[9.20] chg: doc: Track changes in separate files

Keep the changelog for each version in a separate source file to avoid
rebase conflicts when handling the -S version.

---

Related !9549 

Closes #4946

Merge branch 'nicki/reorganize-changelog-docfiles-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9550

contrib/gitchangelog/changelog.rc.py

@@ -291,12 +291,7 @@ include_merge = True
 #     r'/(?P<rev>[0-9]+\.[0-9]+(\.[0-9]+)?)\s+\([0-9]+-[0-9]{2}-[0-9]{2}\)\n--+\n/',
 #     idx=lambda m: m.start(1)
 # )
-# publish = stdout
-publish = FileInsertAtFirstRegexMatch(
-    "doc/arm/changelog.rst",
-    r"for changes relevant to them.\n\n",
-    idx=lambda m: m.end(0),
-)
+publish = stdout
 
 
 ## ``revs`` is a list of callable or a list of string

doc/arm/Makefile.am

@@ -66,6 +66,7 @@ EXTRA_DIST =					\
 	_ext/namedconf.py			\
 	_ext/rndcconf.py			\
 	_static/custom.css			\
+	../changelog/*.rst			\
 	../dnssec-guide				\
 	../misc/options				\
 	../misc/rndc.grammar			\

doc/changelog/changelog-9.20.1.rst

@@ -0,0 +1,268 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+BIND 9.20.1
+-----------
+
+New Features
+~~~~~~~~~~~~
+
+- Tighten 'max-recursion-queries' and add 'max-query-restarts' option.
+  ``42e70b0f0e``
+
+  There were cases in resolver.c when the `max-recursion-queries` quota
+  was ineffective. It was possible to craft zones that would cause a
+  resolver to waste resources by sending excessive queries while
+  attempting to resolve a name. This has been addressed by correcting
+  errors in the implementation of `max-recursion-queries`, and by
+  reducing the default value from 100 to 32.
+
+  In addition, a new `max-query-restarts` option has been added which
+  limits the number of times a recursive server will follow CNAME or
+  DNAME records before terminating resolution. This was previously a
+  hard-coded limit of 16, and now defaults to 11.   :gl:`#4741`
+  :gl:`!9282`
+
+- Implement rndc retransfer -force. ``008bfb6249``
+
+  A new optional argument '-force' has been added to the command channel
+  command 'rndc retransfer'. When it is specified, named aborts the
+  ongoing zone transfer (if there is one), and starts a new transfer.
+  :gl:`#2299` :gl:`!9219`
+
+- Generate changelog from git log. ``cf60eb2738``
+
+  Use a single source of truth, the git log, to generate the list of
+  CHANGES. Use the .rst format and include it in the ARM for a quick
+  reference with proper gitlab links to issues and merge requests.
+  :gl:`#75` :gl:`!9180`
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- Call rcu_barrier() in the isc_mem_destroy() just once. ``e00b13ac6e``
+
+  The previous work in this area was led by the belief that we might be
+  calling call_rcu() from within call_rcu() callbacks.  After carefully
+  checking all the current callback, it became evident that this is not
+  the case and the problem isn't enough rcu_barrier() calls, but
+  something entirely else.
+
+  Call the rcu_barrier() just once as that's enough and the multiple
+  rcu_barrier() calls will not hide the real problem anymore, so we can
+  find it. :gl:`!9247`
+
+- Don't open route socket if we don't need it. ``4f369af51e``
+
+  When automatic-interface-scan is disabled, the route socket was still
+  being opened. Add new API to connect / disconnect from the route
+  socket only as needed.
+
+  Additionally, move the block that disables periodic interface rescans
+  to a place where it actually have access to the configuration values.
+  Previously, the values were being checked before the configuration was
+  loaded. :gl:`!9239`
+
+- Allow shorter resolver-query-timeout configuration. ``840e56a979``
+
+  The minimum allowed value of 'resolver-query-timeout' was lowered to
+  301 milliseconds instead of the earlier 10000 milliseconds (which is
+  the default). As earlier, values less than or equal to 300 are
+  converted to seconds before applying the limit. :gl:`#4320`
+  :gl:`!9220`
+
+- Replace `#define DNS_GETDB_` with struct of bools. ``6d1fdb8505``
+
+  Replace `#define DNS_GETDB_` with struct of bools to make it easier to
+  pretty-print the attributes in a debugger. :gl:`#4559` :gl:`!9205`
+
+- Fix data race in clean_finds_at_name. ``be1e649974``
+
+  Stop updating `find.result_v4` and `find.result_v4` in
+  `clean_finds_at_name`. The values are supposed to be
+  static. :gl:`#4118` :gl:`!9197`
+
+Bug Fixes
+~~~~~~~~~
+
+- Reconfigure catz member zones during named reconfiguration.
+  ``9a0c59c89a``
+
+  During a reconfiguration named wasn't reconfiguring catalog zones'
+  member zones. This has been fixed. :gl:`#4733`
+
+- Disassociate the SSL object from the cached SSL_SESSION.
+  ``54b24fb015``
+
+  When the SSL object was destroyed, it would invalidate all SSL_SESSION
+  objects including the cached, but not yet used, TLS session objects.
+
+  Properly disassociate the SSL object from the SSL_SESSION before we
+  store it in the TLS session cache, so we can later destroy it without
+  invalidating the cached TLS sessions. :gl:`#4834` :gl:`!9274`
+
+- Attach/detach to the listening child socket when accepting TLS.
+  ``24ac7a7cd2``
+
+  When TLS connection (TLSstream) connection was accepted, the children
+  listening socket was not attached to sock->server and thus it could
+  have been freed before all the accepted connections were actually
+  closed.
+
+  In turn, this would cause us to call isc_tls_free() too soon - causing
+  cascade errors in pending SSL_read_ex() in the accepted connections.
+
+  Properly attach and detach the children listening socket when
+  accepting and closing the server connections. :gl:`#4833` :gl:`!9273`
+
+- Fix --enable-tracing build on systems without dtrace. ``d8d49c9340``
+
+  Missing file util/dtrace.sh prevented builds on system without dtrace
+  utility. This has been corrected.
+
+- Make hypothesis optional for system tests. ``c5f1cb8a04``
+
+  Ensure that system tests can be executed without Python hypothesis
+  package. :gl:`#4831` :gl:`!9267`
+
+- Dig now reports missing query section for opcode QUERY. ``b277a6f1f0``
+
+  Query responses should contain the question section with some
+  exceptions.  Dig was not reporting this. :gl:`#4808` :gl:`!9269`
+
+- Fix assertion failure in the glue cache. ``f8a0c0bed6``
+
+  Fix an assertion failure that could happen as a result of data race
+  between free_gluetable() and addglue() on the same headers.
+  :gl:`#4691` :gl:`!9256`
+
+- Don't use 'create' flag unnecessarily in findnode() ``4281aaab45``
+
+  when searching the cache for a node so that we can delete an rdataset,
+  it isn't necessary to set the 'create' flag. if the node doesn't exist
+  yet, we won't be able to delete anything from it anyway. :gl:`!9253`
+
+- Raise the log level of priming failures. ``074c7cc12c``
+
+  When a priming query is complete, it's currently logged at level
+  ISC_LOG_DEBUG(1), regardless of success or failure. We are now raising
+  it to ISC_LOG_NOTICE in the case of failure. [GL #3516] :gl:`#3516`
+  :gl:`!9250`
+
+- Fix assertion failure when checking named-checkconf version.
+  ``42e84e4b97``
+
+  Checking the version of `named-checkconf` would end with assertion
+  failure.  This has been fixed. :gl:`#4827` :gl:`!9246`
+
+- Valid TSIG signatures with invalid time cause crash. ``2438db2eae``
+
+  An assertion failure triggers when the TSIG has valid cryptographic
+  signature, but the time is invalid. This can happen when the times
+  between the primary and secondary servers are not synchronised.
+  :gl:`#4811` :gl:`!9245`
+
+- Don't skip the counting if fcount_incr() is called with force==true.
+  ``9cd2880a82``
+
+  The fcount_incr() was incorrectly skipping the accounting for the
+  fetches-per-zone if the force argument was set to true. We want to
+  skip the accounting only when the fetches-per-zone is completely
+  disabled, but for individual names we need to do the accounting even
+  if we are forcing the result to be success. :gl:`#4786` :gl:`!9241`
+
+- Don't skip the counting if fcount_incr() is called with force==true
+  (v2) ``1db5c6a0d3``
+
+  The fcount_incr() was not increasing counter->count when force was set
+  to true, but fcount_decr() would try to decrease the counter leading
+  to underflow and assertion failure.  Swap the order of the arguments
+  in the condition, so the !force is evaluated after incrementing the
+  .count. :gl:`#4846` :gl:`!9299`
+
+
+- Fix PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP usage.
+  ``46caf5f4a4``
+
+  The PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP are
+  usually not defines, but enum values, so simple preprocessor check
+  doesn't work.
+
+  Check for PTHREAD_MUTEX_ADAPTIVE_NP from the autoconf
+  AS_COMPILE_IFELSE block and define HAVE_PTHREAD_MUTEX_ADAPTIVE_NP.
+  This should enable adaptive mutex on Linux and FreeBSD.
+
+  As PTHREAD_MUTEX_ERRORCHECK actually comes from POSIX and Linux glibc
+  does define it when compatibility macros are being set, we can just
+  use PTHREAD_MUTEX_ERRORCHECK instead of PTHREAD_MUTEX_ERRORCHECK_NP.
+  :gl:`!9240`
+
+- Remove extra newline from yaml output. ``53738634c3``
+
+  I split this into two commits, one for the actual newline removal, and
+  one for issues I found, ruining the yaml output when some errors were
+  outputted.
+
+- CID 498025 and CID 498031: Overflowed constant INTEGER_OVERFLOW.
+  ``b6298b394e``
+
+  Add INSIST to fail if the multiplication would cause the variables to
+  overflow. :gl:`#4798` :gl:`!9229`
+
+- Remove unnecessary operations. ``067f87f158``
+
+  Decrementing optlen immediately before calling continue is unneccesary
+  and inconsistent with the rest of dns_message_pseudosectiontoyaml and
+  dns_message_pseudosectiontotext.  Coverity was also reporting an
+  impossible false positive overflow of optlen (CID 499061). :gl:`!9223`
+
+- Fix generation of 6to4-self name expansion from IPv4 address.
+  ``00ce93a69c``
+
+  The period between the most significant nibble of the encoded IPv4
+  address and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the
+  wrong name being checked. Add system test for 6to4-self
+  implementation. :gl:`#4766` :gl:`!9217`
+
+- Fix false QNAME minimisation error being reported. ``fb07c38697``
+
+  Remove the false positive "success resolving" log message when QNAME
+  minimisation is in effect and the final result is NXDOMAIN.
+  :gl:`#4784` :gl:`!9215`
+
+- Dig +yaml was producing unexpected and/or invalid YAML output.
+  ``a42afbce2e``
+
+  :gl:`#4796` :gl:`!9213`
+
+- SVBC alpn text parsing failed to reject zero length alpn.
+  ``1a1413ff59``
+
+  :gl:`#4775` :gl:`!9209`
+
+- Return SERVFAIL for a too long CNAME chain. ``d7e5f7903d``
+
+  When cutting a long CNAME chain, named was returning NOERROR  instead
+  of SERVFAIL (alongside with a partial answer). This has been fixed.
+  :gl:`#4449` :gl:`!9203`
+
+- Properly calculate the amount of system memory. ``c63b7fad49``
+
+  On 32 bit machines isc_meminfo_totalphys could return an incorrect
+  value. :gl:`#4799` :gl:`!9199`
+
+- Update key lifetime and metadata after dnssec-policy reconfig.
+  ``a5f554959e``
+
+  Adjust key state and timing metadata if dnssec-policy key lifetime
+  configuration is updated, so that it also affects existing keys.
+  :gl:`#4677` :gl:`!9191`
+

doc/changelog/changelog-9.20.2.rst

@@ -0,0 +1,234 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+BIND 9.20.2
+-----------
+
+New Features
+~~~~~~~~~~~~
+
+- Support for Offline KSK implemented. ``3555094a686``
+
+  Add a new configuration option `offline-ksk` to enable Offline KSK key
+  management. Signed Key Response (SKR) files created with `dnssec-ksr`
+  (or other program) can now be imported into `named` with the new `rndc
+  skr -import` command. Rather than creating new DNSKEY, CDS and CDNSKEY
+  records and generating signatures covering these types, these records
+  are loaded from the currently active bundle from the imported SKR.
+
+  The implementation is loosely based on:
+  https://www.iana.org/dnssec/archive/files/draft-icann-dnssec-
+  keymgmt-01.txt :gl:`#1128` :gl:`!9389`
+
+- Print the full path of the working directory in startup log messages.
+  ``1c8eeafffb0``
+
+  named now prints its initial working directory during startup and the
+  changed working directory when loading or reloading its configuration
+  file if it has a valid 'directory' option defined. :gl:`#4731`
+  :gl:`!9372`
+
+- Support restricted key tag range when generating new keys.
+  ``d0899632635``
+
+  It is useful when multiple signers are being used to sign a zone to
+  able to specify a restricted range of range of key tags that will be
+  used by an operator to sign the zone.  This adds controls to named
+  (dnssec-policy), dnssec-signzone, dnssec-keyfromlabel and dnssec-ksr
+  (dnssec-policy) to specify such ranges. :gl:`#4830` :gl:`!9396`
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- Exempt prefetches from the fetches-per-zone and fetches-per-server
+  quotas. ``5e78cade523``
+
+  Fetches generated automatically as a result of 'prefetch' are now
+  exempt from the 'fetches-per-zone' and 'fetches-per-server' quotas.
+  This should help in maintaining the cache from which query responses
+  can be given. :gl:`#4219` :gl:`!9420`
+
+- Restore the ability to select individual unit tests. ``cfac05cc966``
+
+  This adds the command line arguments: `-d` (debug), `-l` (list tests)
+  and `-t test` (run this test) to the unit tests, e.g.:
+
+  .. code::
+
+     % ./rdata_test -t zonemd
+     [==========] selected:
+     Running 1 test(s).
+     [ RUN      ] zonemd
+     [       OK ] zonemd
+     [==========] selected: 1 test(s) run.
+     [  PASSED  ] 1 test(s).
+     %
+
+  :gl:`#4579` :gl:`!9385`
+
+- Process also the ISC_R_CANCELED result code in rpz_rewrite()
+  ``eb2e0991e1a``
+
+  Log canceled resolver queries (e.g. when shutting down a hung fetch)
+  in DEBUG3 level instead of DEBUG1 which is used for the "unrecognized"
+  result codes. :gl:`#4797` :gl:`!9347`
+
+- Remove code to read and parse /proc/net/if_inet6 on Linux.
+  ``e3cc5034ab0``
+
+  The getifaddr() works fine for years, so we don't have to keep the
+  callback to parse /proc/net/if_inet6 anymore. :gl:`#4852` :gl:`!9341`
+
+- Use seteuid()/setegid() instead of setreseuid()/setresgid()
+  ``1127b2b3d16``
+
+  It looks like that all supported systems now have support for
+  _POSIX_SAVED_IDS, so it's safe to use setegid() and setegid() because
+  those will not change saved used/group IDs. :gl:`#4862` :gl:`!9371`
+
+- Follow the number of CPU set by taskset/cpuset. ``ce3209b1dcf``
+
+  Administrators may wish to constrain the set of cores that BIND 9 runs
+  on via the 'taskset', 'cpuset' or 'numactl' programs (or equivalent on
+  other O/S).
+
+  If the admin has used taskset, the `named` will now follow to
+  automatically use the given number of CPUs rather than the system wide
+  count. :gl:`#4884` :gl:`!9442`
+
+- Double the number of threadpool threads. ``cfdded46676``
+
+  Introduce this temporary workaround to reduce the impact of long-
+  running tasks in offload threads which can block the resolution of
+  queries. :gl:`#4898`
+
+Bug Fixes
+~~~~~~~~~
+
+- Delay release of root privileges until after configuring controls.
+  ``0b7eb9d7a90``
+
+  Delay relinquishing root privileges until the control channel has been
+  configured, for the benefit of systems that require root to use
+  privileged port numbers.  This mostly affects systems without fine-
+  grained privilege systems (i.e., other than Linux). :gl:`#4793`
+  :gl:`!9444`
+
+- Fix the assertion failure in the isc_hashmap iterator. ``92e54fa9b7f``
+
+  When the round robin hashing reorders the map entries on deletion, we
+  were adjusting the iterator table size only when the reordering was
+  happening at the internal table boundary.  The iterator table size had
+  to be reduced by one to prevent seeing the entry that resized on
+  position [0] twice because it migrated to [iter->size - 1] position.
+
+  However, the same thing could happen when the same entry migrates a
+  second time from [iter->size - 1] to [iter->size - 2] position (and so
+  on) because the check that we are manipulating the entry just in the
+  [0] position was insufficient.  Instead of checking the position [pos
+  == 0], we now check that the [pos % iter->size == 0], thus ignoring
+  all the entries that might have moved back to the end of the internal
+  table. :gl:`#4838` :gl:`!9310`
+
+- Add -Wno-psabi to CFLAGS for x86 (32-bit) builds. ``9f2061e31eb``
+
+  GCC 11.1+ emits a note during compilation when there are 64-bit atomic
+  fields in a structure, because it fixed a compiler bug by changing the
+  alignment of such fields, which caused ABI change.
+
+  Add -Wno-psabi to CFLAGS for such builds in order to silence the
+  warning. That shouldn't be a problem since we don't expose our
+  structures to the outside. :gl:`#4841` :gl:`!9322`
+
+- Check if logconfig is NULL before using it in isc_log_doit()
+  ``11cb3767256``
+
+  Check if 'lctx->logconfig' is NULL before using it in isc_log_doit(),
+  because it's possible that isc_log_destroy() was already called, e.g.
+  when a 'call_rcu' function wants to log a message during shutdown.
+  :gl:`#4842` :gl:`!9323`
+
+- Change the NS_PER_SEC (and friends) from enum to static const.
+  ``91cecebf4c6``
+
+  New version of clang (19) has introduced a stricter checks when mixing
+  integer (and float types) with enums.  In this case, we used enum {}
+  as C17 doesn't have constexpr yet.  Change the time conversion
+  constants to be static const unsigned int instead of enum values.
+  :gl:`#4845` :gl:`!9339`
+
+- Check the result of dirfd() before calling unlinkat() ``335796f32a1``
+
+  Instead of directly using the result of dirfd() in the unlinkat()
+  call, check whether the returned file descriptor is actually valid.
+  That doesn't really change the logic as the unlinkat() would fail with
+  invalid descriptor anyway, but this is cleaner and will report the
+  right error returned directly by dirfd() instead of EBADF from
+  unlinkat(). :gl:`#4853` :gl:`!9343`
+
+- Fix rare assertion failure when shutting down incoming transfer.
+  ``02d4755cc31``
+
+  A very rare assertion failure can be triggered when the incoming
+  transfer is either forcefully shut down or it is finished during
+  printing the details about the statistics channel.  This has been
+  fixed. :gl:`#4860` :gl:`!9377`
+
+- Fix the resesuid() shim implementation for NetBSD. ``d959c035e89``
+
+  The shim implementation of setresuid() was wrong - there was a copy
+  and paste error and it was calling setresgid() instead.  This only
+  affects NetBSD because Linux, FreeBSD and OpenBSD have setresuid() and
+  setresgid() implementation available from the system library.
+  :gl:`#4862` :gl:`!9361`
+
+- Fix algoritm rollover bug when there are two keys with the same
+  keytag. ``2f2003c55d4``
+
+  If there is an algorithm rollover and two keys of different algorithm
+  share the same keytags, then there is a possibility that if we check
+  that a key matches a specific state, we are checking against the wrong
+  key. This has been fixed by not only checking for matching key tag but
+  also key algorithm. :gl:`#4878` :gl:`!9393`
+
+- Stop using malloc_usable_size and malloc_size. ``1b7fa52d8ff``
+
+  The `malloc_usable_size()` can return size larger than originally
+  allocated and when these sizes disagree the fortifier enabled by
+  `_FORTIFY_SOURCE=3` detects overflow and stops the `named` execution
+  abruptly.  Stop using these convenience functions as they are primary
+  used for introspection-only. :gl:`#4880` :gl:`!9418`
+
+- Preserve statement tag order in documentation. ``57a9e3da00c``
+
+  This supports bit-for-bit reproducibility of built documentation.
+  :gl:`#4886` :gl:`!9408`
+
+- Fix an assertion failure in validate_dnskey_dsset_done()
+  ``870f0be27eb``
+
+  Under rare circumstances, named could terminate unexpectedly when
+  validating a DNSKEY resource record if the validation was canceled in
+  the meantime. This has been fixed. :gl:`#4911`
+
+- Silence all warnings that stem from the default config.
+  ``dde38470476``
+
+  As we now setup the logging very early, parsing the default config
+  would always print warnings about experimental (and possibly
+  deprecated) options in the default config.  This would even mess with
+  commands like `named -V` and it is also wrong to warn users about
+  using experimental options in the default config, because they can't
+  do anything about this.  Add CFG_PCTX_NODEPRECATED and
+  CFG_PCTX_NOEXPERIMENTAL options that we can pass to cfg parser and
+  silence the early warnings caused by using experimental options in the
+  default config. :gl:`!9305`
+