From a0d8c44bf72dc7d448257636097d18c0426d2a5a Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 12 Sep 2023 09:36:39 +0200 Subject: [PATCH 1/2] Update BIND version to 9.18.20-dev --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 3ee11646bd..263014e51b 100644 --- a/configure.ac +++ b/configure.ac @@ -16,7 +16,7 @@ # m4_define([bind_VERSION_MAJOR], 9)dnl m4_define([bind_VERSION_MINOR], 18)dnl -m4_define([bind_VERSION_PATCH], 19)dnl +m4_define([bind_VERSION_PATCH], 20)dnl m4_define([bind_VERSION_EXTRA], -dev)dnl m4_define([bind_DESCRIPTION], [(Extended Support Version)])dnl m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl From 8b5e396f45e16a9483a6c31a8eb649b2c08cddc0 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 12 Sep 2023 09:36:39 +0200 Subject: [PATCH 2/2] Set up release notes for BIND 9.18.20 --- doc/notes/notes-current.rst | 40 +++---------------------------------- 1 file changed, 3 insertions(+), 37 deletions(-) diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index 8bc1bb5561..1d9d712db7 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -9,7 +9,7 @@ .. See the COPYRIGHT file distributed with this work for additional .. information regarding copyright ownership. -Notes for BIND 9.18.19 +Notes for BIND 9.18.20 ---------------------- Security Fixes @@ -25,51 +25,17 @@ New Features Removed Features ~~~~~~~~~~~~~~~~ -- The :any:`dnssec-must-be-secure` option has been deprecated and will be - removed in a future release. :gl:`#4263` +- None. Feature Changes ~~~~~~~~~~~~~~~ - None. -- Make :iscman:`nsupdate` honor the ``-v`` option. If set, and the server is - specified, SOA queries are now send over TCP as well. :gl:`#1181` - Bug Fixes ~~~~~~~~~ -- The value of If-Modified-Since header in statistics channel was not checked - for length leading to possible buffer overflow by an authorized user. We - would like to emphasize that statistics channel must be properly setup to - allow access only from authorized users of the system. :gl:`#4124` - - This issue was reported independently by Eric Sesterhenn of X41 D-SEC and - Cameron Whitehead. - -- The value of Content-Length header in statistics channel was not - bound checked and negative or large enough value could lead to - overflow and assertion failure. :gl:`#4125` - - This issue was reported by Eric Sesterhenn of X41 D-SEC. - -- Address memory leaks due to not clearing OpenSSL error stack. :gl:`#4159` - - This issue was reported by Eric Sesterhenn of X41 D-SEC. - -- Following the introduction of krb5-subdomain-self-rhs and - ms-subdomain-self-rhs update rules, removal of nonexistent PTR - and SRV records via UPDATE could fail. This has been fixed. :gl:`#4280` - -- The value of :any:`stale-refresh-time` was set to zero after ``rndc flush``. - This has been fixed. :gl:`#4278` - -- BIND could consume more memory than it needs. That has been fixed by - using specialised jemalloc memory arenas dedicated to sending buffers. It - allowed us to optimize the process of returning memory pages back to - the operating system. :gl:`#4038` - -- Prevent DNS message corruption on long DNS over TLS streams. :gl:`#4255` +- None. Known Issues ~~~~~~~~~~~~