9.7.3b1

1 files changed, 82 insertions, 13 deletions

diff --git a/CHANGES b/CHANGES
index 18de07d0..dce98eaf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,40 @@
+	--- 9.7.3b1 released ---
 
-	--- 9.7.2-P3 released ---
+2982.	[bug]		Reference count dst keys.  dst_key_attach() can be used
+			increment the reference count.
+
+			Note: dns_tsigkey_createfromkey() callers should now
+			always call dst_key_free() rather than setting it
+			to NULL on success. [RT #22672]
+
+2980.	[bug]		named didn't properly handle UPDATES that changed the
+			TTL of the NSEC3PARAM RRset. [RT #22363]
+
+2979.	[bug]		named could deadlock during shutdown if two
+			"rndc stop" commands were issued at the same
+			time. [RT #22108]
+
+2978.	[port]		hpux: look for <devpoll.h> [RT #21919]
+
+2977.	[bug]		'nsupdate -l' report if the session key is missing.
+			[RT #21670]
+
+2976.	[bug]		named could die on exit after negotiating a GSS-TSIG
+			key. [RT #22573]
+			
+2975.	[bug]		rbtdb.c:cleanup_dead_nodes_callback() aquired the
+			wrong lock which could lead to server deadlock.
+			[RT #22614]
+
+2974.	[bug]		Some vaild UPDATE requests could fail due to a
+			consistency check examining the existing version
+			of the zone rather than the new version resulting
+			from the UPDATE. [RT #22413]
+
+2973.	[bug]		bind.keys.h was being removed by the "make clean"
+			at the end of configure resulting in build failures
+			where there is very old version of perl installed.
+			Move it to "make maintainer-clean". [RT #22230]
 
 2972.	[bug]		win32: address windows socket errors. [RT #21906]
 
@@ -13,14 +48,12 @@
 			unexpected RRSIG was also returned with the NO DATA
 			cache entry.
 
-			CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C)
 			CVE-2010-3613, VU#706148. [RT #22288]
 
 2969.	[security]	Fix acl type processing so that allow-query works
 			in options and view statements.  Also add a new
 			set of tests to verify proper functioning.
 
-			CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N/E:F/RL:O/RC:C)
 			CVE-2010-3615, VU#510208. [RT #22418]
 
 2968.	[security]	Named could fail to prove a data set was insecure
@@ -28,15 +61,24 @@
 			that can trigger this occurs naturally when rolling
 			DNSKEY algorithms.
 
-			CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N/E:P/RL:O/RC:C)
 			CVE-2010-3614, VU#837744. [RT #22309]
 
-	--- 9.7.2-P2 released ---
+2967.	[bug]		'host -D' now turns on debugging messages earlier.
+			[RT #22361]
+
+2966.	[bug]		isc_print_vsnprintf() failed to check if there was
+			space available in the buffer when adding a left
+			justified character with a non zero width,
+			(e.g. "%-1c"). [RT #22270]
+
+2965.	[func]		Test HMAC functions using test data from RFC 2104 and
+			RFC 4634. [RT #21702]
 
 2963.	[security]	The allow-query acl was being applied instead of the
 			allow-query-cache acl to cache lookups. [RT #22114]
 
-	--- 9.7.2-P1 released ---
+2962.	[port]		win32: add more dependencies to BINDBuild.dsw.
+			[RT #22062]
 
 2961.	[bug]		Be still more selective about the non-authoritative
 			answers we apply change 2748 to. [RT #22074]
@@ -50,6 +92,33 @@
 2958.	[bug]		named failed to start with a missing master file.
 			[RT #22076]
 
+2957.	[bug]		entropy_get() and entropy_getpseudo() failed to match
+			the API for RAND_bytes() and RAND_pseudo_bytes()
+			respectively. [RT #21962]
+
+2956.	[port]		Enable atomic operations on the PowerPC64. [RT #21899]
+
+2954.	[bug]		contrib: dlz_mysql_driver.c bad error handling on
+			build_sqldbinstance failure. [RT #21623]
+
+2953.	[bug]		Silence spurious "expected covering NSEC3, got an
+			exact match" message when returning a wildcard
+			no data response. [RT #21744]
+
+2952.	[port]		win32: named-checkzone and named-checkconf failed
+			to initialise winsock. [RT #21932]
+
+2951.	[bug]		named failed to generate a correct signed response
+			in a optout, delegation only zone with no secure
+			delegations. [RT #22007]
+
+2950.	[bug]		named failed to perform a SOA up to date check when
+			falling back to TCP on UDP timeouts when
+			ixfr-from-differences was set. [RT #21595]
+			
+2949.	[bug]		dns_view_setnewzones() contained a memory leak if
+			it was called multiple times. [RT #21942]
+
 2928.	[bug]		Be more selective about the non-authoritative
 			answer we apply change 2748 to. [RT #21594]
 
@@ -135,7 +204,7 @@
 	--- 9.7.2b1 released ---
 
 2931.	[bug]		Temporarily and partially disable change 2864
-			because it would cause inifinite attempts of RRSIG
+			because it would cause infinite attempts of RRSIG
 			queries.  This is an urgent care fix; we'll
 			revisit the issue and complete the fix later.
 			[RT #21710]
@@ -281,7 +350,7 @@
 2885.	[bug]		Improve -fno-strict-aliasing support probing in
 			configure. [RT #21080]
 
-2884.	[bug]		Insufficient valadation in dns_name_getlabelsequence().
+2884.	[bug]		Insufficient validation in dns_name_getlabelsequence().
 			[RT #21283]
 
 2883.	[bug]		'dig +short' failed to handle really large datasets.
@@ -315,7 +384,7 @@
 			successfully responds to the query using plain DNS.
 			[RT #20930]
 
-2873.	[bug]		Canceling a dynamic update via the dns/client module
+2873.	[bug]		Cancelling a dynamic update via the dns/client module
 			could trigger an assertion failure. [RT #21133]
 
 2872.	[bug]		Modify dns/client.c:dns_client_createx() to only
@@ -448,7 +517,7 @@
 			[RT #20851]
 
 2832.	[bug]		Modify "struct stat" in lib/export/samples/nsprobe.c
-			to avoid redefinition in some OSes [RT 20831]
+			to avoid redefinition in some OSs [RT 20831]
 
 2831.	[security]	Do not attempt to validate or cache
 			out-of-bailiwick data returned with a secure
@@ -542,7 +611,7 @@
 2802.	[cleanup]	Rename journalprint to named-journalprint. [RT #20670]
 
 2801.	[func]		Detect and report records that are different according
-			to DNSSEC but are sematically equal according to plain
+			to DNSSEC but are semantically equal according to plain
 			DNS.  Apply plain DNS comparisons rather than DNSSEC
 			comparisons when processing UPDATE requests.
 			dnssec-signzone now removes such semantically duplicate
@@ -615,7 +684,7 @@
 2780.	[bug]		dnssec-keygen -A none didn't properly unset the
 			activation date in all cases. [RT #20648]
 
-2779.	[bug]		Dynamic key revokation could fail. [RT #20644]
+2779.	[bug]		Dynamic key revocation could fail. [RT #20644]
 
 2778.	[bug]		dnssec-signzone could fail when a key was revoked
 			without deleting the unrevoked version. [RT #20638]
@@ -736,7 +805,7 @@
 2738.	[func]		Add RSASHA256 and RSASHA512 tests to the dnssec system
 			test. [RT #20453]
 
-2737.	[func]		UPDATE requests can leak existance information.
+2737.	[func]		UPDATE requests can leak existence information.
 			[RT #17261]
 
 2736.	[func]		Improve the performance of NSEC signed zones with