bind9 1:9.16.2-3ubuntu1 source package in Ubuntu

Changelog

bind9 (1:9.16.2-3ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1104.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap nor install dnstap.proto
    - Add back apport:
      + d/bind9.apport: add back old bind9 apport hook, but without calling
        attach_conffiles() since that is already done by apport itself, with
        confirmation from the user.
      + d/control, d/rules: buil-depends on dh-apport and use it
    - d/t/simpletest: drop the internetsociety.org test as it requires
      network egress access that is not available in the Ubuntu autopkgtest
      farm.
    - d/NEWS: mention some of the bigger changes in 9.16.0 packaging
    - d/t/control: change the dep8 test dependency to be on the real
      bind9-dnsutils package, and not the transitional one (LP #1864761)
    - d/control: make bind9-dnsutils multi-arch foreign as another step
      towards fixing LP #1864761
    - d/rules: change deprecated --with-libjson-c configure argument to
      --with-json-c
    - SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
      performed when processing referrals
      + debian/patches/CVE-2020-8616.patch: further limit the number of
        queries that can be triggered from a request in lib/dns/adb.c,
        lib/dns/include/dns/adb.h, lib/dns/resolver.c.
      + CVE-2020-8616
    - SECURITY UPDATE: A logic error in code which checks TSIG validity can
      be used to trigger an assertion failure in tsig.c
      + debian/patches/CVE-2020-8617.patch: don't allow replaying a TSIG
        BADTIME response in lib/dns/tsig.c.
      + CVE-2020-8617
  * Dropped:
    - use iproute2 instead of net-tools (LP #1850699):
      + d/control: replace net-tools depends with iproute2
      + d/bind9.init: use ip instead of ifconfig
      [In 1:9.16.1-2]
    - d/control: Enable readline-like support in dnsutils (nslookup and nsupdate)
      via libedit-dev (libreadline has a license conflict with bind)
      [In 1:9.16.1-2]
    - d/control: drop hardcoded python3 dependency
      (LP #1856211, Closes #946643)
      [In 1:9.16.1-2]
    - d/extras/apparmor.d/usr.sbin.named:
      + Add flags=(attach_disconnected) to AppArmor profile
      + AppArmor: Allow /var/tmp/krb5_* (owner-only) for Samba AD DLZ
        (Closes: #928398)
      [In 1:9.16.1-2]
    - d/rules: fix typo in the apparmor profile installation
      [In 1:9.16.1-2]
    - d/control: create transitional packages for dnsutils, bind9utils
      [In 1:9.16.1-2]
    - d/p/fix-rebinding-protection.patch: fix rebinding protection bug
      when using forwarder setups (LP #1873046)
      [Fixed upstream]

bind9 (1:9.16.2-3) unstable; urgency=medium

  [ Simon Deziel ]
  * apparmor: use profile name specifier

bind9 (1:9.16.2-2) unstable; urgency=medium

  * Update gbp.conf to debian/master and upstream/latest
  * Reintroduce the bind9-dev package (Closes: #954906)

bind9 (1:9.16.2-1) unstable; urgency=medium

  * Update d/copyright (Closes: #947978)
  * New upstream version 9.16.2 (Closes: #952946, #954919)

bind9 (1:9.16.1-2) unstable; urgency=medium

  [ Andreas Hasenack ]
  * Bring back the DEP8 test from sid
  * Use iproute2 instead of net-tools
  * d/control: drop hardcoded python3 dependency

  [ Bernhard Schmidt ]
  * Fix apparmor profile name.
    Thanks to Andreas Hasenack
  * Enable readline support

  [ Andreas Hasenack ]
  * Update apparmor profile with what is in sid
  * Create the missing transitional packages for dnsutils, bind9utils
  * There is a licensing conflict with adding libreadline and we should
    use libedit-dev instead.

  [ Ondřej Surý ]
  * Add Breaks: freeipa, so the package doesn't migrate to testing before freeipa is fixed

bind9 (1:9.16.1-1) experimental; urgency=medium

  * New upstream version 9.16.1

 -- Andreas Hasenack <email address hidden>  Fri, 22 May 2020 09:52:13 -0300