mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-31 14:35:26 +00:00
Merge tag 'v9_19_11'
BIND 9.19.11
This commit is contained in:
Tom Krizek
@@ -36,7 +36,6 @@
|
||||
- [ ] ***(QA)*** Check whether all issues assigned to the release milestone are resolved[^1].
|
||||
- [ ] ***(QA)*** Ensure that there are no outstanding merge requests in the private repository[^1] (Subscription Edition only).
|
||||
- [ ] ***(QA)*** Ensure all merge requests marked for backporting have been indeed backported.
|
||||
- [ ] ***(QA)*** Update GitLab settings for all maintained branches to disallow merging to them.
|
||||
- [ ] ***(QA)*** Announce (on Mattermost) that the code freeze is in effect.
|
||||
|
||||
### Before the Tagging Deadline
|
||||
@@ -46,6 +45,7 @@
|
||||
- [ ] ***(QA)*** Add a release marker to `CHANGES.SE` (Subscription Edition only).
|
||||
- [ ] ***(QA)*** Update BIND 9 version in `configure.ac` (9.18+) or `version` (9.16).
|
||||
- [ ] ***(QA)*** Rebuild `configure` using Autoconf on `docs.isc.org` (9.16).
|
||||
- [ ] ***(QA)*** Update GitLab settings for all maintained branches to disallow merging to them.
|
||||
- [ ] ***(QA)*** Tag the releases in the private repository (`git tag -s -m "BIND 9.x.y" v9_x_y`).
|
||||
|
||||
### Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases)
|
||||
@@ -90,6 +90,7 @@
|
||||
- [ ] ***(QA)*** Sanitize confidential issues which are assigned to older release milestones and describe security vulnerabilities, then make them public if appropriate[^2].
|
||||
- [ ] ***(QA)*** Update QA tools used in GitLab CI (e.g. Black, PyLint, Sphinx) by modifying the relevant `Dockerfile`.
|
||||
- [ ] ***(QA)*** Run a pipeline to rebuild all [images](https://gitlab.isc.org/isc-projects/images) used in GitLab CI.
|
||||
- [ ] ***(QA)*** Update [`metadata.json`](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/metadata.json) with the upcoming release information.
|
||||
|
||||
[^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
|
||||
[^2]: As a rule of thumb, security vulnerabilities which have reproducers merged to the public repository are considered okay for full disclosure.
|
||||
|
||||
2
CHANGES
2
CHANGES
@@ -12,6 +12,8 @@
|
||||
6121. [cleanup] Remove support for TKEY Mode 2 (Diffie-Hellman Exchanged
|
||||
Keying). [GL #3905]
|
||||
|
||||
--- 9.19.11 released ---
|
||||
|
||||
6120. [bug] Use two pairs of dns_db_t and dns_dbversion_t in a
|
||||
catalog zone structure to avoid a race between the
|
||||
dns__catz_update_cb() and dns_catz_dbupdate_callback()
|
||||
|
||||
@@ -39,6 +39,7 @@ information about each release, and source code.
|
||||
.. include:: ../notes/notes-known-issues.rst
|
||||
|
||||
.. include:: ../notes/notes-current.rst
|
||||
.. include:: ../notes/notes-9.19.11.rst
|
||||
.. include:: ../notes/notes-9.19.10.rst
|
||||
.. include:: ../notes/notes-9.19.9.rst
|
||||
.. include:: ../notes/notes-9.19.8.rst
|
||||
|
||||
89
doc/notes/notes-9.19.11.rst
Normal file
89
doc/notes/notes-9.19.11.rst
Normal file
@@ -0,0 +1,89 @@
|
||||
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
..
|
||||
.. SPDX-License-Identifier: MPL-2.0
|
||||
..
|
||||
.. This Source Code Form is subject to the terms of the Mozilla Public
|
||||
.. License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
..
|
||||
.. See the COPYRIGHT file distributed with this work for additional
|
||||
.. information regarding copyright ownership.
|
||||
|
||||
Notes for BIND 9.19.11
|
||||
----------------------
|
||||
|
||||
New Features
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- When using :any:`dnssec-policy`, it is now possible to configure the
|
||||
digest type to use when ``CDS`` records need to be published with
|
||||
:any:`cds-digest-types`. Also, publication of specific CDNSKEY/CDS
|
||||
records can now be set with :option:`dnssec-signzone -G`. :gl:`#3837`
|
||||
|
||||
Removed Features
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
- Support for Red Hat Enterprise Linux version 7 (and clones) has been
|
||||
dropped. A C11-compliant compiler is now required to compile BIND 9.
|
||||
:gl:`#3729`
|
||||
|
||||
- The functions that were in the ``libbind9`` shared library have been
|
||||
moved to the ``libisc`` and ``libisccfg`` libraries. The now-empty
|
||||
``libbind9`` has been removed and is no longer installed. :gl:`#3903`
|
||||
|
||||
- The ``irs_resconf`` module has been moved to the ``libdns`` shared
|
||||
library. The now-empty ``libirs`` library has been removed and is no
|
||||
longer installed. :gl:`#3904`
|
||||
|
||||
Feature Changes
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
- Catalog zone updates are now run on specialized "offload" threads to
|
||||
reduce the amount of time they block query processing on the main
|
||||
networking threads. This increases the responsiveness of
|
||||
:iscman:`named` when catalog zone updates are being applied after a
|
||||
catalog zone has been successfully transferred. :gl:`#3881`
|
||||
|
||||
- libuv support for receiving multiple UDP messages in a single
|
||||
``recvmmsg()`` system call has been tweaked several times between
|
||||
libuv versions 1.35.0 and 1.40.0; the current recommended libuv
|
||||
version is 1.40.0 or higher. New rules are now in effect for running
|
||||
with a different version of libuv than the one used at compilation
|
||||
time. These rules may trigger a fatal error at startup:
|
||||
|
||||
- Building against or running with libuv versions 1.35.0 and 1.36.0 is
|
||||
now a fatal error.
|
||||
|
||||
- Running with libuv version higher than 1.34.2 is now a fatal error
|
||||
when :iscman:`named` is built against libuv version 1.34.2 or lower.
|
||||
|
||||
- Running with libuv version higher than 1.39.0 is now a fatal error
|
||||
when :iscman:`named` is built against libuv version 1.37.0, 1.38.0,
|
||||
1.38.1, or 1.39.0.
|
||||
|
||||
This prevents the use of libuv versions that may trigger an assertion
|
||||
failure when receiving multiple UDP messages in a single system call.
|
||||
:gl:`#3840`
|
||||
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- :iscman:`named` could crash with an assertion failure when adding a
|
||||
new zone into the configuration file for a name which was already
|
||||
configured as a member zone for a catalog zone. This has been fixed.
|
||||
:gl:`#3911`
|
||||
|
||||
- When :iscman:`named` starts up, it sends a query for the DNSSEC key
|
||||
for each configured trust anchor to determine whether the key has
|
||||
changed. In some unusual cases, the query might depend on a zone for
|
||||
which the server is itself authoritative, and would have failed if it
|
||||
were sent before the zone was fully loaded. This has now been fixed by
|
||||
delaying the key queries until all zones have finished loading.
|
||||
:gl:`#3673`
|
||||
|
||||
Known Issues
|
||||
~~~~~~~~~~~~
|
||||
|
||||
- There are no new known issues with this release. See :ref:`above
|
||||
<relnotes_known_issues>` for a list of all known issues affecting this
|
||||
BIND 9 branch.
|
||||
Reference in New Issue
Block a user