From 502615ad40944614c4ee2ac26fc55ece5b1a0d76 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Fri, 6 Jun 2025 11:10:33 +0200 Subject: [PATCH 1/5] Generate changelog for BIND 9.20.10 --- doc/arm/changelog.rst | 1 + doc/changelog/changelog-9.20.10.rst | 74 +++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 doc/changelog/changelog-9.20.10.rst diff --git a/doc/arm/changelog.rst b/doc/arm/changelog.rst index 3e42469fc4..c06fe15db7 100644 --- a/doc/arm/changelog.rst +++ b/doc/arm/changelog.rst @@ -18,6 +18,7 @@ Changelog development. Regular users should refer to :ref:`Release Notes ` for changes relevant to them. +.. include:: ../changelog/changelog-9.20.10.rst .. include:: ../changelog/changelog-9.20.9.rst .. include:: ../changelog/changelog-9.20.8.rst .. include:: ../changelog/changelog-9.20.7.rst diff --git a/doc/changelog/changelog-9.20.10.rst b/doc/changelog/changelog-9.20.10.rst new file mode 100644 index 0000000000..f89f57c465 --- /dev/null +++ b/doc/changelog/changelog-9.20.10.rst @@ -0,0 +1,74 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.20.10 +------------ + +New Features +~~~~~~~~~~~~ + +- Implement a new 'notify-defer' configuration option. ``a24db6433e6`` + + This new option sets a delay (in seconds) to wait before sending a set + of NOTIFY messages for a zone. Whenever a NOTIFY message is ready to + be sent, sending will be deferred for this duration. This option is + not to be confused with the :any:`notify-delay` option. The default is + 0 seconds. :gl:`#5259` :gl:`!10465` + +Removed Features +~~~~~~~~~~~~~~~~ + +- Implement the systemd notification protocol manually to remove + dependency on libsystemd. ``4f7e806a12b`` + + libsystemd, despite being useful, adds a huge surface area for just + using the sd_notify API. libsystemd's surface has been exploited in + the past [1]. + + Implement the systemd notification protocol by hand since it is just + sending newline-delimited datagrams to a UNIX socket. The code + shouldn't need more attention in the future since the notification + protocol is covered under systemd's stability promise [2]. + + We don't need to support VSOCK-backed service notifications since they + are only intended for virtual machine inits. + + [1]: https://www.openwall.com/lists/oss-security/2024/03/29/4 [2]: + https://systemd.io/PORTABILITY_AND_STABILITY/ :gl:`!10454` + +Bug Fixes +~~~~~~~~~ + +- Fix zone deletion issue. ``66fc4ee86e0`` + + A secondary zone could initiate a new zone transfer from the primary + server after it had been already deleted from the secondary server, + and before the internal garbage collection was activated to clean it + up completely. This has been fixed. :gl:`#5291` :gl:`!10496` + +- Fix a zone refresh bug. ``f09bb8b88c6`` + + A secondary zone could fail to further refresh with new versions of + the zone from a primary server if named was reconfigured during the + SOA request step of an ongoing zone transfer. This has been fixed. + :gl:`#5307` :gl:`!10495` + +- Allow keystore.c to compile on Solaris. ``108adab25a0`` + + keystore.c failed to compile on Solaris because NAME_MAX was + undefined. Include 'isc/dir.h' which defines NAME_MAX for platforms + that don't define it. :gl:`#5327` :gl:`!10523` + +- Set name for all the isc_mem contexts. ``bdcd698edf7`` + + :gl:`!10498` + + From 917d6a61c0dc01fe4ab6c7f622e10a917ebdd5b8 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Fri, 6 Jun 2025 11:11:46 +0200 Subject: [PATCH 2/5] Prepare release notes for BIND 9.20.10 --- doc/arm/notes.rst | 1 + doc/notes/notes-9.20.10.rst | 64 +++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 doc/notes/notes-9.20.10.rst diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index c4a6b0ace4..9c1c19c9fa 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -45,6 +45,7 @@ The list of known issues affecting the latest version in the 9.20 branch can be found at https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.20 +.. include:: ../notes/notes-9.20.10.rst .. include:: ../notes/notes-9.20.9.rst .. include:: ../notes/notes-9.20.8.rst .. include:: ../notes/notes-9.20.7.rst diff --git a/doc/notes/notes-9.20.10.rst b/doc/notes/notes-9.20.10.rst new file mode 100644 index 0000000000..33733123bd --- /dev/null +++ b/doc/notes/notes-9.20.10.rst @@ -0,0 +1,64 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.20.10 +---------------------- + +New Features +~~~~~~~~~~~~ + +- Implement a new 'notify-defer' configuration option. + + This new option sets a delay (in seconds) to wait before sending a set + of NOTIFY messages for a zone. Whenever a NOTIFY message is ready to + be sent, sending will be deferred for this duration. This option is + not to be confused with the :any:`notify-delay` option. The default is + 0 seconds. :gl:`#5259` + +Removed Features +~~~~~~~~~~~~~~~~ + +- Implement the systemd notification protocol manually to remove + dependency on libsystemd. + + libsystemd, despite being useful, adds a huge surface area for just + using the sd_notify API. libsystemd's surface has been exploited in + the past [1]. + + Implement the systemd notification protocol by hand since it is just + sending newline-delimited datagrams to a UNIX socket. The code + shouldn't need more attention in the future since the notification + protocol is covered under systemd's stability promise [2]. + + We don't need to support VSOCK-backed service notifications since they + are only intended for virtual machine inits. + + [1]: https://www.openwall.com/lists/oss-security/2024/03/29/4 [2]: + https://systemd.io/PORTABILITY_AND_STABILITY/ + +Bug Fixes +~~~~~~~~~ + +- Fix zone deletion issue. + + A secondary zone could initiate a new zone transfer from the primary + server after it had been already deleted from the secondary server, + and before the internal garbage collection was activated to clean it + up completely. This has been fixed. :gl:`#5291` + +- Fix a zone refresh bug. + + A secondary zone could fail to further refresh with new versions of + the zone from a primary server if named was reconfigured during the + SOA request step of an ongoing zone transfer. This has been fixed. + :gl:`#5307` + + From 7fdd3cd65699b6be7c36cfb597d9e8d5f0f00d4e Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Thu, 5 Jun 2025 15:34:39 +0200 Subject: [PATCH 3/5] Tweak and reword release notes --- doc/notes/notes-9.20.10.rst | 31 ++++++++----------------------- 1 file changed, 8 insertions(+), 23 deletions(-) diff --git a/doc/notes/notes-9.20.10.rst b/doc/notes/notes-9.20.10.rst index 33733123bd..ea06bde8d2 100644 --- a/doc/notes/notes-9.20.10.rst +++ b/doc/notes/notes-9.20.10.rst @@ -15,13 +15,13 @@ Notes for BIND 9.20.10 New Features ~~~~~~~~~~~~ -- Implement a new 'notify-defer' configuration option. +- Implement a new :namedconf:ref:`notify-defer` configuration option. This new option sets a delay (in seconds) to wait before sending a set - of NOTIFY messages for a zone. Whenever a NOTIFY message is ready to - be sent, sending will be deferred for this duration. This option is - not to be confused with the :any:`notify-delay` option. The default is - 0 seconds. :gl:`#5259` + of ``NOTIFY`` messages for a zone. Whenever a ``NOTIFY`` message is + ready to be sent, sending is deferred for this duration. This option + should not be confused with the :namedconf:ref:`notify-delay` option. + The default is 0 seconds. :gl:`#5259` Removed Features ~~~~~~~~~~~~~~~~ @@ -29,21 +29,6 @@ Removed Features - Implement the systemd notification protocol manually to remove dependency on libsystemd. - libsystemd, despite being useful, adds a huge surface area for just - using the sd_notify API. libsystemd's surface has been exploited in - the past [1]. - - Implement the systemd notification protocol by hand since it is just - sending newline-delimited datagrams to a UNIX socket. The code - shouldn't need more attention in the future since the notification - protocol is covered under systemd's stability promise [2]. - - We don't need to support VSOCK-backed service notifications since they - are only intended for virtual machine inits. - - [1]: https://www.openwall.com/lists/oss-security/2024/03/29/4 [2]: - https://systemd.io/PORTABILITY_AND_STABILITY/ - Bug Fixes ~~~~~~~~~ @@ -57,8 +42,8 @@ Bug Fixes - Fix a zone refresh bug. A secondary zone could fail to further refresh with new versions of - the zone from a primary server if named was reconfigured during the - SOA request step of an ongoing zone transfer. This has been fixed. - :gl:`#5307` + the zone from a primary server if :iscman:`named` was reconfigured + during the SOA request step of an ongoing zone transfer. This has been + fixed. :gl:`#5307` From a2212aa74ca1a80ea15161c7682daf3e42c3dda4 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Fri, 6 Jun 2025 11:56:11 +0200 Subject: [PATCH 4/5] Update docs to reflect 9.20 has become ESV --- configure.ac | 2 +- doc/arm/notes.rst | 17 +++++++---------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/configure.ac b/configure.ac index a7427da3f5..a8fa4d78f9 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 20)dnl m4_define([bind_VERSION_PATCH], 10)dnl m4_define([bind_VERSION_EXTRA], -dev)dnl -m4_define([bind_DESCRIPTION], [(Stable Release)])dnl +m4_define([bind_DESCRIPTION], [(Extended Support Version)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 9c1c19c9fa..60b9f0a56e 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -19,10 +19,10 @@ Release Notes Introduction ------------ -BIND 9.20 is a stable branch, suitable for production use. This -document summarizes significant changes since the last production -release on the 9.18 branch. Please see the :ref:`changelog` file for -a more detailed list of changes and bug fixes. +BIND 9.20 (Extended Support Version) is a stable branch, suitable for +production use. This document summarizes significant changes since the +last production release on the 9.18 branch. Please see the +:ref:`changelog` file for a more detailed list of changes and bug fixes. Supported Platforms ------------------- @@ -71,12 +71,9 @@ https://www.isc.org/contact/. End of Life ----------- -BIND 9.20 is a stable branch, suitable for production use. After it has -been in production use for a while it will be designated as an Extended -Support Version (ESV). Until then, the current ESV is BIND 9.18, which -will be supported until at least December 2025. See -https://kb.isc.org/docs/aa-00896 for details of ISC's software support -policy. +BIND 9.20 (Extended Support Version) will be supported until at least +March, 2028. See https://kb.isc.org/docs/aa-00896 for details of +ISC's software support policy. Thank You --------- From 61070359846b4b7282c25d0d0ecea2046f088ce9 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Fri, 6 Jun 2025 12:19:20 +0200 Subject: [PATCH 5/5] Update BIND version for release --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index a8fa4d78f9..d9aa4e1f83 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 20)dnl m4_define([bind_VERSION_PATCH], 10)dnl -m4_define([bind_VERSION_EXTRA], -dev)dnl +m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Extended Support Version)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl