ECO kit NAMED_V602_I64P026

NAMED_V602_I64-026 NAMED ECO kit Rev 2.6 for TCPware 6.0-2	13-Feb-2023

    Copyright © 2010-2023 Process Software, LLC
 
    This kit updates TCPware for ia64 version 6.0-2 with version 9.16.37 of
    the Bind 9 Name server images. This kit is only for OpenVMS V8 for ia64 processors.

    The ranking for this ECO is 3. The overall ranking for it is 3.

    When this patch is installed on a cluster which shares a single TCPware
    directory tree it is necessary to do
	$ INSTALL REPLACE TCPWARE:TCPWARE_LIBCRYPTO
	$ INSTALL REPLACE TCPWARE:TCPWARE_LIBSSL
    on each of the cluster members before using any of the new images.

    The following changes have been made in this kit:


    NAMED_V602_I64-026 -- ECO Rank 3	13-Feb-2023
    -------------------------------------------------------------------------
    - Update to BIND 9.16.37 from ISC to address CVEs 2022-3094, 2022-3736 and
      2022-3924.
    - More work on making sure that there is no attempt to obtain a mutex
      while at AST level.

    NAMED_V602_I64-025 -- ECO Rank 3	1-Dec-2022
    -------------------------------------------------------------------------
    - Only use mutexes to control accesses to critical data structures in I/O
      detection code.
    - Update to BIND 9.16.35
    - Modify NSLOOKUP to not attempt to lookup IPv6 (AAAA) records by default.

    NAMED_V602_I64-024 -- ECO Rank 3	2-Nov-2022
    -------------------------------------------------------------------------
    - Add mutexes to control threaded access to critical data structures in
      support code.
    - Update to BIND 9.16.34

    NAMED_V602_I64-023 -- ECO Rank 3	18-Oct-2022
    -------------------------------------------------------------------------
    - Correct an error in DNS cluster code that could leave ASTs disabled.
    - Improve file name handling.

    NAMED_V602_I64-022 -- ECO Rank 3	13-Oct-2022
    -------------------------------------------------------------------------
    - Modifications to the default location for the session key so that it comes
      from the local root instead of the common root.
    - Update to BIND 9.16.33 from ISC to address CVE-2022-2795, CVE-2022-3080,
      CVE-2022-38177, CVE-2022-38178
    - Changes to how the images are built so that MULTINET_SOCKET_LIBRARY is
      no longer needed.

    NAMED_V602_I64-021 -- ECO Rank 3	16-Sep-2022
    -------------------------------------------------------------------------
    - Correct some errors in the instructions and update the
	MULTINET_SOCKET_LIBRARY image.


    NAMED_V602_I64-020 -- ECO Rank 3	12-July-2022
    -------------------------------------------------------------------------
    - Update to BIND 9.16.27 to provided the latest Extended Support Version
	(ESV) code as the 9.11 ESV will no longer be supported by ISC as of
	March 2022. This patch includes fixes for CVE-2021-25220 and
	CVE-2022-0396.


    --------------------------------------------------------------------------

    For further information on using RNDC and other BIND tools, 
    we recommend referring to the latest edition of O'Reilly's DNS 
    and BIND.

    To run any of the support tools, define symbols, i.e.:

	$ nsupdate :== $tcpware:nsupdate.exe
	$ rndc :== $tcpware:rndc.exe
	$ rndcconfgen :== $tcpware:rndc-confgen.exe

    You need to restart the Nameserver for these changes to take effect.  
    The following command will do it:

	$ @tcpware:restart dns