Format: 1.8 Date: Wed, 15 Dec 2021 15:23:19 +0100 Source: bind9 Architecture: source Version: 1:9.17.21-1+ubuntu18.04.1+isc+1 Distribution: bionic Urgency: high Maintainer: Debian DNS Team Changed-By: Ondřej Surý Closes: 459010 888491 896889 904983 920530 922065 927827 947978 952946 954906 954919 969448 973955 976045 980786 983004 987741 987742 987743 1000354 1000565 Changes: bind9 (1:9.17.21-1+ubuntu18.04.1+isc+1) bionic; urgency=medium . * No-change backport to bionic . bind9 (1:9.17.21-1) unstable; urgency=medium . * New upstream version 9.17.21 . bind9 (1:9.17.20-3) unstable; urgency=medium . * Retain bind9-resolvconf.service alias (Closes: #1000565) . bind9 (1:9.17.20-2) unstable; urgency=medium . * Tighten the dependencies on bind9-libs for the utils too (Closes: #1000354) . bind9 (1:9.17.20-1) unstable; urgency=medium . * New upstream version 9.17.20 * Remove the sphinx-patch, the role has been fixed upstream . bind9 (1:9.17.19-3) unstable; urgency=medium . * Remove the .so libraries from excluded files . bind9 (1:9.17.19-2) unstable; urgency=medium . * Add libjemalloc-dev to Build-Depends * Sync the packaging between BIND 9.16 and BIND 9.17 branches * Don't install static libraries to bind9-dev, they are not built . bind9 (1:9.17.19-1) unstable; urgency=medium . * New upstream version 9.17.19 . bind9 (1:9.17.18-1) experimental; urgency=medium . * New upstream version 9.17.18 . bind9 (1:9.17.17-2) experimental; urgency=medium . * Bump MAPAPI to 3.0 . bind9 (1:9.17.17-1) experimental; urgency=medium . * New upstream version 9.17.17 . bind9 (1:9.17.16-1) experimental; urgency=medium . * New upstream version 9.17.16 . bind9 (1:9.17.15-1) experimental; urgency=medium . * New upstream version 9.17.15 . bind9 (1:9.17.14-3) experimental; urgency=medium . * Add upstream patch to address 'Checking of key-directory and dnssec-policy was broken' . bind9 (1:9.17.14-2) experimental; urgency=medium . * Add upstream patch to fix: 'W' in wildcard expansions was being mapped to '\000'. . bind9 (1:9.17.14-1) experimental; urgency=medium . * New upstream version 9.17.14 . bind9 (1:9.17.13-2) experimental; urgency=medium . * Revert upstream 'Add a Sphinx role for linking GitLab issues/MRs' . bind9 (1:9.17.13-1) experimental; urgency=medium . * New upstream version 9.17.13 . bind9 (1:9.17.12-2) experimental; urgency=medium . * Add filter-a.so plugin into main package . bind9 (1:9.17.12-1) experimental; urgency=medium . * New upstream version 9.17.12 * Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance . bind9 (1:9.17.11-1) experimental; urgency=medium . * New upstream version 9.17.11 * Add upstream patches to fix TCP timeouts firing too early . bind9 (1:9.17.10-1) experimental; urgency=high . * New upstream version 9.17.10 + [CVE-2020-8625]: Fix off-by-one bug in ISC SPNEGO implementation. * Adjust the bind9-libs package for new upstream library names * Add libnghttp2-dev to Build-Depends * Update the way how we ignore development libraries, so the real ones gets installed . bind9 (1:9.17.9-1) experimental; urgency=medium . * Exclude test-async.so from dh_install * Update the ISC code-signing key * New upstream version 9.17.9 . bind9 (1:9.17.8-1) experimental; urgency=medium . * New upstream version 9.17.8 . bind9 (1:9.17.7-1) experimental; urgency=medium . * New upstream version 9.17.7 . bind9 (1:9.17.6-1) experimental; urgency=medium . * New upstream version 9.17.6 . bind9 (1:9.17.5-2) experimental; urgency=medium . [ Bernhard Schmidt ] * Move Build-Depends for documentation to Build-Depends-Indep * Set Restart=on-failure in systemd unit . bind9 (1:9.17.5-1) experimental; urgency=medium . * New upstream version 9.17.5 . bind9 (1:9.17.4-1) experimental; urgency=medium . * Add libtool-bin to Build-Depends * Disable static linking * New upstream version 9.17.4 . bind9 (1:9.17.3-1) experimental; urgency=medium . * New upstream version 9.17.2 * Adjust d/*.install files after upstream moved binaries from sbin to bin * Remove rfc-compliance from docs, it's gone * New upstream version 9.17.3 * Add fonts-freefont-otf, latexmk, texlive-fonts-extra, texlive-latex-recommended, texlive-xetex, and xindy to Build-Depends * Install man pages for tsig-gen and named-compilezone . bind9 (1:9.17.1+git20200519-1) experimental; urgency=medium . * New upstream version 9.17.1+git20200519 * Update Debian packaging for autoconf/automake and sphinx-doc . bind9 (1:9.17.1-1) experimental; urgency=medium . * Update d/copyright (Closes: #947978) * New upstream version 9.17.1 . bind9 (1:9.17.0-1) experimental; urgency=medium . [ Andreas Hasenack ] * Bring back the DEP8 test from sid * Use iproute2 instead of net-tools * d/control: drop hardcoded python3 dependency . [ Bernhard Schmidt ] * Fix apparmor profile name. Thanks to Andreas Hasenack * Enable readline support . [ Andreas Hasenack ] * Update apparmor profile with what is in sid * Create the missing transitional packages for dnsutils, bind9utils * There is a licensing conflict with adding libreadline and we should use libedit-dev instead. . [ Ondřej Surý ] * Switch to BIND 9.17 for the -dev packages * New upstream version 9.17.0 . bind9 (1:9.16.22-1) unstable; urgency=medium . * New upstream version 9.16.22 . bind9 (1:9.16.21-1) unstable; urgency=medium . * New upstream version 9.16.21 . bind9 (1:9.16.20-2) unstable; urgency=medium . * Bump MAPAPI to 3.0 . bind9 (1:9.16.20-1) unstable; urgency=medium . * New upstream version 9.16.20 . bind9 (1:9.16.19-1) unstable; urgency=medium . * New upstream version 9.16.19 . bind9 (1:9.16.18-1) unstable; urgency=medium . * New upstream version 9.16.18 . bind9 (1:9.16.17-3) unstable; urgency=medium . * Add upstream patch to address 'Checking of key-directory and dnssec-policy was broken' . bind9 (1:9.16.17-2) unstable; urgency=high . * Add upstream patch to fix: 'W' in wildcard expansions was being mapped to '\000'. . bind9 (1:9.16.17-1) unstable; urgency=medium . * New upstream version 9.16.17 . bind9 (1:9.16.16-2) unstable; urgency=medium . * Revert upstream 'Add a Sphinx role for linking GitLab issues/MRs' . bind9 (1:9.16.16-1) unstable; urgency=medium . * New upstream version 9.16.16 * Patches to implement I-D draft-hardaker-dnsop-nsec3-guidance were merged upstream; remove them from the package. . bind9 (1:9.16.15-1) unstable; urgency=high . * New upstream version 9.16.15 (Closes: #987741, #987742, #987743) + CVE-2021-25214: A malformed incoming IXFR transfer could trigger an assertion failure in ``named``, causing it to quit abnormally. + CVE-2021-25215: ``named`` crashed when a DNAME record placed in the ANSWER section during DNAME chasing turned out to be the final answer to a client query. + CVE-2021-25216: When a server's configuration set the ``tkey-gssapi-keytab`` or ``tkey-gssapi-credential`` option, a specially crafted GSS-TSIG query could cause a buffer overflow in the ISC implementation of SPNEGO (a protocol enabling negotiation of the security mechanism used for GSSAPI authentication). * Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance . bind9 (1:9.16.13-1) unstable; urgency=medium . * New upstream version 9.16.13 * Add upstream patches to fix TCP timeouts firing too early . bind9 (1:9.16.12-3) unstable; urgency=medium . * Add most important patches from upcoming 9.16.13 release . bind9 (1:9.16.12-2) unstable; urgency=medium . * Add patch to fix sphinx-build failure on Ubuntu Xenial . bind9 (1:9.16.12-1) unstable; urgency=high . * New upstream version 9.16.12 + [CVE-2020-8625]: Fix off-by-one bug in ISC SPNEGO implementation. (Closes: #983004) * Adjust the bind9-libs and bind9-dev packages for new upstream library names . bind9 (1:9.16.11-3) unstable; urgency=medium . * Split the simple validation test to separate file and mark it as flaky (Closes: #976045) . bind9 (1:9.16.11-2) unstable; urgency=medium . * Cherry-pick upstream commit to fix segfault with named ACLs used in allow-update (Closes: #980786) . bind9 (1:9.16.11-1) unstable; urgency=medium . * Add the ISC code-signing key for 2021-2022 * New upstream version 9.16.11 . bind9 (1:9.16.10-1) unstable; urgency=medium . * New upstream version 9.16.10 . bind9 (1:9.16.9-1) unstable; urgency=medium . * New upstream version 9.16.9 . bind9 (1:9.16.8-1) unstable; urgency=medium . [ Ondřej Surý ] * New upstream version 9.16.8 . [ Bernhard Schmidt ] * d/t/control: - tag autopkgtest with needs-internet (Closes: #973955) - depend on bind9-dnsutils insead of the transitional dnsutils * d/rules: change deprecated --with-libjson-c configure argument to --with-json-c . bind9 (1:9.16.7-1) unstable; urgency=medium . * New upstream version 9.16.7 . bind9 (1:9.16.6-3) unstable; urgency=medium . [ Ondřej Surý ] * Add upstream patches to fix some rare conditions (Closes: #969448) . [ Bernhard Schmidt ] * Set Restart=on-failure in systemd unit . bind9 (1:9.16.6-2) unstable; urgency=medium . * Move Build-Depends for documentation to Build-Depends-Indep, this should fix the arch-any build on s390x where xindy is not available. . bind9 (1:9.16.6-1) unstable; urgency=medium . * New upstream version 9.16.6 . bind9 (1:9.16.5-1) unstable; urgency=medium . * New upstream version 9.16.5 * Add fonts-freefont-otf, latexmk, texlive-fonts-recommended, texlive-latex-recommended, texlive-xetex, xindy to Build-Depends * Install man pages for tsig-gen and named-compilezone . bind9 (1:9.16.4-1) unstable; urgency=medium . * New upstream version 9.16.4 * Update Debian packaging for sphinx-doc documentation . bind9 (1:9.16.3-1) unstable; urgency=medium . * New upstream version 9.16.3 . bind9 (1:9.16.2-3) unstable; urgency=medium . [ Simon Deziel ] * apparmor: use profile name specifier . bind9 (1:9.16.2-2) unstable; urgency=medium . * Update gbp.conf to debian/master and upstream/latest * Reintroduce the bind9-dev package (Closes: #954906) . bind9 (1:9.16.2-1) unstable; urgency=medium . * Update d/copyright (Closes: #947978) * New upstream version 9.16.2 (Closes: #952946, #954919) . bind9 (1:9.16.1-2) unstable; urgency=medium . [ Andreas Hasenack ] * Bring back the DEP8 test from sid * Use iproute2 instead of net-tools * d/control: drop hardcoded python3 dependency . [ Bernhard Schmidt ] * Fix apparmor profile name. Thanks to Andreas Hasenack * Enable readline support . [ Andreas Hasenack ] * Update apparmor profile with what is in sid * Create the missing transitional packages for dnsutils, bind9utils * There is a licensing conflict with adding libreadline and we should use libedit-dev instead. . [ Ondřej Surý ] * Add Breaks: freeipa, so the package doesn't migrate to testing before freeipa is fixed . bind9 (1:9.16.1-1) experimental; urgency=medium . * New upstream version 9.16.1 . bind9 (1:9.16.0-1) experimental; urgency=medium . * Change the branch to 9.16 * New upstream version 9.16.0 . bind9 (1:9.15.8-1) experimental; urgency=medium . * New upstream version 9.15.8 . bind9 (1:9.15.7-1) experimental; urgency=medium . * Add libuv1-dev, libcmocka-dev, libedit-dev and zlib1g-dev to B-D * Update d/watch to use tar.xz * New upstream version 9.15.7 . bind9 (1:9.15.6-1) experimental; urgency=medium . * Remove useless patches * New upstream version 9.15.6 . bind9 (1:9.15.5-1) experimental; urgency=medium . * New upstream version 9.15.5 * Install python files to dist-packages (Courtesy of Jim Popovitch) * Remove GPL licensed apport file until one with better license is available * Remove debian/nslookup.1 * Remove 4-clause BSD content from the package . bind9 (1:9.15.4-1) unstable; urgency=medium . * New upstream version 9.15.4 . bind9 (1:9.15.3-2) unstable; urgency=medium . * Fix the section for bind9 alias in the systemd unit [GL #1193] . bind9 (1:9.15.3-1) unstable; urgency=medium . * New upstream version 9.15.3 * isc-config has been removed, remove it from the debian/ . bind9 (1:9.15.2-2) unstable; urgency=medium . * Tighten libmaxminddb-dev dependency * Install the tmpfile for named service again . bind9 (1:9.15.2-1) unstable; urgency=medium . * New upstream version 9.15.2 * Disable old GeoIP and enable new GeoIP2 . bind9 (1:9.15.1-2) experimental; urgency=medium . * Change --with-json=/usr to --with-json-c (and use pkg-config) . bind9 (1:9.15.1-1) experimental; urgency=medium . * New upstream version 9.15.1 * Rebase patches for 9.15.1 . bind9 (1:9.15.0-2) experimental; urgency=medium . * Fix Debian buster armhf build . bind9 (1:9.15.0-1) experimental; urgency=medium . * Update debian/ for BIND 9.15 * New upstream version 9.15.0 . bind9 (1:9.14.2-1) experimental; urgency=medium . * Make named.service to be known as bind9.service * New upstream version 9.14.2 . bind9 (1:9.14.1-1) experimental; urgency=medium . [ Ondřej Surý ] * New upstream version 9.14.1 * Remove the transitional packages and only keep bind9 names as the product name is 'BIND 9' . [ Bernhard Schmidt ] * Update AppArmor policy for Samba AD DLZ. Thanks to Steven Monai (Closes: #920530) * More fixes to the AppArmor policy * AppArmor policy: Allow access to /dev/urandom * AppArmor: Also add /var/lib/samba/bind-dns/dns/** (Closes: #927827) . bind9 (1:9.14.0-1) experimental; urgency=medium . * New upstream version 9.14.0 . bind9 (1:9.14.0~rc3-1) experimental; urgency=medium . * New upstream version 9.14.0~rc3 . bind9 (1:9.14.0~rc2-1) experimental; urgency=medium . * New upstream version 9.14.0~rc2 * Plugins are now in /usr/lib//named/*.so . bind9 (1:9.14.0~rc1-1) experimental; urgency=medium . * Update branches for DEP-14 * Bump the d/watch from 9.13 -> 9.14 * New upstream version 9.14.0~rc1 . bind9 (1:9.13.6-2) experimental; urgency=medium . * Add B/R for dnsutils . bind9 (1:9.13.6-1) experimental; urgency=medium . [ Ondřej Surý ] * New upstream version 9.13.6 * Add usr/share/man/man8/filter-aaaa.8 to the bind package * Rename packages back to BIND 9 * Rename the init scripts to named to match the name of the daemon * Bump to debhelper compat level 12 * Fix dh_install, dh_installinit and dh_installsystemd invocation for debhelper-compat level 12 * Add new upstream GPG signing-key * Disable building in subdirectory * Add bind-libs transitional package to cleanly remove src:bind from the archive * Disable subdirectory build in dh_auto_install target * Disable dh_auto_test as neither kyua (needed for unit tests) or setting up virtual interfaces on lo (needed for system tests) is available in Debian builds . [ Dominik George ] * Support dyndb modules in apparmor. * Also allow mapping from dyndb modules. . [ Bernhard Schmidt ] * apparmor-policy: permit locking of the allow-new-zones database (Closes: #922065) * apparmor-policy: allow access to Samba DLZ files (Closes: #920530) . bind (1:9.13.5-1) experimental; urgency=medium . * New upstream version 9.13.5 . bind (1:9.13.4-1) experimental; urgency=medium . * Use team+dns@tracker.debian.org as Maintainer address * New upstream version 9.13.4 . bind (1:9.13.3-3) experimental; urgency=medium . * Remove deprecated -r /dev/urandom option from rndc invocation . bind (1:9.13.3-2) experimental; urgency=medium . * Remove --disable-static from the dh_auto_configure call . bind (1:9.13.3-1) experimental; urgency=medium . * New upstream version 9.13.3 * Rebase patches for BIND 9.13.3 . bind (1:9.13.3~400-g47066d3d01-1) experimental; urgency=medium . * New upstream version 9.13.3~400-g47066d3d01 . bind (1:9.13.3~398-g5c00162f54-1) experimental; urgency=medium . [ Bernhard Schmidt ] * Enable IDN support for dig+host using libidn2 (Closes: #459010) * Use root.hints from dns-root-data (Closes: #888491) * Adjust apparmor profile for dns-root-data * Fix missing colon in AppArmor profile (Closes: #904983) * d/watch: Properly deal with -P patch releases . [ Timo Aaltonen ] * skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11 crashing on startup. (LP: #1769440) . [ Ondřej Surý ] * New upstream version 9.13.3~398-g5c00162f54 * Rebase patches for new upstream snapshot release . bind (1:9.13.2-1~exp0) experimental; urgency=medium . * Don't repack, all non-free files are gone from BIND 9.13 * New upstream version 9.13.2 * Rebase patches for BIND 9.13.2 * Stop providing bind-dev package and checking for symbols, they are not tightly coupled with rest of the package. * Add docbook-xsl and docbook-xml to Build-Depends * Add pkg-config to Build-Depends and cleanup versioned Build-Depends * Enable dnstap support (Courtesy of Richard James Salts) * Remove auth-nxdomain no; from named.conf.options (Closes: #896889) . bind (1:9.13.1+dfsg-1) experimental; urgency=medium . * New upstream version 9.13.1+dfsg * d/watch: Always package the latest version * d/patches: Remove 0003-Add-min-cache-ttl-and-min-ncache-ttl-keywords.patch, so we less divert from upstream * d/patches: Refresh patches on top of BIND 9.13.1 . bind (1:9.12.0+dfsg-1~exp1) experimental; urgency=medium . * Move to standard master/upstream/pristine-tar branching * Add /etc/default/bind file to bind package * Don't fail the systemd unit if /etc/default/bind doesn't exist . bind (1:9.12.0+dfsg-1~exp0) experimental; urgency=medium . * New upstream version 9.12.0+dfsg * Rename bind9 to just bind, and merge all shared libraries into bind-libs. * Update Vcs-* links to salsa.d.o * Update d/watch and d/gbp.conf for BIND 9.12 * Remove export version of the libraries; we really need to deprecate ISC-DHCP in buster+1 * d/patches changes: + Convert 02_version.diff to sed rule in d/rules + Remove the extra native-pkcs11 patch that double builds everything; a solution with OpenSSL engines is far more suitable and less intrusive + Remove stdatomic.h patches; already merged upstream into BIND 9.12 + Refresh all the other patches for BIND 9.12.0 + Fix the min-(n)cache-ttl patch for BIND 9.12 * Remove isc-hmac-fixup from bind package * Remove man3 from bind-dev package as they are not installed * Add dnssec-cds to bind-utils package * Update missing and new symbols for BIND 9.12 Checksums-Sha1: 38c50d88dcd5ae81ba89bba2148cc56fb5bbe6f3 3424 bind9_9.17.21-1+ubuntu18.04.1+isc+1.dsc 11a2d93d507d3d2e8146c8894888a7fdebfe14a1 5078680 bind9_9.17.21.orig.tar.xz 4e58de3aa2a4d0da61ccededa8443e9874c6b5e8 874 bind9_9.17.21.orig.tar.xz.asc 51bfc6ac9839150327c1d69096786cfe64c130a8 78240 bind9_9.17.21-1+ubuntu18.04.1+isc+1.debian.tar.xz d775b3242b4e88706d40a2dad5ee5cadd4e63307 12218 bind9_9.17.21-1+ubuntu18.04.1+isc+1_source.buildinfo Checksums-Sha256: 6cd59aeb498d3a31b4bfb1fb3942bbc4597bdb2b9351de7afa13b485d0ad3431 3424 bind9_9.17.21-1+ubuntu18.04.1+isc+1.dsc a31156ced9ff04e411253170aec757870eed293c7f88f14eec86d4aefcaf185d 5078680 bind9_9.17.21.orig.tar.xz 1989c6b58d5e5d29e0015c5b6a129e1f19ccf03a468594ef9d0d0442362ee8a4 874 bind9_9.17.21.orig.tar.xz.asc 1be0e34b7c082222156e519c31db90ba8bcf648defb8211418cf3000f299834c 78240 bind9_9.17.21-1+ubuntu18.04.1+isc+1.debian.tar.xz a65275a3a2beeb45bca0db89f5bb1b14e4de2bb44f1bc008ee7c5f4ff371bc8c 12218 bind9_9.17.21-1+ubuntu18.04.1+isc+1_source.buildinfo Files: 483a9a24e08a9ba45d8f1aac499fe3af 3424 net optional bind9_9.17.21-1+ubuntu18.04.1+isc+1.dsc 090a4ee349810ea22c3b9efda76f8e86 5078680 net optional bind9_9.17.21.orig.tar.xz 6babbcb6085f5b93abd258ddaed49cc1 874 net optional bind9_9.17.21.orig.tar.xz.asc c4ec105534460dc360af9c57b69be7f2 78240 net optional bind9_9.17.21-1+ubuntu18.04.1+isc+1.debian.tar.xz c0b7fa1c7ec7a7123b5b6bbed3b20b8e 12218 net optional bind9_9.17.21-1+ubuntu18.04.1+isc+1_source.buildinfo