From 8134aac39c4e5db6e3abb9143e74f7d0387daa78 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Wed, 11 May 2022 10:50:38 +0200 Subject: [PATCH 1/2] Update BIND version to 9.18.4-dev --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index d4c0fbe658..55d8b9f24b 100644 --- a/configure.ac +++ b/configure.ac @@ -16,7 +16,7 @@ # m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 18)dnl -m4_define([bind_VERSION_PATCH], 3)dnl +m4_define([bind_VERSION_PATCH], 4)dnl m4_define([bind_VERSION_EXTRA], -dev)dnl m4_define([bind_DESCRIPTION], [(Stable Release)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl From bcd564089abf999a4f11dd3aa5d213f027e1630f Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Wed, 11 May 2022 10:52:47 +0200 Subject: [PATCH 2/2] Set up release notes for BIND 9.18.4 --- doc/notes/notes-current.rst | 35 ++++------------------------------- 1 file changed, 4 insertions(+), 31 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index fd7a2d5acd..5a2d9bfe59 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -9,7 +9,7 @@ .. See the COPYRIGHT file distributed with this work for additional .. information regarding copyright ownership. -Notes for BIND 9.18.3 +Notes for BIND 9.18.4 --------------------- Security Fixes @@ -20,38 +20,12 @@ Security Fixes Known Issues ~~~~~~~~~~~~ -- According to RFC 8310, Section 8.1, the Subject field MUST NOT be - inspected when verifying a remote certificate while establishing a - DNS-over-TLS connection. Only SubjectAltName must be checked - instead. Unfortunately, some quite old versions of cryptographic - libraries might lack the functionality to ignore the Subject - field. It should have minimal production use consequences, as most - of the production-ready certificates issued by certificate - authorities will have SubjectAltNames set. In such a case, the - Subject field is ignored. Only old platforms are affected by this, - e.g., those supplied with OpenSSL versions older than 1.1.1. +- None. New Features ~~~~~~~~~~~~ -- Add DNS Extended Errors (:rfc:`8914`) when stale answers are returned from - cache. :gl:`#2267` - -- Add support for remote TLS certificates verification, both to BIND - and ``dig``, making it possible to implement Strict and Mutual TLS - authentication, as described in RFC 9103, Section 9.3. :gl:`#3163` - -- Catalog Zones schema version 2, as described in the "DNS Catalog Zones" IETF - draft version 5 document, is now supported by :iscman:`named`. All of the - previously supported BIND-specific catalog zone custom properties - (``primaries``, ``allow-query``, and ``allow-transfer``), as well as the new - Change of Ownership (``coo``) property, are now implemented. Schema version 1 - is still supported, with some additional validation rules applied from - schema version 2: for example, the ``version`` property is mandatory, and a - member zone PTR RRset must not contain more than one record. In the event of a - validation error, a corresponding error message is logged to help with - diagnosing the problem. :gl:`#3221` :gl:`#3222` :gl:`#3223` :gl:`#3224` - :gl:`#3225` +- None. Removed Features ~~~~~~~~~~~~~~~~ @@ -66,5 +40,4 @@ Feature Changes Bug Fixes ~~~~~~~~~ -- CDS and CDNSKEY DELETE records are removed from the zone when configured with - 'auto-dnssec maintain;'. This has been fixed. :gl:`#2931`. +- None.