FFE: (mostly) bugfix release 9.11.3

Bug #1763572 reported by Timo Aaltonen on 2018-04-13
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Undecided
Unassigned

Bug Description

I'd like to see bind 9.11.3 in bionic. Upstream release notes are at
https://ftp.isc.org/isc/bind9/9.11.3/RELEASE-NOTES-bind-9.11.3.html

While it has several security and other bug fixes, there are some feature changes too:

- named will no longer start or accept reconfiguration if managed-keys or dnssec-validation auto are in use and the managed-keys directory (specified by managed-keys-directory, and defaulting to the working directory if not specified), is not writable by the effective user ID. [RT #46077]

- Previously, update-policy local; accepted updates from any source so long as they were signed by the locally-generated session key. This has been further restricted; updates are now only accepted from locally configured addresses. [RT #45492]

- dig +ednsopt now accepts the names for EDNS options in addition to numeric values. For example, an EDNS Client-Subnet option could be sent using dig +ednsopt=ecs:.... Thanks to John Worley of Secure64 for the contribution. [RT #44461]

- Threads in named are now set to human-readable names to assist debugging on operating systems that support that. Threads will have names such as "isc-timer", "isc-sockmgr", "isc-worker0001", and so on. This will affect the reporting of subsidiary thread names in ps and top, but not the main thread. [RT #43234]

- DiG now warns about .local queries which are reserved for Multicast DNS. [RT #44783]

This release also fixes a crash if bind is configured for a freeipa server with ipa-dns-install.

Timo Aaltonen (tjaalton) on 2018-04-13
summary: - FFE: bugfix release 9.11.3
+ FFE: (mostly) bugfix release 9.11.3
Timo Aaltonen (tjaalton) wrote :

isc-dhcp and bind-dyndb-ldap would need to be rebuilt after the update landed

Łukasz Zemczak (sil2100) wrote :

That's a rather big thing so close to release. But yeah, FFe approved.

Changed in bind9 (Ubuntu):
status: New → Triaged
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.11.3+dfsg-1ubuntu1

---------------
bind9 (1:9.11.3+dfsg-1ubuntu1) bionic; urgency=low

  * New upstream release. (LP: #1763572)
    - fix a crash when configured with ipa-dns-install
  * Merge from Debian unstable. Remaining changes:
    - Build without lmdb support as that package is in Universe

bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium

  [ Bernhard Schmidt ]
  * New upstream version 9.11.3+dfsg
    (Closes: #867570, #888463)
    - Refresh patches
    - Drop stdatomic.h patches applied upstream
  * Follow SONAME bump of libdns
  * Follow SONAME bump of libisc
  * Add missing symbols for libisccfg160
  * Add python3-distutils Build-Dependency
  * Drop Priority: standard for library packages
  * Fix apparmor profile name (Closes: #893005)
    Thanks to Andreas Hasenack
  * Update bind9-host description (Closes: #729561)
  * Add flags=(attach_disconnected) to AppArmor profile to prepare
    to use more systemd hardening options, see #863841
  * Add myself to Uploaders

  [ Ondřej Surý ]
  * Update Vcs-* links to salsa.d.o

 -- Timo Aaltonen <email address hidden> Fri, 13 Apr 2018 07:40:47 +0300

Changed in bind9 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers