Ubuntu
bind9 package

FFE: (mostly) bugfix release 9.11.3

Bug #1763572 reported by Timo Aaltonen
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

I'd like to see bind 9.11.3 in bionic. Upstream release notes are at
https://ftp.isc.org/isc/bind9/9.11.3/RELEASE-NOTES-bind-9.11.3.html

While it has several security and other bug fixes, there are some feature changes too:

- named will no longer start or accept reconfiguration if managed-keys or dnssec-validation auto are in use and the managed-keys directory (specified by managed-keys-directory, and defaulting to the working directory if not specified), is not writable by the effective user ID. [RT #46077]

- Previously, update-policy local; accepted updates from any source so long as they were signed by the locally-generated session key. This has been further restricted; updates are now only accepted from locally configured addresses. [RT #45492]

- dig +ednsopt now accepts the names for EDNS options in addition to numeric values. For example, an EDNS Client-Subnet option could be sent using dig +ednsopt=ecs:.... Thanks to John Worley of Secure64 for the contribution. [RT #44461]

- Threads in named are now set to human-readable names to assist debugging on operating systems that support that. Threads will have names such as "isc-timer", "isc-sockmgr", "isc-worker0001", and so on. This will affect the reporting of subsidiary thread names in ps and top, but not the main thread. [RT #43234]

- DiG now warns about .local queries which are reserved for Multicast DNS. [RT #44783]

This release also fixes a crash if bind is configured for a freeipa server with ipa-dns-install.

Timo Aaltonen (tjaalton)
summary: - FFE: bugfix release 9.11.3
+ FFE: (mostly) bugfix release 9.11.3
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

isc-dhcp and bind-dyndb-ldap would need to be rebuilt after the update landed

Revision history for this message
Łukasz Zemczak (sil2100) wrote :

That's a rather big thing so close to release. But yeah, FFe approved.

Changed in bind9 (Ubuntu):
status: New → Triaged
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.11.3+dfsg-1ubuntu1

---------------
bind9 (1:9.11.3+dfsg-1ubuntu1) bionic; urgency=low

  * New upstream release. (LP: #1763572)
    - fix a crash when configured with ipa-dns-install
  * Merge from Debian unstable. Remaining changes:
    - Build without lmdb support as that package is in Universe

bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium

  [ Bernhard Schmidt ]
  * New upstream version 9.11.3+dfsg
    (Closes: #867570, #888463)
    - Refresh patches
    - Drop stdatomic.h patches applied upstream
  * Follow SONAME bump of libdns
  * Follow SONAME bump of libisc
  * Add missing symbols for libisccfg160
  * Add python3-distutils Build-Dependency
  * Drop Priority: standard for library packages
  * Fix apparmor profile name (Closes: #893005)
    Thanks to Andreas Hasenack
  * Update bind9-host description (Closes: #729561)
  * Add flags=(attach_disconnected) to AppArmor profile to prepare
    to use more systemd hardening options, see #863841
  * Add myself to Uploaders

  [ Ondřej Surý ]
  * Update Vcs-* links to salsa.d.o

 -- Timo Aaltonen <email address hidden> Fri, 13 Apr 2018 07:40:47 +0300

Changed in bind9 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.