obsolete

bind-9.11.31-1.fc32, bind-dyndb-ldap-11.3-6.fc32, & 1 more

FEDORA-2021-158a237d4a created by pemensik 2 years ago for Fedora 32

This update's test gating status has been changed to 'waiting'.

2 years ago

This update has been submitted for testing by bodhi.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago
User Icon adamwill commented & provided feedback 2 years ago
karma

openQA test failures here indicate a dependency issue of some kind. In the openQA tests that deploy as a domain controller, the system winds up with the older bind-9.11.28-1.fc32 packages installed even though this update was available; that indicates dnf refused to include the packages from this update because of some kind of dependency problem. Not sure what the issue is, though, it doesn't seem to be logged. Will try and find out.

User Icon adamwill commented & provided feedback 2 years ago
karma

The update has an soname bump. 9.11.28 had libdns.so.1113; 9.11.31 has libdns.so.1114. soname bumps should be avoided where possible in stable release updates, and if it can't be avoided, all dependencies at least need to be rebuilt and included in the update. Aside from other bind subpackages, two things require libdns.so.1113: bind-dyndb-ldap and dnsperf. The one that caused the openQA test to fail is likely bind-dyndb-ldap, FreeIPA uses that, so dnf will be using the older bind package to satisfy the dependency.

So, either the soname bump needs to be reverted (along with whatever incompatible change caused the bump, of course), or dnsperf and bind-dyndb-ldap should be rebuilt against the new soname and included in the update.

CC @abbra

This update has been pushed to testing.

2 years ago

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 years ago

This update's test gating status has been changed to 'failed'.

2 years ago
User Icon pemensik commented & provided feedback 2 years ago

Ah, two problems are there. First, I forgot dnsperf on f32 still depends on bind-libs. Second, I haven't waited long enough before building bind-dyndb-ldap. Even when built on side-tag directly, I should have waited for wait-repo first. My build of bind-dyndb-ldap were started after bind were done, but not yet propagated to repo. So new builds of both are required.

pemensik edited this update.

New build(s):

  • dnsperf-2.3.4-6.fc32
  • bind-dyndb-ldap-11.3-6.fc32

Removed build(s):

  • bind-dyndb-ldap-11.3-5.fc32

Karma has been reset.

2 years ago

pemensik edited this update.

2 years ago

This update has been submitted for testing by pemensik.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago
User Icon adamwill commented & provided feedback 2 years ago
karma

OK, openQA tests passed now, so we should be good.

This update has been pushed to testing.

2 years ago

This update's test gating status has been changed to 'failed'.

2 years ago
karma

This update is marked obsolete because the F32 release is archived.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
modified
2 years ago
BZ#1954897 CVE-2021-25214 bind: A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly [fedora-all]
0
0
BZ#1954903 CVE-2021-25215 bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself [fedora-all]
0
0

Automated Test Results