From: Nicki Křížek Date: Thu, 3 Apr 2025 14:25:12 +0000 (+0200) Subject: Generate changelog for BIND 9.18.36 X-Git-Tag: v9.18.36~1^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1321ccef5ce3754c009d3e9bc1b0b2d1d51d02ba;p=thirdparty%2Fbind9.git Generate changelog for BIND 9.18.36 --- diff --git a/doc/arm/changelog.rst b/doc/arm/changelog.rst index 686c59224c4..e08c0e96c2c 100644 --- a/doc/arm/changelog.rst +++ b/doc/arm/changelog.rst @@ -18,6 +18,7 @@ Changelog development. Regular users should refer to :ref:`Release Notes ` for changes relevant to them. +.. include:: ../changelog/changelog-9.18.36.rst .. include:: ../changelog/changelog-9.18.35.rst .. include:: ../changelog/changelog-9.18.34.rst .. include:: ../changelog/changelog-9.18.33.rst diff --git a/doc/changelog/changelog-9.18.36.rst b/doc/changelog/changelog-9.18.36.rst new file mode 100644 index 00000000000..47769d43bb4 --- /dev/null +++ b/doc/changelog/changelog-9.18.36.rst @@ -0,0 +1,85 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +BIND 9.18.36 +------------ + +New Features +~~~~~~~~~~~~ + +- Implement -T cookiealwaysvalid. ``efbd698a2d`` + + When `-T cookiealwaysvalid` is passed to `named`, DNS cookie checks + for the incoming queries always pass, given they are structurally + correct. :gl:`!10265` + +Feature Changes +~~~~~~~~~~~~~~~ + +- Fix network manager issue when both success and timeout callbacks can + be called for the same read request. ``d4cc98a175`` + + This commit simplifies code flow in the tls_cycle_input() and makes + the incoming data processing similar to that in TCP DNS. In + particular, now we decipher all the the incoming data before making a + single isc__nm_process_sock_buffer() call. Previously we would try to + decipher data bit-by-bit before trying to process the deciphered bit + via isc__nm_process_sock_buffer(). Doing like before made the code + much less predictable, in particular in the areas like when reading is + paused or resumed. + + The newer approach also allowed us to get rid of some old kludges. + :gl:`#5247` :gl:`!10294` + +Bug Fixes +~~~~~~~~~ + +- Add missing locks when returning addresses. ``ae573fd9dc`` + + Add missing locks in dns_zone_getxfrsource4 et al. Addresses CID + 468706, 468708, 468741, 468742, 468785, and 468778. + + Cleanup dns_zone_setxfrsource4 et al to now return void. + + Remove double copies with dns_zone_getprimaryaddr and + dns_zone_getsourceaddr. :gl:`#4933` :gl:`!10260` + +- Stop caching lack of EDNS support. ``84d0464646`` + + `named` could falsely learn that a server doesn't support EDNS when a + spoofed response was received; that subsequently prevented DNSSEC + lookups from being made. This has been fixed. :gl:`#3949` :gl:`#5066` + +- Fix resolver statistics counters for timed out responses. + ``0e7419670e`` + + When query responses timed out, the resolver could incorrectly + increase the regular responses counters, even if no response was + received. This has been fixed. :gl:`#5193` :gl:`!10288` + +- Validating ADB fetches could cause a crash in import_rdataset() + ``f24bacb190`` + + Previously, in some cases, the resolver could return rdatasets of type + CNAME or DNAME without the result code being set to `DNS_R_CNAME` or + `DNS_R_DNAME`. This could trigger an assertion failure in the ADB. The + resolver error has been fixed. :gl:`#5201` :gl:`!10330` + +- Don't enforce NOAUTH/NOCONF flags in DNSKEYs. ``ddbea0b94b`` + + All DNSKEY keys are able to authenticate. The `DNS_KEYTYPE_NOAUTH` + (and `DNS_KEYTYPE_NOCONF`) flags were defined for the KEY rdata type, + and are not applicable to DNSKEY. Previously, however, because the + DNSKEY implementation was built on top of KEY, the `_NOAUTH` flag + prevented authentication in DNSKEYs as well. This has been corrected. + :gl:`#5240` :gl:`!10316` + +