OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
BIND 8.3.5 Release

Mark_Andrewsisc.org
Date: Mon Jun 02 2003 - 21:11:50 CDT

                        BIND 8.3.5 Release

BIND 8.3.5 is a maintenance release of BIND 8.3. This is expected to be
the last release of BIND 8.3 except for security issues.

The recommended version to use is BIND 9.2.2. If for whatever reason you
must run BIND 8, use nothing earlier than 8.2.7-REL, 8.3.4-REL. Do not
under any circumstances run BIND 4.
`
Highlights vs. 8.3.4
        Maintenance release.

Highlights vs. 8.3.3
        Security Fix DoS and buffer overrun.

Highlights vs. 8.3.2
        Security Fix libbind. All applications linked against libbind
        need to re-linked.
        'rndc restart' now preserves named's arguments

Highlights vs. BIND 8.3.1:
        dig, nslookup, host and nsupdate have improved IPv6 support.

Highlights vs. BIND 8.3.0:

        Critical bug fix to prevent DNS storms. If you have BIND 8.3.0 you
        need to upgrade.

the distribution files are:

ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-src.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-doc.tar.gz
ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-contrib.tar.gz

the pgp signature files are:

ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-src.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-doc.tar.gz.asc
ftp://ftp.isc.org/isc/bind/src/8.3.5/bind-contrib.tar.gz.asc

the md5 checksums are:

MD5 (bind-contrib.tar.gz) = 8844176966590eb0f027a1a393b42ab0
MD5 (bind-contrib.tar.gz.asc) = 47b5feb7dfb9cc855d7c29b9c582d2ff
MD5 (bind-doc.tar.gz) = 7323a28e682faed324dbf4ffe0c98b8f
MD5 (bind-doc.tar.gz.asc) = 4881b4a8ee6b9d30a9e917d1eaca00d9
MD5 (bind-src.tar.gz) = 38ebddba14dd99a194d0ad866d92ba80
MD5 (bind-src.tar.gz.asc) = fffead8bfc16dd2f50aed2c9ed21c30c

Windows NT / Windows 2000 binary distribution.

        There will be no Windows binary release of BIND 8.3.5.
        The current Windows binary release is BIND 8.4.0.

top of CHANGES says:

        --- 8.3.5-REL released --- (Mon Jun 2 03:15:53 PDT 2003)

1540. [bug] remove potential memory leak from net_data_create().

1537. [bug] dig buffer overrun with large command lines.

1535. [bug] winnt: large zone transfers failed.

1536. [cleanup] use NS_MAXMSG to define TCP buffers.

1534. [func] The advertised EDNS UDP buffer size can now be set
                        via named.conf (edns-udp-size).

1533. [bug] don't artificially restrict the update message size.

1532. [bug] use maximum sized answer buffers in res_findzonecut().

1530. [bug] nslookup computed incorrect reverse lookup for IPv6.

1529. [lint] unused variable in dnsquery.c::main().

1528. [bug] getaddrinfo() incorrectly rejected a numeric service
                        under certian circumstances.

1527. [proto] add ns_t_apl (42).

1526. [doc] res_{get,set}servers().

1523. [bug] getipnodebyname with AI_ADDRCONFIG set was broken
                        on HPUX 11.11. Detect IPv6 interfaces under linux.

1519. [port] decunix: conflicting setnetgrent() and innetgr()
                        prototypes.

1518. [cleanup] silence "No root nameservers for class XX" when
                        "forward only;" is set in options.

1517. [cleanup] stop using putshort/putlong internally.

1513. [bug] use ipnodes.{byname,byaddr} for IPv6 NIS lookups.
                        Add support for "YP_MULTI_".

1511. [cleanup] don't use argument names in function prototypes.

1510. [port] openbsd uses /bsd not /kernel.

1506. [bug] named could sometimes set tc incorrectly.

1505. [bug] potential overflow if pointer arithmetic wrapped.

1503. [bug] named could make unnecessary queries for glue if the
                        additional section was full.

1501. [port] decunix: OSF 3.2 does not have native 64 bit support.

1500. [port] linux: namespace collision.

1499. [port] linux: #include <time.h> bin/dig/dig.c

1498. [bug] ns_makecanon() could under read its destination buffer
                        by one character and fail to properly canonicalise.

1497. [bug] res_mkupdate() used compression pointers when it
                        shouldn't.

1496. [bug] res_mkupdate() didn't support NAPTR.

1494. [bug] memory leak on thread destruction if gethostbyname() /
                        getnetbyname() have been called by the thread.

1493. [bug] check scope for link local servers.

1492. [placeholder]

1491. [cleanup] indentation problems.

1490. [bug] the seek offset was miscalculated when truncating
                        the ixfr log.

1489. [func] named no longer queries for missing additional A6
                        records.

1488. [port] decunix: TruCluster support.
                        See port/decunix/TruCluster.

1487. [bug] getnetgroup() takes (char **) not (const char **).

1486. [func] res_query() now generates more/better debug on failure

1485. [func] res_send() records the nameserver the response came
                        from. Dig retrieves this rather than reporting the
                        first address.
                        
1484. [bug] dig use sin.sin_port for IPv4.

1483. [bug] nslookup could dereference a NULL pointer under certain
                        circumstances.

1482. [bug] provide local storage for localtime_r result.

1481. [bug] tv.tv_sec and time_t are not always the same type.

1480. [bug] gethostbyname(), getaddrinfo() could drop address
                        if the previous call contained one of the new
                        addresses.

1479. [func] try known lame servers if all other servers have
                        failed.
                        
1478. [cleanup] libbind: don't look for A6 records, don't follow
                        DNAME record (use the CNAMES), remove some bitstring
                        related functions.

1477. [cleanup] libbind: namespace cleanup (irs_* to __irs*,
                        dst_* to __dst_* and tree_* to __tree*)

1476. [bug] dig wasn't using a random query id.

1475. [bug] "query-source address <listening interface> port *"
                        failed to use a system assigned port as documented.

1474. [bug] named wasn't seeing cached NODATA CNAME records.

1473. [bug] nslookup: buffer overrun when looking up reverse
                        IPv6 addresses under IP6.INT when not found under
                        IP6.ARPA.

1472. [port] freebsd; current has pselect().

1471. [port] 'dig -P' failed on some platforms.

1470. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30.

1467. [deleted]

1461. [func] return referrals for glue (NS/A/AAAA) if recursion is
                        disabled (recursion no;).

1460. [bug] NS_MD5RSA_MAX_BITS was not correct.

1459. [bug] ns_sign2() could fail to compute a correct signature
                        if the TSIG ownername was compressed.

1458. [bug] host: spurious "Unknown algorithm" message with default
                        zone listing. missing white space before '(' in SOA
                        format.

1457. [bug] bison didn't like ns_parser.y.

1456. [doc] document auth-nxdomain default is "no" (see # 524).

1455. [bug] named failed to allow a cached NODATA response for
                        a ANY query to be retrieved.

1454. [contrib] nsverifier from Bob.Wheltonqwest.com.

1453. [bug] SOA answers should only be cached for the current
                        tick.

1452. [bug] don't cache -ve response SOA record.

1451. [port] bsdos: maybe_fix_includes is not required.

1450. [bug] hint zones don't need to be reloaded when a "child"
                        zone is removed.

1449. [bug] it was possible to orphan glue records. this could
                        lead to panics in stale().

1438. [bug] glue from a parent zone beneath a child zone could
                        be deleted by loading a child zone.

1437. [bug] linux: probe_ipv6 was broken.

1436. [port] decunix: update sys/bitypes.h

1435. [func] named-xfer: log the zone name when reporting query
                        sent.

1434. [doc] the man page for dn_expand failed to document eomorig.

1433. [lint] remove unused variable.

1432. [func] log TSIG key name if used with zone transfer.

1431. [func] new category "update-security".

1430. [func] libbind: the default nameservers now include ::1/::
                        as well as 127.0.0.1/0.0.0.0 if none are specified in
                        resolv.conf.

1429. [port] libbind: use strlcat/strlcpy if available.

1428. [port] eventlib.c: cast tv_sec to long when calling *printf().

1427. [func] define INT8SZ

1426. [port] res_dprintf() now supports format checking w/ gcc.

1425. [bug] 'aa' was not being set appropriately with cross zone
                        CNAMES.

1424. [cleanup] ip6_str2scopeid() now returns u_int32_t.

1423. [bug] 'ndc restart' could fail to restart named if there
                        were no arguments to named.

1422. [cleanup] optarg() etc. are declared in unistd.h.

1421. [bug] clear and check errno when calling strtoul().

1420. [cleanup] use %p instead of %#x for printing pointers.

1419. [cleanup] getinfo(): kill buflen manipulation.

1418. [port] cast pointers to (size_t) when aligning.

1417. [cleanup] make1101inaddr(): kill size manipulation.

1416. [port] log_vwrite() now supports format checking w/ gcc.

1415. [port] irix: probe for in6addr_any.

1414. [bug] strtoul() cast (char*) to (unsigned char*).

1413. [bug] host: soa values are not signed.

1412. [bug] fix numeric port range check in getaddrinfo().

1411. [port] freebsd/netbsd/openbsd: #define USE_IFNAMELINKID.

1410. [port] probe for sin6_scope_id when probing for IPv6 structs.

1409. [bug] dig: reverse6 computed a incorrect nibble string.

1408. [cleanup] res_mkquery.c: kill buflen manipulation.

1407. [port] namespace clash EV_ERR -> EV_SETERR

        --- 8.3.4-REL released --- (Thu Nov 14 05:45:26 PST 2002)