Ubuntu
bind9 package

Merge ~rafaeldtinoco/ubuntu/+source/bind9:eoan-bind9-merge into ubuntu/+source/bind9:debian/sid

  1. Git
  2. lp:~rafaeldtinoco/ubuntu/+source/bind9
  3. eoan-bind9-merge
  4. Merge into debian/sid
Proposed by Rafael David Tinoco
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 250b74170dc6263037104e3be555696c69146418
Merge reported by: Andreas Hasenack
Merged at revision: 250b74170dc6263037104e3be555696c69146418
Proposed branch: ~rafaeldtinoco/ubuntu/+source/bind9:eoan-bind9-merge
Merge into: ubuntu/+source/bind9:debian/sid
Diff against target: 953 lines (+646/-83)
10 files modified
debian/bind9.install (+0/-2)
debian/changelog (+574/-0)
debian/control (+2/-5)
debian/dnsutils.install (+0/-2)
debian/libdns1104.symbols (+0/-66)
debian/patches/enable-udp-in-host-command.diff (+26/-0)
debian/patches/fix-shutdown-race.diff (+41/-0)
debian/patches/series (+2/-0)
debian/rules (+1/-4)
debian/tests/simpletest (+0/-4)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Core Reviewers Pending
Canonical Server Pending
Review via email: mp+369410@code.launchpad.net
To post a comment you must log in.
~rafaeldtinoco/ubuntu/+source/bind9:eoan-bind9-merge updated
62ffcaf... by Rafael David Tinoco

reconstruct-changelog

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Tagged and uploaded:

$ git push pkg upload/1%9.11.5.P4+dfsg-5.1ubuntu1
Enumerating objects: 56, done.
Counting objects: 100% (56/56), done.
Delta compression using up to 2 threads
Compressing objects: 100% (41/41), done.
Writing objects: 100% (44/44), 12.36 KiB | 744.00 KiB/s, done.
Total 44 (delta 30), reused 6 (delta 3)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/bind9
 * [new tag] upload/1%9.11.5.P4+dfsg-5.1ubuntu1 -> upload/1%9.11.5.P4+dfsg-5.1ubuntu1

$ dput ubuntu ../bind9_9.11.5.P4+dfsg-5.1ubuntu1_source.changes
Checking signature on .changes
gpg: ../bind9_9.11.5.P4+dfsg-5.1ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../bind9_9.11.5.P4+dfsg-5.1ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading bind9_9.11.5.P4+dfsg-5.1ubuntu1.dsc: done.
  Uploading bind9_9.11.5.P4+dfsg.orig.tar.xz: done.
  Uploading bind9_9.11.5.P4+dfsg-5.1ubuntu1.debian.tar.xz: done.
  Uploading bind9_9.11.5.P4+dfsg-5.1ubuntu1_source.buildinfo: done.
  Uploading bind9_9.11.5.P4+dfsg-5.1ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

This migrated already.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/bind9.install b/debian/bind9.install
index 26d595e..fd7f0f5 100644
--- a/debian/bind9.install
+++ b/debian/bind9.install
@@ -16,7 +16,6 @@ usr/sbin/genrandom
16usr/sbin/isc-hmac-fixup16usr/sbin/isc-hmac-fixup
17usr/sbin/named17usr/sbin/named
18usr/sbin/named-journalprint18usr/sbin/named-journalprint
19usr/sbin/named-nzd2nzf
20usr/sbin/named-pkcs1119usr/sbin/named-pkcs11
21usr/sbin/nsec3hash20usr/sbin/nsec3hash
22usr/sbin/tsig-keygen21usr/sbin/tsig-keygen
@@ -32,7 +31,6 @@ usr/share/man/man8/dnssec-importkey.8
32usr/share/man/man8/genrandom.831usr/share/man/man8/genrandom.8
33usr/share/man/man8/isc-hmac-fixup.832usr/share/man/man8/isc-hmac-fixup.8
34usr/share/man/man8/named-journalprint.833usr/share/man/man8/named-journalprint.8
35usr/share/man/man8/named-nzd2nzf.8
36usr/share/man/man8/named.834usr/share/man/man8/named.8
37usr/share/man/man8/nsec3hash.835usr/share/man/man8/nsec3hash.8
38usr/share/man/man8/tsig-keygen.836usr/share/man/man8/tsig-keygen.8
diff --git a/debian/changelog b/debian/changelog
index fb0505e..5bd1782 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,28 @@
1bind9 (1:9.11.5.P4+dfsg-5.1ubuntu1) eoan; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - Build without lmdb support as that package is in Universe
5 - Don't build dnstap as it depends on universe packages:
6 + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
7 protobuf-c-compiler (universe packages)
8 + d/dnsutils.install: don't install dnstap
9 + d/libdns1104.symbols: don't include dnstap symbols
10 + d/rules: don't build dnstap nor install dnstap.proto
11 - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
12 option (LP #1804648)
13 - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
14 close to a query timeout (LP #1797926)
15 - d/t/simpletest: drop the internetsociety.org test as it requires
16 network egress access that is not available in the Ubuntu autopkgtest
17 farm.
18 * Dropped:
19 - SECURITY UPDATE: DoS via malformed packets
20 + d/p/CVE-2019-6471.patch: fix race condition in lib/dns/dispatch.c
21 + CVE-2019-6471
22 [Fixed in 1:9.11.5.P4+dfsg-5.1]
23
24 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Thu, 27 Jun 2019 14:54:25 +0000
25
1bind9 (1:9.11.5.P4+dfsg-5.1) unstable; urgency=high26bind9 (1:9.11.5.P4+dfsg-5.1) unstable; urgency=high
227
3 * Non-maintainer upload.28 * Non-maintainer upload.
@@ -6,6 +31,29 @@ bind9 (1:9.11.5.P4+dfsg-5.1) unstable; urgency=high
631
7 -- Salvatore Bonaccorso <carnil@debian.org> Fri, 21 Jun 2019 11:24:31 +020032 -- Salvatore Bonaccorso <carnil@debian.org> Fri, 21 Jun 2019 11:24:31 +0200
833
34bind9 (1:9.11.5.P4+dfsg-5ubuntu1) eoan; urgency=medium
35
36 * Merge with Debian unstable. Remaining changes:
37 - Build without lmdb support as that package is in Universe
38 - Don't build dnstap as it depends on universe packages:
39 + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
40 protobuf-c-compiler (universe packages)
41 + d/dnsutils.install: don't install dnstap
42 + d/libdns1104.symbols: don't include dnstap symbols
43 + d/rules: don't build dnstap nor install dnstap.proto
44 - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
45 option (LP #1804648)
46 - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
47 close to a query timeout (LP #1797926)
48 - d/t/simpletest: drop the internetsociety.org test as it requires
49 network egress access that is not available in the Ubuntu autopkgtest
50 farm.
51 - SECURITY UPDATE: DoS via malformed packets
52 + d/p/CVE-2019-6471.patch: fix race condition in lib/dns/dispatch.c
53 + CVE-2019-6471
54
55 -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com> Fri, 21 Jun 2019 18:06:22 +0000
56
9bind9 (1:9.11.5.P4+dfsg-5) unstable; urgency=medium57bind9 (1:9.11.5.P4+dfsg-5) unstable; urgency=medium
1058
11 * AppArmor: Allow /var/tmp/krb5_* (owner-only) for Samba AD DLZ.59 * AppArmor: Allow /var/tmp/krb5_* (owner-only) for Samba AD DLZ.
@@ -13,6 +61,69 @@ bind9 (1:9.11.5.P4+dfsg-5) unstable; urgency=medium
1361
14 -- Bernhard Schmidt <berni@debian.org> Fri, 03 May 2019 19:44:57 +020062 -- Bernhard Schmidt <berni@debian.org> Fri, 03 May 2019 19:44:57 +0200
1563
64bind9 (1:9.11.5.P4+dfsg-4ubuntu2) eoan; urgency=medium
65
66 * SECURITY UPDATE: DoS via malformed packets
67 - debian/patches/CVE-2019-6471.patch: fix race condition in
68 lib/dns/dispatch.c.
69 - CVE-2019-6471
70
71 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 20 Jun 2019 08:15:00 -0400
72
73bind9 (1:9.11.5.P4+dfsg-4ubuntu1) eoan; urgency=medium
74
75 * Merge with Debian unstable. Remaining changes:
76 - Build without lmdb support as that package is in Universe
77 - Don't build dnstap as it depends on universe packages:
78 + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
79 protobuf-c-compiler (universe packages)
80 + d/dnsutils.install: don't install dnstap
81 + d/libdns1104.symbols: don't include dnstap symbols
82 + d/rules: don't build dnstap nor install dnstap.proto
83 - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
84 option (LP #1804648)
85 - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
86 close to a query timeout (LP #1797926)
87 - d/t/simpletest: drop the internetsociety.org test as it requires
88 network egress access that is not available in the Ubuntu autopkgtest
89 farm.
90 * Dropped:
91 - SECURITY UPDATE: memory leak via specially crafted packet
92 + debian/patches/CVE-2018-5744.patch: silently drop additional keytag
93 options in bin/named/client.c.
94 + CVE-2018-5744
95 [Fixed upstream in 9.11.5-P2]
96 - SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
97 unsupported key algorithm when using managed-keys
98 + debian/patches/CVE-2018-5745.patch: properly handle situations when
99 the key tag cannot be computed in lib/dns/include/dst/dst.h,
100 lib/dns/zone.c.
101 + CVE-2018-5745
102 [Fixed upstream in 9.11.5-P2]
103 - SECURITY UPDATE: Controls for zone transfers may not be properly
104 applied to Dynamically Loadable Zones (DLZs) if the zones are writable
105 + debian/patches/CVE-2019-6465.patch: handle zone transfers marked in
106 the zone table as a DLZ zone bin/named/xfrout.c.
107 + CVE-2019-6465
108 [Fixed upstream in 9.11.5-P3]
109 - SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
110 + debian/patches/CVE-2018-5743.patch: add reference counting in
111 bin/named/client.c, bin/named/include/named/client.h,
112 bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
113 lib/isc/include/isc/quota.h, lib/isc/quota.c,
114 lib/isc/win32/libisc.def.in.
115 + debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
116 operations with isc_refcount reference counting in
117 bin/named/client.c, bin/named/include/named/interfacemgr.h,
118 bin/named/interfacemgr.c.
119 + debian/libisc1100.symbols: added new symbols.
120 + CVE-2018-5743
121 [Fixed in 1:9.11.5.P4+dfsg-4]
122 - d/rules: add back EdDSA support (LP #1825712)
123 [Fixed in 1:9.11.5.P4+dfsg-4]
124
125 -- Andreas Hasenack <andreas@canonical.com> Thu, 02 May 2019 13:35:59 -0300
126
16bind9 (1:9.11.5.P4+dfsg-4) unstable; urgency=medium127bind9 (1:9.11.5.P4+dfsg-4) unstable; urgency=medium
17128
18 [ Bernhard Schmidt ]129 [ Bernhard Schmidt ]
@@ -85,12 +196,114 @@ bind9 (1:9.11.5.P1+dfsg-2) unstable; urgency=medium
85196
86 -- Bernhard Schmidt <berni@debian.org> Tue, 12 Feb 2019 00:34:21 +0100197 -- Bernhard Schmidt <berni@debian.org> Tue, 12 Feb 2019 00:34:21 +0100
87198
199bind9 (1:9.11.5.P1+dfsg-1ubuntu4) eoan; urgency=medium
200
201 * d/rules: add back EdDSA support (LP: #1825712)
202
203 -- Andreas Hasenack <andreas@canonical.com> Fri, 26 Apr 2019 14:04:37 +0000
204
205bind9 (1:9.11.5.P1+dfsg-1ubuntu3) eoan; urgency=medium
206
207 * SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
208 - debian/patches/CVE-2018-5743.patch: add reference counting in
209 bin/named/client.c, bin/named/include/named/client.h,
210 bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
211 lib/isc/include/isc/quota.h, lib/isc/quota.c,
212 lib/isc/win32/libisc.def.in.
213 - debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
214 operations with isc_refcount reference counting in
215 bin/named/client.c, bin/named/include/named/interfacemgr.h,
216 bin/named/interfacemgr.c.
217 - debian/libisc1100.symbols: added new symbols.
218 - CVE-2018-5743
219
220 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 24 Apr 2019 05:00:07 -0400
221
222bind9 (1:9.11.5.P1+dfsg-1ubuntu2) disco; urgency=medium
223
224 * SECURITY UPDATE: memory leak via specially crafted packet
225 - debian/patches/CVE-2018-5744.patch: silently drop additional keytag
226 options in bin/named/client.c.
227 - CVE-2018-5744
228 * SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
229 unsupported key algorithm when using managed-keys
230 - debian/patches/CVE-2018-5745.patch: properly handle situations when
231 the key tag cannot be computed in lib/dns/include/dst/dst.h,
232 lib/dns/zone.c.
233 - CVE-2018-5745
234 * SECURITY UPDATE: Controls for zone transfers may not be properly
235 applied to Dynamically Loadable Zones (DLZs) if the zones are writable
236 - debian/patches/CVE-2019-6465.patch: handle zone transfers marked in
237 the zone table as a DLZ zone bin/named/xfrout.c.
238 - CVE-2019-6465
239
240 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 22 Feb 2019 10:52:30 +0100
241
242bind9 (1:9.11.5.P1+dfsg-1ubuntu1) disco; urgency=medium
243
244 * Merge with Debian unstable. Remaining changes:
245 - Build without lmdb support as that package is in Universe
246 - Don't build dnstap as it depends on universe packages:
247 + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
248 protobuf-c-compiler (universe packages)
249 + d/dnsutils.install: don't install dnstap
250 + d/libdns1104.symbols: don't include dnstap symbols
251 + d/rules: don't build dnstap nor install dnstap.proto
252 - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
253 option (LP #1804648)
254 - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
255 close to a query timeout (LP #1797926)
256 - d/t/simpletest: drop the internetsociety.org test as it requires
257 network egress access that is not available in the Ubuntu autopkgtest
258 farm.
259
260 -- Andreas Hasenack <andreas@canonical.com> Thu, 17 Jan 2019 18:59:25 -0200
261
88bind9 (1:9.11.5.P1+dfsg-1) unstable; urgency=medium262bind9 (1:9.11.5.P1+dfsg-1) unstable; urgency=medium
89263
90 * New upstream version 9.11.5.P1+dfsg264 * New upstream version 9.11.5.P1+dfsg
91265
92 -- Ondřej Surý <ondrej@debian.org> Tue, 18 Dec 2018 13:59:25 +0000266 -- Ondřej Surý <ondrej@debian.org> Tue, 18 Dec 2018 13:59:25 +0000
93267
268bind9 (1:9.11.5+dfsg-1ubuntu1) disco; urgency=medium
269
270 * Merge with Debian unstable. Remaining changes:
271 - Build without lmdb support as that package is in Universe
272 - Don't build dnstap as it depends on universe packages:
273 + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
274 protobuf-c-compiler (universe packages)
275 + d/dnsutils.install: don't install dnstap
276 + d/libdns1104.symbols: don't include dnstap symbols
277 + d/rules: don't build dnstap nor install dnstap.proto
278 * Dropped:
279 - SECURITY UPDATE: denial of service crash when deny-answer-aliases
280 option is used
281 + debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
282 trigger a crash if deny-answer-aliases was set
283 + debian/patches/CVE-2018-5740-2.patch: add tests
284 + debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
285 chainingp correctly, add test
286 + CVE-2018-5740
287 [Fixed in new upstream version 9.11.5]
288 - d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
289 line (Closes: #904983)
290 [Fixed in 1:9.11.4+dfsg-4]
291 - Add a patch to fix named-pkcs11 crashing on startup. (LP #1769440)
292 [Fixed in 1:9.11.4.P1+dfsg-1]
293 - Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
294 (it depends on OpenSSL version) (Closes: #897643)
295 [Fixed in 1:9.11.4.P1+dfsg-1]
296 * Added:
297 - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
298 option (LP: #1804648)
299 - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
300 close to a query timeout (LP: #1797926)
301 - d/t/simpletest: drop the internetsociety.org test as it requires
302 network egress access that is not available in the Ubuntu autopkgtest
303 farm.
304
305 -- Andreas Hasenack <andreas@canonical.com> Thu, 13 Dec 2018 19:40:23 -0200
306
94bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium307bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium
95308
96 * Use team+dns@tracker.debian.org as Maintainer address309 * Use team+dns@tracker.debian.org as Maintainer address
@@ -152,6 +365,55 @@ bind9 (1:9.11.4+dfsg-4) unstable; urgency=medium
152365
153 -- Bernhard Schmidt <berni@debian.org> Mon, 30 Jul 2018 16:28:21 +0200366 -- Bernhard Schmidt <berni@debian.org> Mon, 30 Jul 2018 16:28:21 +0200
154367
368bind9 (1:9.11.4+dfsg-3ubuntu5) cosmic; urgency=high
369
370 * No change rebuild against openssl 1.1.1 with TLS 1.3 support.
371
372 -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 29 Sep 2018 01:36:45 +0100
373
374bind9 (1:9.11.4+dfsg-3ubuntu4) cosmic; urgency=medium
375
376 * SECURITY UPDATE: denial of service crash when deny-answer-aliases
377 option is used
378 - debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
379 trigger a crash if deny-answer-aliases was set
380 - debian/patches/CVE-2018-5740-2.patch: add tests
381 - debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
382 chainingp correctly, add test
383 - CVE-2018-5740
384
385 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 20 Sep 2018 11:11:05 +0200
386
387bind9 (1:9.11.4+dfsg-3ubuntu3) cosmic; urgency=medium
388
389 * Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
390 (it depends on OpenSSL version) (Closes: #897643)
391
392 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 18 Sep 2018 10:39:12 +0200
393
394bind9 (1:9.11.4+dfsg-3ubuntu2) cosmic; urgency=medium
395
396 * d/p/skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11
397 crashing on startup. (LP: #1769440)
398
399 -- Karl Stenerud <karl.stenerud@canonical.com> Thu, 30 Aug 2018 07:11:39 -0700
400
401bind9 (1:9.11.4+dfsg-3ubuntu1) cosmic; urgency=medium
402
403 * Merge with Debian unstable. Remaining changes:
404 - Build without lmdb support as that package is in Universe
405 * Added:
406 - Don't build dnstap as it depends on universe packages:
407 + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
408 protobuf-c-compiler (universe packages)
409 + d/dnsutils.install: don't install dnstap
410 + d/libdns1102.symbols: don't include dnstap symbols
411 + d/rules: don't build dnstap
412 - d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
413 line (Closes: #904983)
414
415 -- Andreas Hasenack <andreas@canonical.com> Mon, 30 Jul 2018 10:56:04 -0300
416
155bind9 (1:9.11.4+dfsg-3) unstable; urgency=medium417bind9 (1:9.11.4+dfsg-3) unstable; urgency=medium
156418
157 * Enable IDN support for dig+host using libidn2 (Closes: #459010)419 * Enable IDN support for dig+host using libidn2 (Closes: #459010)
@@ -182,6 +444,19 @@ bind9 (1:9.11.4+dfsg-1) unstable; urgency=medium
182444
183 -- Ondřej Surý <ondrej@debian.org> Sat, 14 Jul 2018 12:27:56 +0000445 -- Ondřej Surý <ondrej@debian.org> Sat, 14 Jul 2018 12:27:56 +0000
184446
447bind9 (1:9.11.3+dfsg-2ubuntu1) cosmic; urgency=medium
448
449 * Merge with Debian unstable (LP: #1777935). Remaining changes:
450 - Build without lmdb support as that package is in Universe
451 * Drop:
452 - SECURITY UPDATE: improperly permits recursive query service
453 + debian/patches/CVE-2018-5738.patch: fix configure_view_acl() handling
454 in bin/named/server.c.
455 + CVE-2018-5738
456 [Applied in Debian's 1:9.11.3+dfsg-2]
457
458 -- Andreas Hasenack <andreas@canonical.com> Wed, 20 Jun 2018 17:42:16 -0300
459
185bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium460bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium
186461
187 * [CVE-2018-5738]: Add upstream fix to close the default open recursion462 * [CVE-2018-5738]: Add upstream fix to close the default open recursion
@@ -190,6 +465,24 @@ bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium
190465
191 -- Ondřej Surý <ondrej@debian.org> Thu, 14 Jun 2018 13:01:47 +0000466 -- Ondřej Surý <ondrej@debian.org> Thu, 14 Jun 2018 13:01:47 +0000
192467
468bind9 (1:9.11.3+dfsg-1ubuntu2) cosmic; urgency=medium
469
470 * SECURITY UPDATE: improperly permits recursive query service
471 - debian/patches/CVE-2018-5738.patch: fix configure_view_acl() handling
472 in bin/named/server.c.
473 - CVE-2018-5738
474
475 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Jun 2018 09:41:51 -0400
476
477bind9 (1:9.11.3+dfsg-1ubuntu1) bionic; urgency=low
478
479 * New upstream release. (LP: #1763572)
480 - fix a crash when configured with ipa-dns-install
481 * Merge from Debian unstable. Remaining changes:
482 - Build without lmdb support as that package is in Universe
483
484 -- Timo Aaltonen <tjaalton@debian.org> Fri, 13 Apr 2018 07:40:47 +0300
485
193bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium486bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium
194487
195 [ Bernhard Schmidt ]488 [ Bernhard Schmidt ]
@@ -214,6 +507,61 @@ bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium
214507
215 -- Bernhard Schmidt <berni@debian.org> Fri, 23 Mar 2018 00:09:58 +0100508 -- Bernhard Schmidt <berni@debian.org> Fri, 23 Mar 2018 00:09:58 +0100
216509
510bind9 (1:9.11.2.P1-1ubuntu5) bionic; urgency=medium
511
512 * debian/patches/nsupdate-gssapi-fails-ad-45854.patch: fix updating
513 DNS records in Microsoft AD using GSSAPI. Thanks to Mark Andrews
514 <marka@isc.org>. (LP: #1755439)
515
516 -- Andreas Hasenack <andreas@canonical.com> Fri, 16 Mar 2018 09:38:46 -0300
517
518bind9 (1:9.11.2.P1-1ubuntu4) bionic; urgency=medium
519
520 * Fix apparmor profile filename (LP: #1754981)
521
522 -- Andreas Hasenack <andreas@canonical.com> Thu, 15 Mar 2018 10:06:57 -0300
523
524bind9 (1:9.11.2.P1-1ubuntu3) bionic; urgency=high
525
526 * No change rebuild against openssl1.1.
527
528 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 06 Feb 2018 12:14:22 +0000
529
530bind9 (1:9.11.2.P1-1ubuntu2) bionic; urgency=medium
531
532 * Build without lmdb support as that package is in Universe (LP: #1746296)
533 - d/control: remove Build-Depends on liblmdb-dev
534 - d/rules: configure --without-lmdb
535 - d/bind9.install: drop named-nzd2nzf and named-nzd2nzf.8 as it requires
536 lmdb.
537
538 -- Andreas Hasenack <andreas@canonical.com> Tue, 30 Jan 2018 15:21:23 -0200
539
540bind9 (1:9.11.2.P1-1ubuntu1) bionic; urgency=medium
541
542 * Merge with Debian unstable (LP: #1744930).
543 * Drop:
544 - Add RemainAfterExit to bind9-resolvconf unit configuration file
545 (LP #1536181).
546 [fixed in 1:9.10.6+dfsg-4]
547 - rules: Fix path to libsofthsm2.so. (LP #1685780)
548 [adopted in 1:9.10.6+dfsg-5]
549 - d/p/CVE-2016-8864-regression-test.patch: tests for the regression
550 introduced with the CVE-2016-8864.patch and fixed in
551 CVE-2016-8864-regression.patch.
552 [applied upstream]
553 - d/p/CVE-2016-8864-regression2-test.patch: tests for the second
554 regression (RT #44318) introduced with the CVE-2016-8864.patch
555 and fixed in CVE-2016-8864-regression2.patch.
556 [applied upstream]
557 - d/control, d/rules: add json support for the statistics channels.
558 (LP #1669193)
559 [adopted in 1:9.10.6+dfsg-5]
560 * d/p/add-ply-dependency-to-python-scripts.patch: setup.py is missing
561 listing the python ply module as a dependency (Closes: #888463)
562
563 -- Andreas Hasenack <andreas@canonical.com> Fri, 26 Jan 2018 11:20:33 -0200
564
217bind9 (1:9.11.2.P1-1) unstable; urgency=medium565bind9 (1:9.11.2.P1-1) unstable; urgency=medium
218566
219 * New upstream version 9.11.2-P1567 * New upstream version 9.11.2-P1
@@ -389,6 +737,140 @@ bind9 (1:9.10.6+dfsg-1) unstable; urgency=medium
389737
390 -- Ondřej Surý <ondrej@debian.org> Fri, 06 Oct 2017 06:18:21 +0000738 -- Ondřej Surý <ondrej@debian.org> Fri, 06 Oct 2017 06:18:21 +0000
391739
740bind9 (1:9.10.3.dfsg.P4-12.6ubuntu1) artful; urgency=medium
741
742 * Merge with Debian unstable (LP: #1712920). Remaining changes:
743 - Add RemainAfterExit to bind9-resolvconf unit configuration file
744 (LP #1536181).
745 - rules: Fix path to libsofthsm2.so. (LP #1685780)
746 - d/p/CVE-2016-8864-regression-test.patch: tests for the regression
747 introduced with the CVE-2016-8864.patch and fixed in
748 CVE-2016-8864-regression.patch.
749 - d/p/CVE-2016-8864-regression2-test.patch: tests for the second
750 regression (RT #44318) introduced with the CVE-2016-8864.patch
751 and fixed in CVE-2016-8864-regression2.patch.
752 - d/control, d/rules: add json support for the statistics channels.
753 (LP #1669193)
754
755 -- Andreas Hasenack <andreas@canonical.com> Thu, 24 Aug 2017 18:28:00 -0300
756
757bind9 (1:9.10.3.dfsg.P4-12.6) unstable; urgency=medium
758
759 * Non-maintainer upload.
760 * Import upcoming DNSSEC KSK-2017 from 9.10.5 (Closes: #860794)
761
762 -- Bernhard Schmidt <berni@debian.org> Fri, 11 Aug 2017 19:10:07 +0200
763
764bind9 (1:9.10.3.dfsg.P4-12.5ubuntu1) artful; urgency=medium
765
766 * Merge with Debian unstable (LP: #1701687). Remaining changes:
767 - Add RemainAfterExit to bind9-resolvconf unit configuration file
768 (LP #1536181).
769 - rules: Fix path to libsofthsm2.so. (LP #1685780)
770 * Drop:
771 - SECURITY UPDATE: denial of service via assertion failure
772 + debian/patches/CVE-2016-2776.patch: properly handle lengths in
773 lib/dns/message.c.
774 + CVE-2016-2776
775 + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
776 - SECURITY UPDATE: assertion failure via class mismatch
777 + debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
778 records in lib/dns/resolver.c.
779 + CVE-2016-9131
780 + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
781 - SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
782 + debian/patches/CVE-2016-9147.patch: fix logic when records are
783 returned without the requested data in lib/dns/resolver.c.
784 + CVE-2016-9147
785 + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
786 - SECURITY UPDATE: assertion failure via unusually-formed DS record
787 + debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
788 lib/dns/message.c, lib/dns/resolver.c.
789 + CVE-2016-9444
790 + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
791 - SECURITY UPDATE: regression in CVE-2016-8864
792 + debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
793 responses in lib/dns/resolver.c, added tests to
794 bin/tests/system/dname/ns2/example.db,
795 bin/tests/system/dname/tests.sh.
796 + No CVE number
797 + [Fixed in Debian 1:9.10.3.dfsg.P4-11 and 1:9.10.3.dfsg.P4-12]
798 - SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
799 a NULL pointer
800 + debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
801 combination in bin/named/query.c, lib/dns/message.c,
802 lib/dns/rdataset.c.
803 + CVE-2017-3135
804 + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
805 - SECURITY UPDATE: regression in CVE-2016-8864
806 + debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
807 was still being cached when it should have been in lib/dns/resolver.c,
808 added tests to bin/tests/system/dname/ans3/ans.pl,
809 bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
810 + No CVE number
811 + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
812 - SECURITY UPDATE: Denial of Service due to an error handling
813 synthesized records when using DNS64 with "break-dnssec yes;"
814 + debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
815 called.
816 + CVE-2017-3136
817 + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]
818 - SECURITY UPDATE: Denial of Service due to resolver terminating when
819 processing a response packet containing a CNAME or DNAME
820 + debian/patches/CVE-2017-3137.patch: don't expect a specific
821 ordering of answer components; add testcases.
822 + CVE-2017-3137
823 + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3 with 3 patch files]
824 - SECURITY UPDATE: Denial of Service when receiving a null command on
825 the control channel
826 + debian/patches/CVE-2017-3138.patch: don't throw an assert if no
827 command token is given; add testcase.
828 + CVE-2017-3138
829 + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]
830 - SECURITY UPDATE: TSIG authentication issues
831 + debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
832 lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
833 + CVE-2017-3142
834 + CVE-2017-3143
835 + [Fixed in Debian 1:9.10.3.dfsg.P4-12.4]
836 * d/p/CVE-2016-8864-regression-test.patch: tests for the regression
837 introduced with the CVE-2016-8864.patch and fixed in
838 CVE-2016-8864-regression.patch.
839 * d/p/CVE-2016-8864-regression2-test.patch: tests for the second
840 regression (RT #44318) introduced with the CVE-2016-8864.patch
841 and fixed in CVE-2016-8864-regression2.patch.
842 * d/control, d/rules: add json support for the statistics channels.
843 (LP: #1669193)
844
845 -- Andreas Hasenack <andreas@canonical.com> Fri, 11 Aug 2017 17:12:09 -0300
846
847bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium
848
849 * Non-maintainer upload.
850 * Change to fix CVE-2017-3142 and CVE-2017-3143 broke verification of TSIG
851 signed TCP message sequences where not all the messages contain TSIG
852 records. These may be used in AXFR and IXFR responses.
853 (Closes: #868952)
854
855 -- Salvatore Bonaccorso <carnil@debian.org> Fri, 21 Jul 2017 22:28:32 +0200
856
857bind9 (1:9.10.3.dfsg.P4-12.4) unstable; urgency=high
858
859 * Non-maintainer upload.
860
861 [ Yves-Alexis Perez ]
862 * debian/patches:
863 - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
864 CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
865 transfers. An attacker may be able to circumvent TSIG authentication of
866 AXFR and Notify requests.
867 CVE-2017-3143: error in TSIG authentication can permit unauthorized
868 dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
869 signature for a dynamic update.
870 (Closes: #866564)
871
872 -- Salvatore Bonaccorso <carnil@debian.org> Sun, 16 Jul 2017 22:13:21 +0200
873
392bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) stretch; urgency=medium874bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) stretch; urgency=medium
393875
394 [ Bernhard Schmidt ]876 [ Bernhard Schmidt ]
@@ -495,6 +977,98 @@ bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium
495977
496 -- Michael Gilbert <mgilbert@debian.org> Thu, 19 Jan 2017 04:03:28 +0000978 -- Michael Gilbert <mgilbert@debian.org> Thu, 19 Jan 2017 04:03:28 +0000
497979
980bind9 (1:9.10.3.dfsg.P4-10.1ubuntu7) artful; urgency=medium
981
982 * SECURITY UPDATE: TSIG authentication issues
983 - debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
984 lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
985 - CVE-2017-3142
986 - CVE-2017-3143
987
988 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 03 Jul 2017 09:48:13 -0400
989
990bind9 (1:9.10.3.dfsg.P4-10.1ubuntu6) artful; urgency=medium
991
992 * rules: Fix path to libsofthsm2.so. (LP: #1685780)
993
994 -- Timo Aaltonen <tjaalton@debian.org> Mon, 24 Apr 2017 15:01:30 +0300
995
996bind9 (1:9.10.3.dfsg.P4-10.1ubuntu5) zesty-security; urgency=medium
997
998 * SECURITY UPDATE: Denial of Service due to an error handling
999 synthesized records when using DNS64 with "break-dnssec yes;"
1000 - debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
1001 called.
1002 - CVE-2017-3136
1003 * SECURITY UPDATE: Denial of Service due to resolver terminating when
1004 processing a response packet containing a CNAME or DNAME
1005 - debian/patches/CVE-2017-3137.patch: don't expect a specific
1006 ordering of answer components; add testcases.
1007 - CVE-2017-3137
1008 * SECURITY UPDATE: Denial of Service when receiving a null command on
1009 the control channel
1010 - debian/patches/CVE-2017-3138.patch: don't throw an assert if no
1011 command token is given; add testcase.
1012 - CVE-2017-3138
1013
1014 -- Steve Beattie <sbeattie@ubuntu.com> Wed, 12 Apr 2017 01:32:15 -0700
1015
1016bind9 (1:9.10.3.dfsg.P4-10.1ubuntu4) zesty; urgency=medium
1017
1018 * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
1019 a NULL pointer
1020 - debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
1021 combination in bin/named/query.c, lib/dns/message.c,
1022 lib/dns/rdataset.c.
1023 - CVE-2017-3135
1024 * SECURITY UPDATE: regression in CVE-2016-8864
1025 - debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
1026 was still being cached when it should have been in lib/dns/resolver.c,
1027 added tests to bin/tests/system/dname/ans3/ans.pl,
1028 bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
1029 - No CVE number
1030
1031 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 15 Feb 2017 09:37:39 -0500
1032
1033bind9 (1:9.10.3.dfsg.P4-10.1ubuntu3) zesty; urgency=medium
1034
1035 * SECURITY UPDATE: assertion failure via class mismatch
1036 - debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
1037 records in lib/dns/resolver.c.
1038 - CVE-2016-9131
1039 * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
1040 - debian/patches/CVE-2016-9147.patch: fix logic when records are
1041 returned without the requested data in lib/dns/resolver.c.
1042 - CVE-2016-9147
1043 * SECURITY UPDATE: assertion failure via unusually-formed DS record
1044 - debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
1045 lib/dns/message.c, lib/dns/resolver.c.
1046 - CVE-2016-9444
1047 * SECURITY UPDATE: regression in CVE-2016-8864
1048 - debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
1049 responses in lib/dns/resolver.c, added tests to
1050 bin/tests/system/dname/ns2/example.db,
1051 bin/tests/system/dname/tests.sh.
1052 - No CVE number
1053
1054 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jan 2017 09:28:10 -0500
1055
1056bind9 (1:9.10.3.dfsg.P4-10.1ubuntu2) zesty; urgency=medium
1057
1058 * Add RemainAfterExit to bind9-resolvconf unit configuration file
1059 (LP: #1536181).
1060
1061 -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Tue, 15 Nov 2016 08:24:58 -0800
1062
1063bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1) yakkety; urgency=medium
1064
1065 * SECURITY UPDATE: denial of service via assertion failure
1066 - debian/patches/CVE-2016-2776.patch: properly handle lengths in
1067 lib/dns/message.c.
1068 - CVE-2016-2776
1069
1070 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 04 Oct 2016 14:31:17 -0400
1071
498bind9 (1:9.10.3.dfsg.P4-10.1) unstable; urgency=medium1072bind9 (1:9.10.3.dfsg.P4-10.1) unstable; urgency=medium
4991073
500 * Non-maintainer upload.1074 * Non-maintainer upload.
diff --git a/debian/control b/debian/control
index 73c2a17..3d7f03d 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: bind91Source: bind9
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Debian DNS Team <team+dns@tracker.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian DNS Team <team+dns@tracker.debian.org>
5Uploaders: LaMont Jones <lamont@debian.org>,6Uploaders: LaMont Jones <lamont@debian.org>,
6 Michael Gilbert <mgilbert@debian.org>,7 Michael Gilbert <mgilbert@debian.org>,
7 Robie Basak <robie.basak@canonical.com>,8 Robie Basak <robie.basak@canonical.com>,
@@ -15,18 +16,14 @@ Build-Depends: bison,
15 dpkg-dev (>= 1.16.1~),16 dpkg-dev (>= 1.16.1~),
16 libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386],17 libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386],
17 libdb-dev (>>4.6),18 libdb-dev (>>4.6),
18 libfstrm-dev,
19 libgeoip-dev (>= 1.4.6.dfsg-5),19 libgeoip-dev (>= 1.4.6.dfsg-5),
20 libidn2-dev,20 libidn2-dev,
21 libjson-c-dev,21 libjson-c-dev,
22 libkrb5-dev,22 libkrb5-dev,
23 libldap2-dev,23 libldap2-dev,
24 liblmdb-dev,
25 libprotobuf-c-dev,
26 libssl-dev,24 libssl-dev,
27 libtool,25 libtool,
28 libxml2-dev,26 libxml2-dev,
29 protobuf-c-compiler,
30 python3,27 python3,
31 python3-distutils,28 python3-distutils,
32 python3-ply29 python3-ply
diff --git a/debian/dnsutils.install b/debian/dnsutils.install
index 90e4fba..5e6b7d9 100644
--- a/debian/dnsutils.install
+++ b/debian/dnsutils.install
@@ -1,12 +1,10 @@
1usr/bin/delv1usr/bin/delv
2usr/bin/dig2usr/bin/dig
3usr/bin/dnstap-read
4usr/bin/mdig3usr/bin/mdig
5usr/bin/nslookup4usr/bin/nslookup
6usr/bin/nsupdate5usr/bin/nsupdate
7usr/share/man/man1/delv.16usr/share/man/man1/delv.1
8usr/share/man/man1/dig.17usr/share/man/man1/dig.1
9usr/share/man/man1/dnstap-read.1
10usr/share/man/man1/mdig.18usr/share/man/man1/mdig.1
11usr/share/man/man1/nslookup.19usr/share/man/man1/nslookup.1
12usr/share/man/man1/nsupdate.110usr/share/man/man1/nsupdate.1
diff --git a/debian/libdns1104.symbols b/debian/libdns1104.symbols
index d7c98d4..7b6020e 100644
--- a/debian/libdns1104.symbols
+++ b/debian/libdns1104.symbols
@@ -358,21 +358,6 @@ libdns-pkcs11.so.1104 libdns1104 #MINVER#
358 dns_dsdigest_format@Base 1:9.11.3+dfsg358 dns_dsdigest_format@Base 1:9.11.3+dfsg
359 dns_dsdigest_fromtext@Base 1:9.11.3+dfsg359 dns_dsdigest_fromtext@Base 1:9.11.3+dfsg
360 dns_dsdigest_totext@Base 1:9.11.3+dfsg360 dns_dsdigest_totext@Base 1:9.11.3+dfsg
361 dns_dt_attach@Base 1:9.11.4.P1
362 dns_dt_close@Base 1:9.11.4.P1
363 dns_dt_create@Base 1:9.11.4.P1
364 dns_dt_datatotext@Base 1:9.11.4.P1
365 dns_dt_detach@Base 1:9.11.4.P1
366 dns_dt_getframe@Base 1:9.11.4.P1
367 dns_dt_getstats@Base 1:9.11.4.P1
368 dns_dt_open@Base 1:9.11.4.P1
369 dns_dt_parse@Base 1:9.11.4.P1
370 dns_dt_reopen@Base 1:9.11.4.P1
371 dns_dt_send@Base 1:9.11.4.P1
372 dns_dt_setidentity@Base 1:9.11.4.P1
373 dns_dt_setversion@Base 1:9.11.4.P1
374 dns_dt_shutdown@Base 1:9.11.4.P1
375 dns_dtdata_free@Base 1:9.11.4.P1
376 dns_dumpctx_attach@Base 1:9.11.3+dfsg361 dns_dumpctx_attach@Base 1:9.11.3+dfsg
377 dns_dumpctx_cancel@Base 1:9.11.3+dfsg362 dns_dumpctx_cancel@Base 1:9.11.3+dfsg
378 dns_dumpctx_db@Base 1:9.11.3+dfsg363 dns_dumpctx_db@Base 1:9.11.3+dfsg
@@ -1443,24 +1428,6 @@ libdns-pkcs11.so.1104 libdns1104 #MINVER#
1443 dns_zt_setviewcommit@Base 1:9.11.3+dfsg1428 dns_zt_setviewcommit@Base 1:9.11.3+dfsg
1444 dns_zt_setviewrevert@Base 1:9.11.3+dfsg1429 dns_zt_setviewrevert@Base 1:9.11.3+dfsg
1445 dns_zt_unmount@Base 1:9.11.3+dfsg1430 dns_zt_unmount@Base 1:9.11.3+dfsg
1446 dnstap__dnstap__descriptor@Base 1:9.11.4.P1
1447 dnstap__dnstap__free_unpacked@Base 1:9.11.4.P1
1448 dnstap__dnstap__get_packed_size@Base 1:9.11.4.P1
1449 dnstap__dnstap__init@Base 1:9.11.4.P1
1450 dnstap__dnstap__pack@Base 1:9.11.4.P1
1451 dnstap__dnstap__pack_to_buffer@Base 1:9.11.4.P1
1452 dnstap__dnstap__type__descriptor@Base 1:9.11.4.P1
1453 dnstap__dnstap__unpack@Base 1:9.11.4.P1
1454 dnstap__message__descriptor@Base 1:9.11.4.P1
1455 dnstap__message__free_unpacked@Base 1:9.11.4.P1
1456 dnstap__message__get_packed_size@Base 1:9.11.4.P1
1457 dnstap__message__init@Base 1:9.11.4.P1
1458 dnstap__message__pack@Base 1:9.11.4.P1
1459 dnstap__message__pack_to_buffer@Base 1:9.11.4.P1
1460 dnstap__message__type__descriptor@Base 1:9.11.4.P1
1461 dnstap__message__unpack@Base 1:9.11.4.P1
1462 dnstap__socket_family__descriptor@Base 1:9.11.4.P1
1463 dnstap__socket_protocol__descriptor@Base 1:9.11.4.P1
1464 dst__entropy_getdata@Base 1:9.11.3+dfsg1431 dst__entropy_getdata@Base 1:9.11.3+dfsg
1465 dst__entropy_status@Base 1:9.11.3+dfsg1432 dst__entropy_status@Base 1:9.11.3+dfsg
1466 dst__gssapi_init@Base 1:9.11.3+dfsg1433 dst__gssapi_init@Base 1:9.11.3+dfsg
@@ -1940,21 +1907,6 @@ libdns.so.1104 libdns1104 #MINVER#
1940 dns_dsdigest_format@Base 1:9.11.3+dfsg1907 dns_dsdigest_format@Base 1:9.11.3+dfsg
1941 dns_dsdigest_fromtext@Base 1:9.11.3+dfsg1908 dns_dsdigest_fromtext@Base 1:9.11.3+dfsg
1942 dns_dsdigest_totext@Base 1:9.11.3+dfsg1909 dns_dsdigest_totext@Base 1:9.11.3+dfsg
1943 dns_dt_attach@Base 1:9.11.4.P1
1944 dns_dt_close@Base 1:9.11.4.P1
1945 dns_dt_create@Base 1:9.11.4.P1
1946 dns_dt_datatotext@Base 1:9.11.4.P1
1947 dns_dt_detach@Base 1:9.11.4.P1
1948 dns_dt_getframe@Base 1:9.11.4.P1
1949 dns_dt_getstats@Base 1:9.11.4.P1
1950 dns_dt_open@Base 1:9.11.4.P1
1951 dns_dt_parse@Base 1:9.11.4.P1
1952 dns_dt_reopen@Base 1:9.11.4.P1
1953 dns_dt_send@Base 1:9.11.4.P1
1954 dns_dt_setidentity@Base 1:9.11.4.P1
1955 dns_dt_setversion@Base 1:9.11.4.P1
1956 dns_dt_shutdown@Base 1:9.11.4.P1
1957 dns_dtdata_free@Base 1:9.11.4.P1
1958 dns_dumpctx_attach@Base 1:9.11.3+dfsg1910 dns_dumpctx_attach@Base 1:9.11.3+dfsg
1959 dns_dumpctx_cancel@Base 1:9.11.3+dfsg1911 dns_dumpctx_cancel@Base 1:9.11.3+dfsg
1960 dns_dumpctx_db@Base 1:9.11.3+dfsg1912 dns_dumpctx_db@Base 1:9.11.3+dfsg
@@ -3032,24 +2984,6 @@ libdns.so.1104 libdns1104 #MINVER#
3032 dns_zt_setviewcommit@Base 1:9.11.3+dfsg2984 dns_zt_setviewcommit@Base 1:9.11.3+dfsg
3033 dns_zt_setviewrevert@Base 1:9.11.3+dfsg2985 dns_zt_setviewrevert@Base 1:9.11.3+dfsg
3034 dns_zt_unmount@Base 1:9.11.3+dfsg2986 dns_zt_unmount@Base 1:9.11.3+dfsg
3035 dnstap__dnstap__descriptor@Base 1:9.11.4.P1
3036 dnstap__dnstap__free_unpacked@Base 1:9.11.4.P1
3037 dnstap__dnstap__get_packed_size@Base 1:9.11.4.P1
3038 dnstap__dnstap__init@Base 1:9.11.4.P1
3039 dnstap__dnstap__pack@Base 1:9.11.4.P1
3040 dnstap__dnstap__pack_to_buffer@Base 1:9.11.4.P1
3041 dnstap__dnstap__type__descriptor@Base 1:9.11.4.P1
3042 dnstap__dnstap__unpack@Base 1:9.11.4.P1
3043 dnstap__message__descriptor@Base 1:9.11.4.P1
3044 dnstap__message__free_unpacked@Base 1:9.11.4.P1
3045 dnstap__message__get_packed_size@Base 1:9.11.4.P1
3046 dnstap__message__init@Base 1:9.11.4.P1
3047 dnstap__message__pack@Base 1:9.11.4.P1
3048 dnstap__message__pack_to_buffer@Base 1:9.11.4.P1
3049 dnstap__message__type__descriptor@Base 1:9.11.4.P1
3050 dnstap__message__unpack@Base 1:9.11.4.P1
3051 dnstap__socket_family__descriptor@Base 1:9.11.4.P1
3052 dnstap__socket_protocol__descriptor@Base 1:9.11.4.P1
3053 dst__entropy_getdata@Base 1:9.11.3+dfsg2987 dst__entropy_getdata@Base 1:9.11.3+dfsg
3054 dst__entropy_status@Base 1:9.11.3+dfsg2988 dst__entropy_status@Base 1:9.11.3+dfsg
3055 dst__gssapi_init@Base 1:9.11.3+dfsg2989 dst__gssapi_init@Base 1:9.11.3+dfsg
diff --git a/debian/patches/enable-udp-in-host-command.diff b/debian/patches/enable-udp-in-host-command.diff
3056new file mode 1006442990new file mode 100644
index 0000000..5444ae7
--- /dev/null
+++ b/debian/patches/enable-udp-in-host-command.diff
@@ -0,0 +1,26 @@
1Description: Fix parsing of host(1)'s -U command line option
2Author: Andreas Hasenack <andreas@canonical.com>
3Bug: https://gitlab.isc.org/isc-projects/bind9/issues/769
4Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1804648
5Applied-Upstream: https://gitlab.isc.org/isc-projects/bind9/commit/5e2cd91321cdda1707411c4e268d364f03f63935
6Last-Update: 2018-12-06
7---
8This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
9--- a/bin/dig/host.c
10+++ b/bin/dig/host.c
11@@ -158,6 +158,7 @@
12 " -s a SERVFAIL response should stop query\n"
13 " -t specifies the query type\n"
14 " -T enables TCP/IP mode\n"
15+" -U enables UDP mode\n"
16 " -v enables verbose output\n"
17 " -V print version number and exit\n"
18 " -w specifies to wait forever for a reply\n"
19@@ -657,6 +658,7 @@
20 case 'N': break;
21 case 'R': break;
22 case 'T': break;
23+ case 'U': break;
24 case 'W': break;
25 default:
26 show_usage();
diff --git a/debian/patches/fix-shutdown-race.diff b/debian/patches/fix-shutdown-race.diff
0new file mode 10064427new file mode 100644
index 0000000..f10f51f
--- /dev/null
+++ b/debian/patches/fix-shutdown-race.diff
@@ -0,0 +1,41 @@
1From f2ca287330110993609fa0443d3bdb17629bd979 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
3Date: Tue, 13 Nov 2018 13:50:47 +0100
4Subject: [PATCH 1/2] Fix a shutdown race in bin/dig/dighost.c
5
6If a tool using the routines defined in bin/dig/dighost.c is sent an
7interruption signal around the time a connection timeout is scheduled to
8fire, connect_timeout() may be executed after destroy_libs() detaches
9from the global task (setting 'global_task' to NULL), which results in a
10crash upon a UDP retry due to bringup_timer() attempting to create a
11timer with 'task' set to NULL. Fix by preventing connect_timeout() from
12attempting a retry when shutdown is in progress.
13
14(cherry picked from commit 462175659674a10c0d39c7c328f1a5324ce2e38b)
15
16Origin: https://gitlab.isc.org/isc-projects/bind9/merge_requests/1040/diffs
17Bug: https://gitlab.isc.org/isc-projects/bind9/issues/599
18Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1797926
19Last-Update: 2018-12-06
20
21---
22 bin/dig/dighost.c | 5 +++++
23 1 file changed, 5 insertions(+)
24diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
25index 39abb9d0fd..17e0328228 100644
26--- a/bin/dig/dighost.c
27+++ b/bin/dig/dighost.c
28@@ -3240,6 +3240,11 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
29
30 INSIST(!free_now);
31
32+ if (cancel_now) {
33+ UNLOCK_LOOKUP;
34+ return;
35+ }
36+
37 if ((query != NULL) && (query->lookup->current_query != NULL) &&
38 ISC_LINK_LINKED(query->lookup->current_query, link) &&
39 (ISC_LIST_NEXT(query->lookup->current_query, link) != NULL)) {
40--
412.18.1
diff --git a/debian/patches/series b/debian/patches/series
index c303f7f..11e3421 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,5 @@ keymgr-dont-immediately-delete.diff
130013-Replace-atomic-operations-in-bin-named-client.c-with.patch130013-Replace-atomic-operations-in-bin-named-client.c-with.patch
140014-Disable-broken-Ed448-support.patch140014-Disable-broken-Ed448-support.patch
150015-move-item_out-test-inside-lock-in-dns_dispatch_getne.patch150015-move-item_out-test-inside-lock-in-dns_dispatch_getne.patch
16enable-udp-in-host-command.diff
17fix-shutdown-race.diff
diff --git a/debian/rules b/debian/rules
index c8d745c..717ecb9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -91,7 +91,7 @@ override_dh_auto_configure:
91 --with-gssapi=/usr \91 --with-gssapi=/usr \
92 --with-libidn2 \92 --with-libidn2 \
93 --with-libjson=/usr \93 --with-libjson=/usr \
94 --with-lmdb=/usr \94 --without-lmdb \
95 --with-gnu-ld \95 --with-gnu-ld \
96 --with-geoip=/usr \96 --with-geoip=/usr \
97 --with-atf=no \97 --with-atf=no \
@@ -101,7 +101,6 @@ override_dh_auto_configure:
101 --enable-native-pkcs11 \101 --enable-native-pkcs11 \
102 --with-pkcs11=\$${prefix}/lib/softhsm/libsofthsm2.so \102 --with-pkcs11=\$${prefix}/lib/softhsm/libsofthsm2.so \
103 --with-randomdev=/dev/urandom \103 --with-randomdev=/dev/urandom \
104 --enable-dnstap \
105 $(EXTRA_FEATURES)104 $(EXTRA_FEATURES)
106 dh_auto_configure -B build-udeb -- \105 dh_auto_configure -B build-udeb -- \
107 --sysconfdir=/etc/bind \106 --sysconfdir=/etc/bind \
@@ -126,8 +125,6 @@ override_dh_auto_configure:
126 # no need to build these targets here125 # no need to build these targets here
127 sed -i 's/dnssec-pkcs11//;s/named-pkcs11//' build-udeb/bin/Makefile126 sed -i 's/dnssec-pkcs11//;s/named-pkcs11//' build-udeb/bin/Makefile
128 sed -i 's/dns-pkcs11//;s/isc-pkcs11//' build-udeb/lib/Makefile127 sed -i 's/dns-pkcs11//;s/isc-pkcs11//' build-udeb/lib/Makefile
129 cp lib/dns/dnstap.proto build/lib/dns
130 cp lib/dns-pkcs11/dnstap.proto build/lib/dns-pkcs11
131128
132override_dh_auto_build:129override_dh_auto_build:
133 dh_auto_build -B build130 dh_auto_build -B build
diff --git a/debian/tests/simpletest b/debian/tests/simpletest
index 468a7c5..34b0b25 100755
--- a/debian/tests/simpletest
+++ b/debian/tests/simpletest
@@ -10,10 +10,6 @@ setup() {
10run() {10run() {
11 # Make a query against a local zone11 # Make a query against a local zone
12 dig -x 127.0.0.1 @127.0.0.112 dig -x 127.0.0.1 @127.0.0.1
13
14 # Make a query against an external nameserver and check for DNSSEC validation
15 echo "Checking for DNSSEC validation status of internetsociety.org"
16 dig -t a internetsociety.org @127.0.0.1 | egrep 'flags:.+ad; QUERY'
17}13}
1814
19teardown() {15teardown() {

Subscribers

People subscribed via source and target branches