From 43cf27d0c219b74cbd39c2b95f7ba2b681310e4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Fri, 5 Dec 2025 12:29:32 +0100 Subject: [PATCH 1/6] In dns_qpiter_{prev,next}, defer dereference_iter_node call dns_qpiter_{prev,next} requires the current iterator node to still be valid which might not always the case after dereference_iter_node was called. Currently, this is ensured via closeversion() mechanism, but it is not guaranteed to be true in the future. Move the call to dereference_iter_node to after the dns_qpiter_prev() and dns_qpiter_next() to prevent a possible use-after-free of the current iterator node. (cherry picked from commit 89478d95c39768793fa17dffaa2ca02cbd75f643) --- lib/dns/qpzone.c | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/lib/dns/qpzone.c b/lib/dns/qpzone.c index 2c59fb7f98..9b36982348 100644 --- a/lib/dns/qpzone.c +++ b/lib/dns/qpzone.c @@ -4384,6 +4384,9 @@ dbiterator_prev(dns_dbiterator_t *iterator DNS__DB_FLARG) { isc_result_t result; qpdb_dbiterator_t *qpdbiter = (qpdb_dbiterator_t *)iterator; qpzonedb_t *qpdb = (qpzonedb_t *)iterator->db; + qpznode_t *node = NULL; + isc_rwlocktype_t nlocktype = isc_rwlocktype_none; + isc_rwlock_t *nlock = NULL; REQUIRE(qpdbiter->node != NULL); @@ -4391,7 +4394,12 @@ dbiterator_prev(dns_dbiterator_t *iterator DNS__DB_FLARG) { return qpdbiter->result; } - dereference_iter_node(qpdbiter DNS__DB_FLARG_PASS); + /* + * Defer the release of the current node until we have the prev node + * from the QP tree. + */ + node = qpdbiter->node; + qpdbiter->node = NULL; result = dns_qpiter_prev(qpdbiter->current, NULL, (void **)&qpdbiter->node, NULL); @@ -4417,6 +4425,14 @@ dbiterator_prev(dns_dbiterator_t *iterator DNS__DB_FLARG) { } } + /* + * We have the prev node, we can release the previous current. + */ + nlock = &qpdb->buckets[node->locknum].lock; + NODE_RDLOCK(nlock, &nlocktype); + qpznode_release(qpdb, node, 0, &nlocktype DNS__DB_FLARG_PASS); + NODE_UNLOCK(nlock, &nlocktype); + if (result == ISC_R_SUCCESS) { reference_iter_node(qpdbiter DNS__DB_FLARG_PASS); } else { @@ -4432,6 +4448,9 @@ dbiterator_next(dns_dbiterator_t *iterator DNS__DB_FLARG) { isc_result_t result; qpdb_dbiterator_t *qpdbiter = (qpdb_dbiterator_t *)iterator; qpzonedb_t *qpdb = (qpzonedb_t *)iterator->db; + qpznode_t *node = NULL; + isc_rwlocktype_t nlocktype = isc_rwlocktype_none; + isc_rwlock_t *nlock = NULL; REQUIRE(qpdbiter->node != NULL); @@ -4439,7 +4458,12 @@ dbiterator_next(dns_dbiterator_t *iterator DNS__DB_FLARG) { return qpdbiter->result; } - dereference_iter_node(qpdbiter DNS__DB_FLARG_PASS); + /* + * Defer the release of the current node until we have the next node + * from the QP tree. + */ + node = qpdbiter->node; + qpdbiter->node = NULL; result = dns_qpiter_next(qpdbiter->current, NULL, (void **)&qpdbiter->node, NULL); @@ -4476,6 +4500,14 @@ dbiterator_next(dns_dbiterator_t *iterator DNS__DB_FLARG) { } } + /* + * We have the next node, we can release the previous current. + */ + nlock = &qpdb->buckets[node->locknum].lock; + NODE_RDLOCK(nlock, &nlocktype); + qpznode_release(qpdb, node, 0, &nlocktype DNS__DB_FLARG_PASS); + NODE_UNLOCK(nlock, &nlocktype); + if (result == ISC_R_SUCCESS) { reference_iter_node(qpdbiter DNS__DB_FLARG_PASS); } else { From eaa587ca309d38e5c65019ad02301a78398fe8b4 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Fri, 5 Dec 2025 14:25:02 +1100 Subject: [PATCH 2/6] In dbiterator_prev, dereference_iter_node was being called too soon dns_rbtnodechain_prev requires the current node to still be valid which was not always the case after dereference_iter_node was called. Move the call to dereference_iter_node to after the dns_rbtnodechain_prev to preserve the node. (cherry picked from commit b677d31fca2e54ca28318dd2b86e5cfe5bedb26c) --- lib/dns/rbtdb.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c index 5f99080ce3..0a90e216c4 100644 --- a/lib/dns/rbtdb.c +++ b/lib/dns/rbtdb.c @@ -4675,11 +4675,12 @@ dbiterator_prev(dns_dbiterator_t *iterator DNS__DB_FLARG) { resume_iteration(rbtdbiter); } - dereference_iter_node(rbtdbiter DNS__DB_FLARG_PASS); - name = dns_fixedname_name(&rbtdbiter->name); origin = dns_fixedname_name(&rbtdbiter->origin); result = dns_rbtnodechain_prev(rbtdbiter->current, name, origin); + + dereference_iter_node(rbtdbiter DNS__DB_FLARG_PASS); + if (rbtdbiter->current == &rbtdbiter->nsec3chain && (result == ISC_R_SUCCESS || result == DNS_R_NEWORIGIN)) { From 6222bf35fcf25498cc7fa24a67bcbdebe906e913 Mon Sep 17 00:00:00 2001 From: Andoni Duarte Pintado Date: Mon, 8 Dec 2025 12:24:33 +0100 Subject: [PATCH 3/6] Generate changelog for BIND 9.20.17 --- doc/arm/changelog.rst | 1 + doc/changelog/changelog-9.20.17.rst | 140 ++++++++++++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 doc/changelog/changelog-9.20.17.rst diff --git a/doc/arm/changelog.rst b/doc/arm/changelog.rst index 0f68889b60..3109532212 100644 --- a/doc/arm/changelog.rst +++ b/doc/arm/changelog.rst @@ -18,6 +18,7 @@ Changelog development. Regular users should refer to :ref:`Release Notes ` for changes relevant to them. +.. include:: ../changelog/changelog-9.20.17.rst .. include:: ../changelog/changelog-9.20.16.rst .. include:: ../changelog/changelog-9.20.15.rst .. include:: ../changelog/changelog-9.20.14.rst diff --git a/doc/changelog/changelog-9.20.17.rst b/doc/changelog/changelog-9.20.17.rst new file mode 100644 index 0000000000..e92eeb7f46 --- /dev/null +++ b/doc/changelog/changelog-9.20.17.rst @@ -0,0 +1,140 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.20.17 +------------ + +New Features +~~~~~~~~~~~~ + +- Add spatch to detect implicit bool/int/result cast. ``02be363d1f`` + + Detection of implicit cast from a boolean into an int, or an + isc_result_t into a boolean (either in an assignement or return + position). + + If such pattern is found, a warning comment is added into the code + (and the CI will fails) so the error can be spotted and manually + fixed. :gl:`!11237` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Use atomics for CMM_{LOAD,STORE}_SHARED with ThreadSanitizer. + ``94fa721705`` + + Upstream has removed the atomics implementation of CMM_LOAD_SHARED and + CMM_STORE_SHARED as these can be used also with non-stdatomics types. + As we only use the CMM api with stdatomics types, we can restore the + previous behaviour to prevent ThreadSanitizer warnings. :gl:`#5660` + :gl:`!11290` + +- Provide more information when the memory allocation fails. + ``6749725610`` + + Provide more information about the failure when the memory allocation + fails. :gl:`!11304` + +- Reduce the number of outgoing queries. ``457b470e96`` + + Reduces the number of outgoing queries when resolving the nameservers + for delegation points. This helps the DNS resolver with cold cache + resolve client queries with complex delegation chains and + redirections. :gl:`!11258` + +Bug Fixes +~~~~~~~~~ + +- Fix the spurious timeouts while resolving names. ``d96cf874fb`` + + Sometimes the loops in the resolving (e.g. to resolve or validate + ns1.example.com we need to resolve ns1.example.com) were not properly + detected leading to spurious 10 seconds delay. This has been fixed + and such loops are properly detected. :gl:`#3033`, #5578 :gl:`!11298` + +- Fix bug where zone switches from NSEC3 to NSEC after retransfer. + ``3b40ffbf83`` + + When a zone is re-transferred, but the zone journal on an + inline-signing secondary is out of sync, the zone could fall back to + using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527` + :gl:`!11274` + +- Attach socket before async streamdns_resume_processing. ``bb9451c73f`` + + Call to `streamdns_resume_processing` is asynchronous but the socket + passed as argument is not attached when scheduling the call. + + While there is no reproducible way (so far) to make the socket + reference number down to 0 before `streamdns_resume_processing` is + called, attach the socket before scheduling the call. This guard + against an hypothetic case where, for some reasons, the socket + refcount would reach 0, and be freed from memory when + `streamdns_resume_processing` is called. :gl:`#5620` :gl:`!11260` + +- AMTRELAY type 0 presentation format handling was wrong. ``adf104a063`` + + RFC 8777 specifies a placeholder value of "." for the gateway field + when the gateway type is 0 (no gateway). This was not being checked + for nor emitted when displaying the record. This has been corrected. + + Instances of this record will need the placeholder period added to + them when upgrading. :gl:`#5639` :gl:`!11255` + +- Fix parsing bug in remote-servers with key or tls. ``d9400c5967`` + + The :any:`remote-servers` clause enable the following pattern using a + named ``server-list``: + + remote-servers a { 1.2.3.4; ... }; remote-servers b { a key + foo; }; + + However, such configuration was wrongly rejected, with an "unexpected + token 'foo'" error. Such configuration is now accepted. :gl:`#5646` + :gl:`!11300` + +- Fix TLS contexts cache object usage bug in the resolver. + ``13adf94006`` + + :iscman:`named` could terminate unexpectedly when reconfiguring or + reloading, and if client-side TLS transport was in use (for example, + when forwarding queries to a DoT server). This has been fixed. + :gl:`#5653` :gl:`!11299` + +- Fix unitiailized pointer check on getipandkeylist. ``5ed0cf091b`` + + Function `named_config_getipandkeylist` could, in case of error in the + early code attempting to get the `port` or `tls-port`, make a pointer + check on a non-initialized value. This is now fixed. :gl:`!11306` + +- Standardize CHECK and RETERR macros. ``ef714e91ac`` + + previously, there were over 40 separate definitions of CHECK macros, + of which most used "goto cleanup", and the rest "goto failure" or + "goto out". there were another 10 definitions of RETERR, of which most + were identical to CHECK, but some simply returned a result code + instead of jumping to a cleanup label. + + this has now been standardized throughout the code base: RETERR is for + returning an error code in the case of an error, and CHECK is for + jumping to a cleanup tag, which is now always called "cleanup". both + macros are defined in isc/util.h. :gl:`!11069` + +- Adding NSEC3 opt-out records could leave invalid records in + chain. ``1d83a8ad46`` + + When creating an NSEC3 opt-out chain, a node in the chain could be + removed too soon, causing the previous NSEC3 being unable to be found, + resulting in invalid NSEC3 records to be left in the zone. This has + been fixed. + + Closes [#5671](#5671) + From f8aae784965b9c6034c7f1baa94a0b508f282839 Mon Sep 17 00:00:00 2001 From: Andoni Duarte Pintado Date: Mon, 8 Dec 2025 12:25:15 +0100 Subject: [PATCH 4/6] Prepare release notes for BIND 9.20.17 --- doc/arm/notes.rst | 1 + doc/notes/notes-9.20.17.rst | 82 +++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 doc/notes/notes-9.20.17.rst diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 1baca621d8..9a4c08ed5f 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -45,6 +45,7 @@ The list of known issues affecting the latest version in the 9.20 branch can be found at https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.20 +.. include:: ../notes/notes-9.20.17.rst .. include:: ../notes/notes-9.20.16.rst .. include:: ../notes/notes-9.20.15.rst .. include:: ../notes/notes-9.20.14.rst diff --git a/doc/notes/notes-9.20.17.rst b/doc/notes/notes-9.20.17.rst new file mode 100644 index 0000000000..f802b4052f --- /dev/null +++ b/doc/notes/notes-9.20.17.rst @@ -0,0 +1,82 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.20.17 +---------------------- + +Feature Changes +~~~~~~~~~~~~~~~ + +- Provide more information when the memory allocation fails. + + Provide more information about the failure when the memory allocation + fails. + +- Reduce the number of outgoing queries. + + Reduces the number of outgoing queries when resolving the nameservers + for delegation points. This helps the DNS resolver with cold cache + resolve client queries with complex delegation chains and + redirections. + +Bug Fixes +~~~~~~~~~ + +- Fix the spurious timeouts while resolving names. + + Sometimes the loops in the resolving (e.g. to resolve or validate + ns1.example.com we need to resolve ns1.example.com) were not properly + detected leading to spurious 10 seconds delay. This has been fixed + and such loops are properly detected. :gl:`#3033`, #5578 + +- Fix bug where zone switches from NSEC3 to NSEC after retransfer. + + When a zone is re-transferred, but the zone journal on an + inline-signing secondary is out of sync, the zone could fall back to + using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527` + +- AMTRELAY type 0 presentation format handling was wrong. + + RFC 8777 specifies a placeholder value of "." for the gateway field + when the gateway type is 0 (no gateway). This was not being checked + for nor emitted when displaying the record. This has been corrected. + + Instances of this record will need the placeholder period added to + them when upgrading. :gl:`#5639` + +- Fix parsing bug in remote-servers with key or tls. + + The :any:`remote-servers` clause enable the following pattern using a + named ``server-list``: + + remote-servers a { 1.2.3.4; ... }; remote-servers b { a key + foo; }; + + However, such configuration was wrongly rejected, with an "unexpected + token 'foo'" error. Such configuration is now accepted. :gl:`#5646` + +- Fix TLS contexts cache object usage bug in the resolver. + + :iscman:`named` could terminate unexpectedly when reconfiguring or + reloading, and if client-side TLS transport was in use (for example, + when forwarding queries to a DoT server). This has been fixed. + :gl:`#5653` + +- Adding NSEC3 opt-out records could leave invalid records in + chain. + + When creating an NSEC3 opt-out chain, a node in the chain could be + removed too soon, causing the previous NSEC3 being unable to be found, + resulting in invalid NSEC3 records to be left in the zone. This has + been fixed. + + Closes [#5671](#5671) + From 78089dba2f97fdb5972f4612517f3c896a67f507 Mon Sep 17 00:00:00 2001 From: Andoni Duarte Pintado Date: Mon, 8 Dec 2025 13:09:42 +0100 Subject: [PATCH 5/6] Tweak and reword release notes --- doc/notes/notes-9.20.17.rst | 78 ++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 40 deletions(-) diff --git a/doc/notes/notes-9.20.17.rst b/doc/notes/notes-9.20.17.rst index f802b4052f..c504cf77cc 100644 --- a/doc/notes/notes-9.20.17.rst +++ b/doc/notes/notes-9.20.17.rst @@ -15,68 +15,66 @@ Notes for BIND 9.20.17 Feature Changes ~~~~~~~~~~~~~~~ -- Provide more information when the memory allocation fails. - - Provide more information about the failure when the memory allocation - fails. - - Reduce the number of outgoing queries. - Reduces the number of outgoing queries when resolving the nameservers - for delegation points. This helps the DNS resolver with cold cache + Reduce the number of outgoing queries when resolving the nameservers + for delegation points. This helps a DNS resolver with a cold cache resolve client queries with complex delegation chains and - redirections. + redirections. :gl:`!11148` + +- Provide more information when memory allocation fails. + + BIND now provides more information about the failure when memory allocation + fails. :gl:`!11272` Bug Fixes ~~~~~~~~~ -- Fix the spurious timeouts while resolving names. +- Adding NSEC3 opt-out records could leave invalid records in chain. - Sometimes the loops in the resolving (e.g. to resolve or validate - ns1.example.com we need to resolve ns1.example.com) were not properly - detected leading to spurious 10 seconds delay. This has been fixed - and such loops are properly detected. :gl:`#3033`, #5578 + When creating an NSEC3 opt-out chain, a node in the chain could be + removed too soon. The previous NSEC3 would therefore not be found, + resulting in invalid NSEC3 records being left in the zone. This has + been fixed. :gl:`#5671` + +- Fix spurious timeouts while resolving names. + + Sometimes, loops in the resolving process (e.g., to resolve or validate + ``ns1.example.com``, we need to resolve ``ns1.example.com``) were not properly + detected, leading to a spurious 10-second delay. This has been fixed, + and such loops are properly detected. :gl:`#3033` :gl:`#5578` - Fix bug where zone switches from NSEC3 to NSEC after retransfer. - When a zone is re-transferred, but the zone journal on an - inline-signing secondary is out of sync, the zone could fall back to + When a zone was re-transferred but the zone journal on an + inline-signing secondary was out of sync, the zone could fall back to using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527` -- AMTRELAY type 0 presentation format handling was wrong. +- ``AMTRELAY`` type 0 presentation format handling was wrong. - RFC 8777 specifies a placeholder value of "." for the gateway field - when the gateway type is 0 (no gateway). This was not being checked - for nor emitted when displaying the record. This has been corrected. + :rfc:`8777` specifies a placeholder value of ``.`` for the gateway field + when the gateway type is 0 (no gateway). This was not being checked + for, nor was it emitted when displaying the record. This has been corrected. Instances of this record will need the placeholder period added to them when upgrading. :gl:`#5639` -- Fix parsing bug in remote-servers with key or tls. +- Fix parsing bug in :any:`remote-servers` with key or TLS. - The :any:`remote-servers` clause enable the following pattern using a - named ``server-list``: + The :any:`remote-servers` clause enables the following pattern using a + named ``server-list``:: - remote-servers a { 1.2.3.4; ... }; remote-servers b { a key - foo; }; + remote-servers a { 1.2.3.4; ... }; + remote-servers b { a key foo; }; - However, such configuration was wrongly rejected, with an "unexpected - token 'foo'" error. Such configuration is now accepted. :gl:`#5646` + However, such a configuration was wrongly rejected, with an ``unexpected + token 'foo'`` error. This configuration is now accepted. :gl:`#5646` -- Fix TLS contexts cache object usage bug in the resolver. +- Fix DoT reconfigure/reload bug in the resolver. - :iscman:`named` could terminate unexpectedly when reconfiguring or - reloading, and if client-side TLS transport was in use (for example, - when forwarding queries to a DoT server). This has been fixed. + If client-side TLS transport was in use (for example, when + forwarding queries to a DoT server), :iscman:`named` could + terminate unexpectedly when reconfiguring or reloading. This + has been fixed. :gl:`#5653` -- Adding NSEC3 opt-out records could leave invalid records in - chain. - - When creating an NSEC3 opt-out chain, a node in the chain could be - removed too soon, causing the previous NSEC3 being unable to be found, - resulting in invalid NSEC3 records to be left in the zone. This has - been fixed. - - Closes [#5671](#5671) - From 00545e4375e80c72366c57e16f5d6acaaa365a77 Mon Sep 17 00:00:00 2001 From: Andoni Duarte Pintado Date: Thu, 11 Dec 2025 12:28:49 +0100 Subject: [PATCH 6/6] Update BIND version for release --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 40c42e00c5..c6a10f6a85 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 20)dnl m4_define([bind_VERSION_PATCH], 17)dnl -m4_define([bind_VERSION_EXTRA], -dev)dnl +m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Stable Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl