Commit 7dd9f979 authored by Michał Kępień's avatar Michał Kępień
Browse files

Merge branch 'v9_11_20-release' into 'v9_11'

[CVE-2020-8619] Merge 9.11.20 release branch

See merge request !3713
parents a0231294 72e55cf9
Pipeline #44866 failed with stages
in 46 minutes and 16 seconds
......@@ -1370,7 +1370,7 @@ abi-check:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
BIND_BASELINE_VERSION: v9_11_19
BIND_BASELINE_VERSION: v9_11_20
script:
- *configure
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
......
5440. [test] Properly handle missing kyua. [GL #1950]
 
5437. [bug] Fix a data race in resolver log_formerr. [GL #1808]
--- 9.11.20 released ---
 
5433. [test] Resolver system test for change #5395
(max-recursion-queries) failed on system without
IPv6 suport. [GL #1873]
5437. [bug] Fix a data race in lib/dns/resolver.c:log_formerr().
[GL #1808]
 
5428. [bug] Cleanup GSSAPI resources in nsupdate only after taskmgr
5434. [security] It was possible to trigger an INSIST in
lib/dns/rbtdb.c:new_reference() with a particular zone
content and query patterns. (CVE-2020-8619) [GL #1111]
[GL #1718]
5433. [test] Prevent the resolver system test for change #5395
(max-recursion-queries) from failing on systems without
IPv6 support. [GL #1873]
5428. [bug] Clean up GSSAPI resources in nsupdate only after taskmgr
has been destroyed. Thanks to Petr Menšík. [GL !3316]
 
5427. [bug] Fix regression in address/prefix length checking
that should have been warning instead of error
in the BIND 9.11 release. [GL #1849]
5427. [bug] Fix a regression in address/prefix length checking that
should have been a warning instead of an error.
[GL #1849]
 
5415. [test] Address race in dnssec system test that led to
test failures. [GL #1852]
......@@ -19,20 +27,20 @@
5413. [test] Address race in autosign system test that led to
test failures. [GL #1852]
 
5412. [bug] 'provide-ixfr no;' fail to return up-to-date responses
5412. [bug] 'provide-ixfr no;' failed to return up-to-date responses
when the serial was greater than or equal to the
current serial. [GL #1714]
 
5409. [performance] When looking up NSEC3 data in a zone database, skip
the check for empty non-terminal nodes; the NSEC3
tree doesn't have any. [GL #1834]
5409. [performance] When looking up NSEC3 data in a zone database, skip the
check for empty non-terminal nodes; the NSEC3 tree does
not have any. [GL #1834]
 
5408. [protocol] Print Extended DNS Errors if present in OPT record.
[GL #1835]
 
5405. [bug] 'named-checkconf -p' could include spurious text
in server-addresses statements due to an uninitialized
DSCP value. [GL #1812]
5405. [bug] 'named-checkconf -p' could include spurious text in
server-addresses statements due to an uninitialized DSCP
value. [GL #1812]
 
--- 9.11.19 released ---
 
......
......@@ -333,6 +333,11 @@ BIND 9.11.19
BIND 9.11.19 is a maintenance release, and also addresses the security
vulnerabilities disclosed in CVE-2020-8616 and CVE-2020-8617.
BIND 9.11.20
BIND 9.11.20 is a maintenance release, and also addresses the security
vulnerability disclosed in CVE-2020-8619.
Building BIND
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
......
......@@ -350,6 +350,11 @@ BIND 9.11.18 is a maintenance release.
BIND 9.11.19 is a maintenance release, and also addresses the security
vulnerabilities disclosed in CVE-2020-8616 and CVE-2020-8617.
#### BIND 9.11.20
BIND 9.11.20 is a maintenance release, and also addresses the security
vulnerability disclosed in CVE-2020-8619.
### <a name="build"/> Building BIND
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
......
......@@ -616,6 +616,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -151,6 +151,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -759,6 +759,6 @@ controls {
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -2867,6 +2867,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -142,6 +142,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -10359,9 +10359,8 @@ example.com. NS ns2.example.net.
A pre-defined <span class="command"><strong>update-policy</strong></span> rule can be
switched on with the command
<span class="command"><strong>update-policy local;</strong></span>.
Using this in a zone causes
<span class="command"><strong>named</strong></span> to generate a TSIG session key
when starting up and store it in a file; this key can then
<span class="command"><strong>named</strong></span> automatically generates a TSIG session
key when starting and stores it in a file; this key can then
be used by local clients to update the zone while
<span class="command"><strong>named</strong></span> is running.
By default, the session key is stored in the file
......@@ -14721,6 +14720,6 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -400,6 +400,6 @@ allow-query { !{ !10/8; any; }; key example; };
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -136,6 +136,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -36,11 +36,12 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.19</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.20</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License Change</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes-9.11.20">Notes for BIND 9.11.20</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes-9.11.19">Notes for BIND 9.11.19</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes-9.11.18">Notes for BIND 9.11.18</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes-9.11.17">Notes for BIND 9.11.17</a></span></dt>
......@@ -68,7 +69,7 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.19</h2></div></div></div>
<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.20</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
......@@ -126,6 +127,80 @@
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes-9.11.20"></a>Notes for BIND 9.11.20</h3></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="relnotes-9.11.20-security"></a>Security Fixes</h4></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
It was possible to trigger an INSIST failure when a zone with an
interior wildcard label was queried in a certain pattern. This was
disclosed in CVE-2020-8619. [GL #1111] [GL #1718]
</p>
</li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="relnotes-9.11.20-new"></a>New Features</h4></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
<span class="command"><strong>dig</strong></span> and other tools can now print the Extended DNS
Error (EDE) option when it appears in a request or a response.
[GL #1835]
</p>
</li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="relnotes-9.11.20-bugs"></a>Bug Fixes</h4></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
When fully updating the NSEC3 chain for a large zone via IXFR, a
temporary loss of performance could be experienced on the secondary
server when answering queries for nonexistent data that required
DNSSEC proof of non-existence (in other words, queries that required
the server to find and to return NSEC3 data). The unnecessary
processing step that was causing this delay has now been removed.
[GL #1834]
</p>
</li>
<li class="listitem">
<p>
A data race in <code class="filename">lib/dns/resolver.c:log_formerr()</code>
that could lead to an assertion failure was fixed. [GL #1808]
</p>
</li>
<li class="listitem">
<p>
Previously, <span class="command"><strong>provide-ixfr no;</strong></span> failed to return
up-to-date responses when the serial number was greater than or equal
to the current serial number. [GL #1714]
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>named-checkconf -p</strong></span> could include spurious text in
<span class="command"><strong>server-addresses</strong></span> statements due to an uninitialized
DSCP value. This has been fixed. [GL #1812]
</p>
</li>
<li class="listitem">
<p>
The ARM has been updated to indicate that the TSIG session key is
generated when named starts, regardless of whether it is needed.
[GL #1842]
</p>
</li>
</ul></div>
</div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes-9.11.19"></a>Notes for BIND 9.11.19</h3></div></div></div>
<div class="section">
......@@ -2182,6 +2257,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -148,6 +148,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -935,6 +935,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -533,6 +533,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -213,6 +213,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
......@@ -32,7 +32,7 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
<div><p class="releaseinfo">BIND Version 9.11.19</p></div>
<div><p class="releaseinfo">BIND Version 9.11.20</p></div>
<div><p class="copyright">Copyright 2000-2020 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
......@@ -241,11 +241,12 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.19</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.20</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License Change</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes-9.11.20">Notes for BIND 9.11.20</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes-9.11.19">Notes for BIND 9.11.19</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes-9.11.18">Notes for BIND 9.11.18</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes-9.11.17">Notes for BIND 9.11.17</a></span></dt>
......@@ -457,6 +458,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.19 (Extended Support Version)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.20 (Extended Support Version)</p>
</body>
</html>
No preview for this file type
......@@ -21,6 +21,7 @@ PDFOBJS = Bv9ARM.pdf notes.pdf
NOTESXML = notes-download.xml notes-eol.xml notes-intro.xml notes-license.xml \
notes-thankyou.xml \
notes-9.11.21.xml \
notes-9.11.20.xml \
notes-9.11.19.xml \
notes-9.11.18.xml \
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment