Publishing details
Changelog
bind9 (1:9.18.26-1+ubuntu20.04.1+deb.sury.org+1) focal; urgency=medium
* No-change backport to focal.
bind9 (1:9.18.26-1) unstable; urgency=medium
* New upstream version 9.18.26
bind9 (1:9.18.25-1) unstable; urgency=medium
* New upstream version 9.18.25
- A regression caused by CVE-2023-6516 fix could lead into
an out-of-memory condition when the server is under heavy
load.
bind9 (1:9.18.24-1) unstable; urgency=medium
* New upstream version 9.18.24
- CVE-2023-4408: Parsing large DNS messages may cause excessive CPU
load
- CVE-2023-5517: Querying RFC 1918 reverse zones may cause an assertion
failure when "nxdomain-redirect" is enabled
- CVE-2023-5679: Enabling both DNS64 and serve-stale may cause an
assertion failure during recursive resolution
- CVE-2023-6516: Specific recursive query patterns may lead to an
out-of-memory condition
- CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust
CPU resources
bind9 (1:9.18.21-1) unstable; urgency=medium
* New upstream version 9.18.21
bind9 (1:9.18.20-1) unstable; urgency=medium
* New upstream version 9.18.20
bind9 (1:9.18.19-1) unstable; urgency=medium
* New upstream version 9.18.19
bind9 (1:9.18.18-1) unstable; urgency=medium
* New upstream version 9.18.18
bind9 (1:9.18.17-1) unstable; urgency=medium
* New upstream version 9.18.17
bind9 (1:9.18.16-1) unstable; urgency=medium
* New upstream version 9.18.16
- CVE-2023-2828: The overmem cleaning process has been improved,
to prevent the cache from significantly exceeding the configured
max-cache-size limit.
- CVE-2023-2911: A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache. If the fetch
is aborted for exceeding the recursion quota, it was possible for
named to enter an infinite callback loop and crash due to stack
overflow. This has been fixed.
bind9 (1:9.18.15-1) unstable; urgency=medium
* New upstream version 9.18.15
bind9 (1:9.18.14-1) unstable; urgency=medium
* New upstream version 9.18.14
bind9 (1:9.18.13-1) unstable; urgency=medium
* New upstream version 9.18.13
bind9 (1:9.18.12-1) unstable; urgency=medium
* New upstream version 9.18.12
* Drop libtool-bin from B-D (Closes: #1022968)
bind9 (1:9.18.11-2) unstable; urgency=medium
* Allow the named to use systemd notify service
bind9 (1:9.18.11-1) unstable; urgency=medium
* New upstream version 9.18.11
bind9 (1:9.18.10-2) unstable; urgency=medium
* Backport upstream feature to use sd_notify()
* Use systemd notify for service readyness check (Closes: #994696)
* apparmor.d: Allow named to read all OpenSSL config files.
(Closes: #1025519)
* apparmor.d: Allow named to query for hugepages support.
(Closes: #1020315)
* Fix path to README.Debian (Closes: #1016646)
bind9 (1:9.18.10-1) unstable; urgency=medium
* New upstream version 9.18.10
bind9 (1:9.18.9-1) unstable; urgency=medium
* New upstream version 9.18.9
bind9 (1:9.18.8-1) unstable; urgency=medium
* New upstream version 9.18.8
bind9 (1:9.18.7-1) unstable; urgency=medium
* New upstream version 9.18.7
- CVE-2022-2795: Processing large delegations may severely degrade
resolver performance
- CVE-2022-2881: Buffer overread in statistics channel code
- CVE-2022-2906: Memory leaks in code handling Diffie-Hellman key
exchange via TKEY RRs (OpenSSL 3.0.0+ only)
- CVE-2022-3080: BIND 9 resolvers configured to answer from stale
cache with zero stale-answer-client-timeout may terminate unexpectedly
- CVE-2022-38177: Memory leak in ECDSA DNSSEC verification code
- CVE-2022-38178: Memory leaks in EdDSA DNSSEC verification code
bind9 (1:9.18.6-2) unstable; urgency=medium
* No-change source-only upload
bind9 (1:9.18.6-1) unstable; urgency=medium
* Disable treat-warnings-as-errors in sphinx-build
* New upstream version 9.18.6
bind9 (1:9.18.5-1) unstable; urgency=medium
* New upstream version 9.18.5
bind9 (1:9.18.4-2) unstable; urgency=medium
[ Simon Deziel ]
* debian/extras/etc/db.0: correct descriptive comment
[ Bernhard Schmidt ]
* Add sleep workaround in tests/simpletests (Closes: #1012059)
bind9 (1:9.18.4-1) unstable; urgency=medium
* Disable treat-warnings-as-errors in sphinx-build
* New upstream version 9.18.4
bind9 (1:9.18.3-1) unstable; urgency=medium
* New upstream version 9.18.3
bind9 (1:9.18.2-1) unstable; urgency=medium
* Drop libldap2-dev from Build-Depends (Closes: #1008021)
* New upstream version 9.18.2
* Add runtime dependency on libuv1 >= 1.40.0 (Closes: #1009889)
bind9 (1:9.18.1-1) unstable; urgency=high
* New upstream version 9.18.1
* CVE-2021-25220: The rules for acceptance of records into the cache
have been tightened to prevent the possibility of poisoning if
forwarders send records outside the configured bailiwick.
* CVE-2022-0396: TCP connections with 'keep-response-order' enabled
could leave the TCP sockets in the 'CLOSE_WAIT' state when the client
did not properly shut down the connection.
* CVE-2022-0635: Lookups involving a DNAME could trigger an assertion
failure when 'synth-from-dnssec' was enabled (which is the default)
* CVE-2022-0667: When chasing DS records, a timed out or artificially
delayed fetch could cause 'named' to crash while resuming a DS lookup.
bind9 (1:9.18.0-2) unstable; urgency=medium
* Add patch to use detected L1 cache-line size instead of hard-coded
value, this should fix architectures with 128-byte L1 cache.
bind9 (1:9.18.0-1) unstable; urgency=medium
* Bump the upstream version in debian/ to 9.18
* New upstream version 9.18.0
bind9 (1:9.18.0~0+git28350c-1) unstable; urgency=medium
* New upstream version 9.18.0~0+git28350c
+ Pull the 9.18.0 pre-release git to have the L1 cache line
fix (Closes: #1004271)
* Fix the typo when backing up and restoring configure{,.ac}
(Closes: #903586)
* Remove some prehistoring conffile no longer in use
(Closes: #942377)
* Pick UTC date for release_date variable (Closes: #1000893)
bind9 (1:9.17.22-1) unstable; urgency=medium
* New upstream version 9.17.22
bind9 (1:9.17.21-1) unstable; urgency=medium
* New upstream version 9.17.21
bind9 (1:9.17.20-3) unstable; urgency=medium
* Retain bind9-resolvconf.service alias (Closes: #1000565)
bind9 (1:9.17.20-2) unstable; urgency=medium
* Tighten the dependencies on bind9-libs for the utils too
(Closes: #1000354)
bind9 (1:9.17.20-1) unstable; urgency=medium
* New upstream version 9.17.20
* Remove the sphinx-patch, the role has been fixed upstream
bind9 (1:9.17.19-3) unstable; urgency=medium
* Remove the .so libraries from excluded files
bind9 (1:9.17.19-2) unstable; urgency=medium
* Add libjemalloc-dev to Build-Depends
* Sync the packaging between BIND 9.16 and BIND 9.17 branches
* Don't install static libraries to bind9-dev, they are not built
bind9 (1:9.17.19-1) unstable; urgency=medium
* New upstream version 9.17.19
bind9 (1:9.17.18-1) experimental; urgency=medium
* New upstream version 9.17.18
bind9 (1:9.17.17-2) experimental; urgency=medium
* Bump MAPAPI to 3.0
bind9 (1:9.17.17-1) experimental; urgency=medium
* New upstream version 9.17.17
bind9 (1:9.17.16-1) experimental; urgency=medium
* New upstream version 9.17.16
bind9 (1:9.17.15-1) experimental; urgency=medium
* New upstream version 9.17.15
bind9 (1:9.17.14-3) experimental; urgency=medium
* Add upstream patch to address 'Checking of key-directory and
dnssec-policy was broken'
bind9 (1:9.17.14-2) experimental; urgency=medium
* Add upstream patch to fix: 'W' in wildcard expansions was being mapped
to '\000'.
bind9 (1:9.17.14-1) experimental; urgency=medium
* New upstream version 9.17.14
bind9 (1:9.17.13-2) experimental; urgency=medium
* Revert upstream 'Add a Sphinx role for linking GitLab issues/MRs'
bind9 (1:9.17.13-1) experimental; urgency=medium
* New upstream version 9.17.13
bind9 (1:9.17.12-2) experimental; urgency=medium
* Add filter-a.so plugin into main package
bind9 (1:9.17.12-1) experimental; urgency=medium
* New upstream version 9.17.12
* Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance
bind9 (1:9.17.11-1) experimental; urgency=medium
* New upstream version 9.17.11
* Add upstream patches to fix TCP timeouts firing too early
bind9 (1:9.17.10-1) experimental; urgency=high
* New upstream version 9.17.10
+ [CVE-2020-8625]: Fix off-by-one bug in ISC SPNEGO implementation.
* Adjust the bind9-libs package for new upstream library names
* Add libnghttp2-dev to Build-Depends
* Update the way how we ignore development libraries, so the real ones
gets installed
bind9 (1:9.17.9-1) experimental; urgency=medium
* Exclude test-async.so from dh_install
* Update the ISC code-signing key
* New upstream version 9.17.9
bind9 (1:9.17.8-1) experimental; urgency=medium
* New upstream version 9.17.8
bind9 (1:9.17.7-1) experimental; urgency=medium
* New upstream version 9.17.7
bind9 (1:9.17.6-1) experimental; urgency=medium
* New upstream version 9.17.6
bind9 (1:9.17.5-2) experimental; urgency=medium
[ Bernhard Schmidt ]
* Move Build-Depends for documentation to Build-Depends-Indep
* Set Restart=on-failure in systemd unit
bind9 (1:9.17.5-1) experimental; urgency=medium
* New upstream version 9.17.5
bind9 (1:9.17.4-1) experimental; urgency=medium
* Add libtool-bin to Build-Depends
* Disable static linking
* New upstream version 9.17.4
bind9 (1:9.17.3-1) experimental; urgency=medium
* New upstream version 9.17.2
* Adjust d/*.install files after upstream moved binaries from sbin to bin
* Remove rfc-compliance from docs, it's gone
* New upstream version 9.17.3
* Add fonts-freefont-otf, latexmk, texlive-fonts-extra,
texlive-latex-recommended, texlive-xetex, and xindy to Build-Depends
* Install man pages for tsig-gen and named-compilezone
bind9 (1:9.17.1+git20200519-1) experimental; urgency=medium
* New upstream version 9.17.1+git20200519
* Update Debian packaging for autoconf/automake and sphinx-doc
bind9 (1:9.17.1-1) experimental; urgency=medium
* Update d/copyright (Closes: #947978)
* New upstream version 9.17.1
bind9 (1:9.17.0-1) experimental; urgency=medium
[ Andreas Hasenack ]
* Bring back the DEP8 test from sid
* Use iproute2 instead of net-tools
* d/control: drop hardcoded python3 dependency
[ Bernhard Schmidt ]
* Fix apparmor profile name.
Thanks to Andreas Hasenack
* Enable readline support
[ Andreas Hasenack ]
* Update apparmor profile with what is in sid
* Create the missing transitional packages for dnsutils, bind9utils
* There is a licensing conflict with adding libreadline and we should
use libedit-dev instead.
[ Ondřej Surý ]
* Switch to BIND 9.17 for the -dev packages
* New upstream version 9.17.0
-- Ondřej Surý <email address hidden> Wed, 17 Apr 2024 23:47:27 +0200
Builds
Built packages
-
bind9
Internet Domain Name Server
-
bind9-dbgsym
debug symbols for bind9
-
bind9-dev
Static Libraries and Headers used by BIND 9
-
bind9-dnsutils
Clients provided with BIND 9
-
bind9-dnsutils-dbgsym
debug symbols for bind9-dnsutils
-
bind9-doc
Documentation for BIND 9
-
bind9-host
DNS Lookup Utility
-
bind9-host-dbgsym
debug symbols for bind9-host
-
bind9-libs
Shared Libraries used by BIND 9
-
bind9-libs-dbgsym
debug symbols for bind9-libs
-
bind9-utils
Utilities for BIND 9
-
bind9-utils-dbgsym
debug symbols for bind9-utils
-
bind9utils
Transitional package for bind9-utils
-
dnsutils
Transitional package for bind9-dnsutils
Package files