get_openssl_version.py - OpenGrok history log for /netbsd-src/external/mpl/bind/dist/bin/tests/system/doth/get_openssl

Revision	Date	Author	Comments
# 734a9f3d	22-Sep-2024	christos <christos@NetBSD.org>	Import bind-9.18.30 (previous was 9.18.24) Changes: BIND 9.18.30 ------------ New Features ~~~~~~~~~~~~ - Print the full path of the working directory in startup log messages. ``99ce0d6b838`` Import bind-9.18.30 (previous was 9.18.24) Changes: BIND 9.18.30 ------------ New Features ~~~~~~~~~~~~ - Print the full path of the working directory in startup log messages. ``99ce0d6b838`` named now prints its initial working directory during startup and the changed working directory when loading or reloading its configuration file if it has a valid 'directory' option defined. :gl:`#4731` :gl:`!9373` Feature Changes ~~~~~~~~~~~~~~~ - Restore the ability to select individual unit tests. ``a59fe212a34`` This adds the command line arguments: `-d` (debug), `-l` (list tests) and `-t test` (run this test) to the unit tests. e.g. ``` % ./rdata_test -t zonemd [==========] selected: Running 1 test(s). [ RUN ] zonemd [ OK ] zonemd [==========] selected: 1 test(s) run. [ PASSED ] 1 test(s). % ``` :gl:`#4579` :gl:`!9386` - Process also the ISC_R_CANCELED result code in rpz_rewrite() ``26df9f6255b`` Log canceled resolver queries (e.g. when shutting down a hung fetch) in DEBUG3 level instead of DEBUG1 which is used for the "unrecognized" result codes. :gl:`#4797` :gl:`!9348` - Remove code to read and parse /proc/net/if_inet6 on Linux. ``887a61a4082`` The getifaddr() works fine for years, so we don't have to keep the callback to parse /proc/net/if_inet6 anymore. :gl:`#4852` :gl:`!9342` - Follow the number of CPU set by taskset/cpuset. ``17efe703cc2`` Administrators may wish to constrain the set of cores that BIND 9 runs on via the 'taskset', 'cpuset' or 'numactl' programs (or equivalent on other O/S). If the admin has used taskset, the `named` will now follow to automatically use the given number of CPUs rather than the system wide count. :gl:`#4884` :gl:`!9443` Bug Fixes ~~~~~~~~~ - Change the NS_PER_SEC (and friends) from enum to #define. ``0da22fc138e`` New version of clang (19) has introduced a stricter checks when mixing integer (and float types) with enums. In this case, we used enum {} as C17 doesn't have constexpr yet. Change the time conversion constants to be #defined constants because of RHEL 8 compiler doesn't consider static const unsigned int to be constant. :gl:`#4845` :gl:`!9340` - Check the result of dirfd() before calling unlinkat() ``b9f0df60972`` Instead of directly using the result of dirfd() in the unlinkat() call, check whether the returned file descriptor is actually valid. That doesn't really change the logic as the unlinkat() would fail with invalid descriptor anyway, but this is cleaner and will report the right error returned directly by dirfd() instead of EBADF from unlinkat(). :gl:`#4853` :gl:`!9344` - Checking whether a EDDSA key was private or not was broken. ``e04839c08e8`` Checking whether a EDDSA key was private or not was broken could lead to attempting to sign records with a public key and this could cause a segmentation failure (read of a NULL pointer) within OpenSSL. :gl:`#4855` :gl:`!9329` - Fix algoritm rollover bug when there are two keys with the same keytag. ``43c8ed45e53`` If there is an algorithm rollover and two keys of different algorithm share the same keytags, then there is a possibility that if we check that a key matches a specific state, we are checking against the wrong key. This has been fixed by not only checking for matching key tag but also key algorithm. :gl:`#4878` :gl:`!9394` - Stop using malloc_usable_size and malloc_size. ``cccd26e942c`` The `malloc_usable_size()` can return size larger than originally allocated and when these sizes disagree the fortifier enabled by `_FORTIFY_SOURCE=3` detects overflow and stops the `named` execution abruptly. Stop using these convenience functions as they are primary used for introspection-only. :gl:`#4880` :gl:`!9419` - Preserve statement tag order in documentation. ``b4d1988c280`` This supports bit-for-bit reproducibility of built documentation. :gl:`#4886` :gl:`!9409` - Fix clang-scan 19 warnings. ``01ee251d130`` Silence warnings generated by clang-scan. :gl:`!9388` BIND 9.18.29 ------------ New Features ~~~~~~~~~~~~ - Tighten 'max-recursion-queries' and add 'max-query-restarts' option. ``fe3ae71e90`` There were cases in resolver.c when the `max-recursion-queries` quota was ineffective. It was possible to craft zones that would cause a resolver to waste resources by sending excessive queries while attempting to resolve a name. This has been addressed by correcting errors in the implementation of `max-recursion-queries`, and by reducing the default value from 100 to 32. In addition, a new `max-query-restarts` option has been added which limits the number of times a recursive server will follow CNAME or DNAME records before terminating resolution. This was previously a hard-coded limit of 16, and now defaults to 11. :gl:`#4741` :gl:`!9283` - Generate changelog from git log. ``21a0b6aef7`` Use a single source of truth, the git log, to generate the list of CHANGES. Use the .rst format and include it in the ARM for a quick reference with proper gitlab links to issues and merge requests. :gl:`#75` :gl:`!9181` Feature Changes ~~~~~~~~~~~~~~~ - Use _exit() in the fatal() function. ``e4c483f45f`` Since the fatal() isn't a correct but rather abrupt termination of the program, we want to skip the various atexit() calls because not all memory might be freed during fatal() call, etc. Using _exit() instead of exit() has this effect - the program will end, but no destructors or atexit routines will be called. :gl:`!9263` - Fix data race in clean_finds_at_name. ``541726871d`` Stop updating `find.result_v4` and `find.result_v4` in `clean_finds_at_name`. The values are supposed to be static. :gl:`#4118` :gl:`!9198` Bug Fixes ~~~~~~~~~ - Reconfigure catz member zones during named reconfiguration. ``944d0dc942`` During a reconfiguration named wasn't reconfiguring catalog zones' member zones. This has been fixed. :gl:`#4733` - Disassociate the SSL object from the cached SSL_SESSION. ``64fde41253`` When the SSL object was destroyed, it would invalidate all SSL_SESSION objects including the cached, but not yet used, TLS session objects. Properly disassociate the SSL object from the SSL_SESSION before we store it in the TLS session cache, so we can later destroy it without invalidating the cached TLS sessions. :gl:`#4834` :gl:`!9279` - Attach/detach to the listening child socket when accepting TLS. ``3ead47daff`` When TLS connection (TLSstream) connection was accepted, the children listening socket was not attached to sock->server and thus it could have been freed before all the accepted connections were actually closed. In turn, this would cause us to call isc_tls_free() too soon - causing cascade errors in pending SSL_read_ex() in the accepted connections. Properly attach and detach the children listening socket when accepting and closing the server connections. :gl:`#4833` :gl:`!9278` - Make hypothesis optional for system tests. ``0d1953d7a8`` Ensure that system tests can be executed without Python hypothesis package. :gl:`#4831` :gl:`!9268` - Don't loop indefinitely when isc_task quantum is 'unlimited' ``674420df64`` Don't run more events than already scheduled. If the quantum is set to a high value, the task_run() would execute already scheduled, and all new events that result from running event->ev_action(). Setting quantum to a number of scheduled events will postpone events scheduled after we enter the loop here to the next task_run() invocation. :gl:`!9257` - Raise the log level of priming failures. ``c948babeeb`` When a priming query is complete, it's currently logged at level ISC_LOG_DEBUG(1), regardless of success or failure. We are now raising it to ISC_LOG_NOTICE in the case of failure. [GL #3516] :gl:`#3516` :gl:`!9251` - Add a compatibility shim for older libuv versions (< 1.19.0) ``61ff983f00`` The uv_stream_get_write_queue_size() is supported only in relatively newer versions of libuv (1.19.0 or higher). Provide a compatibility shim for this function , so BIND 9 can be built in environments with older libuv version. - Remove extra newline from yaml output. ``1222dbe9f9`` I split this into two commits, one for the actual newline removal, and one for issues I found, ruining the yaml output when some errors were outputted. - CID 498025 and CID 498031: Overflowed constant INTEGER_OVERFLOW. ``bbdd888b8e`` Add INSIST to fail if the multiplication would cause the variables to overflow. :gl:`#4798` :gl:`!9230` - Remove unnecessary operations. ``2374a1a2bd`` Decrementing optlen immediately before calling continue is unneccesary and inconsistent with the rest of dns_message_pseudosectiontoyaml and dns_message_pseudosectiontotext. Coverity was also reporting an impossible false positive overflow of optlen (CID 499061). :gl:`!9224` - Fix generation of 6to4-self name expansion from IPv4 address. ``df55c15ebb`` The period between the most significant nibble of the encoded IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the wrong name being checked. Add system test for 6to4-self implementation. :gl:`#4766` :gl:`!9218` - Fix false QNAME minimisation error being reported. ``4984afc80c`` Remove the false positive "success resolving" log message when QNAME minimisation is in effect and the final result is NXDOMAIN. :gl:`#4784` :gl:`!9216` - Dig +yaml was producing unexpected and/or invalid YAML output. ``2db62a4dba`` :gl:`#4796` :gl:`!9214` - SVBC alpn text parsing failed to reject zero length alpn. ``8f7be89052`` :gl:`#4775` :gl:`!9210` - Return SERVFAIL for a too long CNAME chain. ``f7de909b98`` When cutting a long CNAME chain, named was returning NOERROR instead of SERVFAIL (alongside with a partial answer). This has been fixed. :gl:`#4449` :gl:`!9204` - Properly calculate the amount of system memory. ``9faf355a5c`` On 32 bit machines isc_meminfo_totalphys could return an incorrect value. :gl:`#4799` :gl:`!9200` - Update key lifetime and metadata after dnssec-policy reconfig. ``2107a64ee6`` Adjust key state and timing metadata if dnssec-policy key lifetime configuration is updated, so that it also affects existing keys. :gl:`#4677` :gl:`!9192` - Fix dig +timeout argument when using +https. ``381d6246d6`` The +timeout argument was not used on DoH connections. This has been fixed. :gl:`#4806` :gl:`!9161` Changes prior to 9.18.28 ------------------------ .. code-block:: none --- 9.18.28 released --- 6404. [security] Remove SIG(0) support from named as a countermeasure for CVE-2024-1975. [GL #4480] 6403. [security] qctx-zversion was not being cleared when it should have been leading to an assertion failure if it needed to be reused. (CVE-2024-4076) [GL #4507] 6401. [security] An excessively large number of rrtypes per owner can slow down database query processing, so a limit has been placed on the number of rrtypes that can be stored per owner (node) in a cache or zone database. This is configured with the new "max-rrtypes-per-name" option, and defaults to 100. (CVE-2024-1737) [GL #3403] [GL #4548] 6400. [security] Excessively large rdatasets can slow down database query processing, so a limit has been placed on the number of records that can be stored per rdataset in a cache or zone database. This is configured with the new "max-records-per-type" option, and defaults to 100. (CVE-2024-1737) [GL #497] [GL #3405] 6399. [security] Malicious DNS client that sends many queries over TCP but never reads responses can cause server to respond slowly or not respond at all for other clients. (CVE-2024-0760) [GL #4481] 6398. [bug] Fix potential data races in our DoH implementation related to HTTP/2 session object management and endpoints set object management after reconfiguration. We would like to thank Dzintars and Ivo from nic.lv for bringing this to our attention. [GL #4473] 6397. [bug] Clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT when looking for parent NS records needed to get the DS result. [GL #4661] 6395. [bug] Handle ISC_R_HOSTDOWN and ISC_R_NETDOWN in resolver.c. [GL #4736] 6394. [bug] Named's -4 and -6 options now apply to zone primaries, also-notify and parental-agents. Report when a zone has these options configured but does not have an IPv4 or IPv6 address listed respectively. [GL #3472] 6393. [func] Deal with uv_tcp_close_reset() error return codes more gracefully. [GL #4708] 6392. [bug] Use a completely new memory context when flushing the cache. [GL #2744] 6391. [bug] TCP client statistics could sometimes fail to decrease when accepting client connection fails. [GL #4742] 6390. [bug] Fix a data race in isc_task_purgeevent(). [GL !8937] 6389. [bug] dnssec-verify and dnssec-signzone could fail if there was an obscured DNSKEY RRset at a delegatation. [GL #4517] 6388. [bug] Prevent an assertion failure caused by passing NULL to dns_dispatch_resume() when a dns_request times out close to view shutdown. [GL #4719] 6386. [bug] When shutting down catzs->view could point to freed memory. Obtain a reference to the view to prevent this. [GL #4502] 6385. [func] Relax SVCB alias mode checks to allow parameters. [GL #4704] 6384. [bug] Remove infinite loop when including a directory in a zone file. [GL #4357] 6383. [bug] Address an infinite loop in $GENERATE when a negative value was converted in nibble mode. [GL #4353] 6382. [bug] Fix RPZ response's SOA record TTL, which was incorrectly set to 1 if 'add-soa' is used. [GL #3323] .. code-block:: none --- 9.18.27 released --- 6374. [bug] Skip to next RRSIG if signature has expired or is in the future rather than failing immediately. [GL #4586] 6372. [func] Implement signature jitter for dnssec-policy. [GL #4554] .. code-block:: none --- 9.18.26 released --- 6364. [protocol] Add RESOLVER.ARPA to the built in empty zones. [GL #4580] 6363. [bug] dig/mdig +ednsflags=<non-zero-value> did not re-enable EDNS if it had been disabled. [GL #4641] 6361. [bug] Some invalid ISO 8601 durations were accepted erroneously. [GL #4624] 6360. [bug] Don't return static-stub synthesised NS RRset. [GL #4608] 6359. [bug] Fix bug in Depends (keymgr_dep) function. [GL #4552] 6351. [protocol] Support for the RESINFO record type has been added. [GL #4413] 6346. [bug] Cleaned up several minor bugs in the RBTDB dbiterator implementation. [GL !8741] 6345. [bug] Added missing dns_rdataset_disassociate calls in validator.c:findnsec3proofs. [GL #4571] 6340. [test] Fix incorrectly reported errors when running tests with `make test` on platforms with older pytest. [GL #4560] 6338. [func] Optimize slabheader placement, so the infrastructure records are put in the beginning of the slabheader linked list. [GL !8675] 6334. [doc] Improve ARM parental-agents definition. [GL #4531] 6333. [bug] Fix the DNS_GETDB_STALEFIRST flag, which was defined incorrectly in lib/ns/query.c. [GL !8683] 6330. [doc] Update ZSK minimum lifetime documentation in ARM, also depends on signing delay. [GL #4510] 6328. [func] Add workaround to enforce dynamic linker to pull jemalloc earlier than libc to ensure all memory allocations are done via jemalloc. [GL #4404] 6326. [bug] Changes to "listen-on" statements were ignored on reconfiguration unless the port or interface address was changed, making it impossible to change a related listener transport type. Thanks to Thomas Amgarten. [GL #4518] [GL #4528] 6325. [func] Expose the TCP client count in statistics channel. [GL #4425] 6324. [bug] Fix a possible crash in 'dig +nssearch +nofail' and 'host -C' commands when one of the name servers returns SERVFAIL. [GL #4508] 6313. [bug] When dnssec-policy is in effect the DNSKEY's TTLs in the zone where not being updated to match the policy. This lead to failures when DNSKEYs where updated as the TTLs mismatched. [GL #4466] .. code-block:: none --- 9.18.25 released --- 6356. [bug] Create the pruning task in the dns_cache_flush(), so the cache pruning still works after the flush. [GL #4621] 6353. [bug] Improve the TTL-based cleaning by removing the expired headers from the heap, so they don't block the next cleaning round and clean more than a single item for each new addition to the RBTDB. [GL #4591] 6352. [bug] Revert change 6319 and decrease lock contention during RBTDB tree pruning by not cleaning up nodes recursively within a single prune_tree() call. [GL #4596] 6350. [bug] Address use after free in expire_lru_headers. [GL #4495] .. code-block:: none show more ...
# 8aaca124	21-Feb-2024	christos <christos@NetBSD.org>	Import bind-9.18.24 (previous was 9.16.42) --- 9.18.24 released --- 6343. [bug] Fix case insensitive setting for isc_ht hashtable. [GL #4568] --- 9.18.23 released --- 6322. [security] Speci Import bind-9.18.24 (previous was 9.16.42) --- 9.18.24 released --- 6343. [bug] Fix case insensitive setting for isc_ht hashtable. [GL #4568] --- 9.18.23 released --- 6322. [security] Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. (CVE-2023-50387) [GL #4424] 6321. [security] Change 6315 inadvertently introduced regressions that could cause named to crash. [GL #4234] 6320. [bug] Under some circumstances, the DoT code in client mode could process more than one message at a time when that was not expected. That has been fixed. [GL #4487] --- 9.18.22 released --- 6319. [func] Limit isc_task_send() overhead for RBTDB tree pruning. [GL #4383] 6317. [security] Restore DNS64 state when handling a serve-stale timeout. (CVE-2023-5679) [GL #4334] 6316. [security] Specific queries could trigger an assertion check with nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281] 6315. [security] Speed up parsing of DNS messages with many different names. (CVE-2023-4408) [GL #4234] 6314. [bug] Address race conditions in dns_tsigkey_find(). [GL #4182] 6312. [bug] Conversion from NSEC3 signed to NSEC signed could temporarily put the zone into a state where it was treated as unsigned until the NSEC chain was built. Additionally conversion from one set of NSEC3 parameters to another could also temporarily put the zone into a state where it was treated as unsigned until the new NSEC3 chain was built. [GL #1794] [GL #4495] 6310. [bug] Memory leak in zone.c:sign_zone. When named signed a zone it could leak dst_keys due to a misplaced 'continue'. [GL #4488] 6306. [func] Log more details about the cause of "not exact" errors. [GL #4500] 6304. [bug] The wrong time was being used to determine what RRSIGs where to be generated when dnssec-policy was in use. [GL #4494] 6302. [func] The "trust-anchor-telemetry" statement is no longer marked as experimental. This silences a relevant log message that was emitted even when the feature was explicitly disabled. [GL #4497] 6300. [bug] Fix statistics export to use full 64 bit signed numbers instead of truncating values to unsigned 32 bits. [GL #4467] 6299. [port] NetBSD has added 'hmac' to libc which collides with our use of 'hmac'. [GL #4478] --- 9.18.21 released --- 6297. [bug] Improve LRU cleaning behaviour. [GL #4448] 6296. [func] The "resolver-nonbackoff-tries" and "resolver-retry-interval" options are deprecated; a warning will be logged if they are used. [GL #4405] 6294. [bug] BIND might sometimes crash after startup or re-configuration when one 'tls' entry is used multiple times to connect to remote servers due to initialisation attempts from contexts of multiple threads. That has been fixed. [GL #4464] 6290. [bug] Dig +yaml will now report "no servers could be reached" also for UDP setup failure when no other servers or tries are left. [GL #1229] 6287. [bug] Recognize escapes when reading the public key from file. [GL !8502] 6286. [bug] Dig +yaml will now report "no servers could be reached" on TCP connection failure as well as for UDP timeouts. [GL #4396] 6282. [func] Deprecate AES-based DNS cookies. [GL #4421] --- 9.18.20 released --- 6280. [bug] Fix missing newlines in the output of "rndc nta -dump". [GL !8454] 6277. [bug] Take into account local authoritative zones when falling back to serve-stale. [GL #4355] 6275. [bug] Fix assertion failure when using lock-file configuration option together -X argument to named. [GL #4386] 6274. [bug] The 'lock-file' file was being removed when it shouldn't have been making it ineffective if named was started 3 or more times. [GL #4387] 6271. [bug] Fix a shutdown race in dns__catz_update_cb(). [GL #4381] 6269. [maint] B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and 2801:1b8:10::b. [GL #4101] 6267. [func] The timeouts for resending zone refresh queries over UDP were lowered to enable named to more quickly determine that a primary is down. [GL #4260] 6265. [bug] Don't schedule resign operations on the raw version of an inline-signing zone. [GL #4350] 6261. [bug] Fix a possible assertion failure on an error path in resolver.c:fctx_query(), when using an uninitialized link. [GL #4331] 6254. [cleanup] Add semantic patch to do an explicit cast from char to unsigned char in ctype.h class of functions. [GL #4327] 6252. [test] Python system tests have to be executed by invoking pytest directly. Executing them with the legacy test runner is no longer supported. [GL #4250] 6250. [bug] The wrong covered value was being set by dns_ncache_current for RRSIG records in the returned rdataset structure. This resulted in TYPE0 being reported as the covered value of the RRSIG when dumping the cache contents. [GL #4314] --- 9.18.19 released --- 6246. [security] Fix use-after-free error in TLS DNS code when sending data. (CVE-2023-4236) [GL #4242] 6245. [security] Limit the amount of recursion that can be performed by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152] 6244. [bug] Adjust log levels on malformed messages to NOTICE when transferring in a zone. [GL #4290] 6241. [bug] Take into account the possibility of partial TLS writes in TLS DNS code. That helps to prevent DNS messages corruption on long DNS over TLS streams. [GL #4255] 6240. [bug] Use dedicated per-worker thread jemalloc memory arenas for send buffers allocation to reduce memory consumption and avoid lock contention. [GL #4038] 6239. [func] Deprecate the 'dnssec-must-be-secure' option. [GL #3700] 6237. [bug] Address memory leaks due to not clearing OpenSSL error stack. [GL #4159] 6235. [doc] Clarify BIND 9 time formats. [GL #4266] 6234. [bug] Restore stale-refresh-time value after flushing the cache. [GL #4278] 6232. [bug] Following the introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs update rules, removal of nonexistent PTR and SRV records via UPDATE could fail. [GL #4280] 6231. [func] Make nsupdate honor -v for SOA requests if the server is specified. [GL #1181] 6230. [bug] Prevent an unnecessary query restart if a synthesized CNAME target points to the CNAME owner. [GL #3835] 6227. [bug] Check the statistics-channel HTTP Content-length to prevent negative or overflowing values from causing a crash. [GL #4125] 6224. [bug] Check the If-Modified-Since value length to prevent out-of-bounds write. [GL #4124] --- 9.18.18 released --- 6220. [func] Deprecate the 'dialup' and 'heartbeat-interval' options. [GL #3700] 6219. [bug] Ignore 'max-zone-ttl' on 'dnssec-policy insecure'. [GL #4032] 6215. [protocol] Return REFUSED to GSS-API TKEY requests if GSS-API support is not configured. [GL #4225] 6213. [bug] Mark a primary server as temporarily unreachable if the TCP connection attempt times out. [GL #4215] 6212. [bug] Don't process detach and close netmgr events when the netmgr has been paused. [GL #4200] --- 9.18.17 released --- 6206. [bug] Add shutdown checks in dns_catz_dbupdate_callback() to avoid a race with dns_catz_shutdown_catzs(). [GL #4171] 6205. [bug] Restore support to read legacy HMAC-MD5 K file pairs. [GL #4154] 6204. [bug] Use NS records for relaxed QNAME-minimization mode. This reduces the number of queries named makes when resolving, as it allows the non-existence of NS RRsets at non-referral nodes to be cached in addition to the referrals that are normally cached. [GL #3325] 6200. [bug] Fix nslookup erroneously reporting a timeout when the input is delayed. [GL #4044] 6199. [bug] Improve HTTP Connection: header protocol conformance in the statistics channel. [GL #4126] 6198. [func] Remove the holes in the isc_result_t enum to compact the isc_result tables. [GL #4149] 6197. [bug] Fix a data race between the dns_zone and dns_catz modules when registering/unregistering a database update notification callback for a catalog zone. [GL #4132] 6196. [cleanup] Report "permission denied" instead of "unexpected error" when trying to update a zone file on a read-only file system. Thanks to Midnight Veil. [GL #4134] 6193. [bug] Fix a catz db update notification callback registration logic error, which could crash named when receiving an AXFR update for a catalog zone while the previous update process of the catalog zone was already running. [GL #4136] 6166. [func] Retry without DNS COOKIE on FORMERR if it appears that the FORMERR was due to the presence of a DNS COOKIE option. [GL #4049] show more ...

Revision

Date

Author

Comments

# 734a9f3d

22-Sep-2024

christos <christos@NetBSD.org>

Import bind-9.18.30 (previous was 9.18.24)

Changes:

BIND 9.18.30
------------

New Features
~~~~~~~~~~~~

- Print the full path of the working directory in startup log messages.
``99ce0d6b838``

Import bind-9.18.30 (previous was 9.18.24)

Changes:

BIND 9.18.30
------------

New Features
~~~~~~~~~~~~

- Print the full path of the working directory in startup log messages.
``99ce0d6b838``

named now prints its initial working directory during startup and the
changed working directory when loading or reloading its configuration
file if it has a valid 'directory' option defined. :gl:`#4731`
:gl:`!9373`

Feature Changes
~~~~~~~~~~~~~~~

- Restore the ability to select individual unit tests. ``a59fe212a34``

This adds the command line arguments: `-d` (debug), `-l` (list tests)
and `-t test` (run this test) to the unit tests.

e.g. ``` % ./rdata_test -t zonemd [==========] selected:
Running 1 test(s). [ RUN ] zonemd [ OK ] zonemd
[==========] selected: 1 test(s) run. [ PASSED ] 1 test(s).
% ``` :gl:`#4579` :gl:`!9386`

- Process also the ISC_R_CANCELED result code in rpz_rewrite()
``26df9f6255b``

Log canceled resolver queries (e.g. when shutting down a hung fetch)
in DEBUG3 level instead of DEBUG1 which is used for the "unrecognized"
result codes. :gl:`#4797` :gl:`!9348`

- Remove code to read and parse /proc/net/if_inet6 on Linux.
``887a61a4082``

The getifaddr() works fine for years, so we don't have to keep the
callback to parse /proc/net/if_inet6 anymore. :gl:`#4852` :gl:`!9342`

- Follow the number of CPU set by taskset/cpuset. ``17efe703cc2``

Administrators may wish to constrain the set of cores that BIND 9 runs
on via the 'taskset', 'cpuset' or 'numactl' programs (or equivalent on
other O/S).

If the admin has used taskset, the `named` will now follow to
automatically use the given number of CPUs rather than the system wide
count. :gl:`#4884` :gl:`!9443`

Bug Fixes
~~~~~~~~~

- Change the NS_PER_SEC (and friends) from enum to #define.
``0da22fc138e``

New version of clang (19) has introduced a stricter checks when mixing
integer (and float types) with enums. In this case, we used enum {}
as C17 doesn't have constexpr yet. Change the time conversion
constants to be #defined constants because of RHEL 8 compiler doesn't
consider static const unsigned int to be constant. :gl:`#4845`
:gl:`!9340`

- Check the result of dirfd() before calling unlinkat() ``b9f0df60972``

Instead of directly using the result of dirfd() in the unlinkat()
call, check whether the returned file descriptor is actually valid.
That doesn't really change the logic as the unlinkat() would fail with
invalid descriptor anyway, but this is cleaner and will report the
right error returned directly by dirfd() instead of EBADF from
unlinkat(). :gl:`#4853` :gl:`!9344`

- Checking whether a EDDSA key was private or not was broken.
``e04839c08e8``

Checking whether a EDDSA key was private or not was broken could lead
to attempting to sign records with a public key and this could cause a
segmentation failure (read of a NULL pointer) within OpenSSL.
:gl:`#4855` :gl:`!9329`

- Fix algoritm rollover bug when there are two keys with the same
keytag. ``43c8ed45e53``

If there is an algorithm rollover and two keys of different algorithm
share the same keytags, then there is a possibility that if we check
that a key matches a specific state, we are checking against the wrong
key. This has been fixed by not only checking for matching key tag but
also key algorithm. :gl:`#4878` :gl:`!9394`

- Stop using malloc_usable_size and malloc_size. ``cccd26e942c``

The `malloc_usable_size()` can return size larger than originally
allocated and when these sizes disagree the fortifier enabled by
`_FORTIFY_SOURCE=3` detects overflow and stops the `named` execution
abruptly. Stop using these convenience functions as they are primary
used for introspection-only. :gl:`#4880` :gl:`!9419`

- Preserve statement tag order in documentation. ``b4d1988c280``

This supports bit-for-bit reproducibility of built documentation.
:gl:`#4886` :gl:`!9409`

- Fix clang-scan 19 warnings. ``01ee251d130``

Silence warnings generated by clang-scan. :gl:`!9388`

BIND 9.18.29
------------

New Features
~~~~~~~~~~~~

- Tighten 'max-recursion-queries' and add 'max-query-restarts' option.
``fe3ae71e90``

There were cases in resolver.c when the `max-recursion-queries` quota
was ineffective. It was possible to craft zones that would cause a
resolver to waste resources by sending excessive queries while
attempting to resolve a name. This has been addressed by correcting
errors in the implementation of `max-recursion-queries`, and by
reducing the default value from 100 to 32.

In addition, a new `max-query-restarts` option has been added which
limits the number of times a recursive server will follow CNAME or
DNAME records before terminating resolution. This was previously a
hard-coded limit of 16, and now defaults to 11. :gl:`#4741`
:gl:`!9283`

- Generate changelog from git log. ``21a0b6aef7``

Use a single source of truth, the git log, to generate the list of
CHANGES. Use the .rst format and include it in the ARM for a quick
reference with proper gitlab links to issues and merge requests.
:gl:`#75` :gl:`!9181`

Feature Changes
~~~~~~~~~~~~~~~

- Use _exit() in the fatal() function. ``e4c483f45f``

Since the fatal() isn't a correct but rather abrupt termination of the
program, we want to skip the various atexit() calls because not all
memory might be freed during fatal() call, etc. Using _exit() instead
of exit() has this effect - the program will end, but no destructors
or atexit routines will be called. :gl:`!9263`

- Fix data race in clean_finds_at_name. ``541726871d``

Stop updating `find.result_v4` and `find.result_v4` in
`clean_finds_at_name`. The values are supposed to be
static. :gl:`#4118` :gl:`!9198`

Bug Fixes
~~~~~~~~~

- Reconfigure catz member zones during named reconfiguration.
``944d0dc942``

During a reconfiguration named wasn't reconfiguring catalog zones'
member zones. This has been fixed. :gl:`#4733`

- Disassociate the SSL object from the cached SSL_SESSION.
``64fde41253``

When the SSL object was destroyed, it would invalidate all SSL_SESSION
objects including the cached, but not yet used, TLS session objects.

Properly disassociate the SSL object from the SSL_SESSION before we
store it in the TLS session cache, so we can later destroy it without
invalidating the cached TLS sessions. :gl:`#4834` :gl:`!9279`

- Attach/detach to the listening child socket when accepting TLS.
``3ead47daff``

When TLS connection (TLSstream) connection was accepted, the children
listening socket was not attached to sock->server and thus it could
have been freed before all the accepted connections were actually
closed.

In turn, this would cause us to call isc_tls_free() too soon - causing
cascade errors in pending SSL_read_ex() in the accepted connections.

Properly attach and detach the children listening socket when
accepting and closing the server connections. :gl:`#4833` :gl:`!9278`

- Make hypothesis optional for system tests. ``0d1953d7a8``

Ensure that system tests can be executed without Python hypothesis
package. :gl:`#4831` :gl:`!9268`

- Don't loop indefinitely when isc_task quantum is 'unlimited'
``674420df64``

Don't run more events than already scheduled. If the quantum is set
to a high value, the task_run() would execute already scheduled, and
all new events that result from running event->ev_action().

Setting quantum to a number of scheduled events will postpone events
scheduled after we enter the loop here to the next task_run()
invocation. :gl:`!9257`

- Raise the log level of priming failures. ``c948babeeb``

When a priming query is complete, it's currently logged at level
ISC_LOG_DEBUG(1), regardless of success or failure. We are now raising
it to ISC_LOG_NOTICE in the case of failure. [GL #3516] :gl:`#3516`
:gl:`!9251`

- Add a compatibility shim for older libuv versions (< 1.19.0)
``61ff983f00``

The uv_stream_get_write_queue_size() is supported only in relatively
newer versions of libuv (1.19.0 or higher). Provide a compatibility
shim for this function , so BIND 9 can be built in environments with
older libuv version.

- Remove extra newline from yaml output. ``1222dbe9f9``

I split this into two commits, one for the actual newline removal, and
one for issues I found, ruining the yaml output when some errors were
outputted.

- CID 498025 and CID 498031: Overflowed constant INTEGER_OVERFLOW.
``bbdd888b8e``

Add INSIST to fail if the multiplication would cause the variables to
overflow. :gl:`#4798` :gl:`!9230`

- Remove unnecessary operations. ``2374a1a2bd``

Decrementing optlen immediately before calling continue is unneccesary
and inconsistent with the rest of dns_message_pseudosectiontoyaml and
dns_message_pseudosectiontotext. Coverity was also reporting an
impossible false positive overflow of optlen (CID 499061). :gl:`!9224`

- Fix generation of 6to4-self name expansion from IPv4 address.
``df55c15ebb``

The period between the most significant nibble of the encoded IPv4
address and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the
wrong name being checked. Add system test for 6to4-self
implementation. :gl:`#4766` :gl:`!9218`

- Fix false QNAME minimisation error being reported. ``4984afc80c``

Remove the false positive "success resolving" log message when QNAME
minimisation is in effect and the final result is NXDOMAIN.
:gl:`#4784` :gl:`!9216`

- Dig +yaml was producing unexpected and/or invalid YAML output.
``2db62a4dba``

:gl:`#4796` :gl:`!9214`

- SVBC alpn text parsing failed to reject zero length alpn.
``8f7be89052``

:gl:`#4775` :gl:`!9210`

- Return SERVFAIL for a too long CNAME chain. ``f7de909b98``

When cutting a long CNAME chain, named was returning NOERROR instead
of SERVFAIL (alongside with a partial answer). This has been fixed.
:gl:`#4449` :gl:`!9204`

- Properly calculate the amount of system memory. ``9faf355a5c``

On 32 bit machines isc_meminfo_totalphys could return an incorrect
value. :gl:`#4799` :gl:`!9200`

- Update key lifetime and metadata after dnssec-policy reconfig.
``2107a64ee6``

Adjust key state and timing metadata if dnssec-policy key lifetime
configuration is updated, so that it also affects existing keys.
:gl:`#4677` :gl:`!9192`

- Fix dig +timeout argument when using +https. ``381d6246d6``

The +timeout argument was not used on DoH connections. This has been
fixed. :gl:`#4806` :gl:`!9161`

Changes prior to 9.18.28
------------------------

.. code-block:: none

--- 9.18.28 released ---

6404. [security] Remove SIG(0) support from named as a countermeasure
for CVE-2024-1975. [GL #4480]

6403. [security] qctx-zversion was not being cleared when it should have
been leading to an assertion failure if it needed to be
reused. (CVE-2024-4076) [GL #4507]

6401. [security] An excessively large number of rrtypes per owner can
slow down database query processing, so a limit has been
placed on the number of rrtypes that can be stored per
owner (node) in a cache or zone database. This is
configured with the new "max-rrtypes-per-name" option,
and defaults to 100. (CVE-2024-1737)
[GL #3403] [GL #4548]

6400. [security] Excessively large rdatasets can slow down database
query processing, so a limit has been placed on the
number of records that can be stored per rdataset
in a cache or zone database. This is configured
with the new "max-records-per-type" option, and
defaults to 100. (CVE-2024-1737)
[GL #497] [GL #3405]

6399. [security] Malicious DNS client that sends many queries over
TCP but never reads responses can cause server to
respond slowly or not respond at all for other
clients. (CVE-2024-0760) [GL #4481]

6398. [bug] Fix potential data races in our DoH implementation
related to HTTP/2 session object management and
endpoints set object management after reconfiguration.
We would like to thank Dzintars and Ivo from nic.lv
for bringing this to our attention. [GL #4473]

6397. [bug] Clear DNS_FETCHOPT_TRYSTALE_ONTIMEOUT when looking for
parent NS records needed to get the DS result.
[GL #4661]

6395. [bug] Handle ISC_R_HOSTDOWN and ISC_R_NETDOWN in resolver.c.
[GL #4736]

6394. [bug] Named's -4 and -6 options now apply to zone primaries,
also-notify and parental-agents. Report when a zone
has these options configured but does not have an IPv4
or IPv6 address listed respectively. [GL #3472]

6393. [func] Deal with uv_tcp_close_reset() error return codes
more gracefully. [GL #4708]

6392. [bug] Use a completely new memory context when flushing the
cache. [GL #2744]

6391. [bug] TCP client statistics could sometimes fail to decrease
when accepting client connection fails. [GL #4742]

6390. [bug] Fix a data race in isc_task_purgeevent(). [GL !8937]

6389. [bug] dnssec-verify and dnssec-signzone could fail if there
was an obscured DNSKEY RRset at a delegatation.
[GL #4517]

6388. [bug] Prevent an assertion failure caused by passing NULL to
dns_dispatch_resume() when a dns_request times out close
to view shutdown. [GL #4719]

6386. [bug] When shutting down catzs->view could point to freed
memory. Obtain a reference to the view to prevent this.
[GL #4502]

6385. [func] Relax SVCB alias mode checks to allow parameters.
[GL #4704]

6384. [bug] Remove infinite loop when including a directory in a
zone file. [GL #4357]

6383. [bug] Address an infinite loop in $GENERATE when a negative
value was converted in nibble mode. [GL #4353]

6382. [bug] Fix RPZ response's SOA record TTL, which was incorrectly
set to 1 if 'add-soa' is used. [GL #3323]

.. code-block:: none

--- 9.18.27 released ---

6374. [bug] Skip to next RRSIG if signature has expired or is in
the future rather than failing immediately. [GL #4586]

6372. [func] Implement signature jitter for dnssec-policy. [GL #4554]

.. code-block:: none

--- 9.18.26 released ---

6364. [protocol] Add RESOLVER.ARPA to the built in empty zones.
[GL #4580]

6363. [bug] dig/mdig +ednsflags=<non-zero-value> did not re-enable
EDNS if it had been disabled. [GL #4641]

6361. [bug] Some invalid ISO 8601 durations were accepted
erroneously. [GL #4624]

6360. [bug] Don't return static-stub synthesised NS RRset.
[GL #4608]

6359. [bug] Fix bug in Depends (keymgr_dep) function. [GL #4552]

6351. [protocol] Support for the RESINFO record type has been added.
[GL #4413]

6346. [bug] Cleaned up several minor bugs in the RBTDB dbiterator
implementation. [GL !8741]

6345. [bug] Added missing dns_rdataset_disassociate calls in
validator.c:findnsec3proofs. [GL #4571]

6340. [test] Fix incorrectly reported errors when running tests
with `make test` on platforms with older pytest.
[GL #4560]

6338. [func] Optimize slabheader placement, so the infrastructure
records are put in the beginning of the slabheader
linked list. [GL !8675]

6334. [doc] Improve ARM parental-agents definition. [GL #4531]

6333. [bug] Fix the DNS_GETDB_STALEFIRST flag, which was defined
incorrectly in lib/ns/query.c. [GL !8683]

6330. [doc] Update ZSK minimum lifetime documentation in ARM, also
depends on signing delay. [GL #4510]

6328. [func] Add workaround to enforce dynamic linker to pull
jemalloc earlier than libc to ensure all memory
allocations are done via jemalloc. [GL #4404]

6326. [bug] Changes to "listen-on" statements were ignored on
reconfiguration unless the port or interface address was
changed, making it impossible to change a related
listener transport type. Thanks to Thomas Amgarten.
[GL #4518] [GL #4528]

6325. [func] Expose the TCP client count in statistics channel.
[GL #4425]

6324. [bug] Fix a possible crash in 'dig +nssearch +nofail' and
'host -C' commands when one of the name servers returns
SERVFAIL. [GL #4508]

6313. [bug] When dnssec-policy is in effect the DNSKEY's TTLs in
the zone where not being updated to match the policy.
This lead to failures when DNSKEYs where updated as the
TTLs mismatched. [GL #4466]

.. code-block:: none

--- 9.18.25 released ---

6356. [bug] Create the pruning task in the dns_cache_flush(), so
the cache pruning still works after the flush.
[GL #4621]

6353. [bug] Improve the TTL-based cleaning by removing the expired
headers from the heap, so they don't block the next
cleaning round and clean more than a single item for
each new addition to the RBTDB. [GL #4591]

6352. [bug] Revert change 6319 and decrease lock contention during
RBTDB tree pruning by not cleaning up nodes recursively
within a single prune_tree() call. [GL #4596]

6350. [bug] Address use after free in expire_lru_headers. [GL #4495]

.. code-block:: none

# 8aaca124

21-Feb-2024

christos <christos@NetBSD.org>

Import bind-9.18.24 (previous was 9.16.42)

--- 9.18.24 released ---

6343. [bug] Fix case insensitive setting for isc_ht hashtable.
[GL #4568]

--- 9.18.23 released ---

6322. [security] Speci

Import bind-9.18.24 (previous was 9.16.42)

--- 9.18.24 released ---

6343. [bug] Fix case insensitive setting for isc_ht hashtable.
[GL #4568]

--- 9.18.23 released ---

6322. [security] Specific DNS answers could cause a denial-of-service
condition due to DNS validation taking a long time.
(CVE-2023-50387) [GL #4424]

6321. [security] Change 6315 inadvertently introduced regressions that
could cause named to crash. [GL #4234]

6320. [bug] Under some circumstances, the DoT code in client
mode could process more than one message at a time when
that was not expected. That has been fixed. [GL #4487]

--- 9.18.22 released ---

6319. [func] Limit isc_task_send() overhead for RBTDB tree pruning.
[GL #4383]

6317. [security] Restore DNS64 state when handling a serve-stale timeout.
(CVE-2023-5679) [GL #4334]

6316. [security] Specific queries could trigger an assertion check with
nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]

6315. [security] Speed up parsing of DNS messages with many different
names. (CVE-2023-4408) [GL #4234]

6314. [bug] Address race conditions in dns_tsigkey_find().
[GL #4182]

6312. [bug] Conversion from NSEC3 signed to NSEC signed could
temporarily put the zone into a state where it was
treated as unsigned until the NSEC chain was built.
Additionally conversion from one set of NSEC3 parameters
to another could also temporarily put the zone into a
state where it was treated as unsigned until the new
NSEC3 chain was built. [GL #1794] [GL #4495]

6310. [bug] Memory leak in zone.c:sign_zone. When named signed a
zone it could leak dst_keys due to a misplaced
'continue'. [GL #4488]

6306. [func] Log more details about the cause of "not exact" errors.
[GL #4500]

6304. [bug] The wrong time was being used to determine what RRSIGs
where to be generated when dnssec-policy was in use.
[GL #4494]

6302. [func] The "trust-anchor-telemetry" statement is no longer
marked as experimental. This silences a relevant log
message that was emitted even when the feature was
explicitly disabled. [GL #4497]

6300. [bug] Fix statistics export to use full 64 bit signed numbers
instead of truncating values to unsigned 32 bits.
[GL #4467]

6299. [port] NetBSD has added 'hmac' to libc which collides with our
use of 'hmac'. [GL #4478]

--- 9.18.21 released ---

6297. [bug] Improve LRU cleaning behaviour. [GL #4448]

6296. [func] The "resolver-nonbackoff-tries" and
"resolver-retry-interval" options are deprecated;
a warning will be logged if they are used. [GL #4405]

6294. [bug] BIND might sometimes crash after startup or
re-configuration when one 'tls' entry is used multiple
times to connect to remote servers due to initialisation
attempts from contexts of multiple threads. That has
been fixed. [GL #4464]

6290. [bug] Dig +yaml will now report "no servers could be reached"
also for UDP setup failure when no other servers or
tries are left. [GL #1229]

6287. [bug] Recognize escapes when reading the public key from file.
[GL !8502]

6286. [bug] Dig +yaml will now report "no servers could be reached"
on TCP connection failure as well as for UDP timeouts.
[GL #4396]

6282. [func] Deprecate AES-based DNS cookies. [GL #4421]

--- 9.18.20 released ---

6280. [bug] Fix missing newlines in the output of "rndc nta -dump".
[GL !8454]

6277. [bug] Take into account local authoritative zones when
falling back to serve-stale. [GL #4355]

6275. [bug] Fix assertion failure when using lock-file configuration
option together -X argument to named. [GL #4386]

6274. [bug] The 'lock-file' file was being removed when it
shouldn't have been making it ineffective if named was
started 3 or more times. [GL #4387]

6271. [bug] Fix a shutdown race in dns__catz_update_cb(). [GL #4381]

6269. [maint] B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and
2801:1b8:10::b. [GL #4101]

6267. [func] The timeouts for resending zone refresh queries over UDP
were lowered to enable named to more quickly determine
that a primary is down. [GL #4260]

6265. [bug] Don't schedule resign operations on the raw version
of an inline-signing zone. [GL #4350]

6261. [bug] Fix a possible assertion failure on an error path in
resolver.c:fctx_query(), when using an uninitialized
link. [GL #4331]

6254. [cleanup] Add semantic patch to do an explicit cast from char
to unsigned char in ctype.h class of functions.
[GL #4327]

6252. [test] Python system tests have to be executed by invoking
pytest directly. Executing them with the legacy test
runner is no longer supported. [GL #4250]

6250. [bug] The wrong covered value was being set by
dns_ncache_current for RRSIG records in the returned
rdataset structure. This resulted in TYPE0 being
reported as the covered value of the RRSIG when dumping
the cache contents. [GL #4314]

--- 9.18.19 released ---

6246. [security] Fix use-after-free error in TLS DNS code when sending
data. (CVE-2023-4236) [GL #4242]

6245. [security] Limit the amount of recursion that can be performed
by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]

6244. [bug] Adjust log levels on malformed messages to NOTICE when
transferring in a zone. [GL #4290]

6241. [bug] Take into account the possibility of partial TLS writes
in TLS DNS code. That helps to prevent DNS messages
corruption on long DNS over TLS streams. [GL #4255]

6240. [bug] Use dedicated per-worker thread jemalloc memory
arenas for send buffers allocation to reduce memory
consumption and avoid lock contention. [GL #4038]

6239. [func] Deprecate the 'dnssec-must-be-secure' option.
[GL #3700]

6237. [bug] Address memory leaks due to not clearing OpenSSL error
stack. [GL #4159]

6235. [doc] Clarify BIND 9 time formats. [GL #4266]

6234. [bug] Restore stale-refresh-time value after flushing the
cache. [GL #4278]

6232. [bug] Following the introduction of krb5-subdomain-self-rhs
and ms-subdomain-self-rhs update rules, removal of
nonexistent PTR and SRV records via UPDATE could fail.
[GL #4280]

6231. [func] Make nsupdate honor -v for SOA requests if the server
is specified. [GL #1181]

6230. [bug] Prevent an unnecessary query restart if a synthesized
CNAME target points to the CNAME owner. [GL #3835]

6227. [bug] Check the statistics-channel HTTP Content-length
to prevent negative or overflowing values from
causing a crash. [GL #4125]

6224. [bug] Check the If-Modified-Since value length to prevent
out-of-bounds write. [GL #4124]

--- 9.18.18 released ---

6220. [func] Deprecate the 'dialup' and 'heartbeat-interval'
options. [GL #3700]

6219. [bug] Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
[GL #4032]

6215. [protocol] Return REFUSED to GSS-API TKEY requests if GSS-API
support is not configured. [GL #4225]

6213. [bug] Mark a primary server as temporarily unreachable if the
TCP connection attempt times out. [GL #4215]

6212. [bug] Don't process detach and close netmgr events when
the netmgr has been paused. [GL #4200]

--- 9.18.17 released ---

6206. [bug] Add shutdown checks in dns_catz_dbupdate_callback() to
avoid a race with dns_catz_shutdown_catzs(). [GL #4171]

6205. [bug] Restore support to read legacy HMAC-MD5 K file pairs.
[GL #4154]

6204. [bug] Use NS records for relaxed QNAME-minimization mode.
This reduces the number of queries named makes when
resolving, as it allows the non-existence of NS RRsets
at non-referral nodes to be cached in addition to the
referrals that are normally cached. [GL #3325]

6200. [bug] Fix nslookup erroneously reporting a timeout when the
input is delayed. [GL #4044]

6199. [bug] Improve HTTP Connection: header protocol conformance
in the statistics channel. [GL #4126]

6198. [func] Remove the holes in the isc_result_t enum to compact
the isc_result tables. [GL #4149]

6197. [bug] Fix a data race between the dns_zone and dns_catz
modules when registering/unregistering a database
update notification callback for a catalog zone.
[GL #4132]

6196. [cleanup] Report "permission denied" instead of "unexpected error"
when trying to update a zone file on a read-only file
system. Thanks to Midnight Veil. [GL #4134]

6193. [bug] Fix a catz db update notification callback registration
logic error, which could crash named when receiving an
AXFR update for a catalog zone while the previous update
process of the catalog zone was already running.
[GL #4136]

6166. [func] Retry without DNS COOKIE on FORMERR if it appears that
the FORMERR was due to the presence of a DNS COOKIE
option. [GL #4049]