bind9 FTBFS in bionic, regression in updates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| bind9 (Ubuntu) |
Undecided
|
Unassigned | ||
| Bionic |
Undecided
|
Unassigned |
Bug Description
[Impact]
* when building bind9 with openssl 1.1.1 it picks up a new feature and exposes symbols in shared libraries to support it
* this is problematic, as abi symbols of the shared library are changed based on the build-time version of OpenSSL
* in later releases bind9 configuration option were tweaked to prevent autodetection and enablement of the new feature. Similar fix was applied in disco and unstable
[Test Case]
* add-apt-repository ppa:ci-
* rebuild the package
* it should complete the build successfully without any "missing symbols" reported
[Regression Potential]
* We are rebuilding the binaries, however, the test suite passes correctly with both old and new openssl without regressions.
Changed in bind9 (Ubuntu): | |
status: | New → Fix Released |
Changed in bind9 (Ubuntu Bionic): | |
status: | New → In Progress |
tags: | added: id-5c6196e9e3e4c51dd370ee15 |
Changed in bind9 (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
tags: | added: verification-needed verification-needed-bionic |
Dimitri John Ledkov (xnox) wrote : | #2 |
rebuilt bind9 1:9.11.
tags: |
added: verification-done verification-done-bionic removed: verification-needed verification-needed-bionic |
Launchpad Janitor (janitor) wrote : | #3 |
This bug was fixed in the package bind9 - 1:9.11.
---------------
bind9 (1:9.11.
* SECURITY UPDATE: memory leak via specially crafted packet
- debian/
options in bin/named/client.c.
- CVE-2018-5744
* SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
unsupported key algorithm when using managed-keys
- debian/
the key tag cannot be computed in lib/dns/
lib/
- CVE-2018-5745
* SECURITY UPDATE: Controls for zone transfers may not be properly
applied to Dynamically Loadable Zones (DLZs) if the zones are writable
- debian/
the zone table as a DLZ zone bin/named/xfrout.c.
- CVE-2019-6465
-- Marc Deslauriers <email address hidden> Wed, 20 Feb 2019 09:10:34 +0100
Changed in bind9 (Ubuntu Bionic): | |
status: | Fix Committed → Fix Released |
Hello Dimitri, or anyone else affected,
Accepted bind9 into bionic-proposed. The package will build now and be available at https:/ /launchpad. net/ubuntu/ +source/ bind9/1: 9.11.3+ dfsg-1ubuntu1. 4 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification- needed- bionic to verification- done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed- bionic. In either case, without details of your testing we will not be able to proceed.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance for helping!
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.