2010年8月20日

[installer 2478] BIND 9.5.3b1

BIND 9.5.3b1 出ています。

[security] となっている項目が複数あります。

☆ BIND 9.5.3b1
https://www.isc.org/software/bind
ftp://ftp.isc.org/isc/bind9/9.5.3b1/bind-9.5.3b1.tar.gz

--- 9.5.3b1 released ---

2929. [bug] Improved handling of GSS security contexts:
- added LRU expiration for generated TSIGs
- added the ability to use a non-default realm
- added new "realm" keyword in nsupdate
- limited lifetime of generated keys to 1 hour
or the lifetime of the context (whichever is
smaller)
[RT #19737]

2925. [bug] Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]

2923. [bug] 'dig +trace' could drop core after "connection
timeout". [RT #21514]

2921. [bug] The resolver could attempt to destroy a fetch context
too soon. [RT #19878]

2918. [maint] Add AAAA address for I.ROOT-SERVERS.NET.

2916. [func] Add framework to use IPv6 in tests.
fd92:7065:b8e:ffff::1 ... fd92:7065:b8e:ffff::7

2915. [cleanup] Be smarter about which objects we attempt to compile
based on configure options. [RT #21444]

2912. [func] Windows clients don't like UPDATE responses that clear
the zone section. [RT #20986]

2911. [bug] dnssec-signzone didn't handle out of zone records well.
[RT #21367]

2910. [func] Sanity check Kerberos credentials. [RT #20986]

2905. [port] aix: set use_atomic=yes with native compiler.
[RT #21402]

2904. [bug] When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]

2901. [port] Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]

2900. [bug] The placeholder negative caching element was not
properly constructed triggering a INSIST in
dns_ncache_towire(). [RT #21346]

2899. [port] win32: Support linking against OpenSSL 1.0.0.

2898. [bug] nslookup leaked memory when -domain=value was
specified. [RT #21301]

2894. [contrib] DLZ LDAP support now use '$' not '%'. [RT #21294]

2891. [maint] Update empty-zones list to match
draft-ietf-dnsop-default-local-zones-13. [RT# 21099]

2890. [bug] Handle the introduction of new trusted-keys and
DS, DLV RRsets better. [RT #21097]

2889. [bug] Elements of the grammar where not properly reported.
[RT #21046]

2888. [bug] Only the first EDNS option was displayed. [RT #21273]

2885. [bug] Improve -fno-strict-aliasing support probing in
configure. [RT #21080]

2884. [bug] Insufficient valadation in dns_name_getlabelsequence().
[RT #21283]

2883. [bug] 'dig +short' failed to handle really large datasets.
[RT #21113]

2882. [bug] Remove memory context from list of active contexts
before clearing 'magic'. [RT #21274]

2881. [bug] Reduce the amount of time the rbtdb write lock
is held when closing a version. [RT #21198]

2879. [contrib] DLZ bdbhpt driver fails to close correct cursor.
[RT #21106]

2877. [bug] The validator failed to skip obviously mismatching
RRSIGs. [RT #21138]

2876. [bug] Named could return SERVFAIL for negative responses
from unsigned zones. [RT #21131]

2875. [bug] dns_time64_fromtext() could accept non digits.
[RT #21033]

2874. [bug] Cache lack of EDNS support only after the server
successfully responds to the query using plain DNS.
[RT #20930]

2870. [maint] Add AAAA address for L.ROOT-SERVERS.NET.

2869. [bug] Fix arguments to dns_keytable_findnextkeynode() call.
[RT #20877]

2868. [cleanup] Run "make clean" at the end of configure to ensure
any changes made by configure are integrated.
Use --with-make-clean=no to disable. [RT #20994]

2867. [bug] Don't set GSS_C_SEQUENCE_FLAG as Windows DNS servers
don't like it. [RT #20986]

2866. [bug] Windows does not like the TSIG name being compressed.
[RT #20986]

2865. [bug] memset to zero event.data. [RT #20986]

2863. [port] linux: disable IPv6 PMTUD and use network minimum MTU.
[RT #21056]

2862. [bug] nsupdate didn't default to the parent zone when
updating DS records. [RT #20896]

2859. [bug] When cancelling validation it was possible to leak
memory. [RT #20800]

2858. [bug] RTT estimates were not being adjusted on ICMP errors.
[RT #20772]

2857. [bug] named-checkconf did not fail on a bad trusted key.
[RT #20705]

2856. [bug] The size of a memory allocation was not always properly
recorded. [RT #20927]

2853. [bug] add_sigs() could run out of scratch space. [RT #21015]

2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]

2851. [doc] nslookup.1, removed <informalexample> from the docbook
source as it produced bad nroff. [RT #21007]

2850. [bug] If isc_heap_insert() failed due to memory shortage
the heap would have corrupted entries. [RT #20951]

2849. [bug] Don't treat errors from the xml2 library as fatal.
[RT #20945]

2846. [bug] EOF on unix domain sockets was not being handled
correctly. [RT #20731]

2844. [doc] notify-delay default in ARM was wrong. It should have
been five (5) seconds.

2837. [port] Prevent Linux spurious warnings about fwrite().
[RT #20812]

2831. [security] Do not attempt to validate or cache
out-of-bailiwick data returned with a secure
answer; it must be re-fetched from its original
source and validated in that context. [RT #20819]

2828. [security] Cached CNAME or DNAME RR could be returned to clients
without DNSSEC validation. [RT #20737]

2827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]

2819. [cleanup] Removed unnecessary DNS_POINTER_MAXHOPS define
[RT #20771]

2818. [cleanup] rndc could return an incorrect error code
when a zone was not found. [RT #20767]

2815. [bug] Exclusively lock the task when freezing a zone.
[RT #19838]

2814. [func] Provide a definitive error message when a master
zone is not loaded. [RT #20757]

2797. [bug] Don't decrement the dispatch manager's maxbuffers.
[RT #20613]

2790. [bug] Handle DS queries to stub zones. [RT #20440]

2786. [bug] Additional could be promoted to answer. [RT #20663]

2784. [bug] TC was not always being set when required glue was
dropped. [RT #20655]

2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
buffer size of 512 or less. [RT #20654]

2782. [port] win32: use getaddrinfo() for hostname lookups.
[RT #20650]

2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.

2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]

2765. [bug] Skip masters for which the TSIG key cannot be found.
[RT #20595]

2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]

2759. [doc] Add information about .jbk/.jnw files to
the ARM. [RT #20303]

2758. [bug] win32: Added a workaround for a windows 2008 bug
that could cause the UDP client handler to shut
down. [RT #19176]

2757. [bug] dig: assertion failure could occur in connect
timeout. [RT #20599]

2755. [doc] Clarify documentation of keyset- files in
dnssec-signzone man page. [RT #19810]

2750. [bug] dig: assertion failure could occur when a server
didn't have an address. [RT #20579]

2729. [func] When constructing a CNAME from a DNAME use the DNAME
TTL. [RT #20451]

2723. [bug] isc_base64_totext() didn't always mark regions of
memory as fully consumed after conversion. [RT #20445]

2722. [bug] Ensure that the memory associated with the name of
a node in a rbt tree is not altered during the life
of the node. [RT #20431]

2721. [port] Have dst__entropy_status() prime the random number
generator. [RT #20369]

2718. [bug] The space calculations in opensslrsa_todns() were
incorrect. [RT #20394]

2716. [bug] nslookup debug mode didn't return the ttl. [RT #20414]

2715. [bug] Require OpenSSL support to be explicitly disabled.
[RT #20288]

2714. [port] aix/powerpc: 'asm("ics");' needs non standard assembler
flags.

2713. [bug] powerpc: atomic operations missing asm("ics") /
__isync() calls.

2705. [bug] Reconcile the XML stats version number with a later
BIND9 release, by adding a "name" attribute to
"cache" elements and increasing the version number
to 2.2. (This is a minor version change, but may
affect XML parsers if they assume the cache element
doesn't take an attribute.)

2704. [bug] Serial of dynamic and stub zones could be inconsistent
with their SOA serial. [RT #19387]

2701. [doc] Correction to ARM: hmac-md5 is no longer the only
supported TSIG key algorithm. [RT #18046]

2700. [doc] The match-mapped-addresses option is discouraged.
[RT #12252]

2698. [cleanup] configure --enable-libbind is deprecated. [RT #20090]

2697. [port] win32: ensure that S_IFMT, S_IFDIR, S_IFCHR and
S_IFREG are defined after including <isc/stat.h>.
[RT #20309]

2696. [bug] named failed to successfully process some valid
acl constructs. [RT #20308]

2692. [port] win32: 32/64 bit cleanups. [RT #20335]

2690. [bug] win32: fix isc_thread_key_getspecific() prototype.
[RT #20315]

2689. [bug] Correctly handle snprintf result. [RT #20306]

2688. [bug] Use INTERFACE_F_POINTTOPOINT, not IFF_POINTOPOINT,
to decide to fetch the destination address. [RT #20305]

2659. [doc] Clarify dnssec-keygen doc: key name must match zone
name for DNSSEC keys. [RT #19938]

2601. [doc] Mention file creation mode mask in the
named manual page.

2533. [doc] ARM: document @ (at-sign). [RT #17144]

----
こがよういちろう


投稿者 xml-rpc : 2010年8月20日 10:50
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/97810
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。