Evan Hunt
a3f30d1aac
[v9_9] address TSIG bypass/forgery vulnerabilities
...
4643. [security] An error in TSIG handling could permit unauthorized
zone transfers or zone updates. (CVE-2017-3142)
(CVE-2017-3143) [RT #45383 ]
(cherry picked from commit 581c1526ab )
(cherry picked from commit a03f4b1ea4 )
2017-06-27 11:41:31 -07:00
Evan Hunt
ef0f8427a2
[v9_9] quote service registry paths
...
4532. [security] The BIND installer on Windows used an unquoted
service path, which can enable privilege escalation.
(CVE-2017-3141) [RT #45229 ]
(cherry picked from commit 967a3b9419 )
(cherry picked from commit c28e44f3f8 )
2017-05-30 13:39:28 -07:00
Evan Hunt
10f80ef83a
[v9_9] fix rpz formerr loop
...
4531. [security] Some RPZ configurations could go into an infinite
query loop when encountering responses with TTL=0.
(CVE-2017-3140) [RT #45181 ]
(cherry picked from commit 3440cf9c60 )
(cherry picked from commit a57b289ed0 )
2017-05-30 12:43:57 -07:00
Mark Andrews
c3a2924e00
add warning about semicolon no longer being escaped
...
(cherry picked from commit d4d73bca79 )
2017-05-11 11:03:18 +10:00
Evan Hunt
9ad188ccaf
[v9_9] give threads unique names to assist debugging
...
4602. [func] Threads are now set to human-readable
names to assist debugging, when supported by
the OS. [RT #43234 ]
(cherry picked from commit d26ae7fc08 )
(cherry picked from commit 8b9c4592ed )
2017-04-21 14:00:54 -07:00
Evan Hunt
dc0a308b9a
[v9_9] clear out relnotes
2017-04-21 13:39:29 -07:00
Evan Hunt
78354abccc
[v9_9] update EOL date
2017-04-20 11:26:10 -07:00
Evan Hunt
835485d6a7
[v9_9] formatting
...
(cherry picked from commit 52e398c0af )
2017-04-12 14:06:18 -07:00
Mark Andrews
91adc7a4da
add CVE-2017-3138
...
(cherry picked from commit fe1ad70e51 )
2017-03-30 02:57:16 +11:00
Evan Hunt
fcf1874867
[v9_9] remove unnecessary INSIST and prep 9.11.1rc2
...
4578. [security] Some chaining (CNAME or DNAME) responses to upstream
queries could trigger assertion failures.
(CVE-2017-3137) [RT #44734 ]
(cherry picked from commit a1365a0042 )
(cherry picked from commit 559cbe04e7 )
2017-02-23 15:26:55 -08:00
Mark Andrews
52e42f648b
add CVE-2017-3136 note
...
(cherry picked from commit d77eadc261 )
2017-02-15 12:45:20 +11:00
Evan Hunt
02f0aa2ed3
[v9_9] doc style
2017-02-07 08:19:39 -08:00
Evan Hunt
0220addcca
[v9_9] removed extra note about bind.keys update
2017-02-06 14:19:39 -08:00
Evan Hunt
3b1b532d66
[v9_9] release note about new root key
2017-02-04 22:16:06 -08:00
Mark Andrews
07f8c99017
new root KSK
2017-02-02 18:30:20 +11:00
Evan Hunt
a6bae6d52c
[v9_9] change 4558 was incomplete
...
(cherry picked from commit cd668ea57f )
2017-01-30 14:11:30 -08:00
Evan Hunt
4474e3aca7
[v9_9] expand relnote
...
(cherry picked from commit afa0ff0cbb )
2017-01-23 20:05:13 -08:00
Mark Andrews
4b843e0cc8
4556. [security] Combining dns64 and rpz can result in dereferencing
...
a NULL pointer (read). (CVE-2017-3135) [RT#44434]
(cherry picked from commit 5abe80ef13 )
2017-01-24 09:56:20 +11:00
Tinderbox User
0ed649b6e5
update copyright notice / whitespace
2017-01-12 23:48:25 +00:00
Mark Andrews
ab9537f521
4553. [bug] Named could deadlock there were multiple changes to
...
NSEC/NSEC3 parameters for a zone being processed at
the same time. [RT #42770 ]
(cherry picked from commit d2e1b47d4f )
2017-01-12 14:26:17 +11:00
Mark Andrews
72a50181d2
4552. [bug] Named could trigger a assertion when sending notify
...
messages. [RT #44019 ]
(cherry picked from commit 42924b40af )
2017-01-12 14:20:18 +11:00
Evan Hunt
4e8f6de3dd
[v9_9] release notes
2016-12-28 20:10:52 -08:00
Mark Andrews
d372472f60
4508. [security] Named incorrectly tried to cache TKEY records which
...
could trigger a assertion failure when there was
a class mismatch. (CVE-2016-9131) [RT #43522 ]
(cherry picked from commit 2c1c4b99a1 )
2016-12-29 11:35:54 +11:00
Evan Hunt
81a5785611
[v9_9] release notes
2016-12-28 13:54:44 -08:00
Mark Andrews
3cf6fa831e
4527. [doc] Support DocBook XSL Stylesheets v1.79.1. [RT #43831 ]
...
(cherry picked from commit 1b8ce3b330 )
2016-12-07 11:00:40 +11:00
Mark Andrews
51fe40fd59
4504. [security] Allow the maximum number of records in a zone to
...
be specified. This provides a control for issues
raised in CVE-2016-6170. [RT #42143 ]
(cherry picked from commit 5f8412a4cb )
2016-11-03 10:46:37 +11:00
Mark Andrews
fa1f25ce83
add CVE-2016-2776
2016-09-09 11:53:18 +10:00
Mark Andrews
00e7b6dcca
grammar
...
(cherry picked from commit 8f7881684b )
2016-07-14 09:43:04 +10:00
Mark Andrews
e0f5ce3bad
add [RT #42694 ]
2016-07-13 11:36:13 +10:00
Mark Andrews
eca42d74ef
whitespace
2016-07-13 11:25:32 +10:00
Mark Andrews
d05f0b2479
add CVE-2016-2775
2016-07-12 01:19:20 +10:00
Mark Andrews
8491339284
add note for rt42694
...
(cherry picked from commit aacf0753e9 )
2016-07-07 13:55:57 +10:00
Evan Hunt
08da9c0bc0
[v9_9] spelling
2016-05-25 18:45:49 -07:00
Evan Hunt
767c85f45a
[v9_9] extend release notes
2016-05-25 18:43:56 -07:00
Evan Hunt
d5ebc757a6
[v9_9] log message when using ISC DLV
...
4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service
is scheduled to be disabled in 2017. A warning is
now logged when named is configured to use it,
either explicitly or via "dnssec-lookaside auto;"
[RT #42207 ]
2016-05-04 14:40:17 -07:00
Tinderbox User
046e66c891
update copyright notice / whitespace
2016-03-30 23:45:53 +00:00
Jeremy C. Reed
a2f067c7b5
[v9_9] some release notes updates
...
mention that the document summarizes "significant" changes
since obviously it misses a lot.
Also refer to the CHANGES file.
Added a few bugs. Wording some discussed via email, phone call, and jabber.
2016-03-30 13:36:55 -04:00
Evan Hunt
7d5c94236b
[v9_9] more release note corrections
2016-03-24 16:40:54 -07:00
Evan Hunt
7e76a21929
[v9_9] fixes for release notes
2016-03-24 14:43:05 -07:00
Mark Andrews
ef0a86dfad
note rrsig regeneration
...
(cherry picked from commit 98c5690bd9 )
2016-03-11 12:28:11 +11:00
Jeremy C. Reed
4943482c81
minor updates and a typo fix
...
mention SMIMEA, new contrib, and named -V
2016-03-08 08:52:45 -05:00
Mark Andrews
c85aaaaf17
9.9.9b1
2016-03-08 16:14:23 +11:00
Mark Andrews
cb3e40e655
add AVC
2016-03-04 18:17:39 +11:00
Evan Hunt
b5957e6c2d
[v9_9] recursively clean empty interior nodes when deleting database records
...
4324. [bug] When deleting records from a zone database, interior
nodes could be left empty but not deleted, damaging
search performance afterward. [RT #40997 ]
(cherry picked from commit 44c86318ed )
(cherry picked from commit db06cd726c )
2016-03-03 21:19:59 -08:00
Mark Andrews
885b3a09f2
re-order security list into reverse order
2016-02-29 12:47:03 +11:00
Mukund Sivaraman
76c3c9fe9f
Fix resolver assertion failure due to improper DNAME handling (CVE-2016-1286) ( #41753 )
...
(cherry picked from commit 5995fec51c )
(cherry picked from commit 456e1eadd2 )
2016-02-22 12:25:46 +05:30
Mark Andrews
31e4657cf2
4318. [security] Malformed control messages can trigger assertions
...
in named and rndc. (CVE-2016-1285) [RT #41666 ]
(cherry picked from commit a2b15b3305 )
2016-02-18 12:18:00 +11:00
Evan Hunt
b23d9e68e9
[v9_9] remove reporter's name per his request
2016-01-29 10:36:17 -08:00
Evan Hunt
e1997cc26e
[v9_9] update EOL date
2016-01-27 12:08:08 -08:00
Evan Hunt
75214d0c59
[v9_9] fix use after free on xfr timeout
...
4289. [bug] The server could crash due to memory being used
after it was freed if a zone transfer timed out.
[RT #41297 ]
2016-01-04 22:06:35 -08:00