freeipa team mailing list archive
-
freeipa team
-
Mailing list archive
-
Message #01362
[Bug 2073310] Re: Backport of bind9 for focal, jammy and noble
** Merge proposal linked:
https://code.launchpad.net/~lvoytek/ubuntu/+source/bind9/+git/bind9/+merge/473751
--
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2073310
Title:
Backport of bind9 for focal, jammy and noble
Status in bind-dyndb-ldap package in Ubuntu:
In Progress
Status in bind9 package in Ubuntu:
In Progress
Status in bind-dyndb-ldap source package in Focal:
In Progress
Status in bind9 source package in Focal:
In Progress
Status in bind-dyndb-ldap source package in Jammy:
In Progress
Status in bind9 source package in Jammy:
In Progress
Status in bind-dyndb-ldap source package in Noble:
In Progress
Status in bind9 source package in Noble:
In Progress
Bug description:
This bug tracks an update for the bind9 package, moving to versions:
* Noble (24.04): bind9 9.18.30
* Jammy (22.04): bind9 9.18.30
* Focal (20.04): bind9 9.18.30
These updates include bug fixes following the SRU policy exception
defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
Changes from 9.18.28 - 9.18.30 include:
Features:
Print initial working directory during named startup, and changed working directory when loading or reloading the configuration file
Add max-query-restarts configuration statement
Updates:
Restrain named to specified number of cores when running via taskset, cpuset, or numactl
Reduce default max-recursion-queries value from 100 to 32
Raise the log level of priming failures
Bug fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/4855 - Fix privacy verification of EDDSA keys
https://gitlab.isc.org/isc-projects/bind9/-/issues/4878 - Fix algorithm rollover bug when there are two keys with the same keytag
https://gitlab.isc.org/isc-projects/bind9/-/issues/4449 - Return SERVFAIL for a too long CNAME chain
https://gitlab.isc.org/isc-projects/bind9/-/issues/4733 - Reconfigure catz member zones during named reconfiguration
https://gitlab.isc.org/isc-projects/bind9/-/issues/4677 - Update key lifetime and metadata after dnssec-policy reconfiguration
https://gitlab.isc.org/isc-projects/bind9/-/issues/4766 - Fix generation of 6to4-self name expansion from IPv4 address
https://gitlab.isc.org/isc-projects/bind9/-/issues/4796 - Fix invalid dig +yaml output
https://gitlab.isc.org/isc-projects/bind9/-/issues/4775 - Reject zero-length ALPN during SVBC ALPN text parsing
https://gitlab.isc.org/isc-projects/bind9/-/issues/4784 - Fix false QNAME minimisation error being reported
https://gitlab.isc.org/isc-projects/bind9/-/issues/4806 - Fix dig +timeout argument when using +https
Full release notes available here - https://bind9.readthedocs.io/en/v9.18.30/notes.html
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can
find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the
functionality of named and bind9 by creating a local DNS zone and
domain, and having dig look it up
dyndb-ldap - Verifies functionality of bind-dyndb-ldap against the
updated bind9 package with a basic setup. This also fails
intentionally prior to bind-dyndb-ldap being rebuilt against the
package, as this is a necessary step for bind9 updates.
validation - This test is provided by Debian and consistently fails
both before and after the update due to several issues. It is marked
as flaky, and does not block autopkgtest passing overall
[Regression Potential]
Upstream has an extensive build and integration test suite. So
regressions would likely arise from a change in interaction with
Ubuntu-specific integrations. Alternatively, regressions may arise for
users due to behavior changes from the many bug fixes and minor
feature updates.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2073310/+subscriptions
