Following up on this per my employer. There are two CVEs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200
7-0494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200
7-0493
htt
p://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0493
htt
p://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0494
The ISC bind in netbsd-3 is version 9.3.2(plus patches?).
If ISC uses the
same version number releng format as us, so 9.3.4 is simply
a set of
patch-levels post 9.3 release.
The patches 9.3.0->9.3.4 from ISC anoncvs repository are
restricted to
private access? Maybe view a set of commit changelogs and
compare the
tarballs)
Anyway, -current has 9.4.0-prerelease, so a pullup into
netbsd-3 isn't
likely (unless 9.4. is finalized before NetBSD 3.3).
Can patches from a vendor branch jump directly into a NetBSD
releng
branch?
Thanks,
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritu
al-machines.org/
---------- Forwarded message ----------
Date: Thu, 25 Jan 2007 11:24:55 +1100
From: Mark Andrews <Mark_Andrews isc.org>
To: bind-announceisc.org
Subject: BIND 9.3.4 is now available.
BIND 9.3.4 is now available.
BIND 9.3.4 is a security release for BIND 9.3.
BIND 9.3.4 contains security fixes:
2126. [security] Serialise validation of type ANY responses.
[RT #16555]
2124. [security] It was possible to dereference a freed
fetch
context. [RT #16584]
2089. [security] Raise the minimum safe OpenSSL versions to
OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
prior to these have known security flaws which
are (potentially) exploitable in named. [RT #16391]
2088. [security] Change the default RSA exponent from 3 to
65537.
[RT #16391]
2066. [security] Handle SIG queries gracefully. [RT
#16300]
1941. [bug] ncache_adderesult() should set
eresult even if no
rdataset is passed to it. [RT
#15642]
If you are running a BIND 9.3.x or BIND 9.4.x
version without
these changes you are advised to upgrade as soon as
possible to
one of BIND 9.3.4 or BIND 9.4.0rc2.
BIND 9.3.4 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz.sha256.a
sc
ftp://ftp.isc.org/isc/bind9/9.3.4/bind-9.3.4.tar.gz.sha512.a
sc
The signature was generated with the ISC public key, which
is
available at <
http://www.isc.org/about/openpgp/pgpkey2006.txt>.
A binary kit for Windows 2000, Windows XP and Windows 2003
is at
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip
The PGP signature of the binary kit for Windows 2000,
Windows XP and
Windows 2003 is at
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip.sha256.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.zip.sha512.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip.sha2
56.asc
ftp://ftp.isc.org/isc/bind9/9.3.4/BIND9.3.4.debug.zip.sha5
12.asc
Note: There is no Windows NT 4.0 binary kit for BIND 9.3.4.
Windows NT 4.0 is still supported in source form.
A list of changes made since 9.3.0 follows. For earlier
changes,
see the file CHANGES in the distribution.
--------
--- 9.3.4 released ---
2126. [security] Serialise validation of type ANY responses.
[RT #16555]
2124. [security] It was possible to dereference a freed
fetch
context. [RT #16584]
--- 9.3.3 released ---
2107. [bug] dighost.c: more cleanup of buffers. [RT
#16499]
2104. [port] Fix Solaris SMF error message.
2103. [port] Add /usr/sfw to list of locations for OpenSSL
under Solaris.
2102. [port] Silence solaris 10 warnings.
2101. [bug] OpenSSL version checks were not quite right.
[RT #16476]
2100. [port] win32: copy libeay32.dll to BuildDebug.
2099. [port] win32: more manifiest issues.
--- 9.3.3rc3 released ---
2096. [bug] libbind: handle applications that fail to
detect
res_init() failures better.
2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6()
and
net_cidr_ntop_ipv6(). [RT #16388]
2094. [contrib] Update named-bootconf. [RT# 16404]
2092. [bug] win32: dig, host, nslookup. Use registry
config
if resolv.conf does not exist or no nameservers
listed. [RT #15877]
2091. [port] dighost.c: race condition on cleanup. [RT
#16417]
2090. [port] win32: Visual C++ 2005 command line manifest
support.
[RT #16417]
2089. [security] Raise the minimum safe OpenSSL versions to
OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
prior to these have known security flaws which
are (potentially) exploitable in named. [RT #16391]
2088. [security] Change the default RSA exponent from 3 to
65537.
[RT #16391]
2086. [port] libbind: FreeBSD now has get*by*_r()
functions.
[RT #16403]
2085. [doc] win32: added index.html and README to zip. [RT
#16201]
2084. [contrib] dbus update for 9.3.3rc2.
2083. [port] win32: Visual C++ 2005 support.
2082. [doc] Document 'cache-file' as a test only option.
--- 9.3.3rc2 released ---
2081. [port] libbind: minor 64-bit portability fix in
memcluster.c.
[RT #16360]
2080. [port] libbind: res_init.c did not compile on older
versions
of Solaris. [RT #16363]
2076. [bug] Several files were missing #include
<config.h>
causing build failures on OSF. [RT #16341]
2074. [bug] dns_request_createvia2(),
dns_request_createvia3(),
dns_request_createraw2() and dns_request_createraw3()
failed to send multiple UDP requests. [RT #16349]
2066. [security] Handle SIG queries gracefully. [RT #16300]
--- 9.3.3rc1 released ---
2071. [port] Test whether gcc accepts
-fno-strict-aliasing.
[RT #16324]
2070. [bug] The remote address was not always displayed
when
reporting dispatch failures. [RT #16315]
2069. [bug] Cross compiling was not working. [RT #16330]
2067. [bug] 'rndc' could close the socket too early
triggering
a INSIST under Windows. [RT #16317]
2065. [bug] libbind: probe for HPUX prototypes for
endprotoent_r() and endservent_r(). [RT 16313]
2064. [bug] libbind: silence AIX compiler warnings. [RT
#16218]
2063. [bug] Change #1955 introduced a bug which caused the
first
'rndc flush' call to not free memory. [RT #16244]
2062. [bug] 'dig +nssearch' was reusing a buffer before it
had
been returned by the socket code. [RT #16307]
2057. [bug] Make setting "ra" dependent on both
allow-query and
allow-recursion. [RT #16290]
2056. [bug] dig: ixfr= was not being treated case
insensitively
at all times. [RT #15955]
2055. [bug] Missing goto after dropping multicast query.
[RT #15944]
2054. [port] freebsd: do not explicitly link against
-lpthread.
[RT #16170]
2053. [port] netbsd:libbind: silence compiler warnings. [RT
#16220]
2052. [bug] 'rndc' improve connect failed message to
report
the failing address. [RT #15978]
2051. [port] More strtol() fixes. [RT #16249]
2050. [bug] Parsing of NSAP records was not case
insensitive.
[RT #16287]
2049. [bug] Restore SOA before AXFR when falling back from
a attempted IXFR when transfering in a zone.
Allow a initial SOA query before attempting
a AXFR to be requested. [RT #16156]
2048. [bug] It was possible to loop forever when using
avoid-v4-udp-ports / avoid-v6-udp-ports when
the OS always returned the same local port.
[RT #16182]
2047. [bug] Failed to initialise the interface flags to
zero.
[RT #16245]
2043. [port] nsupdate/nslookup: Force the flushing of the
prompt
for interactive sessions. [RT#16148]
2038. [bug] dig/nslookup/host was unlinking from wrong
list
when handling errors. [RT #16122]
2037. [func] When unlinking the first or last element in a
list
check that the list head points to the element to
be unlinked. [RT #15959]
2036. [bug] 'rndc recursing' could cause trigger a
REQUIRE.
[RT #16075]
2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
--- 9.3.3b1 released ---
2031. [bug] Emit a error message when "rndc
refresh" is called on
a non slave/stub zone. [RT # 16073]
2030. [bug] We were being overly conservative when
disabling
openssl engine support. [RT #16030]
2029. [bug] host printed out the server multiple times
when
specified on the command line. [RT #15992]
2028. [port] linux: socket.c compatability for old
systems.
[RT #16015]
2027. [port] libbind: Solaris x86 support. [RT #16020]
2026. [bug] Rate limit the two recursive client exceeded
messages.
[RT #16044]
2024. [bug] named emited spurious "zone serial
unchanged"
messages on reload. [RT #16027]
2023. [bug] "make install" should create
$/run and
$ if they do not exist. [RT #16033]
2016. [bug] Return a partial answer if recursion is not
allowed but requested and we had the answer
to the original qname. [RT #15945]
2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
responses more gracefully. [RT #15941]
2009. [bug] libbind: coverity fixes. [RT #15808]
2005. [bug] libbind: Retransmission timeouts should be
based on which attempt it is to the nameserver
and not the nameserver itself. [RT #13548]
2004. [bug] dns_tsig_sign() could pass a NULL pointer to
dst_context_destroy() when cleaning up after a
error. [RT #15835]
2003. [bug] libbind: The DNS name/address lookup functions
could
occasionally follow a random pointer due to
structures not being completely zeroed. [RT #15806]
2002. [bug] libbind: tighten the constraints on when
struct addrinfo._ai_pad exists. [RT #15783]
2000. [bug] memmove()/strtol() fix was incomplete. [RT
#15812]
1998. [bug] Restrict handling of fifos as sockets to just
SunOS.
This allows named to connect to entropy gathering
daemons that use fifos instead of sockets. [RT #15840]
1997. [bug] Named was failing to replace negative cache
entries
when a positive one for the type was learnt.
[RT #15818]
1995. [bug] 'host' was reporting multiple "is an
alias" messages.
[RT #15702]
1994. [port] OpenSSL 0.9.8 support. [RT #15694]
1993. [bug] Log messsage, via syslog, were missing the
space
after the timestamp if "print-time yes" was
specified.
[RT #15844]
1991. [cleanup] The configuration data, once read, should be
treated
as readonly. Expand the use of const to enforce this
at compile time. [RT #15813]
1990. [bug] libbind: isc's override of broken
gettimeofday()
implementions was not always effective.
[RT #15709]
1989. [bug] win32: don't check the service password when
re-installing. [RT #15882]
1985. [protocol] DLV has now been assigned a official type
code of
32769. [RT #15807]
Note: care should be taken to ensure you upgrade
both named and dnssec-signzone at the same time for
zones with DLV records where named is the master
server for the zone. Also any zones that contain
DLV records should be removed when upgrading a slave
zone. You do not however have to upgrade all
servers for a zone with DLV records simultaniously.
1982. [bug] DNSKEY was being accepted on the parent side
of
a delegation. KEY is still accepted there for
RFC 3007 validated updates. [RT #15620]
1981. [bug] win32: condition.c:wait() could fail to
reattain
the mutex lock.
1979. [port] linux: allow named to drop core after
changing
user ids. [RT #15753]
1978. [port] Handle systems which have a broken recvmsg().
[RT #15742]
1977. [bug] Silence noisy log message. [RT #15704]
1976. [bug] Handle systems with no IPv4 addresses. [RT
#15695]
1975. [bug] libbind: isc_gethexstring() could misparse
multi-line
hex strings with comments. [RT #15814]
1974. [doc] List each of the zone types and associated
zone
options seperately in the ARM.
1972. [contrib] DBUS dynamic forwarders integation from
Jason Vas Dias <jvdiasredhat.com>.
1971. [port] linux: make detection of missing IF_NAMESIZE
more
robust. [RT #15443]
1970. [bug] nsupdate: adjust UDP timeout when falling back
to
unsigned SOA query. [RT #15775]
1969. [bug] win32: the socket code was freeing the socket
structure too early. [RT #15776]
1968. [bug] Missing lock in resolver.c:validated(). [RT
#15739]
1966. [bug] Don't set CD when we have fallen back to plain
DNS.
[RT #15727]
1963. [port] Tru64 4.0E doesn't support send() and recv().
[RT #15586]
1962. [bug] Named failed to clear old update-policy when
it
was removed. [RT #15491]
1961. [bug] Check the port and address of responses
forwarded
to dispatch. [RT #15474]
1960. [bug] Update code should set NSEC ttls from SOA
MINIMUM.
[RT #15465]
1958. [bug] Named failed to update the zone's secure state
until the zone was reloaded. [RT #15412]
1957. [bug] Dig mishandled responses to class ANY queries.
[RT #15402]
1956. [bug] Improve cross compile support, 'gen' is now
built
by native compiler. See README for additional
cross compile support information. [RT #15148]
1955. [bug] Pre-allocate the cache cleaning interator. [RT
#14998]
1952. [port] hpux: tell the linker to build a runtime link
path "-Wl,+b:". [RT #14816].
1951. [security] Drop queries from particular well known
ports.
Don't return FORMERR to queries from particular
well known ports. [RT #15636]
1950. [port] Solaris 2.5.1 and earlier cannot bind() then
connect()
a TCP socket. This prevents the source address being
set for TCP connections. [RT #15628]
1948. [bug] If was possible to trigger a REQUIRE failure
in
xfrin.c:maybe_free() if named ran out of memory.
[RT #15568]
1946. [bug] resume_dslookup() could trigger a REQUIRE
failure
when using forwarders. [RT #15549]
1944. [cleanup] isc_hash_create() does not need a read/write
lock.
[RT #15522]
1943. [bug] Set the loadtime after rolling forward the
journal.
[RT #15647]
1942. [bug] If the name of a DNSKEY match that of one in
trusted-keys do not attempt to validate the DNSKEY
using the parents DS RRset. [RT #15649]
1941. [bug] ncache_adderesult() should set eresult even if
no
rdataset is passed to it. [RT #15642]
1940. [bug] Fixed a number of error conditions reported by
Coverity.
1939. [bug] The resolver could dereference a null
pointer after
validation if all the queries have timed out.
[RT #15528]
1938. [bug] The validator was not correctly handling
unsecure
negative responses at or below a SEP. [RT #15528]
1919. [contrib] queryperf: a set of new features:
collecting/printing
response delays, printing intermediate results, and
adjusting query rate for the "target" qps.
--- 9.3.2 released ---
--- 9.3.2rc1 released ---
1936. [bug] The validator could leak memory. [RT #15544]
1932. [bug] hpux: LDFLAGS was getting corrupted. [RT
#15530]
--- 9.3.2b2 released ---
1930. [port] HPUX: ia64 support. [RT #15473]
1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
1926. [bug] The Windows installer did not check for empty
passwords. BINDinstall was being installed in
the wrong place. [RT #15483]
1925. [port] All outer level AC_TRY_RUNs need cross
compiling
defaults. [RT #15469]
1924. [port] libbind: hpux ia64 support. [RT #15473]
1923. [bug] ns_client_detach() called too early. [RT
#15499]
--- 9.3.2b1 released ---
1917. [doc] funcsynopsisinfo wasn't being treated as
verbatim
when generating man pages. [RT #15385]
1915. [bug] dig +ndots was broken. [RT #15215]
1914. [protocol] DS is required to accept mnemonic
algorithms
(RFC 4034). Still emit numeric algorithms for
compatability with RFC 3658. [RT #15354]
1911. [bug] Update windows socket code. [RT #14965]
1910. [bug] dig's +sigchase code overhauled. [RT #14933]
1909. [bug] The DLV code has been re-worked to make no
longer
query order sensitive. [RT #14933]
1905. [bug] Strings returned from cfg_obj_asstring() should
be
treated as read-only. [RT #15256]
1901. [cleanup] Don't add DNSKEY records to the additional
section.
1900. [bug] ixfr-from-differences failed to ensure that
the
serial number increased. [RT #15036]
1896. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
ISC_NETADDR_FORMATSIZE to allow for scope details.
1894. [bug] Recursive clients soft quota support wasn't
working
as expected. [RT #15103]
1893. [bug] A escaped character is, potentially, converted
to
the output character set too early. [RT #14666]
1892. [port] Use uintptr_t if available. [RT #14606]
1889. [port] sunos: non blocking i/o support. [RT #14951]
1887. [bug] The cache could delete expired records too fast
for
clients with a virtual time in the past. [RT #14991]
1886. [bug] fctx_create() could return success even though
it
failed. [RT #14993]
1884. [cleanup] dighost.c: move external declarations into
<dig/dig.h>.
1883. [bug] dnssec-signzone, dnssec-keygen: handle negative
debug
levels. [RT #14962]
1881. [func] Add a system test for named-checkconf. [RT
#14931]
1877. [bug] Fix unreasonably low quantum on call to
dns_rbt_destroy2(). Remove unnecessay unhash_node()
call. [RT #14919]
1875. [bug] process_dhtkey() was using the wrong memory
context
to free some memory. [RT #14890]
1874. [port] sunos: portability fixes. [RT #14814]
1873. [port] win32: isc__errno2result() now reports its
caller.
[RT #13753]
1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT
#13753]
1867. [bug] It was possible to trigger a INSIST in
dlv_validatezonekey(). [RT #14846]
1866. [bug] resolv.conf parse errors were being ignored by
dig/host/nslookup. [RT #14841]
1865. [bug] Silently ignore nameservers in /etc/resolv.conf
with
bad addresses. [RT #14841]
1864. [bug] Don't try the alternative transfer source if
you
got a answer / transfer with the main source
address. [RT #14802]
1863. [bug] rrset-order "fixed" error messages
not complete.
1861. [bug] dig could trigger a INSIST on certain
malformed
responses. [RT #14801]
1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
incorrectly set. [RT #14775]
1858. [bug] The flush-zones-on-shutdown option wasn't
being
parsed. [RT #14686]
1857. [bug] named could trigger a INSIST() if reconfigured
/
reloaded too fast. [RT #14673]
1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
[RT #11398]
1855. [bug] ixfr-from-differences was failing to detect
changes
of ttl due to dns_diff_subtract() was ignoring the ttl
of records. [RT #14616]
1854. [bug] lwres also needs to know the print format for
(long long). [RT #13754]
1853. [bug] Rework how DLV interacts with proveunsecure().
[RT #13605]
1852. [cleanup] Remove last vestiges of dnssec-signkey and
dnssec-makekeyset (removed from Makefile years ago).
1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT
#14591]
1849. [doc] All forms of the man pages (docbook, man, html)
should
have consistant copyright dates.
1848. [bug] Improve SMF integration. [RT #13238]
1847. [bug] isc_ondestroy_init() is called too late in
dns_rbtdb_create()/dns_rbtdb64_create().
[RT #13661]
1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
<bortzmeyernic.fr>.
1845. [bug] Improve error reporting to distingish between
accept()/fcntl() and socket()/fcntl() errors.
[RT #13745]
1844. [bug] inet_pton() accepted more that 4 hexadecimal
digits
for each 16 bit piece of the IPv6 address. The text
representation of a IPv6 address has been tighted
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
[RT #5662]
1843. [cleanup] CINCLUDES takes precedence over CFLAGS.
This helps
when CFLAGS contains "-I /usr/local/include"
resulting in old header files being used.
1842. [port] cmsg_len() could produce incorrect results on
some platform. [RT #13744]
1841. [bug] "dig +nssearch" now makes a recursive
query to
find the list of nameservers to query. [RT #13694]
1839. [bug] <isc/hash.h> was not being installed.
1838. [cleanup] Don't allow Linux capabilities to be
inherited.
[RT #13707]
1837. [bug] Compile time option ISC_FACILITY was not
effective
for 'named -u <user>'. [RT #13714]
1836. [cleanup] Silence compiler warnings in hash_test.c.
1835. [bug] Update dnssec-signzone's usage message. [RT
#13657]
1834. [bug] Bad memset in rdata_test.c. [RT #13658]
1833. [bug] Race condition in isc_mutex_lock_profile(). [RT
#13660]
1832. [bug] named fails to return BADKEY on unknown TSIG
algorithm.
[RT #13620]
1831. [doc] Update named-checkzone documentation.
[RT#13604]
1830. [bug] adb lame cache has sence of test reversed. [RT
#13600]
1829. [bug] win32: "pid-file none;" broken. [RT
#13563]
1828. [bug] isc_rwlock_init() failed to properly cleanup if
it
encountered a error. [RT #13549]
1827. [bug] host: update usage message for '-a'. [RT
#37116]
1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on
out
of memory error. [RT #13537]
1825. [bug] Missing UNLOCK() on out of memory error from
in
rbtdb.c:subtractrdataset(). [RT #13519]
1824. [bug] Memory leak on dns_zone_setdbtype() failure.
[RT #13510]
1823. [bug] Wrong macro used to check for point to point
interface.
[RT#13418]
1822. [bug] check-names test for RT was reversed. [RT
#13382]
1821. [doc] acls definitions are no longer required to be
in named.conf prior to reference. They can be
defined after being referenced.
1820. [bug] Gracefully handle acl loops. [RT #13659]
1819. [bug] The validator needed to check both the
algorithm and
digest types of the DS to determine if it could be
used to introduce a secure zone. [RT #13593]
1816. [port] UnixWare: failed to compile
lib/isc/unix/net.c.
[RT #13597]
1815. [bug] nsupdate triggered a REQUIRE if the server was
set
without also setting the zone and it encountered
a CNAME and was using TSIG. [RT #13086]
1810. [bug] configure, lib/bind/configure make different
default
decisions about whether to do a threaded build.
[RT #13212]
1809. [bug] "make distclean" failed for libbind
if the platform
is not supported.
1807. [bug] When forwarding (forward only) set the active
domain
from the forward zone name. [RT #13526]
1804. [bug] Ensure that if we are queried for glue that it
fits
in the additional section or TC is set to tell the
client to retry using TCP. [RT #10114]
1803. [bug] dnssec-signzone sometimes failed to remove old
RRSIGs. [RT #13483]
1802. [bug] Handle connection resets better. [RT #11280]
1799. [bug] 'rndc flushname' failed to flush negative
cache
entries. [RT #13438]
1795. [bug] "rndc dumpdb" was not fully
documented. Minor
formating issues with "rndc dumpdb -all". [RT
#13396]
1791. [bug] 'host -t a' still printed out AAAA and MX
records.
[RT #13230]
--- 9.3.1 released ---
1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT
#13599]
--- 9.3.1rc1 released ---
1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is
incorrect.
[RT #13453]
1808. [bug] zone.c:notify_zone() contained a race
condition,
zone->db could change underneath it. [RT #13511]
1806. [bug] The resolver returned the wrong result when a
CNAME /
DNAME was encountered when fetching glue from a
secure namespace. [RT #13501]
1805. [bug] Pending status was not being cleared when DLV
was
active. [RT #13501]
--- 9.3.1beta2 released ---
1800. [bug] Changes #1719 allowed a INSIST to be
triggered.
[RT #13428]
--- 9.3.1beta1 released ---
1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This
should
allow parallel make to succeed.
1789. [bug] Prerequisite test for tkey and dnssec could
fail
with "configure --with-libtool".
1788. [bug] libbind9.la/libbind9.so needs to link against
libisccfg.la/libisccfg.so.
1787. [port] HPUX: both "cc" and "gcc"
need -Wl,+vnocompatwarnings.
1786. [port] AIX: libt_api needs to be taught to look for
T_testlist in the main executable (--with-libtool).
[RT #13239]
1785. [bug] libbind9.la/libbind9.so needs to link against
libisc.la/libisc.so.
1784. [cleanup] "libtool -allow-undefined" is the
default.
Leave hooks in configure to allow it to be set
if needed in the future.
1783. [cleanup] We only need one copy of libtool.m4,
ltmain.sh in the
source tree.
1782. [port] OSX: --with-libtool + --enable-libbind broke
on
__evOptMonoTime. [RT #13219]
1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT
#12810]
1780. [bug] Update libtool to 1.5.10.
1779. [port] OSF 5.1: libtool didn't handle -pthread
correctly.
1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
IN6ADDR_LOOPBACK_INIT macros.
1775. [bug] Only compile getnetent_r.c when threaded. [RT
#13205]
1774. [port] Aix: Silence compiler warnings / build
failures.
[RT #13154]
1773. [bug] Fast retry on host / net unreachable. [RT
#13153]
1770. [bug] named-checkconf failed to report missing a
missing
file clause for rbt master/hint zones. [RT#13009]
1769. [port] win32: change compiler flags /MTd ==>
/MDd,
/MT ==> /MD.
1768. [bug] nsecnoexistnodata() could be called with a
non-NSEC
rdataset. [RT #12907]
1767. [port] Builds on IPv6 platforms without IPv6 Advanced
API
support for (struct in6_pktinfo) failed. [RT #13077]
1766. [bug] Update the master file timestamp on successful
refresh
as well as the journal's timestamp. [RT# 13062]
1765. [bug] configure --with-openssl=auto failed. [RT
#12937]
1764. [bug] dns_zone_replacedb failed to emit a error
message
if there was no SOA record in the replacment db.
[RT #13016]
1762. [bug] isc_interfaceiter_create() could return
ISC_R_SUCCESS
even when it failed. [RT #12995]
1761. [bug] 'rndc dumpdb' didn't report unassociated
entries.
[RT #12971]
1760. [bug] Host / net unreachable was not penalising rtt
estimates. [RT #12970]
1759. [bug] Named failed to startup if the OS supported
IPv6
but had no IPv6 interfaces configured. [RT #12942]
1754. [bug] We wern't always attempting to query the
parent
server for the DS records at the zone cut.
[RT #12774]
1753. [bug] Don't serve a slave zone which has no NS
records.
[RT #12894]
1752. [port] Move isc_app_start() to after
ns_os_daemonise()
as some fork() implementations unblock the signals
that are blocked by isc_app_start(). [RT #12810]
1751. [bug] --enable-getifaddrs failed under linux. [RT
#12867]
1750. [port] lib/bind/make/rules.in:subdirs was not bash
friendly.
[RT #12864]
1749. [bug] 'check-names response ignore;' failed to
ignore.
[RT #12866]
1747. [bug] BIND 8 compatability: named/named-checkconf
failed
to parse "host-statistics-max" in named.conf.
1745. [bug] Dig/host/nslookup accept replies from link
locals
regardless of scope if no scope was specified when
query was sent. [RT #12745]
1744. [bug] If tuple2msgname() failed to convert a tuple
to
a name a REQUIRE could be triggered. [RT #12796]
1743. [bug] If isc_taskmgr_create() was not able to create
the
requested number of worker threads then destruction
of the manager would trigger an INSIST() failure.
[RT #12790]
1742. [bug] Deleting all records at a node then adding a
previously existing record, in a single UPDATE
transaction, failed to leave / regenerate the
associated RRSIG records. [RT #12788]
1741. [bug] Deleting all records at a node in a secure
zone
using a update-policy grant failed. [RT #12787]
1740. [bug] Replace rbt's hash algorithm as it performed
badly
with certain zones. [RT #12729]
NOTE: a hash context now needs to be established
via isc_hash_create() if the application was not
already doing this.
1739. [bug] dns_rbt_deletetree() could incorrectly return
ISC_R_QUOTA. [RT #12695]
1738. [bug] Enable overrun checking by default. [RT
#12695]
1737. [bug] named failed if more than 16 masters were
specified.
[RT #12627]
1736. [bug] dst_key_fromnamedfile() could fail to read a
public key. [RT #12687]
1735. [bug] 'dig +sigtrace' could die with a REQUIRE
failure.
[RE #12688]
1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in
path.
[RT #12588]
1733. [bug] Return non-zero exit status on initial load
failure.
[RT #12658]
1732. [bug] 'rrset-order name "*"' wasn't being
applied to ".".
[RT #12467]
1731. [port] darwin: relax version test in ifconfig.sh.
[RT #12581]
1730. [port] Determine the length type used by the socket
API.
[RT #12581]
1728. [doc] Update check-names documentation.
1727. [bug] named-checkzone: check-names support didn't
match
documentation.
1726. [port] aix5: add support for aix5.
1725. [port] linux: update error message on interaction of
threads,
capabilities and setuid support (named -u). [RT #12541]
1724. [bug] Look for DNSKEY records with "dig
+sigtrace".
[RT #12557]
1723. [cleanup] Silence compiler warnings from t_tasks.c.
[RT #12493]
1722. [bug] Don't commit the journal on malformed ixfr
streams.
[RT #12519]
1721. [bug] Error message from the journal processing were
not
always identifing the relevent journal. [RT #12519]
1720. [bug] 'dig +chase' did not terminate on a RFC 2308
Type 1
negative response. [RT #12506]
1719. [bug] named was not correctly caching a RFC 2308 Type
1
negative response. [RT #12506]
1718. [bug] nsupdate was not handling RFC 2308 Type 3
negative
responses when looking for the zone / master server.
[RT #12506]
1717. [port] solaris: ifconfig.sh did not support Solaris
10.
"ifconfig.sh down" didn't work for Solaris 9.
1716. [doc] named.conf(5) was being installed in the wrong
location. [RT# 12441]
1714. [bug] dig/host/nslookup were only trying the first
address when a nameserver was specified by name.
[RT #12286]
1713. [port] linux: extend capset failure message to say:
please ensure that the capset kernel module is
loaded. see insmod(8)
1712. [bug] Missing FULLCHECK for "trusted-key"
in dig.
--- 9.3.0 released ---
|
