Merge unbound from Debian unstable for kinetic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unbound (Ubuntu) |
Fix Released
|
Undecided
|
Athos Ribeiro |
Bug Description
Upstream: 1.16.0
Debian: 1.16.0-2
Ubuntu: 1.13.1-1ubuntu5
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
Dominic requests (via LP: #1946909, commit #1): "Please ensure that whatever happens, Unbound on Ubuntu continues to be compiled with the nghttp2 library. Unbound on Debian is currently not compiled with nghttp2."
### New Debian Changes ###
unbound (1.15.0-8) unstable; urgency=medium
* fix the brown-paper bag bug in the previous upload. I did it again:
it is var += newvalue, not var := newvalue. This made the previous
upload to built without many build options
-- Michael Tokarev <email address hidden> Fri, 29 Apr 2022 18:33:16 +0300
unbound (1.15.0-7) unstable; urgency=medium
* unbound-
- do not (re)start it explicitly from the postinst script, it should
only be started as a part of unbound.service. Closes: #1009928
- add comments to this service file to clarify its purpose
- add lintian overrides for this service file
* /etc/resolvconf
- ship it enabled for new installs. Closes: #1003135
- but do not re-enable it for previous installs
- add more comments to this file clarifying its purpose and possible issues
- add comments about various ways to enable/disable this hook,
- implement ability to disable it by setting USE_RESOLVCONF_
in /etc/default/
- multiple other small changes and cleanups
- rename it in debian packaging from d/resolvconf to d/resolvconf-
to make it's purpose more explicit
* use dns root.key stored in /usr/share/dns/ (as provided by dns-root-data
package) instead of the unbound-owned /var/lib/
managed by an untrusted user). This changes defaults for unbound-host and
unbound-anchor. Add Recommends: dns-root-data for unbound-host so it can
find this root.key in the default install. Closes: #641704
-- Michael Tokarev <email address hidden> Fri, 29 Apr 2022 16:53:50 +0300
unbound (1.15.0-6) unstable; urgency=medium
* actually install the forgotten remote-
-- Michael Tokarev <email address hidden> Thu, 28 Apr 2022 20:15:21 +0300
unbound (1.15.0-5) unstable; urgency=medium
* use unix-domain socket /run/unbound.ctl for the control interface
instead of tcp localhost socket. This makes the keys/certs files
for the remote contol to be unnecessary, so stop running
unbound-
(Closes: #1010271)
* move remote-control section out of main unbound.conf file into
unbound.
same as before version 1.15. There was no need to mess with the
main config file since the NEWS file already gives the user
enough information.
* do-not-
to the unprivileged user, only group ownership is needed.
* do-not-
Unbound does not need to look at its pid file for the previous
instance, since it will not be able to open listening sockets
if the daemon is already running. Remove whole reading of the
pid file, and especially remove setting ownership of the pid file
to the unprivileged user (done in order to be able to clean it up),
since this is a potential security issue.
* unbound.postrm: stop removing the unbound system user
* fix wording and reformat the previous unbound.NEWS entry, and merge
old NEWS file into unbound.NEWS, since all news in there are actually
about the unbound package, not about all other binary packages we build.
* a few more tweaks for d/unbound-helper, in do_resolvconf_
Thank you Simon Deziel for the ideas.
-- Michael Tokarev <email address hidden> Thu, 28 Apr 2022 19:15:23 +0300
unbound (1.15.0-4) unstable; urgency=medium
* d/unbound.conf: move and fix the remote-control section
Move the remote-control section above the include directive so it is
possible to override it there, and fix comment. Do this remote-control
section in unbound.conf directly (instead of in new unbound.conf.d/
fragment), so it is more obvious that the default were flipped and
the default value is changed.
-- Michael Tokarev <email address hidden> Wed, 20 Apr 2022 10:52:26 +0300
unbound (1.15.0-3) unstable; urgency=medium
* modify the default unbound.conf to include control-enale: yes so
the remote control is enabled by default even if the default value
is not flipped by a patch (upstream sets it to 'no')
* d/control: use the right spelling for Recommends:
-- Michael Tokarev <email address hidden> Wed, 20 Apr 2022 00:37:17 +0300
unbound (1.15.0-2) experimental; urgency=medium
[ Michael Stella ]
* Add clarifying description to resolvconf hook
[ Simon Deziel ]
* debian/
when stopping the daemon. Closes: #947771
[ Michael Tokarev ]
* d/changelog: mention #1000201 closed by 1.15.0-1
### Old Ubuntu Delta ###
unbound (1.13.1-1ubuntu5) jammy; urgency=medium
* Cherry-pick upstream commits for Python 3.10 compatibility
-- Rico Tzschichholz <email address hidden> Tue, 01 Feb 2022 15:23:57 +0100
unbound (1.13.1-1ubuntu4) jammy; urgency=medium
* No-change rebuild with Python 3.10 as default version
-- Graham Inggs <email address hidden> Thu, 13 Jan 2022 20:38:08 +0000
unbound (1.13.1-1ubuntu3) jammy; urgency=medium
* debian/
-- Steve Langasek <email address hidden> Thu, 09 Dec 2021 20:51:29 +0000
unbound (1.13.1-1ubuntu2) jammy; urgency=medium
* No-change rebuild against libssl3
-- Steve Langasek <email address hidden> Thu, 09 Dec 2021 00:22:14 +0000
unbound (1.13.1-1ubuntu1) impish; urgency=medium
* Enable DNS-over-HTTPS support (LP: #1927877)
- d/control: add Build-Depends on libnghttp2-dev
- d/rules: compile with libnghttp2
-- Athos Ribeiro <email address hidden> Thu, 01 Jul 2021 11:16:26 -0300
Related branches
- git-ubuntu bot: Approve
- Christian Ehrhardt (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 76 lines (+49/-1)2 files modifieddebian/changelog (+47/-0)
debian/control (+2/-1)
Changed in unbound (Ubuntu): | |
milestone: | none → ubuntu-22.07 |
description: | updated |
Changed in unbound (Ubuntu): | |
assignee: | nobody → Athos Ribeiro (athos-ribeiro) |
description: | updated |
Changed in unbound (Ubuntu): | |
status: | New → In Progress |
Changed in unbound (Ubuntu): | |
status: | In Progress → Fix Released |
As discussed in [1], this can be a sync instead.
Next, we need to propose some autopkgtest fixes to Debian. For details on these fixes and the sync, please, refer to the discussion in [1].
[1] https:/ /code.launchpad .net/~athos- ribeiro/ ubuntu/ +source/ unbound/ +git/unbound/ +merge/ 426432