] + +3609. [bug] Corrected a possible deadlock in applications using + the export version of the isc_app API. [RT #33967] + +3607. [bug] dnssec-keygen had broken 'Invalid keyfile' error + message. [RT #34045] + +3604. [bug] Fixed a compile-time error when building with + JSON but not XML. [RT #33959] + +3602. [contrib] Added DLZ Perl module, allowing Perl scripts to + integrate with named and serve DNS data. + (Contributed by John Eaglesham of Yahoo.) + +3601. [bug] Added to PKCS#11 openssl patches a value len + attribute in DH derive key. [RT #33928] + +3598. [cleanup] Improved portability of map file code. [RT #33820] + +3597. [bug] Ensure automatic-resigning heaps are reconstructed + when loading zones in map format. [RT #33381] + +3596. [port] Updated win32 build documentation, added + dnssec-verify. [RT #22067] + +3595. [port] win32: Fix build problems introduced by change #3550. + [RT #33807] + +3590. [bug] When using RRL on recursive servers, defer + rate-limiting until after recursion is complete; + also, use correct rcode for slipped NXDOMAIN + responses. [RT #33604] + +3582. [bug] Silence false positive warning regarding missing file + directive for inline slave zones. [RT #33662] + +3579. [maint] Updates to PKCS#11 openssl patches, supporting + versions 0.9.8y, 1.0.0k, 1.0.1e [RT #33463] 3573. [bug] "rndc addzone" and "rndc delzone" incorrectly handled zone names containing punctuation marks and other nonstandard characters. [RT #33419] -3571. [bug] Address race condition in dns_client_startresolve(). - [RT #33234] +3571. [bug] Address race condition in dns_client_startresolve(). + [RT #33234] 3570. [bug] Check internal pointers are valid when loading map files. [RT #33403] @@ -57,43 +105,43 @@ of whether it is teated as signed or unsigned by the compiler. [RT #32792] -3514. [bug] The ranges for valid key sizes in ddns-confgen and - rndc-confgen were too constrained. Keys up to 512 - bits are now allowed for most algorithms, and up - to 1024 bits for hmac-sha384 and hmac-sha512. - [RT #32753] +3514. [bug] The ranges for valid key sizes in ddns-confgen and + rndc-confgen were too constrained. Keys up to 512 + bits are now allowed for most algorithms, and up + to 1024 bits for hmac-sha384 and hmac-sha512. + [RT #32753] -3511. [doc] Improve documentation of redirect zones. [RT #32756] +3511. [doc] Improve documentation of redirect zones. [RT #32756] -3507. [bug] Statistics channel XSL had a glitch when attempting - to chart query data before any queries had been - received. [RT #32620] +3507. [bug] Statistics channel XSL had a glitch when attempting + to chart query data before any queries had been + received. [RT #32620] -3505. [bug] When setting "max-cache-size" and "max-acache-size", - larger values than 4 gigabytes could not be set - explicitly, though larger sizes were available - when setting cache size to 0. This has been - corrected; the full range is now available. - [RT #32358] +3505. [bug] When setting "max-cache-size" and "max-acache-size", + larger values than 4 gigabytes could not be set + explicitly, though larger sizes were available + when setting cache size to 0. This has been + corrected; the full range is now available. + [RT #32358] -3500. [port] Support NAPTR regular expression validation on - all platforms. [RT #32688] +3500. [port] Support NAPTR regular expression validation on + all platforms. [RT #32688] -3493. [contrib] Added BDBHPT dynamically-lodable DLZ module, - contributed by Mark Goldfinch. [RT #32549] +3493. [contrib] Added BDBHPT dynamically-lodable DLZ module, + contributed by Mark Goldfinch. [RT #32549] -3492. [bug] Fixed a regression in zone loading performance - due to lock contention. [RT #30399] +3492. [bug] Fixed a regression in zone loading performance + due to lock contention. [RT #30399] -3491. [bug] Slave zones using inline-signing must specify a - file name. [RT #31946] +3491. [bug] Slave zones using inline-signing must specify a + file name. [RT #31946] -3490. [bug] When logging RDATA during update, truncate if it's - too long. [RT #32365] +3490. [bug] When logging RDATA during update, truncate if it's + too long. [RT #32365] -3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT. - When cloning a rdataset do not copy the link contents. - [RT #32651] +3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT. + When cloning a rdataset do not copy the link contents. + [RT #32651] 3488. [bug] Use after free error with DH generated keys. [RT #32649] @@ -105,42 +153,42 @@ 3484. [bug] Some statistics were incorrectly rendered in XML. [RT #32587] -3480. [bug] Silence logging noise when setting up zone - statistics. [RT #32525] +3480. [bug] Silence logging noise when setting up zone + statistics. [RT #32525] -3476. [bug] "rndc zonestatus" could report a spurious "not - found" error on inline-signing zones. [RT #29226] +3476. [bug] "rndc zonestatus" could report a spurious "not + found" error on inline-signing zones. [RT #29226] -3475. [cleanup] Changed name of 'map' zone file format (previously - 'fast'). [RT #32458] +3475. [cleanup] Changed name of 'map' zone file format (previously + 'fast'). [RT #32458] -3473. [bug] dnssec-signzone/verify could incorrectly report - an error condition due to an empty node above an - opt-out delegation lacking an NSEC3. [RT #32072] +3473. [bug] dnssec-signzone/verify could incorrectly report + an error condition due to an empty node above an + opt-out delegation lacking an NSEC3. [RT #32072] -3472. [bug] The active-connections counter in the socket - statistics could underflow. [RT #31747] +3472. [bug] The active-connections counter in the socket + statistics could underflow. [RT #31747] -3471. [bug] The number of UDP dispatches now defaults to - the number of CPUs even if -n has been set to - a higher value. [RT #30964] +3471. [bug] The number of UDP dispatches now defaults to + the number of CPUs even if -n has been set to + a higher value. [RT #30964] 3470. [bug] Slave zones could fail to dump when successfully refreshing after an initial failure. [RT #31276] -3469. [bug] Handle DLZ lookup failures more gracefully. Improve - backward compatibility between versions of DLZ dlopen - API. [RT #32275] +3469. [bug] Handle DLZ lookup failures more gracefully. Improve + backward compatibility between versions of DLZ dlopen + API. [RT #32275] -3468. [security] RPZ rules to generate A records (but not AAAA records) - could trigger an assertion failure when used in - conjunction with DNS64 (CVE-2012-5689). [RT #32141] +3468. [security] RPZ rules to generate A records (but not AAAA records) + could trigger an assertion failure when used in + conjunction with DNS64 (CVE-2012-5689). [RT #32141] -3467. [bug] Added checks in dnssec-keygen and dnssec-settime - to check for delete date < inactive date. [RT #31719] +3467. [bug] Added checks in dnssec-keygen and dnssec-settime + to check for delete date < inactive date. [RT #31719] -3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check - in DLZ example driver. [RT #32275] +3466. [contrib] Corrected the DNS_CLIENTINFOMETHODS_VERSION check + in DLZ example driver. [RT #32275] 3464. [maint] Updates to PKCS#11 openssl patches, supporting versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749] @@ -504,9 +552,9 @@ 3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664] -3119. [bug] When rolling to a new DNSSEC key, a private-type - record could be created and never marked complete. - [RT #23253] +3119. [bug] When rolling to a new DNSSEC key, a private-type + record could be created and never marked complete. + [RT #23253] 3117. [cleanup] Remove doc and parser references to the never-implemented 'auto-dnssec create' option. @@ -516,12 +564,12 @@ following a CNAME that points into the same zone. [RT #24455] -3114. [bug] Retain expired RRSIGs in dynamic zones if key is - inactive and there is no replacement key. [RT #23136] +3114. [bug] Retain expired RRSIGs in dynamic zones if key is + inactive and there is no replacement key. [RT #23136] -3111. [bug] Improved consistency checks for dnssec-enable and - dnssec-validation, added test cases to the - checkconf system test. [RT #24398] +3111. [bug] Improved consistency checks for dnssec-enable and + dnssec-validation, added test cases to the + checkconf system test. [RT #24398] 3108. [cleanup] dnssec-signzone: Clarified some error and warning messages; removed #ifdef ALLOW_KSKLESS_ZONES @@ -554,8 +602,8 @@ 3093. [bug] Fix gssapi/kerberos dependencies [RT #23836] -3092. [bug] Signatures for records at the zone apex could go - stale due to an incorrect timer setting. [RT #23769] +3092. [bug] Signatures for records at the zone apex could go + stale due to an incorrect timer setting. [RT #23769] 3091. [bug] Fixed a bug in which zone keys that were published and then subsequently activated could fail to trigger @@ -584,8 +632,8 @@ 3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference. [RT #20256] -3070. [bug] dnssec-signzone potential NULL pointer dereference. - [RT #20256] +3070. [bug] dnssec-signzone potential NULL pointer dereference. + [RT #20256] 3057. [bug] "rndc secroots" would abort after the first error and so could miss some views. [RT #23488] @@ -599,14 +647,14 @@ Wait for the initial autosigning to complete before running the rest of the test. [RT #23035] -3049. [bug] Save and restore the gid when creating creating - named.pid at startup. [RT #23290] +3049. [bug] Save and restore the gid when creating creating + named.pid at startup. [RT #23290] 3048. [bug] Fully separate view key mangement. [RT #23419] -3047. [bug] DNSKEY NODATA responses not cached fixed in - validator.c. Tests added to dnssec system test. - [RT #22908] +3047. [bug] DNSKEY NODATA responses not cached fixed in + validator.c. Tests added to dnssec system test. + [RT #22908] 3045. [removed] Replaced by change #3050. @@ -678,10 +726,10 @@ 2977. [bug] 'nsupdate -l' report if the session key is missing. [RT #21670] -2974. [bug] Some valid UPDATE requests could fail due to a - consistency check examining the existing version - of the zone rather than the new version resulting - from the UPDATE. [RT #22413] +2974. [bug] Some valid UPDATE requests could fail due to a + consistency check examining the existing version + of the zone rather than the new version resulting + from the UPDATE. [RT #22413] 2973. [bug] bind.keys.h was being removed by the "make clean" at the end of configure resulting in build failures @@ -694,8 +742,8 @@ 2961. [bug] Be still more selective about the non-authoritative answers we apply change 2748 to. [RT #22074] -2958. [bug] named failed to start with a missing master file. - [RT #22076] +2958. [bug] named failed to start with a missing master file. + [RT #22076] 2949. [bug] dns_view_setnewzones() contained a memory leak if it was called multiple times. [RT #21942] @@ -818,8 +866,8 @@ 2832. [bug] Modify "struct stat" in lib/export/samples/nsprobe.c to avoid redefinition in some OSs [RT 20831] -2830. [bug] Changing the OPTOUT setting could take multiple - passes. [RT #20813] +2830. [bug] Changing the OPTOUT setting could take multiple + passes. [RT #20813] 2829. [bug] Fixed potential node inconsistency in rbtdb.c. [RT #20808] diff --git a/lib/dns/api b/lib/dns/api index 9035b96c8b9..125362a14bb 100644 --- a/lib/dns/api +++ b/lib/dns/api @@ -5,5 +5,5 @@ # 9.9: 90-109 # 9.9-sub: 130-139 LIBINTERFACE = 113 -LIBREVISION = 2 +LIBREVISION = 3 LIBAGE = 0 diff --git a/lib/isc/api b/lib/isc/api index d4c25e15d14..3260ee8ab20 100644 --- a/lib/isc/api +++ b/lib/isc/api @@ -4,6 +4,6 @@ # 9.8: 80-89, 120-129 # 9.9: 90-109 # 9.9-sub: 130-139 -LIBINTERFACE = 58 -LIBREVISION = 3 -LIBAGE = 1 +LIBINTERFACE = 59 +LIBREVISION = 0 +LIBAGE = 2 diff --git a/lib/isccc/api b/lib/isccc/api index 20ce83ac479..a7403e3dbda 100644 --- a/lib/isccc/api +++ b/lib/isccc/api @@ -5,5 +5,5 @@ # 9.9: 90-109 # 9.9-sub: 130-139 LIBINTERFACE = 50 -LIBREVISION = 4 +LIBREVISION = 5 LIBAGE = 0 diff --git a/version b/version index fb69b836662..ccfe6343603 100644 --- a/version +++ b/version @@ -9,4 +9,4 @@ MAJORVER=9 MINORVER=6 PATCHVER= RELEASETYPE=-ESV -RELEASEVER=-R10b1 +RELEASEVER=-R10rc1