← Back to team overview

freeipa team mailing list archive

[Bug 2040359] Re: Merge bind9 from Debian unstable for noble

 

** Changed in: bind-dyndb-ldap (Ubuntu)
    Milestone: None => ubuntu-24.01

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2040359

Title:
  Merge bind9 from Debian unstable for noble

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released

Bug description:
  Upstream: 9.18.19
  Debian:   1:9.19.17-1    
  Ubuntu:   1:9.18.18-0ubuntu2

  Debian does new releases regularly, so it's likely there will be newer
  versions available before FF that we can pick up if this merge is done
  later in the cycle.

  If it turns out this needs a sync rather than a merge, please change
  the tag 'needs-merge' to 'needs-sync', and (optionally) update the
  title as desired.

  
  ### New Debian Changes ###

  bind9 (1:9.19.17-1) unstable; urgency=medium

    * New upstream version 9.19.17
     - CVE-2023-3341: A stack exhaustion flaw in control channel code may
       cause named to terminate unexpectedly (Closes: #1052416)
     - CVE-2023-4236: named may terminate unexpectedly under high
       DNS-over-TLS query load (Closes: #1052417)

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Wed, 20 Sep 2023 18:13:07 +0200

  bind9 (1:9.19.16-1) experimental; urgency=medium

    * New upstream version 9.19.16

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Wed, 16 Aug 2023 17:54:24 +0200

  bind9 (1:9.19.15-1) experimental; urgency=medium

    * New upstream version 9.19.15

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Wed, 19 Jul 2023 14:16:46 +0200

  bind9 (1:9.19.14-1) experimental; urgency=medium

    * New upstream version 9.19.14

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Wed, 21 Jun 2023 21:00:01 +0200

  bind9 (1:9.19.13-1) experimental; urgency=medium

    * New upstream version 9.19.13

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Wed, 17 May 2023 17:50:48 +0200

  bind9 (1:9.19.12-2) experimental; urgency=medium

    * Add liburcu-dev to Build-Depends

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Thu, 20 Apr 2023 14:24:06 +0200

  bind9 (1:9.19.12-1) experimental; urgency=medium

    * New upstream version 9.19.12

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Wed, 19 Apr 2023 15:01:59 +0200

  bind9 (1:9.19.11-1) experimental; urgency=medium

    * New upstream version 9.19.11
    * Update the d/bind9-dev.install, d/bind9.install and d/not-installed
      after library squash

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Wed, 15 Mar 2023 18:27:20 +0100

  bind9 (1:9.19.10-1) experimental; urgency=medium

    * New upstream version 9.19.10
    * Drop libtool-bin from B-D (Closes: #1022968)

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Fri, 10 Feb 2023 15:16:29 +0100

  bind9 (1:9.19.9-2) experimental; urgency=medium

    * Allow the named to use systemd notify service

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Thu, 26 Jan 2023 21:18:35 +0100

  bind9 (1:9.19.9-1) experimental; urgency=medium

    * New upstream version 9.19.9

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Wed, 25 Jan 2023 16:04:03 +0100

  bind9 (1:9.19.8-1) experimental; urgency=medium

    * New upstream version 9.19.8

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Wed, 21 Dec 2022 18:02:17 +0100

  bind9 (1:9.19.7-1) experimental; urgency=medium

    * New upstream version 9.19.7

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Wed, 16 Nov 2022 14:05:15 +0100

  bind9 (1:9.19.6-2) experimental; urgency=medium

    * Use systemd notify for service readyness check (Closes: #994696)

   -- Bernhard Schmidt <berni@xxxxxxxxxx>  Sun, 30 Oct 2022 00:14:05
  +0200

  bind9 (1:9.19.6-1) experimental; urgency=medium

    * New upstream version 9.19.6

   -- Ondřej Surý <ondrej@xxxxxxxxxx>  Wed, 19 Oct 2022 15:06:31 +0200

  bind9 (1:9.19.5-1) experimental; urgency=medium

    * New upstream version 9.19.5


  ### Old Ubuntu Delta ###

  bind9 (1:9.18.18-0ubuntu2) mantic; urgency=medium

    * SECURITY UPDATE: DoS via recusive packet parsing
      - debian/patches/CVE-2023-3341.patch: add a max depth check to
        lib/isc/include/isc/result.h, lib/isc/result.c, lib/isccc/cc.c.
      - CVE-2023-3341
    * SECURITY UPDATE: Dos via DNS-over-TLS queries
      - debian/patches/CVE-2023-4236.patch: check return code in
        lib/isc/netmgr/tlsdns.c.
      - CVE-2023-4236

   -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Wed, 20 Sep 2023
  12:45:21 -0400

  bind9 (1:9.18.18-0ubuntu1) mantic; urgency=medium

    * New upstream release 9.18.18 (LP: #2034367)
      - Updates:
        + Mark a primary server as temporarily unreachable when a TCP connection
          response to an SOA query times out, matching behavior of a refused TCP
          connection.
        + Mark dialup and heartbeat-interval options as deprecated.
        + Retry DNS queries without an EDNS COOKIE when the first response is
          FORMERR with the EDNS COOKIE that was sent originally.
        + Use NS records for the relaxed QNAME minimization mode to reduce the
          number of queries from named.
      - Bug Fixes:
        + Fix assertion failure from processing already-queued queries while
          server is being reconfigured or cache is being flushed.
        + Fix failure to load zones containing resource records with a TTL value
          larger than 86400 seconds when dnssec-policy is set to insecure.
        + Fix the ability to read HMAC-MD5 key files (LP: #2015176).
        + Fix stability issues with the catalog zone implementation.
      - See https://bind9.readthedocs.io/en/v9.18.18/notes.html for additional
        information.

   -- Lena Voytek <lena.voytek@xxxxxxxxxxxxx>  Tue, 05 Sep 2023 13:20:06
  -0700

  bind9 (1:9.18.16-1ubuntu4) mantic; urgency=medium

    * d/t/dyndb-ldap: allow writing to the dns tree (LP: #2034250)

   -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Tue, 05 Sep 2023
  10:20:27 -0300

  bind9 (1:9.18.16-1ubuntu3) mantic; urgency=medium

    * d/t/control: exclude the i386 architecture for the dyndb-ldap test,
      since bind9-dyndb-ldap is not available there on Ubuntu
    * d/t/dyndb-ldap: fix for the ldap bind9 dn entry

   -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Wed, 30 Aug 2023
  10:14:04 -0300

  bind9 (1:9.18.16-1ubuntu2) mantic; urgency=medium

    * d/t/control, d/t/dyndb-ldap: add DEP8 test (LP: #2032650)

   -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Tue, 22 Aug 2023
  09:24:02 -0300

  bind9 (1:9.18.16-1ubuntu1) mantic; urgency=medium

    * Merge with Debian unstable (LP: #2018050). Remaining changes:
      - Don't build dnstap as it depends on universe packages:
        + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
          protobuf-c-compiler (universe packages)
        + d/dnsutils.install: don't install dnstap
        + d/rules: don't build dnstap nor install dnstap.proto
      - Add back apport:
        + d/bind9.apport: add back old bind9 apport hook, but without calling
          attach_conffiles() since that is already done by apport itself, with
          confirmation from the user.
        + d/control, d/rules: build-depends on dh-apport and use it
      - d/control: remove optional libjemalloc-dev Build-Depends as it is not in
        main.
      - d/NEWS: mention relevant packaging changes
      - Improve dep-8 test suite (LP #2003584):
        + d/t/zonetest: Add dep8 test for checking the domain zone creation
          process
        + d/t/control: Add new test outline
    * Added Changes:
      - d/po/de.po: Fix German UTF-8 encoding
      - d/copyright: Fix lintian warnings
        + Remove the entry for lib/isc/hp.c lib/isc/include/isc/hp.h as they were
          deleted in 9.18.2
        + Remove the entry for lib/isc/include/pkcs11/pkcs11.h as it is no longer
          bundled as of 9.17.19
        + Update the location of random_test.c and add info about its public
          domain section
        + Add wildcards to folders as needed
        + Note that m4/ uses the FSFAP license
      - d/control: Remove lsb-base dependency as it is no longer needed
        + See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019851

   -- Lena Voytek <lena.voytek@xxxxxxxxxxxxx>  Mon, 26 Jun 2023 14:25:50
  -0700

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2040359/+subscriptions