From d4f01d03d74135c09f0ffa983740a66b53a9d58f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 12 Jan 2022 11:48:45 +0100 Subject: [PATCH 1/9] Remove release note for GL #3079 --- doc/notes/notes-current.rst | 3 --- 1 file changed, 3 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 8d16ff72fb..1076d2d16c 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -57,9 +57,6 @@ Bug Fixes after ``named`` restart in case the unsigned zone file gets modified while ``named`` is not running. This has been fixed. :gl:`#3071` -- Using ``rndc`` on a busy recursive server could cause the ``named`` to abort - with assertion failure. This has been fixed. :gl:`#3079` - - With libuv >= 1.37.0, the recvmmsg support would not be enabled in ``named`` reducing the maximum query-response performance. The recvmmsg support would be used only in libuv 1.35.0 and 1.36.0. This has been fixed. :gl:`#3095` From 5b79ec4033dbee7c928298599b20e11fa75d81da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 7 Jan 2022 16:07:54 +0100 Subject: [PATCH 2/9] Tweak and reword release notes --- doc/notes/notes-current.rst | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 1076d2d16c..bffba0367a 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -44,18 +44,21 @@ Feature Changes Bug Fixes ~~~~~~~~~ -- If signatures created by the ZSK are expired, and the ZSK private key is offline, - allow the expired signatures to be replaced with signatures created by the KSK. - :gl:`#3049` +- If signatures created by the ZSK were expired and the ZSK private key + was offline, the signatures were not replaced. This behavior has been + amended to replace the expired signatures with new signatures created + using the KSK. :gl:`#3049` -- On FreeBSD, a TCP connection would leak a small amount of heap memory leading - to out-of-memory problem in a long run. This has been fixed. :gl:`#3051` +- On FreeBSD, TCP connections leaked a small amount of heap memory, + leading to an eventual out-of-memory problem. This has been fixed. + :gl:`#3051` - Under certain circumstances, the signed version of an inline-signed zone could be dumped to disk without the serial number of the unsigned - version of the zone, preventing resynchronization of zone contents - after ``named`` restart in case the unsigned zone file gets modified - while ``named`` is not running. This has been fixed. :gl:`#3071` + version of the zone. This prevented resynchronization of the zone + contents after ``named`` restarted, if the unsigned zone file was + modified while ``named`` was not running. This has been fixed. + :gl:`#3071` - With libuv >= 1.37.0, the recvmmsg support would not be enabled in ``named`` reducing the maximum query-response performance. The recvmmsg support would From 1acbf17cda5b3c536529640e81866607866e9553 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 7 Jan 2022 15:23:36 +0100 Subject: [PATCH 3/9] Add release note for GL #2264 Related: !5627 Use ECDSA P-256 instead of 4096-bit RSA for 'tls ephemeral' --- doc/notes/notes-current.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index bffba0367a..e851af92e3 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -39,7 +39,10 @@ Removed Features Feature Changes ~~~~~~~~~~~~~~~ -- None. +- ``named`` formerly generated an ephemeral key and certificate for the + ``tls ephemeral`` configuration using the RSA algorithm with 4096-bit + keys. This has been changed to the ECDSA P-256 algorithm. :gl:`#2264` + Bug Fixes ~~~~~~~~~ From c2ed72a324152c96d3a86586f772cac519310be6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Fri, 7 Jan 2022 15:35:13 +0100 Subject: [PATCH 4/9] Add release note for GL #2398 and GL #3048 Related: !5620 Fix the isc_hp initialization and memory usage Related: !5646 Reduce freemax values for dns_message mempools --- doc/notes/notes-current.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index e851af92e3..79ddbdbdea 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -43,6 +43,9 @@ Feature Changes ``tls ephemeral`` configuration using the RSA algorithm with 4096-bit keys. This has been changed to the ECDSA P-256 algorithm. :gl:`#2264` +- Overall memory use by ``named`` has been optimized and reduced, + especially on systems with many CPU cores. :gl:`#2398` :gl:`#3048` + Bug Fixes ~~~~~~~~~ From cc26eb896109b73ea72d0469ebc15bb47601b76c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 12 Jan 2022 11:48:45 +0100 Subject: [PATCH 5/9] Reorder release notes --- doc/notes/notes-current.rst | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 79ddbdbdea..c244ed1bfd 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -39,26 +39,25 @@ Removed Features Feature Changes ~~~~~~~~~~~~~~~ +- Overall memory use by ``named`` has been optimized and reduced, + especially on systems with many CPU cores. :gl:`#2398` :gl:`#3048` + - ``named`` formerly generated an ephemeral key and certificate for the ``tls ephemeral`` configuration using the RSA algorithm with 4096-bit keys. This has been changed to the ECDSA P-256 algorithm. :gl:`#2264` -- Overall memory use by ``named`` has been optimized and reduced, - especially on systems with many CPU cores. :gl:`#2398` :gl:`#3048` - - Bug Fixes ~~~~~~~~~ +- On FreeBSD, TCP connections leaked a small amount of heap memory, + leading to an eventual out-of-memory problem. This has been fixed. + :gl:`#3051` + - If signatures created by the ZSK were expired and the ZSK private key was offline, the signatures were not replaced. This behavior has been amended to replace the expired signatures with new signatures created using the KSK. :gl:`#3049` -- On FreeBSD, TCP connections leaked a small amount of heap memory, - leading to an eventual out-of-memory problem. This has been fixed. - :gl:`#3051` - - Under certain circumstances, the signed version of an inline-signed zone could be dumped to disk without the serial number of the unsigned version of the zone. This prevented resynchronization of the zone From cb97395a8fb8eafd5c39c4091b2dd1615a32b028 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 12 Jan 2022 11:48:45 +0100 Subject: [PATCH 6/9] Prepare release notes for BIND 9.17.22 --- doc/arm/notes.rst | 2 +- .../{notes-current.rst => notes-9.17.22.rst} | 21 ------------------- 2 files changed, 1 insertion(+), 22 deletions(-) rename doc/notes/{notes-current.rst => notes-9.17.22.rst} (76%) diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 993123c240..7b1559aa25 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -52,7 +52,7 @@ The latest versions of BIND 9 software can always be found at https://www.isc.org/download/. There you will find additional information about each release, and source code. -.. include:: ../notes/notes-current.rst +.. include:: ../notes/notes-9.17.22.rst .. include:: ../notes/notes-9.17.21.rst .. include:: ../notes/notes-9.17.20.rst .. include:: ../notes/notes-9.17.19.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-9.17.22.rst similarity index 76% rename from doc/notes/notes-current.rst rename to doc/notes/notes-9.17.22.rst index c244ed1bfd..feb6763ef4 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-9.17.22.rst @@ -12,16 +12,6 @@ Notes for BIND 9.17.22 ---------------------- -Security Fixes -~~~~~~~~~~~~~~ - -- None. - -Known Issues -~~~~~~~~~~~~ - -- None. - New Features ~~~~~~~~~~~~ @@ -29,13 +19,6 @@ New Features the ``SSLKEYLOGFILE`` environment variable is set. This enables troubleshooting issues with encrypted DNS traffic. :gl:`#2723` -Removed Features -~~~~~~~~~~~~~~~~ - -- The IPv6 sockets are now explicitly restricted to sending and receiving IPv6 - packets only. This renders the ``dig`` option ``+mapped`` non-functioning and - thus the option has been removed. :gl:`#3093` - Feature Changes ~~~~~~~~~~~~~~~ @@ -64,7 +47,3 @@ Bug Fixes contents after ``named`` restarted, if the unsigned zone file was modified while ``named`` was not running. This has been fixed. :gl:`#3071` - -- With libuv >= 1.37.0, the recvmmsg support would not be enabled in ``named`` - reducing the maximum query-response performance. The recvmmsg support would - be used only in libuv 1.35.0 and 1.36.0. This has been fixed. :gl:`#3095` From 4289c79fcca4169579e9e01d2e169c636397f3d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 12 Jan 2022 12:25:11 +0100 Subject: [PATCH 7/9] Add a CHANGES marker --- CHANGES | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGES b/CHANGES index 076c0e21fc..035534dd31 100644 --- a/CHANGES +++ b/CHANGES @@ -15,6 +15,8 @@ when receiving NOTIFY query with SOA record in ANSWER section. [GL #3086] + --- 9.17.22 released --- + 5790. [bug] The control channel was incorrectly looking for ISC_R_CANCELED as a signal that the named is shutting down. In the dispatch refactoring, From e0099f7887baba7997d110c6d92a0f0512617554 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 12 Jan 2022 12:25:11 +0100 Subject: [PATCH 8/9] Update BIND version to 9.17.22 --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 6649271bb7..6af5451b36 100644 --- a/configure.ac +++ b/configure.ac @@ -16,7 +16,7 @@ # m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 17)dnl -m4_define([bind_VERSION_PATCH], 21)dnl +m4_define([bind_VERSION_PATCH], 22)dnl m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Development Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl From 2559a9d2bd0acaaba7d25466820b0e95cb44532e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Thu, 20 Jan 2022 11:20:03 +0100 Subject: [PATCH 9/9] Prepare release notes for BIND 9.17.23 --- doc/arm/notes.rst | 1 + doc/notes/notes-current.rst | 47 +++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 doc/notes/notes-current.rst diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 7b1559aa25..92e7489b1c 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -52,6 +52,7 @@ The latest versions of BIND 9 software can always be found at https://www.isc.org/download/. There you will find additional information about each release, and source code. +.. include:: ../notes/notes-current.rst .. include:: ../notes/notes-9.17.22.rst .. include:: ../notes/notes-9.17.21.rst .. include:: ../notes/notes-9.17.20.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst new file mode 100644 index 0000000000..cc562b6b9b --- /dev/null +++ b/doc/notes/notes-current.rst @@ -0,0 +1,47 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.17.23 +---------------------- + +Security Fixes +~~~~~~~~~~~~~~ + +- None. + +Known Issues +~~~~~~~~~~~~ + +- None. + +New Features +~~~~~~~~~~~~ + +- None. + +Removed Features +~~~~~~~~~~~~~~~~ + +- The IPv6 sockets are now explicitly restricted to sending and receiving IPv6 + packets only. This renders the ``dig`` option ``+mapped`` non-functioning and + thus the option has been removed. :gl:`#3093` + +Feature Changes +~~~~~~~~~~~~~~~ + +- None. + +Bug Fixes +~~~~~~~~~ + +- With libuv >= 1.37.0, the recvmmsg support would not be enabled in ``named`` + reducing the maximum query-response performance. The recvmmsg support would + be used only in libuv 1.35.0 and 1.36.0. This has been fixed. :gl:`#3095`