[ubuntu/jammy-proposed] bind9 1:9.18.24-0ubuntu0.22.04.1 (Accepted)
Lena Voytek
lena.voytek at canonical.com
Fri Apr 19 13:15:36 UTC 2024
bind9 (1:9.18.24-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream version 9.18.24 (LP: #2040459)
- Updates:
+ Mark use of AES as the DNS COOKIE algorithm as depricated.
+ Mark resolver-nonbackoff-tries and resolver-retry-interval statements
as depricated.
+ Update IP addresses for B.ROOT-SERVERS.NET to 170.247.170.2 and
2801:1b8:10::b.
+ Mark dnssec-must-be-secure option as deprecated.
+ Honor nsupdate -v option for SOA queries by sending both the UPDATE
request and the initial query over TCP.
+ Reduce memory consumption through dedicated jemalloc memory arenas.
- Bug fixes:
+ Fix accidental truncation to 32 bit of statistics channel counters.
+ Do not schedule unsigned versions of inline-signed zones containing
DNSSEC records for resigning.
+ Take local authoritive data into account when looking up stale data
from the cache.
+ Fix assertion failure when lock-file used at the same time as named -X.
+ Fix lockfile removal issue when starting named 3+ times.
+ Fix validation of If-Modified-Since header in statistics channel for
its length.
+ Add Content-Length header bounds check to avoid integer overflow.
+ Fix memory leaks from OpenSSL error stack.
+ Fix SERVFAIL responses after introduction of krb5-subdomain-self-rhs
and ms-subdomain-self-rhs UPDATE policies.
+ Fix accidental disable of stale-refresh-time feature on rndc flush.
+ Fix possible DNS message corruption from partial writes in TLS DNS.
- See https://bind9.readthedocs.io/en/v9.18.24/notes.html for additional
information.
* Remove CVE patches fixed upstream:
- CVE-2023-3341.patch
- CVE-2023-4236.patch
[ Fixed in 9.18.19 ]
- 0001-CVE-2023-4408.patch
- 0002-CVE-2023-5517.patch
- 0003-CVE-2023-5679.patch
- 0004-CVE-2023-50387-CVE-2023-50868.patch
[ Fixed in 9.18.24 ]
* d/p/always-use-standard-library-stdatomic.patch: Maintain use of the
standard library stdatomic.h.
Date: Thu, 11 Apr 2024 14:11:18 -0700
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.18.24-0ubuntu0.22.04.1
-------------- next part --------------
Format: 1.8
Date: Thu, 11 Apr 2024 14:11:18 -0700
Source: bind9
Built-For-Profiles: noudeb
Architecture: source
Version: 1:9.18.24-0ubuntu0.22.04.1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Launchpad-Bugs-Fixed: 2040459
Changes:
bind9 (1:9.18.24-0ubuntu0.22.04.1) jammy; urgency=medium
.
* New upstream version 9.18.24 (LP: #2040459)
- Updates:
+ Mark use of AES as the DNS COOKIE algorithm as depricated.
+ Mark resolver-nonbackoff-tries and resolver-retry-interval statements
as depricated.
+ Update IP addresses for B.ROOT-SERVERS.NET to 170.247.170.2 and
2801:1b8:10::b.
+ Mark dnssec-must-be-secure option as deprecated.
+ Honor nsupdate -v option for SOA queries by sending both the UPDATE
request and the initial query over TCP.
+ Reduce memory consumption through dedicated jemalloc memory arenas.
- Bug fixes:
+ Fix accidental truncation to 32 bit of statistics channel counters.
+ Do not schedule unsigned versions of inline-signed zones containing
DNSSEC records for resigning.
+ Take local authoritive data into account when looking up stale data
from the cache.
+ Fix assertion failure when lock-file used at the same time as named -X.
+ Fix lockfile removal issue when starting named 3+ times.
+ Fix validation of If-Modified-Since header in statistics channel for
its length.
+ Add Content-Length header bounds check to avoid integer overflow.
+ Fix memory leaks from OpenSSL error stack.
+ Fix SERVFAIL responses after introduction of krb5-subdomain-self-rhs
and ms-subdomain-self-rhs UPDATE policies.
+ Fix accidental disable of stale-refresh-time feature on rndc flush.
+ Fix possible DNS message corruption from partial writes in TLS DNS.
- See https://bind9.readthedocs.io/en/v9.18.24/notes.html for additional
information.
* Remove CVE patches fixed upstream:
- CVE-2023-3341.patch
- CVE-2023-4236.patch
[ Fixed in 9.18.19 ]
- 0001-CVE-2023-4408.patch
- 0002-CVE-2023-5517.patch
- 0003-CVE-2023-5679.patch
- 0004-CVE-2023-50387-CVE-2023-50868.patch
[ Fixed in 9.18.24 ]
* d/p/always-use-standard-library-stdatomic.patch: Maintain use of the
standard library stdatomic.h.
Checksums-Sha1:
d63f9b7c31c242df6ea70ecfbcae39d01bfa5264 3329 bind9_9.18.24-0ubuntu0.22.04.1.dsc
e5bfeb64e3d118c5b4e21ae615f2b9c3ea5339ff 5515528 bind9_9.18.24.orig.tar.xz
34ead0b3e466e37e653ee97dceca59728ea9e5ae 833 bind9_9.18.24.orig.tar.xz.asc
896bc11e31ab4630517124143984330f66e5a248 92548 bind9_9.18.24-0ubuntu0.22.04.1.debian.tar.xz
2a715f66d7dde90e00de5b54d1b2cd8dbdf9fef0 9741 bind9_9.18.24-0ubuntu0.22.04.1_source.buildinfo
Checksums-Sha256:
a4b4c9dde8a3e087e10cd5a1a0af63e8232edd4ebdfb01200d8571c45515b9ee 3329 bind9_9.18.24-0ubuntu0.22.04.1.dsc
709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66 5515528 bind9_9.18.24.orig.tar.xz
d69191fd021bd68280077f03f586942cf2027ae7683be08aeb244bc58530e625 833 bind9_9.18.24.orig.tar.xz.asc
e4cae64dc29bd05fe50b187017b73f5a53b56ef20c126f9272e96686d8c67210 92548 bind9_9.18.24-0ubuntu0.22.04.1.debian.tar.xz
0cb660e2ce8b739f4c7d59dbd9650a43f150fc9543e336f208e84ed8ab831cb4 9741 bind9_9.18.24-0ubuntu0.22.04.1_source.buildinfo
Files:
b730c15dab1a7bf19f978c2829303bca 3329 net optional bind9_9.18.24-0ubuntu0.22.04.1.dsc
c791cb32069dbfb6d555ee682309ab09 5515528 net optional bind9_9.18.24.orig.tar.xz
a094ff71451d9362dc38bec2183ebd25 833 net optional bind9_9.18.24.orig.tar.xz.asc
cfb274ab01abea993ae54703847c1ba1 92548 net optional bind9_9.18.24-0ubuntu0.22.04.1.debian.tar.xz
c75d1e2d919339858348ab9eb05095f2 9741 net optional bind9_9.18.24-0ubuntu0.22.04.1_source.buildinfo
Original-Maintainer: Debian DNS Team <team+dns at tracker.debian.org>
More information about the jammy-changes
mailing list