We use the COPR to install BIND on our servers, and I wanted to mention that it looks like in both the isc/bind and isc/bind-esv repos, the build of the package “isc-bind-bind” failed for version 9.18.28-1.1 in (as far as I can tell) only the EPEL 7 repo in Build 7776636. Could someone look at that? We’re on RHEL 8 and 9 for our BIND servers and it looks like the EPEL 8 and 9 versions build successfully, but I want to make sure that I’m not missing something. Thanks!
Brian -- Brian Sebby (he/him/his) | Lead Systems Engineer Email: [email protected]<mailto:[email protected]> | Information Technology Infrastructure Phone: +1 630.252.9935 | Business Information Services Cell: +1 630.921.4305 | Argonne National Laboratory From: bind-users <[email protected]> on behalf of Victoria Risk <[email protected]> Date: Tuesday, July 23, 2024 at 8:32 AM To: [email protected] <[email protected]>, BIND Users <[email protected]> Subject: New BIND releases are available: 9.18.28, 9.20.0 BIND users- Our July 2024 maintenance release of BIND 9. 18, as well as the new 9. 20. 0 stable branch, are available and can be downloaded from the ISC software download page, https: //www. isc. org/download. In addition to bug fixes and feature ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd BIND users- Our July 2024 maintenance release of BIND 9.18, as well as the new 9.20.0 stable branch, are available and can be downloaded from the ISC software download page, https://www.isc.org/download<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.isc.org_download&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=bzNtaRi91LT7NGxvLacOsRR1G9KN3r-0KTyCGEZg7W4&e=>. In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities (CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, CVE-2024-4076), about which more information is provided in the following Security Advisories: https://kb.isc.org/docs/cve-2024-0760<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_cve-2D2024-2D0760&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=hf52gj9SjjbMh_N66diWqdZFByhr_hEy_DLLM6useU4&e=> https://kb.isc.org/docs/cve-2024-1737<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_cve-2D2024-2D1737&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=QZWuJmSD9PaIQPEorLqEbgQF-tj3T27lRz28IBul8Gc&e=> https://kb.isc.org/docs/cve-2024-1975<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_cve-2D2024-2D1975&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=3rxkgsPWVjucjy0uQLiFWNSKqV579E-ri6R2zGqDFw8&e=> https://kb.isc.org/docs/cve-2024-4076<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_cve-2D2024-2D4076&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=z2wPjQ7Pj0Dh9Bc02avjPawaCkKA3fdgEZ2ztpWVH3Y&e=> A summary of significant changes in the new releases can be found in their release notes: - Current supported stable branches: 9.18.28 - https://downloads.isc.org/isc/bind9/9.18.28/doc/arm/html/notes.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__downloads.isc.org_isc_bind9_9.18.28_doc_arm_html_notes.html&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=eL3vtH4F4vRw0n1gERxG-YbNvYiZUwcADdS64amUM94&e=> 9.20.0 - https://downloads.isc.org/isc/bind9/9.20.0/doc/arm/html/notes.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__downloads.isc.org_isc_bind9_9.20.0_doc_arm_html_notes.html&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=jByNiOTuwi2CKgchg6VaHFIewzRSMvAtPq-UNd3NZ04&e=> We also have a nice blog post from Ondřej Surý on the 9.20.0 release, including performance testing results (https://www.isc.org/blogs/2024-bind920/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.isc.org_blogs_2024-2Dbind920_&d=DwMFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=UUKshb2znNU4e4TPM0Yd2ufCIHmbyXxSKZu0ptJ8B3c&e=>). --- Please Note: To create an effective mitigation for CVE-2024-1737 we have introduced two new configurable limits that prevent the loading (into zones or into cache) of DNS resource records (RRs) that exceed them. We therefore recommend reading this KB article, https://kb.isc.org/docs/rrset-limits-in-zones<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_rrset-2Dlimits-2Din-2Dzones&d=DwMFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=rubfa9plpqTW7oAHrRfURnVqh28DVS8RP5L2EVg6QOM&e=>, in case you need to change the defaults to suit your specific operational environment. We recommend that users planning to upgrade from the EOL 9.16 branch read the following document first: https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918<https://urldefense.proofpoint.com/v2/url?u=https-3A__kb.isc.org_docs_changes-2Dto-2Dbe-2Daware-2Dof-2Dwhen-2Dmoving-2Dfrom-2Dbind-2D916-2Dto-2D918&d=DwQFaQ&c=VNwPUykuud53CG9rFjagOIJ6-Rup94jYcsvLgLkfjkk&r=jaYfnGHWNQHXZDHWVerNDw&m=enZ9AiHfKVqcG4gKXlgwWb68BKijXJQ5qOejq2wTquhkSEG-taOVu6pEsM7QCg7z&s=Psq-P97iXxQ-QTSJn9CnBrGXnKQHNDH1RNhFd0RAJrI&e=>
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
