New changelog entries:
* Drop dead code in bind9.preinst.
* move from /var/run to /run for policy.
* use multiarch path in udebs
* Updated root cache file. Closes: #806954
* Fix vcs links
* build in debian/tmp, use bind9.install
* updated precise_time patch
* add RT#s to some patches
* Merge ubuntu changes
* Fix debian/rules to properly remove files from bind9 that are delivered
elsewhere. LP: #1559090
* Bump debhelper to v9 to use dh-exec.
* libbind-export-dev: Fix the libbind.so symlink.
* Move static libs to the multiarch libdir again.
* Fix udeb dependencies.
[ ISC ]
* New upstream: 9.10.3-P3
- Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396]
- render_ecs errors were mishandled when printing out a OPT record
resulting in a assertion failure. (CVE-2015-8705) [RT #41397]
- Fixed a regression in resolver.c:possibly_mark() which caused
known-bogus servers to be queried anyway. [RT #41321]
* New upstream: 9.10.3-P4
- Malformed control messages can trigger assertions in named and rndc.
(CVE-2016-1285) [RT #41666]
- Fix resolver assertion failure due to improper DNAME handling when
parsing fetch reply messages. (CVE-2016-1286) [RT #41753]
- Duplicate EDNS COOKIE options in a response could trigger an
assertion failure. (CVE-2016-2088) [RT #41809]
[LaMont Jones]
* Do not build -export libs for libbind90 and liblwres. Relates in part
to, and is the last fix to LP: #1551351
* update patches for 9.10.3.dfsg.P4. Drop 50_CVE_2015-8704.diff
[ Stefan Bader ]
* Do not modify signal handlers for external apps. LP: #1556175
* Fix my bad merge of autoreconf workaround.
* Re-implement -export libraries. LP: #1556175
* Deliver libisccc-export library.
New changelog entries:
[Timo Aaltonen]
* Sync 30_dynamic_db.diff from Fedora.
* rules: Backup some files which dh_autoreconf_clean would remove, restore
on clean.
[Jamie Strandboge]
* apparmor: use @{PROC} instead of /proc, allow read on
sys.net.ipv4.ip_local_port_range. LP: #1552441
[LaMont Jones]
* Return nanosecond-precise time for files, so that we more-correctly know
when we can skip loading a zonefile. (Bug introduced 9.9.3b2)
New changelog entries:
[Matthias Klose]
* Fix .so symlinks.
* libbind-dev: Depend on libirs141.
* For the udeb's, use a separate build with a reduced feature set, drop the
name difference, and do both builds in a separate directory.
[Filip Pytloun]
* Add apparmor rules needed by freeipa-server. Closes: #814314
[LaMont Jones]
* Do not deliver libraries (left in /lib) as part of bind9. LP: #1547052
* clean up library path for libirs.
* For the udeb's, use a separate build with a reduced feature set.
* Don't call the reduced build "export"; it was used by isc-dhcp as well.
* Do both builds in a separate builddir.
* libbind-dev: Depend on libirs141.
* Ship libirs.{a,so} in libbind-dev.
* Remove obsolete debian/*.dirs files.
* Fix .so symlinks.
New changelog entries:
[Marc Deslauriers]
* SECURITY UPDATE: denial of service via string formatting operations.
CVE-2015-8704
[Matthias Klose]
* Add multiarch support. Closes: #802584
* Standars cleanup.
[LaMont Jones]
* Properly finish converting to 3.0 (quilt) format.
* Drop geoip_acl patch temporarily while we evaluate the upstream geoip
changes.
* Prechroot init appears to have been taken upstream.
* New upstream, no need for export packages with 9.10
* Fix sonames
* Update how we do hardening.
* Add Robie Basak as an uploader
* Migrate quilt patches from 9.9.5 branch, and incorporate Michael Gilbert's
changes.
9d94cc5...
by
Michael Gilbert <email address hidden>
Import patches-unapplied version 1:9.9.5.dfsg-12 to debian/sid
New changelog entries:
* Launch rndc command in the background in networking scripts to avoid a
hang in named from bringing down the entire network (closes: #760555).
7c5d82a...
by
Michael Gilbert <email address hidden>
Import patches-unapplied version 1:9.9.5.dfsg-7 to debian/sid
New changelog entries:
* Fix CVE-2014-8500: limit recursion in order to avoid memory consuption
issues that can lead to denial-of-service (closes: #772610).
