Update BIND version to 9.17.7

Prepare release notes for BIND 9.17.7

See merge request isc-private/bind9!220

CHANGES

@@ -1,48 +1,47 @@
-5533.	[func]		Add "stale-refresh-time" option, a time window that
-			starts after a failed lookup, during which stale rrset
-			will be served directly from cache before a new
-			attempt to refresh it is made. [GL #2066]
+	--- 9.17.7 released ---
+
+5533.	[func]		Add the "stale-refresh-time" option, a time window that
+			starts after a failed lookup, during which a stale RRset
+			is served directly from cache before a new attempt to
+			refresh it is made. [GL #2066]
 
 5532.	[cleanup]	Unused header files were removed:
 			bin/rndc/include/rndc/os.h, lib/isc/timer_p.h,
 			lib/isccfg/include/isccfg/dnsconf.h and code related
 			to those files. [GL #1913]
 
-5531.	[func]		Add a netmgr TLS layer, enabling server-side DoT
-			support (not yet available), and client-side DoT
-			support in dig with "dig +tls". [GL #1840]
+5531.	[func]		Add support for DNS over TLS (DoT) to dig and named.
+			[GL #1840]
 
-5530.	[bug]		DNSTAP did not capture responses to forwarded
-			UPDATE requests. [GL #2252]
+5530.	[bug]		dnstap did not capture responses to forwarded UPDATE
+			requests. [GL #2252]
 
-5529.	[func]		The network manager API is now used by named
-			to send zone transfer requests. [GL #2016]
+5529.	[func]		The network manager API is now used by named to send
+			zone transfer requests. [GL #2016]
 
-5528.	[func]		Convert "dig", "host" and "nslookup" to use the
-			network manager. As a side effect of this change,
-			"dig +unexpected" no longer works, and has been
-			disabled. [GL #2140]
+5528.	[func]		Convert dig, host, and nslookup to use the network
+			manager API. As a side effect of this change, "dig
+			+unexpected" no longer works, and has been disabled.
+			[GL #2140]
 
-5527.	[bug]		There was a NULL pointer dereference if the creation
-			of the fetch to determine if a negative trust anchor
-			was still valid failed. [GL #2244]
+5527.	[bug]		A NULL pointer dereference occurred when creating an NTA
+			recheck query failed. [GL #2244]
 
 5526.	[bug]		Fix a race/NULL dereference in TCPDNS read. [GL #2227]
 
 5525.	[placeholder]
 
-5524.	[func]		Added functionality to the network manager to
-			support outgoing DNS queries in addition to
-			incoming ones. [GL #2235]
+5524.	[func]		Added functionality to the network manager to support
+			outgoing DNS queries in addition to incoming ones.
+			[GL #2235]
 
-5523.	[bug]		The initial lookup of a zone transitioning to/from
-			the signed state could fail if the DNSKEY RRset was
-			not found.  Subsequent lookups would succeed.
-			[GL #2236]
+5523.	[bug]		The initial lookup in a zone transitioning to/from a
+			signed state could fail if the DNSKEY RRset was not
+			found. [GL #2236]
 
-5522.	[bug]		Fix a race/NULL dereference in TCPDNS send. [GL #2227]
+5522.	[bug]		Fixed a race/NULL dereference in TCPDNS send. [GL #2227]
 
-5521.	[func]		All use of libltdl was dropped.  libuv's shared library
+5521.	[func]		All use of libltdl was dropped. libuv's shared library
 			handling interface is now used instead. [GL !4278]
 
 5520.	[bug]		Fixed a number of shutdown races, reference counting
@@ -53,12 +52,11 @@
 			lib/dns/portlist.c, lib/isc/bufferlist.c, and code
 			related to those files. [GL #2060]
 
-5518.	[bug]		Fix stub zone not transferring nameserver addresses
-			from masters configured with 'minimal-responses yes'.
-			[GL #1736]
+5518.	[bug]		Stub zones now work correctly with primary servers using
+			"minimal-responses yes". [GL #1736]
 
-5517.	[bug]		Handle 'UV_EOF' differently and don't contribute it to
-			the RECVFAIL statistic count. [GL #2208]
+5517.	[bug]		Do not treat UV_EOF as a TCP4RecvErr or a TCP6RecvErr.
+			[GL #2208]
 
 	--- 9.17.6 released ---
 

README.md

@@ -162,8 +162,7 @@ To build on a Unix or Linux system, use:
 		$ ./configure
 		$ make
 
-If you're planning on making changes to the BIND 9 source, you should run
-`make depend`.  If you're using Emacs, you might find `make tags` helpful.
+If you're using Emacs, you might find `make tags` helpful.
 
 Several environment variables, which can be set before running `configure`,
 affect compilation.  Significant ones are:

configure.ac

@@ -14,7 +14,7 @@
 #
 m4_define([bind_VERSION_MAJOR], 9)dnl
 m4_define([bind_VERSION_MINOR], 17)dnl
-m4_define([bind_VERSION_PATCH], 6)dnl
+m4_define([bind_VERSION_PATCH], 7)dnl
 m4_define([bind_VERSION_EXTRA], )dnl
 m4_define([bind_DESCRIPTION], [(Development Release)])dnl
 m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl

doc/arm/notes.rst

@@ -52,7 +52,7 @@ https://www.isc.org/download/. There you will find additional
 information about each release, source code, and pre-compiled versions
 for Microsoft Windows operating systems.
 
-.. include:: ../notes/notes-current.rst
+.. include:: ../notes/notes-9.17.7.rst
 .. include:: ../notes/notes-9.17.6.rst
 .. include:: ../notes/notes-9.17.5.rst
 .. include:: ../notes/notes-9.17.4.rst

doc/notes/notes-9.17.7.rst

@@ -0,0 +1,64 @@
+.. 
+   Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+   
+   This Source Code Form is subject to the terms of the Mozilla Public
+   License, v. 2.0. If a copy of the MPL was not distributed with this
+   file, you can obtain one at https://mozilla.org/MPL/2.0/.
+   
+   See the COPYRIGHT file distributed with this work for additional
+   information regarding copyright ownership.
+
+Notes for BIND 9.17.7
+---------------------
+
+New Features
+~~~~~~~~~~~~
+
+- Support for DNS over TLS (DoT) has been added: the ``dig`` tool is now
+  able to send DoT queries (``+tls`` option) and ``named`` can handle
+  DoT queries (``listen-on tls ...`` option). ``named`` can use either a
+  certificate provided by the user or an ephemeral certificate generated
+  automatically upon startup. [GL #1840]
+
+- A new configuration option, ``stale-refresh-time``, has been
+  introduced. It allows a stale RRset to be served directly from cache
+  for a period of time after a failed lookup, before a new attempt to
+  refresh it is made. [GL #2066]
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- The ``dig``, ``host``, and ``nslookup`` tools have been converted to
+  use the new network manager API rather than the older ISC socket API.
+
+  As a side effect of this change, the ``dig +unexpected`` option no
+  longer works. This could previously be used to diagnose broken servers
+  or network configurations by listening for replies from servers other
+  than the one that was queried. With the new API, such answers are
+  filtered before they ever reach ``dig``, so the option has been
+  removed. [GL #2140]
+
+- The network manager API is now used by ``named`` to send zone transfer
+  requests. [GL #2016]
+
+Bug Fixes
+~~~~~~~~~
+
+- ``named`` could crash with an assertion failure if a TCP connection
+  were closed while a request was still being processed. [GL #2227]
+
+- ``named`` acting as a resolver could incorrectly treat signed zones
+  with no DS record at the parent as bogus. Such zones should be treated
+  as insecure. This has been fixed. [GL #2236]
+
+- After a Negative Trust Anchor (NTA) is added, BIND performs periodic
+  checks to see if it is still necessary. If BIND encountered a failure
+  while creating a query to perform such a check, it attempted to
+  dereference a ``NULL`` pointer, resulting in a crash. [GL #2244]
+
+- A problem obtaining glue records could prevent a stub zone from
+  functioning properly, if the authoritative server for the zone were
+  configured for minimal responses. [GL #1736]
+
+- ``UV_EOF`` is no longer treated as a ``TCP4RecvErr`` or a
+  ``TCP6RecvErr``. [GL #2208]

doc/notes/notes-current.rst

@@ -1,67 +0,0 @@
-.. 
-   Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-   
-   This Source Code Form is subject to the terms of the Mozilla Public
-   License, v. 2.0. If a copy of the MPL was not distributed with this
-   file, you can obtain one at https://mozilla.org/MPL/2.0/.
-   
-   See the COPYRIGHT file distributed with this work for additional
-   information regarding copyright ownership.
-
-Notes for BIND 9.17.6
----------------------
-
-Security Fixes
-~~~~~~~~~~~~~~
-
-- None.
-
-Known Issues
-~~~~~~~~~~~~
-
-- None.
-
-New Features
-~~~~~~~~~~~~
-
-- None.
-
-- A new configuration option ``stale-refresh-time`` has been introduced, it
-  allows stale RRset to be served directly from cache for a period of time
-  after a failed lookup, before a new attempt to refresh it is made. [GL #2066]
-
-Removed Features
-~~~~~~~~~~~~~~~~
-
-- None.
-
-Feature Changes
-~~~~~~~~~~~~~~~
-
-- The network manager API is now used by ``named`` to send zone transfer
-  requests. [GL #2016]
-
-- The ``dig``, ``host``, and ``nslookup`` tools have been converted to
-  use the new network manager API rather than the older ISC socket API.
-
-  As a side effect of this change, the ``dig +unexpected`` option no longer
-  works.  This could previously be used for diagnosing broken servers or
-  network configurations by listening for replies from servers other than
-  the one that was queried.  With the new API such answers are filtered
-  before they ever reach ``dig``.  Consequently, the option has been
-  removed. [GL #2140]
-
-- Support for DNS over TLS (DoT) has been added to the network manager API, and
-  the support for DoT has been added to the ``dig`` tool and support for
-  listening on TLS port has been added to ``named``.  ``named`` could use a
-  certificate provided by the user or it can generate an ephemeral certificate
-  on startup of the daemon.
-
-Bug Fixes
-~~~~~~~~~
-
-- Handle `UV_EOF` differently such that it is not treated as a `TCP4RecvErr` or
-  `TCP6RecvErr`. [GL #2208]
-
-- ``named`` could crash with an assertion failure if a TCP connection is closed
-  while the request is still processing. [GL #2227]

lib/bind9/api

@@ -12,5 +12,5 @@
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
 LIBINTERFACE = 1701
-LIBREVISION = 2
+LIBREVISION = 3
 LIBAGE = 0

lib/dns/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1706
+LIBINTERFACE = 1707
 LIBREVISION = 0
 LIBAGE = 0

lib/isc/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1705
+LIBINTERFACE = 1706
 LIBREVISION = 0
 LIBAGE = 0

lib/isccc/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1702
-LIBREVISION = 1
+LIBINTERFACE = 1703
+LIBREVISION = 0
 LIBAGE = 0

lib/isccfg/api

@@ -12,5 +12,5 @@
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
 LIBINTERFACE = 1702
-LIBREVISION = 1
+LIBREVISION = 2
 LIBAGE = 0

lib/ns/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1704
+LIBINTERFACE = 1705
 LIBREVISION = 0
 LIBAGE = 0

util/copyrights

@@ -1244,7 +1244,7 @@
 ./doc/notes/notes-9.17.4.rst			RST	2020
 ./doc/notes/notes-9.17.5.rst			RST	2020
 ./doc/notes/notes-9.17.6.rst			RST	2020
-./doc/notes/notes-current.rst			RST	2020
+./doc/notes/notes-9.17.7.rst			RST	2020
 ./docutil/HTML_COPYRIGHT			X	2001,2004,2016,2018,2019,2020
 ./docutil/MAN_COPYRIGHT				X	2001,2004,2016,2018,2019,2020
 ./docutil/patch-db2latex-duplicate-template-bug	X	2007,2018,2019,2020