{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "[Upstream release notes](https://downloads.isc.org/isc/bind9/9.11.31/RELEASE-NOTES-bind-9.11.31.html)\n\n", "type": "security", "status": "obsolete", "request": null, "severity": "high", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2021-04-30 10:28:03", "date_modified": "2021-05-03 13:32:11", "date_approved": null, "date_testing": "2021-05-04 13:58:28", "date_stable": null, "alias": "FEDORA-2021-158a237d4a", "test_gating_status": "failed", "from_tag": "f32-build-side-40594", "date_pushed": "2021-05-04 13:58:28", "meets_testing_requirements": false, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2021-158a237d4a", "title": "bind-9.11.31-1.fc32 bind-dyndb-ldap-11.3-6.fc32 dnsperf-2.3.4-6.fc32", "version_hash": "2405467ef41c5f4112dc0f18bb3e264a535f93f8", "release": {"name": "F32", "long_name": "Fedora 32", "version": "32", "id_prefix": "FEDORA", "branch": "f32", "dist_tag": "f32", "stable_tag": "f32-updates", "testing_tag": "f32-updates-testing", "candidate_tag": "f32-updates-candidate", "pending_signing_tag": "f32-signing-pending", "pending_testing_tag": "f32-updates-testing-pending", "pending_stable_tag": "f32-updates-pending", "override_tag": "f32-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "pemensik", "email": "pemensik@redhat.com", "id": 3184, "avatar": "https://seccdn.libravatar.org/avatar/616a7256648d4f465bd90578afb7389fa2e05990e7870dd3421e27bf35229afa?s=24&d=retro", "openid": "pemensik.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "dns-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2021-04-30 10:28:03", "update_id": 302389, "user_id": 91, "id": 2007601, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by bodhi. ", "timestamp": "2021-04-30 10:29:40", "update_id": 302389, "user_id": 91, "id": 2007602, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-04-30 10:29:41", "update_id": 302389, "user_id": 91, "id": 2007603, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": -1, "karma_critpath": 0, "text": "openQA test failures here indicate a dependency issue of some kind. In the openQA tests that deploy as a domain controller, the system winds up with the older bind-9.11.28-1.fc32 packages installed even though this update was available; that indicates dnf refused to include the packages from this update because of some kind of dependency problem. Not sure what the issue is, though, it doesn't seem to be logged. Will try and find out.", "timestamp": "2021-04-30 21:42:10", "update_id": 302389, "user_id": 302, "id": 2008580, "bug_feedback": [{"karma": 0, "comment_id": 2008580, "bug_id": 1954897, "bug": {"bug_id": 1954897, "title": "CVE-2021-25214 bind: A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2008580, "bug_id": 1954903, "bug": {"bug_id": 1954903, "title": "CVE-2021-25215 bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}, {"karma": -1, "karma_critpath": 0, "text": "The update has an soname bump. 9.11.28 had `libdns.so.1113`; 9.11.31 has `libdns.so.1114`. soname bumps should be avoided where possible in stable release updates, and if it can't be avoided, all dependencies at least need to be rebuilt and included in the update. Aside from other bind subpackages, two things require `libdns.so.1113`: `bind-dyndb-ldap` and `dnsperf`. The one that caused the openQA test to fail is likely `bind-dyndb-ldap`, FreeIPA uses that, so dnf will be using the older `bind` package to satisfy the dependency.\n\nSo, either the soname bump needs to be reverted (along with whatever incompatible change caused the bump, of course), or dnsperf and bind-dyndb-ldap should be rebuilt against the new soname and included in the update.\n\nCC @abbra", "timestamp": "2021-04-30 22:02:54", "update_id": 302389, "user_id": 302, "id": 2008596, "bug_feedback": [{"karma": 0, "comment_id": 2008596, "bug_id": 1954897, "bug": {"bug_id": 1954897, "title": "CVE-2021-25214 bind: A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2008596, "bug_id": 1954903, "bug": {"bug_id": 1954903, "title": "CVE-2021-25215 bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2021-05-01 02:16:25", "update_id": 302389, "user_id": 91, "id": 2008874, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.", "timestamp": "2021-05-01 02:16:28", "update_id": 302389, "user_id": 91, "id": 2008890, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'failed'.", "timestamp": "2021-05-01 03:03:00", "update_id": 302389, "user_id": 91, "id": 2008941, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Ah, two problems are there. First, I forgot ``dnsperf`` on f32 still depends on bind-libs. Second, I haven't waited long enough before building ``bind-dyndb-ldap``. Even when built on side-tag directly, I should have waited for wait-repo first. My build of bind-dyndb-ldap were started after bind were done, but not yet propagated to repo. So new builds of both are required.", "timestamp": "2021-05-03 13:29:42", "update_id": 302389, "user_id": 3184, "id": 2011599, "bug_feedback": [{"karma": 0, "comment_id": 2011599, "bug_id": 1954897, "bug": {"bug_id": 1954897, "title": "CVE-2021-25214 bind: A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2011599, "bug_id": 1954903, "bug": {"bug_id": 1954903, "title": "CVE-2021-25215 bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "pemensik", "email": "pemensik@redhat.com", "id": 3184, "avatar": "https://seccdn.libravatar.org/avatar/616a7256648d4f465bd90578afb7389fa2e05990e7870dd3421e27bf35229afa?s=24&d=retro", "openid": "pemensik.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "dns-sig"}]}}, {"karma": 0, "karma_critpath": 0, "text": "pemensik edited this update.\n\nNew build(s):\n\n- dnsperf-2.3.4-6.fc32\n- bind-dyndb-ldap-11.3-6.fc32\n\nRemoved build(s):\n\n- bind-dyndb-ldap-11.3-5.fc32\n\nKarma has been reset.", "timestamp": "2021-05-03 13:31:13", "update_id": 302389, "user_id": 91, "id": 2011600, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "pemensik edited this update.", "timestamp": "2021-05-03 13:32:11", "update_id": 302389, "user_id": 91, "id": 2011601, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by pemensik. ", "timestamp": "2021-05-03 14:41:50", "update_id": 302389, "user_id": 91, "id": 2011698, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-05-03 14:41:50", "update_id": 302389, "user_id": 91, "id": 2011699, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "OK, openQA tests passed now, so we should be good.", "timestamp": "2021-05-03 18:01:03", "update_id": 302389, "user_id": 302, "id": 2012054, "bug_feedback": [{"karma": 0, "comment_id": 2012054, "bug_id": 1954897, "bug": {"bug_id": 1954897, "title": "CVE-2021-25214 bind: A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2012054, "bug_id": 1954903, "bug": {"bug_id": 1954903, "title": "CVE-2021-25215 bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2021-05-04 13:58:59", "update_id": 302389, "user_id": 91, "id": 2013753, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'failed'.", "timestamp": "2021-05-04 14:03:39", "update_id": 302389, "user_id": 91, "id": 2013771, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-05-10 01:48:00", "update_id": 302389, "user_id": 5881, "id": 2021317, "bug_feedback": [{"karma": 0, "comment_id": 2021317, "bug_id": 1954897, "bug": {"bug_id": 1954897, "title": "CVE-2021-25214 bind: A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2021317, "bug_id": 1954903, "bug": {"bug_id": 1954903, "title": "CVE-2021-25215 bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update is marked obsolete because the F32 release is archived.", "timestamp": "2021-05-25 18:37:26", "update_id": 302389, "user_id": 91, "id": 2041844, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "bind-9.11.31-1.fc32", "signed": true, "release_id": 35, "type": "rpm", "epoch": 32}, {"nvr": "bind-dyndb-ldap-11.3-6.fc32", "signed": true, "release_id": 35, "type": "rpm", "epoch": 0}, {"nvr": "dnsperf-2.3.4-6.fc32", "signed": true, "release_id": 35, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1954897, "title": "CVE-2021-25214 bind: A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2021317, "bug_id": 1954897, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-05-10 01:48:00", "update_id": 302389, "user_id": 5881, "id": 2021317, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}}, {"karma": 0, "comment_id": 2011599, "bug_id": 1954897, "comment": {"karma": 0, "karma_critpath": 0, "text": "Ah, two problems are there. First, I forgot ``dnsperf`` on f32 still depends on bind-libs. Second, I haven't waited long enough before building ``bind-dyndb-ldap``. Even when built on side-tag directly, I should have waited for wait-repo first. My build of bind-dyndb-ldap were started after bind were done, but not yet propagated to repo. So new builds of both are required.", "timestamp": "2021-05-03 13:29:42", "update_id": 302389, "user_id": 3184, "id": 2011599, "testcase_feedback": [], "user": {"name": "pemensik", "email": "pemensik@redhat.com", "id": 3184, "avatar": "https://seccdn.libravatar.org/avatar/616a7256648d4f465bd90578afb7389fa2e05990e7870dd3421e27bf35229afa?s=24&d=retro", "openid": "pemensik.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "dns-sig"}]}}}, {"karma": 0, "comment_id": 2008596, "bug_id": 1954897, "comment": {"karma": -1, "karma_critpath": 0, "text": "The update has an soname bump. 9.11.28 had `libdns.so.1113`; 9.11.31 has `libdns.so.1114`. soname bumps should be avoided where possible in stable release updates, and if it can't be avoided, all dependencies at least need to be rebuilt and included in the update. Aside from other bind subpackages, two things require `libdns.so.1113`: `bind-dyndb-ldap` and `dnsperf`. The one that caused the openQA test to fail is likely `bind-dyndb-ldap`, FreeIPA uses that, so dnf will be using the older `bind` package to satisfy the dependency.\n\nSo, either the soname bump needs to be reverted (along with whatever incompatible change caused the bump, of course), or dnsperf and bind-dyndb-ldap should be rebuilt against the new soname and included in the update.\n\nCC @abbra", "timestamp": "2021-04-30 22:02:54", "update_id": 302389, "user_id": 302, "id": 2008596, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": 0, "comment_id": 2008580, "bug_id": 1954897, "comment": {"karma": -1, "karma_critpath": 0, "text": "openQA test failures here indicate a dependency issue of some kind. In the openQA tests that deploy as a domain controller, the system winds up with the older bind-9.11.28-1.fc32 packages installed even though this update was available; that indicates dnf refused to include the packages from this update because of some kind of dependency problem. Not sure what the issue is, though, it doesn't seem to be logged. Will try and find out.", "timestamp": "2021-04-30 21:42:10", "update_id": 302389, "user_id": 302, "id": 2008580, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": 0, "comment_id": 2008955, "bug_id": 1954897, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-05-01 04:53:01", "update_id": 302386, "user_id": 198, "id": 2008955, "testcase_feedback": [], "user": {"name": "bojan", "email": "bojan@rexursive.com", "id": 198, "avatar": "https://seccdn.libravatar.org/avatar/adb4c3f28bd6969871988f992b1bf71e404f03e3570fbfa0fc9bd7d0bf0003f8?s=24&d=retro", "openid": "bojan.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 2012054, "bug_id": 1954897, "comment": {"karma": 1, "karma_critpath": 0, "text": "OK, openQA tests passed now, so we should be good.", "timestamp": "2021-05-03 18:01:03", "update_id": 302389, "user_id": 302, "id": 2012054, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}]}, {"bug_id": 1954903, "title": "CVE-2021-25215 bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2021317, "bug_id": 1954903, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-05-10 01:48:00", "update_id": 302389, "user_id": 5881, "id": 2021317, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}}, {"karma": 0, "comment_id": 2011599, "bug_id": 1954903, "comment": {"karma": 0, "karma_critpath": 0, "text": "Ah, two problems are there. First, I forgot ``dnsperf`` on f32 still depends on bind-libs. Second, I haven't waited long enough before building ``bind-dyndb-ldap``. Even when built on side-tag directly, I should have waited for wait-repo first. My build of bind-dyndb-ldap were started after bind were done, but not yet propagated to repo. So new builds of both are required.", "timestamp": "2021-05-03 13:29:42", "update_id": 302389, "user_id": 3184, "id": 2011599, "testcase_feedback": [], "user": {"name": "pemensik", "email": "pemensik@redhat.com", "id": 3184, "avatar": "https://seccdn.libravatar.org/avatar/616a7256648d4f465bd90578afb7389fa2e05990e7870dd3421e27bf35229afa?s=24&d=retro", "openid": "pemensik.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "dns-sig"}]}}}, {"karma": 0, "comment_id": 2008596, "bug_id": 1954903, "comment": {"karma": -1, "karma_critpath": 0, "text": "The update has an soname bump. 9.11.28 had `libdns.so.1113`; 9.11.31 has `libdns.so.1114`. soname bumps should be avoided where possible in stable release updates, and if it can't be avoided, all dependencies at least need to be rebuilt and included in the update. Aside from other bind subpackages, two things require `libdns.so.1113`: `bind-dyndb-ldap` and `dnsperf`. The one that caused the openQA test to fail is likely `bind-dyndb-ldap`, FreeIPA uses that, so dnf will be using the older `bind` package to satisfy the dependency.\n\nSo, either the soname bump needs to be reverted (along with whatever incompatible change caused the bump, of course), or dnsperf and bind-dyndb-ldap should be rebuilt against the new soname and included in the update.\n\nCC @abbra", "timestamp": "2021-04-30 22:02:54", "update_id": 302389, "user_id": 302, "id": 2008596, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": 0, "comment_id": 2008580, "bug_id": 1954903, "comment": {"karma": -1, "karma_critpath": 0, "text": "openQA test failures here indicate a dependency issue of some kind. In the openQA tests that deploy as a domain controller, the system winds up with the older bind-9.11.28-1.fc32 packages installed even though this update was available; that indicates dnf refused to include the packages from this update because of some kind of dependency problem. Not sure what the issue is, though, it doesn't seem to be logged. Will try and find out.", "timestamp": "2021-04-30 21:42:10", "update_id": 302389, "user_id": 302, "id": 2008580, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": 0, "comment_id": 2008955, "bug_id": 1954903, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-05-01 04:53:01", "update_id": 302386, "user_id": 198, "id": 2008955, "testcase_feedback": [], "user": {"name": "bojan", "email": "bojan@rexursive.com", "id": 198, "avatar": "https://seccdn.libravatar.org/avatar/adb4c3f28bd6969871988f992b1bf71e404f03e3570fbfa0fc9bd7d0bf0003f8?s=24&d=retro", "openid": "bojan.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 2012054, "bug_id": 1954903, "comment": {"karma": 1, "karma_critpath": 0, "text": "OK, openQA tests passed now, so we should be good.", "timestamp": "2021-05-03 18:01:03", "update_id": 302389, "user_id": 302, "id": 2012054, "testcase_feedback": [], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}]}], "updateid": "FEDORA-2021-158a237d4a", "karma": 2, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}