← Back to team overview

freeipa team mailing list archive

[Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

 

I've tested the Jammy -proposed package and it works well here:

The following packages will be upgraded:
   bind9 (1:9.18.1-1ubuntu1.3 => 1:9.18.12-0ubuntu0.22.04.1)
   bind9-dnsutils (1:9.18.1-1ubuntu1.3 => 1:9.18.12-0ubuntu0.22.04.1)
   bind9-host (1:9.18.1-1ubuntu1.3 => 1:9.18.12-0ubuntu0.22.04.1)
   bind9-libs (1:9.18.1-1ubuntu1.3 => 1:9.18.12-0ubuntu0.22.04.1)
   bind9-utils (1:9.18.1-1ubuntu1.3 => 1:9.18.12-0ubuntu0.22.04.1)
5 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.
Need to get 1,870 kB of archives.


The journal output looks good:

Mar 20 17:31:30 bind named[1088]: all zones loaded
Mar 20 17:31:30 bind named[1088]: running

It successfully loaded my 28 zones (most of them using DNSSEC) and was
able to transfer zones properly.

# rndc status
version: BIND 9.18.12-0ubuntu0.22.04.1-Ubuntu (Extended Support Version) <id:> (version.bind/txt/ch disabled)
running on bind: Linux x86_64 5.19.0-35-generic #36~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 17 15:17:25 UTC 2
boot time: Mon, 20 Mar 2023 17:31:30 GMT
last configured: Mon, 20 Mar 2023 17:31:30 GMT
configuration file: /etc/bind/named.conf
CPUs found: 2
worker threads: 2
UDP listeners per interface: 2
number of zones: 28 (0 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 0/150
TCP high-water: 5
server is up and running

** Tags removed: verification-needed-jammy
** Tags added: verification-done-jammy

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.36

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Focal:
  New
Status in bind9 source package in Focal:
  New
Status in bind-dyndb-ldap source package in Jammy:
  In Progress
Status in bind9 source package in Jammy:
  Fix Committed
Status in bind-dyndb-ldap source package in Kinetic:
  In Progress
Status in bind9 source package in Kinetic:
  Fix Committed

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.36

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3200

  This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972

  Full release notes for versions 9.18.2-9.18.12:
  https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
  bind-9-18-12

  [Test Plan]

  DEP-8 Tests:

  simpletest - Confirms bind9 daemon starts successfully and dig can
  find 127.0.0.1 through the default setup of bind9

  zonetest - Added in this update, currently in lunar. Confirms the
  functionality of named and bind9 by creating a local DNS zone and
  domain, and having dig look it up

  validation - This test is provided by Debian and consistently fails
  both before and after the update due to several issues. It is marked
  as flaky, and does not block autopkgtest passing overall

  [Regression Potential]

  Upstream has an extensive build and integration test suite. So
  regressions would likely arise from a change in interaction with
  Ubuntu-specific integrations. Alternatively, regressions may arise for
  users due to behavior changes from the many bug fixes and minor
  feature updates.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2003586/+subscriptions