Latest Changelogs for all releases

  linux-firmware (20240318.git3b128b60-0ubuntu2.17) noble; urgency=medium

  * [SRU] AMD Image Signal Processing (ISP) firmware update (LP: #2119501)
    - amdgpu: Update ISP FW for isp v4.1.1

  bind9 (1:9.18.39-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream release 9.18.39 (LP: #2112520)
    - Features:
      + Add support for parsing the DSYNC record.
      + Add support for the CO flag to dig.
      + Add a new option to configure the maximum number of outgoing queries
        per client request.
      + Add WALLET type.
    - Updates:
      + Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1 and DS digest type 1.
      + Make TLS data processing more reliable in various network conditions.
      + Print the expiration time of the stale records.
      + Remove –with-tuning=small/large configuration option.
      + Update built-in bind.keys file with the new 2025 IANA root key.
      + Move contributed DLZ modules into a separate repository.
      + Emit more helpful log messages for exceeding max-records-per-type.
      + Harden key management when key files have become unavailable.
      + Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS.
    - Bug Fixes:
      + Fix a possible crash when adding a zone while recursing.
      + Clean enough memory when adding new ADB names/entries under memory pressure.
      + Prevent spurious validation failures.
      + Rescan the interfaces again when reconfiguring the server.
      + Fix the default interface-interval from 60s to 60m.
      + Fix purge-keys bug when using views.
      + Set name for all the isc_mem contexts.
      + Stop caching lack of EDNS support.
      + Fix resolver statistics counters for timed-out responses.
      + Don’t enforce NOAUTH/NOCONF flags in DNSKEYs.
      + Fix inconsistency in CNAME/DNAME handling during resolution.
      + Fix deferred validation of unsigned DS and DNSKEY records.
      + Fix RPZ race condition during a reconfiguration.
      + Fix “CNAME and other data check” not being applied to all types.
      + Remove NSEC/DS/NSEC3 RRSIG check from dns_message_parse().
      + Fix rndc flushname for longer name server names.
      + Fix recently expired records sending timestamps in the future.
      + Fix YAML string not terminated in negative response in delv.
      + Apply the memory limit only to ADB database items.
      + Avoid unnecessary locking in the zone/cache database.
      + Improve the resolver performance under attack.
      + Fix nsupdate hang when processing a large update.
      + Fix possible assertion failure when reloading server while processing
        update policy rules.
      + Fix dnssec-signzone signing non-DNSKEY RRsets with revoked keys.
      + Fix improper handling of unknown directives in resolv.conf.
      + Fix dig parsing of {&dns}.
      + Fix NSEC3 closest encloser lookup for names with empty non-terminals.
      + Fix display of dig options with format form [+-]option=<value>.
      + Provide more visibility into TLS configuration errors by logging
      + Fix a statistics channel counter bug when “forward only” zones are
        used.
      + Fix wrong address queries in

  bind9 (1:9.18.39-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release 9.18.39 (LP: #2112520)
    - Features:
      + Add support for parsing the DSYNC record.
      + Add support for the CO flag to dig.
      + Add a new option to configure the maximum number of outgoing queries
        per client request.
      + Add WALLET type.
    - Updates:
      + Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1 and DS digest type 1.
      + Make TLS data processing more reliable in various network conditions.
      + Print the expiration time of the stale records.
      + Remove –with-tuning=small/large configuration option.
      + Update built-in bind.keys file with the new 2025 IANA root key.
      + Move contributed DLZ modules into a separate repository.
      + Emit more helpful log messages for exceeding max-records-per-type.
      + Harden key management when key files have become unavailable.
      + Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS.
    - Bug Fixes:
      + Fix a possible crash when adding a zone while recursing.
      + Clean enough memory when adding new ADB names/entries under memory pressure.
      + Prevent spurious validation failures.
      + Rescan the interfaces again when reconfiguring the server.
      + Fix the default interface-interval from 60s to 60m.
      + Fix purge-keys bug when using views.
      + Set name for all the isc_mem contexts.
      + Stop caching lack of EDNS support.
      + Fix resolver statistics counters for timed-out responses.
      + Don’t enforce NOAUTH/NOCONF flags in DNSKEYs.
      + Fix inconsistency in CNAME/DNAME handling during resolution.
      + Fix deferred validation of unsigned DS and DNSKEY records.
      + Fix RPZ race condition during a reconfiguration.
      + Fix “CNAME and other data check” not being applied to all types.
      + Remove NSEC/DS/NSEC3 RRSIG check from dns_message_parse().
      + Fix rndc flushname for longer name server names.
      + Fix recently expired records sending timestamps in the future.
      + Fix YAML string not terminated in negative response in delv.
      + Apply the memory limit only to ADB database items.
      + Avoid unnecessary locking in the zone/cache database.
      + Improve the resolver performance under attack.
      + Fix nsupdate hang when processing a large update.
      + Fix possible assertion failure when reloading server while processing
        update policy rules.
      + Fix dnssec-signzone signing non-DNSKEY RRsets with revoked keys.
      + Fix improper handling of unknown directives in resolv.conf.
      + Fix dig parsing of {&dns}.
      + Fix NSEC3 closest encloser lookup for names with empty non-terminals.
      + Fix display of dig options with format form [+-]option=<value>.
      + Provide more visibility into TLS configuration errors by logging
      + Fix a statistics channel counter bug when “forward only” zones are
        used.
      + Fix wrong address queries in

  dconf (0.40.0-3ubuntu0.1) jammy; urgency=medium

  * Restore permissions on database write to prevent restrictive umask from
    rendering the db inaccessible (LP: #2072586)
    - d/p/lp2072586-gvdb-Restore-permissions-on-changed-files.patch

 -- Wesley Hershberger <email address hidden> Tue, 20 May 2025 15:59:48 -0500

  bind9 (1:9.18.39-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release 9.18.39 (LP: #2112520)
    - Features:
      + Add support for parsing the DSYNC record.
      + Add support for the CO flag to dig.
      + Add a new option to configure the maximum number of outgoing queries
        per client request.
      + Add WALLET type.
    - Updates:
      + Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1 and DS digest type 1.
      + Make TLS data processing more reliable in various network conditions.
      + Print the expiration time of the stale records.
      + Remove –with-tuning=small/large configuration option.
      + Update built-in bind.keys file with the new 2025 IANA root key.
      + Move contributed DLZ modules into a separate repository.
      + Emit more helpful log messages for exceeding max-records-per-type.
      + Harden key management when key files have become unavailable.
      + Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS.
    - Bug Fixes:
      + Fix a possible crash when adding a zone while recursing.
      + Clean enough memory when adding new ADB names/entries under memory pressure.
      + Prevent spurious validation failures.
      + Rescan the interfaces again when reconfiguring the server.
      + Fix the default interface-interval from 60s to 60m.
      + Fix purge-keys bug when using views.
      + Set name for all the isc_mem contexts.
      + Stop caching lack of EDNS support.
      + Fix resolver statistics counters for timed-out responses.
      + Don’t enforce NOAUTH/NOCONF flags in DNSKEYs.
      + Fix inconsistency in CNAME/DNAME handling during resolution.
      + Fix deferred validation of unsigned DS and DNSKEY records.
      + Fix RPZ race condition during a reconfiguration.
      + Fix “CNAME and other data check” not being applied to all types.
      + Remove NSEC/DS/NSEC3 RRSIG check from dns_message_parse().
      + Fix rndc flushname for longer name server names.
      + Fix recently expired records sending timestamps in the future.
      + Fix YAML string not terminated in negative response in delv.
      + Apply the memory limit only to ADB database items.
      + Avoid unnecessary locking in the zone/cache database.
      + Improve the resolver performance under attack.
      + Fix nsupdate hang when processing a large update.
      + Fix possible assertion failure when reloading server while processing
        update policy rules.
      + Fix dnssec-signzone signing non-DNSKEY RRsets with revoked keys.
      + Fix improper handling of unknown directives in resolv.conf.
      + Fix dig parsing of {&dns}.
      + Fix NSEC3 closest encloser lookup for names with empty non-terminals.
      + Fix display of dig options with format form [+-]option=<value>.
      + Provide more visibility into TLS configuration errors by logging
      + Fix a statistics channel counter bug when “forward only” zones are
        used.
      + Fix wrong address queries in

  azure-proxy-agent (1.0.30-0ubuntu4~24.04.2) noble; urgency=medium

  * d/rules: use cargo-1.80 to build the agent.
     - The version of the aya crate that is used by the agent requires
       cargo-1.80 or higher.
  * d/control: add missing vendored dependencies and depend on cargo-1.80.
     - dh-cargo-vendored-sources is not able to detect when the rust-vendor
       directory has been generated with cargo-vendor-filterer thus
       producing a XS-Vendored-Sources-Rust string that does not accurately
       reflect the rust dependencies. Specifically, XS-Vendored-Sources-Rust
       includes dependencies that have been selectively removed by
       cargo-vendor-filterer. See LP#2111699.

  azure-proxy-agent (1.0.30-0ubuntu4~22.04.2) jammy; urgency=medium

  * d/rules: use cargo-1.80 to build the agent.
     - The version of the aya crate that is used by the agent requires
       cargo-1.80 or higher.
  * d/control: add missing vendored dependencies and depend on cargo-1.80.
     - dh-cargo-vendored-sources is not able to detect when the rust-vendor
       directory has been generated with cargo-vendor-filterer thus
       producing a XS-Vendored-Sources-Rust string that does not accurately
       reflect the rust dependencies. Specifically, XS-Vendored-Sources-Rust
       includes dependencies that have been selectively removed by
       cargo-vendor-filterer. See LP#2111699.

  mysql-8.4 (8.4.6-0ubuntu0.25.04.3) plucky; urgency=medium

  * Modify logrotate script to silently exit if mysql service is not active
    (LP: #2120936).

 -- Ghadi Elie Rahme <email address hidden> Tue, 19 Aug 2025 16:39:09 +0000

  mysql-8.4 (8.4.6-0ubuntu0.25.04.3) plucky; urgency=medium

  * Modify logrotate script to silently exit if mysql service is not active
    (LP: #2120936).

 -- Ghadi Elie Rahme <email address hidden> Tue, 19 Aug 2025 16:39:09 +0000

  xdg-desktop-portal (1.20.0+ds-2ubuntu1.1) plucky; urgency=medium

  * Backport patches from Sebastian Wick to get pidns's from pidfd's.
    - Fixes (LP: #2107340)
    - differentiate_pidfd_proc.patch
      + utils: Differentiate between pidfd and /proc/$pid dirfds
      + Upstream SHA: dd08d451e3019f4ec6285ecb14d4c746b6e1d420
      + Refactoring commit required for the next patch that actually fixes the
        problem to cleanly apply.
    - get_pidns_from_pidfd.patch
      + utils: Add new function to get the pidns from an actual pidfd
      + Upstream SHA: 522236e41043a558a825da4cee70ee31ce607147
      + Fixes failures when calling XdpAppInfo.get_pidns with a pidfd rather
        than a dirfd.

 -- Charles <email address hidden> Thu, 03 Jul 2025 17:09:55 +0100

  sssd (2.10.1-2ubuntu4.1) plucky; urgency=medium

  * Updating apparmor profile for smartcard authentication.
    Allow access to sssd configuration directory, pcscd socket and libraries
    required for PKCS#11 module initialization. (LP: #2109673)
    - d/apparmor-profile

 -- Seyeong Kim <email address hidden> Mon, 11 Aug 2025 08:01:20 +0000

  xdg-desktop-portal (1.20.0+ds-2ubuntu1.1) plucky; urgency=medium

  * Backport patches from Sebastian Wick to get pidns's from pidfd's.
    - Fixes (LP: #2107340)
    - differentiate_pidfd_proc.patch
      + utils: Differentiate between pidfd and /proc/$pid dirfds
      + Upstream SHA: dd08d451e3019f4ec6285ecb14d4c746b6e1d420
      + Refactoring commit required for the next patch that actually fixes the
        problem to cleanly apply.
    - get_pidns_from_pidfd.patch
      + utils: Add new function to get the pidns from an actual pidfd
      + Upstream SHA: 522236e41043a558a825da4cee70ee31ce607147
      + Fixes failures when calling XdpAppInfo.get_pidns with a pidfd rather
        than a dirfd.

 -- Charles <email address hidden> Thu, 03 Jul 2025 17:09:55 +0100

  sssd (2.10.1-2ubuntu4.1) plucky; urgency=medium

  * Updating apparmor profile for smartcard authentication.
    Allow access to sssd configuration directory, pcscd socket and libraries
    required for PKCS#11 module initialization. (LP: #2109673)
    - d/apparmor-profile

 -- Seyeong Kim <email address hidden> Mon, 11 Aug 2025 08:01:20 +0000

  sssd (2.9.4-1.1ubuntu6.3) noble; urgency=medium

  * Updating apparmor profile for smartcard authentication.
    Allow access to sssd configuration directory, pcscd socket and libraries
    required for PKCS#11 module initialization. (LP: #2109673)
    - d/apparmor-profile

 -- Seyeong Kim <email address hidden> Tue, 12 Aug 2025 03:24:31 +0000

  sssd (2.9.4-1.1ubuntu6.3) noble; urgency=medium

  * Updating apparmor profile for smartcard authentication.
    Allow access to sssd configuration directory, pcscd socket and libraries
    required for PKCS#11 module initialization. (LP: #2109673)
    - d/apparmor-profile

 -- Seyeong Kim <email address hidden> Tue, 12 Aug 2025 03:24:31 +0000