Hello Bryce, or anyone else affected, Accepted bind-dyndb-ldap into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind-dyndb- ldap/11.10-6ubuntu5.23.10.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-mantic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: bind-dyndb-ldap (Ubuntu Mantic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of FreeIPA, which is subscribed to bind-dyndb-ldap in Ubuntu. https://bugs.launchpad.net/bugs/2040459 Title: MRE updates of bind9 for noble Status in bind-dyndb-ldap package in Ubuntu: Fix Released Status in bind9 package in Ubuntu: Fix Released Status in bind-dyndb-ldap source package in Jammy: In Progress Status in bind9 source package in Jammy: Fix Committed Status in bind-dyndb-ldap source package in Mantic: Fix Committed Status in bind9 source package in Mantic: Fix Committed Status in bind-dyndb-ldap source package in Noble: Fix Released Status in bind9 source package in Noble: Fix Released Bug description: This bug tracks an update for the bind9 package, moving to versions: * Mantic (23.10): bind9 9.18.24 * Jammy (22.04): bind9 9.18.24 These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates. [Upstream changes] Changes from 9.18.18 - 9.18.24 include: CVE fixes (These already existed as patches but are now included as part of upstream): CVE-2023-3341 CVE-2023-4236 CVE-2023-4408 CVE-2023-5517 CVE-2023-5679 CVE-2023-50387 CVE-2023-50868 Deprecations: Use of AES as the DNS COOKIE algorithm resolver-nonbackoff-tries and resolver-retry-interval statements dnssec-must-be-secure option Updates: Update IP addresses for B.ROOT-SERVERS.NET to 170.247.170.2 and 2801:1b8:10::b. Honor nsupdate -v option for SOA queries by sending both the UPDATE request and the initial query over TCP. Reduce memory consumption through dedicated jemalloc memory arenas. Bug fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/4467 - Fix accidental truncation to 32 bit of statistics channel counters. https://gitlab.isc.org/isc-projects/bind9/-/issues/4350 - Do not schedule unsigned versions of inline-signed zones containing DNSSEC records for resigning. https://gitlab.isc.org/isc-projects/bind9/-/issues/4355 - Take local authoritive data into account when looking up stale data from the cache. https://gitlab.isc.org/isc-projects/bind9/-/issues/4386 - Fix assertion failure when lock-file used at the same time as named -X. https://gitlab.isc.org/isc-projects/bind9/-/issues/4387 - Fix lockfile removal issue when starting named 3+ times. https://gitlab.isc.org/isc-projects/bind9/-/issues/4124 - Fix validation of If-Modified-Since header in statistics channel for its length. https://gitlab.isc.org/isc-projects/bind9/-/issues/4125 - Add Content-Length header bounds check to avoid integer overflow. https://gitlab.isc.org/isc-projects/bind9/-/issues/4159 - Fix memory leaks from OpenSSL error stack. https://gitlab.isc.org/isc-projects/bind9/-/issues/4280 - Fix SERVFAIL responses after introduction of krb5-subdomain-self-rhs and ms-subdomain-self-rhs UPDATE policies. https://gitlab.isc.org/isc-projects/bind9/-/issues/4278 - Fix accidental disable of stale-refresh-time feature on rndc flush. https://gitlab.isc.org/isc-projects/bind9/-/issues/4255 - Fix possible DNS message corruption from partial writes in TLS DNS. Full release notes available here - https://bind9.readthedocs.io/en/v9.18.24/notes.html [Test Plan] DEP-8 Tests: simpletest - Confirms bind9 daemon starts successfully and dig can find 127.0.0.1 through the default setup of bind9 zonetest - Added in this update, currently in lunar. Confirms the functionality of named and bind9 by creating a local DNS zone and domain, and having dig look it up dyndb-ldap - Verifies functionality of bind-dyndb-ldap against the updated bind9 package with a basic setup. This also fails intentionally prior to bind-dyndb-ldap being rebuilt against the package, as this is a necessary step for bind9 updates. validation - This test is provided by Debian and consistently fails both before and after the update due to several issues. It is marked as flaky, and does not block autopkgtest passing overall [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations. Alternatively, regressions may arise for users due to behavior changes from the many bug fixes and minor feature updates. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind-dyndb-ldap/+bug/2040459/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp
