From ef0d78c09d4f5af592169495460c1d947daaf23f Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 31 Mar 2026 17:51:50 +0200 Subject: [PATCH 1/4] Generate changelog for BIND 9.18.48 --- doc/arm/changelog.rst | 1 + doc/changelog/changelog-9.18.48.rst | 94 +++++++++++++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100644 doc/changelog/changelog-9.18.48.rst diff --git a/doc/arm/changelog.rst b/doc/arm/changelog.rst index d23f225532..7100beb402 100644 --- a/doc/arm/changelog.rst +++ b/doc/arm/changelog.rst @@ -18,6 +18,7 @@ Changelog development. Regular users should refer to :ref:`Release Notes ` for changes relevant to them. +.. include:: ../changelog/changelog-9.18.48.rst .. include:: ../changelog/changelog-9.18.47.rst .. include:: ../changelog/changelog-9.18.46.rst .. include:: ../changelog/changelog-9.18.45.rst diff --git a/doc/changelog/changelog-9.18.48.rst b/doc/changelog/changelog-9.18.48.rst new file mode 100644 index 0000000000..a875c6a9ed --- /dev/null +++ b/doc/changelog/changelog-9.18.48.rst @@ -0,0 +1,94 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.18.48 +------------ + +Security Fixes +~~~~~~~~~~~~~~ + +- Fix crash when reconfiguring zone update policy during active updates. + ``2eaf84497ac`` + + Fixed a crash that could occur when running rndc reconfig to change a + zone's update policy (e.g., from allow-update to update-policy) while + DNS UPDATE requests were being processed for that zone. + + ISC would like to thank Vitaly Simonovich for bringing this issue to + our attention. :gl:`#5817` :gl:`!11739` + +New Features +~~~~~~~~~~~~ + +- Add MOVE_OWNERSHIP() macro for transferring pointer ownership. + ``d783ac4a476`` + + A helper macro that returns the current value of a pointer and sets it + to NULL in one expression, useful for transferring ownership in + designated initializers. :gl:`!11737` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Exclude named.args.j2 and system test README files from license header + checks. ``ce0d28d19cd`` + + Exclude named.args.j2 files from license header checks so named.args + can be generated from Jinja templates. Also exclude system test README + files from the license header checks. :gl:`!11697` + +- Use underscore for system test names. ``2dd5b2b90e9`` + + Change the convention for system test directory names to always use an + underscore rather than a hyphen. Names using underscore are valid + python package names and can be used with standard `import` facilities + in python, which allows easier code reuse. :gl:`!11712` + +Bug Fixes +~~~~~~~~~ + +- Clear errno correctly. ``3f7f8293069`` + + Zero errno before calling strtol. :gl:`#5773` :gl:`!11704` + +- Fix a crash triggered by rndc modzone on zone from configuration file. + ``0ac37a399a7`` + + Calling `rndc modzone` on a zone that was configured in the + configuration file caused a crash. This has been fixed. + + ISC would like to thank Nathan Reilly for reporting this. :gl:`#5800` + :gl:`!11699` + +- Fix OpenSSL 4 compatibility issue when calling X509_get_subject_name() + ``cd11dd6cf34`` + + Starting from OpenSSL 4 the the X509_get_subject_name() function + returns a 'const' pointer to a name instead of a regular pointer. + Duplicate the name before operating on it, then free it. :gl:`#5807` + :gl:`!11693` + +- Fix a crash triggered by rndc modzone on zone that already existed in + NZF file. ``a0bfbe9a765`` + + Calling `rndc modzone` didn't work properly for a zone hat was + configured in the configuration file. It could crash if BIND 9 was + built without LMDB or if there was already an NZF file for the zone. + In addition, `rndc modzone` failed in subsequent attempts. These + problems are now fixed. :gl:`#5826` :gl:`!11746` + +- Fix data race on fctx->vresult in validated() ``5b7c54ae01d`` + + Move the write to fctx->vresult after LOCK(&fctx->lock). The field + was being set before acquiring the lock, but dns_resolver_logfetch() + reads it under the same lock from another thread. :gl:`!11722` + + From 47ccfa2e63d924fe8f7f3decfb4001f7d0e30732 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 31 Mar 2026 17:52:28 +0200 Subject: [PATCH 2/4] Prepare release notes for BIND 9.18.48 --- doc/arm/notes.rst | 1 + doc/notes/notes-9.18.48.rst | 46 +++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 doc/notes/notes-9.18.48.rst diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index fe5d4d28ef..8f069eab60 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -45,6 +45,7 @@ The list of known issues affecting the latest version in the 9.18 branch can be found at https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.18 +.. include:: ../notes/notes-9.18.48.rst .. include:: ../notes/notes-9.18.47.rst .. include:: ../notes/notes-9.18.46.rst .. include:: ../notes/notes-9.18.45.rst diff --git a/doc/notes/notes-9.18.48.rst b/doc/notes/notes-9.18.48.rst new file mode 100644 index 0000000000..537fcbf395 --- /dev/null +++ b/doc/notes/notes-9.18.48.rst @@ -0,0 +1,46 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.18.48 +---------------------- + +Security Fixes +~~~~~~~~~~~~~~ + +- Fix crash when reconfiguring zone update policy during active updates. + + Fixed a crash that could occur when running rndc reconfig to change a + zone's update policy (e.g., from allow-update to update-policy) while + DNS UPDATE requests were being processed for that zone. + + ISC would like to thank Vitaly Simonovich for bringing this issue to + our attention. :gl:`#5817` + +Bug Fixes +~~~~~~~~~ + +- Fix a crash triggered by rndc modzone on zone from configuration file. + + Calling `rndc modzone` on a zone that was configured in the + configuration file caused a crash. This has been fixed. + + ISC would like to thank Nathan Reilly for reporting this. :gl:`#5800` + +- Fix a crash triggered by rndc modzone on zone that already existed in + NZF file. + + Calling `rndc modzone` didn't work properly for a zone hat was + configured in the configuration file. It could crash if BIND 9 was + built without LMDB or if there was already an NZF file for the zone. + In addition, `rndc modzone` failed in subsequent attempts. These + problems are now fixed. :gl:`#5826` + + From 9ff5835ddc89e04cb3ccad21ee8641bc3422b24a Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 31 Mar 2026 12:14:13 +0200 Subject: [PATCH 3/4] Tweak and reword release notes --- doc/notes/notes-9.18.48.rst | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/doc/notes/notes-9.18.48.rst b/doc/notes/notes-9.18.48.rst index 537fcbf395..283ec33980 100644 --- a/doc/notes/notes-9.18.48.rst +++ b/doc/notes/notes-9.18.48.rst @@ -17,9 +17,10 @@ Security Fixes - Fix crash when reconfiguring zone update policy during active updates. - Fixed a crash that could occur when running rndc reconfig to change a - zone's update policy (e.g., from allow-update to update-policy) while - DNS UPDATE requests were being processed for that zone. + We fixed a crash that could occur when running :option:`rndc reconfig` + to change a zone's update policy (e.g., from :any:`allow-update` to + :any:`update-policy`) while DNS UPDATE requests were being processed + for that zone. ISC would like to thank Vitaly Simonovich for bringing this issue to our attention. :gl:`#5817` @@ -27,20 +28,16 @@ Security Fixes Bug Fixes ~~~~~~~~~ -- Fix a crash triggered by rndc modzone on zone from configuration file. +- Fix a crash triggered by :option:`rndc modzone` on a zone from a + configuration file. - Calling `rndc modzone` on a zone that was configured in the - configuration file caused a crash. This has been fixed. - - ISC would like to thank Nathan Reilly for reporting this. :gl:`#5800` - -- Fix a crash triggered by rndc modzone on zone that already existed in - NZF file. - - Calling `rndc modzone` didn't work properly for a zone hat was - configured in the configuration file. It could crash if BIND 9 was - built without LMDB or if there was already an NZF file for the zone. - In addition, `rndc modzone` failed in subsequent attempts. These - problems are now fixed. :gl:`#5826` + Calling :option:`rndc modzone` on a zone that was configured in the + configuration file caused a crash. This has been fixed. :gl:`#5800` +- Fix a crash triggered by :option:`rndc modzone` on zone that already + existed in NZF file. + Calling :option:`rndc modzone` didn't work properly for a zone that + was configured in the configuration file. It could crash if BIND 9 was + built without LMDB or if there was already an NZF file for the zone. + This has been fixed. :gl:`#5826` From b7f82d8c371d1012d9e7eb078c54e57ac618d83a Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 31 Mar 2026 18:31:29 +0200 Subject: [PATCH 4/4] Update BIND version for release --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index acabeb6916..61fb1ccf2c 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 18)dnl m4_define([bind_VERSION_PATCH], 48)dnl -m4_define([bind_VERSION_EXTRA], -dev)dnl +m4_define([bind_VERSION_EXTRA], )dnl m4_define([bind_DESCRIPTION], [(Extended Support Version)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl