[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39
Focal was updated to the latest 9.16.x version by security in 1:9.16.48-0ubuntu0.20.04.1, marking fix released ** Changed in: bind9 (Ubuntu Focal) Status: In Progress => Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.39 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind9 source package in Focal: Fix Released Status in bind-dyndb-ldap source package in Jammy: Fix Released Status in bind9 source package in Jammy: Fix Released Status in bind-dyndb-ldap source package in Kinetic: Fix Released Status in bind9 source package in Kinetic: Fix Released Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.39 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721 https://gitlab.isc.org/isc-projects/bind9/-/issues/3707 https://gitlab.isc.org/isc-projects/bind9/-/issues/3591 https://gitlab.isc.org/isc-projects/bind9/-/issues/3598 https://gitlab.isc.org/isc-projects/bind9/-/issues/3247 https://gitlab.isc.org/isc-projects/bind9/-/issues/2895 https://gitlab.isc.org/isc-projects/bind9/-/issues/3584 https://gitlab.isc.org/isc-projects/bind9/-/issues/3627 https://gitlab.isc.org/isc-projects/bind9/-/issues/3563 https://gitlab.isc.org/isc-projects/bind9/-/issues/3603 https://gitlab.isc.org/isc-projects/bind9/-/issues/3542 https://gitlab.isc.org/isc-projects/bind9/-/issues/3557 https://gitlab.isc.org/isc-projects/bind9/-/issues/2982 https://gitlab.isc.org/isc-projects/bind9/-/issues/3439 https://gitlab.isc.org/isc-projects/bind9/-/issues/3438 https://gitlab.isc.org/isc-projects/bind9/-/issues/2918 https://gitlab.isc.org/isc-projects/bind9/-/issues/3462 https://gitlab.isc.org/isc-projects/bind9/-/issues/3400 https://gitlab.isc.org/isc-projects/bind9/-/issues/3402 https://gitlab.isc.org/isc-projects/bind9/-/issues/3152 https://gitlab.isc.org/isc-projects/bind9/-/issues/3415 https://gitlab.isc.org/isc-projects/bind9/-/issues/2506 Jammy only: https://gitlab.isc.org/isc-projects/bind9/-/issues/3327 https://gitlab.isc.org/isc-projects/bind9/-/issues/3380 https://gitlab.isc.org/isc-projects/bind9/-/issues/3302 https://gitlab.isc.org/isc-projects/bind9/-/issues/2931 https://gitlab.isc.org/isc-projects/bind9/-/issues/3242 https://gitlab.isc.org/isc-projects/bind9/-/issues/3020 https://gitlab.isc.org/isc-projects/bind9/-/issues/3128 https://gitlab.isc.org/isc-projects/bind9/-/issues/3145 https://gitlab.isc.org/isc-projects/bind9/-/issues/3184 https://gitlab.isc.org/isc-projects/bind9/-/issues/3205 https://gitlab.isc.org/isc-projects/bind9/-/issues/3244 https://gitlab.isc.org/isc-projects/bind9/-/issues/3248 https://gitlab.isc.org/isc-projects/bind9/-/issues/3142 https://gitlab.isc.org/isc-projects/bind9/-/issues/3200 This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972 Full release notes for versions 9.18.2-9.18.12: https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for- bind-9-18-12 For bind9 9.16.2-9.16.39, major
[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39
This bug was fixed in the package bind-dyndb-ldap - 11.9-5ubuntu0.22.04.1 --- bind-dyndb-ldap (11.9-5ubuntu0.22.04.1) jammy; urgency=medium * Fix bind-dyndb-ldap build against bind9 9.18.12 (LP: #2003586): - d/p/hardcode-version.diff: Update defined LIBDNS version from bind9 to be 1812, provided by bind9 9.18.12 - d/p/fix-dns_db_allrdatasets.patch: Modify calls to dns_db_allrdatasets() for bind9 9.18.10+ since the function has a new parameter - d/p/fix-include.patch: Include isc/rwlock.h in dns/zt.h to fix build since isrwlock is used in this file - d/p/fix-isc-error.patch: Fix the use of the fatal_error macro as its arguments have changed - d/p/make-dscp-optional.patch: Do not require DSCP codes for bind9 9.18.11 and above as their support was removed in that version - d/control: Require bind9 9.18.12 or above -- Lena Voytek Thu, 09 Mar 2023 15:06:25 -0700 -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.39 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind9 source package in Focal: In Progress Status in bind-dyndb-ldap source package in Jammy: Fix Released Status in bind9 source package in Jammy: Fix Released Status in bind-dyndb-ldap source package in Kinetic: Fix Released Status in bind9 source package in Kinetic: Fix Released Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.39 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721 https://gitlab.isc.org/isc-projects/bind9/-/issues/3707 https://gitlab.isc.org/isc-projects/bind9/-/issues/3591 https://gitlab.isc.org/isc-projects/bind9/-/issues/3598 https://gitlab.isc.org/isc-projects/bind9/-/issues/3247 https://gitlab.isc.org/isc-projects/bind9/-/issues/2895 https://gitlab.isc.org/isc-projects/bind9/-/issues/3584 https://gitlab.isc.org/isc-projects/bind9/-/issues/3627 https://gitlab.isc.org/isc-projects/bind9/-/issues/3563 https://gitlab.isc.org/isc-projects/bind9/-/issues/3603 https://gitlab.isc.org/isc-projects/bind9/-/issues/3542 https://gitlab.isc.org/isc-projects/bind9/-/issues/3557 https://gitlab.isc.org/isc-projects/bind9/-/issues/2982 https://gitlab.isc.org/isc-projects/bind9/-/issues/3439 https://gitlab.isc.org/isc-projects/bind9/-/issues/3438 https://gitlab.isc.org/isc-projects/bind9/-/issues/2918 https://gitlab.isc.org/isc-projects/bind9/-/issues/3462 https://gitlab.isc.org/isc-projects/bind9/-/issues/3400 https://gitlab.isc.org/isc-projects/bind9/-/issues/3402 https://gitlab.isc.org/isc-projects/bind9/-/issues/3152 https://gitlab.isc.org/isc-projects/bind9/-/issues/3415 https://gitlab.isc.org/isc-projects/bind9/-/issues/2506 Jammy only: https://gitlab.isc.org/isc-projects/bind9/-/issues/3327 https://gitlab.isc.org/isc-projects/bind9/-/issues/3380 https://gitlab.isc.org/isc-projects/bind9/-/issues/3302 https://gitlab.isc.org/isc-projects/bind9/-/issues/2931 https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39
This bug was fixed in the package bind-dyndb-ldap - 11.10-1ubuntu0.22.10.1 --- bind-dyndb-ldap (11.10-1ubuntu0.22.10.1) kinetic; urgency=medium * Fix bind-dyndb-ldap build against bind9 9.18.12 (LP: #2003586): - d/p/hardcode-version.diff: Update defined LIBDNS version from bind9 to be 1812, provided by bind9 9.18.12 - d/p/fix-dns_db_allrdatasets.patch: Modify calls to dns_db_allrdatasets() for bind9 9.18.10+ since the function has a new parameter - d/p/fix-include.patch: Include isc/rwlock.h in dns/zt.h to fix build since isrwlock is used in this file - d/p/fix-isc-error.patch: Fix the use of the fatal_error macro as its arguments have changed - d/p/make-dscp-optional.patch: Do not require DSCP codes for bind9 9.18.11 and above as their support was removed in that version - d/control: Require bind9 9.18.12 or above -- Lena Voytek Wed, 08 Mar 2023 14:52:32 -0700 ** Changed in: bind-dyndb-ldap (Ubuntu Kinetic) Status: Fix Committed => Fix Released ** Changed in: bind-dyndb-ldap (Ubuntu Jammy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.39 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind9 source package in Focal: In Progress Status in bind-dyndb-ldap source package in Jammy: Fix Released Status in bind9 source package in Jammy: Fix Released Status in bind-dyndb-ldap source package in Kinetic: Fix Released Status in bind9 source package in Kinetic: Fix Released Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.39 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721 https://gitlab.isc.org/isc-projects/bind9/-/issues/3707 https://gitlab.isc.org/isc-projects/bind9/-/issues/3591 https://gitlab.isc.org/isc-projects/bind9/-/issues/3598 https://gitlab.isc.org/isc-projects/bind9/-/issues/3247 https://gitlab.isc.org/isc-projects/bind9/-/issues/2895 https://gitlab.isc.org/isc-projects/bind9/-/issues/3584 https://gitlab.isc.org/isc-projects/bind9/-/issues/3627 https://gitlab.isc.org/isc-projects/bind9/-/issues/3563 https://gitlab.isc.org/isc-projects/bind9/-/issues/3603 https://gitlab.isc.org/isc-projects/bind9/-/issues/3542 https://gitlab.isc.org/isc-projects/bind9/-/issues/3557 https://gitlab.isc.org/isc-projects/bind9/-/issues/2982 https://gitlab.isc.org/isc-projects/bind9/-/issues/3439 https://gitlab.isc.org/isc-projects/bind9/-/issues/3438 https://gitlab.isc.org/isc-projects/bind9/-/issues/2918 https://gitlab.isc.org/isc-projects/bind9/-/issues/3462 https://gitlab.isc.org/isc-projects/bind9/-/issues/3400 https://gitlab.isc.org/isc-projects/bind9/-/issues/3402 https://gitlab.isc.org/isc-projects/bind9/-/issues/3152 https://gitlab.isc.org/isc-projects/bind9/-/issues/3415 https://gitlab.isc.org/isc-projects/bind9/-/issues/2506 Jammy only: https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39
I verified the test results for bind-dyndb-ldap and am satisfied that they show the executed planned test case, and that the results are correct. I noticed that this upload happens to (very probably) also fix bug #1978849, which was missed in the changelog/changes file. I added a comment to the bug asking for verification from the reporters. The package built correctly in all architectures and Ubuntu releases it was meant for. This package does not have DEP8 tests (yet: they are coming!) There is no SRU freeze ongoing at the moment. There is no halted phasing on the previous update. -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.39 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind9 source package in Focal: In Progress Status in bind-dyndb-ldap source package in Jammy: Fix Released Status in bind9 source package in Jammy: Fix Released Status in bind-dyndb-ldap source package in Kinetic: Fix Released Status in bind9 source package in Kinetic: Fix Released Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.39 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721 https://gitlab.isc.org/isc-projects/bind9/-/issues/3707 https://gitlab.isc.org/isc-projects/bind9/-/issues/3591 https://gitlab.isc.org/isc-projects/bind9/-/issues/3598 https://gitlab.isc.org/isc-projects/bind9/-/issues/3247 https://gitlab.isc.org/isc-projects/bind9/-/issues/2895 https://gitlab.isc.org/isc-projects/bind9/-/issues/3584 https://gitlab.isc.org/isc-projects/bind9/-/issues/3627 https://gitlab.isc.org/isc-projects/bind9/-/issues/3563 https://gitlab.isc.org/isc-projects/bind9/-/issues/3603 https://gitlab.isc.org/isc-projects/bind9/-/issues/3542 https://gitlab.isc.org/isc-projects/bind9/-/issues/3557 https://gitlab.isc.org/isc-projects/bind9/-/issues/2982 https://gitlab.isc.org/isc-projects/bind9/-/issues/3439 https://gitlab.isc.org/isc-projects/bind9/-/issues/3438 https://gitlab.isc.org/isc-projects/bind9/-/issues/2918 https://gitlab.isc.org/isc-projects/bind9/-/issues/3462 https://gitlab.isc.org/isc-projects/bind9/-/issues/3400 https://gitlab.isc.org/isc-projects/bind9/-/issues/3402 https://gitlab.isc.org/isc-projects/bind9/-/issues/3152 https://gitlab.isc.org/isc-projects/bind9/-/issues/3415 https://gitlab.isc.org/isc-projects/bind9/-/issues/2506 Jammy only: https://gitlab.isc.org/isc-projects/bind9/-/issues/3327 https://gitlab.isc.org/isc-projects/bind9/-/issues/3380 https://gitlab.isc.org/isc-projects/bind9/-/issues/3302 https://gitlab.isc.org/isc-projects/bind9/-/issues/2931 https://gitlab.isc.org/isc-projects/bind9/-/issues/3242 https://gitlab.isc.org/isc-projects/bind9/-/issues/3020 https://gitlab.isc.org/isc-projects/bind9/-/issues/3128 https://gitlab.isc.org/isc-projects/bind9/-/issues/3145 https://gitlab.isc.org/isc-projects/bind9/-/issues/3184 https://gitlab.isc.org/isc-projects/bind9/-/issues/3205 https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39
Verified for Jammy + Kinetic based on https://wiki.debian.org/LDAP/OpenLDAPSetup#DNS.2FBind9 I've also started on a DEP-8 test based on my testing # lxc launch images:ubuntu/{kinetic, jammy} test-bind-dyndb-ldap # lxc exec test-bind-dyndb-ldap bash # apt update && apt dist-upgrade -y # cat Enter new LDAP password > Update /etc/ldap/ldap.conf to have BASEdc=test,dc=local URI ldap://ldap.test.local # zcat /usr/share/doc/bind9-dyndb-ldap/schema.ldif.gz | sed 's/^attributeTypes:/olcAttributeTypes:/; s/^objectClasses:/olcObjectClasses:/; 1,/1.3.6.1.4.1.2428.20.0.0/ {/1.3.6.1.4.1.2428.20.0.0/!s/^/#/}; 1idn: cn=dns,cn=schema,cn=config\nobjectClass: olcSchemaConfig ' >> /tmp/dns.schema # ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /tmp/dns.schema adding new entry "cn=dns,cn=schema,cn=config" ldapmodify -Q -Y EXTERNAL -H ldapi:/// < Add the following to /etc/bind/named.conf.local dyndb "test_local_ldap" "/usr/lib/bind/ldap.so" { uri "ldapi:///"; base "ou=dns,ou=Services,dc=test,dc=local"; auth_method "simple"; bind_dn "uid=admin,dc=test,dc=local"; password "ldappassword"; server_id "server"; }; # systemctl restart bind9 # dig test.local. @localhost +short 127.0.0.1 ** Tags removed: verification-needed-jammy verification-needed-kinetic ** Tags added: verification-done-jammy verification-done-kinetic -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.39 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind9 source package in Focal: In Progress Status in bind-dyndb-ldap source package in Jammy: Fix Committed Status in bind9 source package in Jammy: Fix Released Status in bind-dyndb-ldap source package in Kinetic: Fix Committed Status in bind9 source package in Kinetic: Fix Released Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.39 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721 https://gitlab.isc.org/isc-projects/bind9/-/issues/3707 https://gitlab.isc.org/isc-projects/bind9/-/issues/3591 https://gitlab.isc.org/isc-projects/bind9/-/issues/3598 https://gitlab.isc.org/isc-projects/bind9/-/issues/3247 https://gitlab.isc.org/isc-projects/bind9/-/issues/2895 https://gitlab.isc.org/isc-projects/bind9/-/issues/3584 https://gitlab.isc.org/isc-projects/bind9/-/issues/3627 https://gitlab.isc.org/isc-projects/bind9/-/issues/3563 https://gitlab.isc.org/isc-projects/bind9/-/issues/3603 https://gitlab.isc.org/isc-projects/bind9/-/issues/3542 https://gitlab.isc.org/isc-projects/bind9/-/issues/3557 https://gitlab.isc.org/isc-projects/bind9/-/issues/2982 https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39
I flipped the tags back to verification-needed, but this applies to bind-dyndb-ldap, not bind (which was already released for jammy and kinetic even). ** Tags removed: verification-done-jammy verification-done-kinetic ** Tags added: verification-needed-jammy verification-needed-kinetic -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.39 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind9 source package in Focal: In Progress Status in bind-dyndb-ldap source package in Jammy: Fix Committed Status in bind9 source package in Jammy: Fix Released Status in bind-dyndb-ldap source package in Kinetic: Fix Committed Status in bind9 source package in Kinetic: Fix Released Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.39 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721 https://gitlab.isc.org/isc-projects/bind9/-/issues/3707 https://gitlab.isc.org/isc-projects/bind9/-/issues/3591 https://gitlab.isc.org/isc-projects/bind9/-/issues/3598 https://gitlab.isc.org/isc-projects/bind9/-/issues/3247 https://gitlab.isc.org/isc-projects/bind9/-/issues/2895 https://gitlab.isc.org/isc-projects/bind9/-/issues/3584 https://gitlab.isc.org/isc-projects/bind9/-/issues/3627 https://gitlab.isc.org/isc-projects/bind9/-/issues/3563 https://gitlab.isc.org/isc-projects/bind9/-/issues/3603 https://gitlab.isc.org/isc-projects/bind9/-/issues/3542 https://gitlab.isc.org/isc-projects/bind9/-/issues/3557 https://gitlab.isc.org/isc-projects/bind9/-/issues/2982 https://gitlab.isc.org/isc-projects/bind9/-/issues/3439 https://gitlab.isc.org/isc-projects/bind9/-/issues/3438 https://gitlab.isc.org/isc-projects/bind9/-/issues/2918 https://gitlab.isc.org/isc-projects/bind9/-/issues/3462 https://gitlab.isc.org/isc-projects/bind9/-/issues/3400 https://gitlab.isc.org/isc-projects/bind9/-/issues/3402 https://gitlab.isc.org/isc-projects/bind9/-/issues/3152 https://gitlab.isc.org/isc-projects/bind9/-/issues/3415 https://gitlab.isc.org/isc-projects/bind9/-/issues/2506 Jammy only: https://gitlab.isc.org/isc-projects/bind9/-/issues/3327 https://gitlab.isc.org/isc-projects/bind9/-/issues/3380 https://gitlab.isc.org/isc-projects/bind9/-/issues/3302 https://gitlab.isc.org/isc-projects/bind9/-/issues/2931 https://gitlab.isc.org/isc-projects/bind9/-/issues/3242 https://gitlab.isc.org/isc-projects/bind9/-/issues/3020 https://gitlab.isc.org/isc-projects/bind9/-/issues/3128 https://gitlab.isc.org/isc-projects/bind9/-/issues/3145 https://gitlab.isc.org/isc-projects/bind9/-/issues/3184 https://gitlab.isc.org/isc-projects/bind9/-/issues/3205 https://gitlab.isc.org/isc-projects/bind9/-/issues/3244 https://gitlab.isc.org/isc-projects/bind9/-/issues/3248 https://gitlab.isc.org/isc-projects/bind9/-/issues/3142 https://gitlab.isc.org/isc-projects/bind9/-/issues/3200 This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972 Full release notes for versions 9.18.2-9.18.12:
[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39
Hi all, what's the test plan for bind-dyndb-ldap? It's not in the bug description. From a few comments, I see that it was just an install test? That's a bit superficial, specially given the amount of patches that it got. There are also no DEP8 tests, nor build-time tests. I think we need a test run to show that bind can actually start with this plugin loaded. Not just a simple installation test, which is just about dependencies. Just installing the bind9-dyndb-ldap package doesn't cause bind9 to load the module. There could be unresolved symbols or even crashes at load time which we wouldn't know about if we just install the package. I suggest to follow this guide: https://wiki.debian.org/LDAP/OpenLDAPSetup#DNS.2FBind9 It relies on the schema and example ldif files shipped with the package, which, incidentally, don't work out of the box with openldap. This being a Redhat project, these files are customized for their LDAP server (389, purchased years ago from Netscape). That debian wiki has some "sed"s to adjust the config for openldap. It still needs some tiny changes for ubuntu, though: - admin dn is cn=admin,dc=example,dc=com (and not uid=admin,...) - the named apparmor profile needs to allow connecting to the ldapi:/// (or just switch to ldap://) - I'd suggest to use example.fake instead of example.com, because there is a real example.com, but that's minor This can even become a DEP8 test (hint!) -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2003586 Title: MRE Updates 9.18.12 / 9.16.39 Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind9 source package in Focal: In Progress Status in bind-dyndb-ldap source package in Jammy: Fix Committed Status in bind9 source package in Jammy: Fix Released Status in bind-dyndb-ldap source package in Kinetic: Fix Committed Status in bind9 source package in Kinetic: Fix Released Bug description: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 * Focal (20.04): bind9 9.16.39 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721 https://gitlab.isc.org/isc-projects/bind9/-/issues/3707 https://gitlab.isc.org/isc-projects/bind9/-/issues/3591 https://gitlab.isc.org/isc-projects/bind9/-/issues/3598 https://gitlab.isc.org/isc-projects/bind9/-/issues/3247 https://gitlab.isc.org/isc-projects/bind9/-/issues/2895 https://gitlab.isc.org/isc-projects/bind9/-/issues/3584 https://gitlab.isc.org/isc-projects/bind9/-/issues/3627 https://gitlab.isc.org/isc-projects/bind9/-/issues/3563 https://gitlab.isc.org/isc-projects/bind9/-/issues/3603 https://gitlab.isc.org/isc-projects/bind9/-/issues/3542 https://gitlab.isc.org/isc-projects/bind9/-/issues/3557 https://gitlab.isc.org/isc-projects/bind9/-/issues/2982 https://gitlab.isc.org/isc-projects/bind9/-/issues/3439 https://gitlab.isc.org/isc-projects/bind9/-/issues/3438 https://gitlab.isc.org/isc-projects/bind9/-/issues/2918 https://gitlab.isc.org/isc-projects/bind9/-/issues/3462 https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39
** Summary changed: - MRE Updates 9.18.12 / 9.16.36 + MRE Updates 9.18.12 / 9.16.39 ** Description changed: This bug tracks an update for the bind9 package, moving to versions: * Kinetic (22.10): bind9 9.18.12 * Jammy (22.04): bind9 9.18.12 - * Focal (20.04): bind9 9.16.36 + * Focal (20.04): bind9 9.16.39 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] For bind9 9.18.2-9.18.12, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2022-1183 CVE-2022-2795 CVE-2022-2881 CVE-2022-2906 CVE-2022-3080 CVE-2022-38178 CVE-2022-3094 CVE-2022-3736 CVE-2022-3924 Features: update-quota option named -V shows supported cryptographic algorithms Additional info given for recursion not available and query (cache) '...' denied outputs Jammy only (Kinetic already has these): Catalog Zones schema version 2 support in named DNS error support Stale Answer and Stale NXDOMAIN Answer remote TLS certificate verification support reusereport option Bug Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/3178 https://gitlab.isc.org/isc-projects/bind9/-/issues/3636 https://gitlab.isc.org/isc-projects/bind9/-/issues/3772 https://gitlab.isc.org/isc-projects/bind9/-/issues/3752 https://gitlab.isc.org/isc-projects/bind9/-/issues/3678 https://gitlab.isc.org/isc-projects/bind9/-/issues/3637 https://gitlab.isc.org/isc-projects/bind9/-/issues/3739 https://gitlab.isc.org/isc-projects/bind9/-/issues/3743 https://gitlab.isc.org/isc-projects/bind9/-/issues/3725 https://gitlab.isc.org/isc-projects/bind9/-/issues/3693 https://gitlab.isc.org/isc-projects/bind9/-/issues/3683 https://gitlab.isc.org/isc-projects/bind9/-/issues/3727 https://gitlab.isc.org/isc-projects/bind9/-/issues/3638 https://gitlab.isc.org/isc-projects/bind9/-/issues/3183 https://gitlab.isc.org/isc-projects/bind9/-/issues/3721 https://gitlab.isc.org/isc-projects/bind9/-/issues/3707 https://gitlab.isc.org/isc-projects/bind9/-/issues/3591 https://gitlab.isc.org/isc-projects/bind9/-/issues/3598 https://gitlab.isc.org/isc-projects/bind9/-/issues/3247 https://gitlab.isc.org/isc-projects/bind9/-/issues/2895 https://gitlab.isc.org/isc-projects/bind9/-/issues/3584 https://gitlab.isc.org/isc-projects/bind9/-/issues/3627 https://gitlab.isc.org/isc-projects/bind9/-/issues/3563 https://gitlab.isc.org/isc-projects/bind9/-/issues/3603 https://gitlab.isc.org/isc-projects/bind9/-/issues/3542 https://gitlab.isc.org/isc-projects/bind9/-/issues/3557 https://gitlab.isc.org/isc-projects/bind9/-/issues/2982 https://gitlab.isc.org/isc-projects/bind9/-/issues/3439 https://gitlab.isc.org/isc-projects/bind9/-/issues/3438 https://gitlab.isc.org/isc-projects/bind9/-/issues/2918 https://gitlab.isc.org/isc-projects/bind9/-/issues/3462 https://gitlab.isc.org/isc-projects/bind9/-/issues/3400 https://gitlab.isc.org/isc-projects/bind9/-/issues/3402 https://gitlab.isc.org/isc-projects/bind9/-/issues/3152 https://gitlab.isc.org/isc-projects/bind9/-/issues/3415 https://gitlab.isc.org/isc-projects/bind9/-/issues/2506 Jammy only: https://gitlab.isc.org/isc-projects/bind9/-/issues/3327 https://gitlab.isc.org/isc-projects/bind9/-/issues/3380 https://gitlab.isc.org/isc-projects/bind9/-/issues/3302 https://gitlab.isc.org/isc-projects/bind9/-/issues/2931 https://gitlab.isc.org/isc-projects/bind9/-/issues/3242 https://gitlab.isc.org/isc-projects/bind9/-/issues/3020 https://gitlab.isc.org/isc-projects/bind9/-/issues/3128 https://gitlab.isc.org/isc-projects/bind9/-/issues/3145 https://gitlab.isc.org/isc-projects/bind9/-/issues/3184 https://gitlab.isc.org/isc-projects/bind9/-/issues/3205 https://gitlab.isc.org/isc-projects/bind9/-/issues/3244 https://gitlab.isc.org/isc-projects/bind9/-/issues/3248 https://gitlab.isc.org/isc-projects/bind9/-/issues/3142 https://gitlab.isc.org/isc-projects/bind9/-/issues/3200 This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972 Full release notes for versions 9.18.2-9.18.12: https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for- bind-9-18-12 - For bind9 9.16.2-9.16.39, major changes include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619, CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8625 CVE-2021-25214 CVE-2021-25215 CVE-2021-25219 CVE-2021-25220 CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 CVE-2022-3094 Features: update-quota option parental-agents configuration option stale-refresh-time configuration option stale-cache-enable configuration option purge-keys and nsec3param options in dnssec-policy max-ixfr-ratio option