Backport of bind9 for focal, jammy and noble

Bug #2073310 reported by Bryce Harrington
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind-dyndb-ldap (Ubuntu)
In Progress
Undecided
Lena Voytek
Focal
Fix Committed
Undecided
Lena Voytek
Jammy
Fix Committed
Undecided
Lena Voytek
Noble
Fix Committed
Undecided
Lena Voytek
bind9 (Ubuntu)
In Progress
Wishlist
Lena Voytek
Focal
Fix Committed
Undecided
Lena Voytek
Jammy
Fix Committed
Undecided
Lena Voytek
Noble
Fix Committed
Undecided
Lena Voytek

Bug Description

This bug tracks an update for the bind9 package, moving to versions:

* Noble (24.04): bind9 9.18.30
* Jammy (22.04): bind9 9.18.30
* Focal (20.04): bind9 9.18.30

These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.

[Upstream changes]

Changes from 9.18.28 - 9.18.30 include:

Features:

Print initial working directory during named startup, and changed working directory when loading or reloading the configuration file
Add max-query-restarts configuration statement

Updates:

Restrain named to specified number of cores when running via taskset, cpuset, or numactl
Reduce default max-recursion-queries value from 100 to 32
Raise the log level of priming failures

Bug fixes:

https://gitlab.isc.org/isc-projects/bind9/-/issues/4855 - Fix privacy verification of EDDSA keys
https://gitlab.isc.org/isc-projects/bind9/-/issues/4878 - Fix algorithm rollover bug when there are two keys with the same keytag
https://gitlab.isc.org/isc-projects/bind9/-/issues/4449 - Return SERVFAIL for a too long CNAME chain
https://gitlab.isc.org/isc-projects/bind9/-/issues/4733 - Reconfigure catz member zones during named reconfiguration
https://gitlab.isc.org/isc-projects/bind9/-/issues/4677 - Update key lifetime and metadata after dnssec-policy reconfiguration
https://gitlab.isc.org/isc-projects/bind9/-/issues/4766 - Fix generation of 6to4-self name expansion from IPv4 address
https://gitlab.isc.org/isc-projects/bind9/-/issues/4796 - Fix invalid dig +yaml output
https://gitlab.isc.org/isc-projects/bind9/-/issues/4775 - Reject zero-length ALPN during SVBC ALPN text parsing
https://gitlab.isc.org/isc-projects/bind9/-/issues/4784 - Fix false QNAME minimisation error being reported
https://gitlab.isc.org/isc-projects/bind9/-/issues/4806 - Fix dig +timeout argument when using +https

Full release notes available here - https://bind9.readthedocs.io/en/v9.18.30/notes.html

[Test Plan]

DEP-8 Tests:

simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9

zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up

dyndb-ldap - Verifies functionality of bind-dyndb-ldap against the updated bind9 package with a basic setup. This also fails intentionally prior to bind-dyndb-ldap being rebuilt against the package, as this is a necessary step for bind9 updates.

validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall

[Regression Potential]

Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates.

Related branches

Bryce Harrington (bryce)
Changed in bind9 (Ubuntu):
importance: Undecided → Wishlist
milestone: none → ubuntu-24.08
Lena Voytek (lvoytek)
Changed in bind9 (Ubuntu):
assignee: nobody → Lena Voytek (lvoytek)
Changed in bind9 (Ubuntu Jammy):
assignee: nobody → Lena Voytek (lvoytek)
Changed in bind9 (Ubuntu Focal):
assignee: nobody → Lena Voytek (lvoytek)
Changed in bind9 (Ubuntu Noble):
assignee: nobody → Lena Voytek (lvoytek)
Changed in bind9 (Ubuntu):
milestone: ubuntu-24.08 → ubuntu-24.09
Revision history for this message
Lena Voytek (lvoytek) wrote :

9.18.30 was just released so now is the ideal time to update. noble, jammy, and focal all match now after the recent security vulnerabilities, so all will be updated from 9.18.28 to 9.18.30

Changed in bind9 (Ubuntu):
status: New → In Progress
Changed in bind9 (Ubuntu Focal):
status: New → In Progress
Changed in bind9 (Ubuntu Jammy):
status: New → In Progress
Changed in bind9 (Ubuntu Noble):
status: New → In Progress
Lena Voytek (lvoytek)
Changed in bind-dyndb-ldap (Ubuntu):
status: New → In Progress
Changed in bind-dyndb-ldap (Ubuntu Focal):
status: New → In Progress
Changed in bind-dyndb-ldap (Ubuntu Jammy):
status: New → In Progress
Changed in bind-dyndb-ldap (Ubuntu Noble):
status: New → In Progress
Changed in bind-dyndb-ldap (Ubuntu):
assignee: nobody → Lena Voytek (lvoytek)
Changed in bind-dyndb-ldap (Ubuntu Focal):
assignee: nobody → Lena Voytek (lvoytek)
Changed in bind-dyndb-ldap (Ubuntu Jammy):
assignee: nobody → Lena Voytek (lvoytek)
Changed in bind-dyndb-ldap (Ubuntu Noble):
assignee: nobody → Lena Voytek (lvoytek)
Lena Voytek (lvoytek)
description: updated
Lena Voytek (lvoytek)
Changed in bind-dyndb-ldap (Ubuntu):
milestone: none → ubuntu-24.09
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Bryce, or anyone else affected,

Accepted bind9 into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.18.30-0ubuntu0.24.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in bind9 (Ubuntu Noble):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-noble
Changed in bind9 (Ubuntu Jammy):
status: In Progress → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Bryce, or anyone else affected,

Accepted bind9 into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.18.30-0ubuntu0.22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in bind9 (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Bryce, or anyone else affected,

Accepted bind9 into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.18.30-0ubuntu0.20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (bind9/1:9.18.30-0ubuntu0.20.04.1)

All autopkgtests for the newly accepted bind9 (1:9.18.30-0ubuntu0.20.04.1) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

bind9/1:9.18.30-0ubuntu0.20.04.1 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#bind9

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (bind9/1:9.18.30-0ubuntu0.22.04.1)

All autopkgtests for the newly accepted bind9 (1:9.18.30-0ubuntu0.22.04.1) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

bind-dyndb-ldap/11.9-5ubuntu0.22.04.8 (amd64, arm64, ppc64el, s390x)
bind9/1:9.18.30-0ubuntu0.22.04.1 (amd64, arm64, ppc64el, s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#bind9

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Andreas Hasenack (ahasenack) wrote : Please test proposed package

Hello Bryce, or anyone else affected,

Accepted bind-dyndb-ldap into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind-dyndb-ldap/11.10-6ubuntu11.24.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in bind-dyndb-ldap (Ubuntu Noble):
status: In Progress → Fix Committed
Changed in bind-dyndb-ldap (Ubuntu Jammy):
status: In Progress → Fix Committed
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Hello Bryce, or anyone else affected,

Accepted bind-dyndb-ldap into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind-dyndb-ldap/11.9-5ubuntu0.22.04.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Hello Bryce, or anyone else affected,

Accepted bind-dyndb-ldap into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind-dyndb-ldap/11.2-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in bind-dyndb-ldap (Ubuntu Focal):
status: In Progress → Fix Committed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.