** Description changed: Upstream: tbd - Debian: 1.15.0-8 + Debian: 1.15.0-8 Ubuntu: 1.13.1-1ubuntu5 - Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. + Dominic requests (via LP: #1946909, commit #1): "Please ensure that + whatever happens, Unbound on Ubuntu continues to be compiled with the + nghttp2 library. Unbound on Debian is currently not compiled with + nghttp2." ### New Debian Changes ### unbound (1.15.0-8) unstable; urgency=medium - * fix the brown-paper bag bug in the previous upload. I did it again: - it is var += newvalue, not var := newvalue. This made the previous - upload to built without many build options + * fix the brown-paper bag bug in the previous upload. I did it again: + it is var += newvalue, not var := newvalue. This made the previous + upload to built without many build options - -- Michael Tokarev <m...@tls.msk.ru> Fri, 29 Apr 2022 18:33:16 +0300 + -- Michael Tokarev <m...@tls.msk.ru> Fri, 29 Apr 2022 18:33:16 +0300 unbound (1.15.0-7) unstable; urgency=medium - * unbound-resolvconf.service: - - do not (re)start it explicitly from the postinst script, it should - only be started as a part of unbound.service. Closes: #1009928 - - add comments to this service file to clarify its purpose - - add lintian overrides for this service file - * /etc/resolvconf/update.d/unbound resolvconf hook script: - - ship it enabled for new installs. Closes: #1003135 - - but do not re-enable it for previous installs - - add more comments to this file clarifying its purpose and possible issues - - add comments about various ways to enable/disable this hook, - - implement ability to disable it by setting USE_RESOLVCONF_FORWARDS=false - in /etc/default/unbound - - multiple other small changes and cleanups - - rename it in debian packaging from d/resolvconf to d/resolvconf-forwards - to make it's purpose more explicit - * use dns root.key stored in /usr/share/dns/ (as provided by dns-root-data - package) instead of the unbound-owned /var/lib/unbound/root.key (which is - managed by an untrusted user). This changes defaults for unbound-host and - unbound-anchor. Add Recommends: dns-root-data for unbound-host so it can - find this root.key in the default install. Closes: #641704 + * unbound-resolvconf.service: + - do not (re)start it explicitly from the postinst script, it should + only be started as a part of unbound.service. Closes: #1009928 + - add comments to this service file to clarify its purpose + - add lintian overrides for this service file + * /etc/resolvconf/update.d/unbound resolvconf hook script: + - ship it enabled for new installs. Closes: #1003135 + - but do not re-enable it for previous installs + - add more comments to this file clarifying its purpose and possible issues + - add comments about various ways to enable/disable this hook, + - implement ability to disable it by setting USE_RESOLVCONF_FORWARDS=false + in /etc/default/unbound + - multiple other small changes and cleanups + - rename it in debian packaging from d/resolvconf to d/resolvconf-forwards + to make it's purpose more explicit + * use dns root.key stored in /usr/share/dns/ (as provided by dns-root-data + package) instead of the unbound-owned /var/lib/unbound/root.key (which is + managed by an untrusted user). This changes defaults for unbound-host and + unbound-anchor. Add Recommends: dns-root-data for unbound-host so it can + find this root.key in the default install. Closes: #641704 - -- Michael Tokarev <m...@tls.msk.ru> Fri, 29 Apr 2022 16:53:50 +0300 + -- Michael Tokarev <m...@tls.msk.ru> Fri, 29 Apr 2022 16:53:50 +0300 unbound (1.15.0-6) unstable; urgency=medium - * actually install the forgotten remote-control.conf. + * actually install the forgotten remote-control.conf. - -- Michael Tokarev <m...@tls.msk.ru> Thu, 28 Apr 2022 20:15:21 +0300 + -- Michael Tokarev <m...@tls.msk.ru> Thu, 28 Apr 2022 20:15:21 +0300 unbound (1.15.0-5) unstable; urgency=medium - * use unix-domain socket /run/unbound.ctl for the control interface - instead of tcp localhost socket. This makes the keys/certs files - for the remote contol to be unnecessary, so stop running - unbound-control-setup in postinst too. - (Closes: #1010271) - * move remote-control section out of main unbound.conf file into - unbound.conf.d/remote-control.conf. Main file now becomes the - same as before version 1.15. There was no need to mess with the - main config file since the NEWS file already gives the user - enough information. - * do-not-chown-control-socket.patch: stop chowning control socket - to the unprivileged user, only group ownership is needed. - * do-not-look-at-pidfile.patch: stop messing up with the pidfile. - Unbound does not need to look at its pid file for the previous - instance, since it will not be able to open listening sockets - if the daemon is already running. Remove whole reading of the - pid file, and especially remove setting ownership of the pid file - to the unprivileged user (done in order to be able to clean it up), - since this is a potential security issue. - * unbound.postrm: stop removing the unbound system user - * fix wording and reformat the previous unbound.NEWS entry, and merge - old NEWS file into unbound.NEWS, since all news in there are actually - about the unbound package, not about all other binary packages we build. - * a few more tweaks for d/unbound-helper, in do_resolvconf_{start|stop}. - Thank you Simon Deziel for the ideas. + * use unix-domain socket /run/unbound.ctl for the control interface + instead of tcp localhost socket. This makes the keys/certs files + for the remote contol to be unnecessary, so stop running + unbound-control-setup in postinst too. + (Closes: #1010271) + * move remote-control section out of main unbound.conf file into + unbound.conf.d/remote-control.conf. Main file now becomes the + same as before version 1.15. There was no need to mess with the + main config file since the NEWS file already gives the user + enough information. + * do-not-chown-control-socket.patch: stop chowning control socket + to the unprivileged user, only group ownership is needed. + * do-not-look-at-pidfile.patch: stop messing up with the pidfile. + Unbound does not need to look at its pid file for the previous + instance, since it will not be able to open listening sockets + if the daemon is already running. Remove whole reading of the + pid file, and especially remove setting ownership of the pid file + to the unprivileged user (done in order to be able to clean it up), + since this is a potential security issue. + * unbound.postrm: stop removing the unbound system user + * fix wording and reformat the previous unbound.NEWS entry, and merge + old NEWS file into unbound.NEWS, since all news in there are actually + about the unbound package, not about all other binary packages we build. + * a few more tweaks for d/unbound-helper, in do_resolvconf_{start|stop}. + Thank you Simon Deziel for the ideas. - -- Michael Tokarev <m...@tls.msk.ru> Thu, 28 Apr 2022 19:15:23 +0300 + -- Michael Tokarev <m...@tls.msk.ru> Thu, 28 Apr 2022 19:15:23 +0300 unbound (1.15.0-4) unstable; urgency=medium - * d/unbound.conf: move and fix the remote-control section - Move the remote-control section above the include directive so it is - possible to override it there, and fix comment. Do this remote-control - section in unbound.conf directly (instead of in new unbound.conf.d/ - fragment), so it is more obvious that the default were flipped and - the default value is changed. + * d/unbound.conf: move and fix the remote-control section + Move the remote-control section above the include directive so it is + possible to override it there, and fix comment. Do this remote-control + section in unbound.conf directly (instead of in new unbound.conf.d/ + fragment), so it is more obvious that the default were flipped and + the default value is changed. - -- Michael Tokarev <m...@tls.msk.ru> Wed, 20 Apr 2022 10:52:26 +0300 + -- Michael Tokarev <m...@tls.msk.ru> Wed, 20 Apr 2022 10:52:26 +0300 unbound (1.15.0-3) unstable; urgency=medium - * modify the default unbound.conf to include control-enale: yes so - the remote control is enabled by default even if the default value - is not flipped by a patch (upstream sets it to 'no') - * d/control: use the right spelling for Recommends: + * modify the default unbound.conf to include control-enale: yes so + the remote control is enabled by default even if the default value + is not flipped by a patch (upstream sets it to 'no') + * d/control: use the right spelling for Recommends: - -- Michael Tokarev <m...@tls.msk.ru> Wed, 20 Apr 2022 00:37:17 +0300 + -- Michael Tokarev <m...@tls.msk.ru> Wed, 20 Apr 2022 00:37:17 +0300 unbound (1.15.0-2) experimental; urgency=medium - [ Michael Stella ] - * Add clarifying description to resolvconf hook + [ Michael Stella ] + * Add clarifying description to resolvconf hook - [ Simon Deziel ] - * debian/unbound.init: ask start-stop-daemon to remove the PID file - when stopping the daemon. Closes: #947771 + [ Simon Deziel ] + * debian/unbound.init: ask start-stop-daemon to remove the PID file + when stopping the daemon. Closes: #947771 - [ Michael Tokarev ] - * d/changelog: mention #1000201 closed by 1.15.0-1 - + [ Michael Tokarev ] + * d/changelog: mention #1000201 closed by 1.15.0-1 ### Old Ubuntu Delta ### unbound (1.13.1-1ubuntu5) jammy; urgency=medium - * Cherry-pick upstream commits for Python 3.10 compatibility + * Cherry-pick upstream commits for Python 3.10 compatibility - -- Rico Tzschichholz <ric...@ubuntu.com> Tue, 01 Feb 2022 15:23:57 + -- Rico Tzschichholz <ric...@ubuntu.com> Tue, 01 Feb 2022 15:23:57 +0100 unbound (1.13.1-1ubuntu4) jammy; urgency=medium - * No-change rebuild with Python 3.10 as default version + * No-change rebuild with Python 3.10 as default version - -- Graham Inggs <gin...@ubuntu.com> Thu, 13 Jan 2022 20:38:08 +0000 + -- Graham Inggs <gin...@ubuntu.com> Thu, 13 Jan 2022 20:38:08 +0000 unbound (1.13.1-1ubuntu3) jammy; urgency=medium - * debian/patches/openssl3.patch: compatibility with OpenSSL 3. + * debian/patches/openssl3.patch: compatibility with OpenSSL 3. - -- Steve Langasek <steve.langa...@ubuntu.com> Thu, 09 Dec 2021 + -- Steve Langasek <steve.langa...@ubuntu.com> Thu, 09 Dec 2021 20:51:29 +0000 unbound (1.13.1-1ubuntu2) jammy; urgency=medium - * No-change rebuild against libssl3 + * No-change rebuild against libssl3 - -- Steve Langasek <steve.langa...@ubuntu.com> Thu, 09 Dec 2021 + -- Steve Langasek <steve.langa...@ubuntu.com> Thu, 09 Dec 2021 00:22:14 +0000 unbound (1.13.1-1ubuntu1) impish; urgency=medium - * Enable DNS-over-HTTPS support (LP: #1927877) - - d/control: add Build-Depends on libnghttp2-dev - - d/rules: compile with libnghttp2 + * Enable DNS-over-HTTPS support (LP: #1927877) + - d/control: add Build-Depends on libnghttp2-dev + - d/rules: compile with libnghttp2 - -- Athos Ribeiro <athos.ribe...@canonical.com> Thu, 01 Jul 2021 + -- Athos Ribeiro <athos.ribe...@canonical.com> Thu, 01 Jul 2021 11:16:26 -0300
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971332 Title: Merge unbound from Debian unstable for kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1971332/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs