#
1.1.1.2 |
|
27-Apr-2019 |
christos |
--- 9.14.1 released ---
5201. [bug] Fix a possible deadlock in RPZ update code. [GL #973]
5200. [security] tcp-clients settings could be exceeded in some cases, which could lead to exhaustion of file descriptors. (CVE-2018-5743) [GL #615]
5199. [security] In certain configurations, named could crash if nxdomain-redirect was in use and a redirected query resulted in an NXDOMAIN from the cache. (CVE-2019-6467) [GL #880]
5198. [bug] If a fetch context was being shut down and, at the same time, we returned from qname minimization, an INSIST could be hit. [GL #966]
5197. [bug] dig could die in best effort mode on multiple SIG(0) records. Similarly on multiple OPT and multiple TSIG records. [GL #920]
5196. [bug] make install failed with --with-dlopen=no. [GL #955]
5195. [bug] "allow-update" and "allow-update-forwarding" were treated as configuration errors if used at the options or view level. [GL #913]
5194. [bug] Enforce non empty ZOMEMD hash. [GL #899]
5193. [bug] EID and NIMLOC failed to do multi-line output correctly. [GL #899]
5189. [cleanup] Remove revoked root DNSKEY from bind.keys. [GL #945]
5187. [test] Set time zone before running any tests in dnstap_test. [GL #940]
5186. [cleanup] More dnssec-keygen manual tidying. [GL !1678]
5184. [bug] Missing unlocks in sdlz.c. [GL #936]
5183. [bug] Reinitialize ECS data before reusing client structures. [GL #881]
--- 9.14.0 released ---
--- 9.14.0rc3 released ---
5182. [bug] Fix a high-load race/crash in handling of isc_socket_close() in resolver. [GL #834]
5180. [bug] delv now honors the operating system's preferred ephemeral port range. [GL #925]
5179. [cleanup] Replace some vague type declarations with the more specific dns_secalg_t and dns_dsdigest_t. Thanks to Tony Finch. [GL !1498]
5178. [bug] Handle EDQUOT (disk quota) and ENOSPC (disk full) errors when writing files. [GL #902]
5177. [func] Add the ability to specify in named.conf whether a response-policy zone's SOA record should be added to the additional section (add-soa yes/no). [GL #865]
5167. [bug] nxdomain-redirect could sometimes lookup the wrong redirect name. [GL #892]
--- 9.14.0rc2 released ---
5176. [tests] Remove a dependency on libxml in statschannel system test. [GL #926]
5175. [bug] Fixed a problem with file input in dnssec-keymgr, dnssec-coverage and dnssec-checkds when using python3. [GL #882]
5174. [doc] Tidy dnssec-keygen manual. [GL !1557]
5173. [bug] Fixed a race in socket code that could occur when accept, send, or recv were called from an event loop but the socket had been closed by another thread. [RT #874]
5172. [bug] nsupdate now honors the operating system's preferred ephemeral port range. [GL #905]
5171. [func] named plugins are now installed into a separate directory. Supplying a filename (a string without path separators) in a "plugin" configuration stanza now causes named to look for that plugin in that directory. [GL #878]
5170. [test] Added --with-dlz-filesystem to feature-test. [GL !1587]
5169. [bug] The presence of certain types in an otherwise empty node could cause a crash while processing a type ANY query. [GL #901]
--- 9.14.0rc1 released ---
5168. [bug] Do not crash on shutdown when RPZ fails to load. Also, keep previous version of the database if RPZ fails to load. [GL #813]
5165. [contrib] Removed SDB drivers from contrib; they're obsolete. [GL #428]
5164. [bug] Correct errno to result translation in dlz filesystem modules. [GL #884]
5163. [cleanup] Out-of-tree builds failed --enable-dnstap. [GL #836]
5162. [cleanup] Improve dnssec-keymgr manual. Thanks to Tony Finch. [GL !1518]
5161. [bug] Do not require the SEP bit to be set for mirror zone trust anchors. [GL #873]
5160. [contrib] Added DNAME support to the DLZ LDAP schema. Also fixed a compilation bug affecting several DLZ modules. [GL #872]
5159. [bug] dnssec-coverage was incorrectly ignoring names specified on the command line without trailing dots. [GL !1478]
5158. [protocol] Add support for AMTRELAY and ZONEMD. [GL #867]
5157. [bug] Nslookup now errors out if there are extra command line arguments. [GL #207]
5141. [security] Zone transfer controls for writable DLZ zones were not effective as the allowzonexfr method was not being called for such zones. (CVE-2019-6465) [GL #790]
5118. [security] Named could crash if it is managing a key with `managed-keys` and the authoritative zone is rolling the key to an unsupported algorithm. (CVE-2018-5745) [GL #780]
5110. [security] Named leaked memory if there were multiple Key Tag EDNS options present. (CVE-2018-5744) [GL #772]
|