From: Tinderbox User Date: Tue, 17 May 2016 04:18:11 +0000 (+0000) Subject: regen v9_9_9_patch X-Git-Tag: v9.9.9-P1~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e8757fa095d33cbe22bf20f4e5f72a7a0dea6080;p=thirdparty%2Fbind9.git regen v9_9_9_patch --- diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html index ca286451584..6d1c5e311ef 100644 --- a/doc/arm/Bv9ARM.ch09.html +++ b/doc/arm/Bv9ARM.ch09.html @@ -65,11 +65,12 @@

Introduction

- This document summarizes significant changes since the last - production release of BIND on the corresponding major release - branch. - Please see the CHANGES file for a further list of bug fixes and - other changes. + This document summarizes changes since BIND 9.9.9: +

+

+ BIND 9.9.9-P1 addresses Windows installation issues and a race + condition in the rbt/rbtdb implementation resulting in named + exiting due to assertion failures being detected.

@@ -86,103 +87,29 @@

Security Fixes

-
    -

  • - The resolver could abort with an assertion failure due to - improper DNAME handling when parsing fetch reply - messages. This flaw is disclosed in CVE-2016-1286. [RT #41753] -

    • -

  • - Malformed control messages can trigger assertions in named - and rndc. This flaw is disclosed in CVE-2016-1285. [RT - #41666] -

    • -

  • - Specific APL data could trigger an INSIST. This flaw - is disclosed in CVE-2015-8704. [RT #41396] -

    • -

  • - Incorrect reference counting could result in an INSIST - failure if a socket error occurred while performing a - lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] -

    • -

  • - Insufficient testing when parsing a message allowed - records with an incorrect class to be be accepted, - triggering a REQUIRE failure when those records - were subsequently cached. This flaw is disclosed - in CVE-2015-8000. [RT #40987] -

    • -
+

  • + None. +

New Features

-
    -

  • - The following resource record types have been implemented: - AVC, CSYNC, NINFO, RKEY, SINK, SMIMEA, TA, TALINK. -

    • -

  • - Added a warning for a common misconfiguration involving forwarded - RFC 1918 and IPv6 ULA (Universal Local Address) zones. -

    • -

  • - Contributed software from Nominum is included in the source at - contrib/dnsperf-2.1.0.0-1/. It includes dnsperf for measuring - the performance of authoritative DNS servers, resperf for - testing the resolution performance of a caching DNS server, - resperf-report for generating a resperf report in HTML with - gnuplot graphs, and queryparse to extract DNS queries from - pcap capture files. This software is not installed by default - with BIND. -

    • -

  • - When loading a signed zone, named will - now check whether an RRSIG's inception time is in the future, - and if so, it will regenerate the RRSIG immediately. This helps - when a system's clock needs to be reset backwards. -

    • -
+

  • + None. +

Feature Changes

-
    -

  • - Updated the compiled-in addresses for H.ROOT-SERVERS.NET - and L.ROOT-SERVERS.NET. -

    • -

  • - The default preferred glue is now the address type of the - transport the query was received over. -

    • -

  • - On machines with 2 or more processors (CPU), the default value - for the number of UDP listeners has been changed to the number - of detected processors minus one. -

    • -

  • - Zone transfers now use smaller message sizes to improve - message compression. This results in reduced network usage. -

    • -

  • - named -V output now also includes operating system details. -

    • -
+

  • + None. +

Porting Changes

  • - The Microsoft Windows install tool - BINDInstall.exe which requires a - non-free version of Visual Studio to be built, now uses two - files (lists of flags and files) created by the Configure - perl script with all the needed information which were - previously compiled in the binary. Read - win32utils/build.txt for more details. - [RT #38915] + None.

@@ -190,27 +117,12 @@ Bug Fixes
diff --git a/doc/arm/notes.html b/doc/arm/notes.html index 2d15bf59623..b867cd8f6b4 100644 --- a/doc/arm/notes.html +++ b/doc/arm/notes.html @@ -26,11 +26,12 @@

Introduction

- This document summarizes significant changes since the last - production release of BIND on the corresponding major release - branch. - Please see the CHANGES file for a further list of bug fixes and - other changes. + This document summarizes changes since BIND 9.9.9: +

+

+ BIND 9.9.9-P1 addresses Windows installation issues and a race + condition in the rbt/rbtdb implementation resulting in named + exiting due to assertion failures being detected.

@@ -47,103 +48,29 @@

Security Fixes

-
    -

  • - The resolver could abort with an assertion failure due to - improper DNAME handling when parsing fetch reply - messages. This flaw is disclosed in CVE-2016-1286. [RT #41753] -

    • -

  • - Malformed control messages can trigger assertions in named - and rndc. This flaw is disclosed in CVE-2016-1285. [RT - #41666] -

    • -

  • - Specific APL data could trigger an INSIST. This flaw - is disclosed in CVE-2015-8704. [RT #41396] -

    • -

  • - Incorrect reference counting could result in an INSIST - failure if a socket error occurred while performing a - lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] -

    • -

  • - Insufficient testing when parsing a message allowed - records with an incorrect class to be be accepted, - triggering a REQUIRE failure when those records - were subsequently cached. This flaw is disclosed - in CVE-2015-8000. [RT #40987] -

    • -
+

  • + None. +

New Features

-
    -

  • - The following resource record types have been implemented: - AVC, CSYNC, NINFO, RKEY, SINK, SMIMEA, TA, TALINK. -

    • -

  • - Added a warning for a common misconfiguration involving forwarded - RFC 1918 and IPv6 ULA (Universal Local Address) zones. -

    • -

  • - Contributed software from Nominum is included in the source at - contrib/dnsperf-2.1.0.0-1/. It includes dnsperf for measuring - the performance of authoritative DNS servers, resperf for - testing the resolution performance of a caching DNS server, - resperf-report for generating a resperf report in HTML with - gnuplot graphs, and queryparse to extract DNS queries from - pcap capture files. This software is not installed by default - with BIND. -

    • -

  • - When loading a signed zone, named will - now check whether an RRSIG's inception time is in the future, - and if so, it will regenerate the RRSIG immediately. This helps - when a system's clock needs to be reset backwards. -

    • -
+

  • + None. +

Feature Changes

-
    -

  • - Updated the compiled-in addresses for H.ROOT-SERVERS.NET - and L.ROOT-SERVERS.NET. -

    • -

  • - The default preferred glue is now the address type of the - transport the query was received over. -

    • -

  • - On machines with 2 or more processors (CPU), the default value - for the number of UDP listeners has been changed to the number - of detected processors minus one. -

    • -

  • - Zone transfers now use smaller message sizes to improve - message compression. This results in reduced network usage. -

    • -

  • - named -V output now also includes operating system details. -

    • -
+

  • + None. +

Porting Changes

  • - The Microsoft Windows install tool - BINDInstall.exe which requires a - non-free version of Visual Studio to be built, now uses two - files (lists of flags and files) created by the Configure - perl script with all the needed information which were - previously compiled in the binary. Read - win32utils/build.txt for more details. - [RT #38915] + None.

@@ -151,27 +78,12 @@ Bug Fixes