Ubuntu
bind9 package

debian/bind9.install (+0/-2)
debian/changelog (+574/-0)
debian/control (+2/-5)
debian/dnsutils.install (+0/-2)
debian/libdns1104.symbols (+0/-66)
debian/patches/enable-udp-in-host-command.diff (+26/-0)
debian/patches/fix-shutdown-race.diff (+41/-0)
debian/patches/series (+2/-0)
debian/rules (+1/-4)
debian/tests/simpletest (+0/-4)

Related bugs:

Bug #1797926: host crashed with SIGABRT in isc_assertion_failed()	Medium	Fix Released
Bug #1804648: host utility doesn't support switch -U (force UDP)	Low	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Andreas Hasenack	2019-06-27	Approve on 2019-06-27
Canonical Server Core Reviewers	2019-06-27	Pending
Canonical Server	2019-06-27	Pending
Review via email: mp+369410@code.launchpad.net

~rafaeldtinoco/ubuntu/+source/bind9:eoan-bind9-merge updated on 2019-06-27

62ffcaf... by Rafael David Tinoco on 2019-06-27: reconstruct-changelog

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2019-06-27:

review: Approve

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2019-06-27:

Tagged and uploaded:

$ git push pkg upload/1%9.11.5.P4+dfsg-5.1ubuntu1
Enumerating objects: 56, done.
Counting objects: 100% (56/56), done.
Delta compression using up to 2 threads
Compressing objects: 100% (41/41), done.
Writing objects: 100% (44/44), 12.36 KiB | 744.00 KiB/s, done.
Total 44 (delta 30), reused 6 (delta 3)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/bind9
* [new tag] upload/1%9.11.5.P4+dfsg-5.1ubuntu1 -> upload/1%9.11.5.P4+dfsg-5.1ubuntu1

$ dput ubuntu ../bind9_9.11.5.P4+dfsg-5.1ubuntu1_source.changes
Checking signature on .changes
gpg: ../bind9_9.11.5.P4+dfsg-5.1ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../bind9_9.11.5.P4+dfsg-5.1ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading bind9_9.11.5.P4+dfsg-5.1ubuntu1.dsc: done.
  Uploading bind9_9.11.5.P4+dfsg.orig.tar.xz: done.
  Uploading bind9_9.11.5.P4+dfsg-5.1ubuntu1.debian.tar.xz: done.
  Uploading bind9_9.11.5.P4+dfsg-5.1ubuntu1_source.buildinfo: done.
  Uploading bind9_9.11.5.P4+dfsg-5.1ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2019-07-02:

This migrated already.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Rafael David Tinoco

git-ubuntu developers

Ubuntu
bind9 package

Merge ~rafaeldtinoco/ubuntu/+source/bind9:eoan-bind9-merge into ubuntu/+source/bind9:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

 diff --git a/debian/bind9.install b/debian/bind9.install
 index 26d595e..fd7f0f5 100644
 --- a/debian/bind9.install
 +++ b/debian/bind9.install
@@ -16,7 +16,6 @@ usr/sbin/genrandom
  usr/sbin/isc-hmac-fixup
  usr/sbin/named
  usr/sbin/named-journalprint
--usr/sbin/named-nzd2nzf
  usr/sbin/named-pkcs11
  usr/sbin/nsec3hash
  usr/sbin/tsig-keygen
@@ -32,7 +31,6 @@ usr/share/man/man8/dnssec-importkey.8
  usr/share/man/man8/genrandom.8
  usr/share/man/man8/isc-hmac-fixup.8
  usr/share/man/man8/named-journalprint.8
--usr/share/man/man8/named-nzd2nzf.8
  usr/share/man/man8/named.8
  usr/share/man/man8/nsec3hash.8
  usr/share/man/man8/tsig-keygen.8
 diff --git a/debian/changelog b/debian/changelog
 index fb0505e..5bd1782 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,28 @@
++bind9 (1:9.11.5.P4+dfsg-5.1ubuntu1) eoan; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - Build without lmdb support as that package is in Universe
++    - Don't build dnstap as it depends on universe packages:
++      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
++        protobuf-c-compiler (universe packages)
++      + d/dnsutils.install: don't install dnstap
++      + d/libdns1104.symbols: don't include dnstap symbols
++      + d/rules: don't build dnstap nor install dnstap.proto
++    - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
++      option (LP #1804648)
++    - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
++      close to a query timeout (LP #1797926)
++    - d/t/simpletest: drop the internetsociety.org test as it requires
++      network egress access that is not available in the Ubuntu autopkgtest
++      farm.
++  * Dropped:
++    - SECURITY UPDATE: DoS via malformed packets
++      + d/p/CVE-2019-6471.patch: fix race condition in lib/dns/dispatch.c
++      + CVE-2019-6471
++        [Fixed in 1:9.11.5.P4+dfsg-5.1]
++
++ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com>  Thu, 27 Jun 2019 14:54:25 +0000
++
  bind9 (1:9.11.5.P4+dfsg-5.1) unstable; urgency=high
    * Non-maintainer upload.
@@ -6,6 +31,29 @@ bind9 (1:9.11.5.P4+dfsg-5.1) unstable; urgency=high
   -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 21 Jun 2019 11:24:31 +0200
++bind9 (1:9.11.5.P4+dfsg-5ubuntu1) eoan; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - Build without lmdb support as that package is in Universe
++    - Don't build dnstap as it depends on universe packages:
++      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
++        protobuf-c-compiler (universe packages)
++      + d/dnsutils.install: don't install dnstap
++      + d/libdns1104.symbols: don't include dnstap symbols
++      + d/rules: don't build dnstap nor install dnstap.proto
++    - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
++      option (LP #1804648)
++    - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
++      close to a query timeout (LP #1797926)
++    - d/t/simpletest: drop the internetsociety.org test as it requires
++      network egress access that is not available in the Ubuntu autopkgtest
++      farm.
++    - SECURITY UPDATE: DoS via malformed packets
++      + d/p/CVE-2019-6471.patch: fix race condition in lib/dns/dispatch.c
++      + CVE-2019-6471
++
++ -- Rafael David Tinoco <rafaeldtinoco@ubuntu.com>  Fri, 21 Jun 2019 18:06:22 +0000
++
  bind9 (1:9.11.5.P4+dfsg-5) unstable; urgency=medium
    * AppArmor: Allow /var/tmp/krb5_* (owner-only) for Samba AD DLZ.
@@ -13,6 +61,69 @@ bind9 (1:9.11.5.P4+dfsg-5) unstable; urgency=medium
   -- Bernhard Schmidt <berni@debian.org>  Fri, 03 May 2019 19:44:57 +0200
++bind9 (1:9.11.5.P4+dfsg-4ubuntu2) eoan; urgency=medium
++
++  * SECURITY UPDATE: DoS via malformed packets
++    - debian/patches/CVE-2019-6471.patch: fix race condition in
++      lib/dns/dispatch.c.
++    - CVE-2019-6471
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 20 Jun 2019 08:15:00 -0400
++
++bind9 (1:9.11.5.P4+dfsg-4ubuntu1) eoan; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - Build without lmdb support as that package is in Universe
++    - Don't build dnstap as it depends on universe packages:
++      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
++        protobuf-c-compiler (universe packages)
++      + d/dnsutils.install: don't install dnstap
++      + d/libdns1104.symbols: don't include dnstap symbols
++      + d/rules: don't build dnstap nor install dnstap.proto
++    - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
++      option (LP #1804648)
++    - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
++      close to a query timeout (LP #1797926)
++    - d/t/simpletest: drop the internetsociety.org test as it requires
++      network egress access that is not available in the Ubuntu autopkgtest
++      farm.
++  * Dropped:
++    - SECURITY UPDATE: memory leak via specially crafted packet
++      + debian/patches/CVE-2018-5744.patch: silently drop additional keytag
++        options in bin/named/client.c.
++      + CVE-2018-5744
++      [Fixed upstream in 9.11.5-P2]
++    - SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
++      unsupported key algorithm when using managed-keys
++      + debian/patches/CVE-2018-5745.patch: properly handle situations when
++        the key tag cannot be computed in lib/dns/include/dst/dst.h,
++        lib/dns/zone.c.
++      + CVE-2018-5745
++      [Fixed upstream in 9.11.5-P2]
++    - SECURITY UPDATE: Controls for zone transfers may not be properly
++      applied to Dynamically Loadable Zones (DLZs) if the zones are writable
++      + debian/patches/CVE-2019-6465.patch: handle zone transfers marked in
++        the zone table as a DLZ zone bin/named/xfrout.c.
++      + CVE-2019-6465
++      [Fixed upstream in 9.11.5-P3]
++    - SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
++      + debian/patches/CVE-2018-5743.patch: add reference counting in
++        bin/named/client.c, bin/named/include/named/client.h,
++        bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
++        lib/isc/include/isc/quota.h, lib/isc/quota.c,
++        lib/isc/win32/libisc.def.in.
++      + debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
++        operations with isc_refcount reference counting in
++        bin/named/client.c, bin/named/include/named/interfacemgr.h,
++        bin/named/interfacemgr.c.
++      + debian/libisc1100.symbols: added new symbols.
++      + CVE-2018-5743
++      [Fixed in 1:9.11.5.P4+dfsg-4]
++    - d/rules: add back EdDSA support (LP #1825712)
++      [Fixed in 1:9.11.5.P4+dfsg-4]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 02 May 2019 13:35:59 -0300
++
  bind9 (1:9.11.5.P4+dfsg-4) unstable; urgency=medium
    [ Bernhard Schmidt ]
@@ -85,12 +196,114 @@ bind9 (1:9.11.5.P1+dfsg-2) unstable; urgency=medium
   -- Bernhard Schmidt <berni@debian.org>  Tue, 12 Feb 2019 00:34:21 +0100
++bind9 (1:9.11.5.P1+dfsg-1ubuntu4) eoan; urgency=medium
++
++  * d/rules: add back EdDSA support (LP: #1825712)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 26 Apr 2019 14:04:37 +0000
++
++bind9 (1:9.11.5.P1+dfsg-1ubuntu3) eoan; urgency=medium
++
++  * SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
++    - debian/patches/CVE-2018-5743.patch: add reference counting in
++      bin/named/client.c, bin/named/include/named/client.h,
++      bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
++      lib/isc/include/isc/quota.h, lib/isc/quota.c,
++      lib/isc/win32/libisc.def.in.
++    - debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
++      operations with isc_refcount reference counting in
++      bin/named/client.c, bin/named/include/named/interfacemgr.h,
++      bin/named/interfacemgr.c.
++    - debian/libisc1100.symbols: added new symbols.
++    - CVE-2018-5743
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 24 Apr 2019 05:00:07 -0400
++
++bind9 (1:9.11.5.P1+dfsg-1ubuntu2) disco; urgency=medium
++
++  * SECURITY UPDATE: memory leak via specially crafted packet
++    - debian/patches/CVE-2018-5744.patch: silently drop additional keytag
++      options in bin/named/client.c.
++    - CVE-2018-5744
++  * SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
++    unsupported key algorithm when using managed-keys
++    - debian/patches/CVE-2018-5745.patch: properly handle situations when
++      the key tag cannot be computed in lib/dns/include/dst/dst.h,
++      lib/dns/zone.c.
++    - CVE-2018-5745
++  * SECURITY UPDATE: Controls for zone transfers may not be properly
++    applied to Dynamically Loadable Zones (DLZs) if the zones are writable
++    - debian/patches/CVE-2019-6465.patch: handle zone transfers marked in
++      the zone table as a DLZ zone bin/named/xfrout.c.
++    - CVE-2019-6465
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 22 Feb 2019 10:52:30 +0100
++
++bind9 (1:9.11.5.P1+dfsg-1ubuntu1) disco; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - Build without lmdb support as that package is in Universe
++    - Don't build dnstap as it depends on universe packages:
++      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
++        protobuf-c-compiler (universe packages)
++      + d/dnsutils.install: don't install dnstap
++      + d/libdns1104.symbols: don't include dnstap symbols
++      + d/rules: don't build dnstap nor install dnstap.proto
++    - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
++      option (LP #1804648)
++    - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
++      close to a query timeout (LP #1797926)
++    - d/t/simpletest: drop the internetsociety.org test as it requires
++      network egress access that is not available in the Ubuntu autopkgtest
++      farm.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 17 Jan 2019 18:59:25 -0200
++
  bind9 (1:9.11.5.P1+dfsg-1) unstable; urgency=medium
    * New upstream version 9.11.5.P1+dfsg
   -- Ondřej Surý <ondrej@debian.org>  Tue, 18 Dec 2018 13:59:25 +0000
++bind9 (1:9.11.5+dfsg-1ubuntu1) disco; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - Build without lmdb support as that package is in Universe
++    - Don't build dnstap as it depends on universe packages:
++      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
++        protobuf-c-compiler (universe packages)
++      + d/dnsutils.install: don't install dnstap
++      + d/libdns1104.symbols: don't include dnstap symbols
++      + d/rules: don't build dnstap nor install dnstap.proto
++  * Dropped:
++    - SECURITY UPDATE: denial of service crash when deny-answer-aliases
++      option is used
++      + debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
++        trigger a crash if deny-answer-aliases was set
++      + debian/patches/CVE-2018-5740-2.patch: add tests
++      + debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
++        chainingp correctly, add test
++      + CVE-2018-5740
++        [Fixed in new upstream version 9.11.5]
++    - d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
++      line (Closes: #904983)
++      [Fixed in 1:9.11.4+dfsg-4]
++    - Add a patch to fix named-pkcs11 crashing on startup. (LP #1769440)
++      [Fixed in 1:9.11.4.P1+dfsg-1]
++    - Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
++      (it depends on OpenSSL version) (Closes: #897643)
++      [Fixed in 1:9.11.4.P1+dfsg-1]
++  * Added:
++    - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
++      option (LP: #1804648)
++    - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
++      close to a query timeout (LP: #1797926)
++    - d/t/simpletest: drop the internetsociety.org test as it requires
++      network egress access that is not available in the Ubuntu autopkgtest
++      farm.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 13 Dec 2018 19:40:23 -0200
++
  bind9 (1:9.11.5+dfsg-1) unstable; urgency=medium
    * Use team+dns@tracker.debian.org as Maintainer address
@@ -152,6 +365,55 @@ bind9 (1:9.11.4+dfsg-4) unstable; urgency=medium
   -- Bernhard Schmidt <berni@debian.org>  Mon, 30 Jul 2018 16:28:21 +0200
++bind9 (1:9.11.4+dfsg-3ubuntu5) cosmic; urgency=high
++
++  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Sat, 29 Sep 2018 01:36:45 +0100
++
++bind9 (1:9.11.4+dfsg-3ubuntu4) cosmic; urgency=medium
++
++  * SECURITY UPDATE: denial of service crash when deny-answer-aliases
++    option is used
++    - debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could
++      trigger a crash if deny-answer-aliases was set
++    - debian/patches/CVE-2018-5740-2.patch: add tests
++    - debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set
++      chainingp correctly, add test
++    - CVE-2018-5740
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 20 Sep 2018 11:11:05 +0200
++
++bind9 (1:9.11.4+dfsg-3ubuntu3) cosmic; urgency=medium
++
++  * Cherrypick from debian: Add new dst__openssleddsa_init optional symbol
++    (it depends on OpenSSL version) (Closes: #897643)
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 18 Sep 2018 10:39:12 +0200
++
++bind9 (1:9.11.4+dfsg-3ubuntu2) cosmic; urgency=medium
++
++  * d/p/skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11
++    crashing on startup. (LP: #1769440)
++
++ -- Karl Stenerud <karl.stenerud@canonical.com>  Thu, 30 Aug 2018 07:11:39 -0700
++
++bind9 (1:9.11.4+dfsg-3ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - Build without lmdb support as that package is in Universe
++  * Added:
++    - Don't build dnstap as it depends on universe packages:
++      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
++        protobuf-c-compiler (universe packages)
++      + d/dnsutils.install: don't install dnstap
++      + d/libdns1102.symbols: don't include dnstap symbols
++      + d/rules: don't build dnstap
++    - d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the
++      line (Closes: #904983)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 30 Jul 2018 10:56:04 -0300
++
  bind9 (1:9.11.4+dfsg-3) unstable; urgency=medium
    * Enable IDN support for dig+host using libidn2 (Closes: #459010)
@@ -182,6 +444,19 @@ bind9 (1:9.11.4+dfsg-1) unstable; urgency=medium
   -- Ondřej Surý <ondrej@debian.org>  Sat, 14 Jul 2018 12:27:56 +0000
++bind9 (1:9.11.3+dfsg-2ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1777935). Remaining changes:
++    - Build without lmdb support as that package is in Universe
++  * Drop:
++    - SECURITY UPDATE: improperly permits recursive query service
++      + debian/patches/CVE-2018-5738.patch: fix configure_view_acl() handling
++        in bin/named/server.c.
++      + CVE-2018-5738
++      [Applied in Debian's 1:9.11.3+dfsg-2]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 20 Jun 2018 17:42:16 -0300
++
  bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium
    * [CVE-2018-5738]: Add upstream fix to close the default open recursion
@@ -190,6 +465,24 @@ bind9 (1:9.11.3+dfsg-2) unstable; urgency=medium
   -- Ondřej Surý <ondrej@debian.org>  Thu, 14 Jun 2018 13:01:47 +0000
++bind9 (1:9.11.3+dfsg-1ubuntu2) cosmic; urgency=medium
++
++  * SECURITY UPDATE: improperly permits recursive query service
++    - debian/patches/CVE-2018-5738.patch: fix configure_view_acl() handling
++      in bin/named/server.c.
++    - CVE-2018-5738
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 11 Jun 2018 09:41:51 -0400
++
++bind9 (1:9.11.3+dfsg-1ubuntu1) bionic; urgency=low
++
++  * New upstream release. (LP: #1763572)
++    - fix a crash when configured with ipa-dns-install
++  * Merge from Debian unstable.  Remaining changes:
++    - Build without lmdb support as that package is in Universe
++
++ -- Timo Aaltonen <tjaalton@debian.org>  Fri, 13 Apr 2018 07:40:47 +0300
++
  bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium
    [ Bernhard Schmidt ]
@@ -214,6 +507,61 @@ bind9 (1:9.11.3+dfsg-1) unstable; urgency=medium
   -- Bernhard Schmidt <berni@debian.org>  Fri, 23 Mar 2018 00:09:58 +0100
++bind9 (1:9.11.2.P1-1ubuntu5) bionic; urgency=medium
++
++  * debian/patches/nsupdate-gssapi-fails-ad-45854.patch: fix updating
++    DNS records in Microsoft AD using GSSAPI.  Thanks to Mark Andrews
++    <marka@isc.org>. (LP: #1755439)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 16 Mar 2018 09:38:46 -0300
++
++bind9 (1:9.11.2.P1-1ubuntu4) bionic; urgency=medium
++
++  * Fix apparmor profile filename (LP: #1754981)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 15 Mar 2018 10:06:57 -0300
++
++bind9 (1:9.11.2.P1-1ubuntu3) bionic; urgency=high
++
++  * No change rebuild against openssl1.1.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 06 Feb 2018 12:14:22 +0000
++
++bind9 (1:9.11.2.P1-1ubuntu2) bionic; urgency=medium
++
++  * Build without lmdb support as that package is in Universe (LP: #1746296)
++    - d/control: remove Build-Depends on liblmdb-dev
++    - d/rules: configure --without-lmdb
++    - d/bind9.install: drop named-nzd2nzf and named-nzd2nzf.8 as it requires
++      lmdb.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 30 Jan 2018 15:21:23 -0200
++
++bind9 (1:9.11.2.P1-1ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1744930).
++  * Drop:
++    - Add RemainAfterExit to bind9-resolvconf unit configuration file
++      (LP #1536181).
++      [fixed in 1:9.10.6+dfsg-4]
++    - rules: Fix path to libsofthsm2.so. (LP #1685780)
++      [adopted in 1:9.10.6+dfsg-5]
++    - d/p/CVE-2016-8864-regression-test.patch: tests for the regression
++      introduced with the CVE-2016-8864.patch and fixed in
++      CVE-2016-8864-regression.patch.
++      [applied upstream]
++    - d/p/CVE-2016-8864-regression2-test.patch: tests for the second
++      regression (RT #44318) introduced with the CVE-2016-8864.patch
++      and fixed in CVE-2016-8864-regression2.patch.
++      [applied upstream]
++    - d/control, d/rules: add json support for the statistics channels.
++      (LP #1669193)
++      [adopted in 1:9.10.6+dfsg-5]
++  * d/p/add-ply-dependency-to-python-scripts.patch: setup.py is missing
++    listing the python ply module as a dependency (Closes: #888463)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 26 Jan 2018 11:20:33 -0200
++
  bind9 (1:9.11.2.P1-1) unstable; urgency=medium
    * New upstream version 9.11.2-P1
@@ -389,6 +737,140 @@ bind9 (1:9.10.6+dfsg-1) unstable; urgency=medium
   -- Ondřej Surý <ondrej@debian.org>  Fri, 06 Oct 2017 06:18:21 +0000
++bind9 (1:9.10.3.dfsg.P4-12.6ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (LP: #1712920). Remaining changes:
++    - Add RemainAfterExit to bind9-resolvconf unit configuration file
++      (LP #1536181).
++    - rules: Fix path to libsofthsm2.so. (LP #1685780)
++    - d/p/CVE-2016-8864-regression-test.patch: tests for the regression
++      introduced with the CVE-2016-8864.patch and fixed in
++      CVE-2016-8864-regression.patch.
++    - d/p/CVE-2016-8864-regression2-test.patch: tests for the second
++      regression (RT #44318) introduced with the CVE-2016-8864.patch
++      and fixed in CVE-2016-8864-regression2.patch.
++    - d/control, d/rules: add json support for the statistics channels.
++      (LP #1669193)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 24 Aug 2017 18:28:00 -0300
++
++bind9 (1:9.10.3.dfsg.P4-12.6) unstable; urgency=medium
++
++  * Non-maintainer upload.
++  * Import upcoming DNSSEC KSK-2017 from 9.10.5 (Closes: #860794)
++
++ -- Bernhard Schmidt <berni@debian.org>  Fri, 11 Aug 2017 19:10:07 +0200
++
++bind9 (1:9.10.3.dfsg.P4-12.5ubuntu1) artful; urgency=medium
++
++  * Merge with Debian unstable (LP: #1701687). Remaining changes:
++    - Add RemainAfterExit to bind9-resolvconf unit configuration file
++      (LP #1536181).
++    - rules: Fix path to libsofthsm2.so. (LP #1685780)
++  * Drop:
++    - SECURITY UPDATE: denial of service via assertion failure
++      + debian/patches/CVE-2016-2776.patch: properly handle lengths in
++        lib/dns/message.c.
++      + CVE-2016-2776
++      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
++    - SECURITY UPDATE: assertion failure via class mismatch
++      + debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
++        records in lib/dns/resolver.c.
++      + CVE-2016-9131
++      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
++    - SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
++      + debian/patches/CVE-2016-9147.patch: fix logic when records are
++        returned without the requested data in lib/dns/resolver.c.
++      + CVE-2016-9147
++      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
++    - SECURITY UPDATE: assertion failure via unusually-formed DS record
++      + debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
++        lib/dns/message.c, lib/dns/resolver.c.
++      + CVE-2016-9444
++      + [Fixed in Debian 1:9.10.3.dfsg.P4-11]
++    - SECURITY UPDATE: regression in CVE-2016-8864
++      + debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
++        responses in lib/dns/resolver.c, added tests to
++        bin/tests/system/dname/ns2/example.db,
++        bin/tests/system/dname/tests.sh.
++      + No CVE number
++      + [Fixed in Debian 1:9.10.3.dfsg.P4-11 and 1:9.10.3.dfsg.P4-12]
++    - SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
++      a NULL pointer
++      + debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
++        combination in bin/named/query.c, lib/dns/message.c,
++        lib/dns/rdataset.c.
++      + CVE-2017-3135
++      + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
++    - SECURITY UPDATE: regression in CVE-2016-8864
++      + debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
++        was still being cached when it should have been in lib/dns/resolver.c,
++        added tests to bin/tests/system/dname/ans3/ans.pl,
++        bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
++      + No CVE number
++      + [Fixed in Debian 1:9.10.3.dfsg.P4-12]
++    - SECURITY UPDATE: Denial of Service due to an error handling
++      synthesized records when using DNS64 with "break-dnssec yes;"
++      + debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
++        called.
++      + CVE-2017-3136
++      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]
++    - SECURITY UPDATE: Denial of Service due to resolver terminating when
++      processing a response packet containing a CNAME or DNAME
++      + debian/patches/CVE-2017-3137.patch: don't expect a specific
++        ordering of answer components; add testcases.
++      + CVE-2017-3137
++      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3 with 3 patch files]
++    - SECURITY UPDATE: Denial of Service when receiving a null command on
++      the control channel
++      + debian/patches/CVE-2017-3138.patch: don't throw an assert if no
++        command token is given; add testcase.
++      + CVE-2017-3138
++      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.3]
++    - SECURITY UPDATE: TSIG authentication issues
++      + debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
++        lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
++      + CVE-2017-3142
++      + CVE-2017-3143
++      + [Fixed in Debian 1:9.10.3.dfsg.P4-12.4]
++  * d/p/CVE-2016-8864-regression-test.patch: tests for the regression
++    introduced with the CVE-2016-8864.patch and fixed in
++    CVE-2016-8864-regression.patch.
++  * d/p/CVE-2016-8864-regression2-test.patch: tests for the second
++    regression (RT #44318) introduced with the CVE-2016-8864.patch
++    and fixed in CVE-2016-8864-regression2.patch.
++  * d/control, d/rules: add json support for the statistics channels.
++    (LP: #1669193)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 11 Aug 2017 17:12:09 -0300
++
++bind9 (1:9.10.3.dfsg.P4-12.5) unstable; urgency=medium
++
++  * Non-maintainer upload.
++  * Change to fix CVE-2017-3142 and CVE-2017-3143 broke verification of TSIG
++    signed TCP message sequences where not all the messages contain TSIG
++    records. These may be used in AXFR and IXFR responses.
++    (Closes: #868952)
++
++ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 21 Jul 2017 22:28:32 +0200
++
++bind9 (1:9.10.3.dfsg.P4-12.4) unstable; urgency=high
++
++  * Non-maintainer upload.
++
++  [ Yves-Alexis Perez ]
++  * debian/patches:
++    - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
++      CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
++      transfers. An attacker may be able to circumvent TSIG authentication of
++      AXFR and Notify requests.
++      CVE-2017-3143: error in TSIG authentication can permit unauthorized
++      dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
++      signature for a dynamic update.
++      (Closes: #866564)
++
++ -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 16 Jul 2017 22:13:21 +0200
++
  bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) stretch; urgency=medium
    [ Bernhard Schmidt ]
@@ -495,6 +977,98 @@ bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium
   -- Michael Gilbert <mgilbert@debian.org>  Thu, 19 Jan 2017 04:03:28 +0000
++bind9 (1:9.10.3.dfsg.P4-10.1ubuntu7) artful; urgency=medium
++
++  * SECURITY UPDATE: TSIG authentication issues
++    - debian/patches/CVE-2017-3042,3043.patch: fix TSIG logic in
++      lib/dns/dnssec.c, lib/dns/message.c, lib/dns/tsig.c.
++    - CVE-2017-3142
++    - CVE-2017-3143
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 03 Jul 2017 09:48:13 -0400
++
++bind9 (1:9.10.3.dfsg.P4-10.1ubuntu6) artful; urgency=medium
++
++  * rules: Fix path to libsofthsm2.so. (LP: #1685780)
++
++ -- Timo Aaltonen <tjaalton@debian.org>  Mon, 24 Apr 2017 15:01:30 +0300
++
++bind9 (1:9.10.3.dfsg.P4-10.1ubuntu5) zesty-security; urgency=medium
++
++  * SECURITY UPDATE: Denial of Service due to an error handling
++    synthesized records when using DNS64 with "break-dnssec yes;"
++    - debian/patches/CVE-2017-3136.patch: reset noqname if query_dns64()
++      called.
++    - CVE-2017-3136
++  * SECURITY UPDATE: Denial of Service due to resolver terminating when
++    processing a response packet containing a CNAME or DNAME
++    - debian/patches/CVE-2017-3137.patch: don't expect a specific
++      ordering of answer components; add testcases.
++    - CVE-2017-3137
++  * SECURITY UPDATE: Denial of Service when receiving a null command on
++    the control channel
++    - debian/patches/CVE-2017-3138.patch: don't throw an assert if no
++      command token is given; add testcase.
++    - CVE-2017-3138
++
++ -- Steve Beattie <sbeattie@ubuntu.com>  Wed, 12 Apr 2017 01:32:15 -0700
++
++bind9 (1:9.10.3.dfsg.P4-10.1ubuntu4) zesty; urgency=medium
++
++  * SECURITY UPDATE: Combining dns64 and rpz can result in dereferencing
++    a NULL pointer
++    - debian/patches/CVE-2017-3135.patch: properly handle dns64 and rpz
++      combination in bin/named/query.c, lib/dns/message.c,
++      lib/dns/rdataset.c.
++    - CVE-2017-3135
++  * SECURITY UPDATE: regression in CVE-2016-8864
++    - debian/patches/rt44318.patch: synthesised CNAME before matching DNAME
++      was still being cached when it should have been in lib/dns/resolver.c,
++      added tests to bin/tests/system/dname/ans3/ans.pl,
++      bin/tests/system/dname/ns1/root.db, bin/tests/system/dname/tests.sh.
++    - No CVE number
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 15 Feb 2017 09:37:39 -0500
++
++bind9 (1:9.10.3.dfsg.P4-10.1ubuntu3) zesty; urgency=medium
++
++  * SECURITY UPDATE: assertion failure via class mismatch
++    - debian/patches/CVE-2016-9131.patch: properly handle certain TKEY
++      records in lib/dns/resolver.c.
++    - CVE-2016-9131
++  * SECURITY UPDATE: assertion failure via inconsistent DNSSEC information
++    - debian/patches/CVE-2016-9147.patch: fix logic when records are
++      returned without the requested data in lib/dns/resolver.c.
++    - CVE-2016-9147
++  * SECURITY UPDATE: assertion failure via unusually-formed DS record
++    - debian/patches/CVE-2016-9444.patch: handle missing RRSIGs in
++      lib/dns/message.c, lib/dns/resolver.c.
++    - CVE-2016-9444
++  * SECURITY UPDATE: regression in CVE-2016-8864
++    - debian/patches/rt43779.patch: properly handle CNAME -> DNAME in
++      responses in lib/dns/resolver.c, added tests to
++      bin/tests/system/dname/ns2/example.db,
++      bin/tests/system/dname/tests.sh.
++    - No CVE number
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 25 Jan 2017 09:28:10 -0500
++
++bind9 (1:9.10.3.dfsg.P4-10.1ubuntu2) zesty; urgency=medium
++
++  * Add RemainAfterExit to bind9-resolvconf unit configuration file
++    (LP: #1536181).
++
++ -- Nishanth Aravamudan <nish.aravamudan@canonical.com>  Tue, 15 Nov 2016 08:24:58 -0800
++
++bind9 (1:9.10.3.dfsg.P4-10.1ubuntu1) yakkety; urgency=medium
++
++  * SECURITY UPDATE: denial of service via assertion failure
++    - debian/patches/CVE-2016-2776.patch: properly handle lengths in
++      lib/dns/message.c.
++    - CVE-2016-2776
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 04 Oct 2016 14:31:17 -0400
++
  bind9 (1:9.10.3.dfsg.P4-10.1) unstable; urgency=medium
    * Non-maintainer upload.
 diff --git a/debian/control b/debian/control
 index 73c2a17..3d7f03d 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,7 +1,8 @@
  Source: bind9
  Section: net
  Priority: optional
--Maintainer: Debian DNS Team <team+dns@tracker.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian DNS Team <team+dns@tracker.debian.org>
  Uploaders: LaMont Jones <lamont@debian.org>,
             Michael Gilbert <mgilbert@debian.org>,
             Robie Basak <robie.basak@canonical.com>,
@@ -15,18 +16,14 @@ Build-Depends: bison,
                 dpkg-dev (>= 1.16.1~),
                 libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386],
                 libdb-dev (>>4.6),
--               libfstrm-dev,
                 libgeoip-dev (>= 1.4.6.dfsg-5),
                 libidn2-dev,
                 libjson-c-dev,
                 libkrb5-dev,
                 libldap2-dev,
--               liblmdb-dev,
--               libprotobuf-c-dev,
                 libssl-dev,
                 libtool,
                 libxml2-dev,
--               protobuf-c-compiler,
                 python3,
                 python3-distutils,
                 python3-ply
 diff --git a/debian/dnsutils.install b/debian/dnsutils.install
 index 90e4fba..5e6b7d9 100644
 --- a/debian/dnsutils.install
 +++ b/debian/dnsutils.install
@@ -1,12 +1,10 @@
  usr/bin/delv
  usr/bin/dig
--usr/bin/dnstap-read
  usr/bin/mdig
  usr/bin/nslookup
  usr/bin/nsupdate
  usr/share/man/man1/delv.1
  usr/share/man/man1/dig.1
--usr/share/man/man1/dnstap-read.1
  usr/share/man/man1/mdig.1
  usr/share/man/man1/nslookup.1
  usr/share/man/man1/nsupdate.1
 diff --git a/debian/libdns1104.symbols b/debian/libdns1104.symbols
 index d7c98d4..7b6020e 100644
 --- a/debian/libdns1104.symbols
 +++ b/debian/libdns1104.symbols
@@ -358,21 +358,6 @@ libdns-pkcs11.so.1104 libdns1104 #MINVER#
   dns_dsdigest_format@Base 1:9.11.3+dfsg
   dns_dsdigest_fromtext@Base 1:9.11.3+dfsg
   dns_dsdigest_totext@Base 1:9.11.3+dfsg
-- dns_dt_attach@Base 1:9.11.4.P1
-- dns_dt_close@Base 1:9.11.4.P1
-- dns_dt_create@Base 1:9.11.4.P1
-- dns_dt_datatotext@Base 1:9.11.4.P1
-- dns_dt_detach@Base 1:9.11.4.P1
-- dns_dt_getframe@Base 1:9.11.4.P1
-- dns_dt_getstats@Base 1:9.11.4.P1
-- dns_dt_open@Base 1:9.11.4.P1
-- dns_dt_parse@Base 1:9.11.4.P1
-- dns_dt_reopen@Base 1:9.11.4.P1
-- dns_dt_send@Base 1:9.11.4.P1
-- dns_dt_setidentity@Base 1:9.11.4.P1
-- dns_dt_setversion@Base 1:9.11.4.P1
-- dns_dt_shutdown@Base 1:9.11.4.P1
-- dns_dtdata_free@Base 1:9.11.4.P1
   dns_dumpctx_attach@Base 1:9.11.3+dfsg
   dns_dumpctx_cancel@Base 1:9.11.3+dfsg
   dns_dumpctx_db@Base 1:9.11.3+dfsg
@@ -1443,24 +1428,6 @@ libdns-pkcs11.so.1104 libdns1104 #MINVER#
   dns_zt_setviewcommit@Base 1:9.11.3+dfsg
   dns_zt_setviewrevert@Base 1:9.11.3+dfsg
   dns_zt_unmount@Base 1:9.11.3+dfsg
-- dnstap__dnstap__descriptor@Base 1:9.11.4.P1
-- dnstap__dnstap__free_unpacked@Base 1:9.11.4.P1
-- dnstap__dnstap__get_packed_size@Base 1:9.11.4.P1
-- dnstap__dnstap__init@Base 1:9.11.4.P1
-- dnstap__dnstap__pack@Base 1:9.11.4.P1
-- dnstap__dnstap__pack_to_buffer@Base 1:9.11.4.P1
-- dnstap__dnstap__type__descriptor@Base 1:9.11.4.P1
-- dnstap__dnstap__unpack@Base 1:9.11.4.P1
-- dnstap__message__descriptor@Base 1:9.11.4.P1
-- dnstap__message__free_unpacked@Base 1:9.11.4.P1
-- dnstap__message__get_packed_size@Base 1:9.11.4.P1
-- dnstap__message__init@Base 1:9.11.4.P1
-- dnstap__message__pack@Base 1:9.11.4.P1
-- dnstap__message__pack_to_buffer@Base 1:9.11.4.P1
-- dnstap__message__type__descriptor@Base 1:9.11.4.P1
-- dnstap__message__unpack@Base 1:9.11.4.P1
-- dnstap__socket_family__descriptor@Base 1:9.11.4.P1
-- dnstap__socket_protocol__descriptor@Base 1:9.11.4.P1
   dst__entropy_getdata@Base 1:9.11.3+dfsg
   dst__entropy_status@Base 1:9.11.3+dfsg
   dst__gssapi_init@Base 1:9.11.3+dfsg
@@ -1940,21 +1907,6 @@ libdns.so.1104 libdns1104 #MINVER#
   dns_dsdigest_format@Base 1:9.11.3+dfsg
   dns_dsdigest_fromtext@Base 1:9.11.3+dfsg
   dns_dsdigest_totext@Base 1:9.11.3+dfsg
-- dns_dt_attach@Base 1:9.11.4.P1
-- dns_dt_close@Base 1:9.11.4.P1
-- dns_dt_create@Base 1:9.11.4.P1
-- dns_dt_datatotext@Base 1:9.11.4.P1
-- dns_dt_detach@Base 1:9.11.4.P1
-- dns_dt_getframe@Base 1:9.11.4.P1
-- dns_dt_getstats@Base 1:9.11.4.P1
-- dns_dt_open@Base 1:9.11.4.P1
-- dns_dt_parse@Base 1:9.11.4.P1
-- dns_dt_reopen@Base 1:9.11.4.P1
-- dns_dt_send@Base 1:9.11.4.P1
-- dns_dt_setidentity@Base 1:9.11.4.P1
-- dns_dt_setversion@Base 1:9.11.4.P1
-- dns_dt_shutdown@Base 1:9.11.4.P1
-- dns_dtdata_free@Base 1:9.11.4.P1
   dns_dumpctx_attach@Base 1:9.11.3+dfsg
   dns_dumpctx_cancel@Base 1:9.11.3+dfsg
   dns_dumpctx_db@Base 1:9.11.3+dfsg
@@ -3032,24 +2984,6 @@ libdns.so.1104 libdns1104 #MINVER#
   dns_zt_setviewcommit@Base 1:9.11.3+dfsg
   dns_zt_setviewrevert@Base 1:9.11.3+dfsg
   dns_zt_unmount@Base 1:9.11.3+dfsg
-- dnstap__dnstap__descriptor@Base 1:9.11.4.P1
-- dnstap__dnstap__free_unpacked@Base 1:9.11.4.P1
-- dnstap__dnstap__get_packed_size@Base 1:9.11.4.P1
-- dnstap__dnstap__init@Base 1:9.11.4.P1
-- dnstap__dnstap__pack@Base 1:9.11.4.P1
-- dnstap__dnstap__pack_to_buffer@Base 1:9.11.4.P1
-- dnstap__dnstap__type__descriptor@Base 1:9.11.4.P1
-- dnstap__dnstap__unpack@Base 1:9.11.4.P1
-- dnstap__message__descriptor@Base 1:9.11.4.P1
-- dnstap__message__free_unpacked@Base 1:9.11.4.P1
-- dnstap__message__get_packed_size@Base 1:9.11.4.P1
-- dnstap__message__init@Base 1:9.11.4.P1
-- dnstap__message__pack@Base 1:9.11.4.P1
-- dnstap__message__pack_to_buffer@Base 1:9.11.4.P1
-- dnstap__message__type__descriptor@Base 1:9.11.4.P1
-- dnstap__message__unpack@Base 1:9.11.4.P1
-- dnstap__socket_family__descriptor@Base 1:9.11.4.P1
-- dnstap__socket_protocol__descriptor@Base 1:9.11.4.P1
   dst__entropy_getdata@Base 1:9.11.3+dfsg
   dst__entropy_status@Base 1:9.11.3+dfsg
   dst__gssapi_init@Base 1:9.11.3+dfsg
 diff --git a/debian/patches/enable-udp-in-host-command.diff b/debian/patches/enable-udp-in-host-command.diff
 new file mode 100644
 index 0000000..5444ae7
 --- /dev/null
 +++ b/debian/patches/enable-udp-in-host-command.diff
@@ -0,0 +1,26 @@
++Description: Fix parsing of host(1)'s -U command line option
++Author: Andreas Hasenack <andreas@canonical.com>
++Bug: https://gitlab.isc.org/isc-projects/bind9/issues/769
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1804648
++Applied-Upstream: https://gitlab.isc.org/isc-projects/bind9/commit/5e2cd91321cdda1707411c4e268d364f03f63935
++Last-Update: 2018-12-06
++---
++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
++--- a/bin/dig/host.c
+++++ b/bin/dig/host.c
++@@ -158,6 +158,7 @@
++ "       -s a SERVFAIL response should stop query\n"
++ "       -t specifies the query type\n"
++ "       -T enables TCP/IP mode\n"
+++"       -U enables UDP mode\n"
++ "       -v enables verbose output\n"
++ "       -V print version number and exit\n"
++ "       -w specifies to wait forever for a reply\n"
++@@ -657,6 +658,7 @@
++ 		case 'N': break;
++ 		case 'R': break;
++ 		case 'T': break;
+++		case 'U': break;
++ 		case 'W': break;
++ 		default:
++ 			show_usage();
 diff --git a/debian/patches/fix-shutdown-race.diff b/debian/patches/fix-shutdown-race.diff
 new file mode 100644
 index 0000000..f10f51f
 --- /dev/null
 +++ b/debian/patches/fix-shutdown-race.diff
@@ -0,0 +1,41 @@
++From f2ca287330110993609fa0443d3bdb17629bd979 Mon Sep 17 00:00:00 2001
++From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= <michal@isc.org>
++Date: Tue, 13 Nov 2018 13:50:47 +0100
++Subject: [PATCH 1/2] Fix a shutdown race in bin/dig/dighost.c
++
++If a tool using the routines defined in bin/dig/dighost.c is sent an
++interruption signal around the time a connection timeout is scheduled to
++fire, connect_timeout() may be executed after destroy_libs() detaches
++from the global task (setting 'global_task' to NULL), which results in a
++crash upon a UDP retry due to bringup_timer() attempting to create a
++timer with 'task' set to NULL.  Fix by preventing connect_timeout() from
++attempting a retry when shutdown is in progress.
++
++(cherry picked from commit 462175659674a10c0d39c7c328f1a5324ce2e38b)
++
++Origin: https://gitlab.isc.org/isc-projects/bind9/merge_requests/1040/diffs
++Bug: https://gitlab.isc.org/isc-projects/bind9/issues/599
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1797926
++Last-Update: 2018-12-06
++
++---
++ bin/dig/dighost.c | 5 +++++
++ 1 file changed, 5 insertions(+)
++diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
++index 39abb9d0fd..17e0328228 100644
++--- a/bin/dig/dighost.c
+++++ b/bin/dig/dighost.c
++@@ -3240,6 +3240,11 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
++
++ 	INSIST(!free_now);
++
+++	if (cancel_now) {
+++		UNLOCK_LOOKUP;
+++		return;
+++	}
+++
++ 	if ((query != NULL) && (query->lookup->current_query != NULL) &&
++ 	    ISC_LINK_LINKED(query->lookup->current_query, link) &&
++ 	    (ISC_LIST_NEXT(query->lookup->current_query, link) != NULL)) {
++--
++2.18.1
 diff --git a/debian/patches/series b/debian/patches/series
 index c303f7f..11e3421 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -13,3 +13,5 @@ keymgr-dont-immediately-delete.diff
 -Replace-atomic-operations-in-bin-named-client.c-with.patch
 -Disable-broken-Ed448-support.patch
 -move-item_out-test-inside-lock-in-dns_dispatch_getne.patch
++enable-udp-in-host-command.diff
++fix-shutdown-race.diff
 diff --git a/debian/rules b/debian/rules
 index c8d745c..717ecb9 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -91,7 +91,7 @@ override_dh_auto_configure:
  		--with-gssapi=/usr \
  		--with-libidn2 \
  		--with-libjson=/usr \
--		--with-lmdb=/usr \
++		--without-lmdb \
  		--with-gnu-ld \
  		--with-geoip=/usr \
  		--with-atf=no \
@@ -101,7 +101,6 @@ override_dh_auto_configure:
  		--enable-native-pkcs11 \
  		--with-pkcs11=\$${prefix}/lib/softhsm/libsofthsm2.so \
  		--with-randomdev=/dev/urandom \
--		--enable-dnstap \
  		$(EXTRA_FEATURES)
  	dh_auto_configure -B build-udeb -- \
  		--sysconfdir=/etc/bind \
@@ -126,8 +125,6 @@ override_dh_auto_configure:
  	# no need to build these targets here
  	sed -i 's/dnssec-pkcs11//;s/named-pkcs11//' build-udeb/bin/Makefile
  	sed -i 's/dns-pkcs11//;s/isc-pkcs11//' build-udeb/lib/Makefile
--	cp lib/dns/dnstap.proto build/lib/dns
--	cp lib/dns-pkcs11/dnstap.proto build/lib/dns-pkcs11
  override_dh_auto_build:
  	dh_auto_build -B build
 diff --git a/debian/tests/simpletest b/debian/tests/simpletest
 index 468a7c5..34b0b25 100755
 --- a/debian/tests/simpletest
 +++ b/debian/tests/simpletest
@@ -10,10 +10,6 @@ setup() {
  run() {
  	# Make a query against a local zone
  	dig -x 127.0.0.1 @127.0.0.1
--
--	# Make a query against an external nameserver and check for DNSSEC validation
--	echo "Checking for DNSSEC validation status of internetsociety.org"
--	dig -t a internetsociety.org @127.0.0.1 | egrep 'flags:.+ad; QUERY'
+ }
  teardown() {

Ubuntubind9 package

Merge ~rafaeldtinoco/ubuntu/+source/bind9:eoan-bind9-merge into ubuntu/+source/bind9:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
bind9 package