head	1.2;
access;
symbols
	perseant-exfatfs-base-20240630:1.2
	perseant-exfatfs:1.2.0.6
	perseant-exfatfs-base:1.2
	cjep_sun2x:1.2.0.4
	cjep_sun2x-base:1.2
	cjep_staticlib_x-base1:1.2
	cjep_staticlib_x:1.2.0.2
	cjep_staticlib_x-base:1.2
	phil-wifi-20200421:1.1.1.1
	phil-wifi-20200411:1.1.1.1
	phil-wifi:1.1.1.1.0.4
	is-mlppp:1.1.1.1.0.2
	is-mlppp-base:1.1.1.1
	phil-wifi-20200406:1.1.1.1
	bind-9-14-8:1.1.1.1
	ISC:1.1.1;
locks; strict;
comment	@# @;


1.2
date	2020.05.24.19.46.22;	author christos;	state dead;
branches;
next	1.1;
commitid	QmFJkkdg1H7qVw9C;

1.1
date	2019.11.24.19.57.43;	author christos;	state Exp;
branches
	1.1.1.1;
next	;
commitid	cp8OsYQLTelDP8MB;

1.1.1.1
date	2019.11.24.19.57.43;	author christos;	state Exp;
branches
	1.1.1.1.4.1;
next	;
commitid	cp8OsYQLTelDP8MB;

1.1.1.1.4.1
date	2019.11.24.19.57.43;	author martin;	state dead;
branches;
next	1.1.1.1.4.2;
commitid	Qli2aW9E74UFuA3C;

1.1.1.1.4.2
date	2020.04.08.14.07.07;	author martin;	state Exp;
branches;
next	;
commitid	Qli2aW9E74UFuA3C;


desc
@@


1.2
log
@Merge conflicts
@
text
@<!--
 - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 -
 - This Source Code Form is subject to the terms of the Mozilla Public
 - License, v. 2.0. If a copy of the MPL was not distributed with this
 - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -
 - See the COPYRIGHT file distributed with this work for additional
 - information regarding copyright ownership.
-->

<section xml:id="relnotes-9.14.3"><info><title>Notes for BIND 9.14.3</title></info>

  <section xml:id="relnotes-9.14.3-security"><info><title>Security Fixes</title></info>
    <itemizedlist>
      <listitem>
        <para>
          A race condition could trigger an assertion failure when
          a large number of incoming packets were being rejected.
          This flaw is disclosed in CVE-2019-6471. [GL #942]
        </para>
      </listitem>
    </itemizedlist>
  </section>

  <section xml:id="relnotes-9.14.3-bugs"><info><title>Bug Fixes</title></info>
    <itemizedlist>
      <listitem>
        <para>
          When <command>qname-minimization</command> was set to
          <command>relaxed</command>, some improperly configured domains
          would fail to resolve, but would have succeeded when minimization
          was disabled. <command>named</command> will now fall back to normal
          resolution in such cases, and also uses type A rather than NS for
          minimal queries in order to reduce the likelihood of encountering
          the problem. [GL #1055]
        </para>
      </listitem>
    </itemizedlist>
  </section>

</section>
@


1.1
log
@Initial revision
@
text
@@


1.1.1.1
log
@Import bind 9.14.8 (security fix -- limits on concurrent TCP queries)

        --- 9.14.8 released ---

5315.	[bug]		Apply the inital RRSIG expiration spread fixed
			to all dynamically created records in the zone
			including NSEC3. Also fix the signature clusters
			when the server has been offline for prolonged
			period of times. [GL #1256]

5314.	[func]		Added a new statistics variable "tcp-highwater"
			that reports the maximum number of simultaneous TCP
			clients BIND has handled while running. [GL #1206]

5313.	[bug]		The default GeoIP2 database location did not match
			the ARM.  'named -V' now reports the default
			location. [GL #1301]

5310.	[bug]		TCP failures were affecting EDNS statistics. [GL #1059]

5308.	[bug]		Don't log DNS_R_UNCHANGED from sync_secure_journal()
			at ERROR level in receive_secure_serial(). [GL #1288]

5307.	[bug]		Fix hang when named-compilezone output is sent to pipe.
			Thanks to Tony Finch. [GL !2481]

5306.	[security]	Set a limit on the number of concurrently served
			pipelined TCP queries. (CVE-2019-6477) [GL #1264]

5305.	[bug]		NSEC Aggressive Cache ("synth-from-dnssec") has been
			disabled by default because it was found to have
			a significant performance impact on the recursive
			service. [GL #1265]

5304.	[bug]		"dnskey-sig-validity 0;" was not being accepted.
			[GL #876]

5302.	[bug]		Fix checking that "dnstap-output" is defined when
			"dnstap" is specified in a view. [GL #1281]

5301.	[bug]		Detect partial prefixes / incomplete IPv4 address in
			acls. [GL #1143]
@
text
@@


1.1.1.1.4.1
log
@file notes-9.14.3.xml was added on branch phil-wifi on 2020-04-08 14:07:07 +0000
@
text
@d1 42
@


1.1.1.1.4.2
log
@Merge changes from current as of 20200406
@
text
@a0 42
<!--
 - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 -
 - This Source Code Form is subject to the terms of the Mozilla Public
 - License, v. 2.0. If a copy of the MPL was not distributed with this
 - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -
 - See the COPYRIGHT file distributed with this work for additional
 - information regarding copyright ownership.
-->

<section xml:id="relnotes-9.14.3"><info><title>Notes for BIND 9.14.3</title></info>

  <section xml:id="relnotes-9.14.3-security"><info><title>Security Fixes</title></info>
    <itemizedlist>
      <listitem>
        <para>
          A race condition could trigger an assertion failure when
          a large number of incoming packets were being rejected.
          This flaw is disclosed in CVE-2019-6471. [GL #942]
        </para>
      </listitem>
    </itemizedlist>
  </section>

  <section xml:id="relnotes-9.14.3-bugs"><info><title>Bug Fixes</title></info>
    <itemizedlist>
      <listitem>
        <para>
          When <command>qname-minimization</command> was set to
          <command>relaxed</command>, some improperly configured domains
          would fail to resolve, but would have succeeded when minimization
          was disabled. <command>named</command> will now fall back to normal
          resolution in such cases, and also uses type A rather than NS for
          minimal queries in order to reduce the likelihood of encountering
          the problem. [GL #1055]
        </para>
      </listitem>
    </itemizedlist>
  </section>

</section>
@