From: Mark Andrews <marka@isc.org>
Date: Mon, 29 Nov 2010 00:54:30 +0000 (+0000)
Subject: add release notes
X-Git-Tag: v9.6.2-P3~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=423257cc1ac48ec21e9f481654efdbf066bb6236;p=thirdparty%2Fbind9.git

add release notes
---

diff --git a/RELEASE-NOTES-BIND-9.6.html b/RELEASE-NOTES-BIND-9.6.html
new file mode 100644
index 00000000000..6d757af1e69
--- /dev/null
+++ b/RELEASE-NOTES-BIND-9.6.html
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" type="text/css" href="release-notes.css" /><meta name="generator" content="DocBook XSL Stylesheets V1.76.1" /></head><body><div class="article"><div class="titlepage"><hr /></div>
+
+  <div class="section" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112068"></a>Introduction</h2></div></div></div>
+    
+    <p>
+			BIND 9.6.2-P3 is a maintenance release for BIND 9.6.
+		</p>
+    <p>
+			This document summarizes changes from BIND 9.6.2-P2 to BIND 9.6.2-P3.
+			Please see the CHANGES file in the source code release for a
+			complete list of all changes.
+		</p>
+  </div>
+
+  <div class="section" title="Download"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112131"></a>Download</h2></div></div></div>
+    
+    <p>
+			The latest release of BIND 9 software can always be found
+	 		on our web site at
+      <a class="ulink" href="http://www.isc.org/software/bind" target="_top">http://www.isc.org/software/bind</a>.
+  		There you will find additional information about each release,
+ 			source code, and some pre-compiled versions for certain operating
+ 			systems.
+		</p>
+  </div>
+
+  <div class="section" title="Support"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112155"></a>Support</h2></div></div></div>
+    
+    <p>Product support information is available on
+      <a class="ulink" href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
+      for paid support options.  Free support is provided by our user
+ 			community via a mailing list.  Information on all public email
+ 			lists is available at
+      <a class="ulink" href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
+    </p>
+  </div>
+
+  <div class="section" title="New Features"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112103"></a>New Features</h2></div></div></div>
+    
+		<div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112200"></a>9.6.2-P3</h3></div></div></div>
+			
+			<p>None.</p>
+		</div>
+	</div>
+
+  <div class="section" title="Feature Changes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112071"></a>Feature Changes</h2></div></div></div>
+    
+		<div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112234"></a>9.6.2-P3</h3></div></div></div>
+			
+			<p>None.</p>
+		</div>
+  </div>
+
+  <div class="section" title="Security Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112245"></a>Security Fixes</h2></div></div></div>
+    
+		<div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112250"></a>9.6.2-P3</h3></div></div></div>
+			
+	    <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+				 	Adding a NO DATA signed negative response to cache failed to clear
+				  any matching RRSIG records already in cache. A subsequent lookup
+				  of the cached NO DATA entry could crash named (INSIST) when the
+				  unexpected RRSIG was also returned with the NO DATA cache entry.
+				  [RT #22288] [CVE-2010-3613] [VU#706148]
+				</li><li class="listitem">
+					BIND, acting as a DNSSEC validator, was determining if the NS RRset
+				  is insecure based on a value that could mean either that the RRset
+				  is actually insecure or that there wasn't a matching key for the RRSIG
+				  in the DNSKEY RRset when resuming from validating the DNSKEY RRset.
+				  This can happen when in the middle of a DNSKEY algorithm rollover,
+				  when two different algorithms were used to sign a zone but only the
+				  new set of keys are in the zone DNSKEY RRset.
+					[RT #22309] [CVE-2010-3614] [VU#837744]
+				</li></ul></div>
+		</div>
+  </div>
+
+  <div class="section" title="Bug Fixes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112276"></a>Bug Fixes</h2></div></div></div>
+    
+		<div class="section" title="9.6.2-P3"><div class="titlepage"><div><div><h3 class="title"><a id="id36112281"></a>9.6.2-P3</h3></div></div></div>
+			
+	    <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
+					Worked around a race condition in the cache database memory
+					handling.  Without this fix a DNS cache DB or ADB could
+					incorrectly stay in an over memory state, effectively refusing
+					further caching, which subsequently made a BIND 9 caching
+					server unworkable.
+					[RT #21818]
+				</li><li class="listitem">
+					Microsoft changed the behavior of sockets between NT/XP based
+				  stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
+				  behavior, 2008r2 has the new behavior. With the change, different
+				  error results are possible, so ISC adapted BIND to handle the new
+				  error results.
+				  This resolves an issue where sockets would shut down on
+				  Windows servers causing named to stop responding to queries.
+					[RT #21906]
+				</li><li class="listitem">
+				 	Windows has non-POSIX compliant behavior in its rename() and unlink()
+				  calls. This caused journal compaction to fail on Windows BIND servers
+				  with the log error: "dns_journal_compact failed: failure".
+					[RT #22434]
+				</li></ul></div>
+		</div>
+  </div>
+
+  <div class="section" title="Thank You"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id36112310"></a>Thank You</h2></div></div></div>
+    
+    <p>
+      Thank you to everyone who assisted us in making this release possible.
+      If you would like to contribute to ISC to assist us in continuing to make
+      quality open source software, please visit our donations page at
+      <a class="ulink" href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.
+    </p>
+  </div>
+</div></body></html>
diff --git a/RELEASE-NOTES-BIND-9.6.pdf b/RELEASE-NOTES-BIND-9.6.pdf
new file mode 100644
index 00000000000..e8daeb688b0
Binary files /dev/null and b/RELEASE-NOTES-BIND-9.6.pdf differ
diff --git a/RELEASE-NOTES-BIND-9.6.txt b/RELEASE-NOTES-BIND-9.6.txt
new file mode 100644
index 00000000000..17db92cee9a
--- /dev/null
+++ b/RELEASE-NOTES-BIND-9.6.txt
@@ -0,0 +1,82 @@
+     __________________________________________________________________
+
+Introduction
+
+   BIND 9.6.2-P3 is a maintenance release for BIND 9.6.
+
+   This document summarizes changes from BIND 9.6.2-P2 to BIND 9.6.2-P3.
+   Please see the CHANGES file in the source code release for a complete
+   list of all changes.
+
+Download
+
+   The latest release of BIND 9 software can always be found on our web
+   site at http://www.isc.org/software/bind. There you will find
+   additional information about each release, source code, and some
+   pre-compiled versions for certain operating systems.
+
+Support
+
+   Product support information is available on
+   http://www.isc.org/services/support for paid support options. Free
+   support is provided by our user community via a mailing list.
+   Information on all public email lists is available at
+   https://lists.isc.org/mailman/listinfo.
+
+New Features
+
+9.6.2-P3
+
+   None.
+
+Feature Changes
+
+9.6.2-P3
+
+   None.
+
+Security Fixes
+
+9.6.2-P3
+
+     * Adding a NO DATA signed negative response to cache failed to clear
+       any matching RRSIG records already in cache. A subsequent lookup of
+       the cached NO DATA entry could crash named (INSIST) when the
+       unexpected RRSIG was also returned with the NO DATA cache entry.
+       [RT #22288] [CVE-2010-3613] [VU#706148]
+     * BIND, acting as a DNSSEC validator, was determining if the NS RRset
+       is insecure based on a value that could mean either that the RRset
+       is actually insecure or that there wasn't a matching key for the
+       RRSIG in the DNSKEY RRset when resuming from validating the DNSKEY
+       RRset. This can happen when in the middle of a DNSKEY algorithm
+       rollover, when two different algorithms were used to sign a zone
+       but only the new set of keys are in the zone DNSKEY RRset. [RT
+       #22309] [CVE-2010-3614] [VU#837744]
+
+Bug Fixes
+
+9.6.2-P3
+
+     * Worked around a race condition in the cache database memory
+       handling. Without this fix a DNS cache DB or ADB could incorrectly
+       stay in an over memory state, effectively refusing further caching,
+       which subsequently made a BIND 9 caching server unworkable. [RT
+       #21818]
+     * Microsoft changed the behavior of sockets between NT/XP based
+       stacks vs Vista/windows7 stacks. Server 2003/2008 have the older
+       behavior, 2008r2 has the new behavior. With the change, different
+       error results are possible, so ISC adapted BIND to handle the new
+       error results. This resolves an issue where sockets would shut down
+       on Windows servers causing named to stop responding to queries. [RT
+       #21906]
+     * Windows has non-POSIX compliant behavior in its rename() and
+       unlink() calls. This caused journal compaction to fail on Windows
+       BIND servers with the log error: "dns_journal_compact failed:
+       failure". [RT #22434]
+
+Thank You
+
+   Thank you to everyone who assisted us in making this release possible.
+   If you would like to contribute to ISC to assist us in continuing to
+   make quality open source software, please visit our donations page at
+   http://www.isc.org/supportisc.
diff --git a/release-notes.css b/release-notes.css
new file mode 100644
index 00000000000..f01af5787b3
--- /dev/null
+++ b/release-notes.css
@@ -0,0 +1,42 @@
+body {
+	background-color: #ffffff;
+	color: #333333;
+	font-family: "Helvetica Neue", "ArialMT", "Verdana", "Arial", "Helvetica", sans-serif;
+	font-size: 14px;
+	line-height: 18px;
+	margin: 2em auto;
+	width: 700px;
+}
+
+.command {
+	font-family: "Courier New", "Courier", monospace;
+	font-weight: normal;
+}
+
+.note {
+	background-color: #ddeedd;
+	border: 1px solid #aaccaa;
+	margin: 1em 0 1em 0;
+	padding: 0.5em 1em 0.5em 1em;
+	-moz-border-radius: 10px;
+	-webkit-border-radius: 10px;
+}
+
+.screen {
+	background-color: #ffffee;
+	border: 1px solid #ddddaa;
+	padding: 0.25em 1em 0.25em 1em;
+	margin: 1em 0 1em 0;
+	-moz-border-radius: 10px;
+	-webkit-border-radius: 10px;
+}
+
+.section.title {
+	font-size: 150%;
+	font-weight: bold;
+}
+
+.section.section.title {
+  font-size: 130%;
+  font-weight: bold;
+}