bind9 1:9.16.15-1ubuntu1 source package in Ubuntu

Changelog

bind9 (1:9.16.15-1ubuntu1) impish; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1104.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap nor install dnstap.proto
    - Add back apport:
      + d/bind9.apport: add back old bind9 apport hook, but without calling
        attach_conffiles() since that is already done by apport itself, with
        confirmation from the user.
      + d/control, d/rules: buil-depends on dh-apport and use it
    - d/NEWS: mention some of the bigger changes in 9.16.0 packaging
    - d/bind9.named.service: use systemd Type=forking to signal daemon init.
      This fixes a regression of #900788 where services whose startup depend
      on name resolutions may fail due to bind9 not being ready (LP #1899902).
  * Drop changes:
    - d/t/simpletest: drop the internetsociety.org test as it requires
      network egress access that is not available in the Ubuntu autopkgtest
      farm.
      [Fixed in 1:9.16.11-3]
    - SECURITY UPDATE: off-by-one bug in ISC SPNEGO implementation
      + debian/patches/CVE-2020-8625.patch: properly calculate length in
        lib/dns/spnego.c.
      + CVE-2020-8625
      [Fixed in 1:9.16.12-1]
    - SECURITY UPDATE: DoS via broken inbound incremental zone update (IXFR)
      + debian/patches/CVE-2021-25214.patch: immediately reject the entire
        transfer for certain RR in lib/dns/xfrin.c.
      + CVE-2021-25214
      [Fixed in 1:9.16.15-1]
    - SECURITY UPDATE: assert via answering certain queries for DNAME records
      + debian/patches/CVE-2021-25215.patch: fix assert checks in
        lib/ns/query.c.
      + CVE-2021-25215
      [Fixed in 1:9.16.15-1]
    - SECURITY UPDATE: overflow in BIND's GSSAPI security policy negotiation
      + debian/rules: build with --disable-isc-spnego to disable internal
        SPNEGO and use the one from the kerberos libraries.
      + CVE-2021-25216
      [Fixed in 1:9.16.15-1]

bind9 (1:9.16.15-1) unstable; urgency=high

  * New upstream version 9.16.15 (Closes: #987741, #987742, #987743)
   + CVE-2021-25214: A malformed incoming IXFR transfer could trigger an
     assertion failure in ``named``, causing it to quit abnormally.
   + CVE-2021-25215: ``named`` crashed when a DNAME record placed in the
     ANSWER section during DNAME chasing turned out to be the final
     answer to a client query.
   + CVE-2021-25216: When a server's configuration set the
    ``tkey-gssapi-keytab`` or ``tkey-gssapi-credential`` option, a
    specially crafted GSS-TSIG query could cause a buffer overflow in
    the ISC implementation of SPNEGO (a protocol enabling negotiation of
    the security mechanism used for GSSAPI authentication).
  * Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance

bind9 (1:9.16.13-1) unstable; urgency=medium

  * New upstream version 9.16.13
  * Add upstream patches to fix TCP timeouts firing too early

bind9 (1:9.16.12-3) unstable; urgency=medium

  * Add most important patches from upcoming 9.16.13 release

bind9 (1:9.16.12-2) unstable; urgency=medium

  * Add patch to fix sphinx-build failure on Ubuntu Xenial

bind9 (1:9.16.12-1) unstable; urgency=high

  * New upstream version 9.16.12
   + [CVE-2020-8625]: Fix off-by-one bug in ISC SPNEGO implementation.
     (Closes: #983004)
  * Adjust the bind9-libs and bind9-dev packages for new upstream library
    names

bind9 (1:9.16.11-3) unstable; urgency=medium

  * Split the simple validation test to separate file and mark it as flaky
    (Closes: #976045)

bind9 (1:9.16.11-2) unstable; urgency=medium

  * Cherry-pick upstream commit to fix segfault with named ACLs used in
    allow-update (Closes: #980786)

bind9 (1:9.16.11-1) unstable; urgency=medium

  * Add the ISC code-signing key for 2021-2022
  * New upstream version 9.16.11

bind9 (1:9.16.10-1) unstable; urgency=medium

  * New upstream version 9.16.10

bind9 (1:9.16.9-1) unstable; urgency=medium

  * New upstream version 9.16.9

 -- Athos Ribeiro <email address hidden>  Mon, 12 Jul 2021 20:26:40 -0300

Upload details

Uploaded by:
Athos Ribeiro
Sponsored by:
Christian Ehrhardt 
Uploaded to:
Impish
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
bind9_9.16.15.orig.tar.xz 4.8 MiB 98b6f432d878a7bf8f57eb7b3c28be27278cf6b9989154bfe6c81104b38e7839
bind9_9.16.15.orig.tar.xz.asc 833 bytes 55628031d8c5697707e1f8ad3d8033f72ffb987cdc392d578ec4bc89c968822e
bind9_9.16.15-1ubuntu1.debian.tar.xz 94.0 KiB f138d12560f030e68bb321ae9c17f546d6e1ac399bf6806ee6931c5cb34d59ad
bind9_9.16.15-1ubuntu1.dsc 3.1 KiB 3068fe47ec3bfcdc802f4458046c53266db44a2f8a7373fd1484d0e97f218c4d

View changes file

Binary packages built by this source

bind9: No summary available for bind9 in ubuntu impish.

No description available for bind9 in ubuntu impish.

bind9-dbgsym: No summary available for bind9-dbgsym in ubuntu impish.

No description available for bind9-dbgsym in ubuntu impish.

bind9-dev: No summary available for bind9-dev in ubuntu impish.

No description available for bind9-dev in ubuntu impish.

bind9-dnsutils: No summary available for bind9-dnsutils in ubuntu impish.

No description available for bind9-dnsutils in ubuntu impish.

bind9-dnsutils-dbgsym: No summary available for bind9-dnsutils-dbgsym in ubuntu impish.

No description available for bind9-dnsutils-dbgsym in ubuntu impish.

bind9-doc: No summary available for bind9-doc in ubuntu impish.

No description available for bind9-doc in ubuntu impish.

bind9-host: No summary available for bind9-host in ubuntu impish.

No description available for bind9-host in ubuntu impish.

bind9-host-dbgsym: debug symbols for bind9-host
bind9-libs: Shared Libraries used by BIND 9

 The Berkeley Internet Name Domain (BIND 9) implements an Internet domain
 name server. BIND 9 is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium, www.isc.org.
 .
 This package contains a bundle of shared libraries used by BIND 9.

bind9-libs-dbgsym: debug symbols for bind9-libs
bind9-utils: No summary available for bind9-utils in ubuntu impish.

No description available for bind9-utils in ubuntu impish.

bind9-utils-dbgsym: No summary available for bind9-utils-dbgsym in ubuntu impish.

No description available for bind9-utils-dbgsym in ubuntu impish.

bind9utils: No summary available for bind9utils in ubuntu impish.

No description available for bind9utils in ubuntu impish.

dnsutils: Transitional package for bind9-dnsutils

 This is a transitional package. It can safely be removed.