mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

Merge branch 'michal/prepare-release-notes-for-bind-9.17.5' into 'v9_17_5-release'

Browse Source 
Prepare release notes for BIND 9.17.5

See merge request isc-private/bind9!208
This commit is contained in:
Michał Kępień
2020-09-04 05:49:50 +00:00
parent cc97353750 74ac8bf33a
commit b42f7d3677
8 changed files with 115 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
CHANGES
View File

@@ -14,53 +14,53 @@
[GL #2103]
5499. [func] Add '-P ds' and '-D ds' arguments to dnssec-settime.
[GL #1748]
5498. [test] The --with-gperftools-profiler configure option was
removed. [GL !4045]
5497. [placeholder]
5496. [bug] The rate limiter needs to hold a reference to its task.
[GL #2081]
5496. [bug] Address a TSAN report by ensuring each rate limiter
object holds a reference to its task. [GL #2081]
5495. [bug] With query minimization enabled, named failed to
resolve ip6.arpa. names that had more labels after the
IPv6 part. [GL #1847]
resolve ip6.arpa. names that had extra labels to the
left of the IPv6 part. [GL #1847]
5494. [bug] Silence the EPROTO syslog message on older systems.
[GL #1928]
5493. [bug] Fix off-by-one error when calculating new hashtable
5493. [bug] Fix off-by-one error when calculating new hash table
size. [GL #2104]
5492. [bug] Tighten LOC parsing to reject period and/or m as a
value. Correct handling of negative altitudes which
are not whole metres. [GL #2074]
5492. [bug] Tighten LOC parsing to reject a period (".") and/or "m"
as a value. Fix handling of negative altitudes which are
not whole meters. [GL #2074]
5491. [bug] rbtversion->glue_table_size could be read without the
appropriate lock being held. [GL #2080]
5490. [func] Refactor the readline support to use pkg-config and
add support for editline library. [GL !3942]
5490. [func] Refactor readline support to use pkg-config and add
support for the editline library. [GL !3942]
5489. [bug] Named failed to reject some invalid records resulting
in records that, after being printed, could not be
loaded or would result in DNSSEC validation failures
when re-read from zone files as the wire format
differed. The covered records records are: CERT,
5489. [bug] Named erroneously accepted certain invalid resource
records that were incorrectly processed after
subsequently being written to disk and loaded back, as
the wire format differed. Such records include: CERT,
IPSECKEY, NSEC3, NSEC3PARAM, NXT, SIG, TLSA, WKS, and
X25. [GL !3953]
5488. [bug] nta needed to have a weak reference on view to prevent
the view being deleted while nta tests are being
performed. [GL #2067]
5488. [bug] NTA code needed to have a weak reference on its
associated view to prevent the latter from being deleted
while NTA tests were being performed. [GL #2067]
5487. [cleanup] Update managed keys log messages to be less confusing.
[GL #2027]
5486. [func] Add 'rndc dnssec -checkds' command to tell named
that the DS record has been published in the parent.
[GL #1613]
5486. [func] Add 'rndc dnssec -checkds' command, which signals to
named that the DS record for a given zone or key has
been updated in the parent zone. [GL #1613]
--- 9.17.4 released ---

4
CODE_OF_CONDUCT.md
View File

@@ -7,8 +7,8 @@ people.
Diversity is one of our huge strengths, but it can also lead to communication
issues and unhappiness. To that end, we have a few ground rules that we ask
people to adhere to. This code applies equally to the core development team, open source contributors and those
seeking help and guidance.
people to adhere to. This code applies equally to the core development team,
open source contributors and those seeking help and guidance.
This isn't an exhaustive list of things that you can't do. Rather, take it in
the spirit in which it's intended - a guide to make it easier to enrich all of

19
CONTRIBUTING.md
View File

@@ -46,8 +46,9 @@ building communities that are welcoming and inclusive: environments where people
are encouraged to share ideas, treat each other with respect, and collaborate
towards the best solutions. To reinforce our commitment, ISC
has adopted a slightly modified version of the Django
[Code of Conduct](https://gitlab.isc.org/isc-projects/bind9/-/blob/master/CODE_OF_CONDUCT.md) for the BIND 9 project, as well as for the conduct of our
developers throughout the industry.
[Code of Conduct](https://gitlab.isc.org/isc-projects/bind9/-/blob/main/CODE_OF_CONDUCT.md)
for the BIND 9 project, as well as for the conduct of our developers throughout
the industry.
### <a name="access"></a>Access to source code
@@ -80,7 +81,7 @@ Whenever a branch is ready for publication, a tag is placed of the
form `v9_X_Y`. The 9.12.0 release, for instance, is tagged as `v9_12_0`.
The branch in which the next major release is being developed is called
`master`.
`main`.
### <a name="bugs"></a>Reporting bugs
@@ -100,6 +101,7 @@ use credentials from an existing account at GitHub, GitLab, Google,
Twitter, or Facebook.
### Reporting possible security issues
If you think you may be seeing a potential security vulnerability in BIND
(for example, a crash with REQUIRE, INSIST, or ASSERT failure), please
report it immediately by emailing to security-officer@isc.org. Plain-text
@@ -111,7 +113,8 @@ Do not discuss undisclosed security vulnerabilities on any public mailing list.
ISC has a long history of handling reported vulnerabilities promptly and
effectively and we respect and acknowledge responsible reporters.
ISC's Security Vulnerability Disclosure Policy is documented at [https://kb.isc.org/docs/aa-00861](https://kb.isc.org/docs/aa-00861).
ISC's Security Vulnerability Disclosure Policy is documented at
[https://kb.isc.org/docs/aa-00861](https://kb.isc.org/docs/aa-00861).
If you have a crash, you may want to consult
["What to do if your BIND or DHCP server has crashed."](https://kb.isc.org/docs/aa-00340)
@@ -120,7 +123,8 @@ If you have a crash, you may want to consult
BIND is licensed under the
[Mozilla Public License 2.0](https://www.mozilla.org/en-US/MPL/2.0/).
Earlier versions (BIND 9.10 and earlier) were licensed under the [ISC License](https://www.isc.org/licenses/)
Earlier versions (BIND 9.10 and earlier) were licensed under the
[ISC License](https://www.isc.org/licenses/)
ISC does not require an explicit copyright assignment for patch
contributions. However, by submitting a patch to ISC, you implicitly
@@ -136,7 +140,7 @@ Patches for BIND may be submitted directly via merge requests in
repository for BIND.
Patches can also be submitted as diffs against a specific version of
BIND -- preferably the current top of the `master` branch. Diffs may
BIND -- preferably the current top of the `main` branch. Diffs may
be generated using either `git format-patch` or `git diff`.
Those wanting to write code for BIND may be interested in the
@@ -184,7 +188,8 @@ of documentation in the BIND source tree:
they document, in files ending in `.rst`: for example, the
`named` man page is `bin/named/named.rst`.
* The *BIND 9 Administrator Reference Manual* is in the .rst files in
`doc/arm/`; the PDF and HTML versions are automatically generated from the `.rst` files.
`doc/arm/`; the PDF and HTML versions are automatically generated from
the `.rst` files.
* API documentation is in the header file describing the API, in
Doxygen-formatted comments.

2
README.md
View File

@@ -335,7 +335,7 @@ the change that was made; these categories are:
| [cleanup] | Minor corrections and refactoring |
| [doc] | Documentation |
| [contrib] | Changes to the contributed tools and libraries in the 'contrib' subdirectory |
| [placeholder] | Used in the master development branch to reserve change numbers for use in other branches, e.g., when fixing a bug that only exists in older releases |
| [placeholder] | Used in the main development branch to reserve change numbers for use in other branches, e.g., when fixing a bug that only exists in older releases |
In general, [func] and [experimental] tags only appear in new-feature
releases (i.e., those with version numbers ending in zero). Some new

2
doc/arm/notes.rst
View File

@@ -52,7 +52,7 @@ https://www.isc.org/download/. There you will find additional
information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems.
.. include:: ../notes/notes-current.rst
.. include:: ../notes/notes-9.17.5.rst
.. include:: ../notes/notes-9.17.4.rst
.. include:: ../notes/notes-9.17.3.rst
.. include:: ../notes/notes-9.17.2.rst

77
doc/notes/notes-9.17.5.rst Normal file
View File

@@ -0,0 +1,77 @@
..
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
Notes for BIND 9.17.5
---------------------
New Features
~~~~~~~~~~~~
- Add a new ``rndc`` command, ``rndc dnssec -checkds``, which signals to
``named`` that a DS record for a given zone or key has been published
or withdrawn from the parent. This command replaces the time-based
``parent-registration-delay`` configuration option. [GL #1613]
- Log when ``named`` adds a CDS/CDNSKEY to the zone. [GL #1748]
Removed Features
~~~~~~~~~~~~~~~~
- The ``--with-gperftools-profiler`` ``configure`` option was removed.
To use the gperftools profiler, the ``HAVE_GPERFTOOLS_PROFILER`` macro
now needs to be manually set in ``CFLAGS`` and ``-lprofiler`` needs to
be present in ``LDFLAGS``. [GL !4045]
- The ``glue-cache`` *option* has been marked as deprected. The glue
cache *feature* still works and will be permanently *enabled* in a
future release. [GL #2146]
Feature Changes
~~~~~~~~~~~~~~~
- Previously, using ``dig +bufsize=0`` had the side effect of disabling
EDNS, and there was no way to test the remote server's behavior when
it had received a packet with EDNS0 buffer size set to 0. This is no
longer the case; ``dig +bufsize=0`` now sends a DNS message with EDNS
version 0 and buffer size set to 0. To disable EDNS, use ``dig
+noedns``. [GL #2054]
Bug Fixes
~~~~~~~~~
- In rare circumstances, ``named`` would exit with an assertion failure
when the number of nodes stored in the red-black tree exceeded the
maximum allowed size of the internal hash table. [GL #2104]
- Silence spurious system log messages for an EPROTO(71) error code that
was seen on older operating systems, where unhandled ICMPv6 errors
resulted in a generic protocol error being returned instead of a more
specific error code. [GL #1928]
- With query name minimization enabled, ``named`` failed to resolve
``ip6.arpa.`` names that had extra labels to the left of the IPv6
part. For example, when ``named`` attempted query name minimization on
a name like ``A.B.1.2.3.4.(...).ip6.arpa.``, it stopped at the
leftmost IPv6 label, i.e. ``1.2.3.4.(...).ip6.arpa.``, without
considering the extra labels (``A.B``). That caused a query loop when
resolving the name: if ``named`` received NXDOMAIN answers, then the
same query was repeatedly sent until the number of queries sent
reached the value of the ``max-recursion-queries`` configuration
option. [GL #1847]
- Parsing of LOC records was made more strict by rejecting a sole period
(``.``) and/or ``m`` as a value. These changes prevent zone files
using such values from being loaded. Handling of negative altitudes
which are not integers was also corrected. [GL #2074]
- Several problems found by `OSS-Fuzz`_ were fixed. (None of these are
security issues.) [GL !3953] [GL !3975]
.. _OSS-Fuzz: https://github.com/google/oss-fuzz

75
doc/notes/notes-current.rst
View File

@@ -1,75 +0,0 @@
..
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
Notes for BIND 9.17.5
---------------------
Security Fixes
~~~~~~~~~~~~~~
- None.
Known Issues
~~~~~~~~~~~~
- None.
New Features
~~~~~~~~~~~~
- New ``rndc`` command ``rndc dnssec -checkds`` to tell ``named``
that a DS record for a given zone or key has been published or withdrawn
from the parent. Replaces the time-based ``parent-registration-delay``
configuration option. [GL #1613]
- Log when ``named`` adds a CDS/CDNSKEY to the zone. [GL #1748]
Removed Features
~~~~~~~~~~~~~~~~
- The ``--with-gperftools-profiler`` ``configure`` option was removed.
To use the gperftools profiler, the ``HAVE_GPERFTOOLS_PROFILER`` macro
now needs to be manually set in ``CFLAGS`` and ``-lprofiler`` needs to
be present in ``LDFLAGS``. [GL !4045]
- The ``glue-cache`` *option* has been marked as deprected. The glue
cache *feature* still works and will be permanently *enabled* in a
future release. [GL #2146]
Feature Changes
~~~~~~~~~~~~~~~
- Previously, using ``dig +bufsize=0`` had the side effect of disabling EDNS,
and there was no way to test the remote server's behavior when it had received
a packet with EDNS0 buffer size set to ``0``. This is no longer the case;
``dig +bufsize=0`` now sends a DNS message with EDNS version 0 and buffer size
set to ``0``. To disable EDNS, use ``dig +noedns``. [GL #2054]
Bug Fixes
~~~~~~~~~
- In rare circumstances, named would exit with assertion failure when the number
of nodes stored in the red-black-tree exceeds the maximum allowed size of the
internal hashtable. [GL #2104]
- Silence spurious system log messages for EPROTO(71) error code that has been
seen on older operating systems where unhandled ICMPv6 errors result in a
generic protocol error being returned instead of the more specific error code.
[GL #1928]
- With query minimization enabled, named failed to resolve ip6.arpa. names
that had more labels before the IPv6 part. For example, when named
implemented query minimization on a name like
``A.B.1.2.3.4.(...).ip6.arpa.``, it stopped at the left-most IPv6 label, i.e.
``1.2.3.4.(...).ip6.arpa.`` without considering the extra labels ``A.B``.
That caused a query loop when resolving the name: if named received
NXDOMAIN answers, then the same query was repeatedly sent until the number
of queries sent reached the value in the ``max-recursion-queries``
configuration option. [GL #1847]

2
util/copyrights
View File

@@ -1238,7 +1238,7 @@
./doc/notes/notes-9.17.2.rst RST 2020
./doc/notes/notes-9.17.3.rst RST 2020
./doc/notes/notes-9.17.4.rst RST 2020
./doc/notes/notes-current.rst RST 2020
./doc/notes/notes-9.17.5.rst RST 2020
./docutil/HTML_COPYRIGHT X 2001,2004,2016,2018,2019,2020
./docutil/MAN_COPYRIGHT X 2001,2004,2016,2018,2019,2020
./docutil/patch-db2latex-duplicate-template-bug X 2007,2018,2019,2020