bind9 1:9.11.5.P4+dfsg-4ubuntu1 source package in Ubuntu
Changelog
bind9 (1:9.11.5.P4+dfsg-4ubuntu1) eoan; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Build without lmdb support as that package is in Universe
- Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/libdns1104.symbols: don't include dnstap symbols
+ d/rules: don't build dnstap nor install dnstap.proto
- d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
option (LP #1804648)
- d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
close to a query timeout (LP #1797926)
- d/t/simpletest: drop the internetsociety.org test as it requires
network egress access that is not available in the Ubuntu autopkgtest
farm.
* Dropped:
- SECURITY UPDATE: memory leak via specially crafted packet
+ debian/patches/CVE-2018-5744.patch: silently drop additional keytag
options in bin/named/client.c.
+ CVE-2018-5744
[Fixed upstream in 9.11.5-P2]
- SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
unsupported key algorithm when using managed-keys
+ debian/patches/CVE-2018-5745.patch: properly handle situations when
the key tag cannot be computed in lib/dns/include/dst/dst.h,
lib/dns/zone.c.
+ CVE-2018-5745
[Fixed upstream in 9.11.5-P2]
- SECURITY UPDATE: Controls for zone transfers may not be properly
applied to Dynamically Loadable Zones (DLZs) if the zones are writable
+ debian/patches/CVE-2019-6465.patch: handle zone transfers marked in
the zone table as a DLZ zone bin/named/xfrout.c.
+ CVE-2019-6465
[Fixed upstream in 9.11.5-P3]
- SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
+ debian/patches/CVE-2018-5743.patch: add reference counting in
bin/named/client.c, bin/named/include/named/client.h,
bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
lib/isc/include/isc/quota.h, lib/isc/quota.c,
lib/isc/win32/libisc.def.in.
+ debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
operations with isc_refcount reference counting in
bin/named/client.c, bin/named/include/named/interfacemgr.h,
bin/named/interfacemgr.c.
+ debian/libisc1100.symbols: added new symbols.
+ CVE-2018-5743
[Fixed in 1:9.11.5.P4+dfsg-4]
- d/rules: add back EdDSA support (LP #1825712)
[Fixed in 1:9.11.5.P4+dfsg-4]
bind9 (1:9.11.5.P4+dfsg-4) unstable; urgency=medium
[ Bernhard Schmidt ]
* AppArmor: Also add /var/lib/samba/bind-dns/dns/** (Closes: #927827)
[ Ondřej Surý ]
* [CVE-2018-5743]: Limiting simultaneous TCP clients is ineffective
(Closes: #927932)
* Update symbols file for new symbol in libisc
* Enable EDDSA again, but disable broken Ed448 support (Closes: #927962)
bind9 (1:9.11.5.P4+dfsg-3) unstable; urgency=medium
* More fixes to the AppArmor policy for Samba AD DLZ
- allow access to /dev/urandom
- allow locking for dns.keytab
- fix path to smb.conf
bind9 (1:9.11.5.P4+dfsg-2) unstable; urgency=medium
[ Ondřej Surý ]
* Update d/gbp.conf for Debian Buster
[ Bernhard Schmidt ]
* Cherry-Pick upstream commit to prevent dnssec-keymgr from immediately
expiring and deleting old DNSSEC keys when being run for the first
time (Closes: #923984)
* Update AppArmor policy for Samba AD DLZ
- Add changed default location for named.conf
- Allow read/mmap on some Samba libraries
Thanks to Steven Monai (Closes: #920530)
[ Andreas Beckmann ]
* bind9.preinst: cope with ancient conffile named.conf.options
(Closes: #905177)
bind9 (1:9.11.5.P4+dfsg-1) unstable; urgency=high
[ Bernhard Schmidt ]
* New upstream version 9.11.5.P4+dfsg
- CVE-2018-5744: A specially crafted packet can cause named to leak memory
- CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over
to an unsupported key algorithm when using managed-keys
- CVE-2019-6465: Controls for zone transfers might not be properly applied
to Dynamically Loadable Zones (DLZs) if the zones are writable.
* d/watch: Do not use beta or RC versions
* d/libdns1104.symbols: fix symbols-file-contains-debian-revision for dnstap
symbols
[ Ondřej Surý ]
* Add new upstream GPG signing-key
bind9 (1:9.11.5.P1+dfsg-2) unstable; urgency=medium
[ Dominik George ]
* Support dyndb modules with apparmor. (Closes: #900879)
[ Bernhard Schmidt ]
* apparmor-policy: permit locking of the allow-new-zones database
(Closes: #922065)
* apparmor-policy: allow access to Samba DLZ files (Closes: #920530)
-- Andreas Hasenack <email address hidden> Thu, 02 May 2019 13:35:59 -0300
Upload details
- Uploaded by:
- Andreas Hasenack
- Uploaded to:
- Eoan
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| bind9_9.11.5.P4+dfsg.orig.tar.xz | 3.8 MiB | 34b20e4e17875d5c4280d52264bae08f527e38eb6bcfca431432b0cafcd03c6d |
| bind9_9.11.5.P4+dfsg-4ubuntu1.debian.tar.xz | 104.6 KiB | 334711ad3e963027fa068d3c13b23ca924542533fb3461036e39322fb7c4f0ff |
| bind9_9.11.5.P4+dfsg-4ubuntu1.dsc | 3.9 KiB | f40cdf2535adeae7cdcd373bbc5115dbf475e3a713cec36dc74e5a874cb362f0 |
Available diffs
Binary packages built by this source
- bind9: No summary available for bind9 in ubuntu eoan.
No description available for bind9 in ubuntu eoan.
- bind9-dbgsym: No summary available for bind9-dbgsym in ubuntu eoan.
No description available for bind9-dbgsym in ubuntu eoan.
- bind9-doc: No summary available for bind9-doc in ubuntu eoan.
No description available for bind9-doc in ubuntu eoan.
- bind9-host: No summary available for bind9-host in ubuntu eoan.
No description available for bind9-host in ubuntu eoan.
- bind9-host-dbgsym: No summary available for bind9-host-dbgsym in ubuntu eoan.
No description available for bind9-host-dbgsym in ubuntu eoan.
- bind9utils: No summary available for bind9utils in ubuntu eoan.
No description available for bind9utils in ubuntu eoan.
- bind9utils-dbgsym: No summary available for bind9utils-dbgsym in ubuntu eoan.
No description available for bind9utils-dbgsym in ubuntu eoan.
- dnsutils: No summary available for dnsutils in ubuntu eoan.
No description available for dnsutils in ubuntu eoan.
- dnsutils-dbgsym: No summary available for dnsutils-dbgsym in ubuntu eoan.
No description available for dnsutils-dbgsym in ubuntu eoan.
- libbind-dev: No summary available for libbind-dev in ubuntu eoan.
No description available for libbind-dev in ubuntu eoan.
- libbind-export-dev: No summary available for libbind-export-dev in ubuntu eoan.
No description available for libbind-export-dev in ubuntu eoan.
- libbind9-161: No summary available for libbind9-161 in ubuntu eoan.
No description available for libbind9-161 in ubuntu eoan.
- libbind9-161-dbgsym: No summary available for libbind9-161-dbgsym in ubuntu eoan.
No description available for libbind9-161-dbgsym in ubuntu eoan.
- libdns-export1104: No summary available for libdns-export1104 in ubuntu eoan.
No description available for libdns-export1104 in ubuntu eoan.
- libdns-export1104-dbgsym: No summary available for libdns-export1104-dbgsym in ubuntu eoan.
No description available for libdns-
export1104- dbgsym in ubuntu eoan.
- libdns-export1104-udeb: No summary available for libdns-export1104-udeb in ubuntu eoan.
No description available for libdns-
export1104- udeb in ubuntu eoan.
- libdns1104: No summary available for libdns1104 in ubuntu eoan.
No description available for libdns1104 in ubuntu eoan.
- libdns1104-dbgsym: No summary available for libdns1104-dbgsym in ubuntu eoan.
No description available for libdns1104-dbgsym in ubuntu eoan.
- libirs-export161: No summary available for libirs-export161 in ubuntu eoan.
No description available for libirs-export161 in ubuntu eoan.
- libirs-export161-dbgsym: No summary available for libirs-export161-dbgsym in ubuntu eoan.
No description available for libirs-
export161- dbgsym in ubuntu eoan.
- libirs-export161-udeb: No summary available for libirs-export161-udeb in ubuntu eoan.
No description available for libirs-
export161- udeb in ubuntu eoan.
- libirs161: No summary available for libirs161 in ubuntu eoan.
No description available for libirs161 in ubuntu eoan.
- libirs161-dbgsym: No summary available for libirs161-dbgsym in ubuntu eoan.
No description available for libirs161-dbgsym in ubuntu eoan.
- libisc-export1100: No summary available for libisc-export1100 in ubuntu eoan.
No description available for libisc-export1100 in ubuntu eoan.
- libisc-export1100-dbgsym: No summary available for libisc-export1100-dbgsym in ubuntu eoan.
No description available for libisc-
export1100- dbgsym in ubuntu eoan.
- libisc-export1100-udeb: No summary available for libisc-export1100-udeb in ubuntu eoan.
No description available for libisc-
export1100- udeb in ubuntu eoan.
- libisc1100: No summary available for libisc1100 in ubuntu eoan.
No description available for libisc1100 in ubuntu eoan.
- libisc1100-dbgsym: No summary available for libisc1100-dbgsym in ubuntu eoan.
No description available for libisc1100-dbgsym in ubuntu eoan.
- libisccc-export161: No summary available for libisccc-export161 in ubuntu eoan.
No description available for libisccc-export161 in ubuntu eoan.
- libisccc-export161-dbgsym: No summary available for libisccc-export161-dbgsym in ubuntu eoan.
No description available for libisccc-
export161- dbgsym in ubuntu eoan.
- libisccc-export161-udeb: No summary available for libisccc-export161-udeb in ubuntu eoan.
No description available for libisccc-
export161- udeb in ubuntu eoan.
- libisccc161: No summary available for libisccc161 in ubuntu eoan.
No description available for libisccc161 in ubuntu eoan.
- libisccc161-dbgsym: No summary available for libisccc161-dbgsym in ubuntu eoan.
No description available for libisccc161-dbgsym in ubuntu eoan.
- libisccfg-export163: No summary available for libisccfg-export163 in ubuntu eoan.
No description available for libisccfg-export163 in ubuntu eoan.
- libisccfg-export163-dbgsym: No summary available for libisccfg-export163-dbgsym in ubuntu eoan.
No description available for libisccfg-
export163- dbgsym in ubuntu eoan.
- libisccfg-export163-udeb: No summary available for libisccfg-export163-udeb in ubuntu eoan.
No description available for libisccfg-
export163- udeb in ubuntu eoan.
- libisccfg163: No summary available for libisccfg163 in ubuntu eoan.
No description available for libisccfg163 in ubuntu eoan.
- libisccfg163-dbgsym: No summary available for libisccfg163-dbgsym in ubuntu eoan.
No description available for libisccfg163-dbgsym in ubuntu eoan.
- liblwres161: No summary available for liblwres161 in ubuntu eoan.
No description available for liblwres161 in ubuntu eoan.
- liblwres161-dbgsym: No summary available for liblwres161-dbgsym in ubuntu eoan.
No description available for liblwres161-dbgsym in ubuntu eoan.
