subject:"\[Freeipa\] \[Bug 2003586\] Re\: MRE Updates 9.18.12 \/ 9.16.39"

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

2024-04-09 Thread Lena Voytek

Focal was updated to the latest 9.16.x version by security in
1:9.16.48-0ubuntu0.20.04.1, marking fix released

** Changed in: bind9 (Ubuntu Focal)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.39

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind9 source package in Focal:
  Fix Released
Status in bind-dyndb-ldap source package in Jammy:
  Fix Released
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Released
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.39

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3200

  This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972

  Full release notes for versions 9.18.2-9.18.12:
  https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
  bind-9-18-12

  For bind9 9.16.2-9.16.39, major

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

2023-04-13 Thread Launchpad Bug Tracker

This bug was fixed in the package bind-dyndb-ldap -
11.9-5ubuntu0.22.04.1

---
bind-dyndb-ldap (11.9-5ubuntu0.22.04.1) jammy; urgency=medium

  * Fix bind-dyndb-ldap build against bind9 9.18.12 (LP: #2003586):
- d/p/hardcode-version.diff: Update defined LIBDNS version from bind9 to be
  1812, provided by bind9 9.18.12
- d/p/fix-dns_db_allrdatasets.patch: Modify calls to dns_db_allrdatasets()
  for bind9 9.18.10+ since the function has a new parameter
- d/p/fix-include.patch: Include isc/rwlock.h in dns/zt.h to fix build
  since isrwlock is used in this file
- d/p/fix-isc-error.patch: Fix the use of the fatal_error macro as its
  arguments have changed
- d/p/make-dscp-optional.patch: Do not require DSCP codes for bind9 9.18.11
  and above as their support was removed in that version
- d/control: Require bind9 9.18.12 or above

 -- Lena Voytek   Thu, 09 Mar 2023 15:06:25
-0700

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.39

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind9 source package in Focal:
  In Progress
Status in bind-dyndb-ldap source package in Jammy:
  Fix Released
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Released
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.39

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

2023-04-13 Thread Launchpad Bug Tracker

This bug was fixed in the package bind-dyndb-ldap -
11.10-1ubuntu0.22.10.1

---
bind-dyndb-ldap (11.10-1ubuntu0.22.10.1) kinetic; urgency=medium

  * Fix bind-dyndb-ldap build against bind9 9.18.12 (LP: #2003586):
- d/p/hardcode-version.diff: Update defined LIBDNS version from bind9 to be
  1812, provided by bind9 9.18.12
- d/p/fix-dns_db_allrdatasets.patch: Modify calls to dns_db_allrdatasets()
  for bind9 9.18.10+ since the function has a new parameter
- d/p/fix-include.patch: Include isc/rwlock.h in dns/zt.h to fix build
  since isrwlock is used in this file
- d/p/fix-isc-error.patch: Fix the use of the fatal_error macro as its
  arguments have changed
- d/p/make-dscp-optional.patch: Do not require DSCP codes for bind9 9.18.11
  and above as their support was removed in that version
- d/control: Require bind9 9.18.12 or above

 -- Lena Voytek   Wed, 08 Mar 2023 14:52:32
-0700

** Changed in: bind-dyndb-ldap (Ubuntu Kinetic)
   Status: Fix Committed => Fix Released

** Changed in: bind-dyndb-ldap (Ubuntu Jammy)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.39

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind9 source package in Focal:
  In Progress
Status in bind-dyndb-ldap source package in Jammy:
  Fix Released
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Released
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.39

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

2023-04-13 Thread Andreas Hasenack

I verified the test results for bind-dyndb-ldap and am satisfied that
they show the executed planned test case, and that the results are
correct.

I noticed that this upload happens to (very probably) also fix bug
#1978849, which was missed in the changelog/changes file. I added a
comment to the bug asking for verification from the reporters.

The package built correctly in all architectures and Ubuntu releases it
was meant for.

This package does not have DEP8 tests (yet: they are coming!)

There is no SRU freeze ongoing at the moment.

There is no halted phasing on the previous update.

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.39

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind9 source package in Focal:
  In Progress
Status in bind-dyndb-ldap source package in Jammy:
  Fix Released
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Released
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.39

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

2023-04-10 Thread Lena Voytek

Verified for Jammy + Kinetic based on 
https://wiki.debian.org/LDAP/OpenLDAPSetup#DNS.2FBind9
I've also started on a DEP-8 test based on my testing

# lxc launch images:ubuntu/{kinetic, jammy} test-bind-dyndb-ldap
# lxc exec test-bind-dyndb-ldap bash

# apt update && apt dist-upgrade -y

# cat  Enter new LDAP password

> Update /etc/ldap/ldap.conf to have
BASEdc=test,dc=local
URI ldap://ldap.test.local

# zcat /usr/share/doc/bind9-dyndb-ldap/schema.ldif.gz | sed 
's/^attributeTypes:/olcAttributeTypes:/;
 s/^objectClasses:/olcObjectClasses:/;
 1,/1.3.6.1.4.1.2428.20.0.0/ {/1.3.6.1.4.1.2428.20.0.0/!s/^/#/};
 1idn: cn=dns,cn=schema,cn=config\nobjectClass: olcSchemaConfig
' >> /tmp/dns.schema

# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /tmp/dns.schema

adding new entry "cn=dns,cn=schema,cn=config"

ldapmodify -Q -Y EXTERNAL -H ldapi:/// < Add the following to /etc/bind/named.conf.local

dyndb "test_local_ldap" "/usr/lib/bind/ldap.so" {
uri "ldapi:///";
base "ou=dns,ou=Services,dc=test,dc=local";
auth_method "simple";
bind_dn "uid=admin,dc=test,dc=local";
password "ldappassword";
server_id "server";
};

# systemctl restart bind9

# dig test.local. @localhost +short
127.0.0.1



** Tags removed: verification-needed-jammy verification-needed-kinetic
** Tags added: verification-done-jammy verification-done-kinetic

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.39

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind9 source package in Focal:
  In Progress
Status in bind-dyndb-ldap source package in Jammy:
  Fix Committed
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Committed
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.39

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

2023-04-06 Thread Andreas Hasenack

I flipped the tags back to verification-needed, but this applies to
bind-dyndb-ldap, not bind (which was already released for jammy and
kinetic even).

** Tags removed: verification-done-jammy verification-done-kinetic
** Tags added: verification-needed-jammy verification-needed-kinetic

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.39

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind9 source package in Focal:
  In Progress
Status in bind-dyndb-ldap source package in Jammy:
  Fix Committed
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Committed
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.39

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3200

  This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972

  Full release notes for versions 9.18.2-9.18.12:

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

2023-04-06 Thread Andreas Hasenack

Hi all,

what's the test plan for bind-dyndb-ldap? It's not in the bug
description. From a few comments, I see that it was just an install
test? That's a bit superficial, specially given the amount of patches
that it got. There are also no DEP8 tests, nor build-time tests.

I think we need a test run to show that bind can actually start with
this plugin loaded. Not just a simple installation test, which is just
about dependencies. Just installing the bind9-dyndb-ldap package doesn't
cause bind9 to load the module. There could be unresolved symbols or
even crashes at load time which we wouldn't know about if we just
install the package.

I suggest to follow this guide:
https://wiki.debian.org/LDAP/OpenLDAPSetup#DNS.2FBind9

It relies on the schema and example ldif files shipped with the package,
which, incidentally, don't work out of the box with openldap. This being
a Redhat project, these files are customized for their LDAP server (389,
purchased years ago from Netscape). That debian wiki has some "sed"s to
adjust the config for openldap.

It still needs some tiny changes for ubuntu, though:
- admin dn is cn=admin,dc=example,dc=com (and not uid=admin,...)
- the named apparmor profile needs to allow connecting to the ldapi:/// (or 
just switch to ldap://)
- I'd suggest to use example.fake instead of example.com, because there is a 
real example.com, but that's minor

This can even become a DEP8 test (hint!)

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to bind-dyndb-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/2003586

Title:
  MRE Updates 9.18.12 / 9.16.39

Status in bind-dyndb-ldap package in Ubuntu:
  Fix Released
Status in bind9 package in Ubuntu:
  Fix Released
Status in bind9 source package in Focal:
  In Progress
Status in bind-dyndb-ldap source package in Jammy:
  Fix Committed
Status in bind9 source package in Jammy:
  Fix Released
Status in bind-dyndb-ldap source package in Kinetic:
  Fix Committed
Status in bind9 source package in Kinetic:
  Fix Released

Bug description:
  This bug tracks an update for the bind9 package, moving to versions:

  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
  * Focal (20.04): bind9 9.16.39

  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.

  [Upstream changes]

  For bind9 9.18.2-9.18.12, major changes include:

  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924

  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs

  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option

  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

2023-03-30 Thread Lena Voytek

** Summary changed:

- MRE Updates 9.18.12 / 9.16.36
+ MRE Updates 9.18.12 / 9.16.39

** Description changed:

  This bug tracks an update for the bind9 package, moving to versions:
  
  * Kinetic (22.10): bind9 9.18.12
  * Jammy (22.04): bind9 9.18.12
- * Focal (20.04): bind9 9.16.36
+ * Focal (20.04): bind9 9.16.39
  
  These updates include bug fixes following the SRU policy exception
  defined at https://wiki.ubuntu.com/Bind9Updates.
  
  [Upstream changes]
  
  For bind9 9.18.2-9.18.12, major changes include:
  
  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2022-1183
  CVE-2022-2795
  CVE-2022-2881
  CVE-2022-2906
  CVE-2022-3080
  CVE-2022-38178
  CVE-2022-3094
  CVE-2022-3736
  CVE-2022-3924
  
  Features:
  update-quota option
  named -V shows supported cryptographic algorithms
  Additional info given for recursion not available and query (cache) '...' 
denied outputs
  
  Jammy only (Kinetic already has these):
  Catalog Zones schema version 2 support in named
  DNS error support Stale Answer and Stale NXDOMAIN Answer
  remote TLS certificate verification support
  reusereport option
  
  Bug Fixes:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
  Jammy only:
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
  https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
  https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
  
  This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
  
  Full release notes for versions 9.18.2-9.18.12:
  https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-
  bind-9-18-12
- 
  
  For bind9 9.16.2-9.16.39, major changes include:
  
  CVE fixes (These already existed as patches but are now included as part of 
upstream):
  CVE-2020-8616
  CVE-2020-8617
  CVE-2020-8618
  CVE-2020-8619,
  CVE-2020-8620
  CVE-2020-8621
  CVE-2020-8622
  CVE-2020-8623
  CVE-2020-8624
  CVE-2020-8625
  CVE-2021-25214
  CVE-2021-25215
  CVE-2021-25219
  CVE-2021-25220
  CVE-2022-2795
  CVE-2022-38177
  CVE-2022-38178
  CVE-2022-3094
  
  Features:
  update-quota option
  parental-agents configuration option
  stale-refresh-time configuration option
  stale-cache-enable configuration option
  purge-keys and nsec3param options in dnssec-policy
  max-ixfr-ratio option

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

[Freeipa] [Bug 2003586] Re: MRE Updates 9.18.12 / 9.16.39

8 matches

Site Navigation

Mail list logo

Footer information