Ubuntu
bind9 package

Merge ~ahasenack/ubuntu/+source/bind9:disco-bind9-9.11.5p1-merge into ubuntu/+source/bind9:debian/sid

  1. Git
  2. lp:~ahasenack/ubuntu/+source/bind9
  3. disco-bind9-9.11.5p1-merge
  4. Merge into debian/sid
Proposed by Andreas Hasenack
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: f02ecb4bb174fbbff04a30d965b64aa78c57d611
Merge reported by: Andreas Hasenack
Merged at revision: f02ecb4bb174fbbff04a30d965b64aa78c57d611
Proposed branch: ~ahasenack/ubuntu/+source/bind9:disco-bind9-9.11.5p1-merge
Merge into: ubuntu/+source/bind9:debian/sid
Diff against target: 778 lines (+492/-83)
10 files modified
debian/bind9.install (+0/-2)
debian/changelog (+420/-0)
debian/control (+2/-5)
debian/dnsutils.install (+0/-2)
debian/libdns1104.symbols (+0/-66)
debian/patches/enable-udp-in-host-command.diff (+26/-0)
debian/patches/fix-shutdown-race.diff (+41/-0)
debian/patches/series (+2/-0)
debian/rules (+1/-4)
debian/tests/simpletest (+0/-4)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+361928@code.launchpad.net

Description of the change

Merge from debian's 9.11.5P1, which was just an upstream version bump with no further changes. Same here. The patches we added recently and became part of our delta are committed upstream in bind, but didn't make into the 9.11.5P1 cut (I checked their git repo).

Bileto ticket, ppa (still building/running as I write this, I will check its status tomorrow):

https://bileto.ubuntu.com/#/ticket/3603

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Retriggering tests with proposed

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I now looked at it quite a while, but can't find anything.
Ack it as the straight forward merge carrying all as-is that it is.

The tests OTOH draw a different picture, mostly dependency issues in libdns and libbind.
I wonder if those are 2nd grade issues of libreadline which we see so often recently or a real issue.

I know that you will retrigger these tests with all_proposed to check if they are succeeding, under that condition ack to the MP.

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

DEP8 is green after the all-proposed dep8 re-run. Tagging and uploading.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Tagged and uploaded.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

bind9 migrated, setting MP to merged:
 bind9 | 1:9.11.5.P1+dfsg-1ubuntu1 | disco | source, amd64, arm64, armhf, i386, ppc64el, s390x

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/bind9.install b/debian/bind9.install
index 26d595e..fd7f0f5 100644
--- a/debian/bind9.install
+++ b/debian/bind9.install
@@ -16,7 +16,6 @@ usr/sbin/genrandom
16usr/sbin/isc-hmac-fixup16usr/sbin/isc-hmac-fixup
17usr/sbin/named17usr/sbin/named
18usr/sbin/named-journalprint18usr/sbin/named-journalprint
19usr/sbin/named-nzd2nzf
20usr/sbin/named-pkcs1119usr/sbin/named-pkcs11
21usr/sbin/nsec3hash20usr/sbin/nsec3hash
22usr/sbin/tsig-keygen21usr/sbin/tsig-keygen
@@ -32,7 +31,6 @@ usr/share/man/man8/dnssec-importkey.8
32usr/share/man/man8/genrandom.831usr/share/man/man8/genrandom.8
33usr/share/man/man8/isc-hmac-fixup.832usr/share/man/man8/isc-hmac-fixup.8
34usr/share/man/man8/named-journalprint.833usr/share/man/man8/named-journalprint.8
35usr/share/man/man8/named-nzd2nzf.8
36usr/share/man/man8/named.834usr/share/man/man8/named.8
37usr/share/man/man8/nsec3hash.835usr/share/man/man8/nsec3hash.8
38usr/share/man/man8/tsig-keygen.836usr/share/man/man8/tsig-keygen.8
diff --git a/debian/changelog b/debian/changelog
index 1cf4a21..279b742 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,68 @@
1bind9 (1:9.11.5.P1+dfsg-1ubuntu1) disco; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - Build without lmdb support as that package is in Universe
5 - Don't build dnstap as it depends on universe packages:
6 + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
7 protobuf-c-compiler (universe packages)
8 + d/dnsutils.install: don't install dnstap
9 + d/libdns1104.symbols: don't include dnstap symbols
10 + d/rules: don't build dnstap nor install dnstap.proto
11 - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
12 option (LP #1804648)
13 - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
14 close to a query timeout (LP #1797926)
15 - d/t/simpletest: drop the internetsociety.org test as it requires
16 network egress access that is not available in the Ubuntu autopkgtest
17 farm.
18
19 -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Jan 2019 18:59:25 -0200
20
1bind9 (1:9.11.5.P1+dfsg-1) unstable; urgency=medium21bind9 (1:9.11.5.P1+dfsg-1) unstable; urgency=medium
222
3 * New upstream version 9.11.5.P1+dfsg23 * New upstream version 9.11.5.P1+dfsg
424
5 -- Ondřej Surý <ondrej@debian.org> Tue, 18 Dec 2018 13:59:25 +000025 -- Ondřej Surý <ondrej@debian.org> Tue, 18 Dec 2018 13:59:25 +0000
626
27bind9 (1:9.11.5+dfsg-1ubuntu1) disco; urgency=medium
28
29 * Merge with Debian unstable. Remaining changes:
30 - Build without lmdb support as that package is in Universe
31 - Don't build dnstap as it depends on universe packages:
32 + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
33 protobuf-c-compiler (universe packages)
34 + d/dnsutils.install: don't install dnstap
35 + d/libdns1104.symbols: don't include dnstap symbols
36 + d/rules: don't build dnstap nor install dnstap.proto
37 * Dropped:
38 - SECURITY UPDATE: denial of service crash when deny-answer-aliases
39 option is used
40 + debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
41 trigger a crash if deny-answer-aliases was set
42 + debian/patches/CVE-2018-5740-2.patch: add tests
43 + debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
44 chainingp correctly, add test
45 + CVE-2018-5740
46 [Fixed in new upstream version 9.11.5]
47 - d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
48 line (Closes: #904983)
49 [Fixed in 1:9.11.4+dfsg-4]
50 - Add a patch to fix named-pkcs11 crashing on startup. (LP #1769440)
51 [Fixed in 1:9.11.4.P1+dfsg-1]
52 - Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
53 (it depends on OpenSSL version) (Closes: #897643)
54 [Fixed in 1:9.11.4.P1+dfsg-1]
55 * Added:
56 - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
57 option (LP: #1804648)
58 - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
59 close to a query timeout (LP: #1797926)
60 - d/t/simpletest: drop the internetsociety.org test as it requires
61 network egress access that is not available in the Ubuntu autopkgtest
62 farm.
63
64 -- Andreas Hasenack <andreas@canonical.com> Thu, 13 Dec 2018 19:40:23 -0200
65
7bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium66bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium
867
9 * Use team+dns@tracker.debian.org as Maintainer address68 * Use team+dns@tracker.debian.org as Maintainer address
@@ -65,6 +124,55 @@ bind9 (1:9.11.4+dfsg-4) unstable; urgency=medium
65124
66 -- Bernhard Schmidt <berni@debian.org> Mon, 30 Jul 2018 16:28:21 +0200125 -- Bernhard Schmidt <berni@debian.org> Mon, 30 Jul 2018 16:28:21 +0200
67126
127bind9 (1:9.11.4+dfsg-3ubuntu5) cosmic; urgency=high
128
129 * No change rebuild against openssl 1.1.1 with TLS 1.3 support.
130
131 -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 29 Sep 2018 01:36:45 +0100
132
133bind9 (1:9.11.4+dfsg-3ubuntu4) cosmic; urgency=medium
134
135 * SECURITY UPDATE: denial of service crash when deny-answer-aliases
136 option is used
137 - debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
138 trigger a crash if deny-answer-aliases was set
139 - debian/patches/CVE-2018-5740-2.patch: add tests
140 - debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
141 chainingp correctly, add test
142 - CVE-2018-5740
143
144 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 20 Sep 2018 11:11:05 +0200
145
146bind9 (1:9.11.4+dfsg-3ubuntu3) cosmic; urgency=medium
147
148 * Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
149 (it depends on OpenSSL version) (Closes: #897643)
150
151 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 18 Sep 2018 10:39:12 +0200
152
153bind9 (1:9.11.4+dfsg-3ubuntu2) cosmic; urgency=medium
154
155 * d/p/skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11
156 crashing on startup. (LP: #1769440)
157
158 -- Karl Stenerud <karl.stenerud@canonical.com> Thu, 30 Aug 2018 07:11:39 -0700
159
160bind9 (1:9.11.4+dfsg-3ubuntu1) cosmic; urgency=medium
161
162 * Merge with Debian unstable. Remaining changes:
163 - Build without lmdb support as that package is in Universe
164 * Added:
165 - Don't build dnstap as it depends on universe packages:
166 + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
167 protobuf-c-compiler (universe packages)
168 + d/dnsutils.install: don't install dnstap
169 + d/libdns1102.symbols: don't include dnstap symbols
170 + d/rules: don't build dnstap
171 - d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
172 line (Closes: #904983)
173
174 -- Andreas Hasenack <andreas@canonical.com> Mon, 30 Jul 2018 10:56:04 -0300
175
68bind9 (1:9.11.4+dfsg-3) unstable; urgency=medium176bind9 (1:9.11.4+dfsg-3) unstable; urgency=medium
69177
70 * Enable IDN support for dig+host using libidn2 (Closes: #459010)178 * Enable IDN support for dig+host using libidn2 (Closes: #459010)
@@ -95,6 +203,19 @@ bind9 (1:9.11.4+dfsg-1) unstable; urgency=medium
95203
96 -- Ondřej Surý <ondrej@debian.org> Sat, 14 Jul 2018 12:27:56 +0000204 -- Ondřej Surý <ondrej@debian.org> Sat, 14 Jul 2018 12:27:56 +0000
97205
206bind9 (1:9.11.3+dfsg-2ubuntu1) cosmic; urgency=medium
207
208 * Merge with Debian unstable (LP: #1777935). Remaining changes:
209 - Build without lmdb support as that package is in Universe
210 * Drop:
211 - SECURITY UPDATE: improperly permits recursive query service
212 + debian/patches/CVE-2018-5738.patch: fix configure_view_acl() handling
213 in bin/named/server.c.
214 + CVE-2018-5738
215 [Applied in Debian's 1:9.11.3+dfsg-2]
216
217 -- Andreas Hasenack <andreas@canonical.com> Wed, 20 Jun 2018 17:42:16 -0300
218
98bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium219bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium
99220
100 * [CVE-2018-5738]: Add upstream fix to close the default open recursion221 * [CVE-2018-5738]: Add upstream fix to close the default open recursion
@@ -103,6 +224,24 @@ bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium
103224
104 -- Ondřej Surý <ondrej@debian.org> Thu, 14 Jun 2018 13:01:47 +0000225 -- Ondřej Surý <ondrej@debian.org> Thu, 14 Jun 2018 13:01:47 +0000
105226
227bind9 (1:9.11.3+dfsg-1ubuntu2) cosmic; urgency=medium
228
229 * SECURITY UPDATE: improperly permits recursive query service
230 - debian/patches/CVE-2018-5738.patch: fix configure_view_acl() handling
231 in bin/named/server.c.
232 - CVE-2018-5738
233
234 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Jun 2018 09:41:51 -0400
235
236bind9 (1:9.11.3+dfsg-1ubuntu1) bionic; urgency=low
237
238 * New upstream release. (LP: #1763572)
239 - fix a crash when configured with ipa-dns-install
240 * Merge from Debian unstable. Remaining changes:
241 - Build without lmdb support as that package is in Universe
242
243 -- Timo Aaltonen <tjaalton@debian.org> Fri, 13 Apr 2018 07:40:47 +0300
244
106bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium245bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium
107246
108 [ Bernhard Schmidt ]247 [ Bernhard Schmidt ]
@@ -127,6 +266,61 @@ bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium
127266
128 -- Bernhard Schmidt <berni@debian.org> Fri, 23 Mar 2018 00:09:58 +0100267 -- Bernhard Schmidt <berni@debian.org> Fri, 23 Mar 2018 00:09:58 +0100
129268
269bind9 (1:9.11.2.P1-1ubuntu5) bionic; urgency=medium
270
271 * debian/patches/nsupdate-gssapi-fails-ad-45854.patch: fix updating
272 DNS records in Microsoft AD using GSSAPI. Thanks to Mark Andrews
273 <marka@isc.org>. (LP: #1755439)
274
275 -- Andreas Hasenack <andreas@canonical.com> Fri, 16 Mar 2018 09:38:46 -0300
276
277bind9 (1:9.11.2.P1-1ubuntu4) bionic; urgency=medium
278
279 * Fix apparmor profile filename (LP: #1754981)
280
281 -- Andreas Hasenack <andreas@canonical.com> Thu, 15 Mar 2018 10:06:57 -0300
282
283bind9 (1:9.11.2.P1-1ubuntu3) bionic; urgency=high
284
285 * No change rebuild against openssl1.1.
286
287 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 06 Feb 2018 12:14:22 +0000
288
289bind9 (1:9.11.2.P1-1ubuntu2) bionic; urgency=medium
290
291 * Build without lmdb support as that package is in Universe (LP: #1746296)
292 - d/control: remove Build-Depends on liblmdb-dev
293 - d/rules: configure --without-lmdb
294 - d/bind9.install: drop named-nzd2nzf and named-nzd2nzf.8 as it requires
295 lmdb.
296
297 -- Andreas Hasenack <andreas@canonical.com> Tue, 30 Jan 2018 15:21:23 -0200
298
299bind9 (1:9.11.2.P1-1ubuntu1) bionic; urgency=medium
300
301 * Merge with Debian unstable (LP: #1744930).
302 * Drop:
303 - Add RemainAfterExit to bind9-resolvconf unit configuration file
304 (LP #1536181).
305 [fixed in 1:9.10.6+dfsg-4]
306 - rules: Fix path to libsofthsm2.so. (LP #1685780)
307 [adopted in 1:9.10.6+dfsg-5]
308 - d/p/CVE-2016-8864-regression-test.patch: tests for the regression
309 introduced with the CVE-2016-8864.patch and fixed in
310 CVE-2016-8864-regression.patch.
311 [applied upstream]
312 - d/p/CVE-2016-8864-regression2-test.patch: tests for the second
313 regression (RT #44318) introduced with the CVE-2016-8864.patch
314 and fixed in CVE-2016-8864-regression2.patch.
315 [applied upstream]
316 - d/control, d/rules: add json support for the statistics channels.
317 (LP #1669193)
318 [adopted in 1:9.10.6+dfsg-5]
319 * d/p/add-ply-dependency-to-python-scripts.patch: setup.py is missing
320 listing the python ply module as a dependency (Closes: #888463)
321
322 -- Andreas Hasenack <andreas@canonical.com> Fri, 26 Jan 2018 11:20:33 -0200
323
130bind9 (1:9.11.2.P1-1) unstable; urgency=medium324bind9 (1:9.11.2.P1-1) unstable; urgency=medium
131325
132 * New upstream version 9.11.2-P1326 * New upstream version 9.11.2-P1
@@ -302,6 +496,140 @@ bind9 (1:9.10.6+dfsg-1) unstable; urgency=medium
302496
303 -- Ondřej Surý <ondrej@debian.org> Fri, 06 Oct 2017 06:18:21 +0000497 -- Ondřej Surý <ondrej@debian.org> Fri, 06 Oct 2017 06:18:21 +0000
304498
499bind9 (1:9.10.3.dfsg.P4-12.6ubuntu1) artful; urgency=medium
500
501 * Merge with Debian unstable (LP: #1712920). Remaining changes:
502 - Add RemainAfterExit to bind9-resolvconf unit configuration file
503 (LP #1536181).
504 - rules: Fix path to libsofthsm2.so. (LP #1685780)
505 - d/p/CVE-2016-8864-regression-test.patch: tests for the regression
506 introduced with the CVE-2016-8864.patch and fixed in
507 CVE-2016-8864-regression.patch.
508 - d/p/CVE-2016-8864-regression2-test.patch: tests for the second
509 regression (RT #44318) introduced with the CVE-2016-8864.patch
510 and fixed in CVE-2016-8864-regression2.patch.
511 - d/control, d/rules: add json support for the statistics channels.
512 (LP #1669193)
513
514 -- Andreas Hasenack <andreas@canonical.com> Thu, 24 Aug 2017 18:28:00 -0300
515
516bind9 (1:9.10.3.dfsg.P4-12.6) unstable; urgency=medium
517
518 * Non-maintainer upload.
519 * Import upcoming DNSSEC KSK-2017 from 9.10.5 (Closes: #860794)
520
521 -- Bernhard Schmidt <berni@debian.org> Fri, 11 Aug 2017 19:10:07 +0200
522
523bind9 (1:9.10.3.dfsg.P4-12.5ubuntu1) artful; urgency=medium
524
525 * Merge with Debian unstable (LP: #1701687). Remaining changes:
526 - Add RemainAfterExit to bind9-resolvconf unit configuration file
527 (LP #1536181).
528 - rules: Fix path to libsofthsm2.so. (LP #1685780)
529 * Drop:
530 - SECURITY UPDATE: denial of service via assertion failure
531 + debian/patches/CVE-2016-2776.patch: properly handle lengths in
532 lib/dns/message.c.
533 + CVE-2016-2776
534 + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
535 - SECURITY UPDATE: assertion failure via class mismatch
536 + debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
537 records in lib/dns/resolver.c.
538 + CVE-2016-9131
539 + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
540 - SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
541 + debian/patches/CVE-2016-9147.patch: fix logic when records are
542 returned without the requested data in lib/dns/resolver.c.
543 + CVE-2016-9147
544 + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
545 - SECURITY UPDATE: assertion failure via unusually-formed DS record
546 + debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
547 lib/dns/message.c, lib/dns/resolver.c.
548 + CVE-2016-9444
549 + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
550 - SECURITY UPDATE: regression in CVE-2016-8864
551 + debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
552 responses in lib/dns/resolver.c, added tests to
553 bin/tests/system/dname/ns2/example.db,
554 bin/tests/system/dname/tests.sh.
555 + No CVE number
556 + [Fixed in Debian 1:9.10.3.dfsg.P4-11 and 1:9.10.3.dfsg.P4-12]
557 - SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
558 a NULL pointer
559 + debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
560 combination in bin/named/query.c, lib/dns/message.c,
561 lib/dns/rdataset.c.
562 + CVE-2017-3135
563 + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
564 - SECURITY UPDATE: regression in CVE-2016-8864
565 + debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
566 was still being cached when it should have been in lib/dns/resolver.c,
567 added tests to bin/tests/system/dname/ans3/ans.pl,
568 bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
569 + No CVE number
570 + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
571 - SECURITY UPDATE: Denial of Service due to an error handling
572 synthesized records when using DNS64 with "break-dnssec yes;"
573 + debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
574 called.
575 + CVE-2017-3136
576 + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]
577 - SECURITY UPDATE: Denial of Service due to resolver terminating when
578 processing a response packet containing a CNAME or DNAME
579 + debian/patches/CVE-2017-3137.patch: don't expect a specific
580 ordering of answer components; add testcases.
581 + CVE-2017-3137
582 + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3 with 3 patch files]
583 - SECURITY UPDATE: Denial of Service when receiving a null command on
584 the control channel
585 + debian/patches/CVE-2017-3138.patch: don't throw an assert if no
586 command token is given; add testcase.
587 + CVE-2017-3138
588 + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]
589 - SECURITY UPDATE: TSIG authentication issues
590 + debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
591 lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
592 + CVE-2017-3142
593 + CVE-2017-3143
594 + [Fixed in Debian 1:9.10.3.dfsg.P4-12.4]
595 * d/p/CVE-2016-8864-regression-test.patch: tests for the regression
596 introduced with the CVE-2016-8864.patch and fixed in
597 CVE-2016-8864-regression.patch.
598 * d/p/CVE-2016-8864-regression2-test.patch: tests for the second
599 regression (RT #44318) introduced with the CVE-2016-8864.patch
600 and fixed in CVE-2016-8864-regression2.patch.
601 * d/control, d/rules: add json support for the statistics channels.
602 (LP: #1669193)
603
604 -- Andreas Hasenack <andreas@canonical.com> Fri, 11 Aug 2017 17:12:09 -0300
605
606bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium
607
608 * Non-maintainer upload.
609 * Change to fix CVE-2017-3142 and CVE-2017-3143 broke verification of TSIG
610 signed TCP message sequences where not all the messages contain TSIG
611 records. These may be used in AXFR and IXFR responses.
612 (Closes: #868952)
613
614 -- Salvatore Bonaccorso <carnil@debian.org> Fri, 21 Jul 2017 22:28:32 +0200
615
616bind9 (1:9.10.3.dfsg.P4-12.4) unstable; urgency=high
617
618 * Non-maintainer upload.
619
620 [ Yves-Alexis Perez ]
621 * debian/patches:
622 - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
623 CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
624 transfers. An attacker may be able to circumvent TSIG authentication of
625 AXFR and Notify requests.
626 CVE-2017-3143: error in TSIG authentication can permit unauthorized
627 dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
628 signature for a dynamic update.
629 (Closes: #866564)
630
631 -- Salvatore Bonaccorso <carnil@debian.org> Sun, 16 Jul 2017 22:13:21 +0200
632
305bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) stretch; urgency=medium633bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) stretch; urgency=medium
306634
307 [ Bernhard Schmidt ]635 [ Bernhard Schmidt ]
@@ -408,6 +736,98 @@ bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium
408736
409 -- Michael Gilbert <mgilbert@debian.org> Thu, 19 Jan 2017 04:03:28 +0000737 -- Michael Gilbert <mgilbert@debian.org> Thu, 19 Jan 2017 04:03:28 +0000
410738
739bind9 (1:9.10.3.dfsg.P4-10.1ubuntu7) artful; urgency=medium
740
741 * SECURITY UPDATE: TSIG authentication issues
742 - debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
743 lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
744 - CVE-2017-3142
745 - CVE-2017-3143
746
747 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 03 Jul 2017 09:48:13 -0400
748
749bind9 (1:9.10.3.dfsg.P4-10.1ubuntu6) artful; urgency=medium
750
751 * rules: Fix path to libsofthsm2.so. (LP: #1685780)
752
753 -- Timo Aaltonen <tjaalton@debian.org> Mon, 24 Apr 2017 15:01:30 +0300
754
755bind9 (1:9.10.3.dfsg.P4-10.1ubuntu5) zesty-security; urgency=medium
756
757 * SECURITY UPDATE: Denial of Service due to an error handling
758 synthesized records when using DNS64 with "break-dnssec yes;"
759 - debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
760 called.
761 - CVE-2017-3136
762 * SECURITY UPDATE: Denial of Service due to resolver terminating when
763 processing a response packet containing a CNAME or DNAME
764 - debian/patches/CVE-2017-3137.patch: don't expect a specific
765 ordering of answer components; add testcases.
766 - CVE-2017-3137
767 * SECURITY UPDATE: Denial of Service when receiving a null command on
768 the control channel
769 - debian/patches/CVE-2017-3138.patch: don't throw an assert if no
770 command token is given; add testcase.
771 - CVE-2017-3138
772
773 -- Steve Beattie <sbeattie@ubuntu.com> Wed, 12 Apr 2017 01:32:15 -0700
774
775bind9 (1:9.10.3.dfsg.P4-10.1ubuntu4) zesty; urgency=medium
776
777 * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
778 a NULL pointer
779 - debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
780 combination in bin/named/query.c, lib/dns/message.c,
781 lib/dns/rdataset.c.
782 - CVE-2017-3135
783 * SECURITY UPDATE: regression in CVE-2016-8864
784 - debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
785 was still being cached when it should have been in lib/dns/resolver.c,
786 added tests to bin/tests/system/dname/ans3/ans.pl,
787 bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
788 - No CVE number
789
790 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 15 Feb 2017 09:37:39 -0500
791
792bind9 (1:9.10.3.dfsg.P4-10.1ubuntu3) zesty; urgency=medium
793
794 * SECURITY UPDATE: assertion failure via class mismatch
795 - debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
796 records in lib/dns/resolver.c.
797 - CVE-2016-9131
798 * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
799 - debian/patches/CVE-2016-9147.patch: fix logic when records are
800 returned without the requested data in lib/dns/resolver.c.
801 - CVE-2016-9147
802 * SECURITY UPDATE: assertion failure via unusually-formed DS record
803 - debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
804 lib/dns/message.c, lib/dns/resolver.c.
805 - CVE-2016-9444
806 * SECURITY UPDATE: regression in CVE-2016-8864
807 - debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
808 responses in lib/dns/resolver.c, added tests to
809 bin/tests/system/dname/ns2/example.db,
810 bin/tests/system/dname/tests.sh.
811 - No CVE number
812
813 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jan 2017 09:28:10 -0500
814
815bind9 (1:9.10.3.dfsg.P4-10.1ubuntu2) zesty; urgency=medium
816
817 * Add RemainAfterExit to bind9-resolvconf unit configuration file
818 (LP: #1536181).
819
820 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Tue, 15 Nov 2016 08:24:58 -0800
821
822bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1) yakkety; urgency=medium
823
824 * SECURITY UPDATE: denial of service via assertion failure
825 - debian/patches/CVE-2016-2776.patch: properly handle lengths in
826 lib/dns/message.c.
827 - CVE-2016-2776
828
829 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 04 Oct 2016 14:31:17 -0400
830
411bind9 (1:9.10.3.dfsg.P4-10.1) unstable; urgency=medium831bind9 (1:9.10.3.dfsg.P4-10.1) unstable; urgency=medium
412832
413 * Non-maintainer upload.833 * Non-maintainer upload.
diff --git a/debian/control b/debian/control
index 73c2a17..3d7f03d 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: bind91Source: bind9
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian DNS Team <team+dns@tracker.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian DNS Team <team+dns@tracker.debian.org>
5Uploaders: LaMont Jones <lamont@debian.org>,6Uploaders: LaMont Jones <lamont@debian.org>,
6 Michael Gilbert <mgilbert@debian.org>,7 Michael Gilbert <mgilbert@debian.org>,
7 Robie Basak <robie.basak@canonical.com>,8 Robie Basak <robie.basak@canonical.com>,
@@ -15,18 +16,14 @@ Build-Depends: bison,
15 dpkg-dev (>= 1.16.1~),16 dpkg-dev (>= 1.16.1~),
16 libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386],17 libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386],
17 libdb-dev (>>4.6),18 libdb-dev (>>4.6),
18 libfstrm-dev,
19 libgeoip-dev (>= 1.4.6.dfsg-5),19 libgeoip-dev (>= 1.4.6.dfsg-5),
20 libidn2-dev,20 libidn2-dev,
21 libjson-c-dev,21 libjson-c-dev,
22 libkrb5-dev,22 libkrb5-dev,
23 libldap2-dev,23 libldap2-dev,
24 liblmdb-dev,
25 libprotobuf-c-dev,
26 libssl-dev,24 libssl-dev,
27 libtool,25 libtool,
28 libxml2-dev,26 libxml2-dev,
29 protobuf-c-compiler,
30 python3,27 python3,
31 python3-distutils,28 python3-distutils,
32 python3-ply29 python3-ply
diff --git a/debian/dnsutils.install b/debian/dnsutils.install
index 90e4fba..5e6b7d9 100644
--- a/debian/dnsutils.install
+++ b/debian/dnsutils.install
@@ -1,12 +1,10 @@
1usr/bin/delv1usr/bin/delv
2usr/bin/dig2usr/bin/dig
3usr/bin/dnstap-read
4usr/bin/mdig3usr/bin/mdig
5usr/bin/nslookup4usr/bin/nslookup
6usr/bin/nsupdate5usr/bin/nsupdate
7usr/share/man/man1/delv.16usr/share/man/man1/delv.1
8usr/share/man/man1/dig.17usr/share/man/man1/dig.1
9usr/share/man/man1/dnstap-read.1
10usr/share/man/man1/mdig.18usr/share/man/man1/mdig.1
11usr/share/man/man1/nslookup.19usr/share/man/man1/nslookup.1
12usr/share/man/man1/nsupdate.110usr/share/man/man1/nsupdate.1
diff --git a/debian/libdns1104.symbols b/debian/libdns1104.symbols
index a3b9f10..7b6020e 100644
--- a/debian/libdns1104.symbols
+++ b/debian/libdns1104.symbols
@@ -358,21 +358,6 @@ libdns-pkcs11.so.1104 libdns1104 #MINVER#
358 dns_dsdigest_format@Base 1:9.11.3+dfsg358 dns_dsdigest_format@Base 1:9.11.3+dfsg
359 dns_dsdigest_fromtext@Base 1:9.11.3+dfsg359 dns_dsdigest_fromtext@Base 1:9.11.3+dfsg
360 dns_dsdigest_totext@Base 1:9.11.3+dfsg360 dns_dsdigest_totext@Base 1:9.11.3+dfsg
361 dns_dt_attach@Base 1:9.11.4+dfsg-2
362 dns_dt_close@Base 1:9.11.4+dfsg-2
363 dns_dt_create@Base 1:9.11.4+dfsg-2
364 dns_dt_datatotext@Base 1:9.11.4+dfsg-2
365 dns_dt_detach@Base 1:9.11.4+dfsg-2
366 dns_dt_getframe@Base 1:9.11.4+dfsg-2
367 dns_dt_getstats@Base 1:9.11.4+dfsg-2
368 dns_dt_open@Base 1:9.11.4+dfsg-2
369 dns_dt_parse@Base 1:9.11.4+dfsg-2
370 dns_dt_reopen@Base 1:9.11.4+dfsg-2
371 dns_dt_send@Base 1:9.11.4+dfsg-2
372 dns_dt_setidentity@Base 1:9.11.4+dfsg-2
373 dns_dt_setversion@Base 1:9.11.4+dfsg-2
374 dns_dt_shutdown@Base 1:9.11.4+dfsg-2
375 dns_dtdata_free@Base 1:9.11.4+dfsg-2
376 dns_dumpctx_attach@Base 1:9.11.3+dfsg361 dns_dumpctx_attach@Base 1:9.11.3+dfsg
377 dns_dumpctx_cancel@Base 1:9.11.3+dfsg362 dns_dumpctx_cancel@Base 1:9.11.3+dfsg
378 dns_dumpctx_db@Base 1:9.11.3+dfsg363 dns_dumpctx_db@Base 1:9.11.3+dfsg
@@ -1443,24 +1428,6 @@ libdns-pkcs11.so.1104 libdns1104 #MINVER#
1443 dns_zt_setviewcommit@Base 1:9.11.3+dfsg1428 dns_zt_setviewcommit@Base 1:9.11.3+dfsg
1444 dns_zt_setviewrevert@Base 1:9.11.3+dfsg1429 dns_zt_setviewrevert@Base 1:9.11.3+dfsg
1445 dns_zt_unmount@Base 1:9.11.3+dfsg1430 dns_zt_unmount@Base 1:9.11.3+dfsg
1446 dnstap__dnstap__descriptor@Base 1:9.11.4+dfsg-2
1447 dnstap__dnstap__free_unpacked@Base 1:9.11.4+dfsg-2
1448 dnstap__dnstap__get_packed_size@Base 1:9.11.4+dfsg-2
1449 dnstap__dnstap__init@Base 1:9.11.4+dfsg-2
1450 dnstap__dnstap__pack@Base 1:9.11.4+dfsg-2
1451 dnstap__dnstap__pack_to_buffer@Base 1:9.11.4+dfsg-2
1452 dnstap__dnstap__type__descriptor@Base 1:9.11.4+dfsg-2
1453 dnstap__dnstap__unpack@Base 1:9.11.4+dfsg-2
1454 dnstap__message__descriptor@Base 1:9.11.4+dfsg-2
1455 dnstap__message__free_unpacked@Base 1:9.11.4+dfsg-2
1456 dnstap__message__get_packed_size@Base 1:9.11.4+dfsg-2
1457 dnstap__message__init@Base 1:9.11.4+dfsg-2
1458 dnstap__message__pack@Base 1:9.11.4+dfsg-2
1459 dnstap__message__pack_to_buffer@Base 1:9.11.4+dfsg-2
1460 dnstap__message__type__descriptor@Base 1:9.11.4+dfsg-2
1461 dnstap__message__unpack@Base 1:9.11.4+dfsg-2
1462 dnstap__socket_family__descriptor@Base 1:9.11.4+dfsg-2
1463 dnstap__socket_protocol__descriptor@Base 1:9.11.4+dfsg-2
1464 dst__entropy_getdata@Base 1:9.11.3+dfsg1431 dst__entropy_getdata@Base 1:9.11.3+dfsg
1465 dst__entropy_status@Base 1:9.11.3+dfsg1432 dst__entropy_status@Base 1:9.11.3+dfsg
1466 dst__gssapi_init@Base 1:9.11.3+dfsg1433 dst__gssapi_init@Base 1:9.11.3+dfsg
@@ -1940,21 +1907,6 @@ libdns.so.1104 libdns1104 #MINVER#
1940 dns_dsdigest_format@Base 1:9.11.3+dfsg1907 dns_dsdigest_format@Base 1:9.11.3+dfsg
1941 dns_dsdigest_fromtext@Base 1:9.11.3+dfsg1908 dns_dsdigest_fromtext@Base 1:9.11.3+dfsg
1942 dns_dsdigest_totext@Base 1:9.11.3+dfsg1909 dns_dsdigest_totext@Base 1:9.11.3+dfsg
1943 dns_dt_attach@Base 1:9.11.4+dfsg-2
1944 dns_dt_close@Base 1:9.11.4+dfsg-2
1945 dns_dt_create@Base 1:9.11.4+dfsg-2
1946 dns_dt_datatotext@Base 1:9.11.4+dfsg-2
1947 dns_dt_detach@Base 1:9.11.4+dfsg-2
1948 dns_dt_getframe@Base 1:9.11.4+dfsg-2
1949 dns_dt_getstats@Base 1:9.11.4+dfsg-2
1950 dns_dt_open@Base 1:9.11.4+dfsg-2
1951 dns_dt_parse@Base 1:9.11.4+dfsg-2
1952 dns_dt_reopen@Base 1:9.11.4+dfsg-2
1953 dns_dt_send@Base 1:9.11.4+dfsg-2
1954 dns_dt_setidentity@Base 1:9.11.4+dfsg-2
1955 dns_dt_setversion@Base 1:9.11.4+dfsg-2
1956 dns_dt_shutdown@Base 1:9.11.4+dfsg-2
1957 dns_dtdata_free@Base 1:9.11.4+dfsg-2
1958 dns_dumpctx_attach@Base 1:9.11.3+dfsg1910 dns_dumpctx_attach@Base 1:9.11.3+dfsg
1959 dns_dumpctx_cancel@Base 1:9.11.3+dfsg1911 dns_dumpctx_cancel@Base 1:9.11.3+dfsg
1960 dns_dumpctx_db@Base 1:9.11.3+dfsg1912 dns_dumpctx_db@Base 1:9.11.3+dfsg
@@ -3032,24 +2984,6 @@ libdns.so.1104 libdns1104 #MINVER#
3032 dns_zt_setviewcommit@Base 1:9.11.3+dfsg2984 dns_zt_setviewcommit@Base 1:9.11.3+dfsg
3033 dns_zt_setviewrevert@Base 1:9.11.3+dfsg2985 dns_zt_setviewrevert@Base 1:9.11.3+dfsg
3034 dns_zt_unmount@Base 1:9.11.3+dfsg2986 dns_zt_unmount@Base 1:9.11.3+dfsg
3035 dnstap__dnstap__descriptor@Base 1:9.11.4+dfsg-2
3036 dnstap__dnstap__free_unpacked@Base 1:9.11.4+dfsg-2
3037 dnstap__dnstap__get_packed_size@Base 1:9.11.4+dfsg-2
3038 dnstap__dnstap__init@Base 1:9.11.4+dfsg-2
3039 dnstap__dnstap__pack@Base 1:9.11.4+dfsg-2
3040 dnstap__dnstap__pack_to_buffer@Base 1:9.11.4+dfsg-2
3041 dnstap__dnstap__type__descriptor@Base 1:9.11.4+dfsg-2
3042 dnstap__dnstap__unpack@Base 1:9.11.4+dfsg-2
3043 dnstap__message__descriptor@Base 1:9.11.4+dfsg-2
3044 dnstap__message__free_unpacked@Base 1:9.11.4+dfsg-2
3045 dnstap__message__get_packed_size@Base 1:9.11.4+dfsg-2
3046 dnstap__message__init@Base 1:9.11.4+dfsg-2
3047 dnstap__message__pack@Base 1:9.11.4+dfsg-2
3048 dnstap__message__pack_to_buffer@Base 1:9.11.4+dfsg-2
3049 dnstap__message__type__descriptor@Base 1:9.11.4+dfsg-2
3050 dnstap__message__unpack@Base 1:9.11.4+dfsg-2
3051 dnstap__socket_family__descriptor@Base 1:9.11.4+dfsg-2
3052 dnstap__socket_protocol__descriptor@Base 1:9.11.4+dfsg-2
3053 dst__entropy_getdata@Base 1:9.11.3+dfsg2987 dst__entropy_getdata@Base 1:9.11.3+dfsg
3054 dst__entropy_status@Base 1:9.11.3+dfsg2988 dst__entropy_status@Base 1:9.11.3+dfsg
3055 dst__gssapi_init@Base 1:9.11.3+dfsg2989 dst__gssapi_init@Base 1:9.11.3+dfsg
diff --git a/debian/patches/enable-udp-in-host-command.diff b/debian/patches/enable-udp-in-host-command.diff
3056new file mode 1006442990new file mode 100644
index 0000000..5444ae7
--- /dev/null
+++ b/debian/patches/enable-udp-in-host-command.diff
@@ -0,0 +1,26 @@
1Description: Fix parsing of host(1)'s -U command line option
2Author: Andreas Hasenack <andreas@canonical.com>
3Bug: https://gitlab.isc.org/isc-projects/bind9/issues/769
4Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1804648
5Applied-Upstream: https://gitlab.isc.org/isc-projects/bind9/commit/5e2cd91321cdda1707411c4e268d364f03f63935
6Last-Update: 2018-12-06
7---
8This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
9--- a/bin/dig/host.c
10+++ b/bin/dig/host.c
11@@ -158,6 +158,7 @@
12 " -s a SERVFAIL response should stop query\n"
13 " -t specifies the query type\n"
14 " -T enables TCP/IP mode\n"
15+" -U enables UDP mode\n"
16 " -v enables verbose output\n"
17 " -V print version number and exit\n"
18 " -w specifies to wait forever for a reply\n"
19@@ -657,6 +658,7 @@
20 case 'N': break;
21 case 'R': break;
22 case 'T': break;
23+ case 'U': break;
24 case 'W': break;
25 default:
26 show_usage();
diff --git a/debian/patches/fix-shutdown-race.diff b/debian/patches/fix-shutdown-race.diff
0new file mode 10064427new file mode 100644
index 0000000..f10f51f
--- /dev/null
+++ b/debian/patches/fix-shutdown-race.diff
@@ -0,0 +1,41 @@
1From f2ca287330110993609fa0443d3bdb17629bd979 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
3Date: Tue, 13 Nov 2018 13:50:47 +0100
4Subject: [PATCH 1/2] Fix a shutdown race in bin/dig/dighost.c
5
6If a tool using the routines defined in bin/dig/dighost.c is sent an
7interruption signal around the time a connection timeout is scheduled to
8fire, connect_timeout() may be executed after destroy_libs() detaches
9from the global task (setting 'global_task' to NULL), which results in a
10crash upon a UDP retry due to bringup_timer() attempting to create a
11timer with 'task' set to NULL. Fix by preventing connect_timeout() from
12attempting a retry when shutdown is in progress.
13
14(cherry picked from commit 462175659674a10c0d39c7c328f1a5324ce2e38b)
15
16Origin: https://gitlab.isc.org/isc-projects/bind9/merge_requests/1040/diffs
17Bug: https://gitlab.isc.org/isc-projects/bind9/issues/599
18Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1797926
19Last-Update: 2018-12-06
20
21---
22 bin/dig/dighost.c | 5 +++++
23 1 file changed, 5 insertions(+)
24diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
25index 39abb9d0fd..17e0328228 100644
26--- a/bin/dig/dighost.c
27+++ b/bin/dig/dighost.c
28@@ -3240,6 +3240,11 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
29
30 INSIST(!free_now);
31
32+ if (cancel_now) {
33+ UNLOCK_LOOKUP;
34+ return;
35+ }
36+
37 if ((query != NULL) && (query->lookup->current_query != NULL) &&
38 ISC_LINK_LINKED(query->lookup->current_query, link) &&
39 (ISC_LIST_NEXT(query->lookup->current_query, link) != NULL)) {
40--
412.18.1
diff --git a/debian/patches/series b/debian/patches/series
index 348be41..75144c4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,5 @@
880_reproducible_build.diff880_reproducible_build.diff
9Add_--install-layout=deb_to_setup.py_call.patch9Add_--install-layout=deb_to_setup.py_call.patch
10skip-rtld-deepbind-for-dyndb.diff10skip-rtld-deepbind-for-dyndb.diff
11enable-udp-in-host-command.diff
12fix-shutdown-race.diff
diff --git a/debian/rules b/debian/rules
index 7edd414..1a22081 100755
--- a/debian/rules
+++ b/debian/rules
@@ -91,7 +91,7 @@ override_dh_auto_configure:
91 --with-gssapi=/usr \91 --with-gssapi=/usr \
92 --with-libidn2 \92 --with-libidn2 \
93 --with-libjson=/usr \93 --with-libjson=/usr \
94 --with-lmdb=/usr \94 --without-lmdb \
95 --with-gnu-ld \95 --with-gnu-ld \
96 --with-geoip=/usr \96 --with-geoip=/usr \
97 --with-atf=no \97 --with-atf=no \
@@ -101,7 +101,6 @@ override_dh_auto_configure:
101 --enable-native-pkcs11 \101 --enable-native-pkcs11 \
102 --with-pkcs11=\$${prefix}/lib/softhsm/libsofthsm2.so \102 --with-pkcs11=\$${prefix}/lib/softhsm/libsofthsm2.so \
103 --with-randomdev=/dev/urandom \103 --with-randomdev=/dev/urandom \
104 --enable-dnstap \
105 --with-eddsa=no \104 --with-eddsa=no \
106 $(EXTRA_FEATURES)105 $(EXTRA_FEATURES)
107 dh_auto_configure -B build-udeb -- \106 dh_auto_configure -B build-udeb -- \
@@ -128,8 +127,6 @@ override_dh_auto_configure:
128 # no need to build these targets here127 # no need to build these targets here
129 sed -i 's/dnssec-pkcs11//;s/named-pkcs11//' build-udeb/bin/Makefile128 sed -i 's/dnssec-pkcs11//;s/named-pkcs11//' build-udeb/bin/Makefile
130 sed -i 's/dns-pkcs11//;s/isc-pkcs11//' build-udeb/lib/Makefile129 sed -i 's/dns-pkcs11//;s/isc-pkcs11//' build-udeb/lib/Makefile
131 cp lib/dns/dnstap.proto build/lib/dns
132 cp lib/dns-pkcs11/dnstap.proto build/lib/dns-pkcs11
133130
134override_dh_auto_build:131override_dh_auto_build:
135 dh_auto_build -B build132 dh_auto_build -B build
diff --git a/debian/tests/simpletest b/debian/tests/simpletest
index 468a7c5..34b0b25 100755
--- a/debian/tests/simpletest
+++ b/debian/tests/simpletest
@@ -10,10 +10,6 @@ setup() {
10run() {10run() {
11 # Make a query against a local zone11 # Make a query against a local zone
12 dig -x 127.0.0.1 @127.0.0.112 dig -x 127.0.0.1 @127.0.0.1
13
14 # Make a query against an external nameserver and check for DNSSEC validation
15 echo "Checking for DNSSEC validation status of internetsociety.org"
16 dig -t a internetsociety.org @127.0.0.1 | egrep 'flags:.+ad; QUERY'
17}13}
1814
19teardown() {15teardown() {

Subscribers

People subscribed via source and target branches