bind9 1:9.16.3-1ubuntu1 source package in Ubuntu

Changelog

bind9 (1:9.16.3-1ubuntu1) groovy; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1104.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap nor install dnstap.proto
    - Add back apport:
      + d/bind9.apport: add back old bind9 apport hook, but without calling
        attach_conffiles() since that is already done by apport itself, with
        confirmation from the user.
      + d/control, d/rules: buil-depends on dh-apport and use it
    - d/t/simpletest: drop the internetsociety.org test as it requires
      network egress access that is not available in the Ubuntu autopkgtest
      farm.
    - d/NEWS: mention some of the bigger changes in 9.16.0 packaging
    - d/t/control: change the dep8 test dependency to be on the real
      bind9-dnsutils package, and not the transitional one (LP #1864761)
    - d/rules: change deprecated --with-libjson-c configure argument to
      --with-json-c
  * Dropped:
    - d/control: make bind9-dnsutils multi-arch foreign as another step
      towards fixing LP #1864761
      [The correct fix was to change the dep8 dependency to be on the real
      package, and not the transitional one]
    - SECURITY UPDATE: BIND does not sufficiently limit the number of fetches
      performed when processing referrals
      + debian/patches/CVE-2020-8616.patch: further limit the number of
        queries that can be triggered from a request in lib/dns/adb.c,
        lib/dns/include/dns/adb.h, lib/dns/resolver.c.
      + CVE-2020-8616
      [Fixed upstream]
    - SECURITY UPDATE: A logic error in code which checks TSIG validity can
      be used to trigger an assertion failure in tsig.c
      + debian/patches/CVE-2020-8617.patch: don't allow replaying a TSIG
        BADTIME response in lib/dns/tsig.c.
      + CVE-2020-8617
      [Fixed upstream]

bind9 (1:9.16.3-1) unstable; urgency=medium

  * New upstream version 9.16.3

 -- Andreas Hasenack <email address hidden>  Tue, 02 Jun 2020 17:37:44 -0300