Commit d8e6b32a authored by Michał Kępień's avatar Michał Kępień

Merge branch 'v9_17_3-release' into 'main'

Merge 9.17.3 release branch

See merge request !3860
parents f8ef2c04 2b2e97a8
Pipeline #46908 failed with stages
in 73 minutes and 3 seconds
......@@ -1356,7 +1356,7 @@ abi-check:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
BIND_BASELINE_VERSION: v9_17_2
BIND_BASELINE_VERSION: v9_17_3
script:
- *configure
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
......
......@@ -51,6 +51,8 @@
5459. [bug] Bad isc_mem_put() size when an invalid type was
specified in a update-policy rule. [GL #1990]
--- 9.17.3 released ---
5458. [bug] Prevent a theoretically possible NULL dereference caused
by a data race between zone_maintenance() and
dns_zone_setview_helper(). [GL #1627]
......@@ -59,23 +61,21 @@
5456. [func] Added "primaries" as a synonym for "masters" in
named.conf, and "primary-only" as a synonym for
"master-only" in the parameters to "notify",
in order to bring terminology up to date with
RFC 8499. [GL #1948]
"master-only" in the parameters to "notify", to bring
terminology up-to-date with RFC 8499. [GL #1948]
5455. [bug] `named` could crash when cleaning dead nodes
in lib/dns/rbtdb.c that have been reused meanwhile.
[GL #1968]
5455. [bug] named could crash when cleaning dead nodes in
lib/dns/rbtdb.c that were being reused. [GL #1968]
5454. [bug] Address a startup crash happening when server is
under load and root zone is not yet loaded. [GL #1862]
5454. [bug] Address a startup crash that occurred when the server
was under load and the root zone had not yet been
loaded. [GL #1862]
5453. [bug] `named` would crash on shutdown when new `rndc`
connection is received at the same time as
shutting down. [GL #1747]
5453. [bug] named crashed on shutdown when a new rndc connection was
received during shutdown. [GL #1747]
5452. [bug] The "blackhole" ACL was accidentally disabled with
respect to client queries. [GL #1936]
5452. [bug] The "blackhole" ACL was accidentally disabled for client
queries. [GL #1936]
5451. [func] Add 'rndc dnssec -status' command. [GL #1612]
......@@ -93,14 +93,14 @@
5446. [bug] The validator could fail to accept a properly signed
RRset if an unsupported algorithm appeared earlier in
the DNSKEY RRset than a supported algorithm. It could
the DNSKEY RRset than a supported algorithm. It could
also stop if it detected a malformed public key.
[GL #1689]
5445. [cleanup] Disable and disallow static linking. [GL #1933]
5444. [bug] 'rndc dnstap -roll <value>' was not limiting the
number of saved files to <value>. [GL !3728]
5444. [bug] 'rndc dnstap -roll <value>' did not limit the number of
saved files to <value>. [GL !3728]
5443. [bug] The "primary" and "secondary" keywords, when used
as parameters for "check-names", were not
......@@ -113,8 +113,8 @@
5440. [placeholder]
5439. [bug] The dsset returned by dns_keynode_dsset() was not
thread safe. [GL #1926]
5439. [bug] The DS RRset returned by dns_keynode_dsset() was used in
a non-thread-safe manner. [GL #1926]
--- 9.17.2 released ---
......
......@@ -14,7 +14,7 @@
#
m4_define([bind_VERSION_MAJOR], 9)dnl
m4_define([bind_VERSION_MINOR], 17)dnl
m4_define([bind_VERSION_PATCH], 2)dnl
m4_define([bind_VERSION_PATCH], 3)dnl
m4_define([bind_VERSION_EXTRA], )dnl
m4_define([bind_DESCRIPTION], [(Development Release)])dnl
m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl
......
......@@ -33,9 +33,9 @@ EXTRA_DIST = \
../misc/logging.grammar.rst \
../misc/managed-keys.grammar.rst \
../misc/master.zoneopt.rst \
../misc/masters.grammar.rst \
../misc/mirror.zoneopt.rst \
../misc/options.grammar.rst \
../misc/primaries.grammar.rst \
../misc/redirect.zoneopt.rst \
../misc/server.grammar.rst \
../misc/slave.zoneopt.rst \
......
......@@ -53,6 +53,7 @@ information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems.
.. include:: ../notes/notes-current.rst
.. include:: ../notes/notes-9.17.3.rst
.. include:: ../notes/notes-9.17.2.rst
.. include:: ../notes/notes-9.17.1.rst
.. include:: ../notes/notes-9.17.0.rst
......
..
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
Notes for BIND 9.17.3
---------------------
New Features
~~~~~~~~~~~~
- New ``rndc`` command ``rndc dnssec -status`` shows the current DNSSEC
policy and keys in use, the key states, and rollover status.
[GL #1612]
- Added support in the network manager for initiating outgoing TCP
connections. [GL #1958]
Feature Changes
~~~~~~~~~~~~~~~
- Disable and disallow static linking of BIND 9 binaries and libraries
as BIND 9 modules require ``dlopen()`` support and static linking also
prevents using security features like read-only relocations (RELRO) or
address space layout randomization (ASLR) which are important for
programs that interact with the network and process arbitrary user
input. [GL #1933]
- As part of an ongoing effort to use RFC 8499 terminology,
``primaries`` can now be used as a synonym for ``masters`` in
``named.conf``. Similarly, ``notify primary-only`` can now be used as
a synonym for ``notify master-only``. The output of ``rndc
zonestatus`` now uses ``primary`` and ``secondary`` terminology.
[GL #1948]
Bug Fixes
~~~~~~~~~
- A race condition could occur if a TCP socket connection was closed
while ``named`` was waiting for a recursive response. The attempt to
send a response over the closing connection triggered an assertion
failure in the function ``isc__nm_tcpdns_send()``. [GL #1937]
- A race condition could occur when ``named`` attempted to use a UDP
interface that was shutting down. This triggered an assertion failure
in ``uv__udp_finish_close()``. [GL #1938]
- Fix assertion failure when server was under load and root zone had not
yet been loaded. [GL #1862]
- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c``
that were being reused. [GL #1968]
- ``named`` crashed on shutdown when a new ``rndc`` connection was
received during shutdown. This has been fixed. [GL #1747]
- The DS RRset returned by ``dns_keynode_dsset()`` was used in a
non-thread-safe manner. This could result in an INSIST being
triggered. [GL #1926]
- The ``primary`` and ``secondary`` keywords, when used as parameters
for ``check-names``, were not processed correctly and were being
ignored. [GL #1949]
- ``rndc dnstap -roll <value>`` did not limit the number of saved files
to ``<value>``. [GL !3728]
- The validator could fail to accept a properly signed RRset if an
unsupported algorithm appeared earlier in the DNSKEY RRset than a
supported algorithm. It could also stop if it detected a malformed
public key. [GL #1689]
- The ``blackhole`` ACL was inadvertently disabled for client queries.
Blocked IP addresses were not used for upstream queries but queries
from those addresses could still be answered. [GL #1936]
......@@ -8,7 +8,7 @@
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
Notes for BIND 9.17.3
Notes for BIND 9.17.4
---------------------
Security Fixes
......@@ -36,22 +36,7 @@ New Features
Feature Changes
~~~~~~~~~~~~~~~
- New ``rndc`` command ``rndc dnssec -status`` that shows the current
DNSSEC policy and keys in use, the key states and rollover status.
[GL #1612]
- Disable and disallow static linking of BIND 9 binaries and libraries
as BIND 9 modules require ``dlopen()`` support and static linking also
prevents using security features like read-only relocations (RELRO) or
address space layout randomization (ASLR) which are important for
programs that interact with the network and process arbitrary user
input. [GL #1933]
- As part of an ongoing effort to use RFC 8499 terminology, ``primaries``
can now be used as a synonym for ``masters`` in ``named.conf``.
Similarly, ``notify priamry-only`` can now be used as a synonym
for ``notify master-only``. The output of ``rndc zonestatus`` now
uses ``primary`` and ``secondary`` terminology. [GL #1948]
- None.
Bug Fixes
~~~~~~~~~
......@@ -64,35 +49,6 @@ Bug Fixes
prefetch, the same counter would be decremented without a matching increment.
[GL #1719]
- The DS set returned by ``dns_keynode_dsset()`` was not thread-safe.
This could result in an INSIST being triggered. [GL #1926]
- The ``primary`` and ``secondary`` keywords, when used as parameters for
``check-names``, were not processed correctly and were being ignored.
[GL #1949]
- 'rndc dnstap -roll <value>' was not limiting the number of saved
files to <value>. [GL !3728]
- The validator could fail to accept a properly signed RRset if an
unsupported algorithm appeared earlier in the DNSKEY RRset than a
supported algorithm. It could also stop if it detected a malformed
public key. [GL #1689]
- The ``blackhole`` ACL was inadvertently disabled with respect to
client queries. Blocked IP addresses were not used for upstream
queries but queries from those addresses could still be answered.
[GL #1936]
- ``named`` would crash on shutdown when new ``rndc`` connection is received at
the same time as shutting down. [GL #1747]
- Fix assertion failure when server is under load and root zone is not yet
loaded. [GL #1862]
- ``named`` could crash when cleaning dead nodes in ``lib/dns/rbtdb.c`` that
have been reused meanwhile. [GL #1968]
- The introduction of KASP support broke whether the second field
of sig-validity-interval was treated as days or hours. (Thanks to
Tony Finch.) [GL !3735]
......@@ -12,5 +12,5 @@
# 9.15/9.16: 1500-1699
# 9.17/9.18: 1700-1899
LIBINTERFACE = 1701
LIBREVISION = 0
LIBREVISION = 1
LIBAGE = 0
......@@ -11,6 +11,6 @@
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
# 9.17/9.18: 1700-1899
LIBINTERFACE = 1702
LIBINTERFACE = 1703
LIBREVISION = 0
LIBAGE = 0
......@@ -11,6 +11,6 @@
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
# 9.17/9.18: 1700-1899
LIBINTERFACE = 1702
LIBINTERFACE = 1703
LIBREVISION = 0
LIBAGE = 0
......@@ -12,5 +12,5 @@
# 9.15/9.16: 1500-1699
# 9.17/9.18: 1700-1899
LIBINTERFACE = 1701
LIBREVISION = 0
LIBREVISION = 1
LIBAGE = 0
......@@ -11,6 +11,6 @@
# 9.13/9.14: 1300-1499
# 9.15/9.16: 1500-1699
# 9.17/9.18: 1700-1899
LIBINTERFACE = 1702
LIBINTERFACE = 1703
LIBREVISION = 0
LIBAGE = 0
......@@ -1232,6 +1232,7 @@
./doc/notes/notes-9.17.0.rst RST 2020
./doc/notes/notes-9.17.1.rst RST 2020
./doc/notes/notes-9.17.2.rst RST 2020
./doc/notes/notes-9.17.3.rst RST 2020
./doc/notes/notes-current.rst RST 2020
./docutil/HTML_COPYRIGHT X 2001,2004,2016,2018,2019,2020
./docutil/MAN_COPYRIGHT X 2001,2004,2016,2018,2019,2020
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment