Merge ~ahasenack/ubuntu/+source/bind9:cosmic-bind9-merge-1777935 into ubuntu/+source/bind9:debian/sid
- Git
- lp:~ahasenack/ubuntu/+source/bind9
- cosmic-bind9-merge-1777935
- Merge into debian/sid
Proposed by
Andreas Hasenack
Status: | Merged |
---|---|
Merge reported by: | Christian Ehrhardt |
Merged at revision: | 0dff53cfe1e4f3b6fab2b4d95275540798616abd |
Proposed branch: | ~ahasenack/ubuntu/+source/bind9:cosmic-bind9-merge-1777935 |
Merge into: | ubuntu/+source/bind9:debian/sid |
Diff against target: |
403 lines (+315/-5) 4 files modified
debian/bind9.install (+0/-2) debian/changelog (+312/-0) debian/control (+2/-2) debian/rules (+1/-1) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Christian Ehrhardt (community) | Approve | ||
Canonical Server | Pending | ||
Review via email: mp+348316@code.launchpad.net |
This proposal supersedes a proposal from 2018-06-20.
Commit message
Description of the change
Simple merge, one single delta drop on a security patch that was adopted by debian, one simple delta remains because the package is in universe. This is mostly to exercise the merge muscles and to reduce the work for the next time.
PPA with test packages: https:/
To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote : | # |
Indeed, but still good to check that the delta drop didn't inadvertently drop the CVE patch :)
Thanks for the review, could you please push the upload tag and sponsor?
Revision history for this message
Christian Ehrhardt (paelzer) wrote : | # |
Tagged, Pushed and sponsored.
Please track migration as usual.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/debian/bind9.install b/debian/bind9.install |
2 | index 26d595e..fd7f0f5 100644 |
3 | --- a/debian/bind9.install |
4 | +++ b/debian/bind9.install |
5 | @@ -16,7 +16,6 @@ usr/sbin/genrandom |
6 | usr/sbin/isc-hmac-fixup |
7 | usr/sbin/named |
8 | usr/sbin/named-journalprint |
9 | -usr/sbin/named-nzd2nzf |
10 | usr/sbin/named-pkcs11 |
11 | usr/sbin/nsec3hash |
12 | usr/sbin/tsig-keygen |
13 | @@ -32,7 +31,6 @@ usr/share/man/man8/dnssec-importkey.8 |
14 | usr/share/man/man8/genrandom.8 |
15 | usr/share/man/man8/isc-hmac-fixup.8 |
16 | usr/share/man/man8/named-journalprint.8 |
17 | -usr/share/man/man8/named-nzd2nzf.8 |
18 | usr/share/man/man8/named.8 |
19 | usr/share/man/man8/nsec3hash.8 |
20 | usr/share/man/man8/tsig-keygen.8 |
21 | diff --git a/debian/changelog b/debian/changelog |
22 | index 498470f..a4d3f9d 100644 |
23 | --- a/debian/changelog |
24 | +++ b/debian/changelog |
25 | @@ -1,3 +1,16 @@ |
26 | +bind9 (1:9.11.3+dfsg-2ubuntu1) cosmic; urgency=medium |
27 | + |
28 | + * Merge with Debian unstable (LP: #1777935). Remaining changes: |
29 | + - Build without lmdb support as that package is in Universe |
30 | + * Drop: |
31 | + - SECURITY UPDATE: improperly permits recursive query service |
32 | + + debian/patches/CVE-2018-5738.patch: fix configure_view_acl() handling |
33 | + in bin/named/server.c. |
34 | + + CVE-2018-5738 |
35 | + [Applied in Debian's 1:9.11.3+dfsg-2] |
36 | + |
37 | + -- Andreas Hasenack <andreas@canonical.com> Wed, 20 Jun 2018 17:42:16 -0300 |
38 | + |
39 | bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium |
40 | |
41 | * [CVE-2018-5738]: Add upstream fix to close the default open recursion |
42 | @@ -6,6 +19,24 @@ bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium |
43 | |
44 | -- Ondřej Surý <ondrej@debian.org> Thu, 14 Jun 2018 13:01:47 +0000 |
45 | |
46 | +bind9 (1:9.11.3+dfsg-1ubuntu2) cosmic; urgency=medium |
47 | + |
48 | + * SECURITY UPDATE: improperly permits recursive query service |
49 | + - debian/patches/CVE-2018-5738.patch: fix configure_view_acl() handling |
50 | + in bin/named/server.c. |
51 | + - CVE-2018-5738 |
52 | + |
53 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Jun 2018 09:41:51 -0400 |
54 | + |
55 | +bind9 (1:9.11.3+dfsg-1ubuntu1) bionic; urgency=low |
56 | + |
57 | + * New upstream release. (LP: #1763572) |
58 | + - fix a crash when configured with ipa-dns-install |
59 | + * Merge from Debian unstable. Remaining changes: |
60 | + - Build without lmdb support as that package is in Universe |
61 | + |
62 | + -- Timo Aaltonen <tjaalton@debian.org> Fri, 13 Apr 2018 07:40:47 +0300 |
63 | + |
64 | bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium |
65 | |
66 | [ Bernhard Schmidt ] |
67 | @@ -30,6 +61,61 @@ bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium |
68 | |
69 | -- Bernhard Schmidt <berni@debian.org> Fri, 23 Mar 2018 00:09:58 +0100 |
70 | |
71 | +bind9 (1:9.11.2.P1-1ubuntu5) bionic; urgency=medium |
72 | + |
73 | + * debian/patches/nsupdate-gssapi-fails-ad-45854.patch: fix updating |
74 | + DNS records in Microsoft AD using GSSAPI. Thanks to Mark Andrews |
75 | + <marka@isc.org>. (LP: #1755439) |
76 | + |
77 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 16 Mar 2018 09:38:46 -0300 |
78 | + |
79 | +bind9 (1:9.11.2.P1-1ubuntu4) bionic; urgency=medium |
80 | + |
81 | + * Fix apparmor profile filename (LP: #1754981) |
82 | + |
83 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 15 Mar 2018 10:06:57 -0300 |
84 | + |
85 | +bind9 (1:9.11.2.P1-1ubuntu3) bionic; urgency=high |
86 | + |
87 | + * No change rebuild against openssl1.1. |
88 | + |
89 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 06 Feb 2018 12:14:22 +0000 |
90 | + |
91 | +bind9 (1:9.11.2.P1-1ubuntu2) bionic; urgency=medium |
92 | + |
93 | + * Build without lmdb support as that package is in Universe (LP: #1746296) |
94 | + - d/control: remove Build-Depends on liblmdb-dev |
95 | + - d/rules: configure --without-lmdb |
96 | + - d/bind9.install: drop named-nzd2nzf and named-nzd2nzf.8 as it requires |
97 | + lmdb. |
98 | + |
99 | + -- Andreas Hasenack <andreas@canonical.com> Tue, 30 Jan 2018 15:21:23 -0200 |
100 | + |
101 | +bind9 (1:9.11.2.P1-1ubuntu1) bionic; urgency=medium |
102 | + |
103 | + * Merge with Debian unstable (LP: #1744930). |
104 | + * Drop: |
105 | + - Add RemainAfterExit to bind9-resolvconf unit configuration file |
106 | + (LP #1536181). |
107 | + [fixed in 1:9.10.6+dfsg-4] |
108 | + - rules: Fix path to libsofthsm2.so. (LP #1685780) |
109 | + [adopted in 1:9.10.6+dfsg-5] |
110 | + - d/p/CVE-2016-8864-regression-test.patch: tests for the regression |
111 | + introduced with the CVE-2016-8864.patch and fixed in |
112 | + CVE-2016-8864-regression.patch. |
113 | + [applied upstream] |
114 | + - d/p/CVE-2016-8864-regression2-test.patch: tests for the second |
115 | + regression (RT #44318) introduced with the CVE-2016-8864.patch |
116 | + and fixed in CVE-2016-8864-regression2.patch. |
117 | + [applied upstream] |
118 | + - d/control, d/rules: add json support for the statistics channels. |
119 | + (LP #1669193) |
120 | + [adopted in 1:9.10.6+dfsg-5] |
121 | + * d/p/add-ply-dependency-to-python-scripts.patch: setup.py is missing |
122 | + listing the python ply module as a dependency (Closes: #888463) |
123 | + |
124 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 26 Jan 2018 11:20:33 -0200 |
125 | + |
126 | bind9 (1:9.11.2.P1-1) unstable; urgency=medium |
127 | |
128 | * New upstream version 9.11.2-P1 |
129 | @@ -205,6 +291,140 @@ bind9 (1:9.10.6+dfsg-1) unstable; urgency=medium |
130 | |
131 | -- Ondřej Surý <ondrej@debian.org> Fri, 06 Oct 2017 06:18:21 +0000 |
132 | |
133 | +bind9 (1:9.10.3.dfsg.P4-12.6ubuntu1) artful; urgency=medium |
134 | + |
135 | + * Merge with Debian unstable (LP: #1712920). Remaining changes: |
136 | + - Add RemainAfterExit to bind9-resolvconf unit configuration file |
137 | + (LP #1536181). |
138 | + - rules: Fix path to libsofthsm2.so. (LP #1685780) |
139 | + - d/p/CVE-2016-8864-regression-test.patch: tests for the regression |
140 | + introduced with the CVE-2016-8864.patch and fixed in |
141 | + CVE-2016-8864-regression.patch. |
142 | + - d/p/CVE-2016-8864-regression2-test.patch: tests for the second |
143 | + regression (RT #44318) introduced with the CVE-2016-8864.patch |
144 | + and fixed in CVE-2016-8864-regression2.patch. |
145 | + - d/control, d/rules: add json support for the statistics channels. |
146 | + (LP #1669193) |
147 | + |
148 | + -- Andreas Hasenack <andreas@canonical.com> Thu, 24 Aug 2017 18:28:00 -0300 |
149 | + |
150 | +bind9 (1:9.10.3.dfsg.P4-12.6) unstable; urgency=medium |
151 | + |
152 | + * Non-maintainer upload. |
153 | + * Import upcoming DNSSEC KSK-2017 from 9.10.5 (Closes: #860794) |
154 | + |
155 | + -- Bernhard Schmidt <berni@debian.org> Fri, 11 Aug 2017 19:10:07 +0200 |
156 | + |
157 | +bind9 (1:9.10.3.dfsg.P4-12.5ubuntu1) artful; urgency=medium |
158 | + |
159 | + * Merge with Debian unstable (LP: #1701687). Remaining changes: |
160 | + - Add RemainAfterExit to bind9-resolvconf unit configuration file |
161 | + (LP #1536181). |
162 | + - rules: Fix path to libsofthsm2.so. (LP #1685780) |
163 | + * Drop: |
164 | + - SECURITY UPDATE: denial of service via assertion failure |
165 | + + debian/patches/CVE-2016-2776.patch: properly handle lengths in |
166 | + lib/dns/message.c. |
167 | + + CVE-2016-2776 |
168 | + + [Fixed in Debian 1:9.10.3.dfsg.P4-11] |
169 | + - SECURITY UPDATE: assertion failure via class mismatch |
170 | + + debian/patches/CVE-2016-9131.patch: properly handle certain TKEY |
171 | + records in lib/dns/resolver.c. |
172 | + + CVE-2016-9131 |
173 | + + [Fixed in Debian 1:9.10.3.dfsg.P4-11] |
174 | + - SECURITY UPDATE: assertion failure via inconsistent DNSSEC information |
175 | + + debian/patches/CVE-2016-9147.patch: fix logic when records are |
176 | + returned without the requested data in lib/dns/resolver.c. |
177 | + + CVE-2016-9147 |
178 | + + [Fixed in Debian 1:9.10.3.dfsg.P4-11] |
179 | + - SECURITY UPDATE: assertion failure via unusually-formed DS record |
180 | + + debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in |
181 | + lib/dns/message.c, lib/dns/resolver.c. |
182 | + + CVE-2016-9444 |
183 | + + [Fixed in Debian 1:9.10.3.dfsg.P4-11] |
184 | + - SECURITY UPDATE: regression in CVE-2016-8864 |
185 | + + debian/patches/rt43779.patch: properly handle CNAME -> DNAME in |
186 | + responses in lib/dns/resolver.c, added tests to |
187 | + bin/tests/system/dname/ns2/example.db, |
188 | + bin/tests/system/dname/tests.sh. |
189 | + + No CVE number |
190 | + + [Fixed in Debian 1:9.10.3.dfsg.P4-11 and 1:9.10.3.dfsg.P4-12] |
191 | + - SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing |
192 | + a NULL pointer |
193 | + + debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz |
194 | + combination in bin/named/query.c, lib/dns/message.c, |
195 | + lib/dns/rdataset.c. |
196 | + + CVE-2017-3135 |
197 | + + [Fixed in Debian 1:9.10.3.dfsg.P4-12] |
198 | + - SECURITY UPDATE: regression in CVE-2016-8864 |
199 | + + debian/patches/rt44318.patch: synthesised CNAME before matching DNAME |
200 | + was still being cached when it should have been in lib/dns/resolver.c, |
201 | + added tests to bin/tests/system/dname/ans3/ans.pl, |
202 | + bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh. |
203 | + + No CVE number |
204 | + + [Fixed in Debian 1:9.10.3.dfsg.P4-12] |
205 | + - SECURITY UPDATE: Denial of Service due to an error handling |
206 | + synthesized records when using DNS64 with "break-dnssec yes;" |
207 | + + debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64() |
208 | + called. |
209 | + + CVE-2017-3136 |
210 | + + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3] |
211 | + - SECURITY UPDATE: Denial of Service due to resolver terminating when |
212 | + processing a response packet containing a CNAME or DNAME |
213 | + + debian/patches/CVE-2017-3137.patch: don't expect a specific |
214 | + ordering of answer components; add testcases. |
215 | + + CVE-2017-3137 |
216 | + + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3 with 3 patch files] |
217 | + - SECURITY UPDATE: Denial of Service when receiving a null command on |
218 | + the control channel |
219 | + + debian/patches/CVE-2017-3138.patch: don't throw an assert if no |
220 | + command token is given; add testcase. |
221 | + + CVE-2017-3138 |
222 | + + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3] |
223 | + - SECURITY UPDATE: TSIG authentication issues |
224 | + + debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in |
225 | + lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c. |
226 | + + CVE-2017-3142 |
227 | + + CVE-2017-3143 |
228 | + + [Fixed in Debian 1:9.10.3.dfsg.P4-12.4] |
229 | + * d/p/CVE-2016-8864-regression-test.patch: tests for the regression |
230 | + introduced with the CVE-2016-8864.patch and fixed in |
231 | + CVE-2016-8864-regression.patch. |
232 | + * d/p/CVE-2016-8864-regression2-test.patch: tests for the second |
233 | + regression (RT #44318) introduced with the CVE-2016-8864.patch |
234 | + and fixed in CVE-2016-8864-regression2.patch. |
235 | + * d/control, d/rules: add json support for the statistics channels. |
236 | + (LP: #1669193) |
237 | + |
238 | + -- Andreas Hasenack <andreas@canonical.com> Fri, 11 Aug 2017 17:12:09 -0300 |
239 | + |
240 | +bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium |
241 | + |
242 | + * Non-maintainer upload. |
243 | + * Change to fix CVE-2017-3142 and CVE-2017-3143 broke verification of TSIG |
244 | + signed TCP message sequences where not all the messages contain TSIG |
245 | + records. These may be used in AXFR and IXFR responses. |
246 | + (Closes: #868952) |
247 | + |
248 | + -- Salvatore Bonaccorso <carnil@debian.org> Fri, 21 Jul 2017 22:28:32 +0200 |
249 | + |
250 | +bind9 (1:9.10.3.dfsg.P4-12.4) unstable; urgency=high |
251 | + |
252 | + * Non-maintainer upload. |
253 | + |
254 | + [ Yves-Alexis Perez ] |
255 | + * debian/patches: |
256 | + - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses |
257 | + CVE-2017-3142: error in TSIG authentication can permit unauthorized zone |
258 | + transfers. An attacker may be able to circumvent TSIG authentication of |
259 | + AXFR and Notify requests. |
260 | + CVE-2017-3143: error in TSIG authentication can permit unauthorized |
261 | + dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0) |
262 | + signature for a dynamic update. |
263 | + (Closes: #866564) |
264 | + |
265 | + -- Salvatore Bonaccorso <carnil@debian.org> Sun, 16 Jul 2017 22:13:21 +0200 |
266 | + |
267 | bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) stretch; urgency=medium |
268 | |
269 | [ Bernhard Schmidt ] |
270 | @@ -311,6 +531,98 @@ bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium |
271 | |
272 | -- Michael Gilbert <mgilbert@debian.org> Thu, 19 Jan 2017 04:03:28 +0000 |
273 | |
274 | +bind9 (1:9.10.3.dfsg.P4-10.1ubuntu7) artful; urgency=medium |
275 | + |
276 | + * SECURITY UPDATE: TSIG authentication issues |
277 | + - debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in |
278 | + lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c. |
279 | + - CVE-2017-3142 |
280 | + - CVE-2017-3143 |
281 | + |
282 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 03 Jul 2017 09:48:13 -0400 |
283 | + |
284 | +bind9 (1:9.10.3.dfsg.P4-10.1ubuntu6) artful; urgency=medium |
285 | + |
286 | + * rules: Fix path to libsofthsm2.so. (LP: #1685780) |
287 | + |
288 | + -- Timo Aaltonen <tjaalton@debian.org> Mon, 24 Apr 2017 15:01:30 +0300 |
289 | + |
290 | +bind9 (1:9.10.3.dfsg.P4-10.1ubuntu5) zesty-security; urgency=medium |
291 | + |
292 | + * SECURITY UPDATE: Denial of Service due to an error handling |
293 | + synthesized records when using DNS64 with "break-dnssec yes;" |
294 | + - debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64() |
295 | + called. |
296 | + - CVE-2017-3136 |
297 | + * SECURITY UPDATE: Denial of Service due to resolver terminating when |
298 | + processing a response packet containing a CNAME or DNAME |
299 | + - debian/patches/CVE-2017-3137.patch: don't expect a specific |
300 | + ordering of answer components; add testcases. |
301 | + - CVE-2017-3137 |
302 | + * SECURITY UPDATE: Denial of Service when receiving a null command on |
303 | + the control channel |
304 | + - debian/patches/CVE-2017-3138.patch: don't throw an assert if no |
305 | + command token is given; add testcase. |
306 | + - CVE-2017-3138 |
307 | + |
308 | + -- Steve Beattie <sbeattie@ubuntu.com> Wed, 12 Apr 2017 01:32:15 -0700 |
309 | + |
310 | +bind9 (1:9.10.3.dfsg.P4-10.1ubuntu4) zesty; urgency=medium |
311 | + |
312 | + * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing |
313 | + a NULL pointer |
314 | + - debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz |
315 | + combination in bin/named/query.c, lib/dns/message.c, |
316 | + lib/dns/rdataset.c. |
317 | + - CVE-2017-3135 |
318 | + * SECURITY UPDATE: regression in CVE-2016-8864 |
319 | + - debian/patches/rt44318.patch: synthesised CNAME before matching DNAME |
320 | + was still being cached when it should have been in lib/dns/resolver.c, |
321 | + added tests to bin/tests/system/dname/ans3/ans.pl, |
322 | + bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh. |
323 | + - No CVE number |
324 | + |
325 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 15 Feb 2017 09:37:39 -0500 |
326 | + |
327 | +bind9 (1:9.10.3.dfsg.P4-10.1ubuntu3) zesty; urgency=medium |
328 | + |
329 | + * SECURITY UPDATE: assertion failure via class mismatch |
330 | + - debian/patches/CVE-2016-9131.patch: properly handle certain TKEY |
331 | + records in lib/dns/resolver.c. |
332 | + - CVE-2016-9131 |
333 | + * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information |
334 | + - debian/patches/CVE-2016-9147.patch: fix logic when records are |
335 | + returned without the requested data in lib/dns/resolver.c. |
336 | + - CVE-2016-9147 |
337 | + * SECURITY UPDATE: assertion failure via unusually-formed DS record |
338 | + - debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in |
339 | + lib/dns/message.c, lib/dns/resolver.c. |
340 | + - CVE-2016-9444 |
341 | + * SECURITY UPDATE: regression in CVE-2016-8864 |
342 | + - debian/patches/rt43779.patch: properly handle CNAME -> DNAME in |
343 | + responses in lib/dns/resolver.c, added tests to |
344 | + bin/tests/system/dname/ns2/example.db, |
345 | + bin/tests/system/dname/tests.sh. |
346 | + - No CVE number |
347 | + |
348 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jan 2017 09:28:10 -0500 |
349 | + |
350 | +bind9 (1:9.10.3.dfsg.P4-10.1ubuntu2) zesty; urgency=medium |
351 | + |
352 | + * Add RemainAfterExit to bind9-resolvconf unit configuration file |
353 | + (LP: #1536181). |
354 | + |
355 | + -- Nishanth Aravamudan <nish.aravamudan@canonical.com> Tue, 15 Nov 2016 08:24:58 -0800 |
356 | + |
357 | +bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1) yakkety; urgency=medium |
358 | + |
359 | + * SECURITY UPDATE: denial of service via assertion failure |
360 | + - debian/patches/CVE-2016-2776.patch: properly handle lengths in |
361 | + lib/dns/message.c. |
362 | + - CVE-2016-2776 |
363 | + |
364 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 04 Oct 2016 14:31:17 -0400 |
365 | + |
366 | bind9 (1:9.10.3.dfsg.P4-10.1) unstable; urgency=medium |
367 | |
368 | * Non-maintainer upload. |
369 | diff --git a/debian/control b/debian/control |
370 | index 32ab301..ebe3509 100644 |
371 | --- a/debian/control |
372 | +++ b/debian/control |
373 | @@ -1,7 +1,8 @@ |
374 | Source: bind9 |
375 | Section: net |
376 | Priority: optional |
377 | -Maintainer: BIND 9 Package <bind9@package.debian.org> |
378 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
379 | +XSBC-Original-Maintainer: BIND 9 Package <bind9@package.debian.org> |
380 | Uploaders: LaMont Jones <lamont@debian.org>, |
381 | Michael Gilbert <mgilbert@debian.org>, |
382 | Robie Basak <robie.basak@canonical.com>, |
383 | @@ -19,7 +20,6 @@ Build-Depends: bison, |
384 | libjson-c-dev, |
385 | libkrb5-dev, |
386 | libldap2-dev, |
387 | - liblmdb-dev, |
388 | libssl-dev, |
389 | libtool, |
390 | libxml2-dev, |
391 | diff --git a/debian/rules b/debian/rules |
392 | index f1d6823..40a5097 100755 |
393 | --- a/debian/rules |
394 | +++ b/debian/rules |
395 | @@ -80,7 +80,7 @@ override_dh_auto_configure: |
396 | --with-openssl=/usr \ |
397 | --with-gssapi=/usr \ |
398 | --with-libjson=/usr \ |
399 | - --with-lmdb=/usr \ |
400 | + --without-lmdb \ |
401 | --with-gnu-ld \ |
402 | --with-geoip=/usr \ |
403 | --with-atf=no \ |
- git ubuntu Linting is good
- upgrade of the package from ppa is good
- qa regression tests - ok
- source build - ok
- lint on built source has no new errors - ok
Also it really ia minor bump, essentially the CVE moves from Ubuntu to Debian and that is it.
This is close to not necessary, looking back I guess some of my testing was not even needed :-)
LGTM