Mark Andrews
2a5cd07979
add CVE-2017-3138
...
(cherry picked from commit fe1ad70e51
2017-03-30 02:57:10 +11:00
Evan Hunt
69fd759b4a
[v9_10] remove unnecessary INSIST and prep 9.10.5rc2
...
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734 ]
(cherry picked from commit a1365a0042559cbe04e7
2017-02-23 15:01:30 -08:00
Mark Andrews
3020c73f26
add CVE-2017-3136 note
...
(cherry picked from commit d77eadc261
2017-02-15 12:45:25 +11:00
Evan Hunt
40462c6d00
[v9_10] doc style
2017-02-07 08:19:29 -08:00
Evan Hunt
0fffe04229
[v9_10] removed extra note about bind.keys update
2017-02-06 14:19:06 -08:00
Evan Hunt
84269e5e4c
[v9_10] release note about new root key
2017-02-04 22:16:00 -08:00
Mark Andrews
64dff3d8fa
new root KSK
2017-02-02 18:28:25 +11:00
Evan Hunt
a5a7e48035
[v9_10] change 4558 was incomplete
...
(cherry picked from commit cd668ea57f
2017-01-30 14:11:25 -08:00
Evan Hunt
c5eedfe91f
[v9_10] expand relnote
...
(cherry picked from commit afa0ff0cbb
2017-01-23 20:04:56 -08:00
Mark Andrews
5abe80ef13
4556. [security] Combining dns64 and rpz can result in dereferencing
...
a NULL pointer (read). (CVE-2017-3135) [RT#44434]
2017-01-24 09:53:21 +11:00
Tinderbox User
ff7d77ce73
update copyright notice / whitespace
2017-01-12 23:46:57 +00:00
Mark Andrews
63fb01bb78
4553. [bug] Named could deadlock there were multiple changes to
...
NSEC/NSEC3 parameters for a zone being processed at
the same time. [RT #42770 ]
(cherry picked from commit d2e1b47d4f
2017-01-12 14:26:11 +11:00
Mark Andrews
e1e980e7ba
4552. [bug] Named could trigger a assertion when sending notify
...
messages. [RT #44019 ]
(cherry picked from commit 42924b40af
2017-01-12 14:19:01 +11:00
Evan Hunt
8881b5083e
[v9_10] release notes
2016-12-28 20:12:47 -08:00
Mark Andrews
2cfd915235
4508. [security] Named incorrectly tried to cache TKEY records which
...
could trigger a assertion failure when there was
a class mismatch. (CVE-2016-9131) [RT #43522 ]
(cherry picked from commit 2c1c4b99a1
2016-12-29 11:29:41 +11:00
Evan Hunt
6c35df6c0b
[v9_10] fix tag mismatch
2016-12-28 13:55:58 -08:00
Evan Hunt
9ac9f3d0e5
[v9_10] release notes
2016-12-28 13:19:18 -08:00
Mark Andrews
e49bb92384
4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831 ]
...
(cherry picked from commit 1b8ce3b330
2016-12-07 10:56:40 +11:00
Mark Andrews
1bbcfe2fc8
4504. [security] Allow the maximum number of records in a zone to
...
be specified. This provides a control for issues
raised in CVE-2016-6170. [RT #42143 ]
(cherry picked from commit 5f8412a4cb
2016-11-03 10:01:52 +11:00
Mark Andrews
89996b6bd9
add CVE-2016-2776
2016-09-09 11:52:19 +10:00
Mark Andrews
aa1a7e1e58
4424. [experimental] Named now sends _ta-XXXX.<trust-anchor>/NULL queries
...
to provide feedback to the trust-anchor administrators
about how key rollovers are progressing as per
draft-ietf-dnsop-edns-key-tag-02. This can be
disabled using 'trust-anchor-telemetry no;'.
[RT #40583 ]
(cherry picked from commit f20179857a
2016-07-22 20:16:59 +10:00
Mark Andrews
9bfd1c3cfb
grammar
...
(cherry picked from commit 8f7881684b
2016-07-14 09:42:58 +10:00
Mark Andrews
7cfdeb95b3
add [RT #42694 ]
2016-07-13 11:36:33 +10:00
Mark Andrews
f149905e47
whitespace
2016-07-13 11:24:54 +10:00
Mark Andrews
8dbe2bedce
add CVE-2016-2775
2016-07-12 01:17:44 +10:00
Mark Andrews
aacf0753e9
add note for rt42694
2016-07-07 13:53:16 +10:00
Evan Hunt
67ea1259df
[v9_10] spelling
2016-05-25 18:45:39 -07:00
Evan Hunt
c50901e0aa
[v9_10] extend release notes
2016-05-25 18:44:14 -07:00
Evan Hunt
707bcb08a7
[v9_10] log message when using ISC DLV
...
4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service
is scheduled to be disabled in 2017. A warning is
now logged when named is configured to use it,
either explicitly or via "dnssec-lookaside auto;"
[RT #42207 ]
2016-05-04 14:38:01 -07:00
Jeremy C. Reed
896b3933d0
[v9_10] some release notes updates
...
mention that the document summarizes "significant" changes
since obviously it misses a lot.
Also refer to the CHANGES file.
Added a few bugs. Wording some discussed via email, phone call, and jabber.
2016-03-30 13:38:20 -04:00
Evan Hunt
72a5d063b7
[v9_10] more release note corrections
2016-03-24 16:41:41 -07:00
Evan Hunt
4290eeb44c
[v9_10] fixes for release notes
2016-03-24 14:42:40 -07:00
Mark Andrews
3f119b3df1
note rrsig regeneration
...
(cherry picked from commit 98c5690bd9
2016-03-11 12:27:55 +11:00
Jeremy C. Reed
d64f7b7dcb
add resource record type added, typo fix, new contrib software, and named -V
2016-03-08 09:42:45 -05:00
Mark Andrews
b712215fcb
9.10.4b1
2016-03-08 11:53:41 +11:00
Mark Andrews
96085d274e
add AVC
2016-03-04 18:17:57 +11:00
Evan Hunt
db06cd726c
[v9_10] recursively clean empty interior nodes when deleting database records
...
4324. [bug] When deleting records from a zone database, interior
nodes could be left empty but not deleted, damaging
search performance afterward. [RT #40997 ]
(cherry picked from commit 44c86318ed
2016-03-03 21:15:21 -08:00
Mark Andrews
ca3d4db1a5
re-order security list into reverse order
2016-02-29 12:44:35 +11:00
Mark Andrews
7cd300abd6
4322. [security] Duplicate EDNS COOKIE options in a response could
...
trigger an assertion failure. (CVE-2016-2088)
[RT #41809 ]
(cherry picked from commit 455c0848f8
2016-02-27 11:46:16 +11:00
Mukund Sivaraman
456e1eadd2
Fix resolver assertion failure due to improper DNAME handling (CVE-2016-1286) ( #41753 )
...
(cherry picked from commit 5995fec51c
2016-02-22 12:24:15 +05:30
Mark Andrews
e7e15d1302
4318. [security] Malformed control messages can trigger assertions
...
in named and rndc. (CVE-2016-1285) [RT #41666 ]
(cherry picked from commit a2b15b3305
2016-02-18 12:12:02 +11:00
Evan Hunt
f88b79ab08
[v9_10] remove reporter's name per his request
2016-01-29 10:37:45 -08:00
Evan Hunt
6f39162aaf
[v9_10] fix ticket number
2016-01-05 09:08:57 -08:00
Evan Hunt
79e824b2eb
[v9_10] fix use after free on xfr timeout
...
4289. [bug] The server could crash due to memory being used
after it was freed if a zone transfer timed out.
[RT #41297 ]
2016-01-04 22:06:05 -08:00
Tinderbox User
e11aa3e52c
fix tag mismatch
2016-01-05 01:30:22 +00:00
Evan Hunt
0dd38adbe7
[v9_10] Merge branch 'v9_10' of ssh://repo/proj/git/prod/bind9 into v9_10
2016-01-04 16:10:05 -08:00
Evan Hunt
b4cf962eef
[v9_10] fixed bogus server regression
...
4288. [bug] Fixed a regression in resolver.c:possibly_mark()
which caused known-bogus servers to be queried
anyway. [RT #41321 ]
2016-01-04 16:01:38 -08:00
Evan Hunt
e81fd88813
[v9_10] clean up relnotes to include only things added since 9.10.3
2016-01-04 16:00:33 -08:00
Tinderbox User
add1f7a8d2
update copyright notice / whitespace
2016-01-04 23:45:56 +00:00
Evan Hunt
ae14e490cc
[v9_10] clean up notes
2016-01-03 21:22:55 -08:00
