~ahasenack/ubuntu/+source/bind9:eoan-bind-merge-9.11.5.p4-4

Branch merges

Propose for merging

Merged into ubuntu/+source/bind9:debian/sid at revision 5de12ebea9dd344d915139824440352427b67fde

Christian Ehrhardt  (community): Approve on 2019-05-03

Canonical Server: Pending requested 2019-05-03

Diff: 882 lines (+589/-83)

10 files modified

debian/bind9.install (+0/-2)
debian/changelog (+517/-0)
debian/control (+2/-5)
debian/dnsutils.install (+0/-2)
debian/libdns1104.symbols (+0/-66)
debian/patches/enable-udp-in-host-command.diff (+26/-0)
debian/patches/fix-shutdown-race.diff (+41/-0)
debian/patches/series (+2/-0)
debian/rules (+1/-4)
debian/tests/simpletest (+0/-4)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

5de12eb... by Andreas Hasenack on 2019-05-02

update-maintainer

aa0333e... by Andreas Hasenack on 2019-05-02

reconstruct-changelog

54d5829... by Andreas Hasenack on 2019-05-02

merge-changelogs

a531bdf... by Andreas Hasenack on 2019-05-02

    - d/rules: add back EdDSA support (LP: #1825712)
      [Fixed in 1:9.11.5.P4+dfsg-4]

dd16d24... by Andreas Hasenack on 2019-05-02

    - SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
      + debian/patches/CVE-2018-5743.patch: add reference counting in
        bin/named/client.c, bin/named/include/named/client.h,
        bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
        lib/isc/include/isc/quota.h, lib/isc/quota.c,
        lib/isc/win32/libisc.def.in.
      + debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
        operations with isc_refcount reference counting in
        bin/named/client.c, bin/named/include/named/interfacemgr.h,
        bin/named/interfacemgr.c.
      + debian/libisc1100.symbols: added new symbols.
      + CVE-2018-5743
      [Fixed in 1:9.11.5.P4+dfsg-4]

547409b... by Andreas Hasenack on 2019-05-02

    - SECURITY UPDATE: Controls for zone transfers may not be properly
      applied to Dynamically Loadable Zones (DLZs) if the zones are writable
      + debian/patches/CVE-2019-6465.patch: handle zone transfers marked in
        the zone table as a DLZ zone bin/named/xfrout.c.
      + CVE-2019-6465
      [Fixed upstream in 9.11.5-P3]

d7fefd7... by Andreas Hasenack on 2019-05-02

    - SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
      unsupported key algorithm when using managed-keys
      + debian/patches/CVE-2018-5745.patch: properly handle situations when
        the key tag cannot be computed in lib/dns/include/dst/dst.h,
        lib/dns/zone.c.
      + CVE-2018-5745
      [Fixed upstream in 9.11.5-P2]

5aab03c... by Andreas Hasenack on 2019-05-02

  * Dropped:
    - SECURITY UPDATE: memory leak via specially crafted packet
      + debian/patches/CVE-2018-5744.patch: silently drop additional keytag
        options in bin/named/client.c.
      + CVE-2018-5744
      [Fixed upstream in 9.11.5-P2]

8902c20... by Andreas Hasenack on 2018-12-11

    - d/t/simpletest: drop the internetsociety.org test as it requires
      network egress access that is not available in the Ubuntu autopkgtest
      farm.

e3febe2... by Andreas Hasenack on 2018-12-06

    - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
      close to a query timeout (LP: #1797926)