[ubuntu/jammy-proposed] bind9 1:9.18.18-0ubuntu0.22.04.1 (Accepted)

Lena Voytek lena.voytek at canonical.com
Fri Sep 29 20:35:31 UTC 2023 

bind9 (1:9.18.18-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release 9.18.18 (LP: #2028413)
    - Updates:
      + Mark a primary server as temporarily unreachable when a TCP connection
        response to an SOA query times out, matching behavior of a refused TCP
        connection.
      + Mark dialup and heartbeat-interval options as deprecated.
      + Retry DNS queries without an EDNS COOKIE when the first response is
        FORMERR with the EDNS COOKIE that was sent originally.
      + Use NS records for the relaxed QNAME minimization mode to reduce the
        number of queries from named.
      + Mark TKEY mode 2 as deprecated.
      + Mark delegation-only and root-delegation-only as deprecated.
      + Run RPZ and catalog zone updates on specialized offload threads to
        reduce blocked query processing time.
    - Bug Fixes:
      + Fix assertion failure from processing already-queued queries while
        server is being reconfigured or cache is being flushed.
      + Fix failure to load zones containing resource records with a TTL value
        larger than 86400 seconds when dnssec-policy is set to insecure.
      + Fix the ability to read HMAC-MD5 key files (LP: #2015176).
      + Fix stability issues with the catalog zone implementation.
      + Fix bind9 getting stuck when listen-on statement for HTTP is removed
        from configuration.
      + Do not return delegation from cache after stale-answer-client-timeout.
      + Fix failure to auto-tune clients-per-query limit in some situations.
      + Fix proper timeouts when using max-transfer-time-in and
        max-transfer-idle-in statements.
      + Bring rndc read timeout back to 60 seconds from 30.
      + Treat libuv returning ISC_R_INVALIDPROTO as a network error.
      + Clean up empty-non-terminal NSEC3 records.
      + Fix log file rotation cleanup for absolute file path destinations.
      + Fix various catalog zone processing crashes.
      + Fix transfer hang when downloading large zones over TLS.
      + Fix named crash when adding a new zone into the configuration file for
        a name which was already configured as member zone for a catalog zone.
      + Delay DNSSEC key queries until all zones have finished loading.
    - See https://bind9.readthedocs.io/en/v9.18.18/notes.html for additional
      information.
  * d/p/CVE-2023-2828.patch, CVE-2023-2911.patch: Remove - fixed upstream in
    9.18.16.
  * d/p/CVE-2023-3341.patch: Refresh, matching upstream, to apply in 9.18.18.
  * d/t/control, d/t/dyndb-ldap: add DEP8 test (LP: #2032650)

Date: Wed, 20 Sep 2023 15:15:41 -0700
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Andreas Hasenack <andreas at canonical.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.18.18-0ubuntu0.22.04.1
-------------- next part --------------
Format: 1.8
Date: Wed, 20 Sep 2023 15:15:41 -0700
Source: bind9
Built-For-Profiles: noudeb
Architecture: source
Version: 1:9.18.18-0ubuntu0.22.04.1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Launchpad-Bugs-Fixed: 2015176 2028413 2032650
Changes:
 bind9 (1:9.18.18-0ubuntu0.22.04.1) jammy; urgency=medium
 .
   * New upstream release 9.18.18 (LP: #2028413)
     - Updates:
       + Mark a primary server as temporarily unreachable when a TCP connection
         response to an SOA query times out, matching behavior of a refused TCP
         connection.
       + Mark dialup and heartbeat-interval options as deprecated.
       + Retry DNS queries without an EDNS COOKIE when the first response is
         FORMERR with the EDNS COOKIE that was sent originally.
       + Use NS records for the relaxed QNAME minimization mode to reduce the
         number of queries from named.
       + Mark TKEY mode 2 as deprecated.
       + Mark delegation-only and root-delegation-only as deprecated.
       + Run RPZ and catalog zone updates on specialized offload threads to
         reduce blocked query processing time.
     - Bug Fixes:
       + Fix assertion failure from processing already-queued queries while
         server is being reconfigured or cache is being flushed.
       + Fix failure to load zones containing resource records with a TTL value
         larger than 86400 seconds when dnssec-policy is set to insecure.
       + Fix the ability to read HMAC-MD5 key files (LP: #2015176).
       + Fix stability issues with the catalog zone implementation.
       + Fix bind9 getting stuck when listen-on statement for HTTP is removed
         from configuration.
       + Do not return delegation from cache after stale-answer-client-timeout.
       + Fix failure to auto-tune clients-per-query limit in some situations.
       + Fix proper timeouts when using max-transfer-time-in and
         max-transfer-idle-in statements.
       + Bring rndc read timeout back to 60 seconds from 30.
       + Treat libuv returning ISC_R_INVALIDPROTO as a network error.
       + Clean up empty-non-terminal NSEC3 records.
       + Fix log file rotation cleanup for absolute file path destinations.
       + Fix various catalog zone processing crashes.
       + Fix transfer hang when downloading large zones over TLS.
       + Fix named crash when adding a new zone into the configuration file for
         a name which was already configured as member zone for a catalog zone.
       + Delay DNSSEC key queries until all zones have finished loading.
     - See https://bind9.readthedocs.io/en/v9.18.18/notes.html for additional
       information.
   * d/p/CVE-2023-2828.patch, CVE-2023-2911.patch: Remove - fixed upstream in
     9.18.16.
   * d/p/CVE-2023-3341.patch: Refresh, matching upstream, to apply in 9.18.18.
   * d/t/control, d/t/dyndb-ldap: add DEP8 test (LP: #2032650)
Checksums-Sha1:
 779bfb54516b0175bab1e981117bbb37b6e87b5a 3292 bind9_9.18.18-0ubuntu0.22.04.1.dsc
 7331e36171bba93e30d6874b8f70f097b0a3ba1d 5490428 bind9_9.18.18.orig.tar.xz
 133905b80a7a6781ac6da297dcf59140419391e4 833 bind9_9.18.18.orig.tar.xz.asc
 d7030ea2395d52da101cf44cd08d512f1bf69c31 92684 bind9_9.18.18-0ubuntu0.22.04.1.debian.tar.xz
 41590b1c4231a19cdc197d23cd6bbf0b8a1c5ef6 7294 bind9_9.18.18-0ubuntu0.22.04.1_source.buildinfo
Checksums-Sha256:
 8ec595e162e8f1f4f537f37fdf9e46316a47191e6c092c2a2e3f6d8097ca4230 3292 bind9_9.18.18-0ubuntu0.22.04.1.dsc
 d735cdc127a6c5709bde475b5bf16fa2133f36fdba202f7c3c37d134e5192160 5490428 bind9_9.18.18.orig.tar.xz
 305ea203e6e968d54cbae8df9781d986eb1c592097be5c717f38a7def64f90b7 833 bind9_9.18.18.orig.tar.xz.asc
 54ed18f0dd86590d9ff11befbf06993da6cb35695909e190945dd83fc74c1f49 92684 bind9_9.18.18-0ubuntu0.22.04.1.debian.tar.xz
 e80e7b4c8b8d2d21601c809b2b4b5d7c23a2c6812736ccfcd53ef61f2306a6f4 7294 bind9_9.18.18-0ubuntu0.22.04.1_source.buildinfo
Files:
 10f274e1d51e77c24e5b8c6771ea95c5 3292 net optional bind9_9.18.18-0ubuntu0.22.04.1.dsc
 d8f443ea8fbd294345b3b7d1a7a81417 5490428 net optional bind9_9.18.18.orig.tar.xz
 8f85360601d26967865cd2724962b357 833 net optional bind9_9.18.18.orig.tar.xz.asc
 4f977e8718a89de79112e737cde81838 92684 net optional bind9_9.18.18-0ubuntu0.22.04.1.debian.tar.xz
 e527d7ac5d7a5e9f3cf2830dd73f3779 7294 net optional bind9_9.18.18-0ubuntu0.22.04.1_source.buildinfo
Original-Maintainer: Debian DNS Team <team+dns at tracker.debian.org>
Vcs-Git: https://git.launchpad.net/~ahasenack/ubuntu/+source/bind9
Vcs-Git-Commit: 83178ed804297a060fd02dfe569b525e928d5df3
Vcs-Git-Ref: refs/heads/MRE-jammy-9.18.18

More information about the jammy-changes mailing list