[ubuntu/disco-proposed] bind9 1:9.11.5+dfsg-1ubuntu1 (Accepted)
Andreas Hasenack
andreas at canonical.com
Fri Dec 14 13:15:14 UTC 2018
bind9 (1:9.11.5+dfsg-1ubuntu1) disco; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Build without lmdb support as that package is in Universe
- Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/libdns1104.symbols: don't include dnstap symbols
+ d/rules: don't build dnstap nor install dnstap.proto
* Dropped:
- SECURITY UPDATE: denial of service crash when deny-answer-aliases
option is used
+ debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
trigger a crash if deny-answer-aliases was set
+ debian/patches/CVE-2018-5740-2.patch: add tests
+ debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
chainingp correctly, add test
+ CVE-2018-5740
[Fixed in new upstream version 9.11.5]
- d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
line (Closes: #904983)
[Fixed in 1:9.11.4+dfsg-4]
- Add a patch to fix named-pkcs11 crashing on startup. (LP #1769440)
[Fixed in 1:9.11.4.P1+dfsg-1]
- Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
(it depends on OpenSSL version) (Closes: #897643)
[Fixed in 1:9.11.4.P1+dfsg-1]
* Added:
- d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
option (LP: #1804648)
- d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
close to a query timeout (LP: #1797926)
- d/t/simpletest: drop the internetsociety.org test as it requires
network egress access that is not available in the Ubuntu autopkgtest
farm.
bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium
* Use team+dns at tracker.debian.org as Maintainer address
* New upstream version 9.11.5+dfsg
* Add EXTENSIONS= to version file programmatically, not with the patch
* Rebase patches for BIND 9.11.5
* Adjust package names for new SONAMEs
bind9 (1:9.11.4.P2+dfsg-3) unstable; urgency=medium
* Also avoid OpenSSL 1.1.1 in udebs.
Thanks to KiBi for the hint
* autopkgtest: Make an external query and check for DNSSEC
bind9 (1:9.11.4.P2+dfsg-2) unstable; urgency=medium
* Temporarily disable EDDSA to relax OpenSSL version requirement
bind9 (1:9.11.4.P2+dfsg-1) unstable; urgency=medium
[ Bernhard Schmidt ]
* Add a very simple autopkgtest (dig @127.0.0.1)
[ Ondřej Surý ]
* New upstream version 9.11.4.P2+dfsg
* Rebase patches for BIND 9.11.4-P2
bind9 (1:9.11.4.P1+dfsg-1) unstable; urgency=medium
[ Timo Aaltonen ]
* skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11
crashing on startup. (LP: #1769440)
[ Bernhard Schmidt ]
* Add gbp.conf for pristine-tar usage
* d/watch: Properly deal with -P patch releases
[ Ondřej Surý ]
* Don't fail to start if /etc/default/bind9 doesn't exist
* New upstream version 9.11.4.P1+dfsg
* Rebase patches for BIND 9.11.4-P1
* Add new dst__openssleddsa_init optional symbol (it depends on OpenSSL version) (Closes: #897643)
* Put aside named.conf.option from stretch when upgrading (Closes: #905177)
bind9 (1:9.11.4+dfsg-4) unstable; urgency=medium
* Brown-paper-bag release :-(
* Fix missing colon in AppArmor profile (Closes: #904983)
Date: Thu, 13 Dec 2018 19:40:23 -0200
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.11.5+dfsg-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 13 Dec 2018 19:40:23 -0200
Source: bind9
Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-161 libdns1104 libirs161 libisc1100 liblwres161 libisccc161 libisccfg163 dnsutils libbind-export-dev libdns-export1104 libdns-export1104-udeb libirs-export161 libirs-export161-udeb libisc-export1100 libisc-export1100-udeb libisccc-export161 libisccc-export161-udeb libisccfg-export163 libisccfg-export163-udeb
Architecture: source
Version: 1:9.11.5+dfsg-1ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - DNS lookup utility (deprecated)
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
libbind-dev - Static Libraries and Headers used by BIND
libbind-export-dev - Development files for the exported BIND libraries
libbind9-161 - BIND9 Shared Library used by BIND
libdns-export1104 - Exported DNS Shared Library
libdns-export1104-udeb - Exported DNS library for debian-installer (udeb)
libdns1104 - DNS Shared Library used by BIND
libirs-export161 - Exported IRS Shared Library
libirs-export161-udeb - Exported IRS library for debian-installer (udeb)
libirs161 - DNS Shared Library used by BIND
libisc-export1100 - Exported ISC Shared Library
libisc-export1100-udeb - Exported ISC library for debian-installer (udeb)
libisc1100 - ISC Shared Library used by BIND
libisccc-export161 - Command Channel Library used by BIND
libisccc-export161-udeb - Command Channel Library used by BIND (udeb)
libisccc161 - Command Channel Library used by BIND
libisccfg-export163 - Exported ISC CFG Shared Library
libisccfg-export163-udeb - Exported ISC CFG library for debian-installer (udeb)
libisccfg163 - Config File Handling Library used by BIND
liblwres161 - Lightweight Resolver Library used by BIND
Closes: 897643 904983 905177
Launchpad-Bugs-Fixed: 1769440 1797926 1804648
Changes:
bind9 (1:9.11.5+dfsg-1ubuntu1) disco; urgency=medium
.
* Merge with Debian unstable. Remaining changes:
- Build without lmdb support as that package is in Universe
- Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/libdns1104.symbols: don't include dnstap symbols
+ d/rules: don't build dnstap nor install dnstap.proto
* Dropped:
- SECURITY UPDATE: denial of service crash when deny-answer-aliases
option is used
+ debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
trigger a crash if deny-answer-aliases was set
+ debian/patches/CVE-2018-5740-2.patch: add tests
+ debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
chainingp correctly, add test
+ CVE-2018-5740
[Fixed in new upstream version 9.11.5]
- d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
line (Closes: #904983)
[Fixed in 1:9.11.4+dfsg-4]
- Add a patch to fix named-pkcs11 crashing on startup. (LP #1769440)
[Fixed in 1:9.11.4.P1+dfsg-1]
- Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
(it depends on OpenSSL version) (Closes: #897643)
[Fixed in 1:9.11.4.P1+dfsg-1]
* Added:
- d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
option (LP: #1804648)
- d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
close to a query timeout (LP: #1797926)
- d/t/simpletest: drop the internetsociety.org test as it requires
network egress access that is not available in the Ubuntu autopkgtest
farm.
.
bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium
.
* Use team+dns at tracker.debian.org as Maintainer address
* New upstream version 9.11.5+dfsg
* Add EXTENSIONS= to version file programmatically, not with the patch
* Rebase patches for BIND 9.11.5
* Adjust package names for new SONAMEs
.
bind9 (1:9.11.4.P2+dfsg-3) unstable; urgency=medium
.
* Also avoid OpenSSL 1.1.1 in udebs.
Thanks to KiBi for the hint
* autopkgtest: Make an external query and check for DNSSEC
.
bind9 (1:9.11.4.P2+dfsg-2) unstable; urgency=medium
.
* Temporarily disable EDDSA to relax OpenSSL version requirement
.
bind9 (1:9.11.4.P2+dfsg-1) unstable; urgency=medium
.
[ Bernhard Schmidt ]
* Add a very simple autopkgtest (dig @127.0.0.1)
.
[ Ondřej Surý ]
* New upstream version 9.11.4.P2+dfsg
* Rebase patches for BIND 9.11.4-P2
.
bind9 (1:9.11.4.P1+dfsg-1) unstable; urgency=medium
.
[ Timo Aaltonen ]
* skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11
crashing on startup. (LP: #1769440)
.
[ Bernhard Schmidt ]
* Add gbp.conf for pristine-tar usage
* d/watch: Properly deal with -P patch releases
.
[ Ondřej Surý ]
* Don't fail to start if /etc/default/bind9 doesn't exist
* New upstream version 9.11.4.P1+dfsg
* Rebase patches for BIND 9.11.4-P1
* Add new dst__openssleddsa_init optional symbol (it depends on OpenSSL version) (Closes: #897643)
* Put aside named.conf.option from stretch when upgrading (Closes: #905177)
.
bind9 (1:9.11.4+dfsg-4) unstable; urgency=medium
.
* Brown-paper-bag release :-(
* Fix missing colon in AppArmor profile (Closes: #904983)
Checksums-Sha1:
cd569eef7195043c3baa45e2338a8d9295b39424 3942 bind9_9.11.5+dfsg-1ubuntu1.dsc
e93007be1572f8098a342233822fa5863bd5b1d8 3953524 bind9_9.11.5+dfsg.orig.tar.xz
7e018267f6545b8b037353a5bf2142f5449d4364 80944 bind9_9.11.5+dfsg-1ubuntu1.debian.tar.xz
320955636d9468bad58000b70f0308ae34930400 7287 bind9_9.11.5+dfsg-1ubuntu1_source.buildinfo
Checksums-Sha256:
2012a30255bb3b7efbe7e1385823be4f87d3d3841052929859fef95b81016063 3942 bind9_9.11.5+dfsg-1ubuntu1.dsc
3c9a1f7298634bc25c27c7ea70770ec573e06ffa289bde9a0fd9fdee2c6cfcc7 3953524 bind9_9.11.5+dfsg.orig.tar.xz
cd8d557d52eb98f8985ca8694b0474992e8f43b4e2dafed29568ab061fe97d5d 80944 bind9_9.11.5+dfsg-1ubuntu1.debian.tar.xz
0ace0c2e121c2e6b09c3e691e27d69a7b80a2d0ee40742f321594706ecc3a72c 7287 bind9_9.11.5+dfsg-1ubuntu1_source.buildinfo
Files:
585e921b47f2e48267e067b3e70ae227 3942 net optional bind9_9.11.5+dfsg-1ubuntu1.dsc
e32a69069105a1c387933c36e22a7011 3953524 net optional bind9_9.11.5+dfsg.orig.tar.xz
ef3c63e85e780ed3cad131793cb43b27 80944 net optional bind9_9.11.5+dfsg-1ubuntu1.debian.tar.xz
b612326bc7ba891571cd28823c9f8ed1 7287 net optional bind9_9.11.5+dfsg-1ubuntu1_source.buildinfo
Original-Maintainer: Debian DNS Team <team+dns at tracker.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEiGZB1jWM2kalbBxyrJg+tb9ry6kFAlwTrGcACgkQrJg+tb9r
y6nmKhAAl0ijvCo4yNwVDO5Xm3PuifgIi8M9tIm3UDBf4qJepEIAGKzTm8X0lzyr
GSUeOCkyVaGvCL+e2naXYgLCcTjOzjS6+2CD6WgLd/q6MLvtHXeeGOvOFR5Vzc6n
ivT73zQN5S2XviLLEgDK/eZqDTCikIe8Nww0dXOX6Suao3+TjFZTg170QeAIYtfy
zvgTVLRvNLmTQHE1ciyK/H885dQtJoNmFO94ZlHumZ2yPos30pP8jmdiRwxcDZSg
97a1s05LoIdBI9LV4xLHxgHzj3chcc0M9pP07Ax03pCuJzrb8TZVPoHQ1uhA+CVq
VTtgsHLuJ6FvV9g9tznkN4p+6t1+BtxpdzjfZ/6krbkDAO2ao1EAD9p8xPYHyiOY
3ICCKaKZB+60ygLN5K7CQKDwv7EtCB94yKmAThTcQMQxQ3Ap1Ooe/F43VghaTjcE
WZ39O7aPlzF5gT07Od9E0cAqsmncKTSMfgG9DQ7wRjpfh2ecX2IDKBbzmc74yUUT
qXyK8IWOe7v+q/F8G9Yx6McNrSHhZBSD4fH486fP9VS1/vTrrjwyptMCT6P4eQzV
47Yook2LqoMnVSRJPzHVFkYtX6kbMMUfXI0aFyi6wzmjf0NteHtbrtWuF+mutb2H
xmQX5irMkxqZTkZxLSzXSMrEKPHbSNaiI8rA4eKtf9YFTRA6Tz8=
=educ
-----END PGP SIGNATURE-----
More information about the Disco-changes
mailing list