[Freeipa] [Bug 2018050] Re: Merge bind9 from Debian unstable for mantic
bind-dyndb-ldap is FTBFSing because it needs bind9-dev >= 9.18.13: https://launchpad.net/ubuntu/+source/bind-dyndb-ldap/11.10-5 Just a heads-up. ** Also affects: bind-dyndb-ldap (Ubuntu) Importance: Undecided Status: New ** Tags added: update-excuse -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2018050 Title: Merge bind9 from Debian unstable for mantic Status in bind-dyndb-ldap package in Ubuntu: New Status in bind9 package in Ubuntu: New Bug description: Upstream: 9.18.14 Debian: 1:9.18.13-11:9.19.11-1 Ubuntu: 1:9.18.12-1ubuntu1 Debian new has 1:9.19.11-1, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### bind9 (1:9.18.13-1) unstable; urgency=medium * New upstream version 9.18.13 -- Ondřej Surý Wed, 15 Mar 2023 18:11:29 +0100 bind9 (1:9.18.12-1) unstable; urgency=medium * New upstream version 9.18.12 * Drop libtool-bin from B-D (Closes: #1022968) -- Ondřej Surý Fri, 10 Feb 2023 15:15:49 +0100 bind9 (1:9.18.11-2) unstable; urgency=medium * Allow the named to use systemd notify service -- Ondřej Surý Thu, 26 Jan 2023 21:13:55 +0100 bind9 (1:9.18.11-1) unstable; urgency=medium * New upstream version 9.18.11 -- Ondřej Surý Wed, 25 Jan 2023 15:51:35 +0100 bind9 (1:9.18.10-2) unstable; urgency=medium * Backport upstream feature to use sd_notify() * Use systemd notify for service readyness check (Closes: #994696) * apparmor.d: Allow named to read all OpenSSL config files. (Closes: #1025519) * apparmor.d: Allow named to query for hugepages support. (Closes: #1020315) * Fix path to README.Debian (Closes: #1016646) -- Bernhard Schmidt Thu, 22 Dec 2022 17:12:17 +0100 bind9 (1:9.18.10-1) unstable; urgency=medium * New upstream version 9.18.10 -- Ondřej Surý Wed, 21 Dec 2022 18:00:33 +0100 bind9 (1:9.18.9-1) unstable; urgency=medium * New upstream version 9.18.9 -- Ondřej Surý Wed, 16 Nov 2022 14:00:05 +0100 bind9 (1:9.18.8-1) unstable; urgency=medium * New upstream version 9.18.8 -- Ondřej Surý Wed, 19 Oct 2022 14:58:38 +0200 bind9 (1:9.18.7-1) unstable; urgency=medium * New upstream version 9.18.7 - CVE-2022-2795: Processing large delegations may severely degrade resolver performance - CVE-2022-2881: Buffer overread in statistics channel code - CVE-2022-2906: Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only) - CVE-2022-3080: BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly - CVE-2022-38177: Memory leak in ECDSA DNSSEC verification code - CVE-2022-38178: Memory leaks in EdDSA DNSSEC verification code -- Ondřej Surý Wed, 21 Sep 2022 12:48:36 +0200 bind9 (1:9.18.6-2) unstable; urgency=medium * No-change source-only upload -- Bernhard Schmidt Mon, 05 Sep 2022 21:30:08 +0200 bind9 (1:9.18.6-1) unstable; urgency=medium * Disable treat-warnings-as-errors in sphinx-build * New upstream version 9.18.6 -- Ondřej Surý Thu, 18 Aug 2022 09:39:20 +0200 bind9 (1:9.18.5-1) unstable; urgency=medium * New upstream version 9.18.5 -- Ondřej Surý Wed, 20 Jul 2022 16:40:31 +0200 bind9 (1:9.18.4-2) unstable; urgency=medium [ Simon Deziel ] * debian/extras/etc/db.0: correct descriptive comment [ Bernhard Schmidt ] * Add sleep workaround in tests/simpletests (Closes: #1012059) -- Ondřej Surý Tue, 05 Jul 2022 12:58:06 +0200 bind9 (1:9.18.4-1) unstable; urgency=medium ### Old Ubuntu Delta ### bind9 (1:9.18.12-1ubuntu1) lunar; urgency=medium * Merge with Debian unstable. Remaining changes: - Don't build dnstap as it depends on universe packages: + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and protobuf-c-compiler (universe packages) + d/dnsutils.install: don't install dnstap + d/rules: don't build dnstap nor install dnstap.proto - Add back apport: + d/bind9.apport: add back old bind9 apport hook, but without calling attach_conffiles() since that is already done by apport itself, with confirmation from the user. + d/control, d/rules: build-depends on dh-apport and use it - d/control: remove optional libjemalloc-dev Build-Depends as it is not in main. - d/NEWS: mention relevant packaging changes - Improve dep-8 test suite (LP #2003584): + d/t/zonetest: Add dep8 test for checking the domain zone creation process + d/t/control: Add new test outline -- Lena
Re: [Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36
On Saturday, March 18 2023, Timo Aaltonen wrote: > Lena, I can help with the bind-dyndb-ldap backports. The version in > lunar has everything, it should be backportable as-is to kinetic, but I > wonder if the same would be fine for jammy too. Timo, Lena prepared an SRU for bind-dyndb-ldap for Jammy and Kinetic: https://code.launchpad.net/~lvoytek/ubuntu/+source/bind-dyndb-ldap/+git/bind-dyndb-ldap/+merge/438637 https://code.launchpad.net/~lvoytek/ubuntu/+source/bind-dyndb-ldap/+git/bind-dyndb-ldap/+merge/438564 Everything is looking good; I was just waiting for bind9 to be accepted because Lena's bind-dyndb-ldap won't build with bind9 < 9.18.12. Now that both packages are in -proposed, I'll upload her changes soon. -- Sergio GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14 -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.36 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind-dyndb-ldap source package in Focal: New Status in bind9 source package in Focal: New Status in bind-dyndb-ldap source package in Jammy: In Progress Status in bind9 source package in Jammy: Fix Committed Status in bind-dyndb-ldap source package in Kinetic: In Progress Status in bind9 source package in Kinetic: Fix Committed Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.36 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721 https://gitlab.isc.org/isc-projects/bind9/-/issues/3707 https://gitlab.isc.org/isc-projects/bind9/-/issues/3591 https://gitlab.isc.org/isc-projects/bind9/-/issues/3598 https://gitlab.isc.org/isc-projects/bind9/-/issues/3247 https://gitlab.isc.org/isc-projects/bind9/-/issues/2895 https://gitlab.isc.org/isc-projects/bind9/-/issues/3584 https://gitlab.isc.org/isc-projects/bind9/-/issues/3627 https://gitlab.isc.org/isc-projects/bind9/-/issues/3563 https://gitlab.isc.org/isc-projects/bind9/-/issues/3603 https://gitlab.isc.org/isc-projects/bind9/-/issues/3542 https://gitlab.isc.org/isc-projects/bind9/-/issues/3557 https://gitlab.isc.org/isc-projects/bind9/-/issues/2982 https://gitlab.isc.org/isc-projects/bind9/-/issues/3439 https://gitlab.isc.org/isc-projects/bind9/-/issues/3438 https://gitlab.isc.org/isc-projects/bind9/-/issues/2918 https://gitlab.isc.org/isc-projects/bind9/-/issues/3462 https://gitlab.isc.org/isc-projects/bind9/-/issues/3400 https://gitlab.isc.org/isc-projects/bind9/-/issues/3402 https://gitlab.isc.org/isc-projects/bind9/-/issues/3152 https://gitlab.isc.org/isc-projects/bind9/-/issues/3415 https://gitlab.isc.org/isc-projects/bind9/-/issues/2506 Jammy only: https://gitlab.isc.org/isc-projects/bind9/-/issues/3327 https://gitlab.isc.org/isc-projects/bind9/-/issues/3380 https://gitlab.isc.org/isc-projects/bind9/-/issues/3302 https://gitlab.isc.org/isc-projects/bind9/-/issues/2931 https://gitlab.isc.org/isc-projects/bind9/-/issues/3242 https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.36
** Merge proposal linked: https://code.launchpad.net/~lvoytek/ubuntu/+source/bind-dyndb-ldap/+git/bind-dyndb-ldap/+merge/438637 ** Merge proposal linked: https://code.launchpad.net/~lvoytek/ubuntu/+source/bind-dyndb-ldap/+git/bind-dyndb-ldap/+merge/438564 -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.36 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind-dyndb-ldap source package in Focal: New Status in bind9 source package in Focal: New Status in bind-dyndb-ldap source package in Jammy: In Progress Status in bind9 source package in Jammy: In Progress Status in bind-dyndb-ldap source package in Kinetic: In Progress Status in bind9 source package in Kinetic: In Progress Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.36 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721 https://gitlab.isc.org/isc-projects/bind9/-/issues/3707 https://gitlab.isc.org/isc-projects/bind9/-/issues/3591 https://gitlab.isc.org/isc-projects/bind9/-/issues/3598 https://gitlab.isc.org/isc-projects/bind9/-/issues/3247 https://gitlab.isc.org/isc-projects/bind9/-/issues/2895 https://gitlab.isc.org/isc-projects/bind9/-/issues/3584 https://gitlab.isc.org/isc-projects/bind9/-/issues/3627 https://gitlab.isc.org/isc-projects/bind9/-/issues/3563 https://gitlab.isc.org/isc-projects/bind9/-/issues/3603 https://gitlab.isc.org/isc-projects/bind9/-/issues/3542 https://gitlab.isc.org/isc-projects/bind9/-/issues/3557 https://gitlab.isc.org/isc-projects/bind9/-/issues/2982 https://gitlab.isc.org/isc-projects/bind9/-/issues/3439 https://gitlab.isc.org/isc-projects/bind9/-/issues/3438 https://gitlab.isc.org/isc-projects/bind9/-/issues/2918 https://gitlab.isc.org/isc-projects/bind9/-/issues/3462 https://gitlab.isc.org/isc-projects/bind9/-/issues/3400 https://gitlab.isc.org/isc-projects/bind9/-/issues/3402 https://gitlab.isc.org/isc-projects/bind9/-/issues/3152 https://gitlab.isc.org/isc-projects/bind9/-/issues/3415 https://gitlab.isc.org/isc-projects/bind9/-/issues/2506 Jammy only: https://gitlab.isc.org/isc-projects/bind9/-/issues/3327 https://gitlab.isc.org/isc-projects/bind9/-/issues/3380 https://gitlab.isc.org/isc-projects/bind9/-/issues/3302 https://gitlab.isc.org/isc-projects/bind9/-/issues/2931 https://gitlab.isc.org/isc-projects/bind9/-/issues/3242 https://gitlab.isc.org/isc-projects/bind9/-/issues/3020 https://gitlab.isc.org/isc-projects/bind9/-/issues/3128 https://gitlab.isc.org/isc-projects/bind9/-/issues/3145 https://gitlab.isc.org/isc-projects/bind9/-/issues/3184 https://gitlab.isc.org/isc-projects/bind9/-/issues/3205 https://gitlab.isc.org/isc-projects/bind9/-/issues/3244 https://gitlab.isc.org/isc-projects/bind9/-/issues/3248 https://gitlab.isc.org/isc-projects/bind9/-/issues/3142 https://gitlab.isc.org/isc-projects/bind9/-/issues/3200 This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972 Full release notes for versions
[Freeipa] [Bug 1951015] [NEW] Package is uninstallable because libwbclient-sssd doesn't exist anymore
Public bug reported: The latest version of sssd in Ubuntu (2.5.2-4ubuntu1) drops the libwbclient-sssd binary package due to upstream's decision: https://github.com/SSSD/sssd/releases/tag/2.5.0 "* SSSD's implementation of libwbclient was removed as incompatible with modern version of Samba." This makes freeipa-client-samba uninstallable, because it depends on that package. I think the best approach here is to make freeipa-client-samba depend on libwbclient-dev instead, which is samba's libwbclient version. I proposed a Merge Request against freeipa on Debian here: https://salsa.debian.org/freeipa-team/freeipa/-/merge_requests/1 I will propose adding the same change as an Ubuntu delta for now in order to unblock sssd in update-excuses. ** Affects: freeipa (Ubuntu) Importance: High Assignee: Sergio Durigan Junior (sergiodj) Status: Confirmed ** Affects: sssd (Ubuntu) Importance: Undecided Status: Invalid ** Tags: update-excuse ** Also affects: sssd (Ubuntu) Importance: Undecided Status: New ** Changed in: sssd (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1951015 Title: Package is uninstallable because libwbclient-sssd doesn't exist anymore Status in freeipa package in Ubuntu: Confirmed Status in sssd package in Ubuntu: Invalid Bug description: The latest version of sssd in Ubuntu (2.5.2-4ubuntu1) drops the libwbclient-sssd binary package due to upstream's decision: https://github.com/SSSD/sssd/releases/tag/2.5.0 "* SSSD's implementation of libwbclient was removed as incompatible with modern version of Samba." This makes freeipa-client-samba uninstallable, because it depends on that package. I think the best approach here is to make freeipa-client-samba depend on libwbclient-dev instead, which is samba's libwbclient version. I proposed a Merge Request against freeipa on Debian here: https://salsa.debian.org/freeipa-team/freeipa/-/merge_requests/1 I will propose adding the same change as an Ubuntu delta for now in order to unblock sssd in update-excuses. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1951015/+subscriptions ___ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp