Commit f5577c27 authored by Ondrej Sury's avatar Ondrej Sury

New upstream version 9.11.6.P1+dfsg

parent 074657f5
--- 9.11.6-P1 released ---
5200. [security] tcp-clients settings could be exceeded in some cases,
which could lead to exhaustion of file descriptors.
(CVE-2018-5743) [GL #615]
--- 9.11.6 released ---
--- 9.11.6rc1 released ---
......
......@@ -265,6 +265,11 @@ BIND 9.11.6
BIND 9.11.6 is a maintenance release, and also addresses the security
flaws disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465.
BIND 9.11.6-P1
BIND 9.11.6-P1 addresses the security vulnerability disclosed in
CVE-2018-5743.
Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
......
......@@ -282,6 +282,11 @@ feature:
BIND 9.11.6 is a maintenance release, and also addresses the security
flaws disclosed in CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465.
#### BIND 9.11.6-P1
BIND 9.11.6-P1 addresses the security vulnerability disclosed in
CVE-2018-5743.
### <a name="build"/> Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
......
This diff is collapsed.
......@@ -9,8 +9,6 @@
* information regarding copyright ownership.
*/
/* $Id: client.h,v 1.96 2012/01/31 23:47:31 tbox Exp $ */
#ifndef NAMED_CLIENT_H
#define NAMED_CLIENT_H 1
......@@ -80,6 +78,13 @@
*** Types
***/
/*% reference-counted TCP connection object */
typedef struct ns_tcpconn {
isc_refcount_t refs;
isc_quota_t *tcpquota;
bool pipelined;
} ns_tcpconn_t;
/*% nameserver client structure */
struct ns_client {
unsigned int magic;
......@@ -94,7 +99,8 @@ struct ns_client {
int nupdates;
int nctls;
int references;
bool needshutdown; /*
bool tcpactive;
bool needshutdown; /*
* Used by clienttest to get
* the client to go from
* inactive to free state
......@@ -130,10 +136,9 @@ struct ns_client {
isc_stdtime_t now;
isc_time_t tnow;
dns_name_t signername; /*%< [T]SIG key name */
dns_name_t * signer; /*%< NULL if not valid sig */
bool mortal; /*%< Die after handling request */
bool pipelined; /*%< TCP queries not in sequence */
isc_quota_t *tcpquota;
dns_name_t *signer; /*%< NULL if not valid sig */
bool mortal; /*%< Die after handling request */
ns_tcpconn_t *tcpconn;
isc_quota_t *recursionquota;
ns_interface_t *interface;
......@@ -143,8 +148,8 @@ struct ns_client {
isc_sockaddr_t destsockaddr;
isc_netaddr_t ecs_addr; /*%< EDNS client subnet */
uint8_t ecs_addrlen;
uint8_t ecs_scope;
uint8_t ecs_addrlen;
uint8_t ecs_scope;
struct in6_pktinfo pktinfo;
isc_dscp_t dscp;
......
......@@ -9,8 +9,6 @@
* information regarding copyright ownership.
*/
/* $Id: interfacemgr.h,v 1.35 2011/07/28 23:47:58 tbox Exp $ */
#ifndef NAMED_INTERFACEMGR_H
#define NAMED_INTERFACEMGR_H 1
......@@ -77,9 +75,14 @@ struct ns_interface {
/*%< UDP dispatchers. */
isc_socket_t * tcpsocket; /*%< TCP socket. */
isc_dscp_t dscp; /*%< "listen-on" DSCP value */
int ntcptarget; /*%< Desired number of concurrent
TCP accepts */
int ntcpcurrent; /*%< Current ditto, locked */
int32_t ntcpaccepting; /*%< Number of clients
ready to accept new
TCP connections on this
interface */
int32_t ntcpactive; /*%< Number of clients
servicing TCP queries
(whether accepting or
connected) */
int nudpdispatch; /*%< Number of UDP dispatches */
ns_clientmgr_t * clientmgr; /*%< Client manager. */
ISC_LINK(ns_interface_t) link;
......
......@@ -386,8 +386,9 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
* connections will be handled in parallel even though there is
* only one client initially.
*/
ifp->ntcptarget = 1;
ifp->ntcpcurrent = 0;
ifp->ntcpaccepting = 0;
ifp->ntcpactive = 0;
ifp->nudpdispatch = 0;
ifp->dscp = -1;
......@@ -522,9 +523,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
*/
(void)isc_socket_filter(ifp->tcpsocket, "dataready");
result = ns_clientmgr_createclients(ifp->clientmgr,
ifp->ntcptarget, ifp,
true);
result = ns_clientmgr_createclients(ifp->clientmgr, 1, ifp, true);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"TCP ns_clientmgr_createclients(): %s",
......
......@@ -8487,7 +8487,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<para>
The number of file descriptors reserved for TCP, stdio,
etc. This needs to be big enough to cover the number of
interfaces <command>named</command> listens on, <command>tcp-clients</command> as well as
interfaces <command>named</command> listens on plus
<command>tcp-clients</command>, as well as
to provide room for outgoing TCP queries and incoming zone
transfers. The default is <literal>512</literal>.
The minimum value is <literal>128</literal> and the
......
......@@ -616,6 +616,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -151,6 +151,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -759,6 +759,6 @@ controls {
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -2867,6 +2867,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -142,6 +142,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -6364,7 +6364,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<p>
The number of file descriptors reserved for TCP, stdio,
etc. This needs to be big enough to cover the number of
interfaces <span class="command"><strong>named</strong></span> listens on, <span class="command"><strong>tcp-clients</strong></span> as well as
interfaces <span class="command"><strong>named</strong></span> listens on plus
<span class="command"><strong>tcp-clients</strong></span>, as well as
to provide room for outgoing TCP queries and incoming zone
transfers. The default is <code class="literal">512</code>.
The minimum value is <code class="literal">128</code> and the
......@@ -14676,6 +14677,6 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -399,6 +399,6 @@ allow-query { !{ !10/8; any; }; key example; };
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -136,6 +136,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
This diff is collapsed.
......@@ -148,6 +148,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -914,6 +914,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -533,6 +533,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -213,6 +213,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -32,7 +32,7 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
<div><p class="releaseinfo">BIND Version 9.11.6</p></div>
<div><p class="releaseinfo">BIND Version 9.11.6-P1</p></div>
<div><p class="copyright">Copyright 2000-2019 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
......@@ -241,7 +241,7 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.6</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.6-P1</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
......@@ -249,7 +249,6 @@
<dt><span class="section"><a href="Bv9ARM.ch09.html#win_support">Legacy Windows No Longer Supported</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
......@@ -443,6 +442,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -91,6 +91,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -236,6 +236,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -624,6 +624,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -1128,6 +1128,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -148,6 +148,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -270,6 +270,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -352,6 +352,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -250,6 +250,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -492,6 +492,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -579,6 +579,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -416,6 +416,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -171,6 +171,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -349,6 +349,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -708,6 +708,6 @@ db.example.com.signed
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -202,6 +202,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -134,6 +134,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -127,6 +127,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -366,6 +366,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -126,6 +126,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -329,6 +329,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -609,6 +609,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -192,6 +192,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -463,6 +463,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -117,6 +117,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -119,6 +119,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -121,6 +121,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -1034,6 +1034,6 @@ zone
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -490,6 +490,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -131,6 +131,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -436,6 +436,6 @@ nslookup -query=hinfo -timeout=10
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -817,6 +817,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -162,6 +162,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -200,6 +200,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -158,6 +158,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -119,6 +119,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -277,6 +277,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -268,6 +268,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -894,6 +894,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.6-P1 (Extended Support Version)</p>
</body>
</html>
......@@ -15,7 +15,7 @@
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.2"></a>Release Notes for BIND Version 9.11.6</h2></div></div></div>
<a name="id-1.2"></a>Release Notes for BIND Version 9.11.6-P1</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
......@@ -83,121 +83,22 @@
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> could crash during recursive processing
of DNAME records when <span class="command"><strong>deny-answer-aliases</strong></span> was
in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
</p>
</li>
<li class="listitem">
<p>
When recursion is enabled but the <span class="command"><strong>allow-recursion</strong></span>
and <span class="command"><strong>allow-query-cache</strong></span> ACLs are not specified, they
should be limited to local networks, but they were inadvertently set
to match the default <span class="command"><strong>allow-query</strong></span>, thus allowing
remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309]
</p>
</li>
<li class="listitem">
<p>
Code change #4964, intended to prevent double signatures
when deleting an inactive zone DNSKEY in some situations,
introduced a new problem during zone processing in which
some delegation glue RRsets are incorrectly identified
as needing RRSIGs, which are then created for them using
the current active ZSK for the zone. In some, but not all
cases, the newly-signed RRsets are added to the zone's
NSEC/NSEC3 chain, but incompletely -- this can result in
a broken chain, affecting validation of proof of nonexistence
for records in the zone. [GL #771]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> could crash if it managed a DNSSEC
security root with <span class="command"><strong>managed-keys</strong></span> and the
authoritative zone rolled the key to an algorithm not supported
by BIND 9. This flaw is disclosed in CVE-2018-5745. [GL #780]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> leaked memory when processing a
request with multiple Key Tag EDNS options present. ISC
would like to thank Toshifumi Sakaguchi for bringing this
to our attention. This flaw is disclosed in CVE-2018-5744.
[GL #772]
</p>
</li>
<li class="listitem">
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
Zone transfer controls for writable DLZ zones were not
effective as the <span class="command"><strong>allowzonexfr</strong></span> method was
not being called for such zones. This flaw is disclosed in
CVE-2019-6465. [GL #790]
The TCP client quota set using the <span class="command"><strong>tcp-clients</strong></span>
option could be exceeded in some cases. This could lead to
exhaustion of file descriptors. This flaw is disclosed in
CVE-2018-5743. [GL #615]
</p>
</li>
</ul></div>
</li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
<span class="command"><strong>named</strong></span> now supports the "root key sentinel"
mechanism. This enables validating resolvers to indicate
which trust anchors are configured for the root, so that
information about root key rollover status can be gathered.
To disable this feature, add
<span class="command"><strong>root-key-sentinel no;</strong></span> to
<code class="filename">named.conf</code>.
</p>
</li>
<li class="listitem">