freeipa team mailing list archive

Thread
Date
[Bug 2073310] Re: Backport of bind9 for focal, jammy and noble

To: freeipa@xxxxxxxxxxxxxxxxxxx
From: Lena Voytek <2073310@xxxxxxxxxxxxxxxxxx>
Date: Mon, 23 Sep 2024 19:56:37 -0000
Reply-to: Bug 2073310 <2073310@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
** Description changed:

- Backport bind9 to focal, jammy and noble once the update for oracular
- has been completed.
+ This bug tracks an update for the bind9 package, moving to versions:
  
- <List exact versions being upgraded from and to for each release>
+ * Noble (24.04): bind9 9.18.30
+ * Jammy (22.04): bind9 9.18.30
+ * Focal (20.04): bind9 9.18.30
  
- [Impact]
- TBD
+ These updates include bug fixes following the SRU policy exception
+ defined at https://wiki.ubuntu.com/Bind9Updates.
  
- <List bug links to former cases of SRU backports for this package>[Major Changes]
- TBD
+ [Upstream changes]
+ 
+ Changes from 9.18.28 - 9.18.30 include:
+ 
+ Features:
+ 
+ Print initial working directory during named startup, and changed working directory when loading or reloading the configuration file
+ Add max-query-restarts configuration statement
+ 
+ 
+ Updates:
+ 
+ Restrain named to specified number of cores when running via taskset, cpuset, or numactl
+ Reduce default max-recursion-queries value from 100 to 32
+ Raise the log level of priming failures
+ 
+ Bug fixes:
+ 
+ https://gitlab.isc.org/isc-projects/bind9/-/issues/4855 - Fix privacy verification of EDDSA keys
+ https://gitlab.isc.org/isc-projects/bind9/-/issues/4878 - Fix algorithm rollover bug when there are two keys with the same keytag
+ https://gitlab.isc.org/isc-projects/bind9/-/issues/4449 - Return SERVFAIL for a too long CNAME chain
+ https://gitlab.isc.org/isc-projects/bind9/-/issues/4733 - Reconfigure catz member zones during named reconfiguration
+ https://gitlab.isc.org/isc-projects/bind9/-/issues/4677 - Update key lifetime and metadata after dnssec-policy reconfiguration
+ https://gitlab.isc.org/isc-projects/bind9/-/issues/4766 - Fix generation of 6to4-self name expansion from IPv4 address
+ https://gitlab.isc.org/isc-projects/bind9/-/issues/4796 - Fix invalid dig +yaml output
+ https://gitlab.isc.org/isc-projects/bind9/-/issues/4775 - Reject zero-length ALPN during SVBC ALPN text parsing
+ https://gitlab.isc.org/isc-projects/bind9/-/issues/4784 - Fix false QNAME minimisation error being reported
+ https://gitlab.isc.org/isc-projects/bind9/-/issues/4806 - Fix dig +timeout argument when using +https
+ 
+ 
+ Full release notes available here - https://bind9.readthedocs.io/en/v9.18.30/notes.html
  
  [Test Plan]
- <Link to wiki SRU backport page>TBD
+ 
+ DEP-8 Tests:
+ 
+ simpletest - Confirms bind9 daemon starts successfully and dig can find
+ 127.0.0.1 through the default setup of bind9
+ 
+ zonetest - Added in this update, currently in lunar. Confirms the
+ functionality of named and bind9 by creating a local DNS zone and
+ domain, and having dig look it up
+ 
+ dyndb-ldap - Verifies functionality of bind-dyndb-ldap against the
+ updated bind9 package with a basic setup. This also fails intentionally
+ prior to bind-dyndb-ldap being rebuilt against the package, as this is a
+ necessary step for bind9 updates.
+ 
+ validation - This test is provided by Debian and consistently fails both
+ before and after the update due to several issues. It is marked as
+ flaky, and does not block autopkgtest passing overall
  
  [Regression Potential]
- Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters.
- <Also, ...>
+ 
+ Upstream has an extensive build and integration test suite. So
+ regressions would likely arise from a change in interaction with Ubuntu-
+ specific integrations. Alternatively, regressions may arise for users
+ due to behavior changes from the many bug fixes and minor feature
+ updates.

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2073310

Title:
  Backport of bind9 for focal, jammy and noble

Status in bind-dyndb-ldap package in Ubuntu:
  In Progress
Status in bind9 package in Ubuntu:
  In Progress
Status in bind-dyndb-ldap source package in Focal:
  In Progress
Status in bind9 source package in Focal:
  In Progress
Status in bind-dyndb-ldap source package in Jammy:
  In Progress
Status in bind9 source package in Jammy:
  In Progress
Status in bind-dyndb-ldap source package in Noble:
  In Progress
Status in bind9 source package in Noble:
  In Progress

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Noble (24.04): bind9 9.18.30
  * Jammy (22.04): bind9 9.18.30
  * Focal (20.04): bind9 9.18.30

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  Changes from 9.18.28 - 9.18.30 include:

  Features:

  Print initial working directory during named startup, and changed working directory when loading or reloading the configuration file
  Add max-query-restarts configuration statement

  
  Updates:

  Restrain named to specified number of cores when running via taskset, cpuset, or numactl
  Reduce default max-recursion-queries value from 100 to 32
  Raise the log level of priming failures

  Bug fixes:

  https://gitlab.isc.org/isc-projects/bind9/-/issues/4855 - Fix privacy verification of EDDSA keys
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4878 - Fix algorithm rollover bug when there are two keys with the same keytag
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4449 - Return SERVFAIL for a too long CNAME chain
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4733 - Reconfigure catz member zones during named reconfiguration
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4677 - Update key lifetime and metadata after dnssec-policy reconfiguration
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4766 - Fix generation of 6to4-self name expansion from IPv4 address
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4796 - Fix invalid dig +yaml output
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4775 - Reject zero-length ALPN during SVBC ALPN text parsing
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4784 - Fix false QNAME minimisation error being reported
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4806 - Fix dig +timeout argument when using +https

  
  Full release notes available here - https://bind9.readthedocs.io/en/v9.18.30/notes.html

  [Test Plan]

  DEP-8 Tests:

  simpletest - Confirms bind9 daemon starts successfully and dig can
  find 127.0.0.1 through the default setup of bind9

  zonetest - Added in this update, currently in lunar. Confirms the
  functionality of named and bind9 by creating a local DNS zone and
  domain, and having dig look it up

  dyndb-ldap - Verifies functionality of bind-dyndb-ldap against the
  updated bind9 package with a basic setup. This also fails
  intentionally prior to bind-dyndb-ldap being rebuilt against the
  package, as this is a necessary step for bind9 updates.

  validation - This test is provided by Debian and consistently fails
  both before and after the update due to several issues. It is marked
  as flaky, and does not block autopkgtest passing overall

  [Regression Potential]

  Upstream has an extensive build and integration test suite. So
  regressions would likely arise from a change in interaction with
  Ubuntu-specific integrations. Alternatively, regressions may arise for
  users due to behavior changes from the many bug fixes and minor
  feature updates.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2073310/+subscriptions