diff --git a/.gitlab/issue_templates/Release.md b/.gitlab/issue_templates/Release.md index 16cc0c73b8..e468784d04 100644 --- a/.gitlab/issue_templates/Release.md +++ b/.gitlab/issue_templates/Release.md @@ -36,7 +36,6 @@ - [ ] ***(QA)*** Check whether all issues assigned to the release milestone are resolved[^1]. - [ ] ***(QA)*** Ensure that there are no outstanding merge requests in the private repository[^1] (Subscription Edition only). - [ ] ***(QA)*** Ensure all merge requests marked for backporting have been indeed backported. - - [ ] ***(QA)*** Update GitLab settings for all maintained branches to disallow merging to them. - [ ] ***(QA)*** Announce (on Mattermost) that the code freeze is in effect. ### Before the Tagging Deadline @@ -46,6 +45,7 @@ - [ ] ***(QA)*** Add a release marker to `CHANGES.SE` (Subscription Edition only). - [ ] ***(QA)*** Update BIND 9 version in `configure.ac` (9.18+) or `version` (9.16). - [ ] ***(QA)*** Rebuild `configure` using Autoconf on `docs.isc.org` (9.16). + - [ ] ***(QA)*** Update GitLab settings for all maintained branches to disallow merging to them. - [ ] ***(QA)*** Tag the releases in the private repository (`git tag -s -m "BIND 9.x.y" v9_x_y`). ### Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases) @@ -90,6 +90,7 @@ - [ ] ***(QA)*** Sanitize confidential issues which are assigned to older release milestones and describe security vulnerabilities, then make them public if appropriate[^2]. - [ ] ***(QA)*** Update QA tools used in GitLab CI (e.g. Black, PyLint, Sphinx) by modifying the relevant `Dockerfile`. - [ ] ***(QA)*** Run a pipeline to rebuild all [images](https://gitlab.isc.org/isc-projects/images) used in GitLab CI. + - [ ] ***(QA)*** Update [`metadata.json`](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/metadata.json) with the upcoming release information. [^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone. [^2]: As a rule of thumb, security vulnerabilities which have reproducers merged to the public repository are considered okay for full disclosure. diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index cc306dd23d..9562cdb3ed 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -38,7 +38,7 @@ information about each release, and source code. .. include:: ../notes/notes-known-issues.rst -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.19.11.rst .. include:: ../notes/notes-9.19.10.rst .. include:: ../notes/notes-9.19.9.rst .. include:: ../notes/notes-9.19.8.rst diff --git a/doc/notes/notes-9.19.11.rst b/doc/notes/notes-9.19.11.rst new file mode 100644 index 0000000000..a4aafb9d70 --- /dev/null +++ b/doc/notes/notes-9.19.11.rst @@ -0,0 +1,89 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.19.11 +---------------------- + +New Features +~~~~~~~~~~~~ + +- When using :any:`dnssec-policy`, it is now possible to configure the + digest type to use when ``CDS`` records need to be published with + :any:`cds-digest-types`. Also, publication of specific CDNSKEY/CDS + records can now be set with :option:`dnssec-signzone -G`. :gl:`#3837` + +Removed Features +~~~~~~~~~~~~~~~~ + +- Support for Red Hat Enterprise Linux version 7 (and clones) has been + dropped. A C11-compliant compiler is now required to compile BIND 9. + :gl:`#3729` + +- The functions that were in the ``libbind9`` shared library have been + moved to the ``libisc`` and ``libisccfg`` libraries. The now-empty + ``libbind9`` has been removed and is no longer installed. :gl:`#3903` + +- The ``irs_resconf`` module has been moved to the ``libdns`` shared + library. The now-empty ``libirs`` library has been removed and is no + longer installed. :gl:`#3904` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Catalog zone updates are now run on specialized "offload" threads to + reduce the amount of time they block query processing on the main + networking threads. This increases the responsiveness of + :iscman:`named` when catalog zone updates are being applied after a + catalog zone has been successfully transferred. :gl:`#3881` + +- libuv support for receiving multiple UDP messages in a single + ``recvmmsg()`` system call has been tweaked several times between + libuv versions 1.35.0 and 1.40.0; the current recommended libuv + version is 1.40.0 or higher. New rules are now in effect for running + with a different version of libuv than the one used at compilation + time. These rules may trigger a fatal error at startup: + + - Building against or running with libuv versions 1.35.0 and 1.36.0 is + now a fatal error. + + - Running with libuv version higher than 1.34.2 is now a fatal error + when :iscman:`named` is built against libuv version 1.34.2 or lower. + + - Running with libuv version higher than 1.39.0 is now a fatal error + when :iscman:`named` is built against libuv version 1.37.0, 1.38.0, + 1.38.1, or 1.39.0. + + This prevents the use of libuv versions that may trigger an assertion + failure when receiving multiple UDP messages in a single system call. + :gl:`#3840` + +Bug Fixes +~~~~~~~~~ + +- :iscman:`named` could crash with an assertion failure when adding a + new zone into the configuration file for a name which was already + configured as a member zone for a catalog zone. This has been fixed. + :gl:`#3911` + +- When :iscman:`named` starts up, it sends a query for the DNSSEC key + for each configured trust anchor to determine whether the key has + changed. In some unusual cases, the query might depend on a zone for + which the server is itself authoritative, and would have failed if it + were sent before the zone was fully loaded. This has now been fixed by + delaying the key queries until all zones have finished loading. + :gl:`#3673` + +Known Issues +~~~~~~~~~~~~ + +- There are no new known issues with this release. See :ref:`above + ` for a list of all known issues affecting this + BIND 9 branch. diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst deleted file mode 100644 index 60dfc975f4..0000000000 --- a/doc/notes/notes-current.rst +++ /dev/null @@ -1,85 +0,0 @@ -.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") -.. -.. SPDX-License-Identifier: MPL-2.0 -.. -.. This Source Code Form is subject to the terms of the Mozilla Public -.. License, v. 2.0. If a copy of the MPL was not distributed with this -.. file, you can obtain one at https://mozilla.org/MPL/2.0/. -.. -.. See the COPYRIGHT file distributed with this work for additional -.. information regarding copyright ownership. - -Notes for BIND 9.19.11 ----------------------- - -Security Fixes -~~~~~~~~~~~~~~ - -- None. - -New Features -~~~~~~~~~~~~ - -- None. - -- When using :any:`dnssec-policy`, you can now configure the digest type to - use when ``CDS`` records need to be published with `cds-digest-types`. Also, - with ``dnssec-signzone -G`` you can set which CDNSKEY/CDS records you want to - publish. :gl:`#3837` - -Removed Features -~~~~~~~~~~~~~~~~ - -- Support for Red Hat Enterprise Linux version 7 (and clones) has been dropped. - A C11 compliant compiler (or better) is now required to compile BIND 9. - :gl:`#3729` - -- The functions that were in the ``libbind9`` shared library have been - moved to the ``libisc`` and ``libisccfg`` libraries, and the - now-empty ``libbind9`` has been removed and is no longer installed. - -- The ``irs_resconf`` module has been moved to the ``libdns`` shared - library and the now-empty ``libirs`` library has been removed and is - no longer installed. - -Feature Changes -~~~~~~~~~~~~~~~ - -- libuv support for receiving multiple UDP messages in a single system - call (``recvmmsg()``) has been tweaked several times between libuv - versions 1.35.0 and 1.40.0; the recommended libuv version is 1.40.0 or - higher. New rules are now in effect for running with a different - version of libuv than the one used at compilation time. These rules - may trigger a fatal error at startup: - - - Building against or running with libuv versions 1.35.0 and 1.36.0 is - now a fatal error. - - - Running with libuv version higher than 1.34.2 is now a fatal error - when :iscman:`named` is built against libuv version 1.34.2 or lower. - - - Running with libuv version higher than 1.39.0 is now a fatal error - when :iscman:`named` is built against libuv version 1.37.0, 1.38.0, - 1.38.1, or 1.39.0. - - This prevents the use of libuv versions that may trigger an assertion - failure when receiving multiple UDP messages in a single system call. - :gl:`#3840` - -- Run catalog zone updates on the specialized "offload" threads to reduce the - amount of time they block query processing on the main networking - threads. This should increase the responsiveness of :iscman:`named` - when catalog zone updates are being applied after a catalog zone has been - successfully transferred. :gl:`#3881` - -Bug Fixes -~~~~~~~~~ - -- :iscman:`named` could crash with an assertion failure when adding a new zone - into the configuration file for a name, which is already configured as a - member zone for a catalog zone. This has been fixed. :gl:`#3911` - -Known Issues -~~~~~~~~~~~~ - -- None.