[ubuntu/mantic-proposed] bind9 1:9.18.24-0ubuntu0.23.10.1 (Accepted)
Lena Voytek
lena.voytek at canonical.com
Fri Apr 19 13:15:36 UTC 2024
bind9 (1:9.18.24-0ubuntu0.23.10.1) mantic; urgency=medium
* New upstream version 9.18.24 (LP: #2040459)
- Updates:
+ Mark use of AES as the DNS COOKIE algorithm as depricated.
+ Mark resolver-nonbackoff-tries and resolver-retry-interval statements
as depricated.
+ Update IP addresses for B.ROOT-SERVERS.NET to 170.247.170.2 and
2801:1b8:10::b.
+ Mark dnssec-must-be-secure option as deprecated.
+ Honor nsupdate -v option for SOA queries by sending both the UPDATE
request and the initial query over TCP.
+ Reduce memory consumption through dedicated jemalloc memory arenas.
- Bug fixes:
+ Fix accidental truncation to 32 bit of statistics channel counters.
+ Do not schedule unsigned versions of inline-signed zones containing
DNSSEC records for resigning.
+ Take local authoritive data into account when looking up stale data
from the cache.
+ Fix assertion failure when lock-file used at the same time as named -X.
+ Fix lockfile removal issue when starting named 3+ times.
+ Fix validation of If-Modified-Since header in statistics channel for
its length.
+ Add Content-Length header bounds check to avoid integer overflow.
+ Fix memory leaks from OpenSSL error stack.
+ Fix SERVFAIL responses after introduction of krb5-subdomain-self-rhs
and ms-subdomain-self-rhs UPDATE policies.
+ Fix accidental disable of stale-refresh-time feature on rndc flush.
+ Fix possible DNS message corruption from partial writes in TLS DNS.
- See https://bind9.readthedocs.io/en/v9.18.24/notes.html for additional
information.
* Remove CVE patches fixed upstream:
- CVE-2023-3341.patch
- CVE-2023-4236.patch
[ Fixed in 9.18.19 ]
- 0001-CVE-2023-4408.patch
- 0002-CVE-2023-5517.patch
- 0003-CVE-2023-5679.patch
- 0004-CVE-2023-50387-CVE-2023-50868.patch
[ Fixed in 9.18.24 ]
* d/p/always-use-standard-library-stdatomic.patch: Maintain use of the
standard library stdatomic.h.
Date: Tue, 09 Apr 2024 14:28:37 -0700
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.18.24-0ubuntu0.23.10.1
-------------- next part --------------
Format: 1.8
Date: Tue, 09 Apr 2024 14:28:37 -0700
Source: bind9
Built-For-Profiles: noudeb
Architecture: source
Version: 1:9.18.24-0ubuntu0.23.10.1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Launchpad-Bugs-Fixed: 2040459
Changes:
bind9 (1:9.18.24-0ubuntu0.23.10.1) mantic; urgency=medium
.
* New upstream version 9.18.24 (LP: #2040459)
- Updates:
+ Mark use of AES as the DNS COOKIE algorithm as depricated.
+ Mark resolver-nonbackoff-tries and resolver-retry-interval statements
as depricated.
+ Update IP addresses for B.ROOT-SERVERS.NET to 170.247.170.2 and
2801:1b8:10::b.
+ Mark dnssec-must-be-secure option as deprecated.
+ Honor nsupdate -v option for SOA queries by sending both the UPDATE
request and the initial query over TCP.
+ Reduce memory consumption through dedicated jemalloc memory arenas.
- Bug fixes:
+ Fix accidental truncation to 32 bit of statistics channel counters.
+ Do not schedule unsigned versions of inline-signed zones containing
DNSSEC records for resigning.
+ Take local authoritive data into account when looking up stale data
from the cache.
+ Fix assertion failure when lock-file used at the same time as named -X.
+ Fix lockfile removal issue when starting named 3+ times.
+ Fix validation of If-Modified-Since header in statistics channel for
its length.
+ Add Content-Length header bounds check to avoid integer overflow.
+ Fix memory leaks from OpenSSL error stack.
+ Fix SERVFAIL responses after introduction of krb5-subdomain-self-rhs
and ms-subdomain-self-rhs UPDATE policies.
+ Fix accidental disable of stale-refresh-time feature on rndc flush.
+ Fix possible DNS message corruption from partial writes in TLS DNS.
- See https://bind9.readthedocs.io/en/v9.18.24/notes.html for additional
information.
* Remove CVE patches fixed upstream:
- CVE-2023-3341.patch
- CVE-2023-4236.patch
[ Fixed in 9.18.19 ]
- 0001-CVE-2023-4408.patch
- 0002-CVE-2023-5517.patch
- 0003-CVE-2023-5679.patch
- 0004-CVE-2023-50387-CVE-2023-50868.patch
[ Fixed in 9.18.24 ]
* d/p/always-use-standard-library-stdatomic.patch: Maintain use of the
standard library stdatomic.h.
Checksums-Sha1:
cf9a740a3c6c1a1d10c38981736da0af9f816417 3345 bind9_9.18.24-0ubuntu0.23.10.1.dsc
e5bfeb64e3d118c5b4e21ae615f2b9c3ea5339ff 5515528 bind9_9.18.24.orig.tar.xz
34ead0b3e466e37e653ee97dceca59728ea9e5ae 833 bind9_9.18.24.orig.tar.xz.asc
7c34ad778e98a108e15eb41bf8d15c98498c8110 73336 bind9_9.18.24-0ubuntu0.23.10.1.debian.tar.xz
258faed11bb3df96c3a0a36a2c32264d177b1b17 9310 bind9_9.18.24-0ubuntu0.23.10.1_source.buildinfo
Checksums-Sha256:
502a58b25a9ec3cf7826e72c7bf0e95ff2cadfd6bdd2c3c9881210e67976d4d6 3345 bind9_9.18.24-0ubuntu0.23.10.1.dsc
709d73023c9115ddad3bab65b6c8c79a590196d0d114f5d0ca2533dbd52ddf66 5515528 bind9_9.18.24.orig.tar.xz
d69191fd021bd68280077f03f586942cf2027ae7683be08aeb244bc58530e625 833 bind9_9.18.24.orig.tar.xz.asc
cf78476b088fe6326ab1e2ba5fe907ac2b6825b529c5b149ebac17e47685b2ee 73336 bind9_9.18.24-0ubuntu0.23.10.1.debian.tar.xz
556616821fb4b258cef095dfed9c1c3b185066fa16f8eaf74c636520ff4050ac 9310 bind9_9.18.24-0ubuntu0.23.10.1_source.buildinfo
Files:
1377d4d1db39635bff0d9efb1c4d7e78 3345 net optional bind9_9.18.24-0ubuntu0.23.10.1.dsc
c791cb32069dbfb6d555ee682309ab09 5515528 net optional bind9_9.18.24.orig.tar.xz
a094ff71451d9362dc38bec2183ebd25 833 net optional bind9_9.18.24.orig.tar.xz.asc
ae633df383a4be6c3c9d8025a168e711 73336 net optional bind9_9.18.24-0ubuntu0.23.10.1.debian.tar.xz
b87722a9f1472add60cf01d6e3ef724c 9310 net optional bind9_9.18.24-0ubuntu0.23.10.1_source.buildinfo
Original-Maintainer: Debian DNS Team <team+dns at tracker.debian.org>
More information about the mantic-changes
mailing list