bind9

mirror of https://github.com/isc-projects/bind9.git synced 2026-04-23 15:17:01 -04:00

Author	SHA1	Message	Date
Evan Hunt	88dc9d367d	[v9_10] address TSIG bypass/forgery vulnerabilities 4643. [security] An error in TSIG handling could permit unauthorized zone transfers or zone updates. (CVE-2017-3142) (CVE-2017-3143) [RT #45383] (cherry picked from commit `581c1526ab`) (cherry picked from commit `a03f4b1ea4`)	2017-06-27 11:40:31 -07:00
Evan Hunt	f5dd7776e1	[v9_10] quote service registry paths 4532. [security] The BIND installer on Windows used an unquoted service path, which can enable privilege escalation. (CVE-2017-3141) [RT #45229] (cherry picked from commit `967a3b9419`) (cherry picked from commit `c28e44f3f8`)	2017-05-30 13:38:59 -07:00
Evan Hunt	a57b289ed0	[v9_10] fix rpz formerr loop 4531. [security] Some RPZ configurations could go into an infinite query loop when encountering responses with TTL=0. (CVE-2017-3140) [RT #45181] (cherry picked from commit `3440cf9c60`)	2017-05-30 12:35:59 -07:00
Tinderbox User	a849cd4136	update copyright notice / whitespace	2017-05-16 23:46:23 +00:00
Evan Hunt	ea90793daa	[v9_10] symbolic option names for dig +ednsopt 4555. [func] dig +ednsopt: EDNS options can now be specified by name in addition to numeric value. [RT #44461] (cherry picked from commit `25a9b90369`) (cherry picked from commit `403e7b4512`)	2017-05-16 10:16:33 -07:00
Mark Andrews	8f7396770e	add warning about semicolon no longer being escaped (cherry picked from commit `d4d73bca79`)	2017-05-11 11:03:13 +10:00
Evan Hunt	14ed39ad6e	[v9_10] give threads unique names to assist debugging 4602. [func] Threads are now set to human-readable names to assist debugging, when supported by the OS. [RT #43234] (cherry picked from commit `d26ae7fc08`) (cherry picked from commit `8b9c4592ed`)	2017-04-21 14:00:23 -07:00
Evan Hunt	134fb9a2bf	[v9_10] clear out relnotes	2017-04-21 13:38:29 -07:00
Evan Hunt	6edf89ba7a	[v9_10] formatting (cherry picked from commit `52e398c0af`)	2017-04-12 14:06:11 -07:00
Mark Andrews	2a5cd07979	add CVE-2017-3138 (cherry picked from commit `fe1ad70e51`)	2017-03-30 02:57:10 +11:00
Evan Hunt	69fd759b4a	[v9_10] remove unnecessary INSIST and prep 9.10.5rc2 4578. [security] Some chaining (CNAME or DNAME) responses to upstream queries could trigger assertion failures. (CVE-2017-3137) [RT #44734] (cherry picked from commit `a1365a0042`) (cherry picked from commit `559cbe04e7`)	2017-02-23 15:01:30 -08:00
Mark Andrews	3020c73f26	add CVE-2017-3136 note (cherry picked from commit `d77eadc261`)	2017-02-15 12:45:25 +11:00
Evan Hunt	40462c6d00	[v9_10] doc style	2017-02-07 08:19:29 -08:00
Evan Hunt	0fffe04229	[v9_10] removed extra note about bind.keys update	2017-02-06 14:19:06 -08:00
Evan Hunt	84269e5e4c	[v9_10] release note about new root key	2017-02-04 22:16:00 -08:00
Mark Andrews	64dff3d8fa	new root KSK	2017-02-02 18:28:25 +11:00
Evan Hunt	a5a7e48035	[v9_10] change 4558 was incomplete (cherry picked from commit `cd668ea57f`)	2017-01-30 14:11:25 -08:00
Evan Hunt	c5eedfe91f	[v9_10] expand relnote (cherry picked from commit `afa0ff0cbb`)	2017-01-23 20:04:56 -08:00
Mark Andrews	5abe80ef13	4556. [security] Combining dns64 and rpz can result in dereferencing a NULL pointer (read). (CVE-2017-3135) [RT#44434]	2017-01-24 09:53:21 +11:00
Tinderbox User	ff7d77ce73	update copyright notice / whitespace	2017-01-12 23:46:57 +00:00
Mark Andrews	63fb01bb78	4553. [bug] Named could deadlock there were multiple changes to NSEC/NSEC3 parameters for a zone being processed at the same time. [RT #42770] (cherry picked from commit `d2e1b47d4f`)	2017-01-12 14:26:11 +11:00
Mark Andrews	e1e980e7ba	4552. [bug] Named could trigger a assertion when sending notify messages. [RT #44019] (cherry picked from commit `42924b40af`)	2017-01-12 14:19:01 +11:00
Evan Hunt	8881b5083e	[v9_10] release notes	2016-12-28 20:12:47 -08:00
Mark Andrews	2cfd915235	4508. [security] Named incorrectly tried to cache TKEY records which could trigger a assertion failure when there was a class mismatch. (CVE-2016-9131) [RT #43522] (cherry picked from commit `2c1c4b99a1`)	2016-12-29 11:29:41 +11:00
Evan Hunt	6c35df6c0b	[v9_10] fix tag mismatch	2016-12-28 13:55:58 -08:00
Evan Hunt	9ac9f3d0e5	[v9_10] release notes	2016-12-28 13:19:18 -08:00
Mark Andrews	e49bb92384	4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831 ] (cherry picked from commit `1b8ce3b330`)	2016-12-07 10:56:40 +11:00
Mark Andrews	1bbcfe2fc8	4504. [security] Allow the maximum number of records in a zone to be specified. This provides a control for issues raised in CVE-2016-6170. [RT #42143] (cherry picked from commit `5f8412a4cb`)	2016-11-03 10:01:52 +11:00
Mark Andrews	89996b6bd9	add CVE-2016-2776	2016-09-09 11:52:19 +10:00
Mark Andrews	aa1a7e1e58	4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries to provide feedback to the trust-anchor administrators about how key rollovers are progressing as per draft-ietf-dnsop-edns-key-tag-02. This can be disabled using 'trust-anchor-telemetry no;'. [RT #40583] (cherry picked from commit `f20179857a`)	2016-07-22 20:16:59 +10:00
Mark Andrews	9bfd1c3cfb	grammar (cherry picked from commit `8f7881684b`)	2016-07-14 09:42:58 +10:00
Mark Andrews	7cfdeb95b3	add [RT #42694 ]	2016-07-13 11:36:33 +10:00
Mark Andrews	f149905e47	whitespace	2016-07-13 11:24:54 +10:00
Mark Andrews	8dbe2bedce	add CVE-2016-2775	2016-07-12 01:17:44 +10:00
Mark Andrews	aacf0753e9	add note for rt42694	2016-07-07 13:53:16 +10:00
Evan Hunt	67ea1259df	[v9_10] spelling	2016-05-25 18:45:39 -07:00
Evan Hunt	c50901e0aa	[v9_10] extend release notes	2016-05-25 18:44:14 -07:00
Evan Hunt	707bcb08a7	[v9_10] log message when using ISC DLV 4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service is scheduled to be disabled in 2017. A warning is now logged when named is configured to use it, either explicitly or via "dnssec-lookaside auto;" [RT #42207]	2016-05-04 14:38:01 -07:00
Jeremy C. Reed	896b3933d0	[v9_10] some release notes updates mention that the document summarizes "significant" changes since obviously it misses a lot. Also refer to the CHANGES file. Added a few bugs. Wording some discussed via email, phone call, and jabber.	2016-03-30 13:38:20 -04:00
Evan Hunt	72a5d063b7	[v9_10] more release note corrections	2016-03-24 16:41:41 -07:00
Evan Hunt	4290eeb44c	[v9_10] fixes for release notes	2016-03-24 14:42:40 -07:00
Mark Andrews	3f119b3df1	note rrsig regeneration (cherry picked from commit `98c5690bd9`)	2016-03-11 12:27:55 +11:00
Jeremy C. Reed	d64f7b7dcb	add resource record type added, typo fix, new contrib software, and named -V	2016-03-08 09:42:45 -05:00
Mark Andrews	b712215fcb	9.10.4b1	2016-03-08 11:53:41 +11:00
Mark Andrews	96085d274e	add AVC	2016-03-04 18:17:57 +11:00
Evan Hunt	db06cd726c	[v9_10] recursively clean empty interior nodes when deleting database records 4324. [bug] When deleting records from a zone database, interior nodes could be left empty but not deleted, damaging search performance afterward. [RT #40997] (cherry picked from commit `44c86318ed`)	2016-03-03 21:15:21 -08:00
Mark Andrews	ca3d4db1a5	re-order security list into reverse order	2016-02-29 12:44:35 +11:00
Mark Andrews	7cd300abd6	4322. [security] Duplicate EDNS COOKIE options in a response could trigger an assertion failure. (CVE-2016-2088) [RT #41809] (cherry picked from commit `455c0848f8`)	2016-02-27 11:46:16 +11:00
Mukund Sivaraman	456e1eadd2	Fix resolver assertion failure due to improper DNAME handling (CVE-2016-1286) (#41753 ) (cherry picked from commit `5995fec51c`)	2016-02-22 12:24:15 +05:30
Mark Andrews	e7e15d1302	4318. [security] Malformed control messages can trigger assertions in named and rndc. (CVE-2016-1285) [RT #41666] (cherry picked from commit `a2b15b3305`)	2016-02-18 12:12:02 +11:00

1 2 3

142 commits