upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-26 19:34:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
bind9/doc/arm/notes-9.17.2.xml
Witold Kręcicki e7bde11314 CHANGES, release note
2020-05-01 17:04:23 +02:00

115 lines
4.1 KiB
XML
Raw Blame History

<!--
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
- See the COPYRIGHT file distributed with this work for additional
- information regarding copyright ownership.
-->
<section xml:id="relnotes-9.17.2"><info><title>Notes for BIND 9.17.2</title></info>
<section xml:id="relnotes-9.17.2-security"><info><title>Security Fixes</title></info>
<itemizedlist>
<listitem>
<para>
A bug in dnstap initialization could prevent some dnstap data from
being logged, especially on recursive resolvers. [GL #1795]
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes-9.17.2-known"><info><title>Known Issues</title></info>
<itemizedlist>
<listitem>
<para>
In this release, the build system has been significantly changed (see
below), and there's number of unresolved issues that you need to be
aware of if you are using a development release. Please refer to
GitLab issue #4 https://gitlab.isc.org/isc-projects/bind9/-/issues/4
for a list of not yet resolved issues that will be fixed in the
following releases.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes-9.17.2-new"><info><title>New Features</title></info>
<itemizedlist>
<listitem>
<para>
The BIND 9 build system has been changed to use the normal build tool
stack consisting of autoconf+automake+libtool. This should not make
any difference for people building BIND 9 from the release tarballs,
but if you are building BIND 9 from the git repository you will need
to run "autoreconf -fi" first. If you are using non-standard
<command>./configure</command> option, you will
need to pay extra attention. [GL #4]
</para>
</listitem>
<listitem>
<para>
The native PKCS#11 EdDSA implementation has been updated to PKCS#11
v3.0 and thus made operational again. Contributed by Aaron Thompson.
[GL !3326]
</para>
</listitem>
<listitem>
<para>
The OpenSSL ECDSA implementation has been updated to support PKCS#11
via OpenSSL engine (see engine_pkcs11 from libp11 project). [GL #1534]
</para>
</listitem>
<listitem>
<para>
The OpenSSL EdDSA implementation has been updated to support PKCS#11
via OpenSSL engine. Please note that you need EdDSA capable OpenSSL
engine and there's only proof-of-concept as of this moment.
Contributed by Aaron Thompson. [GL #1763]
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes-9.17.2-changes"><info><title>Feature Changes</title></info>
<itemizedlist>
<listitem>
<para>
The default rwlock implementation has been changed back to the native
BIND 9 rwlock implementation. [GL #1753]
</para>
</listitem>
<listitem>
<para>
Message ids in inbound AXFR transfers are now checked for
consistency. Streams with inconsistent message ids are rejected.
[GL #1674]
</para>
</listitem>
<listitem>
<para>
BIND 9 no longer sets the recv and send buffer sizes for sockets, relying
on system defaults instead. [GL #1713]
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="relnotes-9.17.2-bugs"><info><title>Bug Fixes</title></info>
<itemizedlist>
<listitem>
<para>
When running on a system with Linux capabilities support,
<command>named</command> drops root privileges very soon after system
startup. This was causing a spurious log message, <quote>unable to set
effective uid to 0: Operation not permitted</quote>, which has now been
silenced. [GL #1042] [GL #1090]
</para>
</listitem>
</itemizedlist>
</section>
</section>
Reference in a new issue View git blame Copy permalink