Superseded
by bind9 - 1:9.19.24-1+ubuntu20.04.1+deb.sury.org+1
Published
Changelog
bind9 (1:9.19.23-1+ubuntu20.04.1+deb.sury.org+1) focal; urgency=medium
* No-change backport to focal.
bind9 (1:9.19.23-1) unstable; urgency=medium
* New upstream version 9.19.23
bind9 (1:9.19.22-1) unstable; urgency=medium
* New upstream version 9.19.22
- A regression caused by CVE-2023-6516 fix could lead into
an out-of-memory condition when the server is under heavy
load.
bind9 (1:9.19.21-1) unstable; urgency=high
[ Helmut Grohne ]
* Drop unused Build-Depends: python3. (Closes: #1063448)
[ Ondřej Surý ]
* New upstream version 9.19.21
- CVE-2023-4408: Parsing large DNS messages may cause excessive CPU
load
- CVE-2023-5517: Querying RFC 1918 reverse zones may cause an assertion
failure when "nxdomain-redirect" is enabled
- CVE-2023-5679: Enabling both DNS64 and serve-stale may cause an
assertion failure during recursive resolution
- CVE-2023-6516: Specific recursive query patterns may lead to an
out-of-memory condition
- CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust
CPU resources
bind9 (1:9.19.19-1) unstable; urgency=medium
[ Ondřej Surý ]
* New upstream version 9.19.19
[ Bernhard Schmidt ]
* Sync 9.18 to 9.19 (Closes: #1056984)
bind9 (1:9.19.18-1) unstable; urgency=medium
* New upstream version 9.19.18
bind9 (1:9.19.17-1) unstable; urgency=medium
* New upstream version 9.19.17
- CVE-2023-3341: A stack exhaustion flaw in control channel code may
cause named to terminate unexpectedly (Closes: #1052416)
- CVE-2023-4236: named may terminate unexpectedly under high
DNS-over-TLS query load (Closes: #1052417)
bind9 (1:9.19.16-1) experimental; urgency=medium
* New upstream version 9.19.16
bind9 (1:9.19.15-1) experimental; urgency=medium
* New upstream version 9.19.15
bind9 (1:9.19.14-1) experimental; urgency=medium
* New upstream version 9.19.14
bind9 (1:9.19.13-1) experimental; urgency=medium
* New upstream version 9.19.13
bind9 (1:9.19.12-2) experimental; urgency=medium
* Add liburcu-dev to Build-Depends
bind9 (1:9.19.12-1) experimental; urgency=medium
* New upstream version 9.19.12
bind9 (1:9.19.11-1) experimental; urgency=medium
* New upstream version 9.19.11
* Update the d/bind9-dev.install, d/bind9.install and d/not-installed
after library squash
bind9 (1:9.19.10-1) experimental; urgency=medium
* New upstream version 9.19.10
* Drop libtool-bin from B-D (Closes: #1022968)
bind9 (1:9.19.9-2) experimental; urgency=medium
* Allow the named to use systemd notify service
bind9 (1:9.19.9-1) experimental; urgency=medium
* New upstream version 9.19.9
bind9 (1:9.19.8-1) experimental; urgency=medium
* New upstream version 9.19.8
bind9 (1:9.19.7-1) experimental; urgency=medium
* New upstream version 9.19.7
bind9 (1:9.19.6-2) experimental; urgency=medium
* Use systemd notify for service readyness check (Closes: #994696)
bind9 (1:9.19.6-1) experimental; urgency=medium
* New upstream version 9.19.6
bind9 (1:9.19.5-1) experimental; urgency=medium
* New upstream version 9.19.5
- CVE-2022-2795: Processing large delegations may severely degrade
resolver performance
- CVE-2022-2881: Buffer overread in statistics channel code
- CVE-2022-2906: Memory leaks in code handling Diffie-Hellman key
exchange via TKEY RRs (OpenSSL 3.0.0+ only)
- CVE-2022-3080: BIND 9 resolvers configured to answer from stale
cache with zero stale-answer-client-timeout may terminate unexpectedly
- CVE-2022-38177: Memory leak in ECDSA DNSSEC verification code
- CVE-2022-38178: Memory leaks in EdDSA DNSSEC verification code
bind9 (1:9.19.4-1) unstable; urgency=medium
* Remove doc/misc/options.active from the docs
* New upstream version 9.19.4
bind9 (1:9.19.3-1) unstable; urgency=medium
* New upstream version 9.19.3
bind9 (1:9.19.2-1) unstable; urgency=medium
* New upstream version 9.19.2
bind9 (1:9.19.1-1) unstable; urgency=medium
* Disable treat-warnings-as-errors in sphinx-build
* New upstream version 9.19.1
bind9 (1:9.19.0-1) unstable; urgency=medium
* Update d/ for BIND 9.19 Development
* New upstream version 9.19.0
bind9 (1:9.18.2-1) unstable; urgency=medium
* Drop libldap2-dev from Build-Depends (Closes: #1008021)
* New upstream version 9.18.2
bind9 (1:9.18.1-1) unstable; urgency=high
* New upstream version 9.18.1
* CVE-2021-25220: The rules for acceptance of records into the cache
have been tightened to prevent the possibility of poisoning if
forwarders send records outside the configured bailiwick.
* CVE-2022-0396: TCP connections with 'keep-response-order' enabled
could leave the TCP sockets in the 'CLOSE_WAIT' state when the client
did not properly shut down the connection.
* CVE-2022-0635: Lookups involving a DNAME could trigger an assertion
failure when 'synth-from-dnssec' was enabled (which is the default)
* CVE-2022-0667: When chasing DS records, a timed out or artificially
delayed fetch could cause 'named' to crash while resuming a DS lookup.
bind9 (1:9.18.0-2) unstable; urgency=medium
* Add patch to use detected L1 cache-line size instead of hard-coded
value, this should fix architectures with 128-byte L1 cache.
bind9 (1:9.18.0-1) unstable; urgency=medium
* Bump the upstream version in debian/ to 9.18
* New upstream version 9.18.0
bind9 (1:9.18.0~0+git28350c-1) unstable; urgency=medium
* New upstream version 9.18.0~0+git28350c
+ Pull the 9.18.0 pre-release git to have the L1 cache line
fix (Closes: #1004271)
* Fix the typo when backing up and restoring configure{,.ac}
(Closes: #903586)
* Remove some prehistoring conffile no longer in use
(Closes: #942377)
* Pick UTC date for release_date variable (Closes: #1000893)
bind9 (1:9.17.22-1) unstable; urgency=medium
* New upstream version 9.17.22
bind9 (1:9.17.21-1) unstable; urgency=medium
* New upstream version 9.17.21
bind9 (1:9.17.20-3) unstable; urgency=medium
* Retain bind9-resolvconf.service alias (Closes: #1000565)
bind9 (1:9.17.20-2) unstable; urgency=medium
* Tighten the dependencies on bind9-libs for the utils too
(Closes: #1000354)
bind9 (1:9.17.20-1) unstable; urgency=medium
* New upstream version 9.17.20
* Remove the sphinx-patch, the role has been fixed upstream
bind9 (1:9.17.19-3) unstable; urgency=medium
* Remove the .so libraries from excluded files
bind9 (1:9.17.19-2) unstable; urgency=medium
* Add libjemalloc-dev to Build-Depends
* Sync the packaging between BIND 9.16 and BIND 9.17 branches
* Don't install static libraries to bind9-dev, they are not built
bind9 (1:9.17.19-1) unstable; urgency=medium
* New upstream version 9.17.19
bind9 (1:9.17.18-1) experimental; urgency=medium
* New upstream version 9.17.18
bind9 (1:9.17.17-2) experimental; urgency=medium
* Bump MAPAPI to 3.0
bind9 (1:9.17.17-1) experimental; urgency=medium
* New upstream version 9.17.17
bind9 (1:9.17.16-1) experimental; urgency=medium
* New upstream version 9.17.16
bind9 (1:9.17.15-1) experimental; urgency=medium
* New upstream version 9.17.15
bind9 (1:9.17.14-3) experimental; urgency=medium
* Add upstream patch to address 'Checking of key-directory and
dnssec-policy was broken'
bind9 (1:9.17.14-2) experimental; urgency=medium
* Add upstream patch to fix: 'W' in wildcard expansions was being mapped
to '\000'.
bind9 (1:9.17.14-1) experimental; urgency=medium
* New upstream version 9.17.14
bind9 (1:9.17.13-2) experimental; urgency=medium
* Revert upstream 'Add a Sphinx role for linking GitLab issues/MRs'
bind9 (1:9.17.13-1) experimental; urgency=medium
* New upstream version 9.17.13
bind9 (1:9.17.12-2) experimental; urgency=medium
* Add filter-a.so plugin into main package
bind9 (1:9.17.12-1) experimental; urgency=medium
* New upstream version 9.17.12
* Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance
bind9 (1:9.17.11-1) experimental; urgency=medium
* New upstream version 9.17.11
* Add upstream patches to fix TCP timeouts firing too early
bind9 (1:9.17.10-1) experimental; urgency=high
* New upstream version 9.17.10
+ [CVE-2020-8625]: Fix off-by-one bug in ISC SPNEGO implementation.
* Adjust the bind9-libs package for new upstream library names
* Add libnghttp2-dev to Build-Depends
* Update the way how we ignore development libraries, so the real ones
gets installed
bind9 (1:9.17.9-1) experimental; urgency=medium
* Exclude test-async.so from dh_install
* Update the ISC code-signing key
* New upstream version 9.17.9
bind9 (1:9.17.8-1) experimental; urgency=medium
* New upstream version 9.17.8
bind9 (1:9.17.7-1) experimental; urgency=medium
* New upstream version 9.17.7
bind9 (1:9.17.6-1) experimental; urgency=medium
* New upstream version 9.17.6
bind9 (1:9.17.5-2) experimental; urgency=medium
[ Bernhard Schmidt ]
* Move Build-Depends for documentation to Build-Depends-Indep
* Set Restart=on-failure in systemd unit
bind9 (1:9.17.5-1) experimental; urgency=medium
* New upstream version 9.17.5
bind9 (1:9.17.4-1) experimental; urgency=medium
* Add libtool-bin to Build-Depends
* Disable static linking
* New upstream version 9.17.4
bind9 (1:9.17.3-1) experimental; urgency=medium
* New upstream version 9.17.2
* Adjust d/*.install files after upstream moved binaries from sbin to bin
* Remove rfc-compliance from docs, it's gone
* New upstream version 9.17.3
* Add fonts-freefont-otf, latexmk, texlive-fonts-extra,
texlive-latex-recommended, texlive-xetex, and xindy to Build-Depends
* Install man pages for tsig-gen and named-compilezone
bind9 (1:9.17.1+git20200519-1) experimental; urgency=medium
* New upstream version 9.17.1+git20200519
* Update Debian packaging for autoconf/automake and sphinx-doc
bind9 (1:9.17.1-1) experimental; urgency=medium
* Update d/copyright (Closes: #947978)
* New upstream version 9.17.1
bind9 (1:9.17.0-1) experimental; urgency=medium
[ Andreas Hasenack ]
* Bring back the DEP8 test from sid
* Use iproute2 instead of net-tools
* d/control: drop hardcoded python3 dependency
[ Bernhard Schmidt ]
* Fix apparmor profile name.
Thanks to Andreas Hasenack
* Enable readline support
[ Andreas Hasenack ]
* Update apparmor profile with what is in sid
* Create the missing transitional packages for dnsutils, bind9utils
* There is a licensing conflict with adding libreadline and we should
use libedit-dev instead.
[ Ondřej Surý ]
* Switch to BIND 9.17 for the -dev packages
* New upstream version 9.17.0
-- Ondřej Surý <email address hidden> Wed, 17 Apr 2024 23:48:51 +0200