freeipa team mailing list archive
-
freeipa team
-
Mailing list archive
-
Message #01181
[Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36
I've tested the Jammy -proposed package and it works well here:
The following packages will be upgraded:
bind9 (1:9.18.1-1ubuntu1.3 => 1:9.18.12-0ubuntu0.22.04.1)
bind9-dnsutils (1:9.18.1-1ubuntu1.3 => 1:9.18.12-0ubuntu0.22.04.1)
bind9-host (1:9.18.1-1ubuntu1.3 => 1:9.18.12-0ubuntu0.22.04.1)
bind9-libs (1:9.18.1-1ubuntu1.3 => 1:9.18.12-0ubuntu0.22.04.1)
bind9-utils (1:9.18.1-1ubuntu1.3 => 1:9.18.12-0ubuntu0.22.04.1)
5 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.
Need to get 1,870 kB of archives.
The journal output looks good:
Mar 20 17:31:30 bind named[1088]: all zones loaded
Mar 20 17:31:30 bind named[1088]: running
It successfully loaded my 28 zones (most of them using DNSSEC) and was
able to transfer zones properly.
# rndc status
version: BIND 9.18.12-0ubuntu0.22.04.1-Ubuntu (Extended Support Version) <id:> (version.bind/txt/ch disabled)
running on bind: Linux x86_64 5.19.0-35-generic #36~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 17 15:17:25 UTC 2
boot time: Mon, 20 Mar 2023 17:31:30 GMT
last configured: Mon, 20 Mar 2023 17:31:30 GMT
configuration file: /etc/bind/named.conf
CPUs found: 2
worker threads: 2
UDP listeners per interface: 2
number of zones: 28 (0 automatic)
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/900/1000
tcp clients: 0/150
TCP high-water: 5
server is up and running
** Tags removed: verification-needed-jammy
** Tags added: verification-done-jammy
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586
Title:
MRE Updates 9.18.12 / 9.16.36
Status in bind-dyndb-ldap package in Ubuntu:
Fix Released
Status in bind9 package in Ubuntu:
Fix Released
Status in bind-dyndb-ldap source package in Focal:
New
Status in bind9 source package in Focal:
New
Status in bind-dyndb-ldap source package in Jammy:
In Progress
Status in bind9 source package in Jammy:
Fix Committed
Status in bind-dyndb-ldap source package in Kinetic:
In Progress
Status in bind9 source package in Kinetic:
Fix Committed
Bug description:
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception
defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.12, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.12:
https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
bind-9-18-12
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can
find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the
functionality of named and bind9 by creating a local DNS zone and
domain, and having dig look it up
validation - This test is provided by Debian and consistently fails
both before and after the update due to several issues. It is marked
as flaky, and does not block autopkgtest passing overall
[Regression Potential]
Upstream has an extensive build and integration test suite. So
regressions would likely arise from a change in interaction with
Ubuntu-specific integrations. Alternatively, regressions may arise for
users due to behavior changes from the many bug fixes and minor
feature updates.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2003586/+subscriptions