[FFe] Please merge unbound 1.58-1 from Debian unstable

Bug #1556308 reported by Nish Aravamudan on 2016-03-11
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
unbound (Ubuntu)
Wishlist
Unassigned

Bug Description

FFe justification:

The largest changes are in 1.5.7-1 -> 1.5.7-2, which allows for end users to use unbound without configuring /etc/default/unbound in the general case. Additionally, some chroot cruft in debian as been cleaned up.

Removing the default file also makes it easier to support all init systems.

Notable new features:

* Support RFC7686: handle ".onion" Special-Use Domain. It is blocked by default, and can be unblocked with "nodefault" localzone config.

Notable bug fixes:

* Fix that NSEC3 negative cache is used when there is no salt.
* wait for sendto to drain socket buffers when they are full.
* Fix: Swig should not be invoked with CPPFLAGS. (paves the way for reproducible builds)
* Squelch 'cannot assign requested address' log messages unless verbosity is high, it was spammed after network down.
* Fix: Do not log an error when the PID file cannot be chown'ed. (Remove the use of some capabilities, helps with Apparmor)
* iana portlist update

The other changes are mostly compatibility fixes for netbsd and osx.

Many thanks to Simon for helping analyze the upstream changelog and testing.

---

unbound (1.5.8-1ubuntu1) xenial; urgency=medium

  * Merge from Debian unstable (LP: #1556308):
    - Revert dnstap support (dependencies not in main)

 -- Nishanth Aravamudan <email address hidden> Fri, 11 Mar 2016 14:49:39 -0800

Nish Aravamudan (nacc) on 2016-03-11
description: updated
Nish Aravamudan (nacc) wrote :

This will need a FFe, as it's a new usptream version. I also need to test it still.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unbound (Ubuntu):
status: New → Confirmed
Simon Déziel (sdeziel) wrote :

@nacc, if you have a test build available let me know.

Nish Aravamudan (nacc) wrote :

@sdeziel, thank you very much, I'll setup a PPA now.

Nish Aravamudan (nacc) wrote :

Just uploaded to https://launchpad.net/~nacc/+archive/ubuntu/lp1556308. It should kick off the build momentarily.

The attachment "unbound_1.5.8-1.1.5.8-1ubuntu1.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Simon Déziel (sdeziel) wrote :

@nacc, your test build works really well, thanks for providing it.

Before this officially lands in Xenial, I believe it would be a good idea to include the new L-root IPv6 address [1] that is already operational.

This change is in upstream's SVN but not yet in Debian. March 23rd being really close, I suspect the Debian maintainer will soon cut a new release so you might want to delay the sync a little bit. If delaying isn't an option, I'd be glad to provide you the upstream commit with the IP change.

1: https://unbound.nlnetlabs.nl/pipermail/unbound-users/2016-March/004262.html

On 12.03.2016 [14:53:00 -0000], Simon Déziel wrote:
> @nacc, your test build works really well, thanks for providing it.

Thank you for testing so quickly!

> Before this officially lands in Xenial, I believe it would be a good
> idea to include the new L-root IPv6 address [1] that is already
> operational.
>
> This change is in upstream's SVN but not yet in Debian. March 23rd being
> really close, I suspect the Debian maintainer will soon cut a new
> release so you might want to delay the sync a little bit. If delaying
> isn't an option, I'd be glad to provide you the upstream commit with the
> IP change.

That would be good to see, just for reference.

Simon Déziel (sdeziel) wrote :

On 2016-03-12 01:49 PM, Nish Aravamudan wrote:
> On 12.03.2016 [14:53:00 -0000], Simon Déziel wrote:
>> @nacc, your test build works really well, thanks for providing it.
>
> Thank you for testing so quickly!

I was keeping an eye on Unbound because this new version will allow
simplifying the Apparmor profile [1]. If 1.5.8 makes it into Xenial,
I'll take care of updating [1].

>> Before this officially lands in Xenial, I believe it would be a good
>> idea to include the new L-root IPv6 address [1] that is already
>> operational.
>>
>> This change is in upstream's SVN but not yet in Debian. March 23rd being
>> really close, I suspect the Debian maintainer will soon cut a new
>> release so you might want to delay the sync a little bit. If delaying
>> isn't an option, I'd be glad to provide you the upstream commit with the
>> IP change.
>
> That would be good to see, just for reference.

Sure, SVN commit attached.

Thanks,
Simon

1:
https://bazaar.launchpad.net/~apparmor-dev/apparmor-profiles/master/view/head:/ubuntu/16.04/usr.sbin.unbound

Changed in unbound (Ubuntu):
importance: Undecided → Wishlist

@nacc, we are past the cutoff date and there has been no movement on the Debian side. Nothing on the 2 bugs I reported ([1] and [2]) nor the git trees of the corresponding packages.

So I think you shouldn't hold the release of your package for that. If you feel like it, you could include the upstream patch I attached above but otherwise, those who care can always setup the root.hints themselves.

Regards,
Simon

1: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818292 (proposing a patch)
2: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818291

Nish Aravamudan (nacc) on 2016-03-31
summary: - Please merge unbound 1.58-1 from Debian unstable
+ [FFe] Please merge unbound 1.58-1 from Debian unstable
Nish Aravamudan (nacc) wrote :
description: updated
Stéphane Graber (stgraber) wrote :

Looks fine to me, FFe granted, please upload.

Changed in unbound (Ubuntu):
status: Confirmed → Triaged

Hi, doko uploaded unbound 1.5.7-1ubuntu2 in the mean time, I'm not sure if the changes need to be included in 1.5.8-1ubuntu1 or not, can you check and at least merge the changelogs? Then I'd be happy to sponsor this.

Changed in unbound (Ubuntu):
assignee: nobody → Nish Aravamudan (nacc)
Simon Déziel (sdeziel) wrote :

Hi Michael,

doko's fix is not required with 1.5.8 because this was fixed upstream:

25 January 2016: Wouter
        - Fix #738: Swig should not be invoked with CPPFLAGS.

This was also filled/fixed in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809055

As such, Nish's package doesn't need an extra patch. I don't know about the debian/changelog entry though.

Nish Aravamudan (nacc) wrote :

Updated debdiff is technically the same content as the previous version, just with an accurate changelog.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unbound - 1.5.8-1ubuntu1

---------------
unbound (1.5.8-1ubuntu1) xenial; urgency=medium

  * Merge from Debian (LP: #1556308):
    - Revert dnstap support (dependencies not in main)
  * Drop:
    - Fix build failure with swig -Wdate-time.
      [ Fixed in Debian 1.5.7-2 ]

 -- Nishanth Aravamudan <email address hidden> Mon, 11 Apr 2016 09:44:52 -0700

Changed in unbound (Ubuntu):
status: Triaged → Fix Released
Nish Aravamudan (nacc) on 2017-01-12
Changed in unbound (Ubuntu):
assignee: Nish Aravamudan (nacc) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.