* Merge with Debian unstable. Remaining changes:
- Build without lmdb support as that package is in Universe
- Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/libdns1104.symbols: don't include dnstap symbols
+ d/rules: don't build dnstap nor install dnstap.proto
* Dropped:
- SECURITY UPDATE: denial of service crash when deny-answer-aliases
option is used
+ debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
trigger a crash if deny-answer-aliases was set
+ debian/patches/CVE-2018-5740-2.patch: add tests
+ debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
chainingp correctly, add test
+ CVE-2018-5740
[Fixed in new upstream version 9.11.5]
- d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
line (Closes: #904983)
[Fixed in 1:9.11.4+dfsg-4]
- Add a patch to fix named-pkcs11 crashing on startup. (LP #1769440)
[Fixed in 1:9.11.4.P1+dfsg-1]
- Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
(it depends on OpenSSL version) (Closes: #897643)
[Fixed in 1:9.11.4.P1+dfsg-1]
* Added:
- d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
option (LP: #1804648)
- d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
close to a query timeout (LP: #1797926)
- d/t/simpletest: drop the internetsociety.org test as it requires
network egress access that is not available in the Ubuntu autopkgtest
farm.
bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium
* Use <email address hidden> as Maintainer address
* New upstream version 9.11.5+dfsg
* Add EXTENSIONS= to version file programmatically, not with the patch
* Rebase patches for BIND 9.11.5
* Adjust package names for new SONAMEs
[ Timo Aaltonen ]
* skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11
crashing on startup. (LP: #1769440)
[ Bernhard Schmidt ]
* Add gbp.conf for pristine-tar usage
* d/watch: Properly deal with -P patch releases
[ Ondřej Surý ]
* Don't fail to start if /etc/default/bind9 doesn't exist
* New upstream version 9.11.4.P1+dfsg
* Rebase patches for BIND 9.11.4-P1
* Add new dst__openssleddsa_init optional symbol (it depends on OpenSSL version) (Closes: #897643)
* Put aside named.conf.option from stretch when upgrading (Closes: #905177)
This bug was fixed in the package bind9 - 1:9.11. 5+dfsg- 1ubuntu1
--------------- 5+dfsg- 1ubuntu1) disco; urgency=medium
bind9 (1:9.11.
* Merge with Debian unstable. Remaining changes:
protobuf- c-compiler (universe packages) symbols: don't include dnstap symbols patches/ CVE-2018- 5740-1. patch: explicit DNAME query could patches/ CVE-2018- 5740-2. patch: add tests patches/ CVE-2018- 5740-3. patch: caclulate nlabels and set apparmor. d/usr.sbin. named: add missing comma at the end of the sa_init optional symbol udp-in- host-command. diff: fix parsing of the -U command line shutdown- race.diff: dig/host/nslookup could crash when interrupted
- Build without lmdb support as that package is in Universe
- Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
+ d/dnsutils.install: don't install dnstap
+ d/libdns1104.
+ d/rules: don't build dnstap nor install dnstap.proto
* Dropped:
- SECURITY UPDATE: denial of service crash when deny-answer-aliases
option is used
+ debian/
trigger a crash if deny-answer-aliases was set
+ debian/
+ debian/
chainingp correctly, add test
+ CVE-2018-5740
[Fixed in new upstream version 9.11.5]
- d/extras/
line (Closes: #904983)
[Fixed in 1:9.11.4+dfsg-4]
- Add a patch to fix named-pkcs11 crashing on startup. (LP #1769440)
[Fixed in 1:9.11.4.P1+dfsg-1]
- Cherrypick from debian: Add new dst__openssledd
(it depends on OpenSSL version) (Closes: #897643)
[Fixed in 1:9.11.4.P1+dfsg-1]
* Added:
- d/p/enable-
option (LP: #1804648)
- d/p/fix-
close to a query timeout (LP: #1797926)
- d/t/simpletest: drop the internetsociety.org test as it requires
network egress access that is not available in the Ubuntu autopkgtest
farm.
bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium
* Use <email address hidden> as Maintainer address
* New upstream version 9.11.5+dfsg
* Add EXTENSIONS= to version file programmatically, not with the patch
* Rebase patches for BIND 9.11.5
* Adjust package names for new SONAMEs
bind9 (1:9.11. 4.P2+dfsg- 3) unstable; urgency=medium
* Also avoid OpenSSL 1.1.1 in udebs.
Thanks to KiBi for the hint
* autopkgtest: Make an external query and check for DNSSEC
bind9 (1:9.11. 4.P2+dfsg- 2) unstable; urgency=medium
* Temporarily disable EDDSA to relax OpenSSL version requirement
bind9 (1:9.11. 4.P2+dfsg- 1) unstable; urgency=medium
[ Bernhard Schmidt ]
* Add a very simple autopkgtest (dig @127.0.0.1)
[ Ondřej Surý ]
* New upstream version 9.11.4.P2+dfsg
* Rebase patches for BIND 9.11.4-P2
bind9 (1:9.11. 4.P1+dfsg- 1) unstable; urgency=medium
[ Timo Aaltonen ] deepbind- for-dyndb. diff: Add a patch to fix named-pkcs11
* skip-rtld-
crashing on startup. (LP: #1769440)
[ Bernhard Schmidt ]
* Add gbp.conf for pristine-tar usage
* d/watch: Properly deal with -P patch releases
[ Ondřej Surý ] sa_init optional symbol (it depends on OpenSSL version) (Closes: #897643)
* Don't fail to start if /etc/default/bind9 doesn't exist
* New upstream version 9.11.4.P1+dfsg
* Rebase patches for BIND 9.11.4-P1
* Add new dst__openssledd
* Put aside named.conf.option from stretch when upgrading (Closes: #905177)
bind9 (1:9.11.4+dfsg-4) unstable; urgency=medium
* Brown-paper-bag release :-(
* Fix missing colon in AppArmor profile (Closes: #904983)
-- Andreas Hasenack <email address hidden> Thu, 13 Dec 2018 19:40:23 -0200