freeipa team mailing list archive
-
freeipa team
-
Mailing list archive
-
Message #01194
[Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39
Hi all,
what's the test plan for bind-dyndb-ldap? It's not in the bug
description. From a few comments, I see that it was just an install
test? That's a bit superficial, specially given the amount of patches
that it got. There are also no DEP8 tests, nor build-time tests.
I think we need a test run to show that bind can actually start with
this plugin loaded. Not just a simple installation test, which is just
about dependencies. Just installing the bind9-dyndb-ldap package doesn't
cause bind9 to load the module. There could be unresolved symbols or
even crashes at load time which we wouldn't know about if we just
install the package.
I suggest to follow this guide:
https://wiki.debian.org/LDAP/OpenLDAPSetup#DNS.2FBind9
It relies on the schema and example ldif files shipped with the package,
which, incidentally, don't work out of the box with openldap. This being
a Redhat project, these files are customized for their LDAP server (389,
purchased years ago from Netscape). That debian wiki has some "sed"s to
adjust the config for openldap.
It still needs some tiny changes for ubuntu, though:
- admin dn is cn=admin,dc=example,dc=com (and not uid=admin,...)
- the named apparmor profile needs to allow connecting to the ldapi:/// (or just switch to ldap://)
- I'd suggest to use example.fake instead of example.com, because there is a real example.com, but that's minor
This can even become a DEP8 test (hint!)
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586
Title:
MRE Updates 9.18.12 / 9.16.39
Status in bind-dyndb-ldap package in Ubuntu:
Fix Released
Status in bind9 package in Ubuntu:
Fix Released
Status in bind9 source package in Focal:
In Progress
Status in bind-dyndb-ldap source package in Jammy:
Fix Committed
Status in bind9 source package in Jammy:
Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
Fix Committed
Status in bind9 source package in Kinetic:
Fix Released
Bug description:
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.39
These updates include bug fixes following the SRU policy exception
defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.12, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.12:
https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
bind-9-18-12
For bind9 9.16.2-9.16.39, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2020-8616
CVE-2020-8617
CVE-2020-8618
CVE-2020-8619,
CVE-2020-8620
CVE-2020-8621
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624
CVE-2020-8625
CVE-2021-25214
CVE-2021-25215
CVE-2021-25219
CVE-2021-25220
CVE-2022-2795
CVE-2022-38177
CVE-2022-38178
CVE-2022-3094
Features:
update-quota option
parental-agents configuration option
stale-refresh-time configuration option
stale-cache-enable configuration option
purge-keys and nsec3param options in dnssec-policy
max-ixfr-ratio option
stale-answer-client-timeout option
rndc dnssec -rollover command
rndc dnssec -checkds command
rndc dnssec -status command
support for HTTPS and SVCB record types
support for parsing and validating the dohpath service parameter in SVCB
named -V shows supported cryptographic algorithms
documentation converted from DocBook to reStructuredText.
dig Extended DNS Error (EDE) display
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3398
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
https://gitlab.isc.org/isc-projects/bind9/-/issues/1897
https://gitlab.isc.org/isc-projects/bind9/-/issues/3132
https://gitlab.isc.org/isc-projects/bind9/-/issues/3147
https://gitlab.isc.org/isc-projects/bind9/-/issues/3095
https://gitlab.isc.org/isc-projects/bind9/-/issues/3060
https://gitlab.isc.org/isc-projects/bind9/-/issues/3125
https://gitlab.isc.org/isc-projects/bind9/-/issues/3111
https://gitlab.isc.org/isc-projects/bind9/-/issues/3051
https://gitlab.isc.org/isc-projects/bind9/-/issues/3049
https://gitlab.isc.org/isc-projects/bind9/-/issues/3071
https://gitlab.isc.org/isc-projects/bind9/-/issues/1608
https://gitlab.isc.org/isc-projects/bind9/-/issues/2308
https://gitlab.isc.org/isc-projects/bind9/-/issues/2911
https://gitlab.isc.org/isc-projects/bind9/-/issues/2852
https://gitlab.isc.org/isc-projects/bind9/-/issues/2872
https://gitlab.isc.org/isc-projects/bind9/-/issues/2878
https://gitlab.isc.org/isc-projects/bind9/-/issues/2837
https://gitlab.isc.org/isc-projects/bind9/-/issues/2665
https://gitlab.isc.org/isc-projects/bind9/-/issues/2857
https://gitlab.isc.org/isc-projects/bind9/-/issues/2844
https://gitlab.isc.org/isc-projects/bind9/-/issues/2756
https://gitlab.isc.org/isc-projects/bind9/-/issues/2686
https://gitlab.isc.org/isc-projects/bind9/-/issues/2759
https://gitlab.isc.org/isc-projects/bind9/-/issues/2758
https://gitlab.isc.org/isc-projects/bind9/-/issues/2725
https://gitlab.isc.org/isc-projects/bind9/-/issues/2780
https://gitlab.isc.org/isc-projects/bind9/-/issues/1875
https://gitlab.isc.org/isc-projects/bind9/-/issues/2783
https://gitlab.isc.org/isc-projects/bind9/-/issues/2786
https://gitlab.isc.org/isc-projects/bind9/-/issues/2779
https://gitlab.isc.org/isc-projects/bind9/-/issues/2778
https://gitlab.isc.org/isc-projects/bind9/-/issues/2685
https://gitlab.isc.org/isc-projects/bind9/-/issues/2733
https://gitlab.isc.org/isc-projects/bind9/-/issues/2731
https://gitlab.isc.org/isc-projects/bind9/-/issues/2746
https://gitlab.isc.org/isc-projects/bind9/-/issues/2463
https://gitlab.isc.org/isc-projects/bind9/-/issues/1875
https://gitlab.isc.org/isc-projects/bind9/-/issues/2670
https://gitlab.isc.org/isc-projects/bind9/-/issues/389
https://gitlab.isc.org/isc-projects/bind9/-/issues/2289
https://gitlab.isc.org/isc-projects/bind9/-/issues/2626
https://gitlab.isc.org/isc-projects/bind9/-/issues/2603
https://gitlab.isc.org/isc-projects/bind9/-/issues/2596
https://gitlab.isc.org/isc-projects/bind9/-/issues/2628
https://gitlab.isc.org/isc-projects/bind9/-/issues/2583
https://gitlab.isc.org/isc-projects/bind9/-/issues/2594
https://gitlab.isc.org/isc-projects/bind9/-/issues/2623
https://gitlab.isc.org/isc-projects/bind9/-/issues/2600
https://gitlab.isc.org/isc-projects/bind9/-/issues/2490
https://gitlab.isc.org/isc-projects/bind9/-/issues/2517
https://gitlab.isc.org/isc-projects/bind9/-/issues/2523
https://gitlab.isc.org/isc-projects/bind9/-/issues/2488
https://gitlab.isc.org/isc-projects/bind9/-/issues/2575
https://gitlab.isc.org/isc-projects/bind9/-/issues/2505
https://gitlab.isc.org/isc-projects/bind9/-/issues/2503
https://gitlab.isc.org/isc-projects/bind9/-/issues/2466
https://gitlab.isc.org/isc-projects/bind9/-/issues/2498
https://gitlab.isc.org/isc-projects/bind9/-/issues/2041
https://gitlab.isc.org/isc-projects/bind9/-/issues/2499
https://gitlab.isc.org/isc-projects/bind9/-/issues/2413
https://gitlab.isc.org/isc-projects/bind9/-/issues/2178
https://gitlab.isc.org/isc-projects/bind9/-/issues/2383
https://gitlab.isc.org/isc-projects/bind9/-/issues/2406
https://gitlab.isc.org/isc-projects/bind9/-/issues/2375
https://gitlab.isc.org/isc-projects/bind9/-/issues/2073
https://gitlab.isc.org/isc-projects/bind9/-/issues/2317
https://gitlab.isc.org/isc-projects/bind9/-/issues/2245
https://gitlab.isc.org/isc-projects/bind9/-/issues/2341
https://gitlab.isc.org/isc-projects/bind9/-/issues/2091
https://gitlab.isc.org/isc-projects/bind9/-/issues/2275
https://gitlab.isc.org/isc-projects/bind9/-/issues/2280
https://gitlab.isc.org/isc-projects/bind9/-/issues/2315
https://gitlab.isc.org/isc-projects/bind9/-/issues/2227
https://gitlab.isc.org/isc-projects/bind9/-/issues/2236
https://gitlab.isc.org/isc-projects/bind9/-/issues/2244
https://gitlab.isc.org/isc-projects/bind9/-/issues/1736
https://gitlab.isc.org/isc-projects/bind9/-/issues/2208
https://gitlab.isc.org/isc-projects/bind9/-/issues/2166
https://gitlab.isc.org/isc-projects/bind9/-/issues/2124
https://gitlab.isc.org/isc-projects/bind9/-/issues/2171
https://gitlab.isc.org/isc-projects/bind9/-/issues/2169
https://gitlab.isc.org/isc-projects/bind9/-/issues/2104
https://gitlab.isc.org/isc-projects/bind9/-/issues/1928
https://gitlab.isc.org/isc-projects/bind9/-/issues/1847
https://gitlab.isc.org/isc-projects/bind9/-/issues/2074
https://gitlab.isc.org/isc-projects/bind9/-/issues/1619
https://gitlab.isc.org/isc-projects/bind9/-/issues/2038
https://gitlab.isc.org/isc-projects/bind9/-/issues/1719
https://gitlab.isc.org/isc-projects/bind9/-/issues/1976
https://gitlab.isc.org/isc-projects/bind9/-/issues/1937
https://gitlab.isc.org/isc-projects/bind9/-/issues/1938
https://gitlab.isc.org/isc-projects/bind9/-/issues/1862
https://gitlab.isc.org/isc-projects/bind9/-/issues/1968
https://gitlab.isc.org/isc-projects/bind9/-/issues/1747
https://gitlab.isc.org/isc-projects/bind9/-/issues/1926
https://gitlab.isc.org/isc-projects/bind9/-/issues/1950
https://gitlab.isc.org/isc-projects/bind9/-/issues/1949
https://gitlab.isc.org/isc-projects/bind9/-/issues/1689
https://gitlab.isc.org/isc-projects/bind9/-/issues/1936
https://gitlab.isc.org/isc-projects/bind9/-/issues/1834
https://gitlab.isc.org/isc-projects/bind9/-/issues/1857
https://gitlab.isc.org/isc-projects/bind9/-/issues/1859
https://gitlab.isc.org/isc-projects/bind9/-/issues/1893
https://gitlab.isc.org/isc-projects/bind9/-/issues/1808
https://gitlab.isc.org/isc-projects/bind9/-/issues/1714
https://gitlab.isc.org/isc-projects/bind9/-/issues/1845
https://gitlab.isc.org/isc-projects/bind9/-/issues/1846
https://gitlab.isc.org/isc-projects/bind9/-/issues/1812
https://gitlab.isc.org/isc-projects/bind9/-/issues/1842
https://gitlab.isc.org/isc-projects/bind9/-/issues/1795
https://gitlab.isc.org/isc-projects/bind9/-/issues/1042
https://gitlab.isc.org/isc-projects/bind9/-/issues/1090
https://gitlab.isc.org/isc-projects/bind9/-/issues/1807
https://gitlab.isc.org/isc-projects/bind9/-/issues/1447
https://gitlab.isc.org/isc-projects/bind9/-/issues/1706
Full release notes for versions 9.16.2-9.16.37 (9.16.38, 9.16.39 not added):
https://bind9.readthedocs.io/en/v9_16_37/notes.html
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can
find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the
functionality of named and bind9 by creating a local DNS zone and
domain, and having dig look it up
validation - This test is provided by Debian and consistently fails
both before and after the update due to several issues. It is marked
as flaky, and does not block autopkgtest passing overall
[Regression Potential]
Upstream has an extensive build and integration test suite. So
regressions would likely arise from a change in interaction with
Ubuntu-specific integrations. Alternatively, regressions may arise for
users due to behavior changes from the many bug fixes and minor
feature updates.
In Focal, there were major changes in how documentation is handled
too, requiring packaging updates to handle it. So regressions could
arise here too.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2003586/+subscriptions