bind9 1:9.11.5.P4+dfsg-4ubuntu1 source package in Ubuntu

Changelog

bind9 (1:9.11.5.P4+dfsg-4ubuntu1) eoan; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Build without lmdb support as that package is in Universe
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1104.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap nor install dnstap.proto
    - d/p/enable-udp-in-host-command.diff: fix parsing of the -U command line
      option (LP #1804648)
    - d/p/fix-shutdown-race.diff: dig/host/nslookup could crash when interrupted
      close to a query timeout (LP #1797926)
    - d/t/simpletest: drop the internetsociety.org test as it requires
      network egress access that is not available in the Ubuntu autopkgtest
      farm.
  * Dropped:
    - SECURITY UPDATE: memory leak via specially crafted packet
      + debian/patches/CVE-2018-5744.patch: silently drop additional keytag
        options in bin/named/client.c.
      + CVE-2018-5744
      [Fixed upstream in 9.11.5-P2]
    - SECURITY UPDATE: assertion failure when a trust anchor rolls over to an
      unsupported key algorithm when using managed-keys
      + debian/patches/CVE-2018-5745.patch: properly handle situations when
        the key tag cannot be computed in lib/dns/include/dst/dst.h,
        lib/dns/zone.c.
      + CVE-2018-5745
      [Fixed upstream in 9.11.5-P2]
    - SECURITY UPDATE: Controls for zone transfers may not be properly
      applied to Dynamically Loadable Zones (DLZs) if the zones are writable
      + debian/patches/CVE-2019-6465.patch: handle zone transfers marked in
        the zone table as a DLZ zone bin/named/xfrout.c.
      + CVE-2019-6465
      [Fixed upstream in 9.11.5-P3]
    - SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
      + debian/patches/CVE-2018-5743.patch: add reference counting in
        bin/named/client.c, bin/named/include/named/client.h,
        bin/named/include/named/interfacemgr.h, bin/named/interfacemgr.c,
        lib/isc/include/isc/quota.h, lib/isc/quota.c,
        lib/isc/win32/libisc.def.in.
      + debian/patches/CVE-2018-5743-atomic-fix.patch: replace atomic
        operations with isc_refcount reference counting in
        bin/named/client.c, bin/named/include/named/interfacemgr.h,
        bin/named/interfacemgr.c.
      + debian/libisc1100.symbols: added new symbols.
      + CVE-2018-5743
      [Fixed in 1:9.11.5.P4+dfsg-4]
    - d/rules: add back EdDSA support (LP #1825712)
      [Fixed in 1:9.11.5.P4+dfsg-4]

bind9 (1:9.11.5.P4+dfsg-4) unstable; urgency=medium

  [ Bernhard Schmidt ]
  * AppArmor: Also add /var/lib/samba/bind-dns/dns/** (Closes: #927827)

  [ Ondřej Surý ]
  * [CVE-2018-5743]: Limiting simultaneous TCP clients is ineffective
    (Closes: #927932)
  * Update symbols file for new symbol in libisc
  * Enable EDDSA again, but disable broken Ed448 support (Closes: #927962)

bind9 (1:9.11.5.P4+dfsg-3) unstable; urgency=medium

  * More fixes to the AppArmor policy for Samba AD DLZ
    - allow access to /dev/urandom
    - allow locking for dns.keytab
    - fix path to smb.conf

bind9 (1:9.11.5.P4+dfsg-2) unstable; urgency=medium

  [ Ondřej Surý ]
  * Update d/gbp.conf for Debian Buster

  [ Bernhard Schmidt ]
  * Cherry-Pick upstream commit to prevent dnssec-keymgr from immediately
    expiring and deleting old DNSSEC keys when being run for the first
    time (Closes: #923984)
  * Update AppArmor policy for Samba AD DLZ
    - Add changed default location for named.conf
    - Allow read/mmap on some Samba libraries
    Thanks to Steven Monai (Closes: #920530)

  [ Andreas Beckmann ]
  * bind9.preinst: cope with ancient conffile named.conf.options
    (Closes: #905177)

bind9 (1:9.11.5.P4+dfsg-1) unstable; urgency=high

  [ Bernhard Schmidt ]
  * New upstream version 9.11.5.P4+dfsg
    - CVE-2018-5744: A specially crafted packet can cause named to leak memory
    - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over
      to an unsupported key algorithm when using managed-keys
    - CVE-2019-6465: Controls for zone transfers might not be properly applied
      to Dynamically Loadable Zones (DLZs) if the zones are writable.
  * d/watch: Do not use beta or RC versions
  * d/libdns1104.symbols: fix symbols-file-contains-debian-revision for dnstap
    symbols

  [ Ondřej Surý ]
  * Add new upstream GPG signing-key

bind9 (1:9.11.5.P1+dfsg-2) unstable; urgency=medium

  [ Dominik George ]
  * Support dyndb modules with apparmor. (Closes: #900879)

  [ Bernhard Schmidt ]
  * apparmor-policy: permit locking of the allow-new-zones database
    (Closes: #922065)
  * apparmor-policy: allow access to Samba DLZ files (Closes: #920530)

 -- Andreas Hasenack <email address hidden>  Thu, 02 May 2019 13:35:59 -0300

Upload details

Uploaded by:
Andreas Hasenack on 2019-05-03
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
bind9_9.11.5.P4+dfsg.orig.tar.xz 3.8 MiB 34b20e4e17875d5c4280d52264bae08f527e38eb6bcfca431432b0cafcd03c6d
bind9_9.11.5.P4+dfsg-4ubuntu1.debian.tar.xz 104.6 KiB 334711ad3e963027fa068d3c13b23ca924542533fb3461036e39322fb7c4f0ff
bind9_9.11.5.P4+dfsg-4ubuntu1.dsc 3.9 KiB f40cdf2535adeae7cdcd373bbc5115dbf475e3a713cec36dc74e5a874cb362f0

View changes file

Binary packages built by this source

bind9: Internet Domain Name Server

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package provides the server and related configuration files.

bind9-dbgsym: debug symbols for bind9
bind9-doc: Documentation for BIND

 This package provides various documents that are useful for maintaining a
 working BIND installation.

bind9-host: DNS lookup utility (deprecated)

 This package provides /usr/bin/host, a simple utility (bundled with the
 BIND 9.X sources) which can be used for converting domain names to IP
 addresses and the reverse.
 .
 This utility is deprecated, use dig or delv from the dnsutils package.

bind9-host-dbgsym: debug symbols for bind9-host
bind9utils: Utilities for BIND

 This package provides various utilities that are useful for maintaining a
 working BIND installation.

bind9utils-dbgsym: debug symbols for bind9utils
dnsutils: Clients provided with BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers various client programs related to DNS that are
 derived from the BIND source tree.
 .
  - dig - query the DNS in various ways
  - nslookup - the older way to do it
  - nsupdate - perform dynamic updates (See RFC2136)

dnsutils-dbgsym: debug symbols for dnsutils
libbind-dev: Static Libraries and Headers used by BIND

 This package delivers archive-style libraries, header files, and API man
 pages for libbind, libdns, libisc, and liblwres. These are only needed
 if you want to compile other packages that need more nameserver API than the
 resolver code provided in libc.

libbind-export-dev: Development files for the exported BIND libraries

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers development files for the exported BIND libraries.

libbind9-161: BIND9 Shared Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libbind9 shared library used by BIND's daemons and
 clients.

libbind9-161-dbgsym: debug symbols for libbind9-161
libdns-export1104: Exported DNS Shared Library

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the exported libdns shared library.

libdns-export1104-dbgsym: debug symbols for libdns-export1104
libdns-export1104-udeb: Exported DNS library for debian-installer
libdns1104: DNS Shared Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libdns shared library used by BIND's daemons and
 clients.

libdns1104-dbgsym: debug symbols for libdns1104
libirs-export161: Exported IRS Shared Library

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the exported libirs shared library.

libirs-export161-dbgsym: debug symbols for libirs-export161
libirs-export161-udeb: Exported IRS library for debian-installer
libirs161: DNS Shared Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libirs shared library used by BIND's daemons and
 clients.

libirs161-dbgsym: debug symbols for libirs161
libisc-export1100: Exported ISC Shared Library

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the exported libisc shared library.

libisc-export1100-dbgsym: debug symbols for libisc-export1100
libisc-export1100-udeb: Exported ISC library for debian-installer
libisc1100: ISC Shared Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libisc shared library used by BIND's daemons and
 clients.

libisc1100-dbgsym: debug symbols for libisc1100
libisccc-export161: Command Channel Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libisccc shared library used by BIND's daemons
 and clients, particularly rndc.

libisccc-export161-dbgsym: debug symbols for libisccc-export161
libisccc-export161-udeb: Command Channel Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libisccc shared library used by BIND's daemons
 and clients, particularly rndc.

libisccc161: Command Channel Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libisccc shared library used by BIND's daemons
 and clients, particularly rndc.

libisccc161-dbgsym: debug symbols for libisccc161
libisccfg-export163: Exported ISC CFG Shared Library

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the exported libisccfg shared library.

libisccfg-export163-dbgsym: debug symbols for libisccfg-export163
libisccfg-export163-udeb: Exported ISC CFG library for debian-installer

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the exported libisccfg shared library.

libisccfg163: Config File Handling Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the libisccfg shared library used by BIND's daemons
 and clients to read and write ISC-style configuration files like named.conf
 and rndc.conf.

libisccfg163-dbgsym: debug symbols for libisccfg163
liblwres161: Lightweight Resolver Library used by BIND

 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server. BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers the liblwres shared library used by BIND's daemons
 and clients.

liblwres161-dbgsym: debug symbols for liblwres161