Bug 2013993

Summary: Rebase to the last BIND 9.11.36 release
Product: Red Hat Enterprise Linux 8 Reporter: Petr Menšík <pemensik>
Component: bindAssignee: Petr Menšík <pemensik>
Status: CLOSED ERRATA QA Contact: Petr Sklenar <psklenar>
Severity: unspecified Docs Contact: Šárka Jana <sjanderk>
Priority: unspecified    
Version: 8.6CC: jorton, psklenar
Target Milestone: rcKeywords: Rebase, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: bind-9.11.36-1.el8 Doc Type: Enhancement
Doc Text:
.The `bind` component rebased to version 9.11.36 The `bind` component has been updated to version 9.11.36. Notable bug fixes and enhancements include: * Improved the `lame-ttl` option to be more secure. * A multiple threads bug affecting RBTDB instances no longer results in assertion failure in `free_rbtdb()`. * Updated implementation of the ZONEMD RR type to match RFC 8976. * The maximum supported number of NSEC3 iterations has been reduced to 150. Records with more iterations are treated as insecure. * An invalid direction field in a LOC record no longer results in a failure.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-10 15:29:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2021443    
Bug Blocks: 2017637, 2021814, 2022715, 2022762    

Description Petr Menšík 2021-10-14 08:47:43 UTC 
Description of problem:
BIND 9.11 line would be soon stop receiving any updates from upstream. I think it would be good to update to the latest release released in that major version. Currently version 9.11.35 [1] is the latest, only security and critical bugs get included into this version line. We should update to the latest code before upstream stops any maintenance on this version.

Version-Release number of selected component (if applicable):
bind-9.11.26-6.el8

Additional info:

1. https://downloads.isc.org/isc/bind9/9.11.35/RELEASE-NOTES-bind-9.11.35.html
Comment 1 Petr Menšík 2021-11-01 12:13:05 UTC 
Since the CVE-2021-25219 is the only change in latest release, I would include this change in a planned rebase. It would include few issue fixes not included in bind-9.11.26 current version.

1. https://downloads.isc.org/isc/bind9/9.11.36/RELEASE-NOTES-bind-9.11.36.html
Comment 3 Petr Menšík 2021-11-01 15:23:42 UTC 
Including to additional upstream bugs, which should be fixed by the rebase. That excludes security bugs, which were upgraded by backported fixes. Backported patches would be removed, since fixes are already in the new original upstream archive.
Comment 4 Petr Menšík 2021-11-01 15:25:31 UTC 
Release notes for the lastest release:
https://downloads.isc.org/isc/bind9/9.11.36/RELEASE-NOTES-bind-9.11.36.html
Comment 26 errata-xmlrpc 2022-05-10 15:29:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: bind security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:2092