2023-01-20 21:24:52 |
Lena Voytek |
bug |
|
|
added bug |
2023-01-20 21:25:08 |
Lena Voytek |
nominated for series |
|
Ubuntu Kinetic |
|
2023-01-20 21:25:08 |
Lena Voytek |
bug task added |
|
bind9 (Ubuntu Kinetic) |
|
2023-01-20 21:25:08 |
Lena Voytek |
nominated for series |
|
Ubuntu Focal |
|
2023-01-20 21:25:08 |
Lena Voytek |
bug task added |
|
bind9 (Ubuntu Focal) |
|
2023-01-20 21:25:08 |
Lena Voytek |
nominated for series |
|
Ubuntu Jammy |
|
2023-01-20 21:25:08 |
Lena Voytek |
bug task added |
|
bind9 (Ubuntu Jammy) |
|
2023-01-20 21:25:15 |
Lena Voytek |
bind9 (Ubuntu): status |
New |
Fix Released |
|
2023-01-20 21:25:20 |
Lena Voytek |
bind9 (Ubuntu Focal): assignee |
|
Lena Voytek (lvoytek) |
|
2023-01-20 21:25:24 |
Lena Voytek |
bind9 (Ubuntu Jammy): assignee |
|
Lena Voytek (lvoytek) |
|
2023-01-20 21:25:26 |
Lena Voytek |
bind9 (Ubuntu Kinetic): assignee |
|
Lena Voytek (lvoytek) |
|
2023-01-20 21:25:30 |
Lena Voytek |
bind9 (Ubuntu Jammy): status |
New |
In Progress |
|
2023-01-20 21:25:33 |
Lena Voytek |
bind9 (Ubuntu Kinetic): status |
New |
In Progress |
|
2023-01-27 14:54:00 |
Lena Voytek |
summary |
MRE Updates 9.18.10 / 9.16.36 |
MRE Updates 9.18.11 / 9.16.36 |
|
2023-02-02 20:36:35 |
Lena Voytek |
description |
bind9 on Jammy currently suffers from a lot of bugs on dig/host and related tools. It would be very good to MRE it, especially because the upstream community seems very organized and their release model kind of fits with what we have in Ubuntu.
Alongside adding additional tests (LP: #2003584) Kinetic, Jammy, and Focal should be updated with the most recent respective microreleases. |
bind9 on Jammy currently suffers from a lot of bugs on dig/host and related tools. It would be very good to MRE it, especially because the upstream community seems very organized and their release model kind of fits with what we have in Ubuntu.
Alongside adding additional DEP-8 testing (LP: #2003584) Kinetic, Jammy, and Focal should be updated with the most recent respective microreleases.
[Impact]
MRE for latest stable release fixes in bind9 version 9.18 for Kinetic and Jammy, and version 9.16 for Focal
[Major Changes]
For bind9 9.18.2-9.18.11, major changes include:
CVE fixes:
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs #1258003 and #1970252
Full release notes for versions 9.18.2-9.18.11: https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-bind-9-18-11
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will show that there was a communication error with addresses it did not get a response from
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this also leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will again show that there was a communication error with addresses it did not get a response from and finish running through all addresses
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
|
2023-02-02 20:42:51 |
Lena Voytek |
description |
bind9 on Jammy currently suffers from a lot of bugs on dig/host and related tools. It would be very good to MRE it, especially because the upstream community seems very organized and their release model kind of fits with what we have in Ubuntu.
Alongside adding additional DEP-8 testing (LP: #2003584) Kinetic, Jammy, and Focal should be updated with the most recent respective microreleases.
[Impact]
MRE for latest stable release fixes in bind9 version 9.18 for Kinetic and Jammy, and version 9.16 for Focal
[Major Changes]
For bind9 9.18.2-9.18.11, major changes include:
CVE fixes:
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs #1258003 and #1970252
Full release notes for versions 9.18.2-9.18.11: https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-bind-9-18-11
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will show that there was a communication error with addresses it did not get a response from
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this also leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will again show that there was a communication error with addresses it did not get a response from and finish running through all addresses
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
bind9 on Jammy currently suffers from a lot of bugs on dig/host and related tools. It would be very good to MRE it, especially because the upstream community seems very organized and their release model kind of fits with what we have in Ubuntu.
Alongside adding additional DEP-8 testing (LP: #2003584) Kinetic, Jammy, and Focal should be updated with the most recent respective microreleases.
[Impact]
MRE for latest stable release fixes in bind9 version 9.18 for Kinetic and Jammy, and version 9.16 for Focal
[Major Changes]
For bind9 9.18.2-9.18.11, major changes include:
CVE fixes:
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003 and LP: #1970252
Full release notes for versions 9.18.2-9.18.11: https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-bind-9-18-11
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will show that there was a communication error with addresses it did not get a response from
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this also leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will again show that there was a communication error with addresses it did not get a response from and finish running through all addresses
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
|
2023-02-02 20:53:36 |
Simon Déziel |
bug |
|
|
added subscriber Simon Déziel |
2023-02-02 21:14:40 |
Lena Voytek |
merge proposal linked |
|
https://code.launchpad.net/~lvoytek/ubuntu/+source/bind9/+git/bind9/+merge/436801 |
|
2023-02-13 20:00:16 |
Lena Voytek |
description |
bind9 on Jammy currently suffers from a lot of bugs on dig/host and related tools. It would be very good to MRE it, especially because the upstream community seems very organized and their release model kind of fits with what we have in Ubuntu.
Alongside adding additional DEP-8 testing (LP: #2003584) Kinetic, Jammy, and Focal should be updated with the most recent respective microreleases.
[Impact]
MRE for latest stable release fixes in bind9 version 9.18 for Kinetic and Jammy, and version 9.16 for Focal
[Major Changes]
For bind9 9.18.2-9.18.11, major changes include:
CVE fixes:
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003 and LP: #1970252
Full release notes for versions 9.18.2-9.18.11: https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-bind-9-18-11
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will show that there was a communication error with addresses it did not get a response from
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this also leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will again show that there was a communication error with addresses it did not get a response from and finish running through all addresses
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
bind9 on Jammy currently suffers from a lot of bugs on dig/host and related tools. It would be very good to MRE it, especially because the upstream community seems very organized and their release model kind of fits with what we have in Ubuntu.
Alongside adding additional DEP-8 testing (LP: #2003584) Kinetic, Jammy, and Focal should be updated with the most recent respective microreleases.
[Impact]
MRE for latest stable release fixes in bind9 version 9.18 for Kinetic and Jammy, and version 9.16 for Focal
[Major Changes]
For bind9 9.18.2-9.18.11, major changes include:
CVE fixes:
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.11: https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-bind-9-18-11
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will show that there was a communication error with addresses it did not get a response from
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this also leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will again show that there was a communication error with addresses it did not get a response from and finish running through all addresses
Test for LP: #2006972 fix:
# lxc launch images:ubuntu/jammy test-bind9
# lxc exec test-bind9 bash
# apt update && apt dist-upgrade
# apt install bind9
# cat <<EOF >/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
listen-on-v6 { any; };
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
};
EOF
# named-checkconf
- Before the update this fails since named is looking for filter-aaaa.so in /usr/lib/x86_64-linux-gnu/named instead of the correct location /usr/lib/x86_64-linux-gnu/bind. After the fix named-checkconf succeeds.
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
|
2023-02-13 22:06:54 |
Lena Voytek |
merge proposal linked |
|
https://code.launchpad.net/~lvoytek/ubuntu/+source/bind9/+git/bind9/+merge/437223 |
|
2023-03-06 20:19:59 |
Lena Voytek |
description |
bind9 on Jammy currently suffers from a lot of bugs on dig/host and related tools. It would be very good to MRE it, especially because the upstream community seems very organized and their release model kind of fits with what we have in Ubuntu.
Alongside adding additional DEP-8 testing (LP: #2003584) Kinetic, Jammy, and Focal should be updated with the most recent respective microreleases.
[Impact]
MRE for latest stable release fixes in bind9 version 9.18 for Kinetic and Jammy, and version 9.16 for Focal
[Major Changes]
For bind9 9.18.2-9.18.11, major changes include:
CVE fixes:
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.11: https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-bind-9-18-11
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will show that there was a communication error with addresses it did not get a response from
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this also leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will again show that there was a communication error with addresses it did not get a response from and finish running through all addresses
Test for LP: #2006972 fix:
# lxc launch images:ubuntu/jammy test-bind9
# lxc exec test-bind9 bash
# apt update && apt dist-upgrade
# apt install bind9
# cat <<EOF >/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
listen-on-v6 { any; };
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
};
EOF
# named-checkconf
- Before the update this fails since named is looking for filter-aaaa.so in /usr/lib/x86_64-linux-gnu/named instead of the correct location /usr/lib/x86_64-linux-gnu/bind. After the fix named-checkconf succeeds.
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.11, major changes include:
CVE fixes:
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.11: https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-bind-9-18-11
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will show that there was a communication error with addresses it did not get a response from
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this also leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will again show that there was a communication error with addresses it did not get a response from and finish running through all addresses
Test for LP: #2006972 fix:
# lxc launch images:ubuntu/jammy test-bind9
# lxc exec test-bind9 bash
# apt update && apt dist-upgrade
# apt install bind9
# cat <<EOF >/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
listen-on-v6 { any; };
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
};
EOF
# named-checkconf
- Before the update this fails since named is looking for filter-aaaa.so in /usr/lib/x86_64-linux-gnu/named instead of the correct location /usr/lib/x86_64-linux-gnu/bind. After the fix named-checkconf succeeds.
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
|
2023-03-06 20:20:06 |
Lena Voytek |
summary |
MRE Updates 9.18.11 / 9.16.36 |
MRE Updates 9.18.12 / 9.16.36 |
|
2023-03-08 21:43:42 |
Lena Voytek |
description |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.11, major changes include:
CVE fixes:
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.11: https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-bind-9-18-11
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will show that there was a communication error with addresses it did not get a response from
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this also leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will again show that there was a communication error with addresses it did not get a response from and finish running through all addresses
Test for LP: #2006972 fix:
# lxc launch images:ubuntu/jammy test-bind9
# lxc exec test-bind9 bash
# apt update && apt dist-upgrade
# apt install bind9
# cat <<EOF >/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
listen-on-v6 { any; };
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
};
EOF
# named-checkconf
- Before the update this fails since named is looking for filter-aaaa.so in /usr/lib/x86_64-linux-gnu/named instead of the correct location /usr/lib/x86_64-linux-gnu/bind. After the fix named-checkconf succeeds.
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.11, major changes include:
CVE fixes:
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.11: https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-bind-9-18-11
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will show that there was a communication error with addresses it did not get a response from and finish running through all addresses
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this also leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will again show that there was a communication error with addresses it did not get a response from
Test for LP: #2006972 fix:
# lxc launch images:ubuntu/jammy test-bind9
# lxc exec test-bind9 bash
# apt update && apt dist-upgrade
# apt install bind9
# cat <<EOF >/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
listen-on-v6 { any; };
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
};
EOF
# named-checkconf
- Before the update this fails since named is looking for filter-aaaa.so in /usr/lib/x86_64-linux-gnu/named instead of the correct location /usr/lib/x86_64-linux-gnu/bind. After the fix named-checkconf succeeds.
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
|
2023-03-08 23:31:33 |
Lena Voytek |
bug task added |
|
bind-dyndb-ldap (Ubuntu) |
|
2023-03-08 23:32:00 |
Lena Voytek |
bind-dyndb-ldap (Ubuntu): status |
New |
Fix Released |
|
2023-03-08 23:32:03 |
Lena Voytek |
bind-dyndb-ldap (Ubuntu Kinetic): status |
New |
In Progress |
|
2023-03-08 23:32:06 |
Lena Voytek |
bind-dyndb-ldap (Ubuntu Jammy): status |
New |
In Progress |
|
2023-03-08 23:32:09 |
Lena Voytek |
bind-dyndb-ldap (Ubuntu Jammy): assignee |
|
Lena Voytek (lvoytek) |
|
2023-03-08 23:32:12 |
Lena Voytek |
bind-dyndb-ldap (Ubuntu Focal): assignee |
|
Lena Voytek (lvoytek) |
|
2023-03-08 23:32:15 |
Lena Voytek |
bind-dyndb-ldap (Ubuntu Kinetic): assignee |
|
Lena Voytek (lvoytek) |
|
2023-03-10 20:45:26 |
Sergio Durigan Junior |
bug |
|
|
added subscriber Sergio Durigan Junior |
2023-03-10 21:07:56 |
Lena Voytek |
description |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.11, major changes include:
CVE fixes:
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.11: https://bind9.readthedocs.io/en/v9_18_11/notes.html#notes-for-bind-9-18-11
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will show that there was a communication error with addresses it did not get a response from and finish running through all addresses
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this also leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will again show that there was a communication error with addresses it did not get a response from
Test for LP: #2006972 fix:
# lxc launch images:ubuntu/jammy test-bind9
# lxc exec test-bind9 bash
# apt update && apt dist-upgrade
# apt install bind9
# cat <<EOF >/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
listen-on-v6 { any; };
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
};
EOF
# named-checkconf
- Before the update this fails since named is looking for filter-aaaa.so in /usr/lib/x86_64-linux-gnu/named instead of the correct location /usr/lib/x86_64-linux-gnu/bind. After the fix named-checkconf succeeds.
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.12, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.12: https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will show that there was a communication error with addresses it did not get a response from and finish running through all addresses
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this also leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will again show that there was a communication error with addresses it did not get a response from
Test for LP: #2006972 fix:
# lxc launch images:ubuntu/jammy test-bind9
# lxc exec test-bind9 bash
# apt update && apt dist-upgrade
# apt install bind9
# cat <<EOF >/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
listen-on-v6 { any; };
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
};
EOF
# named-checkconf
- Before the update this fails since named is looking for filter-aaaa.so in /usr/lib/x86_64-linux-gnu/named instead of the correct location /usr/lib/x86_64-linux-gnu/bind. After the fix named-checkconf succeeds.
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
|
2023-03-10 22:06:46 |
Christopher Warner |
bug |
|
|
added subscriber Christopher Warner |
2023-03-13 21:31:35 |
Sergio Durigan Junior |
merge proposal linked |
|
https://code.launchpad.net/~lvoytek/ubuntu/+source/bind-dyndb-ldap/+git/bind-dyndb-ldap/+merge/438637 |
|
2023-03-13 21:32:45 |
Sergio Durigan Junior |
merge proposal linked |
|
https://code.launchpad.net/~lvoytek/ubuntu/+source/bind-dyndb-ldap/+git/bind-dyndb-ldap/+merge/438564 |
|
2023-03-16 06:05:38 |
Lázár Imre |
bug |
|
|
added subscriber Lázár Imre |
2023-03-17 16:39:38 |
Steve Langasek |
description |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.12, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.12: https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #1258003 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will show that there was a communication error with addresses it did not get a response from and finish running through all addresses
Test for LP: #1970252 fix:
# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig +nssearch isc.org
- Before the update this also leads to a crash ending in "Aborted (core dumped)" after failing to get a response from an ipv6 address while after it will again show that there was a communication error with addresses it did not get a response from
Test for LP: #2006972 fix:
# lxc launch images:ubuntu/jammy test-bind9
# lxc exec test-bind9 bash
# apt update && apt dist-upgrade
# apt install bind9
# cat <<EOF >/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
listen-on-v6 { any; };
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
};
EOF
# named-checkconf
- Before the update this fails since named is looking for filter-aaaa.so in /usr/lib/x86_64-linux-gnu/named instead of the correct location /usr/lib/x86_64-linux-gnu/bind. After the fix named-checkconf succeeds.
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.12, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.12: https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #2006972 fix:
# lxc launch images:ubuntu/jammy test-bind9
# lxc exec test-bind9 bash
# apt update && apt dist-upgrade
# apt install bind9
# cat <<EOF >/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
listen-on-v6 { any; };
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
};
EOF
# named-checkconf
- Before the update this fails since named is looking for filter-aaaa.so in /usr/lib/x86_64-linux-gnu/named instead of the correct location /usr/lib/x86_64-linux-gnu/bind. After the fix named-checkconf succeeds.
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
|
2023-03-17 16:42:31 |
Steve Langasek |
description |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.12, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.12: https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
Bug fix tests:
Test for LP: #2006972 fix:
# lxc launch images:ubuntu/jammy test-bind9
# lxc exec test-bind9 bash
# apt update && apt dist-upgrade
# apt install bind9
# cat <<EOF >/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation auto;
listen-on-v6 { any; };
};
plugin query "filter-aaaa.so" {
filter-aaaa-on-v4 yes;
};
EOF
# named-checkconf
- Before the update this fails since named is looking for filter-aaaa.so in /usr/lib/x86_64-linux-gnu/named instead of the correct location /usr/lib/x86_64-linux-gnu/bind. After the fix named-checkconf succeeds.
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.12, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.12: https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
|
2023-03-17 17:11:59 |
Steve Langasek |
bind9 (Ubuntu Kinetic): status |
In Progress |
Fix Committed |
|
2023-03-17 17:12:01 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2023-03-17 17:12:03 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
2023-03-17 17:12:08 |
Steve Langasek |
tags |
|
verification-needed verification-needed-kinetic |
|
2023-03-17 17:20:55 |
Steve Langasek |
bind9 (Ubuntu Jammy): status |
In Progress |
Fix Committed |
|
2023-03-17 17:21:03 |
Steve Langasek |
tags |
verification-needed verification-needed-kinetic |
verification-needed verification-needed-jammy verification-needed-kinetic |
|
2023-03-20 18:22:15 |
Simon Déziel |
tags |
verification-needed verification-needed-jammy verification-needed-kinetic |
verification-done-jammy verification-needed verification-needed-kinetic |
|
2023-03-22 23:05:23 |
Lena Voytek |
tags |
verification-done-jammy verification-needed verification-needed-kinetic |
verification-done verification-done-jammy verification-done-kinetic |
|
2023-03-24 12:58:40 |
Timo Aaltonen |
bind-dyndb-ldap (Ubuntu Kinetic): status |
In Progress |
Fix Committed |
|
2023-03-24 12:58:51 |
Timo Aaltonen |
tags |
verification-done verification-done-jammy verification-done-kinetic |
verification-done-jammy verification-needed verification-needed-kinetic |
|
2023-03-24 13:05:41 |
Timo Aaltonen |
bind-dyndb-ldap (Ubuntu Jammy): status |
In Progress |
Fix Committed |
|
2023-03-24 13:05:55 |
Timo Aaltonen |
tags |
verification-done-jammy verification-needed verification-needed-kinetic |
verification-needed verification-needed-jammy verification-needed-kinetic |
|
2023-03-24 20:09:46 |
Lena Voytek |
tags |
verification-needed verification-needed-jammy verification-needed-kinetic |
verification-done verification-done-jammy verification-done-kinetic |
|
2023-03-29 03:35:53 |
Launchpad Janitor |
bind9 (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
2023-03-29 03:35:53 |
Launchpad Janitor |
cve linked |
|
2022-1183 |
|
2023-03-29 03:35:53 |
Launchpad Janitor |
cve linked |
|
2022-2795 |
|
2023-03-29 03:35:53 |
Launchpad Janitor |
cve linked |
|
2022-2881 |
|
2023-03-29 03:35:53 |
Launchpad Janitor |
cve linked |
|
2022-2906 |
|
2023-03-29 03:35:53 |
Launchpad Janitor |
cve linked |
|
2022-3080 |
|
2023-03-29 03:35:53 |
Launchpad Janitor |
cve linked |
|
2022-3094 |
|
2023-03-29 03:35:53 |
Launchpad Janitor |
cve linked |
|
2022-3736 |
|
2023-03-29 03:35:53 |
Launchpad Janitor |
cve linked |
|
2022-38178 |
|
2023-03-29 03:35:53 |
Launchpad Janitor |
cve linked |
|
2022-3924 |
|
2023-03-29 03:36:28 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2023-03-29 03:37:10 |
Launchpad Janitor |
bind9 (Ubuntu Kinetic): status |
Fix Committed |
Fix Released |
|
2023-03-29 20:40:47 |
Lena Voytek |
description |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.12, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.12: https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.12, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.12: https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
For bind9 9.16.2-9.16.39, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2020-8616
CVE-2020-8617
CVE-2020-8618
CVE-2020-8619,
CVE-2020-8620
CVE-2020-8621
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624
CVE-2020-8625
CVE-2021-25214
CVE-2021-25215
CVE-2021-25219
CVE-2021-25220
CVE-2022-2795
CVE-2022-38177
CVE-2022-38178
CVE-2022-3094
Features:
update-quota option
parental-agents configuration option
stale-refresh-time configuration option
stale-cache-enable configuration option
purge-keys and nsec3param options in dnssec-policy
max-ixfr-ratio option
stale-answer-client-timeout option
rndc dnssec -rollover command
rndc dnssec -checkds command
rndc dnssec -status command
support for HTTPS and SVCB record types
support for parsing and validating the dohpath service parameter in SVCB
named -V shows supported cryptographic algorithms
documentation converted from DocBook to reStructuredText.
dig Extended DNS Error (EDE) display
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3398
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
https://gitlab.isc.org/isc-projects/bind9/-/issues/1897
https://gitlab.isc.org/isc-projects/bind9/-/issues/3132
https://gitlab.isc.org/isc-projects/bind9/-/issues/3147
https://gitlab.isc.org/isc-projects/bind9/-/issues/3095
https://gitlab.isc.org/isc-projects/bind9/-/issues/3060
https://gitlab.isc.org/isc-projects/bind9/-/issues/3125
https://gitlab.isc.org/isc-projects/bind9/-/issues/3111
https://gitlab.isc.org/isc-projects/bind9/-/issues/3051
https://gitlab.isc.org/isc-projects/bind9/-/issues/3049
https://gitlab.isc.org/isc-projects/bind9/-/issues/3071
https://gitlab.isc.org/isc-projects/bind9/-/issues/1608
https://gitlab.isc.org/isc-projects/bind9/-/issues/2308
https://gitlab.isc.org/isc-projects/bind9/-/issues/2911
https://gitlab.isc.org/isc-projects/bind9/-/issues/2852
https://gitlab.isc.org/isc-projects/bind9/-/issues/2872
https://gitlab.isc.org/isc-projects/bind9/-/issues/2878
https://gitlab.isc.org/isc-projects/bind9/-/issues/2837
https://gitlab.isc.org/isc-projects/bind9/-/issues/2665
https://gitlab.isc.org/isc-projects/bind9/-/issues/2857
https://gitlab.isc.org/isc-projects/bind9/-/issues/2844
https://gitlab.isc.org/isc-projects/bind9/-/issues/2756
https://gitlab.isc.org/isc-projects/bind9/-/issues/2686
https://gitlab.isc.org/isc-projects/bind9/-/issues/2759
https://gitlab.isc.org/isc-projects/bind9/-/issues/2758
https://gitlab.isc.org/isc-projects/bind9/-/issues/2725
https://gitlab.isc.org/isc-projects/bind9/-/issues/2780
https://gitlab.isc.org/isc-projects/bind9/-/issues/1875
https://gitlab.isc.org/isc-projects/bind9/-/issues/2783
https://gitlab.isc.org/isc-projects/bind9/-/issues/2786
https://gitlab.isc.org/isc-projects/bind9/-/issues/2779
https://gitlab.isc.org/isc-projects/bind9/-/issues/2778
https://gitlab.isc.org/isc-projects/bind9/-/issues/2685
https://gitlab.isc.org/isc-projects/bind9/-/issues/2733
https://gitlab.isc.org/isc-projects/bind9/-/issues/2731
https://gitlab.isc.org/isc-projects/bind9/-/issues/2746
https://gitlab.isc.org/isc-projects/bind9/-/issues/2463
https://gitlab.isc.org/isc-projects/bind9/-/issues/1875
https://gitlab.isc.org/isc-projects/bind9/-/issues/2670
https://gitlab.isc.org/isc-projects/bind9/-/issues/389
https://gitlab.isc.org/isc-projects/bind9/-/issues/2289
https://gitlab.isc.org/isc-projects/bind9/-/issues/2626
https://gitlab.isc.org/isc-projects/bind9/-/issues/2603
https://gitlab.isc.org/isc-projects/bind9/-/issues/2596
https://gitlab.isc.org/isc-projects/bind9/-/issues/2628
https://gitlab.isc.org/isc-projects/bind9/-/issues/2583
https://gitlab.isc.org/isc-projects/bind9/-/issues/2594
https://gitlab.isc.org/isc-projects/bind9/-/issues/2623
https://gitlab.isc.org/isc-projects/bind9/-/issues/2600
https://gitlab.isc.org/isc-projects/bind9/-/issues/2490
https://gitlab.isc.org/isc-projects/bind9/-/issues/2517
https://gitlab.isc.org/isc-projects/bind9/-/issues/2523
https://gitlab.isc.org/isc-projects/bind9/-/issues/2488
https://gitlab.isc.org/isc-projects/bind9/-/issues/2575
https://gitlab.isc.org/isc-projects/bind9/-/issues/2505
https://gitlab.isc.org/isc-projects/bind9/-/issues/2503
https://gitlab.isc.org/isc-projects/bind9/-/issues/2466
https://gitlab.isc.org/isc-projects/bind9/-/issues/2498
https://gitlab.isc.org/isc-projects/bind9/-/issues/2041
https://gitlab.isc.org/isc-projects/bind9/-/issues/2499
https://gitlab.isc.org/isc-projects/bind9/-/issues/2413
https://gitlab.isc.org/isc-projects/bind9/-/issues/2178
https://gitlab.isc.org/isc-projects/bind9/-/issues/2383
https://gitlab.isc.org/isc-projects/bind9/-/issues/2406
https://gitlab.isc.org/isc-projects/bind9/-/issues/2375
https://gitlab.isc.org/isc-projects/bind9/-/issues/2073
https://gitlab.isc.org/isc-projects/bind9/-/issues/2317
https://gitlab.isc.org/isc-projects/bind9/-/issues/2245
https://gitlab.isc.org/isc-projects/bind9/-/issues/2341
https://gitlab.isc.org/isc-projects/bind9/-/issues/2091
https://gitlab.isc.org/isc-projects/bind9/-/issues/2275
https://gitlab.isc.org/isc-projects/bind9/-/issues/2280
https://gitlab.isc.org/isc-projects/bind9/-/issues/2315
https://gitlab.isc.org/isc-projects/bind9/-/issues/2227
https://gitlab.isc.org/isc-projects/bind9/-/issues/2236
https://gitlab.isc.org/isc-projects/bind9/-/issues/2244
https://gitlab.isc.org/isc-projects/bind9/-/issues/1736
https://gitlab.isc.org/isc-projects/bind9/-/issues/2208
https://gitlab.isc.org/isc-projects/bind9/-/issues/2166
https://gitlab.isc.org/isc-projects/bind9/-/issues/2124
https://gitlab.isc.org/isc-projects/bind9/-/issues/2171
https://gitlab.isc.org/isc-projects/bind9/-/issues/2169
https://gitlab.isc.org/isc-projects/bind9/-/issues/2104
https://gitlab.isc.org/isc-projects/bind9/-/issues/1928
https://gitlab.isc.org/isc-projects/bind9/-/issues/1847
https://gitlab.isc.org/isc-projects/bind9/-/issues/2074
https://gitlab.isc.org/isc-projects/bind9/-/issues/1619
https://gitlab.isc.org/isc-projects/bind9/-/issues/2038
https://gitlab.isc.org/isc-projects/bind9/-/issues/1719
https://gitlab.isc.org/isc-projects/bind9/-/issues/1976
https://gitlab.isc.org/isc-projects/bind9/-/issues/1937
https://gitlab.isc.org/isc-projects/bind9/-/issues/1938
https://gitlab.isc.org/isc-projects/bind9/-/issues/1862
https://gitlab.isc.org/isc-projects/bind9/-/issues/1968
https://gitlab.isc.org/isc-projects/bind9/-/issues/1747
https://gitlab.isc.org/isc-projects/bind9/-/issues/1926
https://gitlab.isc.org/isc-projects/bind9/-/issues/1950
https://gitlab.isc.org/isc-projects/bind9/-/issues/1949
https://gitlab.isc.org/isc-projects/bind9/-/issues/1689
https://gitlab.isc.org/isc-projects/bind9/-/issues/1936
https://gitlab.isc.org/isc-projects/bind9/-/issues/1834
https://gitlab.isc.org/isc-projects/bind9/-/issues/1857
https://gitlab.isc.org/isc-projects/bind9/-/issues/1859
https://gitlab.isc.org/isc-projects/bind9/-/issues/1893
https://gitlab.isc.org/isc-projects/bind9/-/issues/1808
https://gitlab.isc.org/isc-projects/bind9/-/issues/1714
https://gitlab.isc.org/isc-projects/bind9/-/issues/1845
https://gitlab.isc.org/isc-projects/bind9/-/issues/1846
https://gitlab.isc.org/isc-projects/bind9/-/issues/1812
https://gitlab.isc.org/isc-projects/bind9/-/issues/1842
https://gitlab.isc.org/isc-projects/bind9/-/issues/1795
https://gitlab.isc.org/isc-projects/bind9/-/issues/1042
https://gitlab.isc.org/isc-projects/bind9/-/issues/1090
https://gitlab.isc.org/isc-projects/bind9/-/issues/1807
https://gitlab.isc.org/isc-projects/bind9/-/issues/1447
https://gitlab.isc.org/isc-projects/bind9/-/issues/1706
Full release notes for versions 9.16.2-9.16.37 (9.16.38, 9.16.39 not added):
https://bind9.readthedocs.io/en/v9_16_37/notes.html
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates.
In Focal, there were major changes in how documentation is handled too, requiring packaging updates to handle it. So regressions could arise here too. |
|
2023-03-29 22:18:40 |
Lena Voytek |
merge proposal linked |
|
https://code.launchpad.net/~lvoytek/ubuntu/+source/bind9/+git/bind9/+merge/439956 |
|
2023-03-29 22:27:52 |
Lena Voytek |
bug task deleted |
bind-dyndb-ldap (Ubuntu Focal) |
|
|
2023-03-29 22:28:35 |
Lena Voytek |
bind9 (Ubuntu Focal): status |
New |
In Progress |
|
2023-03-30 20:18:50 |
Lena Voytek |
summary |
MRE Updates 9.18.12 / 9.16.36 |
MRE Updates 9.18.12 / 9.16.39 |
|
2023-03-30 20:19:20 |
Lena Voytek |
description |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.36
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.12, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.12: https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
For bind9 9.16.2-9.16.39, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2020-8616
CVE-2020-8617
CVE-2020-8618
CVE-2020-8619,
CVE-2020-8620
CVE-2020-8621
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624
CVE-2020-8625
CVE-2021-25214
CVE-2021-25215
CVE-2021-25219
CVE-2021-25220
CVE-2022-2795
CVE-2022-38177
CVE-2022-38178
CVE-2022-3094
Features:
update-quota option
parental-agents configuration option
stale-refresh-time configuration option
stale-cache-enable configuration option
purge-keys and nsec3param options in dnssec-policy
max-ixfr-ratio option
stale-answer-client-timeout option
rndc dnssec -rollover command
rndc dnssec -checkds command
rndc dnssec -status command
support for HTTPS and SVCB record types
support for parsing and validating the dohpath service parameter in SVCB
named -V shows supported cryptographic algorithms
documentation converted from DocBook to reStructuredText.
dig Extended DNS Error (EDE) display
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3398
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
https://gitlab.isc.org/isc-projects/bind9/-/issues/1897
https://gitlab.isc.org/isc-projects/bind9/-/issues/3132
https://gitlab.isc.org/isc-projects/bind9/-/issues/3147
https://gitlab.isc.org/isc-projects/bind9/-/issues/3095
https://gitlab.isc.org/isc-projects/bind9/-/issues/3060
https://gitlab.isc.org/isc-projects/bind9/-/issues/3125
https://gitlab.isc.org/isc-projects/bind9/-/issues/3111
https://gitlab.isc.org/isc-projects/bind9/-/issues/3051
https://gitlab.isc.org/isc-projects/bind9/-/issues/3049
https://gitlab.isc.org/isc-projects/bind9/-/issues/3071
https://gitlab.isc.org/isc-projects/bind9/-/issues/1608
https://gitlab.isc.org/isc-projects/bind9/-/issues/2308
https://gitlab.isc.org/isc-projects/bind9/-/issues/2911
https://gitlab.isc.org/isc-projects/bind9/-/issues/2852
https://gitlab.isc.org/isc-projects/bind9/-/issues/2872
https://gitlab.isc.org/isc-projects/bind9/-/issues/2878
https://gitlab.isc.org/isc-projects/bind9/-/issues/2837
https://gitlab.isc.org/isc-projects/bind9/-/issues/2665
https://gitlab.isc.org/isc-projects/bind9/-/issues/2857
https://gitlab.isc.org/isc-projects/bind9/-/issues/2844
https://gitlab.isc.org/isc-projects/bind9/-/issues/2756
https://gitlab.isc.org/isc-projects/bind9/-/issues/2686
https://gitlab.isc.org/isc-projects/bind9/-/issues/2759
https://gitlab.isc.org/isc-projects/bind9/-/issues/2758
https://gitlab.isc.org/isc-projects/bind9/-/issues/2725
https://gitlab.isc.org/isc-projects/bind9/-/issues/2780
https://gitlab.isc.org/isc-projects/bind9/-/issues/1875
https://gitlab.isc.org/isc-projects/bind9/-/issues/2783
https://gitlab.isc.org/isc-projects/bind9/-/issues/2786
https://gitlab.isc.org/isc-projects/bind9/-/issues/2779
https://gitlab.isc.org/isc-projects/bind9/-/issues/2778
https://gitlab.isc.org/isc-projects/bind9/-/issues/2685
https://gitlab.isc.org/isc-projects/bind9/-/issues/2733
https://gitlab.isc.org/isc-projects/bind9/-/issues/2731
https://gitlab.isc.org/isc-projects/bind9/-/issues/2746
https://gitlab.isc.org/isc-projects/bind9/-/issues/2463
https://gitlab.isc.org/isc-projects/bind9/-/issues/1875
https://gitlab.isc.org/isc-projects/bind9/-/issues/2670
https://gitlab.isc.org/isc-projects/bind9/-/issues/389
https://gitlab.isc.org/isc-projects/bind9/-/issues/2289
https://gitlab.isc.org/isc-projects/bind9/-/issues/2626
https://gitlab.isc.org/isc-projects/bind9/-/issues/2603
https://gitlab.isc.org/isc-projects/bind9/-/issues/2596
https://gitlab.isc.org/isc-projects/bind9/-/issues/2628
https://gitlab.isc.org/isc-projects/bind9/-/issues/2583
https://gitlab.isc.org/isc-projects/bind9/-/issues/2594
https://gitlab.isc.org/isc-projects/bind9/-/issues/2623
https://gitlab.isc.org/isc-projects/bind9/-/issues/2600
https://gitlab.isc.org/isc-projects/bind9/-/issues/2490
https://gitlab.isc.org/isc-projects/bind9/-/issues/2517
https://gitlab.isc.org/isc-projects/bind9/-/issues/2523
https://gitlab.isc.org/isc-projects/bind9/-/issues/2488
https://gitlab.isc.org/isc-projects/bind9/-/issues/2575
https://gitlab.isc.org/isc-projects/bind9/-/issues/2505
https://gitlab.isc.org/isc-projects/bind9/-/issues/2503
https://gitlab.isc.org/isc-projects/bind9/-/issues/2466
https://gitlab.isc.org/isc-projects/bind9/-/issues/2498
https://gitlab.isc.org/isc-projects/bind9/-/issues/2041
https://gitlab.isc.org/isc-projects/bind9/-/issues/2499
https://gitlab.isc.org/isc-projects/bind9/-/issues/2413
https://gitlab.isc.org/isc-projects/bind9/-/issues/2178
https://gitlab.isc.org/isc-projects/bind9/-/issues/2383
https://gitlab.isc.org/isc-projects/bind9/-/issues/2406
https://gitlab.isc.org/isc-projects/bind9/-/issues/2375
https://gitlab.isc.org/isc-projects/bind9/-/issues/2073
https://gitlab.isc.org/isc-projects/bind9/-/issues/2317
https://gitlab.isc.org/isc-projects/bind9/-/issues/2245
https://gitlab.isc.org/isc-projects/bind9/-/issues/2341
https://gitlab.isc.org/isc-projects/bind9/-/issues/2091
https://gitlab.isc.org/isc-projects/bind9/-/issues/2275
https://gitlab.isc.org/isc-projects/bind9/-/issues/2280
https://gitlab.isc.org/isc-projects/bind9/-/issues/2315
https://gitlab.isc.org/isc-projects/bind9/-/issues/2227
https://gitlab.isc.org/isc-projects/bind9/-/issues/2236
https://gitlab.isc.org/isc-projects/bind9/-/issues/2244
https://gitlab.isc.org/isc-projects/bind9/-/issues/1736
https://gitlab.isc.org/isc-projects/bind9/-/issues/2208
https://gitlab.isc.org/isc-projects/bind9/-/issues/2166
https://gitlab.isc.org/isc-projects/bind9/-/issues/2124
https://gitlab.isc.org/isc-projects/bind9/-/issues/2171
https://gitlab.isc.org/isc-projects/bind9/-/issues/2169
https://gitlab.isc.org/isc-projects/bind9/-/issues/2104
https://gitlab.isc.org/isc-projects/bind9/-/issues/1928
https://gitlab.isc.org/isc-projects/bind9/-/issues/1847
https://gitlab.isc.org/isc-projects/bind9/-/issues/2074
https://gitlab.isc.org/isc-projects/bind9/-/issues/1619
https://gitlab.isc.org/isc-projects/bind9/-/issues/2038
https://gitlab.isc.org/isc-projects/bind9/-/issues/1719
https://gitlab.isc.org/isc-projects/bind9/-/issues/1976
https://gitlab.isc.org/isc-projects/bind9/-/issues/1937
https://gitlab.isc.org/isc-projects/bind9/-/issues/1938
https://gitlab.isc.org/isc-projects/bind9/-/issues/1862
https://gitlab.isc.org/isc-projects/bind9/-/issues/1968
https://gitlab.isc.org/isc-projects/bind9/-/issues/1747
https://gitlab.isc.org/isc-projects/bind9/-/issues/1926
https://gitlab.isc.org/isc-projects/bind9/-/issues/1950
https://gitlab.isc.org/isc-projects/bind9/-/issues/1949
https://gitlab.isc.org/isc-projects/bind9/-/issues/1689
https://gitlab.isc.org/isc-projects/bind9/-/issues/1936
https://gitlab.isc.org/isc-projects/bind9/-/issues/1834
https://gitlab.isc.org/isc-projects/bind9/-/issues/1857
https://gitlab.isc.org/isc-projects/bind9/-/issues/1859
https://gitlab.isc.org/isc-projects/bind9/-/issues/1893
https://gitlab.isc.org/isc-projects/bind9/-/issues/1808
https://gitlab.isc.org/isc-projects/bind9/-/issues/1714
https://gitlab.isc.org/isc-projects/bind9/-/issues/1845
https://gitlab.isc.org/isc-projects/bind9/-/issues/1846
https://gitlab.isc.org/isc-projects/bind9/-/issues/1812
https://gitlab.isc.org/isc-projects/bind9/-/issues/1842
https://gitlab.isc.org/isc-projects/bind9/-/issues/1795
https://gitlab.isc.org/isc-projects/bind9/-/issues/1042
https://gitlab.isc.org/isc-projects/bind9/-/issues/1090
https://gitlab.isc.org/isc-projects/bind9/-/issues/1807
https://gitlab.isc.org/isc-projects/bind9/-/issues/1447
https://gitlab.isc.org/isc-projects/bind9/-/issues/1706
Full release notes for versions 9.16.2-9.16.37 (9.16.38, 9.16.39 not added):
https://bind9.readthedocs.io/en/v9_16_37/notes.html
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates.
In Focal, there were major changes in how documentation is handled too, requiring packaging updates to handle it. So regressions could arise here too. |
This bug tracks an update for the bind9 package, moving to versions:
* Kinetic (22.10): bind9 9.18.12
* Jammy (22.04): bind9 9.18.12
* Focal (20.04): bind9 9.16.39
These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.
[Upstream changes]
For bind9 9.18.2-9.18.12, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2022-1183
CVE-2022-2795
CVE-2022-2881
CVE-2022-2906
CVE-2022-3080
CVE-2022-38178
CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
Features:
update-quota option
named -V shows supported cryptographic algorithms
Additional info given for recursion not available and query (cache) '...' denied outputs
Jammy only (Kinetic already has these):
Catalog Zones schema version 2 support in named
DNS error support Stale Answer and Stale NXDOMAIN Answer
remote TLS certificate verification support
reusereport option
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3178
https://gitlab.isc.org/isc-projects/bind9/-/issues/3636
https://gitlab.isc.org/isc-projects/bind9/-/issues/3772
https://gitlab.isc.org/isc-projects/bind9/-/issues/3752
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3637
https://gitlab.isc.org/isc-projects/bind9/-/issues/3739
https://gitlab.isc.org/isc-projects/bind9/-/issues/3743
https://gitlab.isc.org/isc-projects/bind9/-/issues/3725
https://gitlab.isc.org/isc-projects/bind9/-/issues/3693
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3638
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3721
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3627
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3542
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3439
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3402
https://gitlab.isc.org/isc-projects/bind9/-/issues/3152
https://gitlab.isc.org/isc-projects/bind9/-/issues/3415
https://gitlab.isc.org/isc-projects/bind9/-/issues/2506
Jammy only:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3242
https://gitlab.isc.org/isc-projects/bind9/-/issues/3020
https://gitlab.isc.org/isc-projects/bind9/-/issues/3128
https://gitlab.isc.org/isc-projects/bind9/-/issues/3145
https://gitlab.isc.org/isc-projects/bind9/-/issues/3184
https://gitlab.isc.org/isc-projects/bind9/-/issues/3205
https://gitlab.isc.org/isc-projects/bind9/-/issues/3244
https://gitlab.isc.org/isc-projects/bind9/-/issues/3248
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
This will also fix bugs LP: #1258003, LP: #1970252, and LP: #2006972
Full release notes for versions 9.18.2-9.18.12: https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
For bind9 9.16.2-9.16.39, major changes include:
CVE fixes (These already existed as patches but are now included as part of upstream):
CVE-2020-8616
CVE-2020-8617
CVE-2020-8618
CVE-2020-8619,
CVE-2020-8620
CVE-2020-8621
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624
CVE-2020-8625
CVE-2021-25214
CVE-2021-25215
CVE-2021-25219
CVE-2021-25220
CVE-2022-2795
CVE-2022-38177
CVE-2022-38178
CVE-2022-3094
Features:
update-quota option
parental-agents configuration option
stale-refresh-time configuration option
stale-cache-enable configuration option
purge-keys and nsec3param options in dnssec-policy
max-ixfr-ratio option
stale-answer-client-timeout option
rndc dnssec -rollover command
rndc dnssec -checkds command
rndc dnssec -status command
support for HTTPS and SVCB record types
support for parsing and validating the dohpath service parameter in SVCB
named -V shows supported cryptographic algorithms
documentation converted from DocBook to reStructuredText.
dig Extended DNS Error (EDE) display
Bug Fixes:
https://gitlab.isc.org/isc-projects/bind9/-/issues/3678
https://gitlab.isc.org/isc-projects/bind9/-/issues/3683
https://gitlab.isc.org/isc-projects/bind9/-/issues/3727
https://gitlab.isc.org/isc-projects/bind9/-/issues/3183
https://gitlab.isc.org/isc-projects/bind9/-/issues/3707
https://gitlab.isc.org/isc-projects/bind9/-/issues/3591
https://gitlab.isc.org/isc-projects/bind9/-/issues/3598
https://gitlab.isc.org/isc-projects/bind9/-/issues/3247
https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
https://gitlab.isc.org/isc-projects/bind9/-/issues/3584
https://gitlab.isc.org/isc-projects/bind9/-/issues/3563
https://gitlab.isc.org/isc-projects/bind9/-/issues/3603
https://gitlab.isc.org/isc-projects/bind9/-/issues/3557
https://gitlab.isc.org/isc-projects/bind9/-/issues/2982
https://gitlab.isc.org/isc-projects/bind9/-/issues/3438
https://gitlab.isc.org/isc-projects/bind9/-/issues/2918
https://gitlab.isc.org/isc-projects/bind9/-/issues/3462
https://gitlab.isc.org/isc-projects/bind9/-/issues/3400
https://gitlab.isc.org/isc-projects/bind9/-/issues/3398
https://gitlab.isc.org/isc-projects/bind9/-/issues/3327
https://gitlab.isc.org/isc-projects/bind9/-/issues/3380
https://gitlab.isc.org/isc-projects/bind9/-/issues/3302
https://gitlab.isc.org/isc-projects/bind9/-/issues/2931
https://gitlab.isc.org/isc-projects/bind9/-/issues/3142
https://gitlab.isc.org/isc-projects/bind9/-/issues/3200
https://gitlab.isc.org/isc-projects/bind9/-/issues/1897
https://gitlab.isc.org/isc-projects/bind9/-/issues/3132
https://gitlab.isc.org/isc-projects/bind9/-/issues/3147
https://gitlab.isc.org/isc-projects/bind9/-/issues/3095
https://gitlab.isc.org/isc-projects/bind9/-/issues/3060
https://gitlab.isc.org/isc-projects/bind9/-/issues/3125
https://gitlab.isc.org/isc-projects/bind9/-/issues/3111
https://gitlab.isc.org/isc-projects/bind9/-/issues/3051
https://gitlab.isc.org/isc-projects/bind9/-/issues/3049
https://gitlab.isc.org/isc-projects/bind9/-/issues/3071
https://gitlab.isc.org/isc-projects/bind9/-/issues/1608
https://gitlab.isc.org/isc-projects/bind9/-/issues/2308
https://gitlab.isc.org/isc-projects/bind9/-/issues/2911
https://gitlab.isc.org/isc-projects/bind9/-/issues/2852
https://gitlab.isc.org/isc-projects/bind9/-/issues/2872
https://gitlab.isc.org/isc-projects/bind9/-/issues/2878
https://gitlab.isc.org/isc-projects/bind9/-/issues/2837
https://gitlab.isc.org/isc-projects/bind9/-/issues/2665
https://gitlab.isc.org/isc-projects/bind9/-/issues/2857
https://gitlab.isc.org/isc-projects/bind9/-/issues/2844
https://gitlab.isc.org/isc-projects/bind9/-/issues/2756
https://gitlab.isc.org/isc-projects/bind9/-/issues/2686
https://gitlab.isc.org/isc-projects/bind9/-/issues/2759
https://gitlab.isc.org/isc-projects/bind9/-/issues/2758
https://gitlab.isc.org/isc-projects/bind9/-/issues/2725
https://gitlab.isc.org/isc-projects/bind9/-/issues/2780
https://gitlab.isc.org/isc-projects/bind9/-/issues/1875
https://gitlab.isc.org/isc-projects/bind9/-/issues/2783
https://gitlab.isc.org/isc-projects/bind9/-/issues/2786
https://gitlab.isc.org/isc-projects/bind9/-/issues/2779
https://gitlab.isc.org/isc-projects/bind9/-/issues/2778
https://gitlab.isc.org/isc-projects/bind9/-/issues/2685
https://gitlab.isc.org/isc-projects/bind9/-/issues/2733
https://gitlab.isc.org/isc-projects/bind9/-/issues/2731
https://gitlab.isc.org/isc-projects/bind9/-/issues/2746
https://gitlab.isc.org/isc-projects/bind9/-/issues/2463
https://gitlab.isc.org/isc-projects/bind9/-/issues/1875
https://gitlab.isc.org/isc-projects/bind9/-/issues/2670
https://gitlab.isc.org/isc-projects/bind9/-/issues/389
https://gitlab.isc.org/isc-projects/bind9/-/issues/2289
https://gitlab.isc.org/isc-projects/bind9/-/issues/2626
https://gitlab.isc.org/isc-projects/bind9/-/issues/2603
https://gitlab.isc.org/isc-projects/bind9/-/issues/2596
https://gitlab.isc.org/isc-projects/bind9/-/issues/2628
https://gitlab.isc.org/isc-projects/bind9/-/issues/2583
https://gitlab.isc.org/isc-projects/bind9/-/issues/2594
https://gitlab.isc.org/isc-projects/bind9/-/issues/2623
https://gitlab.isc.org/isc-projects/bind9/-/issues/2600
https://gitlab.isc.org/isc-projects/bind9/-/issues/2490
https://gitlab.isc.org/isc-projects/bind9/-/issues/2517
https://gitlab.isc.org/isc-projects/bind9/-/issues/2523
https://gitlab.isc.org/isc-projects/bind9/-/issues/2488
https://gitlab.isc.org/isc-projects/bind9/-/issues/2575
https://gitlab.isc.org/isc-projects/bind9/-/issues/2505
https://gitlab.isc.org/isc-projects/bind9/-/issues/2503
https://gitlab.isc.org/isc-projects/bind9/-/issues/2466
https://gitlab.isc.org/isc-projects/bind9/-/issues/2498
https://gitlab.isc.org/isc-projects/bind9/-/issues/2041
https://gitlab.isc.org/isc-projects/bind9/-/issues/2499
https://gitlab.isc.org/isc-projects/bind9/-/issues/2413
https://gitlab.isc.org/isc-projects/bind9/-/issues/2178
https://gitlab.isc.org/isc-projects/bind9/-/issues/2383
https://gitlab.isc.org/isc-projects/bind9/-/issues/2406
https://gitlab.isc.org/isc-projects/bind9/-/issues/2375
https://gitlab.isc.org/isc-projects/bind9/-/issues/2073
https://gitlab.isc.org/isc-projects/bind9/-/issues/2317
https://gitlab.isc.org/isc-projects/bind9/-/issues/2245
https://gitlab.isc.org/isc-projects/bind9/-/issues/2341
https://gitlab.isc.org/isc-projects/bind9/-/issues/2091
https://gitlab.isc.org/isc-projects/bind9/-/issues/2275
https://gitlab.isc.org/isc-projects/bind9/-/issues/2280
https://gitlab.isc.org/isc-projects/bind9/-/issues/2315
https://gitlab.isc.org/isc-projects/bind9/-/issues/2227
https://gitlab.isc.org/isc-projects/bind9/-/issues/2236
https://gitlab.isc.org/isc-projects/bind9/-/issues/2244
https://gitlab.isc.org/isc-projects/bind9/-/issues/1736
https://gitlab.isc.org/isc-projects/bind9/-/issues/2208
https://gitlab.isc.org/isc-projects/bind9/-/issues/2166
https://gitlab.isc.org/isc-projects/bind9/-/issues/2124
https://gitlab.isc.org/isc-projects/bind9/-/issues/2171
https://gitlab.isc.org/isc-projects/bind9/-/issues/2169
https://gitlab.isc.org/isc-projects/bind9/-/issues/2104
https://gitlab.isc.org/isc-projects/bind9/-/issues/1928
https://gitlab.isc.org/isc-projects/bind9/-/issues/1847
https://gitlab.isc.org/isc-projects/bind9/-/issues/2074
https://gitlab.isc.org/isc-projects/bind9/-/issues/1619
https://gitlab.isc.org/isc-projects/bind9/-/issues/2038
https://gitlab.isc.org/isc-projects/bind9/-/issues/1719
https://gitlab.isc.org/isc-projects/bind9/-/issues/1976
https://gitlab.isc.org/isc-projects/bind9/-/issues/1937
https://gitlab.isc.org/isc-projects/bind9/-/issues/1938
https://gitlab.isc.org/isc-projects/bind9/-/issues/1862
https://gitlab.isc.org/isc-projects/bind9/-/issues/1968
https://gitlab.isc.org/isc-projects/bind9/-/issues/1747
https://gitlab.isc.org/isc-projects/bind9/-/issues/1926
https://gitlab.isc.org/isc-projects/bind9/-/issues/1950
https://gitlab.isc.org/isc-projects/bind9/-/issues/1949
https://gitlab.isc.org/isc-projects/bind9/-/issues/1689
https://gitlab.isc.org/isc-projects/bind9/-/issues/1936
https://gitlab.isc.org/isc-projects/bind9/-/issues/1834
https://gitlab.isc.org/isc-projects/bind9/-/issues/1857
https://gitlab.isc.org/isc-projects/bind9/-/issues/1859
https://gitlab.isc.org/isc-projects/bind9/-/issues/1893
https://gitlab.isc.org/isc-projects/bind9/-/issues/1808
https://gitlab.isc.org/isc-projects/bind9/-/issues/1714
https://gitlab.isc.org/isc-projects/bind9/-/issues/1845
https://gitlab.isc.org/isc-projects/bind9/-/issues/1846
https://gitlab.isc.org/isc-projects/bind9/-/issues/1812
https://gitlab.isc.org/isc-projects/bind9/-/issues/1842
https://gitlab.isc.org/isc-projects/bind9/-/issues/1795
https://gitlab.isc.org/isc-projects/bind9/-/issues/1042
https://gitlab.isc.org/isc-projects/bind9/-/issues/1090
https://gitlab.isc.org/isc-projects/bind9/-/issues/1807
https://gitlab.isc.org/isc-projects/bind9/-/issues/1447
https://gitlab.isc.org/isc-projects/bind9/-/issues/1706
Full release notes for versions 9.16.2-9.16.37 (9.16.38, 9.16.39 not added):
https://bind9.readthedocs.io/en/v9_16_37/notes.html
[Test Plan]
DEP-8 Tests:
simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9
zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up
validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall
[Regression Potential]
Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates.
In Focal, there were major changes in how documentation is handled too, requiring packaging updates to handle it. So regressions could arise here too. |
|
2023-04-06 15:21:38 |
Andreas Hasenack |
tags |
verification-done verification-done-jammy verification-done-kinetic |
verification-done verification-needed-jammy verification-needed-kinetic |
|
2023-04-10 22:38:17 |
Lena Voytek |
tags |
verification-done verification-needed-jammy verification-needed-kinetic |
verification-done verification-done-jammy verification-done-kinetic |
|
2023-04-13 12:54:16 |
Launchpad Janitor |
bind-dyndb-ldap (Ubuntu Kinetic): status |
Fix Committed |
Fix Released |
|
2023-04-13 12:54:55 |
Launchpad Janitor |
bind-dyndb-ldap (Ubuntu Jammy): status |
Fix Committed |
Fix Released |
|
2024-04-09 20:41:45 |
Lena Voytek |
bind9 (Ubuntu Focal): status |
In Progress |
Fix Released |
|