From 41de9ad84a82e9f9ab0867b2e9aa9867e8acc1f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 23 Jun 2021 12:56:35 +0200 Subject: [PATCH] Set up release notes for BIND 9.17.16 --- doc/arm/notes.rst | 1 + doc/notes/notes-current.rst | 58 +++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 doc/notes/notes-current.rst diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index f687115b24..d3678cb652 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -51,6 +51,7 @@ The latest versions of BIND 9 software can always be found at https://www.isc.org/download/. There you will find additional information about each release, and source code. +.. include:: ../notes/notes-current.rst .. include:: ../notes/notes-9.17.15.rst .. include:: ../notes/notes-9.17.14.rst .. include:: ../notes/notes-9.17.13.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst new file mode 100644 index 0000000000..1aa3a8c3b1 --- /dev/null +++ b/doc/notes/notes-current.rst @@ -0,0 +1,58 @@ +.. + Copyright (C) Internet Systems Consortium, Inc. ("ISC") + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, you can obtain one at https://mozilla.org/MPL/2.0/. + + See the COPYRIGHT file distributed with this work for additional + information regarding copyright ownership. + +Notes for BIND 9.17.16 +---------------------- + +Security Fixes +~~~~~~~~~~~~~~ + +- Sending non-zero opcode via DoT or DoH channels would trigger an assertion + failure in ``named``. This has been fixed. + + ISC would like to thank Ville Heikkila of Synopsys Cybersecurity Research + Center for responsibly disclosing the vulnerability to us. :gl:`#2787` + +Known Issues +~~~~~~~~~~~~ + +- None. + +New Features +~~~~~~~~~~~~ + +- None. + +Removed Features +~~~~~~~~~~~~~~~~ + +- Support for compiling and running BIND 9 natively on Windows has been + completely removed. The last release branch that has working Windows + support is BIND 9.16. :gl:`#2690` + +Feature Changes +~~~~~~~~~~~~~~~ + +- None. + +Bug Fixes +~~~~~~~~~ + +- Fixed a bug that caused the NSEC salt to be changed for KASP zones on + every startup. :gl:`#2725` + +- Signed, insecure delegation responses prepared by ``named`` either + lacked the necessary NSEC records or contained duplicate NSEC records + when both wildcard expansion and CNAME chaining were required to + prepare the response. This has been fixed. :gl:`#2759` + +- A deadlock at startup was introduced when fixing :gl:`#1875` because when + locking key files for reading and writing, "in-view" logic was not taken into + account. This has been fixed. :gl:`#2783`