From 7b7dea04a39d2d9f62aa52755d72a65debdd11a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Fri, 18 Jun 2021 11:09:45 +0200 Subject: [PATCH] Prepare release notes for BIND 9.17.15 --- doc/arm/notes.rst | 2 +- doc/notes/notes-9.17.15.rst | 25 ++++++++++++++ doc/notes/notes-current.rst | 68 ------------------------------------- 3 files changed, 26 insertions(+), 69 deletions(-) create mode 100644 doc/notes/notes-9.17.15.rst delete mode 100644 doc/notes/notes-current.rst diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 4cce67f9ad..f687115b24 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -51,7 +51,7 @@ The latest versions of BIND 9 software can always be found at https://www.isc.org/download/. There you will find additional information about each release, and source code. -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.17.15.rst .. include:: ../notes/notes-9.17.14.rst .. include:: ../notes/notes-9.17.13.rst .. include:: ../notes/notes-9.17.12.rst diff --git a/doc/notes/notes-9.17.15.rst b/doc/notes/notes-9.17.15.rst new file mode 100644 index 0000000000..2a295301b3 --- /dev/null +++ b/doc/notes/notes-9.17.15.rst @@ -0,0 +1,25 @@ +.. + Copyright (C) Internet Systems Consortium, Inc. ("ISC") + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, you can obtain one at https://mozilla.org/MPL/2.0/. + + See the COPYRIGHT file distributed with this work for additional + information regarding copyright ownership. + +Notes for BIND 9.17.15 +---------------------- + +Bug Fixes +~~~~~~~~~ + +- When preparing DNS responses, ``named`` could replace the letters + ``W`` (uppercase) and ``w`` (lowercase) with ``\000``. This has been + fixed. :gl:`#2779` + +- The configuration-checking code failed to account for the inheritance + rules of the ``key-directory`` option. As a side effect of this flaw, + the code detecting ``key-directory`` conflicts for zones using KASP + incorrectly reported unique key directories as being reused. This has + been fixed. :gl:`#2778` diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst deleted file mode 100644 index 12889bc0f1..0000000000 --- a/doc/notes/notes-current.rst +++ /dev/null @@ -1,68 +0,0 @@ -.. - Copyright (C) Internet Systems Consortium, Inc. ("ISC") - - This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, you can obtain one at https://mozilla.org/MPL/2.0/. - - See the COPYRIGHT file distributed with this work for additional - information regarding copyright ownership. - -Notes for BIND 9.17.15 ----------------------- - -Security Fixes -~~~~~~~~~~~~~~ - -- Sending non-zero opcode via DoT or DoH channels would trigger an assertion - failure in ``named``. This has been fixed. - - ISC would like to thank Ville Heikkila of Synopsys Cybersecurity Research - Center for responsibly disclosing the vulnerability to us. :gl:`#2787` - -Known Issues -~~~~~~~~~~~~ - -- None. - -New Features -~~~~~~~~~~~~ - -- None. - -Removed Features -~~~~~~~~~~~~~~~~ - -- Support for compiling and running BIND 9 natively on Windows has been - completely removed. The last release branch that has working Windows - support is BIND 9.16. :gl:`#2690` - -Feature Changes -~~~~~~~~~~~~~~~ - -- None. - -Bug Fixes -~~~~~~~~~ - -- Fixed a bug that caused the NSEC salt to be changed for KASP zones on - every startup. :gl:`#2725` - -- Signed, insecure delegation responses prepared by ``named`` either - lacked the necessary NSEC records or contained duplicate NSEC records - when both wildcard expansion and CNAME chaining were required to - prepare the response. This has been fixed. :gl:`#2759` - -- When preparing DNS responses, ``named`` could replace the letters - ``W`` (uppercase) and ``w`` (lowercase) with ``\000``. This has been - fixed. :gl:`#2779` - -- The configuration-checking code failed to account for the inheritance - rules of the ``key-directory`` option. As a side effect of this flaw, - the code detecting ``key-directory`` conflicts for zones using KASP - incorrectly reported unique key directories as being reused. This has - been fixed. :gl:`#2778` - -- A deadlock at startup was introduced when fixing :gl:`#1875` because when - locking key files for reading and writing, "in-view" logic was not taken into - account. This has been fixed. :gl:`#2783`