From: Michał Kępień Date: Wed, 23 Jun 2021 10:56:35 +0000 (+0200) Subject: Set up release notes for BIND 9.17.16 X-Git-Tag: v9.17.16~20^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=41de9ad84a82e9f9ab0867b2e9aa9867e8acc1f3;p=thirdparty%2Fbind9.git Set up release notes for BIND 9.17.16 --- diff --git a/doc/arm/notes.rst b/doc/arm/notes.rst index f687115b241..d3678cb6524 100644 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@ -51,6 +51,7 @@ The latest versions of BIND 9 software can always be found at https://www.isc.org/download/. There you will find additional information about each release, and source code. +.. include:: ../notes/notes-current.rst .. include:: ../notes/notes-9.17.15.rst .. include:: ../notes/notes-9.17.14.rst .. include:: ../notes/notes-9.17.13.rst diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst new file mode 100644 index 00000000000..1aa3a8c3b1e --- /dev/null +++ b/doc/notes/notes-current.rst @@ -0,0 +1,58 @@ +.. + Copyright (C) Internet Systems Consortium, Inc. ("ISC") + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, you can obtain one at https://mozilla.org/MPL/2.0/. + + See the COPYRIGHT file distributed with this work for additional + information regarding copyright ownership. + +Notes for BIND 9.17.16 +---------------------- + +Security Fixes +~~~~~~~~~~~~~~ + +- Sending non-zero opcode via DoT or DoH channels would trigger an assertion + failure in ``named``. This has been fixed. + + ISC would like to thank Ville Heikkila of Synopsys Cybersecurity Research + Center for responsibly disclosing the vulnerability to us. :gl:`#2787` + +Known Issues +~~~~~~~~~~~~ + +- None. + +New Features +~~~~~~~~~~~~ + +- None. + +Removed Features +~~~~~~~~~~~~~~~~ + +- Support for compiling and running BIND 9 natively on Windows has been + completely removed. The last release branch that has working Windows + support is BIND 9.16. :gl:`#2690` + +Feature Changes +~~~~~~~~~~~~~~~ + +- None. + +Bug Fixes +~~~~~~~~~ + +- Fixed a bug that caused the NSEC salt to be changed for KASP zones on + every startup. :gl:`#2725` + +- Signed, insecure delegation responses prepared by ``named`` either + lacked the necessary NSEC records or contained duplicate NSEC records + when both wildcard expansion and CNAME chaining were required to + prepare the response. This has been fixed. :gl:`#2759` + +- A deadlock at startup was introduced when fixing :gl:`#1875` because when + locking key files for reading and writing, "in-view" logic was not taken into + account. This has been fixed. :gl:`#2783`