diff --git a/doc/arm/notes-9.17.2.xml b/doc/arm/notes-9.17.2.xml deleted file mode 100644 index 2c70de6135..0000000000 --- a/doc/arm/notes-9.17.2.xml +++ /dev/null @@ -1,147 +0,0 @@ - - -
Notes for BIND 9.17.2 - -
Security Fixes - - - - A bug in dnstap initialization could prevent some dnstap data from - being logged, especially on recursive resolvers. [GL #1795] - - - -
- -
Known Issues - - - - In this release, the build system has been significantly changed (see - below), and there's number of unresolved issues that you need to be - aware of if you are using a development release. Please refer to - GitLab issue #4 https://gitlab.isc.org/isc-projects/bind9/-/issues/4 - for a list of not yet resolved issues that will be fixed in the - following releases. - - - BIND crashes on startup when linked against libuv 1.36. This issue is - related to recvmmsg() support in libuv which was first included in - libuv 1.35. The problem was addressed in libuv 1.37, but the relevant - libuv code change requires a special flag to be set during library - initialization in order for recvmmsg() support to be enabled. This - BIND release sets that special flag when required, so recvmmsg() - support is now enabled when BIND is compiled against either libuv 1.35 - or libuv 1.37+; libuv 1.36 is still not usable with BIND. [GL #1761] - [GL #1797] - - - -
- -
New Features - - - - The BIND 9 build system has been changed to use the normal build tool - stack consisting of autoconf+automake+libtool. This should not make - any difference for people building BIND 9 from the release tarballs, - but if you are building BIND 9 from the git repository you will need - to run "autoreconf -fi" first. If you are using non-standard - ./configure option, you will - need to pay extra attention. [GL #4] - - - - - The native PKCS#11 EdDSA implementation has been updated to PKCS#11 - v3.0 and thus made operational again. Contributed by Aaron Thompson. - [GL !3326] - - - - - The OpenSSL ECDSA implementation has been updated to support PKCS#11 - via OpenSSL engine (see engine_pkcs11 from libp11 project). [GL #1534] - - - - - The OpenSSL EdDSA implementation has been updated to support PKCS#11 - via OpenSSL engine. Please note that you need EdDSA capable OpenSSL - engine and there's only proof-of-concept as of this moment. - Contributed by Aaron Thompson. [GL #1763] - - - - - Added a new logging category "rpz-passthru", it allows RPZ passthru - actions to be logged into a separate channel. [GL #54] - - - - - The zone timers are now exported to the statistics channel. For the - primary zones, only the loaded time is exported. For the secondary - zones, the exported timers also include expire and refresh times. - Contributed by Paul Frieden, Verizon Media. [GL #1232] - - - - - dig and other tools can now print the Extended - DNS Error (EDE) option when it appears in a request or response. - [GL #1834] - - - -
- -
Feature Changes - - - - The default rwlock implementation has been changed back to the native - BIND 9 rwlock implementation. [GL #1753] - - - - - Message ids in inbound AXFR transfers are now checked for - consistency. Streams with inconsistent message ids are rejected. - [GL #1674] - - - - - BIND 9 no longer sets the recv and send buffer sizes for sockets, relying - on system defaults instead. [GL #1713] - - - -
- -
Bug Fixes - - - - When running on a system with Linux capabilities support, - named drops root privileges very soon after system - startup. This was causing a spurious log message, unable to set - effective uid to 0: Operation not permitted, which has now been - silenced. [GL #1042] [GL #1090] - - - -
- -
diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 6ca3ab7b7a..90b27a7711 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -84,47 +84,7 @@ http://www.isc.org/downloads/. There you will find additional information about each release, source code, and pre-compiled versions for Microsoft Windows operating systems. -.. _relnotes_security: - -Security Fixes --------------- - -- None. - -.. _relnotes_features: - -New Features ------------- - -- The new ``add-soa`` option specifies whether or not the - ``response-policy`` zone's SOA record should be included in the - additional section of RPZ responses. [GL #865] - -.. _relnotes_removed: - -Removed Features ----------------- - -- The ``dnssec-enable`` option has been deprecated and no longer has - any effect. DNSSEC responses are always enabled if signatures and - other DNSSEC data are present. [GL #866] - -.. _relnotes_changes: - -Feature Changes ---------------- - -- None. - -.. _relnotes_bugs: - -Bug Fixes ---------- - -- The ``allow-update`` and ``allow-update-forwarding`` options were - inadvertently treated as configuration errors when used at the - ``options`` or ``view`` level. This has now been corrected. [GL #913] - +.. include:: ../notes/notes-current.rst .. include:: ../notes/notes-9.17.1.rst .. include:: ../notes/notes-9.17.0.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst new file mode 100644 index 0000000000..e115c38105 --- /dev/null +++ b/doc/notes/notes-current.rst @@ -0,0 +1,107 @@ +.. + Copyright (C) Internet Systems Consortium, Inc. ("ISC") + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + + See the COPYRIGHT file distributed with this work for additional + information regarding copyright ownership. + +Notes for BIND 9.17.2 +--------------------- + +Security Fixes +~~~~~~~~~~~~~~ + +- None. + +Known Issues +~~~~~~~~~~~~ + +- In this release, the build system has been significantly changed (see + below), and there is a number of unresolved issues to be aware of + when using a development release. Please refer to `GitLab issue #4`_ + for a list of not yet resolved issues that will be fixed in the + following releases. [GL #4] + +.. _GitLab issue #4: https://gitlab.isc.org/isc-projects/bind9/-/issues/4 + +- BIND crashes on startup when linked against libuv 1.36. This issue + is related to ``recvmmsg()`` support in libuv which was first + included in libuv 1.35. The problem was addressed in libuv 1.37, but + the relevant libuv code change requires a special flag to be set + during library initialization in order for ``recvmmsg()`` support to + be enabled. This BIND release sets that special flag when required, + so ``recvmmsg()`` support is now enabled when BIND is compiled + against either libuv 1.35 or libuv 1.37+; libuv 1.36 is still not + usable with BIND. [GL #1761] [GL #1797] + +New Features +~~~~~~~~~~~~ + +- The BIND 9 build system has been changed to use a typical + autoconf+automake+libtool stack. This should not make any difference + for people building BIND 9 from release tarballs, but when building + BIND 9 from the Git repository, ``autoreconf -fi`` needs to be run + first. Extra attention is also needed when using non-standard + ``./configure`` options. [GL #4] + +- Added a new logging category ``rpz-passthru`` which allows RPZ + passthru actions to be logged into a separate channel. [GL #54] + +- Zone timers are now exported via statistics channel. For primary + zones, only the load time is exported. For secondary zones, exported + timers also include expire and refresh times. Contributed by Paul + Frieden, Verizon Media. [GL #1232] + +- ``dig`` and other tools can now print the Extended DNS Error (EDE) + option when it appears in a request or response. [GL #1834] + +Feature Changes +~~~~~~~~~~~~~~~ + +- BIND 9 no longer sets receive/send buffer sizes for UDP sockets, + relying on system defaults instead. [GL #1713] + +- The default rwlock implementation has been changed back to the native + BIND 9 rwlock implementation. [GL #1753] + +- The native PKCS#11 EdDSA implementation has been updated to PKCS#11 + v3.0 and thus made operational again. Contributed by Aaron Thompson. + [GL !3326] + +- The OpenSSL ECDSA implementation has been updated to support PKCS#11 + via OpenSSL engine (see engine_pkcs11 from libp11 project). [GL + #1534] + +- The OpenSSL EdDSA implementation has been updated to support PKCS#11 + via OpenSSL engine. Please note that an EdDSA-capable OpenSSL engine + is required and thus this code is only a proof-of-concept for the + time being. Contributed by Aaron Thompson. [GL #1763] + +- Message IDs in inbound AXFR transfers are now checked for + consistency. Log messages are emitted for streams with inconsistent + message IDs. [GL #1674] + +Bug Fixes +~~~~~~~~~ + +- A bug in dnstap initialization could prevent some dnstap data from + being logged, especially on recursive resolvers. [GL #1795] + +- When running on a system with support for Linux capabilities, + ``named`` drops root privileges very soon after system startup. This + was causing a spurious log message, *unable to set effective uid to + 0: Operation not permitted*, which has now been silenced. [GL #1042] + [GL #1090] + +- When ``named-checkconf -z`` was run, it would sometimes incorrectly + set its exit code. It reflected the status of the last view found; if + zone-loading errors were found in earlier configured views but not in + the last one, the exit code indicated success. Thanks to Graham + Clinch. [GL #1807] + +- When built without LMDB support, ``named`` failed to restart after a + zone with a double quote (") in its name was added with ``rndc + addzone``. Thanks to Alberto Fernández. [GL #1695] diff --git a/util/copyrights b/util/copyrights index 6b2e356143..e7a7acee61 100644 --- a/util/copyrights +++ b/util/copyrights @@ -1150,7 +1150,6 @@ ./doc/arm/logging-categories.rst RST 2020 ./doc/arm/managed-keys.rst RST 2020 ./doc/arm/manpages.rst RST 2020 -./doc/arm/notes-9.17.2.xml SGML 2020 ./doc/arm/notes.rst RST 2020 ./doc/arm/pkcs11.rst RST 2020 ./doc/arm/plugins.rst RST 2020 @@ -1249,6 +1248,7 @@ ./doc/misc/stub.zoneopt X 2018,2019,2020 ./doc/notes/notes-9.17.0.rst RST 2020 ./doc/notes/notes-9.17.1.rst RST 2020 +./doc/notes/notes-current.rst RST 2020 ./docutil/HTML_COPYRIGHT X 2001,2004,2016,2018,2019,2020 ./docutil/MAN_COPYRIGHT X 2001,2004,2016,2018,2019,2020 ./docutil/patch-db2latex-duplicate-template-bug X 2007,2018,2019,2020