Merge branch 'v9_17_22-release' into 'main'

Merge 9.17.22 release branch See merge request isc-projects/bind9!5741
2025-08-29 13:38:26 +00:00 · 2022-01-20 10:26:54 +00:00 · 2022-01-20 10:26:54 +00:00 · f74e2fb7fb
commit f74e2fb7fb
parent b82d315327 2559a9d2bd
5 changed files with 55 additions and 21 deletions
--- a/2
+++ b/2
@ -15,6 +15,8 @@
 			when receiving NOTIFY query with SOA record in
 			ANSWER section. [GL #3086]
 	--- 9.17.22 released ---
 5790.	[bug]		The control channel was incorrectly looking for
 			ISC_R_CANCELED as a signal that the named is
 			shutting down.  In the dispatch refactoring,
--- a/configure.ac
+++ b/configure.ac
@ -16,7 +16,7 @@
 #
 m4_define([bind_VERSION_MAJOR], 9)dnl
 m4_define([bind_VERSION_MINOR], 17)dnl
-m4_define([bind_VERSION_PATCH], 21)dnl
+m4_define([bind_VERSION_PATCH], 22)dnl
 m4_define([bind_VERSION_EXTRA], )dnl
 m4_define([bind_DESCRIPTION], [(Development Release)])dnl
 m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl
--- a/doc/arm/notes.rst
+++ b/doc/arm/notes.rst
@ -53,6 +53,7 @@ https://www.isc.org/download/. There you will find additional
 information about each release, and source code.
 .. include:: ../notes/notes-current.rst
 .. include:: ../notes/notes-9.17.22.rst
 .. include:: ../notes/notes-9.17.21.rst
 .. include:: ../notes/notes-9.17.20.rst
 .. include:: ../notes/notes-9.17.19.rst
--- a/doc/notes/notes-9.17.22.rst
+++ b/doc/notes/notes-9.17.22.rst
@ -0,0 +1,49 @@
 .. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 ..
 .. SPDX-License-Identifier: MPL-2.0
 ..
 .. This Source Code Form is subject to the terms of the Mozilla Public
 .. License, v. 2.0.  If a copy of the MPL was not distributed with this
 .. file, you can obtain one at https://mozilla.org/MPL/2.0/.
 ..
 .. See the COPYRIGHT file distributed with this work for additional
 .. information regarding copyright ownership.
 Notes for BIND 9.17.22
 ----------------------
 New Features
 ~~~~~~~~~~~~
 - ``named`` now logs TLS pre-master secrets for debugging purposes when
  the ``SSLKEYLOGFILE`` environment variable is set. This enables
  troubleshooting issues with encrypted DNS traffic. :gl:`#2723`
 Feature Changes
 ~~~~~~~~~~~~~~~
 - Overall memory use by ``named`` has been optimized and reduced,
  especially on systems with many CPU cores. :gl:`#2398` :gl:`#3048`
 - ``named`` formerly generated an ephemeral key and certificate for the
  ``tls ephemeral`` configuration using the RSA algorithm with 4096-bit
  keys. This has been changed to the ECDSA P-256 algorithm. :gl:`#2264`
 Bug Fixes
 ~~~~~~~~~
 - On FreeBSD, TCP connections leaked a small amount of heap memory,
  leading to an eventual out-of-memory problem. This has been fixed.
  :gl:`#3051`
 - If signatures created by the ZSK were expired and the ZSK private key
  was offline, the signatures were not replaced. This behavior has been
  amended to replace the expired signatures with new signatures created
  using the KSK. :gl:`#3049`
 - Under certain circumstances, the signed version of an inline-signed
  zone could be dumped to disk without the serial number of the unsigned
  version of the zone. This prevented resynchronization of the zone
  contents after ``named`` restarted, if the unsigned zone file was
  modified while ``named`` was not running. This has been fixed.
  :gl:`#3071`
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@ -9,7 +9,7 @@
 .. See the COPYRIGHT file distributed with this work for additional
 .. information regarding copyright ownership.
-Notes for BIND 9.17.22
+Notes for BIND 9.17.23
 ----------------------
 Security Fixes
@ -25,9 +25,7 @@ Known Issues
 New Features
 ~~~~~~~~~~~~
- ``named`` now logs TLS pre-master secrets for debugging purposes when
+- None.
  the ``SSLKEYLOGFILE`` environment variable is set. This enables
  troubleshooting issues with encrypted DNS traffic. :gl:`#2723`
 Removed Features
 ~~~~~~~~~~~~~~~~
@ -44,22 +42,6 @@ Feature Changes
 Bug Fixes
 ~~~~~~~~~
 - If signatures created by the ZSK are expired, and the ZSK private key is offline,
  allow the expired signatures to be replaced with signatures created by the KSK.
  :gl:`#3049`
 - On FreeBSD, a TCP connection would leak a small amount of heap memory leading
  to out-of-memory problem in a long run. This has been fixed. :gl:`#3051`
 - Under certain circumstances, the signed version of an inline-signed
  zone could be dumped to disk without the serial number of the unsigned
  version of the zone, preventing resynchronization of zone contents
  after ``named`` restart in case the unsigned zone file gets modified
  while ``named`` is not running. This has been fixed. :gl:`#3071`
 - Using ``rndc`` on a busy recursive server could cause the ``named`` to abort
  with assertion failure.  This has been fixed. :gl:`#3079`
 - With libuv >= 1.37.0, the recvmmsg support would not be enabled in ``named``
  reducing the maximum query-response performance.  The recvmmsg support would
  be used only in libuv 1.35.0 and 1.36.0.  This has been fixed.  :gl:`#3095`