115 Commits

Author SHA1 Message Date
Evan Hunt
835485d6a7 [v9_9] formatting
(cherry picked from commit 52e398c0af)
2017-04-12 14:06:18 -07:00
Mark Andrews
91adc7a4da add CVE-2017-3138
(cherry picked from commit fe1ad70e51)
2017-03-30 02:57:16 +11:00
Evan Hunt
fcf1874867 [v9_9] remove unnecessary INSIST and prep 9.11.1rc2
4578.	[security]	Some chaining (CNAME or DNAME) responses to upstream
			queries could trigger assertion failures.
			(CVE-2017-3137) [RT #44734]

(cherry picked from commit a1365a0042)
(cherry picked from commit 559cbe04e7)
2017-02-23 15:26:55 -08:00
Mark Andrews
52e42f648b add CVE-2017-3136 note
(cherry picked from commit d77eadc261)
2017-02-15 12:45:20 +11:00
Evan Hunt
02f0aa2ed3 [v9_9] doc style 2017-02-07 08:19:39 -08:00
Evan Hunt
0220addcca [v9_9] removed extra note about bind.keys update 2017-02-06 14:19:39 -08:00
Evan Hunt
3b1b532d66 [v9_9] release note about new root key 2017-02-04 22:16:06 -08:00
Mark Andrews
07f8c99017 new root KSK 2017-02-02 18:30:20 +11:00
Evan Hunt
a6bae6d52c [v9_9] change 4558 was incomplete
(cherry picked from commit cd668ea57f)
2017-01-30 14:11:30 -08:00
Evan Hunt
4474e3aca7 [v9_9] expand relnote
(cherry picked from commit afa0ff0cbb)
2017-01-23 20:05:13 -08:00
Mark Andrews
4b843e0cc8 4556. [security] Combining dns64 and rpz can result in dereferencing
a NULL pointer (read).  (CVE-2017-3135) [RT#44434]

(cherry picked from commit 5abe80ef13)
2017-01-24 09:56:20 +11:00
Tinderbox User
0ed649b6e5 update copyright notice / whitespace 2017-01-12 23:48:25 +00:00
Mark Andrews
ab9537f521 4553. [bug] Named could deadlock there were multiple changes to
NSEC/NSEC3 parameters for a zone being processed at
                        the same time. [RT #42770]

(cherry picked from commit d2e1b47d4f)
2017-01-12 14:26:17 +11:00
Mark Andrews
72a50181d2 4552. [bug] Named could trigger a assertion when sending notify
messages. [RT #44019]

(cherry picked from commit 42924b40af)
2017-01-12 14:20:18 +11:00
Evan Hunt
4e8f6de3dd [v9_9] release notes 2016-12-28 20:10:52 -08:00
Mark Andrews
d372472f60 4508. [security] Named incorrectly tried to cache TKEY records which
could trigger a assertion failure when there was
                            a class mismatch. (CVE-2016-9131) [RT #43522]

(cherry picked from commit 2c1c4b99a1)
2016-12-29 11:35:54 +11:00
Evan Hunt
81a5785611 [v9_9] release notes 2016-12-28 13:54:44 -08:00
Mark Andrews
3cf6fa831e 4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831]
(cherry picked from commit 1b8ce3b330)
2016-12-07 11:00:40 +11:00
Mark Andrews
51fe40fd59 4504. [security] Allow the maximum number of records in a zone to
be specified.  This provides a control for issues
                        raised in CVE-2016-6170. [RT #42143]

(cherry picked from commit 5f8412a4cb)
2016-11-03 10:46:37 +11:00
Mark Andrews
fa1f25ce83 add CVE-2016-2776 2016-09-09 11:53:18 +10:00
Mark Andrews
00e7b6dcca grammar
(cherry picked from commit 8f7881684b)
2016-07-14 09:43:04 +10:00
Mark Andrews
e0f5ce3bad add [RT #42694] 2016-07-13 11:36:13 +10:00
Mark Andrews
eca42d74ef whitespace 2016-07-13 11:25:32 +10:00
Mark Andrews
d05f0b2479 add CVE-2016-2775 2016-07-12 01:19:20 +10:00
Mark Andrews
8491339284 add note for rt42694
(cherry picked from commit aacf0753e9)
2016-07-07 13:55:57 +10:00
Evan Hunt
08da9c0bc0 [v9_9] spelling 2016-05-25 18:45:49 -07:00
Evan Hunt
767c85f45a [v9_9] extend release notes 2016-05-25 18:43:56 -07:00
Evan Hunt
d5ebc757a6 [v9_9] log message when using ISC DLV
4352.	[cleanup]	The ISC DNSSEC Lookaside Validation (DLV) service
			is scheduled to be disabled in 2017.  A warning is
			now logged when named is configured to use it,
			either explicitly or via "dnssec-lookaside auto;"
			[RT #42207]
2016-05-04 14:40:17 -07:00
Tinderbox User
046e66c891 update copyright notice / whitespace 2016-03-30 23:45:53 +00:00
Jeremy C. Reed
a2f067c7b5 [v9_9] some release notes updates
mention that the document summarizes "significant" changes
since obviously it misses a lot.
Also refer to the CHANGES file.

Added a few bugs. Wording some discussed via email, phone call, and jabber.
2016-03-30 13:36:55 -04:00
Evan Hunt
7d5c94236b [v9_9] more release note corrections 2016-03-24 16:40:54 -07:00
Evan Hunt
7e76a21929 [v9_9] fixes for release notes 2016-03-24 14:43:05 -07:00
Mark Andrews
ef0a86dfad note rrsig regeneration
(cherry picked from commit 98c5690bd9)
2016-03-11 12:28:11 +11:00
Jeremy C. Reed
4943482c81 minor updates and a typo fix
mention SMIMEA, new contrib, and named -V
2016-03-08 08:52:45 -05:00
Mark Andrews
c85aaaaf17 9.9.9b1 2016-03-08 16:14:23 +11:00
Mark Andrews
cb3e40e655 add AVC 2016-03-04 18:17:39 +11:00
Evan Hunt
b5957e6c2d [v9_9] recursively clean empty interior nodes when deleting database records
4324.	[bug]		When deleting records from a zone database, interior
			nodes could be left empty but not deleted, damaging
			search performance afterward. [RT #40997]

(cherry picked from commit 44c86318ed)
(cherry picked from commit db06cd726c)
2016-03-03 21:19:59 -08:00
Mark Andrews
885b3a09f2 re-order security list into reverse order 2016-02-29 12:47:03 +11:00
Mukund Sivaraman
76c3c9fe9f Fix resolver assertion failure due to improper DNAME handling (CVE-2016-1286) (#41753)
(cherry picked from commit 5995fec51c)
(cherry picked from commit 456e1eadd2)
2016-02-22 12:25:46 +05:30
Mark Andrews
31e4657cf2 4318. [security] Malformed control messages can trigger assertions
in named and rndc. (CVE-2016-1285) [RT #41666]

(cherry picked from commit a2b15b3305)
2016-02-18 12:18:00 +11:00
Evan Hunt
b23d9e68e9 [v9_9] remove reporter's name per his request 2016-01-29 10:36:17 -08:00
Evan Hunt
e1997cc26e [v9_9] update EOL date 2016-01-27 12:08:08 -08:00
Evan Hunt
75214d0c59 [v9_9] fix use after free on xfr timeout
4289.	[bug]		The server could crash due to memory being used
			after it was freed if a zone transfer timed out.
			[RT #41297]
2016-01-04 22:06:35 -08:00
Evan Hunt
97efa261cb [v9_9] Merge branch 'v9_9' of ssh://repo/proj/git/prod/bind9 into v9_9 2016-01-04 16:10:15 -08:00
Evan Hunt
f6ab9b3a28 [v9_9] fixed bogus server regression
4288.	[bug]		Fixed a regression in resolver.c:possibly_mark()
			which caused known-bogus servers to be queried
			anyway. [RT #41321]
2016-01-04 16:06:27 -08:00
Evan Hunt
7128c44787 [v9_9] clean up relnotes to include only things added since 9.9.8 2016-01-04 16:05:44 -08:00
Tinderbox User
c40fa54eab update copyright notice / whitespace 2016-01-04 23:46:16 +00:00
Evan Hunt
717129f35a [v9_9] clean up notes 2016-01-03 21:23:52 -08:00
Mark Andrews
435ab2044a 4285. [security] Specific APL data could trigger a INSIST.
(CVE-2015-8704) [RT #41396]

(cherry picked from commit 1b3d211802)
2015-12-31 13:47:08 +11:00
Mukund Sivaraman
15faf2a1fd Update notes.xml for #40996
(cherry picked from commit 6960e7fd12)
(cherry picked from commit f2d05dbb6f)
2015-12-15 18:07:37 +05:30