Public bug reported: Upstream: 9.18.2 Debian: 1:9.18.2-1 Ubuntu: 1:9.18.1-1ubuntu1
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. ### New Debian Changes ### bind9 (1:9.18.2-1) unstable; urgency=medium * Drop libldap2-dev from Build-Depends (Closes: #1008021) * New upstream version 9.18.2 * Add runtime dependency on libuv1 >= 1.40.0 (Closes: #1009889) -- Ondřej Surý <ond...@debian.org> Tue, 26 Apr 2022 11:03:35 +0200 bind9 (1:9.18.1-1) unstable; urgency=high * New upstream version 9.18.1 * CVE-2021-25220: The rules for acceptance of records into the cache have been tightened to prevent the possibility of poisoning if forwarders send records outside the configured bailiwick. * CVE-2022-0396: TCP connections with 'keep-response-order' enabled could leave the TCP sockets in the 'CLOSE_WAIT' state when the client did not properly shut down the connection. * CVE-2022-0635: Lookups involving a DNAME could trigger an assertion failure when 'synth-from-dnssec' was enabled (which is the default) * CVE-2022-0667: When chasing DS records, a timed out or artificially delayed fetch could cause 'named' to crash while resuming a DS lookup. -- Ondřej Surý <ond...@debian.org> Mon, 14 Mar 2022 15:29:31 +0100 bind9 (1:9.18.0-2) unstable; urgency=medium * Add patch to use detected L1 cache-line size instead of hard-coded value, this should fix architectures with 128-byte L1 cache. -- Ondřej Surý <ond...@debian.org> Thu, 27 Jan 2022 13:16:04 +0100 bind9 (1:9.18.0-1) unstable; urgency=medium * Bump the upstream version in debian/ to 9.18 * New upstream version 9.18.0 -- Ondřej Surý <ond...@debian.org> Wed, 26 Jan 2022 12:31:55 +0100 bind9 (1:9.18.0~0+git28350c-1) unstable; urgency=medium * New upstream version 9.18.0~0+git28350c + Pull the 9.18.0 pre-release git to have the L1 cache line fix (Closes: #1004271) * Fix the typo when backing up and restoring configure{,.ac} (Closes: #903586) * Remove some prehistoring conffile no longer in use (Closes: #942377) * Pick UTC date for release_date variable (Closes: #1000893) -- Ondřej Surý <ond...@debian.org> Mon, 24 Jan 2022 16:00:49 +0100 bind9 (1:9.17.22-1) unstable; urgency=medium * New upstream version 9.17.22 -- Ondřej Surý <ond...@debian.org> Wed, 19 Jan 2022 18:38:13 +0100 bind9 (1:9.17.21-1) unstable; urgency=medium * New upstream version 9.17.21 -- Ondřej Surý <ond...@debian.org> Wed, 15 Dec 2021 15:22:46 +0100 bind9 (1:9.17.20-3) unstable; urgency=medium * Retain bind9-resolvconf.service alias (Closes: #1000565) -- Ondřej Surý <ond...@debian.org> Thu, 25 Nov 2021 10:10:50 +0100 bind9 (1:9.17.20-2) unstable; urgency=medium * Tighten the dependencies on bind9-libs for the utils too (Closes: #1000354) -- Ondřej Surý <ond...@debian.org> Mon, 22 Nov 2021 08:58:22 +0100 bind9 (1:9.17.20-1) unstable; urgency=medium * New upstream version 9.17.20 * Remove the sphinx-patch, the role has been fixed upstream -- Ondřej Surý <ond...@debian.org> Thu, 18 Nov 2021 07:49:14 +0100 bind9 (1:9.17.19-3) unstable; urgency=medium * Remove the .so libraries from excluded files -- Ondřej Surý <ond...@debian.org> Fri, 12 Nov 2021 14:24:13 +0100 bind9 (1:9.17.19-2) unstable; urgency=medium * Add libjemalloc-dev to Build-Depends * Sync the packaging between BIND 9.16 and BIND 9.17 branches * Don't install static libraries to bind9-dev, they are not built -- Ondřej Surý <ond...@debian.org> Tue, 09 Nov 2021 10:42:43 +0100 bind9 (1:9.17.19-1) unstable; urgency=medium * New upstream version 9.17.19 ### Old Ubuntu Delta ### bind9 (1:9.18.1-1ubuntu1) jammy; urgency=medium * Merge with Debian unstable (LP: #1965981). Remaining changes: - Don't build dnstap as it depends on universe packages: + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and protobuf-c-compiler (universe packages) + d/dnsutils.install: don't install dnstap + d/libdns1104.symbols: don't include dnstap symbols + d/rules: don't build dnstap nor install dnstap.proto - Add back apport: + d/bind9.apport: add back old bind9 apport hook, but without calling attach_conffiles() since that is already done by apport itself, with confirmation from the user. + d/control, d/rules: build-depends on dh-apport and use it - d/NEWS: mention some of the bigger changes in 9.16.0 packaging - d/bind9.named.service: use systemd Type=forking to signal daemon init. This fixes a regression of #900788 where services whose startup depend on name resolutions may fail due to bind9 not being ready (LP #1899902). - d/control: remove optional libjemalloc-dev Build-Depends as it is not in main. - d/NEWS: mention some of the relevant changes in 9.18.0 packaging or functionality that may affect usability. * Dropped changes: - d/p/0003-Remove-spurious-debugging-true.patch: remove development leftover debugging flag from nslookup code (LP: #1961556). [ Incorporated in 9.18.1. ] - SECURITY UPDATE: cache poisoning via bogus NS records + debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of records into the cache in lib/dns/resolver.c. + CVE-2021-25220 [ Incorporated in 9.18.1. ] - SECURITY UPDATE: DoS via specially crafted TCP stream + debian/patches/CVE-2022-0396.patch: ensure correct ordering in lib/isc/netmgr/netmgr.c. + CVE-2022-0396 [ Incorporated in 9.18.1. ] - SECURITY UPDATE: DNAME insist with synth-from-dnssec enabled + debian/patches/CVE-2022-0635.patch: fix logic in lib/dns/rbtdb.c. + CVE-2022-0635 [ Incorporated in 9.18.1. ] - SECURITY UPDATE: Assertion failure on delayed DS lookup + debian/patches/CVE-2022-0667.patch: fix logic in lib/dns/resolver.c. + CVE-2022-0667 [ Incorporated in 9.18.1. ] * Added changes: - d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe.patch, d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo.patch, d/p/lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error-.patch, d/p/lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh.patch, d/p/lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv.patch, d/p/lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC.patch, d/p/lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the.patch: Fix dig error when trying the next server after a TCP connection failure. This upstream patchset also fixes a crash when using the 'host' command for numeric lookups (LP: #1964400) and an infinite hang when passing a non-existent hostname to 'host' (LP: #1964686). -- Sergio Durigan Junior <sergio.duri...@canonical.com> Wed, 23 Mar 2022 13:48:30 -0400 ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: bind9 (Ubuntu) Milestone: None => ubuntu-22.07 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971250 Title: Merge bind9 from Debian unstable for kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1971250/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs