From ee46748eeaeff1a6b4cc1498f93adb736c662d64 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 12 Sep 2023 08:11:52 +0200 Subject: [PATCH 1/2] Update BIND version to 9.19.18-dev --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 496ec8fff8..d4788a1e82 100644 --- a/configure.ac +++ b/configure.ac @@ -16,7 +16,7 @@ # m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 19)dnl -m4_define([bind_VERSION_PATCH], 17)dnl +m4_define([bind_VERSION_PATCH], 18)dnl m4_define([bind_VERSION_EXTRA], -dev)dnl m4_define([bind_DESCRIPTION], [(Development Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl From 03505812f0a7a9f7e105a6708c16d00cb40548d8 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 12 Sep 2023 08:11:52 +0200 Subject: [PATCH 2/2] Set up release notes for BIND 9.19.18 --- doc/notes/notes-current.rst | 50 ++++--------------------------------- 1 file changed, 5 insertions(+), 45 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 6b35550361..89573315bf 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -9,7 +9,7 @@ .. See the COPYRIGHT file distributed with this work for additional .. information regarding copyright ownership. -Notes for BIND 9.19.17 +Notes for BIND 9.19.18 ---------------------- Security Fixes @@ -20,62 +20,22 @@ Security Fixes New Features ~~~~~~~~~~~~ -- Add support for User Statically Defined Tracing (USDT) probes - static tracing - points for user-level software. This allows a fine-grained application - tracing with zero-overhead when the probes are not enabled. :gl:`#4041` +- None. Removed Features ~~~~~~~~~~~~~~~~ -- The :any:`dnssec-must-be-secure` option has been deprecated and will be - removed in a future release. :gl:`#4263` +- None. Feature Changes ~~~~~~~~~~~~~~~ -- Make :iscman:`nsupdate` honor the ``-v`` option for SOA queries, that is send - the request over TCP, only if the server is specified. :gl:`#1181` - -- Extend client side support for the EDNS EXPIRE option to IXFR and - AXFR query types. ``named`` will now be making EDNS queries AXFR - and IXFR queries with EDNS options present. :gl:`#4170` - -- Compiling with jemalloc versions older than 4.0.0 is no longer supported; - those versions do not provide the features required by current BIND 9 - releases. :gl:`#4296` +- None. Bug Fixes ~~~~~~~~~ -- The value of If-Modified-Since header in statistics channel was not checked - for length leading to possible buffer overflow by an authorized user. We - would like to emphasize that statistics channel must be properly setup to - allow access only from authorized users of the system. :gl:`#4124` - - This issue was reported independently by Eric Sesterhenn of X41 D-SEC and - Cameron Whitehead. - -- The value of Content-Length header in statistics channel was not - bound checked and negative or large enough value could lead to - overflow and assertion failure. :gl:`#4125` - - This issue was reported by Eric Sesterhenn of X41 D-SEC. - -- Address memory leaks due to not clearing OpenSSL error stack. :gl:`#4159` - - This issue was reported by Eric Sesterhenn of X41 D-SEC. - -- Following the introduction of krb5-subdomain-self-rhs and - ms-subdomain-self-rhs update rules, removal of nonexistent PTR - and SRV records via UPDATE could fail. This has been fixed. :gl:`#4280` - -- The value of :any:`stale-refresh-time` was set to zero after ``rndc flush``. - This has been fixed. :gl:`#4278` - -- BIND could consume more memory than it needs. That has been fixed by - using specialised jemalloc memory arenas dedicated to sending buffers. It - allowed us to optimize the process of returning memory pages back to - the operating system. :gl:`#4038` +- None. Known Issues ~~~~~~~~~~~~