--- /dev/null
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0. If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+BIND 9.20.17
+------------
+
+New Features
+~~~~~~~~~~~~
+
+- Add spatch to detect implicit bool/int/result cast. ``02be363d1f``
+
+ Detection of implicit cast from a boolean into an int, or an
+ isc_result_t into a boolean (either in an assignement or return
+ position).
+
+ If such pattern is found, a warning comment is added into the code
+ (and the CI will fails) so the error can be spotted and manually
+ fixed. :gl:`!11237`
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- Use atomics for CMM_{LOAD,STORE}_SHARED with ThreadSanitizer.
+ ``94fa721705``
+
+ Upstream has removed the atomics implementation of CMM_LOAD_SHARED and
+ CMM_STORE_SHARED as these can be used also with non-stdatomics types.
+ As we only use the CMM api with stdatomics types, we can restore the
+ previous behaviour to prevent ThreadSanitizer warnings. :gl:`#5660`
+ :gl:`!11290`
+
+- Provide more information when the memory allocation fails.
+ ``6749725610``
+
+ Provide more information about the failure when the memory allocation
+ fails. :gl:`!11304`
+
+- Reduce the number of outgoing queries. ``457b470e96``
+
+ Reduces the number of outgoing queries when resolving the nameservers
+ for delegation points. This helps the DNS resolver with cold cache
+ resolve client queries with complex delegation chains and
+ redirections. :gl:`!11258`
+
+Bug Fixes
+~~~~~~~~~
+
+- Fix the spurious timeouts while resolving names. ``d96cf874fb``
+
+ Sometimes the loops in the resolving (e.g. to resolve or validate
+ ns1.example.com we need to resolve ns1.example.com) were not properly
+ detected leading to spurious 10 seconds delay. This has been fixed
+ and such loops are properly detected. :gl:`#3033`, #5578 :gl:`!11298`
+
+- Fix bug where zone switches from NSEC3 to NSEC after retransfer.
+ ``3b40ffbf83``
+
+ When a zone is re-transferred, but the zone journal on an
+ inline-signing secondary is out of sync, the zone could fall back to
+ using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527`
+ :gl:`!11274`
+
+- Attach socket before async streamdns_resume_processing. ``bb9451c73f``
+
+ Call to `streamdns_resume_processing` is asynchronous but the socket
+ passed as argument is not attached when scheduling the call.
+
+ While there is no reproducible way (so far) to make the socket
+ reference number down to 0 before `streamdns_resume_processing` is
+ called, attach the socket before scheduling the call. This guard
+ against an hypothetic case where, for some reasons, the socket
+ refcount would reach 0, and be freed from memory when
+ `streamdns_resume_processing` is called. :gl:`#5620` :gl:`!11260`
+
+- AMTRELAY type 0 presentation format handling was wrong. ``adf104a063``
+
+ RFC 8777 specifies a placeholder value of "." for the gateway field
+ when the gateway type is 0 (no gateway). This was not being checked
+ for nor emitted when displaying the record. This has been corrected.
+
+ Instances of this record will need the placeholder period added to
+ them when upgrading. :gl:`#5639` :gl:`!11255`
+
+- Fix parsing bug in remote-servers with key or tls. ``d9400c5967``
+
+ The :any:`remote-servers` clause enable the following pattern using a
+ named ``server-list``:
+
+ remote-servers a { 1.2.3.4; ... }; remote-servers b { a key
+ foo; };
+
+ However, such configuration was wrongly rejected, with an "unexpected
+ token 'foo'" error. Such configuration is now accepted. :gl:`#5646`
+ :gl:`!11300`
+
+- Fix TLS contexts cache object usage bug in the resolver.
+ ``13adf94006``
+
+ :iscman:`named` could terminate unexpectedly when reconfiguring or
+ reloading, and if client-side TLS transport was in use (for example,
+ when forwarding queries to a DoT server). This has been fixed.
+ :gl:`#5653` :gl:`!11299`
+
+- Fix unitiailized pointer check on getipandkeylist. ``5ed0cf091b``
+
+ Function `named_config_getipandkeylist` could, in case of error in the
+ early code attempting to get the `port` or `tls-port`, make a pointer
+ check on a non-initialized value. This is now fixed. :gl:`!11306`
+
+- Standardize CHECK and RETERR macros. ``ef714e91ac``
+
+ previously, there were over 40 separate definitions of CHECK macros,
+ of which most used "goto cleanup", and the rest "goto failure" or
+ "goto out". there were another 10 definitions of RETERR, of which most
+ were identical to CHECK, but some simply returned a result code
+ instead of jumping to a cleanup label.
+
+ this has now been standardized throughout the code base: RETERR is for
+ returning an error code in the case of an error, and CHECK is for
+ jumping to a cleanup tag, which is now always called "cleanup". both
+ macros are defined in isc/util.h. :gl:`!11069`
+
+- Adding NSEC3 opt-out records could leave invalid records in
+ chain. ``1d83a8ad46``
+
+ When creating an NSEC3 opt-out chain, a node in the chain could be
+ removed too soon, causing the previous NSEC3 being unable to be found,
+ resulting in invalid NSEC3 records to be left in the zone. This has
+ been fixed.
+
+ Closes [#5671](#5671)
+
projects / thirdparty / bind9.git / commitdiff
