[ubuntu/jammy-proposed] bind9 1:9.18.1-1ubuntu1 (Accepted)
Sergio Durigan Junior
sergio.durigan at canonical.com
Wed Mar 23 19:08:12 UTC 2022
bind9 (1:9.18.1-1ubuntu1) jammy; urgency=medium
* Merge with Debian unstable (LP: #1965981). Remaining changes:
- Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/libdns1104.symbols: don't include dnstap symbols
+ d/rules: don't build dnstap nor install dnstap.proto
- Add back apport:
+ d/bind9.apport: add back old bind9 apport hook, but without calling
attach_conffiles() since that is already done by apport itself, with
confirmation from the user.
+ d/control, d/rules: build-depends on dh-apport and use it
- d/NEWS: mention some of the bigger changes in 9.16.0 packaging
- d/bind9.named.service: use systemd Type=forking to signal daemon init.
This fixes a regression of #900788 where services whose startup depend
on name resolutions may fail due to bind9 not being ready (LP #1899902).
- d/control: remove optional libjemalloc-dev Build-Depends as it is not in
main.
- d/NEWS: mention some of the relevant changes in 9.18.0 packaging
or functionality that may affect usability.
* Dropped changes:
- d/p/0003-Remove-spurious-debugging-true.patch: remove development leftover
debugging flag from nslookup code (LP: #1961556).
[ Incorporated in 9.18.1. ]
- SECURITY UPDATE: cache poisoning via bogus NS records
+ debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of
records into the cache in lib/dns/resolver.c.
+ CVE-2021-25220
[ Incorporated in 9.18.1. ]
- SECURITY UPDATE: DoS via specially crafted TCP stream
+ debian/patches/CVE-2022-0396.patch: ensure correct ordering in
lib/isc/netmgr/netmgr.c.
+ CVE-2022-0396
[ Incorporated in 9.18.1. ]
- SECURITY UPDATE: DNAME insist with synth-from-dnssec enabled
+ debian/patches/CVE-2022-0635.patch: fix logic in lib/dns/rbtdb.c.
+ CVE-2022-0635
[ Incorporated in 9.18.1. ]
- SECURITY UPDATE: Assertion failure on delayed DS lookup
+ debian/patches/CVE-2022-0667.patch: fix logic in lib/dns/resolver.c.
+ CVE-2022-0667
[ Incorporated in 9.18.1. ]
* Added changes:
- d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe.patch,
d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo.patch,
d/p/lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error-.patch,
d/p/lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh.patch,
d/p/lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv.patch,
d/p/lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC.patch,
d/p/lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the.patch:
Fix dig error when trying the next server after a TCP connection
failure. This upstream patchset also fixes a crash when using
the "host" command for numeric lookups (LP: #1964400) and an
infinite hang when passing a non-existent hostname to "host" (LP:
#1964686).
Date: Wed, 23 Mar 2022 13:48:30 -0400
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.18.1-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 23 Mar 2022 13:48:30 -0400
Source: bind9
Architecture: source
Version: 1:9.18.1-1ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Sergio Durigan Junior <sergio.durigan at canonical.com>
Launchpad-Bugs-Fixed: 1961556 1964400 1964686 1965981
Changes:
bind9 (1:9.18.1-1ubuntu1) jammy; urgency=medium
.
* Merge with Debian unstable (LP: #1965981). Remaining changes:
- Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/libdns1104.symbols: don't include dnstap symbols
+ d/rules: don't build dnstap nor install dnstap.proto
- Add back apport:
+ d/bind9.apport: add back old bind9 apport hook, but without calling
attach_conffiles() since that is already done by apport itself, with
confirmation from the user.
+ d/control, d/rules: build-depends on dh-apport and use it
- d/NEWS: mention some of the bigger changes in 9.16.0 packaging
- d/bind9.named.service: use systemd Type=forking to signal daemon init.
This fixes a regression of #900788 where services whose startup depend
on name resolutions may fail due to bind9 not being ready (LP #1899902).
- d/control: remove optional libjemalloc-dev Build-Depends as it is not in
main.
- d/NEWS: mention some of the relevant changes in 9.18.0 packaging
or functionality that may affect usability.
* Dropped changes:
- d/p/0003-Remove-spurious-debugging-true.patch: remove development leftover
debugging flag from nslookup code (LP: #1961556).
[ Incorporated in 9.18.1. ]
- SECURITY UPDATE: cache poisoning via bogus NS records
+ debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of
records into the cache in lib/dns/resolver.c.
+ CVE-2021-25220
[ Incorporated in 9.18.1. ]
- SECURITY UPDATE: DoS via specially crafted TCP stream
+ debian/patches/CVE-2022-0396.patch: ensure correct ordering in
lib/isc/netmgr/netmgr.c.
+ CVE-2022-0396
[ Incorporated in 9.18.1. ]
- SECURITY UPDATE: DNAME insist with synth-from-dnssec enabled
+ debian/patches/CVE-2022-0635.patch: fix logic in lib/dns/rbtdb.c.
+ CVE-2022-0635
[ Incorporated in 9.18.1. ]
- SECURITY UPDATE: Assertion failure on delayed DS lookup
+ debian/patches/CVE-2022-0667.patch: fix logic in lib/dns/resolver.c.
+ CVE-2022-0667
[ Incorporated in 9.18.1. ]
* Added changes:
- d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe.patch,
d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo.patch,
d/p/lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error-.patch,
d/p/lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh.patch,
d/p/lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv.patch,
d/p/lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC.patch,
d/p/lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the.patch:
Fix dig error when trying the next server after a TCP connection
failure. This upstream patchset also fixes a crash when using
the "host" command for numeric lookups (LP: #1964400) and an
infinite hang when passing a non-existent hostname to "host" (LP:
#1964686).
Checksums-Sha1:
eaff38b08bc6ad2da047b7fdf1faae40338656bc 3184 bind9_9.18.1-1ubuntu1.dsc
54f92b2b3129c59877a4fe59a447b8d307a39fdc 5059456 bind9_9.18.1.orig.tar.xz
720d8e6e1fe5e89889d893aa8ef30c06c13c4017 874 bind9_9.18.1.orig.tar.xz.asc
c08dfb15e0bc0847eea0e0c45f4a9133670c5949 93124 bind9_9.18.1-1ubuntu1.debian.tar.xz
cefbfe2ca4295c58b50324e92efb630171f7c059 7755 bind9_9.18.1-1ubuntu1_source.buildinfo
Checksums-Sha256:
5b083620f561136f99bb12751331b07b52ea2b354a68c457df68b58c3d8cc5c9 3184 bind9_9.18.1-1ubuntu1.dsc
57c7afd871694d615cb4defb1c1bd6ed023350943d7458414db8d493ef560427 5059456 bind9_9.18.1.orig.tar.xz
585e206134f6186dee8e9c8ec30d08a3cc3c765a7fc2803da155e2c4caaa0d39 874 bind9_9.18.1.orig.tar.xz.asc
504e7c50c540621bcfa9162bd61ced6cca23e587160b42b496c07c17a2eacb96 93124 bind9_9.18.1-1ubuntu1.debian.tar.xz
bde16b1a1f19f275b6209fa4936a7dd56dcccaacfaedb52f9ef0d8bfd9d42bb5 7755 bind9_9.18.1-1ubuntu1_source.buildinfo
Files:
5747ed069242c65ed3ed3ef9c3a4d379 3184 net optional bind9_9.18.1-1ubuntu1.dsc
d7072b2d774077f37bff51580b3a577b 5059456 net optional bind9_9.18.1.orig.tar.xz
b040090622bcef443010cb16657253c5 874 net optional bind9_9.18.1.orig.tar.xz.asc
81ca1eca6ff4483bcfc8f6470f01f4d4 93124 net optional bind9_9.18.1-1ubuntu1.debian.tar.xz
3a47b4869172bf25054f27e7a000081d 7755 net optional bind9_9.18.1-1ubuntu1_source.buildinfo
Original-Maintainer: Debian DNS Team <team+dns at tracker.debian.org>
Vcs-Git: https://git.launchpad.net/~sergiodj/ubuntu/+source/bind9
Vcs-Git-Commit: b9d932e09dca670a668f9bd81f199377ec399b07
Vcs-Git-Ref: refs/heads/merge-9.18.1-jammy
More information about the jammy-changes
mailing list