upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 03:59:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Restore release notes for BIND 9.17.2

Browse source
This commit is contained in:
Michał Kępień 2020-05-12 15:20:22 +02:00
parent e7a9fc8a0e
commit 08d4983a5f
4 changed files with 109 additions and 189 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

147
doc/arm/notes-9.17.2.xml
View file

@ -1,147 +0,0 @@
<!--
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
- See the COPYRIGHT file distributed with this work for additional
- information regarding copyright ownership.
-->
<section xml:id="relnotes-9.17.2"><info><title>Notes for BIND 9.17.2</title></info>
<section xml:id="relnotes-9.17.2-security"><info><title>Security Fixes</title></info>
<itemizedlist>
<listitem>
<para>
A bug in dnstap initialization could prevent some dnstap data from
being logged, especially on recursive resolvers. [GL #1795]
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes-9.17.2-known"><info><title>Known Issues</title></info>
<itemizedlist>
<listitem>
<para>
In this release, the build system has been significantly changed (see
below), and there's number of unresolved issues that you need to be
aware of if you are using a development release. Please refer to
GitLab issue #4 https://gitlab.isc.org/isc-projects/bind9/-/issues/4
for a list of not yet resolved issues that will be fixed in the
following releases.
</para>
<para>
BIND crashes on startup when linked against libuv 1.36. This issue is
related to recvmmsg() support in libuv which was first included in
libuv 1.35. The problem was addressed in libuv 1.37, but the relevant
libuv code change requires a special flag to be set during library
initialization in order for recvmmsg() support to be enabled. This
BIND release sets that special flag when required, so recvmmsg()
support is now enabled when BIND is compiled against either libuv 1.35
or libuv 1.37+; libuv 1.36 is still not usable with BIND. [GL #1761]
[GL #1797]
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes-9.17.2-new"><info><title>New Features</title></info>
<itemizedlist>
<listitem>
<para>
The BIND 9 build system has been changed to use the normal build tool
stack consisting of autoconf+automake+libtool. This should not make
any difference for people building BIND 9 from the release tarballs,
but if you are building BIND 9 from the git repository you will need
to run "autoreconf -fi" first. If you are using non-standard
<command>./configure</command> option, you will
need to pay extra attention. [GL #4]
</para>
</listitem>
<listitem>
<para>
The native PKCS#11 EdDSA implementation has been updated to PKCS#11
v3.0 and thus made operational again. Contributed by Aaron Thompson.
[GL !3326]
</para>
</listitem>
<listitem>
<para>
The OpenSSL ECDSA implementation has been updated to support PKCS#11
via OpenSSL engine (see engine_pkcs11 from libp11 project). [GL #1534]
</para>
</listitem>
<listitem>
<para>
The OpenSSL EdDSA implementation has been updated to support PKCS#11
via OpenSSL engine. Please note that you need EdDSA capable OpenSSL
engine and there's only proof-of-concept as of this moment.
Contributed by Aaron Thompson. [GL #1763]
</para>
</listitem>
<listitem>
<para>
Added a new logging category "rpz-passthru", it allows RPZ passthru
actions to be logged into a separate channel. [GL #54]
</para>
</listitem>
<listitem>
<para>
The zone timers are now exported to the statistics channel. For the
primary zones, only the loaded time is exported. For the secondary
zones, the exported timers also include expire and refresh times.
Contributed by Paul Frieden, Verizon Media. [GL #1232]
</para>
</listitem>
<listitem>
<para>
<command>dig</command> and other tools can now print the Extended
DNS Error (EDE) option when it appears in a request or response.
[GL #1834]
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes-9.17.2-changes"><info><title>Feature Changes</title></info>
<itemizedlist>
<listitem>
<para>
The default rwlock implementation has been changed back to the native
BIND 9 rwlock implementation. [GL #1753]
</para>
</listitem>
<listitem>
<para>
Message ids in inbound AXFR transfers are now checked for
consistency. Streams with inconsistent message ids are rejected.
[GL #1674]
</para>
</listitem>
<listitem>
<para>
BIND 9 no longer sets the recv and send buffer sizes for sockets, relying
on system defaults instead. [GL #1713]
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes-9.17.2-bugs"><info><title>Bug Fixes</title></info>
<itemizedlist>
<listitem>
<para>
When running on a system with Linux capabilities support,
<command>named</command> drops root privileges very soon after system
startup. This was causing a spurious log message, <quote>unable to set
effective uid to 0: Operation not permitted</quote>, which has now been
silenced. [GL #1042] [GL #1090]
</para>
</listitem>
</itemizedlist>
</section>
</section>

42
doc/arm/notes.rst
View file

@ -84,47 +84,7 @@ http://www.isc.org/downloads/. There you will find additional
information about each release, source code, and pre-compiled versions
for Microsoft Windows operating systems.
.. _relnotes_security:
Security Fixes
--------------
- None.
.. _relnotes_features:
New Features
------------
- The new ``add-soa`` option specifies whether or not the
``response-policy`` zone's SOA record should be included in the
additional section of RPZ responses. [GL #865]
.. _relnotes_removed:
Removed Features
----------------
- The ``dnssec-enable`` option has been deprecated and no longer has
any effect. DNSSEC responses are always enabled if signatures and
other DNSSEC data are present. [GL #866]
.. _relnotes_changes:
Feature Changes
---------------
- None.
.. _relnotes_bugs:
Bug Fixes
---------
- The ``allow-update`` and ``allow-update-forwarding`` options were
inadvertently treated as configuration errors when used at the
``options`` or ``view`` level. This has now been corrected. [GL #913]
.. include:: ../notes/notes-current.rst
.. include:: ../notes/notes-9.17.1.rst
.. include:: ../notes/notes-9.17.0.rst

107
doc/notes/notes-current.rst Normal file
View file

@ -0,0 +1,107 @@
..
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
Notes for BIND 9.17.2
---------------------
Security Fixes
~~~~~~~~~~~~~~
- None.
Known Issues
~~~~~~~~~~~~
- In this release, the build system has been significantly changed (see
below), and there is a number of unresolved issues to be aware of
when using a development release. Please refer to `GitLab issue #4`_
for a list of not yet resolved issues that will be fixed in the
following releases. [GL #4]
.. _GitLab issue #4: https://gitlab.isc.org/isc-projects/bind9/-/issues/4
- BIND crashes on startup when linked against libuv 1.36. This issue
is related to ``recvmmsg()`` support in libuv which was first
included in libuv 1.35. The problem was addressed in libuv 1.37, but
the relevant libuv code change requires a special flag to be set
during library initialization in order for ``recvmmsg()`` support to
be enabled. This BIND release sets that special flag when required,
so ``recvmmsg()`` support is now enabled when BIND is compiled
against either libuv 1.35 or libuv 1.37+; libuv 1.36 is still not
usable with BIND. [GL #1761] [GL #1797]
New Features
~~~~~~~~~~~~
- The BIND 9 build system has been changed to use a typical
autoconf+automake+libtool stack. This should not make any difference
for people building BIND 9 from release tarballs, but when building
BIND 9 from the Git repository, ``autoreconf -fi`` needs to be run
first. Extra attention is also needed when using non-standard
``./configure`` options. [GL #4]
- Added a new logging category ``rpz-passthru`` which allows RPZ
passthru actions to be logged into a separate channel. [GL #54]
- Zone timers are now exported via statistics channel. For primary
zones, only the load time is exported. For secondary zones, exported
timers also include expire and refresh times. Contributed by Paul
Frieden, Verizon Media. [GL #1232]
- ``dig`` and other tools can now print the Extended DNS Error (EDE)
option when it appears in a request or response. [GL #1834]
Feature Changes
~~~~~~~~~~~~~~~
- BIND 9 no longer sets receive/send buffer sizes for UDP sockets,
relying on system defaults instead. [GL #1713]
- The default rwlock implementation has been changed back to the native
BIND 9 rwlock implementation. [GL #1753]
- The native PKCS#11 EdDSA implementation has been updated to PKCS#11
v3.0 and thus made operational again. Contributed by Aaron Thompson.
[GL !3326]
- The OpenSSL ECDSA implementation has been updated to support PKCS#11
via OpenSSL engine (see engine_pkcs11 from libp11 project). [GL
#1534]
- The OpenSSL EdDSA implementation has been updated to support PKCS#11
via OpenSSL engine. Please note that an EdDSA-capable OpenSSL engine
is required and thus this code is only a proof-of-concept for the
time being. Contributed by Aaron Thompson. [GL #1763]
- Message IDs in inbound AXFR transfers are now checked for
consistency. Log messages are emitted for streams with inconsistent
message IDs. [GL #1674]
Bug Fixes
~~~~~~~~~
- A bug in dnstap initialization could prevent some dnstap data from
being logged, especially on recursive resolvers. [GL #1795]
- When running on a system with support for Linux capabilities,
``named`` drops root privileges very soon after system startup. This
was causing a spurious log message, *unable to set effective uid to
0: Operation not permitted*, which has now been silenced. [GL #1042]
[GL #1090]
- When ``named-checkconf -z`` was run, it would sometimes incorrectly
set its exit code. It reflected the status of the last view found; if
zone-loading errors were found in earlier configured views but not in
the last one, the exit code indicated success. Thanks to Graham
Clinch. [GL #1807]
- When built without LMDB support, ``named`` failed to restart after a
zone with a double quote (") in its name was added with ``rndc
addzone``. Thanks to Alberto Fernández. [GL #1695]

2
util/copyrights
View file

@ -1150,7 +1150,6 @@
./doc/arm/logging-categories.rst RST 2020
./doc/arm/managed-keys.rst RST 2020
./doc/arm/manpages.rst RST 2020
./doc/arm/notes-9.17.2.xml SGML 2020
./doc/arm/notes.rst RST 2020
./doc/arm/pkcs11.rst RST 2020
./doc/arm/plugins.rst RST 2020
@ -1249,6 +1248,7 @@
./doc/misc/stub.zoneopt X 2018,2019,2020
./doc/notes/notes-9.17.0.rst RST 2020
./doc/notes/notes-9.17.1.rst RST 2020
./doc/notes/notes-current.rst RST 2020
./docutil/HTML_COPYRIGHT X 2001,2004,2016,2018,2019,2020
./docutil/MAN_COPYRIGHT X 2001,2004,2016,2018,2019,2020
./docutil/patch-db2latex-duplicate-template-bug X 2007,2018,2019,2020