from:"Lena Voytek"

[Freeipa] [Bug 2040459] Re: MRE updates of bind9 for noble

2024-04-19 Thread Lena Voytek

Uploaded no-change rebuilds of bind-dyndb-ldap now that bind9 is in
proposed. Once that is accepted I'll verify against proposed

** Also affects: bind-dyndb-ldap (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: bind-dyndb-ldap (Ubuntu Noble)
   Status: New => Fix Released

** Changed in: bind-dyndb-ldap (Ubuntu Mantic)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: bind-dyndb-ldap (Ubuntu Jammy)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: bind-dyndb-ldap (Ubuntu Jammy)
   Status: New => In Progress

** Changed in: bind-dyndb-ldap (Ubuntu Mantic)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2040459

Title:
  MRE updates of bind9 for noble

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Jammy:
  In Progress
Status in bind9 source package in Jammy:
  Fix Committed
Status in bind-dyndb-ldap source package in Mantic:
  In Progress
Status in bind9 source package in Mantic:
  Fix Committed
Status in bind-dyndb-ldap source package in Noble:
  Fix Released
Status in bind9 source package in Noble:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Mantic (23.10): bind9 9.18.24
  * Jammy (22.04): bind9 9.18.24

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  Changes from 9.18.18 - 9.18.24 include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2023-3341
  CVE-2023-4236
  CVE-2023-4408
  CVE-2023-5517
  CVE-2023-5679
  CVE-2023-50387
  CVE-2023-50868

  Deprecations:
  Use of AES as the DNS COOKIE algorithm
  resolver-nonbackoff-tries and resolver-retry-interval statements
  dnssec-must-be-secure option

  Updates:
  Update IP addresses for B.ROOT-SERVERS.NET to 170.247.170.2 and 
2801:1b8:10::b.
  Honor nsupdate -v option for SOA queries by sending both the UPDATE request 
and the initial query over TCP.
  Reduce memory consumption through dedicated jemalloc memory arenas.

  Bug fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4467 - Fix accidental 
truncation to 32 bit of statistics channel counters.
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4350 - Do not schedule 
unsigned versions of inline-signed zones containing DNSSEC records for 
resigning.
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4355 - Take local 
authoritive data into account when looking up stale data from the cache.
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4386 - Fix assertion 
failure when lock-file used at the same time as named -X.
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4387 - Fix lockfile 
removal issue when starting named 3+ times.
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4124 - Fix validation of 
If-Modified-Since header in statistics channel for its length.
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4125 - Add Content-Length 
header bounds check to avoid integer overflow.
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4159 - Fix memory leaks 
from OpenSSL error stack.
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4280 - Fix SERVFAIL 
responses after introduction of krb5-subdomain-self-rhs and 
ms-subdomain-self-rhs UPDATE policies.
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4278 - Fix accidental 
disable of stale-refresh-time feature on rndc flush.
  https://gitlab.isc.org/isc-projects/bind9/-/issues/4255 - Fix possible DNS 
message corruption from partial writes in TLS DNS.

  Full release notes available here -
  https://bind9.readthedocs.io/en/v9.18.24/notes.html

  [Test Plan]

  DEP-8 Tests:

  simpletest - Confirms bind9 daemon starts successfully and dig can
  find 127.0.0.1 through the default setup of bind9

  zonetest - Added in this update, currently in lunar. Confirms the
  functionality of named and bind9 by creating a local DNS zone and
  domain, and having dig look it up

  dyndb-ldap - Verifies functionality of bind-dyndb-ldap against the
  updated bind9 package with a basic setup. This also fails
  intentionally prior to bind-dyndb-ldap being rebuilt against the
  package, as this is a necessary step for bind9 updates.

  validation - This test is provided by Debian and consistently fails
  both before and after the update due to several issues. It is marked
  as flaky, and does not block autopkgtest passing overall

  [Regression Potential]

  Upstream has an extensive build and integration test suite. So
  regressions would likely arise from a change in interaction with
  Ubuntu-specific integrations. Alternatively, regressions may arise for
  users due to behavior changes from the

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

2024-04-09 Thread Lena Voytek

Focal was updated to the latest 9.16.x version by security in
1:9.16.48-0ubuntu0.20.04.1, marking fix released

** Changed in: bind9 (Ubuntu Focal)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.39

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind9 source package in Focal:
  Fix Released
Status in bind-dyndb-ldap source package in Jammy:
  Fix Released
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Released
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.39

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3200

  This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972

  Full release notes for versions 9.18.2-9.18.12:
  https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
  bind-9-18-12

  For bind9 9.16.2-9.16.39, major

[Freeipa] [Bug 2040359] Re: Merge bind9 from Debian unstable for noble

2024-02-06 Thread Lena Voytek

set to insecure.
+ Fix the ability to read HMAC-MD5 key files (LP: #2015176).
+ Fix stability issues with the catalog zone implementation.
  - See https://bind9.readthedocs.io/en/v9.18.18/notes.html for additional
information.

   -- Lena Voytek   Tue, 05 Sep 2023 13:20:06
  -0700

  bind9 (1:9.18.16-1ubuntu4) mantic; urgency=medium

* d/t/dyndb-ldap: allow writing to the dns tree (LP: #2034250)

   -- Andreas Hasenack   Tue, 05 Sep 2023
  10:20:27 -0300

  bind9 (1:9.18.16-1ubuntu3) mantic; urgency=medium

* d/t/control: exclude the i386 architecture for the dyndb-ldap test,
  since bind9-dyndb-ldap is not available there on Ubuntu
* d/t/dyndb-ldap: fix for the ldap bind9 dn entry

   -- Andreas Hasenack   Wed, 30 Aug 2023
  10:14:04 -0300

  bind9 (1:9.18.16-1ubuntu2) mantic; urgency=medium

* d/t/control, d/t/dyndb-ldap: add DEP8 test (LP: #2032650)

   -- Andreas Hasenack   Tue, 22 Aug 2023
  09:24:02 -0300

  bind9 (1:9.18.16-1ubuntu1) mantic; urgency=medium

* Merge with Debian unstable (LP: #2018050). Remaining changes:
  - Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
  protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/rules: don't build dnstap nor install dnstap.proto
  - Add back apport:
+ d/bind9.apport: add back old bind9 apport hook, but without calling
  attach_conffiles() since that is already done by apport itself, with
  confirmation from the user.
+ d/control, d/rules: build-depends on dh-apport and use it
  - d/control: remove optional libjemalloc-dev Build-Depends as it is not in
main.
  - d/NEWS: mention relevant packaging changes
  - Improve dep-8 test suite (LP #2003584):
+ d/t/zonetest: Add dep8 test for checking the domain zone creation
  process
+ d/t/control: Add new test outline
* Added Changes:
  - d/po/de.po: Fix German UTF-8 encoding
  - d/copyright: Fix lintian warnings
+ Remove the entry for lib/isc/hp.c lib/isc/include/isc/hp.h as they 
were
  deleted in 9.18.2
+ Remove the entry for lib/isc/include/pkcs11/pkcs11.h as it is no 
longer
  bundled as of 9.17.19
+ Update the location of random_test.c and add info about its public
  domain section
+ Add wildcards to folders as needed
+ Note that m4/ uses the FSFAP license
  - d/control: Remove lsb-base dependency as it is no longer needed
+ See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019851

   -- Lena Voytek   Mon, 26 Jun 2023 14:25:50
  -0700

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2040359/+subscriptions


___
Mailing list: https://launchpad.net/~freeipa
Post to : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help   : https://help.launchpad.net/ListHelp

[Freeipa] [Bug 2040359] Re: Merge bind9 from Debian unstable for noble

2024-01-29 Thread Lena Voytek

** Also affects: bind-dyndb-ldap (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: bind-dyndb-ldap (Ubuntu)
   Status: New => In Progress

** Changed in: bind-dyndb-ldap (Ubuntu)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2040359

Title:
  Merge bind9 from Debian unstable for noble

Status in bind-dyndb-ldap package in Ubuntu:
  In Progress
Status in bind9 package in Ubuntu:
  In Progress

Bug description:
  Upstream: 9.18.19
  Debian:   1:9.19.17-1
  Ubuntu:   1:9.18.18-0ubuntu2

  Debian does new releases regularly, so it's likely there will be newer
  versions available before FF that we can pick up if this merge is done
  later in the cycle.

  If it turns out this needs a sync rather than a merge, please change
  the tag 'needs-merge' to 'needs-sync', and (optionally) update the
  title as desired.

  
  ### New Debian Changes ###

  bind9 (1:9.19.17-1) unstable; urgency=medium

* New upstream version 9.19.17
 - CVE-2023-3341: A stack exhaustion flaw in control channel code may
   cause named to terminate unexpectedly (Closes: #1052416)
 - CVE-2023-4236: named may terminate unexpectedly under high
   DNS-over-TLS query load (Closes: #1052417)

   -- Ondřej Surý   Wed, 20 Sep 2023 18:13:07 +0200

  bind9 (1:9.19.16-1) experimental; urgency=medium

* New upstream version 9.19.16

   -- Ondřej Surý   Wed, 16 Aug 2023 17:54:24 +0200

  bind9 (1:9.19.15-1) experimental; urgency=medium

* New upstream version 9.19.15

   -- Ondřej Surý   Wed, 19 Jul 2023 14:16:46 +0200

  bind9 (1:9.19.14-1) experimental; urgency=medium

* New upstream version 9.19.14

   -- Ondřej Surý   Wed, 21 Jun 2023 21:00:01 +0200

  bind9 (1:9.19.13-1) experimental; urgency=medium

* New upstream version 9.19.13

   -- Ondřej Surý   Wed, 17 May 2023 17:50:48 +0200

  bind9 (1:9.19.12-2) experimental; urgency=medium

* Add liburcu-dev to Build-Depends

   -- Ondřej Surý   Thu, 20 Apr 2023 14:24:06 +0200

  bind9 (1:9.19.12-1) experimental; urgency=medium

* New upstream version 9.19.12

   -- Ondřej Surý   Wed, 19 Apr 2023 15:01:59 +0200

  bind9 (1:9.19.11-1) experimental; urgency=medium

* New upstream version 9.19.11
* Update the d/bind9-dev.install, d/bind9.install and d/not-installed
  after library squash

   -- Ondřej Surý   Wed, 15 Mar 2023 18:27:20 +0100

  bind9 (1:9.19.10-1) experimental; urgency=medium

* New upstream version 9.19.10
* Drop libtool-bin from B-D (Closes: #1022968)

   -- Ondřej Surý   Fri, 10 Feb 2023 15:16:29 +0100

  bind9 (1:9.19.9-2) experimental; urgency=medium

* Allow the named to use systemd notify service

   -- Ondřej Surý   Thu, 26 Jan 2023 21:18:35 +0100

  bind9 (1:9.19.9-1) experimental; urgency=medium

* New upstream version 9.19.9

   -- Ondřej Surý   Wed, 25 Jan 2023 16:04:03 +0100

  bind9 (1:9.19.8-1) experimental; urgency=medium

* New upstream version 9.19.8

   -- Ondřej Surý   Wed, 21 Dec 2022 18:02:17 +0100

  bind9 (1:9.19.7-1) experimental; urgency=medium

* New upstream version 9.19.7

   -- Ondřej Surý   Wed, 16 Nov 2022 14:05:15 +0100

  bind9 (1:9.19.6-2) experimental; urgency=medium

* Use systemd notify for service readyness check (Closes: #994696)

   -- Bernhard Schmidt   Sun, 30 Oct 2022 00:14:05
  +0200

  bind9 (1:9.19.6-1) experimental; urgency=medium

* New upstream version 9.19.6

   -- Ondřej Surý   Wed, 19 Oct 2022 15:06:31 +0200

  bind9 (1:9.19.5-1) experimental; urgency=medium

* New upstream version 9.19.5


  ### Old Ubuntu Delta ###

  bind9 (1:9.18.18-0ubuntu2) mantic; urgency=medium

* SECURITY UPDATE: DoS via recusive packet parsing
  - debian/patches/CVE-2023-3341.patch: add a max depth check to
lib/isc/include/isc/result.h, lib/isc/result.c, lib/isccc/cc.c.
  - CVE-2023-3341
* SECURITY UPDATE: Dos via DNS-over-TLS queries
  - debian/patches/CVE-2023-4236.patch: check return code in
lib/isc/netmgr/tlsdns.c.
  - CVE-2023-4236

   -- Marc Deslauriers   Wed, 20 Sep 2023
  12:45:21 -0400

  bind9 (1:9.18.18-0ubuntu1) mantic; urgency=medium

* New upstream release 9.18.18 (LP: #2034367)
  - Updates:
+ Mark a primary server as temporarily unreachable when a TCP connection
  response to an SOA query times out, matching behavior of a refused TCP
  connection.
+ Mark dialup and heartbeat-interval options as deprecated.
+ Retry DNS queries without an EDNS COOKIE when the first response is
  FORMERR with the EDNS COOKIE that was sent originally.
+ Use NS records for the relaxed QNAME minimization mode to reduce the
  number of queries from named.
  - Bug Fixes:
+ Fix assertion failure from processing already-queued queries while
  server is

[Freeipa] [Bug 2028413] Re: MRE updates of bind9 for focal, jammy and lunar

2023-10-02 Thread Lena Voytek

Verified for lunar and jammy through general installation and
autopkgtest runs

https://autopkgtest.ubuntu.com/results/autopkgtest-
jammy/jammy/amd64/b/bind9/20230930_080730_efc3c@/log.gz

https://autopkgtest.ubuntu.com/results/autopkgtest-
lunar/lunar/amd64/b/bind9/20230930_080744_bd93f@/log.gz

** Tags removed: verification-needed verification-needed-jammy 
verification-needed-lunar
** Tags added: verification-done verification-done-jammy verification-done-lunar

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2028413

Title:
  MRE updates of bind9 for focal, jammy and lunar

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Focal:
  Triaged
Status in bind9 source package in Focal:
  Triaged
Status in bind-dyndb-ldap source package in Jammy:
  Fix Committed
Status in bind9 source package in Jammy:
  Fix Committed
Status in bind-dyndb-ldap source package in Lunar:
  Fix Committed
Status in bind9 source package in Lunar:
  Fix Committed

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

   * lunar (23.04): bind9 9.18.18
   * jammy (22.04): bind9 9.18.18
   * focal (20.04): bind9 9.16.43

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  9.18.13-9.18.18 for lunar and jammy:

  Updates:

  Mark a primary server as temporarily unreachable when a TCP connection 
response to an SOA query times out, matching behavior of a refused TCP 
connection.
  Mark dialup and heartbeat-interval options as deprecated.
  Retry DNS queries without an EDNS COOKIE when the first response is FORMERR 
with the EDNS COOKIE that was sent originally.
  Use NS records for the relaxed QNAME minimization mode to reduce the number 
of queries from named.
  Mark TKEY mode 2 as deprecated.
  Mark delegation-only and root-delegation-only as deprecated.
  Run RPZ and catalog zone updates on specialized offload threads to reduce 
blocked query processing time.

  Bug Fixes:

  Fix assertion failure from processing already-queued queries while server is 
being reconfigured or cache is being flushed.
  Fix failure to load zones containing resource records with a TTL value larger 
than 86400 seconds when dnssec-policy is set to insecure.
  Fix the ability to read HMAC-MD5 key files (LP: #2015176).
  Fix stability issues with the catalog zone implementation.
  Fix bind9 getting stuck when listen-on statement for HTTP is removed from 
configuration.
  Do not return delegation from cache after stale-answer-client-timeout.
  Fix failure to auto-tune clients-per-query limit in some situations.
  Fix proper timeouts when using max-transfer-time-in and max-transfer-idle-in 
statements.
  Bring rndc read timeout back to 60 seconds from 30.
  Treat libuv returning ISC_R_INVALIDPROTO as a network error.
  Clean up empty-non-terminal NSEC3 records.
  Fix log file rotation cleanup for absolute file path destinations.
  Fix various catalog zone processing crashes.
  Fix transfer hang when downloading large zones over TLS.
  Fix named crash when adding a new zone into the configuration file for a name 
which was already configured as a member zone for a catalog zone.
  Delay DNSSEC key queries until all zones have finished loading.

  CVE Fixes - already available as patches:

  CVE-2023-2828
  CVE-2023-2911

  For full release notes, see:
  https://bind9.readthedocs.io/en/v9.18.18/notes.html#notes-for-
  bind-9-18-18

  While there are behavioral changes in this release, I was unable to
  find any backwards-incompatible changes. Some features were marked as
  deprecated, but are still usable as they were before. Other changes
  are related to performance and timeout management, neither of which
  should change how bind9 works, but are worth keeping an eye on in case
  any regressions arise.

  [Test Plan]

  DEP-8 test results:

  simpletest PASS
  validation FLAKY non-zero exit status 1
  zonetest PASS
  dyndb-ldap PASS

  validation is known to be broken in its current state, both due to a
  need for internet access and incorrect output checking, so the failure
  is expected.

  [Other Information]

  Note to SRU team: this update must happen together with src:bind-dyndb-ldap, 
and in a particular order:
  - first src:bind9 must be accepted
  - once src:bind9 is fully built in all architectures, *then* 
src:bind-dyndb-ldap can be accepted. In other words, src:bind-dyndb-ldap must 
build with the new src:bind9 version.
  - it is expected that until both packages are in proposed and built in the 
correct order, DEP8 tests will fail. That's our safeguard against mistakenly 
releasing them out of sync

  [Regression Potential]

  Upstream has an extensive build and integration test suite. So
  regressions would likely

[Freeipa] [Bug 2032650] Re: Add DEP8 tests for bind-dyndb-ldap integration

2023-10-02 Thread Lena Voytek

Verified for lunar and jammy through autopkgtest runs:

https://autopkgtest.ubuntu.com/results/autopkgtest-
jammy/jammy/amd64/b/bind9/20230930_080730_efc3c@/log.gz

https://autopkgtest.ubuntu.com/results/autopkgtest-
lunar/lunar/amd64/b/bind9/20230930_080744_bd93f@/log.gz

** Tags removed: block-proposed-jammy block-proposed-lunar verification-needed 
verification-needed-done verification-needed-jammy verification-needed-lunar
** Tags added: verification-done verification-done-jammy verification-done-lunar

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2032650

Title:
  Add DEP8 tests for bind-dyndb-ldap integration

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Jammy:
  Fix Released
Status in bind9 source package in Jammy:
  Fix Committed
Status in bind-dyndb-ldap source package in Lunar:
  Fix Committed
Status in bind9 source package in Lunar:
  Fix Committed
Status in bind-dyndb-ldap source package in Mantic:
  Fix Released
Status in bind9 source package in Mantic:
  Fix Released

Bug description:
  [ Impact ]

  bind-dyndb-ldap breaks very frequently with bind9 updates. Both must
  have DEP8 tests so these breakages can be caught before a release.

  [ Test Plan ]

  For both packages, the test plan consists in having the new dyndb-ldap
  DEP8 test run and succeed.

  [ Where problems could occur ]
  With this new DEP8 change, a bind9 update can be blocked by a bind-dyndb-ldap 
failure to build or run with it.

  While this is exactly the intent (not leave a broken bind-dyndb-ldap
  package in the release), there is a history indicating that bind-
  dyndb-ldap can be late in catching up to bind9 changes. We may reach a
  situation where an important bind9 security update, for example, will
  be blocked by a failing dyndb-ldap test, and it may be difficult to
  fix bind-dyndb-ldap in time, specially if the security update is under
  embargo and the bind-dyndb-ldap developers do not yet have details of
  the changes.

  
  [ Other Info ]
   
  The same test is to be applied to the bind9 package, and is already in 
mantic. But SRUs for DEP8 changes only are frowned upon, so the plan is to 
upload it to proposed and block it there, but AFTER bind-dyndb-ldap has been 
released.

  The tight coupling between bind9 and bind-dyndb-ldap is problematic
  (see [1], [2] and [3]). The moment a new bind9 hits proposed with this
  test, it fill fail until a new bind-dyndb-ldap is rebuilt with that
  proposed version.

  One option would perhaps to accept a one-time DEP8-only change for
  bind9, so that we can upload both packages together, instead of
  leaving this in proposed with a blocking tag, to be picked up by the
  next bind9 "real" update?

  
  1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014503
  2. https://pagure.io/bind-dyndb-ldap/issue/225
  3. https://salsa.debian.org/dns-team/bind9/-/merge_requests/21

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2032650/+subscriptions


___
Mailing list: https://launchpad.net/~freeipa
Post to : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help   : https://help.launchpad.net/ListHelp

[Freeipa] [Bug 2028413] Re: MRE updates of bind9 for focal, jammy and lunar

2023-09-21 Thread Lena Voytek

** Description changed:

  This bug tracks an update for the bind9 package, moving to versions:
  
   * lunar (23.04): bind9 9.18.18
   * jammy (22.04): bind9 9.18.18
   * focal (20.04): bind9 9.16.43
  
  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.
  
  [Upstream changes]
  
  9.18.13-9.18.18 for lunar and jammy:
  
  Updates:
  
  Mark a primary server as temporarily unreachable when a TCP connection 
response to an SOA query times out, matching behavior of a refused TCP 
connection.
  Mark dialup and heartbeat-interval options as deprecated.
  Retry DNS queries without an EDNS COOKIE when the first response is FORMERR 
with the EDNS COOKIE that was sent originally.
  Use NS records for the relaxed QNAME minimization mode to reduce the number 
of queries from named.
  Mark TKEY mode 2 as deprecated.
  Mark delegation-only and root-delegation-only as deprecated.
  Run RPZ and catalog zone updates on specialized offload threads to reduce 
blocked query processing time.
  
  Bug Fixes:
  
  Fix assertion failure from processing already-queued queries while server is 
being reconfigured or cache is being flushed.
  Fix failure to load zones containing resource records with a TTL value larger 
than 86400 seconds when dnssec-policy is set to insecure.
  Fix the ability to read HMAC-MD5 key files (LP: #2015176).
  Fix stability issues with the catalog zone implementation.
  Fix bind9 getting stuck when listen-on statement for HTTP is removed from 
configuration.
  Do not return delegation from cache after stale-answer-client-timeout.
  Fix failure to auto-tune clients-per-query limit in some situations.
  Fix proper timeouts when using max-transfer-time-in and max-transfer-idle-in 
statements.
  Bring rndc read timeout back to 60 seconds from 30.
  Treat libuv returning ISC_R_INVALIDPROTO as a network error.
  Clean up empty-non-terminal NSEC3 records.
  Fix log file rotation cleanup for absolute file path destinations.
  Fix various catalog zone processing crashes.
  Fix transfer hang when downloading large zones over TLS.
  Fix named crash when adding a new zone into the configuration file for a name 
which was already configured as a member zone for a catalog zone.
  Delay DNSSEC key queries until all zones have finished loading.
  
  CVE Fixes - already available as patches:
  
  CVE-2023-2828
  CVE-2023-2911
  
  For full release notes, see:
  https://bind9.readthedocs.io/en/v9.18.18/notes.html#notes-for-
  bind-9-18-18
  
  While there are behavioral changes in this release, I was unable to find
  any backwards-incompatible changes. Some features were marked as
  deprecated, but are still usable as they were before. Other changes are
  related to performance and timeout management, neither of which should
  change how bind9 works, but are worth keeping an eye on in case any
  regressions arise.
  
  [Test Plan]
  
  DEP-8 test results:
  
  simpletest PASS
  validation FLAKY non-zero exit status 1
  zonetest PASS
+ dyndb-ldap PASS
  
  validation is known to be broken in its current state, both due to a
  need for internet access and incorrect output checking, so the failure
  is expected.
  
  [Regression Potential]
  
  Upstream has an extensive build and integration test suite. So
  regressions would likely arise from a change in interaction with Ubuntu-
  specific integrations.

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2028413

Title:
  MRE updates of bind9 for focal, jammy and lunar

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Focal:
  Triaged
Status in bind9 source package in Focal:
  Triaged
Status in bind-dyndb-ldap source package in Jammy:
  In Progress
Status in bind9 source package in Jammy:
  In Progress
Status in bind-dyndb-ldap source package in Lunar:
  In Progress
Status in bind9 source package in Lunar:
  In Progress

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

   * lunar (23.04): bind9 9.18.18
   * jammy (22.04): bind9 9.18.18
   * focal (20.04): bind9 9.16.43

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  9.18.13-9.18.18 for lunar and jammy:

  Updates:

  Mark a primary server as temporarily unreachable when a TCP connection 
response to an SOA query times out, matching behavior of a refused TCP 
connection.
  Mark dialup and heartbeat-interval options as deprecated.
  Retry DNS queries without an EDNS COOKIE when the first response is FORMERR 
with the EDNS COOKIE that was sent originally.
  Use NS records for the relaxed QNAME minimization mode to reduce the number 
of queries from named.
  Mark TKEY mode 2 as deprecated.
  Mark delegation-only

[Freeipa] [Bug 2032650] Re: Add DEP8 tests for bind-dyndb-ldap integration

2023-09-20 Thread Lena Voytek

** Changed in: bind9 (Ubuntu Jammy)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: bind9 (Ubuntu Lunar)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: bind9 (Ubuntu Jammy)
   Status: New => In Progress

** Changed in: bind9 (Ubuntu Lunar)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2032650

Title:
  Add DEP8 tests for bind-dyndb-ldap integration

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Jammy:
  Fix Committed
Status in bind9 source package in Jammy:
  In Progress
Status in bind-dyndb-ldap source package in Lunar:
  Fix Committed
Status in bind9 source package in Lunar:
  In Progress
Status in bind-dyndb-ldap source package in Mantic:
  Fix Released
Status in bind9 source package in Mantic:
  Fix Released

Bug description:
  [ Impact ]

  bind-dyndb-ldap breaks very frequently with bind9 updates. Both must
  have DEP8 tests so these breakages can be caught before a release.

  [ Test Plan ]

  For both packages, the test plan consists in having the new dyndb-ldap
  DEP8 test run and succeed.

  [ Where problems could occur ]
  With this new DEP8 change, a bind9 update can be blocked by a bind-dyndb-ldap 
failure to build or run with it.

  While this is exactly the intent (not leave a broken bind-dyndb-ldap
  package in the release), there is a history indicating that bind-
  dyndb-ldap can be late in catching up to bind9 changes. We may reach a
  situation where an important bind9 security update, for example, will
  be blocked by a failing dyndb-ldap test, and it may be difficult to
  fix bind-dyndb-ldap in time, specially if the security update is under
  embargo and the bind-dyndb-ldap developers do not yet have details of
  the changes.

  
  [ Other Info ]
   
  The same test is to be applied to the bind9 package, and is already in 
mantic. But SRUs for DEP8 changes only are frowned upon, so the plan is to 
upload it to proposed and block it there, but AFTER bind-dyndb-ldap has been 
released.

  The tight coupling between bind9 and bind-dyndb-ldap is problematic
  (see [1], [2] and [3]). The moment a new bind9 hits proposed with this
  test, it fill fail until a new bind-dyndb-ldap is rebuilt with that
  proposed version.

  One option would perhaps to accept a one-time DEP8-only change for
  bind9, so that we can upload both packages together, instead of
  leaving this in proposed with a blocking tag, to be picked up by the
  next bind9 "real" update?

  
  1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014503
  2. https://pagure.io/bind-dyndb-ldap/issue/225
  3. https://salsa.debian.org/dns-team/bind9/-/merge_requests/21

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2032650/+subscriptions


___
Mailing list: https://launchpad.net/~freeipa
Post to : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help   : https://help.launchpad.net/ListHelp

[Freeipa] [Bug 2028413] Re: MRE updates of bind9 for focal, jammy and lunar

2023-09-19 Thread Lena Voytek

** Description changed:

  This bug tracks an update for the bind9 package, moving to versions:
  
   * lunar (23.04): bind9 9.18.18
   * jammy (22.04): bind9 9.18.18
   * focal (20.04): bind9 9.16.43
  
  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.
  
  [Upstream changes]
  
  9.18.13-9.18.18 for lunar and jammy:
  
  Updates:
  
  Mark a primary server as temporarily unreachable when a TCP connection 
response to an SOA query times out, matching behavior of a refused TCP 
connection.
  Mark dialup and heartbeat-interval options as deprecated.
  Retry DNS queries without an EDNS COOKIE when the first response is FORMERR 
with the EDNS COOKIE that was sent originally.
  Use NS records for the relaxed QNAME minimization mode to reduce the number 
of queries from named.
  Mark TKEY mode 2 as deprecated.
  Mark delegation-only and root-delegation-only as deprecated.
  Run RPZ and catalog zone updates on specialized offload threads to reduce 
blocked query processing time.
  
  Bug Fixes:
  
  Fix assertion failure from processing already-queued queries while server is 
being reconfigured or cache is being flushed.
  Fix failure to load zones containing resource records with a TTL value larger 
than 86400 seconds when dnssec-policy is set to insecure.
  Fix the ability to read HMAC-MD5 key files (LP: #2015176).
  Fix stability issues with the catalog zone implementation.
  Fix bind9 getting stuck when listen-on statement for HTTP is removed from 
configuration.
  Do not return delegation from cache after stale-answer-client-timeout.
  Fix failure to auto-tune clients-per-query limit in some situations.
  Fix proper timeouts when using max-transfer-time-in and max-transfer-idle-in 
statements.
  Bring rndc read timeout back to 60 seconds from 30.
  Treat libuv returning ISC_R_INVALIDPROTO as a network error.
  Clean up empty-non-terminal NSEC3 records.
  Fix log file rotation cleanup for absolute file path destinations.
  Fix various catalog zone processing crashes.
  Fix transfer hang when downloading large zones over TLS.
  Fix named crash when adding a new zone into the configuration file for a name 
which was already configured as a member zone for a catalog zone.
  Delay DNSSEC key queries until all zones have finished loading.
  
- 
  CVE Fixes - already available as patches:
  
  CVE-2023-2828
  CVE-2023-2911
  
  For full release notes, see:
  https://bind9.readthedocs.io/en/v9.18.18/notes.html#notes-for-
  bind-9-18-18
  
  While there are behavioral changes in this release, I was unable to find
  any backwards-incompatible changes. Some features were marked as
  deprecated, but are still usable as they were before. Other changes are
  related to performance and timeout management, neither of which should
  change how bind9 works, but are worth keeping an eye on in case any
  regressions arise.
  
  [Test Plan]
  
- TODO: Check DEP-8 and reverse-depends DEP-8 tests pass
- TODO: if there are any non passing tests - explain why that is ok in this case
- TODO: add results of an autopkgtest run against all the new versions
+ DEP-8 test results:
+ 
+ simpletest PASS
+ validation FLAKY non-zero exit status 1
+ zonetest PASS
+ 
+ validation is known to be broken in its current state, both due to a
+ need for internet access and incorrect output checking, so the failure
+ is expected.
  
  [Regression Potential]
  
  Upstream has an extensive build and integration test suite. So
  regressions would likely arise from a change in interaction with Ubuntu-
  specific integrations.
- 
- TODO: consider any other regression potential specific to the version being
- updated and list if any.

** Merge proposal linked:
   
https://code.launchpad.net/~lvoytek/ubuntu/+source/bind9/+git/bind9/+merge/451681

** Merge proposal linked:
   
https://code.launchpad.net/~lvoytek/ubuntu/+source/bind9/+git/bind9/+merge/451683

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2028413

Title:
  MRE updates of bind9 for focal, jammy and lunar

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Focal:
  Triaged
Status in bind9 source package in Focal:
  Triaged
Status in bind-dyndb-ldap source package in Jammy:
  In Progress
Status in bind9 source package in Jammy:
  In Progress
Status in bind-dyndb-ldap source package in Lunar:
  In Progress
Status in bind9 source package in Lunar:
  In Progress

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

   * lunar (23.04): bind9 9.18.18
   * jammy (22.04): bind9 9.18.18
   * focal (20.04): bind9 9.16.43

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  9.18.13-9.18.18 for lunar

[Freeipa] [Bug 2028413] Re: MRE updates of bind9 for focal, jammy and lunar

2023-09-19 Thread Lena Voytek

** Also affects: bind-dyndb-ldap (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: bind-dyndb-ldap (Ubuntu Jammy)
   Status: New => In Progress

** Changed in: bind-dyndb-ldap (Ubuntu Lunar)
   Status: New => In Progress

** Changed in: bind-dyndb-ldap (Ubuntu)
   Status: New => Fix Released

** Changed in: bind-dyndb-ldap (Ubuntu Focal)
   Status: New => Triaged

** Changed in: bind9 (Ubuntu Focal)
   Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2028413

Title:
  MRE updates of bind9 for focal, jammy and lunar

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Focal:
  Triaged
Status in bind9 source package in Focal:
  Triaged
Status in bind-dyndb-ldap source package in Jammy:
  In Progress
Status in bind9 source package in Jammy:
  In Progress
Status in bind-dyndb-ldap source package in Lunar:
  In Progress
Status in bind9 source package in Lunar:
  In Progress

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

   * lunar (23.04): bind9 9.18.18
   * jammy (22.04): bind9 9.18.18
   * focal (20.04): bind9 9.16.43

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  9.18.13-9.18.18 for lunar and jammy:

  Updates:

  Mark a primary server as temporarily unreachable when a TCP connection 
response to an SOA query times out, matching behavior of a refused TCP 
connection.
  Mark dialup and heartbeat-interval options as deprecated.
  Retry DNS queries without an EDNS COOKIE when the first response is FORMERR 
with the EDNS COOKIE that was sent originally.
  Use NS records for the relaxed QNAME minimization mode to reduce the number 
of queries from named.
  Mark TKEY mode 2 as deprecated.
  Mark delegation-only and root-delegation-only as deprecated.
  Run RPZ and catalog zone updates on specialized offload threads to reduce 
blocked query processing time.

  Bug Fixes:

  Fix assertion failure from processing already-queued queries while server is 
being reconfigured or cache is being flushed.
  Fix failure to load zones containing resource records with a TTL value larger 
than 86400 seconds when dnssec-policy is set to insecure.
  Fix the ability to read HMAC-MD5 key files (LP: #2015176).
  Fix stability issues with the catalog zone implementation.
  Fix bind9 getting stuck when listen-on statement for HTTP is removed from 
configuration.
  Do not return delegation from cache after stale-answer-client-timeout.
  Fix failure to auto-tune clients-per-query limit in some situations.
  Fix proper timeouts when using max-transfer-time-in and max-transfer-idle-in 
statements.
  Bring rndc read timeout back to 60 seconds from 30.
  Treat libuv returning ISC_R_INVALIDPROTO as a network error.
  Clean up empty-non-terminal NSEC3 records.
  Fix log file rotation cleanup for absolute file path destinations.
  Fix various catalog zone processing crashes.
  Fix transfer hang when downloading large zones over TLS.
  Fix named crash when adding a new zone into the configuration file for a name 
which was already configured as a member zone for a catalog zone.
  Delay DNSSEC key queries until all zones have finished loading.

  
  CVE Fixes - already available as patches:

  CVE-2023-2828
  CVE-2023-2911

  For full release notes, see:
  https://bind9.readthedocs.io/en/v9.18.18/notes.html#notes-for-
  bind-9-18-18

  While there are behavioral changes in this release, I was unable to
  find any backwards-incompatible changes. Some features were marked as
  deprecated, but are still usable as they were before. Other changes
  are related to performance and timeout management, neither of which
  should change how bind9 works, but are worth keeping an eye on in case
  any regressions arise.

  [Test Plan]

  TODO: Check DEP-8 and reverse-depends DEP-8 tests pass
  TODO: if there are any non passing tests - explain why that is ok in this case
  TODO: add results of an autopkgtest run against all the new versions

  [Regression Potential]

  Upstream has an extensive build and integration test suite. So
  regressions would likely arise from a change in interaction with
  Ubuntu-specific integrations.

  TODO: consider any other regression potential specific to the version being
  updated and list if any.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2028413/+subscriptions


___
Mailing list: https://launchpad.net/~freeipa
Post to : freeipa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~freeipa
More help   : https://help.launchpad.net/ListHelp

[Freeipa] [Bug 2018050] Re: Merge bind9 from Debian unstable for mantic

2023-06-28 Thread Lena Voytek

** Changed in: bind-dyndb-ldap (Ubuntu)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: bind-dyndb-ldap (Ubuntu)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2018050

Title:
  Merge bind9 from Debian unstable for mantic

Status in bind-dyndb-ldap package in Ubuntu:
  In Progress
Status in bind9 package in Ubuntu:
  In Progress

Bug description:
  Upstream: 9.18.14
  Debian:   1:9.18.13-11:9.19.11-1
  Ubuntu:   1:9.18.12-1ubuntu1

  Debian new has 1:9.19.11-1, which may be available for merge soon.

  If it turns out this needs a sync rather than a merge, please change
  the tag 'needs-merge' to 'needs-sync', and (optionally) update the
  title as desired.

  
  ### New Debian Changes ###

  bind9 (1:9.18.13-1) unstable; urgency=medium

* New upstream version 9.18.13

   -- Ondřej Surý   Wed, 15 Mar 2023 18:11:29 +0100

  bind9 (1:9.18.12-1) unstable; urgency=medium

* New upstream version 9.18.12
* Drop libtool-bin from B-D (Closes: #1022968)

   -- Ondřej Surý   Fri, 10 Feb 2023 15:15:49 +0100

  bind9 (1:9.18.11-2) unstable; urgency=medium

* Allow the named to use systemd notify service

   -- Ondřej Surý   Thu, 26 Jan 2023 21:13:55 +0100

  bind9 (1:9.18.11-1) unstable; urgency=medium

* New upstream version 9.18.11

   -- Ondřej Surý   Wed, 25 Jan 2023 15:51:35 +0100

  bind9 (1:9.18.10-2) unstable; urgency=medium

* Backport upstream feature to use sd_notify()
* Use systemd notify for service readyness check (Closes: #994696)
* apparmor.d: Allow named to read all OpenSSL config files.
  (Closes: #1025519)
* apparmor.d: Allow named to query for hugepages support.
  (Closes: #1020315)
* Fix path to README.Debian (Closes: #1016646)

   -- Bernhard Schmidt   Thu, 22 Dec 2022 17:12:17
  +0100

  bind9 (1:9.18.10-1) unstable; urgency=medium

* New upstream version 9.18.10

   -- Ondřej Surý   Wed, 21 Dec 2022 18:00:33 +0100

  bind9 (1:9.18.9-1) unstable; urgency=medium

* New upstream version 9.18.9

   -- Ondřej Surý   Wed, 16 Nov 2022 14:00:05 +0100

  bind9 (1:9.18.8-1) unstable; urgency=medium

* New upstream version 9.18.8

   -- Ondřej Surý   Wed, 19 Oct 2022 14:58:38 +0200

  bind9 (1:9.18.7-1) unstable; urgency=medium

* New upstream version 9.18.7
 - CVE-2022-2795: Processing large delegations may severely degrade
   resolver performance
 - CVE-2022-2881: Buffer overread in statistics channel code
 - CVE-2022-2906: Memory leaks in code handling Diffie-Hellman key
   exchange via TKEY RRs (OpenSSL 3.0.0+ only)
 - CVE-2022-3080: BIND 9 resolvers configured to answer from stale
   cache with zero stale-answer-client-timeout may terminate unexpectedly
 - CVE-2022-38177: Memory leak in ECDSA DNSSEC verification code
 - CVE-2022-38178: Memory leaks in EdDSA DNSSEC verification code

   -- Ondřej Surý   Wed, 21 Sep 2022 12:48:36 +0200

  bind9 (1:9.18.6-2) unstable; urgency=medium

* No-change source-only upload

   -- Bernhard Schmidt   Mon, 05 Sep 2022 21:30:08
  +0200

  bind9 (1:9.18.6-1) unstable; urgency=medium

* Disable treat-warnings-as-errors in sphinx-build
* New upstream version 9.18.6

   -- Ondřej Surý   Thu, 18 Aug 2022 09:39:20 +0200

  bind9 (1:9.18.5-1) unstable; urgency=medium

* New upstream version 9.18.5

   -- Ondřej Surý   Wed, 20 Jul 2022 16:40:31 +0200

  bind9 (1:9.18.4-2) unstable; urgency=medium

[ Simon Deziel ]
* debian/extras/etc/db.0: correct descriptive comment

[ Bernhard Schmidt ]
* Add sleep workaround in tests/simpletests (Closes: #1012059)

   -- Ondřej Surý   Tue, 05 Jul 2022 12:58:06 +0200

  bind9 (1:9.18.4-1) unstable; urgency=medium


  ### Old Ubuntu Delta ###

  bind9 (1:9.18.12-1ubuntu1) lunar; urgency=medium

* Merge with Debian unstable. Remaining changes:
  - Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
  protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/rules: don't build dnstap nor install dnstap.proto
  - Add back apport:
+ d/bind9.apport: add back old bind9 apport hook, but without calling
  attach_conffiles() since that is already done by apport itself, with
  confirmation from the user.
+ d/control, d/rules: build-depends on dh-apport and use it
  - d/control: remove optional libjemalloc-dev Build-Depends as it is not in
main.
  - d/NEWS: mention relevant packaging changes
  - Improve dep-8 test suite (LP #2003584):
+ d/t/zonetest: Add dep8 test for checking the domain zone creation 
process
+ d/t/control: Add new test outline

   -- Lena Voytek   Wed, 22 Feb 2023 10:10:14
  -0700

To manage notifications about this

[Freeipa] [Bug 2018050] Re: Merge bind9 from Debian unstable for mantic

2023-06-16 Thread Lena Voytek

** Merge proposal linked:
   
https://code.launchpad.net/~lvoytek/ubuntu/+source/bind9/+git/bind9/+merge/444937

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2018050

Title:
  Merge bind9 from Debian unstable for mantic

Status in bind-dyndb-ldap package in Ubuntu:
  New
Status in bind9 package in Ubuntu:
  In Progress

Bug description:
  Upstream: 9.18.14
  Debian:   1:9.18.13-11:9.19.11-1
  Ubuntu:   1:9.18.12-1ubuntu1

  Debian new has 1:9.19.11-1, which may be available for merge soon.

  If it turns out this needs a sync rather than a merge, please change
  the tag 'needs-merge' to 'needs-sync', and (optionally) update the
  title as desired.

  
  ### New Debian Changes ###

  bind9 (1:9.18.13-1) unstable; urgency=medium

* New upstream version 9.18.13

   -- Ondřej Surý   Wed, 15 Mar 2023 18:11:29 +0100

  bind9 (1:9.18.12-1) unstable; urgency=medium

* New upstream version 9.18.12
* Drop libtool-bin from B-D (Closes: #1022968)

   -- Ondřej Surý   Fri, 10 Feb 2023 15:15:49 +0100

  bind9 (1:9.18.11-2) unstable; urgency=medium

* Allow the named to use systemd notify service

   -- Ondřej Surý   Thu, 26 Jan 2023 21:13:55 +0100

  bind9 (1:9.18.11-1) unstable; urgency=medium

* New upstream version 9.18.11

   -- Ondřej Surý   Wed, 25 Jan 2023 15:51:35 +0100

  bind9 (1:9.18.10-2) unstable; urgency=medium

* Backport upstream feature to use sd_notify()
* Use systemd notify for service readyness check (Closes: #994696)
* apparmor.d: Allow named to read all OpenSSL config files.
  (Closes: #1025519)
* apparmor.d: Allow named to query for hugepages support.
  (Closes: #1020315)
* Fix path to README.Debian (Closes: #1016646)

   -- Bernhard Schmidt   Thu, 22 Dec 2022 17:12:17
  +0100

  bind9 (1:9.18.10-1) unstable; urgency=medium

* New upstream version 9.18.10

   -- Ondřej Surý   Wed, 21 Dec 2022 18:00:33 +0100

  bind9 (1:9.18.9-1) unstable; urgency=medium

* New upstream version 9.18.9

   -- Ondřej Surý   Wed, 16 Nov 2022 14:00:05 +0100

  bind9 (1:9.18.8-1) unstable; urgency=medium

* New upstream version 9.18.8

   -- Ondřej Surý   Wed, 19 Oct 2022 14:58:38 +0200

  bind9 (1:9.18.7-1) unstable; urgency=medium

* New upstream version 9.18.7
 - CVE-2022-2795: Processing large delegations may severely degrade
   resolver performance
 - CVE-2022-2881: Buffer overread in statistics channel code
 - CVE-2022-2906: Memory leaks in code handling Diffie-Hellman key
   exchange via TKEY RRs (OpenSSL 3.0.0+ only)
 - CVE-2022-3080: BIND 9 resolvers configured to answer from stale
   cache with zero stale-answer-client-timeout may terminate unexpectedly
 - CVE-2022-38177: Memory leak in ECDSA DNSSEC verification code
 - CVE-2022-38178: Memory leaks in EdDSA DNSSEC verification code

   -- Ondřej Surý   Wed, 21 Sep 2022 12:48:36 +0200

  bind9 (1:9.18.6-2) unstable; urgency=medium

* No-change source-only upload

   -- Bernhard Schmidt   Mon, 05 Sep 2022 21:30:08
  +0200

  bind9 (1:9.18.6-1) unstable; urgency=medium

* Disable treat-warnings-as-errors in sphinx-build
* New upstream version 9.18.6

   -- Ondřej Surý   Thu, 18 Aug 2022 09:39:20 +0200

  bind9 (1:9.18.5-1) unstable; urgency=medium

* New upstream version 9.18.5

   -- Ondřej Surý   Wed, 20 Jul 2022 16:40:31 +0200

  bind9 (1:9.18.4-2) unstable; urgency=medium

[ Simon Deziel ]
* debian/extras/etc/db.0: correct descriptive comment

[ Bernhard Schmidt ]
* Add sleep workaround in tests/simpletests (Closes: #1012059)

   -- Ondřej Surý   Tue, 05 Jul 2022 12:58:06 +0200

  bind9 (1:9.18.4-1) unstable; urgency=medium


  ### Old Ubuntu Delta ###

  bind9 (1:9.18.12-1ubuntu1) lunar; urgency=medium

* Merge with Debian unstable. Remaining changes:
  - Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
  protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/rules: don't build dnstap nor install dnstap.proto
  - Add back apport:
+ d/bind9.apport: add back old bind9 apport hook, but without calling
  attach_conffiles() since that is already done by apport itself, with
  confirmation from the user.
+ d/control, d/rules: build-depends on dh-apport and use it
  - d/control: remove optional libjemalloc-dev Build-Depends as it is not in
main.
  - d/NEWS: mention relevant packaging changes
  - Improve dep-8 test suite (LP #2003584):
+ d/t/zonetest: Add dep8 test for checking the domain zone creation 
process
+ d/t/control: Add new test outline

   -- Lena Voytek   Wed, 22 Feb 2023 10:10:14
  -0700

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap

[Freeipa] [Bug 2018050] Re: Merge bind9 from Debian unstable for mantic

2023-06-16 Thread Lena Voytek

** Changed in: bind9 (Ubuntu)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2018050

Title:
  Merge bind9 from Debian unstable for mantic

Status in bind-dyndb-ldap package in Ubuntu:
  New
Status in bind9 package in Ubuntu:
  In Progress

Bug description:
  Upstream: 9.18.14
  Debian:   1:9.18.13-11:9.19.11-1
  Ubuntu:   1:9.18.12-1ubuntu1

  Debian new has 1:9.19.11-1, which may be available for merge soon.

  If it turns out this needs a sync rather than a merge, please change
  the tag 'needs-merge' to 'needs-sync', and (optionally) update the
  title as desired.

  
  ### New Debian Changes ###

  bind9 (1:9.18.13-1) unstable; urgency=medium

* New upstream version 9.18.13

   -- Ondřej Surý   Wed, 15 Mar 2023 18:11:29 +0100

  bind9 (1:9.18.12-1) unstable; urgency=medium

* New upstream version 9.18.12
* Drop libtool-bin from B-D (Closes: #1022968)

   -- Ondřej Surý   Fri, 10 Feb 2023 15:15:49 +0100

  bind9 (1:9.18.11-2) unstable; urgency=medium

* Allow the named to use systemd notify service

   -- Ondřej Surý   Thu, 26 Jan 2023 21:13:55 +0100

  bind9 (1:9.18.11-1) unstable; urgency=medium

* New upstream version 9.18.11

   -- Ondřej Surý   Wed, 25 Jan 2023 15:51:35 +0100

  bind9 (1:9.18.10-2) unstable; urgency=medium

* Backport upstream feature to use sd_notify()
* Use systemd notify for service readyness check (Closes: #994696)
* apparmor.d: Allow named to read all OpenSSL config files.
  (Closes: #1025519)
* apparmor.d: Allow named to query for hugepages support.
  (Closes: #1020315)
* Fix path to README.Debian (Closes: #1016646)

   -- Bernhard Schmidt   Thu, 22 Dec 2022 17:12:17
  +0100

  bind9 (1:9.18.10-1) unstable; urgency=medium

* New upstream version 9.18.10

   -- Ondřej Surý   Wed, 21 Dec 2022 18:00:33 +0100

  bind9 (1:9.18.9-1) unstable; urgency=medium

* New upstream version 9.18.9

   -- Ondřej Surý   Wed, 16 Nov 2022 14:00:05 +0100

  bind9 (1:9.18.8-1) unstable; urgency=medium

* New upstream version 9.18.8

   -- Ondřej Surý   Wed, 19 Oct 2022 14:58:38 +0200

  bind9 (1:9.18.7-1) unstable; urgency=medium

* New upstream version 9.18.7
 - CVE-2022-2795: Processing large delegations may severely degrade
   resolver performance
 - CVE-2022-2881: Buffer overread in statistics channel code
 - CVE-2022-2906: Memory leaks in code handling Diffie-Hellman key
   exchange via TKEY RRs (OpenSSL 3.0.0+ only)
 - CVE-2022-3080: BIND 9 resolvers configured to answer from stale
   cache with zero stale-answer-client-timeout may terminate unexpectedly
 - CVE-2022-38177: Memory leak in ECDSA DNSSEC verification code
 - CVE-2022-38178: Memory leaks in EdDSA DNSSEC verification code

   -- Ondřej Surý   Wed, 21 Sep 2022 12:48:36 +0200

  bind9 (1:9.18.6-2) unstable; urgency=medium

* No-change source-only upload

   -- Bernhard Schmidt   Mon, 05 Sep 2022 21:30:08
  +0200

  bind9 (1:9.18.6-1) unstable; urgency=medium

* Disable treat-warnings-as-errors in sphinx-build
* New upstream version 9.18.6

   -- Ondřej Surý   Thu, 18 Aug 2022 09:39:20 +0200

  bind9 (1:9.18.5-1) unstable; urgency=medium

* New upstream version 9.18.5

   -- Ondřej Surý   Wed, 20 Jul 2022 16:40:31 +0200

  bind9 (1:9.18.4-2) unstable; urgency=medium

[ Simon Deziel ]
* debian/extras/etc/db.0: correct descriptive comment

[ Bernhard Schmidt ]
* Add sleep workaround in tests/simpletests (Closes: #1012059)

   -- Ondřej Surý   Tue, 05 Jul 2022 12:58:06 +0200

  bind9 (1:9.18.4-1) unstable; urgency=medium


  ### Old Ubuntu Delta ###

  bind9 (1:9.18.12-1ubuntu1) lunar; urgency=medium

* Merge with Debian unstable. Remaining changes:
  - Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
  protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/rules: don't build dnstap nor install dnstap.proto
  - Add back apport:
+ d/bind9.apport: add back old bind9 apport hook, but without calling
  attach_conffiles() since that is already done by apport itself, with
  confirmation from the user.
+ d/control, d/rules: build-depends on dh-apport and use it
  - d/control: remove optional libjemalloc-dev Build-Depends as it is not in
main.
  - d/NEWS: mention relevant packaging changes
  - Improve dep-8 test suite (LP #2003584):
+ d/t/zonetest: Add dep8 test for checking the domain zone creation 
process
+ d/t/control: Add new test outline

   -- Lena Voytek   Wed, 22 Feb 2023 10:10:14
  -0700

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2018050/+subscripti

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

2023-04-10 Thread Lena Voytek

Verified for Jammy + Kinetic based on 
https://wiki.debian.org/LDAP/OpenLDAPSetup#DNS.2FBind9
I've also started on a DEP-8 test based on my testing

# lxc launch images:ubuntu/{kinetic, jammy} test-bind-dyndb-ldap
# lxc exec test-bind-dyndb-ldap bash

# apt update && apt dist-upgrade -y

# cat  Enter new LDAP password

> Update /etc/ldap/ldap.conf to have
BASEdc=test,dc=local
URI ldap://ldap.test.local

# zcat /usr/share/doc/bind9-dyndb-ldap/schema.ldif.gz | sed 
's/^attributeTypes:/olcAttributeTypes:/;
 s/^objectClasses:/olcObjectClasses:/;
 1,/1.3.6.1.4.1.2428.20.0.0/ {/1.3.6.1.4.1.2428.20.0.0/!s/^/#/};
 1idn: cn=dns,cn=schema,cn=config\nobjectClass: olcSchemaConfig
' >> /tmp/dns.schema

# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /tmp/dns.schema

adding new entry "cn=dns,cn=schema,cn=config"

ldapmodify -Q -Y EXTERNAL -H ldapi:/// < Add the following to /etc/bind/named.conf.local

dyndb "test_local_ldap" "/usr/lib/bind/ldap.so" {
uri "ldapi:///";
base "ou=dns,ou=Services,dc=test,dc=local";
auth_method "simple";
bind_dn "uid=admin,dc=test,dc=local";
password "ldappassword";
server_id "server";
};

# systemctl restart bind9

# dig test.local. @localhost +short
127.0.0.1



** Tags removed: verification-needed-jammy verification-needed-kinetic
** Tags added: verification-done-jammy verification-done-kinetic

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.39

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind9 source package in Focal:
  In Progress
Status in bind-dyndb-ldap source package in Jammy:
  Fix Committed
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Committed
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.39

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

2023-03-30 Thread Lena Voytek

** Summary changed:

- MRE Updates 9.18.12 / 9.16.36
+ MRE Updates 9.18.12 / 9.16.39

** Description changed:

  This bug tracks an update for the bind9 package, moving to versions:
  
  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
- * Focal (20.04): bind9 9.16.36
+ * Focal (20.04): bind9 9.16.39
  
  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.
  
  [Upstream changes]
  
  For bind9 9.18.2-9.18.12, major changes include:
  
  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924
  
  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs
  
  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option
  
  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
  
  This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
  
  Full release notes for versions 9.18.2-9.18.12:
  https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
  bind-9-18-12
- 
  
  For bind9 9.16.2-9.16.39, major changes include:
  
  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2020-8616
  CVE-2020-8617
  CVE-2020-8618
  CVE-2020-8619,
  CVE-2020-8620
  CVE-2020-8621
  CVE-2020-8622
  CVE-2020-8623
  CVE-2020-8624
  CVE-2020-8625
  CVE-2021-25214
  CVE-2021-25215
  CVE-2021-25219
  CVE-2021-25220
  CVE-2022-2795
  CVE-2022-38177
  CVE-2022-38178
  CVE-2022-3094
  
  Features:
  update-quota option
  parental-agents configuration option
  stale-refresh-time configuration option
  stale-cache-enable configuration option
  purge-keys and nsec3param options in dnssec-policy
  max-ixfr-ratio option

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

2023-03-29 Thread Lena Voytek

** No longer affects: bind-dyndb-ldap (Ubuntu Focal)

** Changed in: bind9 (Ubuntu Focal)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.36

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind9 source package in Focal:
  In Progress
Status in bind-dyndb-ldap source package in Jammy:
  Fix Committed
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Committed
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.36

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3200

  This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972

  Full release notes for versions 9.18.2-9.18.12:
  https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
  bind-9-18-12

  
  For bind9 9.16.2-9.16.39, major changes include:

  CVE fixes (These already existed as

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

2023-03-29 Thread Lena Voytek

** Merge proposal linked:
   
https://code.launchpad.net/~lvoytek/ubuntu/+source/bind9/+git/bind9/+merge/439956

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.36

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Focal:
  New
Status in bind9 source package in Focal:
  New
Status in bind-dyndb-ldap source package in Jammy:
  Fix Committed
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Committed
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.36

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3200

  This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972

  Full release notes for versions 9.18.2-9.18.12:
  https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
  bind-9-18-12

  
  For bind9 9.16.2-9.16.39, major changes include:

  CVE

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

2023-03-29 Thread Lena Voytek

** Description changed:

  This bug tracks an update for the bind9 package, moving to versions:
  
  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.36
  
  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.
  
  [Upstream changes]
  
  For bind9 9.18.2-9.18.12, major changes include:
  
  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924
  
  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs
  
  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option
  
  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
  
  This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
  
  Full release notes for versions 9.18.2-9.18.12:
  https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
  bind-9-18-12
  
+ 
+ For bind9 9.16.2-9.16.39, major changes include:
+ 
+ CVE fixes (These already existed as patches but are now included as part of 
upstream):
+ CVE-2020-8616
+ CVE-2020-8617
+ CVE-2020-8618
+ CVE-2020-8619,
+ CVE-2020-8620
+ CVE-2020-8621
+ CVE-2020-8622
+ CVE-2020-8623
+ CVE-2020-8624
+ CVE-2020-8625
+ CVE-2021-25214
+ CVE-2021-25215
+ CVE-2021-25219
+ CVE-2021-25220
+ CVE-2022-2795
+ CVE-2022-38177
+ CVE-2022-38178
+ CVE-2022-3094
+ 
+ Features:
+ update-quota option
+ parental-agents configuration option
+ stale-refresh-time configuration option
+ stale-cache-enable configuration option
+ purge-keys and nsec3param options in dnssec-policy
+ max-ixfr-ratio option
+ stale-answer-client-timeout option
+ rndc dnssec -rollover command
+ rndc dnssec -checkds command
+ rndc dnssec -status command
+

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

2023-03-24 Thread Lena Voytek

Verified installation success for Jammy and kinetic:

# lxc launch images:ubuntu/jammy test-bind-dyndb-ldap
# lxc exec test-bind-dyndb-ldap bash
# apt update && apt dist-upgrade -y

# apt install -y bind9-dyndb-ldap
...
The following packages have unmet dependencies:
 bind9-dyndb-ldap : Depends: bind9-libs (= 1:9.18.1-1ubuntu1) but 
1:9.18.1-1ubuntu1.3 is to be installed
E: Unable to correct problems, you have held broken packages.


# cat

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

2023-03-22 Thread Lena Voytek

Verified for Kinetic:

verified for bugs:
(LP: #2003584)
(LP: #2006972)
(LP: #1258003)
(LP: #1970252)

DEP-8 Tests work as expected:

autopkgtest [21:02:38]:  summary
simpletest PASS
validation FLAKY non-zero exit status 1
zonetest PASS

** Tags removed: verification-needed verification-needed-kinetic
** Tags added: verification-done verification-done-kinetic

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.36

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Focal:
  New
Status in bind9 source package in Focal:
  New
Status in bind-dyndb-ldap source package in Jammy:
  In Progress
Status in bind9 source package in Jammy:
  Fix Committed
Status in bind-dyndb-ldap source package in Kinetic:
  In Progress
Status in bind9 source package in Kinetic:
  Fix Committed

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.36

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

2023-03-10 Thread Lena Voytek

** Description changed:

  This bug tracks an update for the bind9 package, moving to versions:
  
  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.36
  
  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.
  
  [Upstream changes]
  
- For bind9 9.18.2-9.18.11, major changes include:
+ For bind9 9.18.2-9.18.12, major changes include:
  
- CVE fixes:
+ CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924
  
  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs
  
  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option
  
  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
  
  This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
  
- Full release notes for versions 9.18.2-9.18.11:
- https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-
- bind-9-18-11
+ Full release notes for versions 9.18.2-9.18.12:
+ https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
+ bind-9-18-12
  
  [Test Plan]
  
  DEP-8 Tests:
  
  simpletest - Confirms bind9 daemon starts successfully and dig can find
  127.0.0.1 through the default setup of bind9
  
  zonetest - Added in this update, currently in lunar. Confirms the
  functionality of named and bind9 by creating a local DNS zone and
  domain, and having dig look it up
  
  validation - This test is provided by Debian and consistently fails both
  before and after the update due to several issues. It is marked as
  flaky, and does not block autopkgtest passing overall
  
  Bug fix tests:
  
  Test for LP: #1258003 fix:
  # lxc launch

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

2023-03-08 Thread Lena Voytek

** Also affects: bind-dyndb-ldap (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: bind-dyndb-ldap (Ubuntu)
   Status: New => Fix Released

** Changed in: bind-dyndb-ldap (Ubuntu Kinetic)
   Status: New => In Progress

** Changed in: bind-dyndb-ldap (Ubuntu Jammy)
   Status: New => In Progress

** Changed in: bind-dyndb-ldap (Ubuntu Jammy)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: bind-dyndb-ldap (Ubuntu Focal)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: bind-dyndb-ldap (Ubuntu Kinetic)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.36

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind-dyndb-ldap source package in Focal:
  New
Status in bind9 source package in Focal:
  New
Status in bind-dyndb-ldap source package in Jammy:
  In Progress
Status in bind9 source package in Jammy:
  In Progress
Status in bind-dyndb-ldap source package in Kinetic:
  In Progress
Status in bind9 source package in Kinetic:
  In Progress

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.36

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.11, major changes include:

  CVE fixes:
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/i

[Freeipa] [Bug 2040459] Re: MRE updates of bind9 for noble

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

[Freeipa] [Bug 2040359] Re: Merge bind9 from Debian unstable for noble

[Freeipa] [Bug 2040359] Re: Merge bind9 from Debian unstable for noble

[Freeipa] [Bug 2028413] Re: MRE updates of bind9 for focal, jammy and lunar

[Freeipa] [Bug 2032650] Re: Add DEP8 tests for bind-dyndb-ldap integration

[Freeipa] [Bug 2028413] Re: MRE updates of bind9 for focal, jammy and lunar

[Freeipa] [Bug 2032650] Re: Add DEP8 tests for bind-dyndb-ldap integration

[Freeipa] [Bug 2028413] Re: MRE updates of bind9 for focal, jammy and lunar

[Freeipa] [Bug 2028413] Re: MRE updates of bind9 for focal, jammy and lunar

[Freeipa] [Bug 2018050] Re: Merge bind9 from Debian unstable for mantic

[Freeipa] [Bug 2018050] Re: Merge bind9 from Debian unstable for mantic

[Freeipa] [Bug 2018050] Re: Merge bind9 from Debian unstable for mantic

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36

22 matches

Site Navigation

Mail list logo

Footer information