[ubuntu/focal-proposed] bind9 1:9.11.14+dfsg-1ubuntu1 (Accepted)
Andreas Hasenack
andreas at canonical.com
Wed Jan 15 20:16:12 UTC 2020
bind9 (1:9.11.14+dfsg-1ubuntu1) focal; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/libdns1104.symbols: don't include dnstap symbols
+ d/rules: don't build dnstap nor install dnstap.proto
- d/t/simpletest: drop the internetsociety.org test as it requires
network egress access that is not available in the Ubuntu autopkgtest
farm.
- use iproute2 instead of net-tools (LP #1850699):
+ d/control: replace net-tools depends with iproute2
+ d/bind9.init: use ip instead of ifconfig
[Updated to also check the exit status of the command]
- d/control: drop hardcoded python3 dependency in bind9utils,
dh-python injects the correct one via ${python3:Depends}
(LP #1856211, Closes: #946643)
* Dropped:
- d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
option (LP #1804648)
[Fixed upstream in 9.11.6rc1]
- d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
close to a query timeout (LP #1797926)
[Fixed upstream in 9.11.6rc1]
- SECURITY UPDATE: TCP Pipelining doesn't limit TCP clients on a single
connection
+ debian/patches/CVE-2019-6477.patch: limit number of clients in
bin/named/client.c, bin/named/include/named/client.h.
+ CVE-2019-6477
[Fixed upstream in 9.11.13]
* Added:
- Add back apport:
+ d/bind9.apport: add back old bind9 apport hook, but without calling
attach_conffiles() since that is already done by apport itself, with
confirmation from the user.
+ d/control, d/rules: buil-depends on dh-apport and use it
- d/control, d/rules: go back to old geoip support, since
libmaxminddb (for GeoIP2) is in universe
bind9 (1:9.11.14+dfsg-1) unstable; urgency=medium
* New upstream version 9.11.14+dfsg
* Make lib/dns/gen.c independent of isc/platform.h header
bind9 (1:9.11.13+dfsg-1) unstable; urgency=medium
* New upstream version 9.11.13+dfsg
* [CVE-2019-6477]: TCP-pipelined queries can bypass tcp-clients limit
* Bump the libisc soversion from 1100 to 1104
bind9 (1:9.11.12+dfsg-1) unstable; urgency=medium
* Remove GPL licensed apport file until one with better license is available
* Install python files to dist-packages (Courtesy of Jim Popovitch)
* Remove debian/nslookup.1
* Remove 4-clause BSD content from the package
* New upstream version 9.11.12+dfsg
bind9 (1:9.11.11+dfsg-1) unstable; urgency=medium
* New upstream version 9.11.11+dfsg
bind9 (1:9.11.10+dfsg-1) unstable; urgency=medium
* Disable old GeoIP and enable new GeoIP2
* New upstream version 9.11.10+dfsg
* Bump libdns SOVERSION to 1107
bind9 (1:9.11.9+dfsg-1) unstable; urgency=medium
* New upstream version 9.11.9+dfsg
bind9 (1:9.11.8+dfsg-1) experimental; urgency=medium
* New upstream version 9.11.8+dfsg
* Rebase patches for BIND 9.11.8
* AppArmor: Allow /var/tmp/krb5_* (owner-only) for Samba AD DLZ.
Thanks to Steven Monai (Closes: 928398)
* Enable readline support in dnsutils (nslookup and nsupdate)
bind9 (1:9.11.7+dfsg-2) experimental; urgency=medium
* Use absolute srcdir path to protoc-c invocation
* Fix Debian buster armhf build
bind9 (1:9.11.7+dfsg-1) experimental; urgency=medium
* New upstream version 9.11.7+dfsg
* Bump libdns SONAME from 1105 to 1106
bind9 (1:9.11.6.P1+dfsg-1) experimental; urgency=medium
* New upstream version 9.11.6.P1+dfsg
* Add patch for atomic support on non-x86 architectures
bind9 (1:9.11.6+dfsg-1) experimental; urgency=medium
[ Ondřej Surý ]
* New upstream version 9.11.6+dfsg (Closes: #923984)
* Update d/gbp.conf for DEP-14
* Fix the checkapi script
* Bump libdns SOVERSION from 1104 to 1105
* Update libdns1105 symbols
[ Bernhard Schmidt]
* Add missing pkg-config build-dep
Date: Wed, 15 Jan 2020 14:07:05 -0300
Changed-By: Andreas Hasenack <andreas at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bind9/1:9.11.14+dfsg-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 15 Jan 2020 14:07:05 -0300
Source: bind9
Architecture: source
Version: 1:9.11.14+dfsg-1ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas at canonical.com>
Closes: 923984 928398 946643
Changes:
bind9 (1:9.11.14+dfsg-1ubuntu1) focal; urgency=medium
.
* Merge with Debian unstable. Remaining changes:
- Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
protobuf-c-compiler (universe packages)
+ d/dnsutils.install: don't install dnstap
+ d/libdns1104.symbols: don't include dnstap symbols
+ d/rules: don't build dnstap nor install dnstap.proto
- d/t/simpletest: drop the internetsociety.org test as it requires
network egress access that is not available in the Ubuntu autopkgtest
farm.
- use iproute2 instead of net-tools (LP #1850699):
+ d/control: replace net-tools depends with iproute2
+ d/bind9.init: use ip instead of ifconfig
[Updated to also check the exit status of the command]
- d/control: drop hardcoded python3 dependency in bind9utils,
dh-python injects the correct one via ${python3:Depends}
(LP #1856211, Closes: #946643)
* Dropped:
- d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
option (LP #1804648)
[Fixed upstream in 9.11.6rc1]
- d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
close to a query timeout (LP #1797926)
[Fixed upstream in 9.11.6rc1]
- SECURITY UPDATE: TCP Pipelining doesn't limit TCP clients on a single
connection
+ debian/patches/CVE-2019-6477.patch: limit number of clients in
bin/named/client.c, bin/named/include/named/client.h.
+ CVE-2019-6477
[Fixed upstream in 9.11.13]
* Added:
- Add back apport:
+ d/bind9.apport: add back old bind9 apport hook, but without calling
attach_conffiles() since that is already done by apport itself, with
confirmation from the user.
+ d/control, d/rules: buil-depends on dh-apport and use it
- d/control, d/rules: go back to old geoip support, since
libmaxminddb (for GeoIP2) is in universe
.
bind9 (1:9.11.14+dfsg-1) unstable; urgency=medium
.
* New upstream version 9.11.14+dfsg
* Make lib/dns/gen.c independent of isc/platform.h header
.
bind9 (1:9.11.13+dfsg-1) unstable; urgency=medium
.
* New upstream version 9.11.13+dfsg
* [CVE-2019-6477]: TCP-pipelined queries can bypass tcp-clients limit
* Bump the libisc soversion from 1100 to 1104
.
bind9 (1:9.11.12+dfsg-1) unstable; urgency=medium
.
* Remove GPL licensed apport file until one with better license is available
* Install python files to dist-packages (Courtesy of Jim Popovitch)
* Remove debian/nslookup.1
* Remove 4-clause BSD content from the package
* New upstream version 9.11.12+dfsg
.
bind9 (1:9.11.11+dfsg-1) unstable; urgency=medium
.
* New upstream version 9.11.11+dfsg
.
bind9 (1:9.11.10+dfsg-1) unstable; urgency=medium
.
* Disable old GeoIP and enable new GeoIP2
* New upstream version 9.11.10+dfsg
* Bump libdns SOVERSION to 1107
.
bind9 (1:9.11.9+dfsg-1) unstable; urgency=medium
.
* New upstream version 9.11.9+dfsg
.
bind9 (1:9.11.8+dfsg-1) experimental; urgency=medium
.
* New upstream version 9.11.8+dfsg
* Rebase patches for BIND 9.11.8
* AppArmor: Allow /var/tmp/krb5_* (owner-only) for Samba AD DLZ.
Thanks to Steven Monai (Closes: 928398)
* Enable readline support in dnsutils (nslookup and nsupdate)
.
bind9 (1:9.11.7+dfsg-2) experimental; urgency=medium
.
* Use absolute srcdir path to protoc-c invocation
* Fix Debian buster armhf build
.
bind9 (1:9.11.7+dfsg-1) experimental; urgency=medium
.
* New upstream version 9.11.7+dfsg
* Bump libdns SONAME from 1105 to 1106
.
bind9 (1:9.11.6.P1+dfsg-1) experimental; urgency=medium
.
* New upstream version 9.11.6.P1+dfsg
* Add patch for atomic support on non-x86 architectures
.
bind9 (1:9.11.6+dfsg-1) experimental; urgency=medium
.
[ Ondřej Surý ]
* New upstream version 9.11.6+dfsg (Closes: #923984)
* Update d/gbp.conf for DEP-14
* Fix the checkapi script
* Bump libdns SOVERSION from 1104 to 1105
* Update libdns1105 symbols
.
[ Bernhard Schmidt]
* Add missing pkg-config build-dep
Checksums-Sha1:
931d441cd28c3ce39ac35fc8c03f5a2574e92b9e 4002 bind9_9.11.14+dfsg-1ubuntu1.dsc
ad87936352c108abd5501d5745669a8c5539eaab 3636652 bind9_9.11.14+dfsg.orig.tar.xz
5f2a87ecfbe10c42a9f9920b2b1fb950d43c4ddf 89340 bind9_9.11.14+dfsg-1ubuntu1.debian.tar.xz
8899b88cd71e14ce18ee61e970491065e05ba8ae 7606 bind9_9.11.14+dfsg-1ubuntu1_source.buildinfo
Checksums-Sha256:
04f512b989404b1e616f6a77a25a18f5d03167a53590ad0179710bd2db89b757 4002 bind9_9.11.14+dfsg-1ubuntu1.dsc
4c92c90b47276fe475b4e29cf3c9db882688ccbfc66bae8bd685ed9403f83d14 3636652 bind9_9.11.14+dfsg.orig.tar.xz
51a69030e799f19df8c2e66c7e8d96836c47b2fbb72a152b07ad224d1ebe8018 89340 bind9_9.11.14+dfsg-1ubuntu1.debian.tar.xz
db19c8361270bcd880e4b65a126ce84efb8fb6192d25b7a0a833f634dc8fbacd 7606 bind9_9.11.14+dfsg-1ubuntu1_source.buildinfo
Files:
5b0825b860f1ef7072c654fd36001a74 4002 net optional bind9_9.11.14+dfsg-1ubuntu1.dsc
f12b59fe5664acf8e4388068f3c681db 3636652 net optional bind9_9.11.14+dfsg.orig.tar.xz
b9dd080e211bb09f265c262c3438336a 89340 net optional bind9_9.11.14+dfsg-1ubuntu1.debian.tar.xz
2c5712caef17f627861befb9318dca0f 7606 net optional bind9_9.11.14+dfsg-1ubuntu1_source.buildinfo
Original-Maintainer: Debian DNS Team <team+dns at tracker.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEiGZB1jWM2kalbBxyrJg+tb9ry6kFAl4fcpEACgkQrJg+tb9r
y6lwQw//XWq+CP1W4cSx/CS+/y+Wokon4FJVcrTmVBoZCfdNlXAOZLytOHci0UeS
29ofwILAqN5eGS4iDXh0P5O0tky3T5EK/EvW9ZunwNwFlBmBRj5mMtQIODF4JpAI
htSlcSKvBN23ajHHfKTtqWdp0VmumqKYvURHTF3z0kiV+kJTfNQeKS91tT/pvKv1
1aUtf7rs+u4SbYJC18gkZAvy2h+sYKPMnUDjmIziyaNHjw2l+8biRQkbUQbRalai
9EUpsHcrdNwj/oZDeAGcHZfycrK2pYapdQmzeeW2o/Ed5bNbF1uYniFhKOPmpscs
B20z2SINrO3Qx63Yy7OfPyYVKOFBpDaSPFAwvdiZ4ibori7UciqxJig16+iy+zXR
q+1kAWyvi8appufOiQyRqscWOHCCwEd/2HeZ3HB2JrF6UNXegEbNgX8VXL+wGtl4
WojcfaVQlPgSh7EhnHWK2ai85TL6uYYdVkaxY4lLiHUPkTarxz0mT8laHfJhZt/n
KJR4vRHW9g6fr8rr/f6CiPxS+M1csooMDTv6s+b8bbFQnCXQGfkTau7YURUn1rEq
75hEayeCZ2SYq+NtZIV+KdxSrY0ZAlyLNLUtOHmS5mM1aD2M981F1IBJPBHg7CH2
kD7kzQd6IVYSxeEE37G3Oy/TMrPBSu/IoKF8Rh0TZxC25tT9q+w=
=zYpB
-----END PGP SIGNATURE-----
More information about the Focal-changes
mailing list