From df506a8da0d31a79ad5db33bcc467f3d22f1efeb Mon Sep 17 00:00:00 2001 From: Tinderbox User Date: Tue, 17 May 2016 04:21:09 +0000 Subject: [PATCH] regen v9_10_4_patch --- doc/arm/Bv9ARM.ch09.html | 159 +++++---------------------------------- doc/arm/notes.html | 159 +++++---------------------------------- 2 files changed, 40 insertions(+), 278 deletions(-) diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html index c22e50ed3ca..c2f36d5e42c 100644 --- a/doc/arm/Bv9ARM.ch09.html +++ b/doc/arm/Bv9ARM.ch09.html @@ -65,11 +65,12 @@

Introduction

- This document summarizes significant changes since the last - production release of BIND on the corresponding major release - branch. - Please see the CHANGES file for a further list of bug fixes and - other changes. + This document summarizes changes since BIND 9.10.4: +

+

+ BIND 9.10.4-P1 addresses Windows installation issues and a race + condition in the rbt/rbtdb implementation resulting in named + exiting due to assertion failures being detected.

@@ -86,114 +87,29 @@

Security Fixes

-
    -

  • - Duplicate EDNS COOKIE options in a response could trigger - an assertion failure. This flaw is disclosed in CVE-2016-2088. - [RT #41809] -

    • -

  • - The resolver could abort with an assertion failure due to - improper DNAME handling when parsing fetch reply - messages. This flaw is disclosed in CVE-2016-1286. [RT #41753] -

    • -

  • - Malformed control messages can trigger assertions in named - and rndc. This flaw is disclosed in CVE-2016-1285. [RT - #41666] -

    • -

  • - Certain errors that could be encountered when printing out - or logging an OPT record containing a CLIENT-SUBNET option - could be mishandled, resulting in an assertion failure. - This flaw is disclosed in CVE-2015-8705. [RT #41397] -

    • -

  • - Specific APL data could trigger an INSIST. This flaw - is disclosed in CVE-2015-8704. [RT #41396] -

    • -

  • - Incorrect reference counting could result in an INSIST - failure if a socket error occurred while performing a - lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] -

    • -

  • - Insufficient testing when parsing a message allowed - records with an incorrect class to be be accepted, - triggering a REQUIRE failure when those records - were subsequently cached. This flaw is disclosed - in CVE-2015-8000. [RT #40987] -

    • -
+

  • + None. +

New Features

-
    -

  • - The following resource record types have been implemented: - AVC, CSYNC, NINFO, RKEY, SINK, SMIMEA, TA, TALINK. -

    • -

  • - Added a warning for a common misconfiguration involving forwarded - RFC 1918 and IPv6 ULA (Universal Local Address) zones. -

    • -

  • - Contributed software from Nominum is included in the source at - contrib/dnsperf-2.1.0.0-1/. It includes dnsperf for measuring - the performance of authoritative DNS servers, resperf for - testing the resolution performance of a caching DNS server, - resperf-report for generating a resperf report in HTML with - gnuplot graphs, and queryparse to extract DNS queries from - pcap capture files. This software is not installed by default - with BIND. -

    • -

  • - When loading a signed zone, named will - now check whether an RRSIG's inception time is in the future, - and if so, it will regenerate the RRSIG immediately. This helps - when a system's clock needs to be reset backwards. -

    • -
+

  • + None. +

Feature Changes

-
    -

  • - Updated the compiled-in addresses for H.ROOT-SERVERS.NET - and L.ROOT-SERVERS.NET. -

    • -

  • - The default preferred glue is now the address type of the - transport the query was received over. -

    • -

  • - On machines with 2 or more processors (CPU), the default value - for the number of UDP listeners has been changed to the number - of detected processors minus one. -

    • -

  • - Zone transfers now use smaller message sizes to improve - message compression. This results in reduced network usage. -

    • -

  • - named -V output now also includes operating system details. -

    • -
+

  • + None. +

Porting Changes

  • - The Microsoft Windows install tool - BINDInstall.exe which requires a - non-free version of Visual Studio to be built, now uses two - files (lists of flags and files) created by the Configure - perl script with all the needed information which were - previously compiled in the binary. Read - win32utils/build.txt for more details. - [RT #38915] + None.

@@ -201,47 +117,12 @@ Bug Fixes
diff --git a/doc/arm/notes.html b/doc/arm/notes.html index 5085d6c9aab..f7b5467df1e 100644 --- a/doc/arm/notes.html +++ b/doc/arm/notes.html @@ -26,11 +26,12 @@

Introduction

- This document summarizes significant changes since the last - production release of BIND on the corresponding major release - branch. - Please see the CHANGES file for a further list of bug fixes and - other changes. + This document summarizes changes since BIND 9.10.4: +

+

+ BIND 9.10.4-P1 addresses Windows installation issues and a race + condition in the rbt/rbtdb implementation resulting in named + exiting due to assertion failures being detected.

@@ -47,114 +48,29 @@

Security Fixes

-
    -

  • - Duplicate EDNS COOKIE options in a response could trigger - an assertion failure. This flaw is disclosed in CVE-2016-2088. - [RT #41809] -

    • -

  • - The resolver could abort with an assertion failure due to - improper DNAME handling when parsing fetch reply - messages. This flaw is disclosed in CVE-2016-1286. [RT #41753] -

    • -

  • - Malformed control messages can trigger assertions in named - and rndc. This flaw is disclosed in CVE-2016-1285. [RT - #41666] -

    • -

  • - Certain errors that could be encountered when printing out - or logging an OPT record containing a CLIENT-SUBNET option - could be mishandled, resulting in an assertion failure. - This flaw is disclosed in CVE-2015-8705. [RT #41397] -

    • -

  • - Specific APL data could trigger an INSIST. This flaw - is disclosed in CVE-2015-8704. [RT #41396] -

    • -

  • - Incorrect reference counting could result in an INSIST - failure if a socket error occurred while performing a - lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] -

    • -

  • - Insufficient testing when parsing a message allowed - records with an incorrect class to be be accepted, - triggering a REQUIRE failure when those records - were subsequently cached. This flaw is disclosed - in CVE-2015-8000. [RT #40987] -

    • -
+

  • + None. +

New Features

-
    -

  • - The following resource record types have been implemented: - AVC, CSYNC, NINFO, RKEY, SINK, SMIMEA, TA, TALINK. -

    • -

  • - Added a warning for a common misconfiguration involving forwarded - RFC 1918 and IPv6 ULA (Universal Local Address) zones. -

    • -

  • - Contributed software from Nominum is included in the source at - contrib/dnsperf-2.1.0.0-1/. It includes dnsperf for measuring - the performance of authoritative DNS servers, resperf for - testing the resolution performance of a caching DNS server, - resperf-report for generating a resperf report in HTML with - gnuplot graphs, and queryparse to extract DNS queries from - pcap capture files. This software is not installed by default - with BIND. -

    • -

  • - When loading a signed zone, named will - now check whether an RRSIG's inception time is in the future, - and if so, it will regenerate the RRSIG immediately. This helps - when a system's clock needs to be reset backwards. -

    • -
+

  • + None. +

Feature Changes

-
    -

  • - Updated the compiled-in addresses for H.ROOT-SERVERS.NET - and L.ROOT-SERVERS.NET. -

    • -

  • - The default preferred glue is now the address type of the - transport the query was received over. -

    • -

  • - On machines with 2 or more processors (CPU), the default value - for the number of UDP listeners has been changed to the number - of detected processors minus one. -

    • -

  • - Zone transfers now use smaller message sizes to improve - message compression. This results in reduced network usage. -

    • -

  • - named -V output now also includes operating system details. -

    • -
+

  • + None. +

Porting Changes

  • - The Microsoft Windows install tool - BINDInstall.exe which requires a - non-free version of Visual Studio to be built, now uses two - files (lists of flags and files) created by the Configure - perl script with all the needed information which were - previously compiled in the binary. Read - win32utils/build.txt for more details. - [RT #38915] + None.

@@ -162,47 +78,12 @@ Bug Fixes
-- 2.47.3