Merge unbound from Debian unstable for oracular
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unbound (Ubuntu) |
Incomplete
|
Undecided
|
Andreas Hasenack |
Bug Description
Scheduled-For: Backlog
Upstream: tbd
Debian: 1.19.2-1
Ubuntu: 1.19.2-1ubuntu3
There is nothing yet to merge for unbound currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle.
If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.
If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https:/
### New Debian Changes ###
unbound (1.19.2-1) unstable; urgency=medium
* new upstream bugfix release. Closes: CVE-2024-1931,
denial of service when trimming EDE text on positive replies
* d/changelog: add the forgotten Closes for
#1063845, #1051817, #1051818, #1056631 to the previous
changelog entry
-- Michael Tokarev <email address hidden> Thu, 07 Mar 2024 23:35:52 +0300
unbound (1.19.1-1) unstable; urgency=medium
* new upstream bugfix release (1.19.1) (Closes: #1063845):
o Fix CVE-2023-50387, DNSSEC verification complexity can be exploited
to exhaust CPU resources and stall DNS resolvers
o Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU
* new upstream release (1.19.0) (Closes: #1051817, #1051818, #1056631)
* d/control: Build-Depends: pkg-config => pkgconf
* d/unbound.
package-
* d/unbound.
-- Michael Tokarev <email address hidden> Tue, 13 Feb 2024 22:40:40 +0300
unbound (1.18.0-2) unstable; urgency=medium
* d/resolvconf-
* d/changelog: mention #1013957 in previous changelog entry
* d/control, d/rules: switch from libnettle back to libssl once it is
GPL-compatible (#828699 is of no concern anymore). This fixes libunbound
init failure. Also Closes: #1007260
* d/control, d/rules: build daemon with --enable-cachedb --with-libhiredis,
build-depend on libhiredis-dev (Closes: #1014456)
-- Michael Tokarev <email address hidden> Wed, 06 Sep 2023 16:34:32 +0300
unbound (1.18.0-1) unstable; urgency=medium
* new upstream release
Closes: #1038243
* d/copyright: relicense debian/patches/* under ISC license
(Closes: #1013957)
-- Michael Tokarev <email address hidden> Mon, 04 Sep 2023 09:41:58 +0300
unbound (1.17.1-2) unstable; urgency=medium
* unbound-helper: return 0 explicitly in a few places
(Closes: #1019140)
-- Michael Tokarev <email address hidden> Sun, 09 Apr 2023 15:59:14 +0300
unbound (1.17.1-1) unstable; urgency=medium
[ Michael Tokarev ]
* new upstream release. Release notes:
This release fixes a number of bugs. There are also new configuration
options that by default do not change the existing behaviour of Unbound.
With `statistics-
be controlled. Similarly with `max-sent-count` and `max-query-
the iterator behaviour can be controlled. The maximum CNAME chain length
that is accepted can be changed by increasing the `max-query-
number. This takes more time to follow those elements.
The keep-cache option allows reloads to change configuration whilst
keeping the cache memory intact, making the cache hot for good response
times after the change has completed.
The release contains an additional fix for service downgrade due to
wrong hash values for wildcards in a hyperlocal zone, that was reported
by Sergey Kacheev.
Features
- Expose 'statistics-
default value retains Unbound's behavior.
- Expose 'max-sent-count' as a configuration option; the
default value retains Unbound's behavior.
- Merge #461 from Christian Allred: Add max-query-restarts option.
Exposes an internal configuration but the default value retains
Unbound's behavior.
- Merge #569 from JINMEI Tatuya: add keep-cache option to
'
Bug Fixes
- Merge #768 from fobser: Arithmetic on a pointer to void is a GNU
extension.
- In unit test, print python script name list correctly.
- testcode/dohclient sets log identity to its name.
- Clarify the use of MAX_SENT_COUNT in the iterator code.
- Fix that cachedb does not store failures in the external cache.
- Merge #767 from jonathangray: consistently use IPv4/IPv6 in
unbound.
- Fix to ignore tcp events for closed comm points.
- Fix to make sure to not read again after a tcp comm point is closed.
- Fix #775: libunbound: subprocess reap causes parent process reap
to hang.
- iana portlist update.
- Complementary fix for distutils.sysconfig deprecation in Python 3.10
### Old Ubuntu Delta ###
unbound (1.19.2-1ubuntu3) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <email address hidden> Sun, 31 Mar 2024 08:30:00 +0000
unbound (1.19.2-1ubuntu2) noble; urgency=medium
* No-change rebuild against libevent-2.1-7t64
-- Simon Chopin <email address hidden> Fri, 29 Mar 2024 17:26:09 +0100
unbound (1.19.2-1ubuntu1) noble; urgency=medium
* Merge with Debian unstable (LP: #2056552). Remaining changes:
- Don't build with hiredis on i386. hiredis and redis are not built
on i386 and require bootstrapping due to circular
build-
unbound server binary (that no one will ever use).
-- Andreas Hasenack <email address hidden> Fri, 08 Mar 2024 10:23:53 -0300
Changed in unbound (Ubuntu): | |
status: | New → Incomplete |
Changed in unbound (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
Changed in unbound (Ubuntu): | |
milestone: | none → ubuntu-24.10-beta |