Merge bind9 from Debian unstable for l-series
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind9 (Ubuntu) |
Fix Released
|
Undecided
|
Lena Voytek |
Bug Description
Scheduled-For: ubuntu-23.01
Upstream: 9.18.7
Debian: 1:9.18.7-1
Ubuntu: 1:9.18.4-2ubuntu2
### New Debian Changes ###
bind9 (1:9.18.7-1) unstable; urgency=medium
* New upstream version 9.18.7
- CVE-2022-2795: Processing large delegations may severely degrade
resolver performance
- CVE-2022-2881: Buffer overread in statistics channel code
- CVE-2022-2906: Memory leaks in code handling Diffie-Hellman key
exchange via TKEY RRs (OpenSSL 3.0.0+ only)
- CVE-2022-3080: BIND 9 resolvers configured to answer from stale
cache with zero stale-answer-
- CVE-2022-38177: Memory leak in ECDSA DNSSEC verification code
- CVE-2022-38178: Memory leaks in EdDSA DNSSEC verification code
-- Ondřej Surý <email address hidden> Wed, 21 Sep 2022 12:48:36 +0200
bind9 (1:9.18.6-1) unstable; urgency=medium
* Disable treat-warnings-
* New upstream version 9.18.6
-- Ondřej Surý <email address hidden> Thu, 18 Aug 2022 09:39:20 +0200
bind9 (1:9.18.5-1) unstable; urgency=medium
* New upstream version 9.18.5
-- Ondřej Surý <email address hidden> Wed, 20 Jul 2022 16:40:31 +0200
bind9 (1:9.18.4-2) unstable; urgency=medium
[ Simon Deziel ]
* debian/
[ Bernhard Schmidt ]
* Add sleep workaround in tests/simpletests (Closes: #1012059)
-- Ondřej Surý <email address hidden> Tue, 05 Jul 2022 12:58:06 +0200
bind9 (1:9.18.4-1) unstable; urgency=medium
* Disable treat-warnings-
* New upstream version 9.18.4
-- Ondřej Surý <email address hidden> Wed, 15 Jun 2022 14:36:44 +0200
bind9 (1:9.18.3-1) unstable; urgency=medium
* New upstream version 9.18.3
-- Ondřej Surý <email address hidden> Wed, 18 May 2022 16:53:01 +0200
bind9 (1:9.18.2-1) unstable; urgency=medium
* Drop libldap2-dev from Build-Depends (Closes: #1008021)
* New upstream version 9.18.2
* Add runtime dependency on libuv1 >= 1.40.0 (Closes: #1009889)
-- Ondřej Surý <email address hidden> Tue, 26 Apr 2022 11:03:35 +0200
bind9 (1:9.18.1-1) unstable; urgency=high
* New upstream version 9.18.1
* CVE-2021-25220: The rules for acceptance of records into the cache
have been tightened to prevent the possibility of poisoning if
forwarders send records outside the configured bailiwick.
* CVE-2022-0396: TCP connections with 'keep-response-
could leave the TCP sockets in the 'CLOSE_WAIT' state when the client
did not properly shut down the connection.
* CVE-2022-0635: Lookups involving a DNAME could trigger an assertion
failure when 'synth-from-dnssec' was enabled (which is the default)
* CVE-2022-0667: When chasing DS records, a timed out or artificially
delayed fetch could cause 'named' to crash while resuming a DS lookup.
-- Ondřej Surý <email address hidden> Mon, 14 Mar 2022 15:29:31 +0100
bind9 (1:9.18.0-2) unstable; urgency=medium
* Add patch to use detected L1 cache-line size instead of hard-coded
value, this should fix architectures with 128-byte L1 cache.
-- Ondřej Surý <email address hidden> Thu, 27 Jan 2022 13:16:04 +0100
bind9 (1:9.18.0-1) unstable; urgency=medium
* Bump the upstream version in debian/ to 9.18
* New upstream version 9.18.0
-- Ondřej Surý <email address hidden> Wed, 26 Jan 2022 12:31:55 +0100
bind9 (1:9.18.
* New upstream version 9.18.0~0+git28350c
+ Pull the 9.18.0 pre-release git to have the L1 cache line
fix (Closes: #1004271)
* Fix the typo when backing up and restoring configure{,.ac}
(Closes: #903586)
* Remove some prehistoring conffile no longer in use
(Closes: #942377)
* Pick UTC date for release_date variable (Closes: #1000893)
### Old Ubuntu Delta ###
bind9 (1:9.18.4-2ubuntu2) kinetic; urgency=medium
* SECURITY UPDATE: Processing large delegations may severely degrade
resolver performance
- debian/
- CVE-2022-2795
* SECURITY UPDATE: Buffer overread in statistics channel code
- debian/
- CVE-2022-2881
* SECURITY UPDATE: Memory leaks in code handling Diffie-Hellman key
exchange via TKEY RRs
- debian/
lib/
- CVE-2022-2906
* SECURITY UPDATE: resolvers configured to answer from cache with zero
stale-
- debian/
lib/
- CVE-2022-3080
* SECURITY UPDATE: memory leaks in EdDSA DNSSEC verification code
- debian/
lib/
- CVE-2022-38178
-- Marc Deslauriers <email address hidden> Wed, 21 Sep 2022 09:18:42 -0400
bind9 (1:9.18.4-2ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1971250)
Remaining changes:
- Don't build dnstap as it depends on universe packages:
+ d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
+ d/dnsutils.install: don't install dnstap
+ d/libdns1104.
+ d/rules: don't build dnstap nor install dnstap.proto
- Add back apport:
+ d/bind9.apport: add back old bind9 apport hook, but without calling
+ d/control, d/rules: build-depends on dh-apport and use it
- d/NEWS: mention some of the bigger changes in 9.16.0 packaging
- d/bind9.
This fixes a regression of #900788 where services whose startup depend
on name resolutions may fail due to bind9 not being ready (LP #1899902).
- d/control: remove optional libjemalloc-dev Build-Depends as it is not in
main.
- d/NEWS: mention some of the relevant changes in 9.18.0 packaging
or functionality that may affect usability.
* Dropped changes:
- d/p/lp1964400-
d/
d/
d/
d/
d/
d/
Fix dig error when trying the next server after a TCP connection
failure. This upstream patchset also fixes a crash when using
the 'host' command for numeric lookups (LP #1964400) and an
infinite hang when passing a non-existent hostname to 'host' (LP
#1964686).
[ Incorporated by upstream. ]
- SECURITY UPDATE: Destroying a TLS session early causes assertion
failure
+ debian/
[ Incorporated by upstream. ]
-- Sergio Durigan Junior <email address hidden> Wed, 20 Jul 2022 05:28:13 -0400
Related branches
- git-ubuntu bot: Approve
- Andreas Hasenack: Approve
- Canonical Server Reporter: Pending requested
-
Diff: 1647 lines (+1442/-9)7 files modifieddebian/NEWS (+56/-0)
debian/bind9-dnsutils.install (+0/-2)
debian/bind9.apport (+24/-0)
debian/changelog (+1355/-0)
debian/control (+3/-5)
debian/extras/apparmor.d/usr.sbin.named (+3/-0)
debian/rules (+1/-2)
CVE References
Changed in bind9 (Ubuntu): | |
assignee: | nobody → Sergio Durigan Junior (sergiodj) |
Changed in bind9 (Ubuntu): | |
status: | New → In Progress |
I'll take this one over since I'm doing the bind9 mre this cycle too :)