From 78148b11f15b0a14e2bbfebaf93ce1d9c32f5c71 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Thu, 6 Nov 2025 19:24:45 +0100 Subject: [PATCH] Generate changelog for BIND 9.20.16 --- doc/arm/changelog.rst | 1 + doc/changelog/changelog-9.20.16.rst | 82 +++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 doc/changelog/changelog-9.20.16.rst diff --git a/doc/arm/changelog.rst b/doc/arm/changelog.rst index 2188280886..0f68889b60 100644 --- a/doc/arm/changelog.rst +++ b/doc/arm/changelog.rst @@ -18,6 +18,7 @@ Changelog development. Regular users should refer to :ref:`Release Notes ` for changes relevant to them. +.. include:: ../changelog/changelog-9.20.16.rst .. include:: ../changelog/changelog-9.20.15.rst .. include:: ../changelog/changelog-9.20.14.rst .. include:: ../changelog/changelog-9.20.13.rst diff --git a/doc/changelog/changelog-9.20.16.rst b/doc/changelog/changelog-9.20.16.rst new file mode 100644 index 0000000000..a35ab1523b --- /dev/null +++ b/doc/changelog/changelog-9.20.16.rst @@ -0,0 +1,82 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.20.16 +------------ + +Feature Changes +~~~~~~~~~~~~~~~ + +- Fix assertion failure from arc4random_uniform with invalid limit. + ``1040282de7e`` + + When the arc4random_uniform() is called on NetBSD with upper_bound + that makes no sense statistically (0 or 1), the call crashes the + calling program. Fix this by returning 0 when upper bound is < 2 as + does Linux, FreeBSD and NetBSD. (Hint: System CSPRNG should never + crash.) :gl:`#5596` :gl:`!11151` + +Bug Fixes +~~~~~~~~~ + +- Fix dnssec-keygen key collision checking for KEY rrtype keys. + ``ac8b23b80bf`` + + The :iscman:`dnssec-keygen` utility program failed to detect possible + Key ID collisions with the existing keys generated using the + non-default ``-T KEY`` option (e.g. for ``SIG(0)``). This has been + fixed. :gl:`#5506` :gl:`!11128` + +- Fix shutdown INSIST in dns_dispatchmgr_getblackhole. ``f0aaaef166c`` + + Previously, `named` could trigger an assertion in + `dns_dispatchmgr_getblackhole` while shutting down. This has been + fixed. :gl:`#5525` :gl:`!11162` + +- Dnssec-verify now uses exit code 1 when failing due to illegal + options. ``6ead0aa4a2b`` + + Previously, dnssec-verify exited with code 0 if the options could not + be parsed. This has been fixed. :gl:`#5574` :gl:`!11129` + +- Prevent assertion failures of dig when server is specified before the + -b option. ``deada63e2b2`` + + Previously, :iscman:`dig` could exit with an assertion failure when + the server was specified before the :option:`dig -b` option. This has + been fixed. :gl:`#5609` :gl:`!11204` + +- Skip unsupported algorithms when looking for signing key. + ``c346fe88a1b`` + + A mix of supported and unsupported DNSSEC algorithms in the same zone + could have caused validation failures. Ignore the DNSSEC keys with + unsupported algorithm when looking for the signing keys. :gl:`#5622` + :gl:`!11210` + +- Fix configuration bugs involving global defaults. ``a85d6fb581c`` + + The configuration code for the `max-cache-size`, `dnssec-validation`, + and `response-padding` options were unnecessarily complicated, and in + the case of `max-cache-size`, buggy. These have been fixed. The + `optionmaps` variable in `configure_view()` is no longer needed and + has been removed. :gl:`!11172` + +- Skip buffer allocations if not logging. ``4f601175bd0`` + + Currently, during IXFR we allocate a 2KB buffer for IXFR change + logging regardless of the log level. This commit introduces an early + check on the log level in dns_diff_print to avoid this. + + Results in a speedup from 28% in the test case from issue #5442. + :gl:`!11192` + +