diff --git a/doc/arm/changelog.rst b/doc/arm/changelog.rst index 2188280886..0f68889b60 100644 --- a/doc/arm/changelog.rst +++ b/doc/arm/changelog.rst @@ -18,6 +18,7 @@ Changelog development. Regular users should refer to :ref:`Release Notes ` for changes relevant to them. +.. include:: ../changelog/changelog-9.20.16.rst .. include:: ../changelog/changelog-9.20.15.rst .. include:: ../changelog/changelog-9.20.14.rst .. include:: ../changelog/changelog-9.20.13.rst diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index 77ce5df00c..1baca621d8 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -45,6 +45,7 @@ The list of known issues affecting the latest version in the 9.20 branch can be found at https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.20 +.. include:: ../notes/notes-9.20.16.rst .. include:: ../notes/notes-9.20.15.rst .. include:: ../notes/notes-9.20.14.rst .. include:: ../notes/notes-9.20.13.rst diff --git a/doc/changelog/changelog-9.20.16.rst b/doc/changelog/changelog-9.20.16.rst new file mode 100644 index 0000000000..a35ab1523b --- /dev/null +++ b/doc/changelog/changelog-9.20.16.rst @@ -0,0 +1,82 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.20.16 +------------ + +Feature Changes +~~~~~~~~~~~~~~~ + +- Fix assertion failure from arc4random_uniform with invalid limit. + ``1040282de7e`` + + When the arc4random_uniform() is called on NetBSD with upper_bound + that makes no sense statistically (0 or 1), the call crashes the + calling program. Fix this by returning 0 when upper bound is < 2 as + does Linux, FreeBSD and NetBSD. (Hint: System CSPRNG should never + crash.) :gl:`#5596` :gl:`!11151` + +Bug Fixes +~~~~~~~~~ + +- Fix dnssec-keygen key collision checking for KEY rrtype keys. + ``ac8b23b80bf`` + + The :iscman:`dnssec-keygen` utility program failed to detect possible + Key ID collisions with the existing keys generated using the + non-default ``-T KEY`` option (e.g. for ``SIG(0)``). This has been + fixed. :gl:`#5506` :gl:`!11128` + +- Fix shutdown INSIST in dns_dispatchmgr_getblackhole. ``f0aaaef166c`` + + Previously, `named` could trigger an assertion in + `dns_dispatchmgr_getblackhole` while shutting down. This has been + fixed. :gl:`#5525` :gl:`!11162` + +- Dnssec-verify now uses exit code 1 when failing due to illegal + options. ``6ead0aa4a2b`` + + Previously, dnssec-verify exited with code 0 if the options could not + be parsed. This has been fixed. :gl:`#5574` :gl:`!11129` + +- Prevent assertion failures of dig when server is specified before the + -b option. ``deada63e2b2`` + + Previously, :iscman:`dig` could exit with an assertion failure when + the server was specified before the :option:`dig -b` option. This has + been fixed. :gl:`#5609` :gl:`!11204` + +- Skip unsupported algorithms when looking for signing key. + ``c346fe88a1b`` + + A mix of supported and unsupported DNSSEC algorithms in the same zone + could have caused validation failures. Ignore the DNSSEC keys with + unsupported algorithm when looking for the signing keys. :gl:`#5622` + :gl:`!11210` + +- Fix configuration bugs involving global defaults. ``a85d6fb581c`` + + The configuration code for the `max-cache-size`, `dnssec-validation`, + and `response-padding` options were unnecessarily complicated, and in + the case of `max-cache-size`, buggy. These have been fixed. The + `optionmaps` variable in `configure_view()` is no longer needed and + has been removed. :gl:`!11172` + +- Skip buffer allocations if not logging. ``4f601175bd0`` + + Currently, during IXFR we allocate a 2KB buffer for IXFR change + logging regardless of the log level. This commit introduces an early + check on the log level in dns_diff_print to avoid this. + + Results in a speedup from 28% in the test case from issue #5442. + :gl:`!11192` + + diff --git a/doc/notes/notes-9.20.16.rst b/doc/notes/notes-9.20.16.rst new file mode 100644 index 0000000000..7a63a2fc54 --- /dev/null +++ b/doc/notes/notes-9.20.16.rst @@ -0,0 +1,52 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +Notes for BIND 9.20.16 +---------------------- + +Bug Fixes +~~~~~~~~~ + +- Skip unsupported algorithms when looking for a signing key. + + A mix of supported and unsupported DNSSEC algorithms in the same zone + could cause validation failures. Unsupported algorithms are now + ignored when looking for signing keys. :gl:`#5622` + +- Fix :iscman:`dnssec-keygen` key collision checking for KEY RRtype + keys. + + The :iscman:`dnssec-keygen` utility program failed to detect possible + KEY ID collisions with existing keys generated using the non-default + ``-T KEY`` option (e.g., for ``SIG(0)``). This has been fixed. + :gl:`#5506` + +- :iscman:`dnssec-verify` now uses exit code 1 when failing due to + illegal options. + + Previously, :iscman:`dnssec-verify` exited with code 0 if the options + could not be parsed. This has been fixed. :gl:`#5574` + +- Prevent assertion failures of :iscman:`dig` when a server is specified + before the ``-b`` option. + + Previously, :iscman:`dig` could exit with an assertion failure when + a server was specified before the :option:`dig -b` option. This has + been fixed. :gl:`#5609` + +- Skip buffer allocations if not logging. + + Previously, we allocated a 2KB buffer for IXFR change logging, + regardless of the log level. + + This results in a 28% speedup in some scenarios. + +