bind9 1:9.16.2-3ubuntu1 source package in Ubuntu

Changelog

bind9 (1:9.16.2-3ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1104.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap nor install dnstap.proto
    - Add back apport:
      + d/bind9.apport: add back old bind9 apport hook, but without calling
        attach_conffiles() since that is already done by apport itself, with
        confirmation from the user.
      + d/control, d/rules: buil-depends on dh-apport and use it
    - d/t/simpletest: drop the internetsociety.org test as it requires
      network egress access that is not available in the Ubuntu autopkgtest
      farm.
    - d/NEWS: mention some of the bigger changes in 9.16.0 packaging
    - d/t/control: change the dep8 test dependency to be on the real
      bind9-dnsutils package, and not the transitional one (LP #1864761)
    - d/control: make bind9-dnsutils multi-arch foreign as another step
      towards fixing LP #1864761
    - d/rules: change deprecated --with-libjson-c configure argument to
      --with-json-c
    - SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
      performed when processing referrals
      + debian/patches/CVE-2020-8616.patch: further limit the number of
        queries that can be triggered from a request in lib/dns/adb.c,
        lib/dns/include/dns/adb.h, lib/dns/resolver.c.
      + CVE-2020-8616
    - SECURITY UPDATE: A logic error in code which checks TSIG validity can
      be used to trigger an assertion failure in tsig.c
      + debian/patches/CVE-2020-8617.patch: don't allow replaying a TSIG
        BADTIME response in lib/dns/tsig.c.
      + CVE-2020-8617
  * Dropped:
    - use iproute2 instead of net-tools (LP #1850699):
      + d/control: replace net-tools depends with iproute2
      + d/bind9.init: use ip instead of ifconfig
      [In 1:9.16.1-2]
    - d/control: Enable readline-like support in dnsutils (nslookup and nsupdate)
      via libedit-dev (libreadline has a license conflict with bind)
      [In 1:9.16.1-2]
    - d/control: drop hardcoded python3 dependency
      (LP #1856211, Closes #946643)
      [In 1:9.16.1-2]
    - d/extras/apparmor.d/usr.sbin.named:
      + Add flags=(attach_disconnected) to AppArmor profile
      + AppArmor: Allow /var/tmp/krb5_* (owner-only) for Samba AD DLZ
        (Closes: #928398)
      [In 1:9.16.1-2]
    - d/rules: fix typo in the apparmor profile installation
      [In 1:9.16.1-2]
    - d/control: create transitional packages for dnsutils, bind9utils
      [In 1:9.16.1-2]
    - d/p/fix-rebinding-protection.patch: fix rebinding protection bug
      when using forwarder setups (LP #1873046)
      [Fixed upstream]

bind9 (1:9.16.2-3) unstable; urgency=medium

  [ Simon Deziel ]
  * apparmor: use profile name specifier

bind9 (1:9.16.2-2) unstable; urgency=medium

  * Update gbp.conf to debian/master and upstream/latest
  * Reintroduce the bind9-dev package (Closes: #954906)

bind9 (1:9.16.2-1) unstable; urgency=medium

  * Update d/copyright (Closes: #947978)
  * New upstream version 9.16.2 (Closes: #952946, #954919)

bind9 (1:9.16.1-2) unstable; urgency=medium

  [ Andreas Hasenack ]
  * Bring back the DEP8 test from sid
  * Use iproute2 instead of net-tools
  * d/control: drop hardcoded python3 dependency

  [ Bernhard Schmidt ]
  * Fix apparmor profile name.
    Thanks to Andreas Hasenack
  * Enable readline support

  [ Andreas Hasenack ]
  * Update apparmor profile with what is in sid
  * Create the missing transitional packages for dnsutils, bind9utils
  * There is a licensing conflict with adding libreadline and we should
    use libedit-dev instead.

  [ Ondřej Surý ]
  * Add Breaks: freeipa, so the package doesn't migrate to testing before freeipa is fixed

bind9 (1:9.16.1-1) experimental; urgency=medium

  * New upstream version 9.16.1

 -- Andreas Hasenack <email address hidden>  Fri, 22 May 2020 09:52:13 -0300

Upload details

Uploaded by:
Andreas Hasenack
Uploaded to:
Groovy
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
bind9_9.16.2.orig.tar.xz 4.3 MiB d9e5b77cfca5ccad97f19cddc87128758ec15c16e6585000c6b2f84fc225993f
bind9_9.16.2-3ubuntu1.debian.tar.xz 67.8 KiB 53feed1e52454b63eda3191595ed8a5e7aa421a406fcfb2b2b5b410ef7970178
bind9_9.16.2-3ubuntu1.dsc 2.7 KiB 0b17dad47962687444ba256370c54b0766f6140fa8b3dfe7567ca784dbd3b1c2

View changes file

Binary packages built by this source

bind9: Internet Domain Name Server

 The Berkeley Internet Name Domain (BIND 9) implements an Internet domain
 name server. BIND 9 is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package provides the server and related configuration files.

bind9-dbgsym: debug symbols for bind9
bind9-dev: Static Libraries and Headers used by BIND 9

 The Berkeley Internet Name Domain (BIND 9) implements an Internet domain
 name server. BIND 9 is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package contains a bundle of static libraries and header files used by
 BIND 9.
 .
 Please be aware that the BIND 9 libraries are considered private by upstream
 developers and the API and ABI might break at any time.

bind9-dnsutils: Clients provided with BIND 9

 The Berkeley Internet Name Domain (BIND 9) implements an Internet domain
 name server. BIND 9 is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package delivers various client programs related to DNS that are
 derived from the BIND 9 source tree.
 .
  - dig - query the DNS in various ways
  - nslookup - the older way to do it
  - nsupdate - perform dynamic updates (See RFC2136)

bind9-dnsutils-dbgsym: debug symbols for bind9-dnsutils
bind9-doc: Documentation for BIND 9

 This package provides various documents that are useful for maintaining a
 working BIND 9 installation.

bind9-host: DNS Lookup Utility

 This package provides the 'host' DNS lookup utility in the form that
 is bundled with the BIND 9 sources.

bind9-host-dbgsym: debug symbols for bind9-host
bind9-libs: Shared Libraries used by BIND 9

 The Berkeley Internet Name Domain (BIND 9) implements an Internet domain
 name server. BIND 9 is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package contains a bundle of shared libraries used by BIND 9.

bind9-libs-dbgsym: debug symbols for bind9-libs
bind9-utils: Utilities for BIND 9

 This package provides various utilities that are useful for maintaining a
 working BIND 9 installation.

bind9-utils-dbgsym: debug symbols for bind9-utils
bind9utils: Transitional package for bind9-utils

 This is a transitional package. It can safely be removed.

dnsutils: Transitional package for bind9-dnsutils

 This is a transitional package. It can safely be removed.