|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andreas Gustafsson (Andreas.Gustafsson
nominum.com)Date: Fri May 04 2001 - 22:37:17 CDT
BIND 9.1.2 is now available. This is a maintenance release,
containing fixes for a number of bugs in 9.1.1 but no new features.
We recommend that all users of earlier versions of BIND 9 upgrade to
9.1.2.
DNSSEC users should note that DNSSEC validation involving algorithms
other than RSA will not interoperate between this version of BIND and
version 9.1.1 or older, because the older versions use an incorrect
formula for calculating key tags of non-RSA keys.
BIND 9.1.2 can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.1.2/bind-9.1.2.tar.gz
The PGP signature of the distribution is at
ftp://ftp.isc.org/isc/bind9/9.1.2/bind-9.1.2.tar.gz.asc
The signature was generated with the ISC public key, which is available
at <http://www.isc.org/ISC/isckey.txt>.
A list of changes made since 9.1.0 follows. For earlier changes,
see the file CHANGES in the distribution.
--------
--- 9.1.2 released ---
--- 9.1.2rc1 released ---
820. [bug] Name server address lookups failed to follow
A6 chains into the glue of local authoritative
zones.
819. [bug] In certain cases, the resolver's attempts to
restart an address lookup at the root could cause
the fetch to deadlock (with itself) instead of
restarting. [RT #1225]
818. [bug] Certain pathological responses to ANY queries could
cause an assertion failure. [RT #1218]
816. [bug] Report potential problems with log file accessibility
at configuration time, since such problems can't
reliably be reported at the time they actually occur.
815. [bug] If a log file was specified with a path separator
character (i.e. "/") in its name and the directory
did not exist, the log file's name was treated as
though it were the directory name. [RT #1189]
814. [bug] Socket objects left over from accept() failures
were incorrectly destroyed, causing corruption
of socket manager data structures.
813. [bug] File descriptors exceeding FD_SETSIZE were handled
badly. [RT #1192]
812. [bug] dig sometimes printed incomplete IXFR responses
due to an uninitialized variable. [RT #1188]
811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
810. [bug] The signer name in SIG records was not properly
downcased when signing/verifying records. [RT #1186]
807. [bug] When setting up TCP connections for incoming zone
transfers, the transfer-source port was not
ignored like it should be.
804. [bug] Attempting to obtain entropy could fail in some
situations. This would be most common on systems
with user-space threads. [RT #1131]
802. [bug] DNSSEC key tags were computed incorrectly in almost
all cases. [RT #1146]
801. [bug] nsupdate should treat lines beginning with ';' as
comments. [RT #1139]
800. [bug] dnssec-signzone produced incorrect statistics for
large zones. [RT #1133]
799. [bug] The ADB didn't find AAAA glue in a zone unless A6
glue was also present.
--- 9.1.1 released ---
--- 9.1.1rc7 released ---
791. [bug] The control channel did not work over IPv6.
790. [bug] Wildcards created using dynamic update or IXFR
could fail to match. [RT #1111]
787. [bug] The DNSSEC tools failed to downcase domain
names when mapping them into file names.
786. [bug] When DNSSEC signing/verifying data, owner names were
not properly downcased.
--- 9.1.1rc6 released ---
785. [bug] A race condition in the resolver could cause
an assertion failure. [RT #673, #872, #1048]
784. [bug] nsupdate and other programs would not quit properly
if some signals were blocked by the caller. [RT #1081]
783. [bug] Following CNAMEs could cause an assertion failure
when either using an sdb database or under very
rare conditions.
780. [bug] Error handling code dealing with out of memory or
other rare errors could lead to assertion failures
by calling functions on unitialized names. [RT #1065]
--- 9.1.1rc5 released ---
778. [bug] When starting cache cleaning, cleaning_timer_action()
returned without first pausing the iterator, which
could cause deadlock. [RT #998]
777. [bug] An empty forwarders list in a zone failed to override
global forwarders. [RT #995]
775. [bug] Address match lists with invalid netmasks caused
the configuration parser to abort with an assertion
failure. [RT #996]
772. [bug] Owner names could be incorrectly omitted from cache
dumps in the presence of negative caching entries.
[RT #991]
686. [bug] dig and nslookup can now be properly aborted during
blocking operations. [RT #568]
--- 9.1.1rc4 released ---
767. [bug] The configuration parser handled invalid ports badly.
[RT #961]
766. [bug] A few cases in query_find() could leak fname.
This would trigger the mpctx->allocated == 0
assertion when the server exited.
[RT #739, #776, #798, #812, #818, #821, #845,
#892, #935, #966]
759. [bug] The resolver didn't turn off "avoid fetches" mode
when restarting, possibly causing resolution
to fail when it should not. This bug only affected
platforms which support both IPv4 and IPv6. [RT #927]
758. [bug] The "avoid fetches" code did not treat negative
cache entries correctly, causing fetches that would
be useful to be avoided. This bug only affected
platforms which support both IPv4 and IPv6. [RT #927]
756. [bug] dns_zone_load() could "return" success when no master
file was configured.
755. [bug] Fix incorrectly formatted log messages in zone.c.
709. [bug] ANY or SIG queries for data with a TTL of 0
would return SERVFAIL. [RT #620]
--- 9.1.1rc3 released ---
754. [bug] Certain failure conditions sending UDP packets
could cause the server to retry the transmission
indefinitely. [RT #902]
753. [bug] dig, host, and nslookup would fail to contact a
remote server if getaddrinfo() returned an IPv6
address on a system that doesn't support IPv6.
[RT #917]
750. [bug] A query should not match a DNAME whose trust level
is pending. [RT #916]
749. [bug] When a query matched a DNAME in a secure zone, the
server did not return the signature of the DNAME.
[RT #915]
747. [bug] The code to determine whether an IXFR was possible
did not properly check for a database that could
not have a journal. [RT #865, #908]
746. [bug] The sdb didn't clone rdatasets properly, causing
a crash when the server followed delegations. [RT #905]
744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
result of an ANY or SIG query, the resolver failed
to setup the return event's rdatasets, causing an
assertion failure in the query code. [RT #881]
743. [bug] Receiving a large number of certain malformed
answers could cause named to stop responding.
[RT #861]
742. [bug] dig +domain did not work. [RT #850]
738. [bug] If a non-threadsafe sdb driver supported AXFR and
received an AXFR request, it would deadlock or die
with an assertion failure. [RT #852]
737. [port] stdtime.c failed to compile on certain platforms.
648. [port] Add support for pre-RFC2133 IPv6 implementations.
--- 9.1.1rc2 released ---
733. [bug] Reference counts of dns_acl_t objects need to be
locked but were not. [RT #801, #821]
708. [bug] When building with --with-openssl, the openssl headers
included with BIND 9 should not be used. [RT #702]
--- 9.1.1rc1 released ---
729. [port] pthread_setconcurrency() needs to be called on Solaris.
727. [port] Work around OS bug where accept() succeeds but
fails to fill in the peer address of the accepted
connection, by treating it as an error rather than
an assertion failure. [RT #809]
723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
to return DNS_R_SERVFAIL. [RT #783]
720. [bug] Server could enter infinite loop in
dispatch.c:do_cancel(). [RT #733]
719. [bug] Rapid reloads could trigger an assertion failure.
[RT #743, #763]
717. [bug] Certain TKEY processing failure modes could
reference an uninitialized variable, causing the
server to crash. [RT #750]
716. [bug] The first line of a $INCLUDE master file was lost if
an origin was specified. [RT #744]
715. [bug] Resolving some A6 chains could cause an assertion
failure in adb.c. [RT #738]
711. [bug] The libisc and liblwres implementations of
inet_ntop contained an off by one error.
706. [bug] Zones with an explicit "allow-update { none; };"
were considered dynamic and therefore not reloaded
on SIGHUP or "rndc reload".
700. [bug] $GENERATE range check was wrong. [RT #688]
698. [bug] Aborting nsupdate with ^C would lead to several
race conditions.
699. [bug] The lexer mishandled empty quoted strings. [RT #694]
694. [bug] $GENERATE did not produce the last entry.
[RT #682, #683]
693. [bug] An empty lwres statement in named.conf caused
the server to crash while loading.
692. [bug] Deal with systems that have getaddrinfo() but not
gai_strerror(). [RT #679]
691. [bug] Configuring per-view forwarders caused an assertion
failure. [RT #675, #734]
--- 9.1.0 released ---
--------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]