Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@tracker.debian.org>;
Reported by: Kurt Roeckx <kurt@roeckx.be>
Date: Fri, 24 Jun 2016 19:06:01 UTC
Severity: serious
Tags: fixed-upstream, patch, sid, stretch
Found in version bind9/9.10.3.dfsg.P4-10
Fixed in versions bind9/1:9.10.4-P5-1, bind9/1:9.10.3.dfsg.P4-11
Done: Michael Gilbert <mgilbert@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#828082; Package src:bind9.
(Fri, 24 Jun 2016 19:06:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Kurt Roeckx <kurt@roeckx.be>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>.
(Fri, 24 Jun 2016 19:06:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: bind9 Version: 9.10.3.dfsg.P4-10 Severity: important Control: block 827061 by -1 Hi, Your package is failing to build with openss 1.1: checking for OpenSSL library... no yes checking for using OpenSSL for hash functions... no [...] checking for OpenSSL library... using OpenSSL from /usr/lib and /usr/include checking whether linking with OpenSSL works... yes [...] configure: error: OpenSSL has unsupported dynamic loading no [...] BIND 9 is being built without cryptography support. This means it will not have DNSSEC support. Use --with-openssl, or --with-pkcs11 and --enable-native-pkcs11 to enable cryptography. Kurt
Added indication that bug 828082 blocks 827061
Request was from Kurt Roeckx <kurt@roeckx.be>
to submit@bugs.debian.org.
(Fri, 24 Jun 2016 19:06:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#828082; Package src:bind9.
(Wed, 31 Aug 2016 22:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Wed, 31 Aug 2016 22:09:04 GMT) (full text, mbox, link).
Message #12 received at 828082@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi, Here is a patch that I think should solve the issue. There appears to be same weird things going on related to native pkcs11 support that I can't figure out. Patches get applied at various stages during the build and some fail to apply. It properly detects OpenSSL but then says it's disabled. I have no idea what is going on. But I believe my patch does the right thing. Kurt
[76_openssl_1.1.0.diff (text/x-diff, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#828082; Package src:bind9.
(Wed, 31 Aug 2016 22:24:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Wed, 31 Aug 2016 22:24:11 GMT) (full text, mbox, link).
Message #17 received at 828082@bugs.debian.org (full text, mbox, reply):
On Thu, Sep 01, 2016 at 12:07:07AM +0200, Kurt Roeckx wrote: > Hi, > > Here is a patch that I think should solve the issue. The patch was also send upstream. Kurt
Added tag(s) patch.
Request was from kurt@roeckx.be (Kurt Roeckx)
to control@bugs.debian.org.
(Wed, 31 Aug 2016 22:24:13 GMT) (full text, mbox, link).
Severity set to 'serious' from 'important'
Request was from Kurt Roeckx <kurt@roeckx.be>
to control@bugs.debian.org.
(Wed, 26 Oct 2016 17:56:51 GMT) (full text, mbox, link).
Added tag(s) stretch and sid.
Request was from Andreas Beckmann <anbe@debian.org>
to control@bugs.debian.org.
(Wed, 26 Oct 2016 22:24:46 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from kurt@roeckx.be (Kurt Roeckx)
to control@bugs.debian.org.
(Sat, 19 Nov 2016 15:39:02 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#828082; Package src:bind9.
(Fri, 13 Jan 2017 18:33:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Bernhard Schmidt <berni@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Fri, 13 Jan 2017 18:33:05 GMT) (full text, mbox, link).
Message #30 received at 828082@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi, > Your package is failing to build with openss 1.1: > checking for OpenSSL library... no > yes > checking for using OpenSSL for hash functions... no > [...] > checking for OpenSSL library... using OpenSSL from /usr/lib and /usr/include > checking whether linking with OpenSSL works... yes > [...] > configure: error: OpenSSL has unsupported dynamic loading > no > [...] > BIND 9 is being built without cryptography support. This means it will > not have DNSSEC support. Use --with-openssl, or --with-pkcs11 and > --enable-native-pkcs11 to enable cryptography. src:bind9 still fails to rebuild in unstable. I understand that you would not want to import a large patch for this, so please switch build-deps to libssl1.0-dev for stretch. Patch attached (libssl-dev kept as alternative for easier backporting) Bernhard
[bind9-libssl10.patch (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#828082; Package src:bind9.
(Fri, 13 Jan 2017 21:36:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Fri, 13 Jan 2017 21:36:06 GMT) (full text, mbox, link).
Message #35 received at 828082@bugs.debian.org (full text, mbox, reply):
On Fri, Jan 13, 2017 at 07:31:03PM +0100, Bernhard Schmidt wrote: > Hi, > > > Your package is failing to build with openss 1.1: > > checking for OpenSSL library... no > > yes > > checking for using OpenSSL for hash functions... no > > [...] > > checking for OpenSSL library... using OpenSSL from /usr/lib and /usr/include > > checking whether linking with OpenSSL works... yes > > [...] > > configure: error: OpenSSL has unsupported dynamic loading > > no > > [...] > > BIND 9 is being built without cryptography support. This means it will > > not have DNSSEC support. Use --with-openssl, or --with-pkcs11 and > > --enable-native-pkcs11 to enable cryptography. > > src:bind9 still fails to rebuild in unstable. I understand that you > would not want to import a large patch for this, so please switch > build-deps to libssl1.0-dev for stretch. Upstream has actually added a patch for this already in the stable branch as far as I know, so I expect this to actually have been fixed in 9.10.4-P5. That being set, it's not using libssl, so either solution is fine for me. Kurt
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#828082; Package src:bind9.
(Sun, 15 Jan 2017 08:51:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Sun, 15 Jan 2017 08:51:06 GMT) (full text, mbox, link).
Message #40 received at 828082@bugs.debian.org (full text, mbox, reply):
On Fri, Jan 13, 2017 at 4 > Upstream has actually added a patch for this already in the stable > branch as far as I know, so I expect this to actually have been > fixed in 9.10.4-P5. I worked on this today, their patch is not applied in -P5, so I'll be uploading a version with Bernhard's suggestion. Best wishes, Mike
Message sent on
to Kurt Roeckx <kurt@roeckx.be>:
Bug#828082.
(Sun, 15 Jan 2017 08:51:08 GMT) (full text, mbox, link).
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Tue, 17 Jan 2017 15:03:17 GMT) (full text, mbox, link).
Notification sent
to Kurt Roeckx <kurt@roeckx.be>:
Bug acknowledged by developer.
(Tue, 17 Jan 2017 15:03:18 GMT) (full text, mbox, link).
Message #48 received at 828082-close@bugs.debian.org (full text, mbox, reply):
Source: bind9
Source-Version: 1:9.10.4-P5-1
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 828082@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 15 Jan 2017 06:04:12 +0000
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 libdns165 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils lwresd libbind-export-dev libdns-export165 libdns-export165-udeb libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 libirs-export141-udeb
Architecture: source amd64 all
Version: 1:9.10.4-P5-1
Distribution: experimental
Urgency: medium
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
host - Transitional package
libbind-dev - Static Libraries and Headers used by BIND
libbind-export-dev - Development files for the exported BIND libraries
libbind9-140 - BIND9 Shared Library used by BIND
libdns-export165 - Exported DNS Shared Library
libdns-export165-udeb - Exported DNS library for debian-installer (udeb)
libdns165 - DNS Shared Library used by BIND
libirs-export141 - Exported IRS Shared Library
libirs-export141-udeb - Exported IRS library for debian-installer (udeb)
libirs141 - DNS Shared Library used by BIND
libisc-export160 - Exported ISC Shared Library
libisc-export160-udeb - Exported ISC library for debian-installer (udeb)
libisc160 - ISC Shared Library used by BIND
libisccc-export140 - Command Channel Library used by BIND
libisccc-export140-udeb - Command Channel Library used by BIND (udeb)
libisccc140 - Command Channel Library used by BIND
libisccfg-export140 - Exported ISC CFG Shared Library
libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb)
libisccfg140 - Config File Handling Library used by BIND
liblwres141 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Closes: 828082 830810 831796 839010 842858 851062 851063 851065
Changes:
bind9 (1:9.10.4-P5-1) experimental; urgency=medium
.
* New upstream: 9.10.4-P5
- Fixes CVE-2016-2775: crash in lwresd due to a long query name
(closes: #831796).
- Fixes CVE-2016-2776: maliciously crafted query can cause named to crash
(closes: #839010).
- Fixes CVE-2016-6170: improper zone size limits (closes: #830810).
- Fixes CVE-2016-8864: incorrect handling of a DNAME record can cause
named to crash (closes: #842858).
- Fixes CVE-2016-9131: maliciously crafted response to an ANY query can
cause named to crash (closes: #851065).
- Fixes CVE-2016-9147: query with contradictory DNSSEC information can
cause named to crash (closes: #851063).
- Fixes CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS)
record can cause named to crash (closes: #851062).
* Openssl 1.1 is not yet supported, so build with openssl 1.0 for now
(closes: #828082).
* Update debian/copyright to format 1.0.
* Add upstream signing key.
Checksums-Sha1:
951ef7719896f2e0ab0f76f2b65cc33fb7da902d 4394 bind9_9.10.4-P5-1.dsc
3d6ddef3d0f8480c6bd462fb63064a6e362b864a 9247565 bind9_9.10.4-P5.orig.tar.gz
49f9a9c92a2919596fcb77548a659987a6496f9f 71688 bind9_9.10.4-P5-1.debian.tar.xz
301ee8884b19407803ae26df86113fcaec48cd54 1523414 bind9-dbgsym_9.10.4-P5-1_amd64.deb
507749c00c7bb7369592b95d047af8902be67490 386008 bind9-doc_9.10.4-P5-1_all.deb
85e8595094bf0440f39fb0bc44b1bb8960324fb1 88342 bind9-host-dbgsym_9.10.4-P5-1_amd64.deb
053a25058aeda39bb18a855d428c930887dc3f2b 234900 bind9-host_9.10.4-P5-1_amd64.deb
4fa3adfc750e9ce4cf9ac290dab0592c29ea5b21 18357 bind9_9.10.4-P5-1_amd64.buildinfo
fb87eb8c21ce11d1b02a1bde704b5079cd358809 557382 bind9_9.10.4-P5-1_amd64.deb
40890e94b932eb91669c8835b5041e6922ab1895 894936 bind9utils-dbgsym_9.10.4-P5-1_amd64.deb
a9a39c110158e867dc6f3a91fd33acb98c2554e2 382884 bind9utils_9.10.4-P5-1_amd64.deb
b213ddd07e77472329ed7b25c1a456d023381aaa 240166 dnsutils-dbgsym_9.10.4-P5-1_amd64.deb
011d3cf8de05e8ec9a79e6c8846910cdf5a0075f 288670 dnsutils_9.10.4-P5-1_amd64.deb
8d1fa4f64dabc00f4034f3d2a2ff32c541d6e2ea 188490 host_9.10.4-P5-1_all.deb
861b857b8fecba3594f75397d6bc209848204fa5 1589596 libbind-dev_9.10.4-P5-1_amd64.deb
1a95ae8e2f6ddd32eadd9460cff8ca0907366ac4 1430980 libbind-export-dev_9.10.4-P5-1_amd64.deb
085ef93e44dfe458d0174a4d700680905da3b774 49594 libbind9-140-dbgsym_9.10.4-P5-1_amd64.deb
85aa0c8945c75fa7227e5dfd7f81871220821378 209856 libbind9-140_9.10.4-P5-1_amd64.deb
e1b5d1ad570a8d1dfe02c094187e4d92dbce213f 2037162 libdns-export165-dbgsym_9.10.4-P5-1_amd64.deb
d628100da309421d9ef0caa28d9c9f4ddbb5dca7 677488 libdns-export165-udeb_9.10.4-P5-1_amd64.udeb
1f9035be411123fae46f0b1f5269ed8f2e89c8f6 864084 libdns-export165_9.10.4-P5-1_amd64.deb
c5743677721c86838301d41063ab958920e819b3 4523926 libdns165-dbgsym_9.10.4-P5-1_amd64.deb
d826e1d4801074999e92d999982e87dc2fcafedf 1097836 libdns165_9.10.4-P5-1_amd64.deb
3f4965b6284f3a4fbd41893f65b60f64f1af5012 52468 libirs-export141-dbgsym_9.10.4-P5-1_amd64.deb
47163f98a4ab67fad7ea53a66a4af95ad67508ae 15022 libirs-export141-udeb_9.10.4-P5-1_amd64.udeb
b38d4ab3fee213d75988f2838f929fdf3497d60c 203088 libirs-export141_9.10.4-P5-1_amd64.deb
966f8f451938f278fd1450c8c04a7aefbbfbfa57 54948 libirs141-dbgsym_9.10.4-P5-1_amd64.deb
fafb9da8c7dcefd8cb88cef9a21e8a2a6d0dbccd 203580 libirs141_9.10.4-P5-1_amd64.deb
69b5a754a9ff0528524b5cfd149a99c62d2f71e8 365596 libisc-export160-dbgsym_9.10.4-P5-1_amd64.deb
ffc66c031841c37c8c811dd16d5a5b20cd0e2643 151850 libisc-export160-udeb_9.10.4-P5-1_amd64.udeb
b872943b24ae4bf998fc3ba9c443d312ad5c7c67 339714 libisc-export160_9.10.4-P5-1_amd64.deb
20ae0040b249f9b5c2db1458e16ea5e9eb666a87 838052 libisc160-dbgsym_9.10.4-P5-1_amd64.deb
e32f028ea207a461d799c54a1f53df77f54a7072 403318 libisc160_9.10.4-P5-1_amd64.deb
2f96d2768f482ce7f39f5c042b6dd1571bf2d0eb 35040 libisccc-export140-dbgsym_9.10.4-P5-1_amd64.deb
2ac2ec33601191ec9f5ed83b67f033fb3090bba8 13752 libisccc-export140-udeb_9.10.4-P5-1_amd64.udeb
57b0feb5d9496e4b4dbc3e5c07f61d2170fd56d5 201676 libisccc-export140_9.10.4-P5-1_amd64.deb
18753b6c5af272825f7892991c4b34a7ac8cfbbf 36030 libisccc140-dbgsym_9.10.4-P5-1_amd64.deb
4f63e15adbba35fca4fb77812ede9a5c3cce0289 201828 libisccc140_9.10.4-P5-1_amd64.deb
5c527f2208970961e5c6676fe4a60cb3a27879c1 76838 libisccfg-export140-dbgsym_9.10.4-P5-1_amd64.deb
2945a88b80f33ec8b4e38c24fc1348f21f0d1cd7 36900 libisccfg-export140-udeb_9.10.4-P5-1_amd64.udeb
4ec374f54fd99d99794d0531392ff8ab08bab2ee 224664 libisccfg-export140_9.10.4-P5-1_amd64.deb
6f0f7672b859132e3dca8eda34f90fe8a7eefc3d 84608 libisccfg140-dbgsym_9.10.4-P5-1_amd64.deb
e07e7b00f0d6d5e0fa37464ef23456affbea8090 226588 libisccfg140_9.10.4-P5-1_amd64.deb
9e6910740a949995c040f577a091327608250dfb 80830 liblwres141-dbgsym_9.10.4-P5-1_amd64.deb
7951fea7053fac31cf268b0e9ab9450eefbee80e 217624 liblwres141_9.10.4-P5-1_amd64.deb
d637d2313da78dfd31c05ac8a58531bbfb78ba4e 710170 lwresd-dbgsym_9.10.4-P5-1_amd64.deb
314d280b39f2d2edefc32bf16143183b73e72f89 412046 lwresd_9.10.4-P5-1_amd64.deb
Checksums-Sha256:
d14c9a98e3c995d7af6587d6e0d1c59f69ce766a0bb88f70c61a7b12ad94d77c 4394 bind9_9.10.4-P5-1.dsc
334c6de6588e115b7b584fff9f318a0f1a9f419a645f4e4798029bbdbdbb3709 9247565 bind9_9.10.4-P5.orig.tar.gz
58d1abd7047875a165d5ab8c5bc6e399f76400ad301ebf1d33436cfde25e8a8d 71688 bind9_9.10.4-P5-1.debian.tar.xz
8e897c486f40a144e2d91836c6aef6a338251e4b0736a3f5a671fb345e44ac35 1523414 bind9-dbgsym_9.10.4-P5-1_amd64.deb
55f69d15cbcf7dd41287eb1c1ec6e7dcc2eb616efc00683a0294e7baa5798782 386008 bind9-doc_9.10.4-P5-1_all.deb
0ad4273e9f23f6acbd216f199731b5fa6b4f6829602615a74e9cacdaf115e794 88342 bind9-host-dbgsym_9.10.4-P5-1_amd64.deb
baf1ee72a6d4cb494a72062a30d0cca2f9548740ccb970497acc42b3d3b0041e 234900 bind9-host_9.10.4-P5-1_amd64.deb
7f3b41413ffa8e3bf92e926d810288f2c4fd02d512bbfad9ff298e454524158f 18357 bind9_9.10.4-P5-1_amd64.buildinfo
119ca5791e97daf54b1001fea129de3be5cae2a125e0af440432663af5cb7069 557382 bind9_9.10.4-P5-1_amd64.deb
6cae7d8eeb143d52e2d0005d9a152e4d0c1d6c13bd6da90ecdb62e09b79b3b69 894936 bind9utils-dbgsym_9.10.4-P5-1_amd64.deb
83f9df5f709e0ebfa417ad0dc0598f9782ffd1e0a38d919e30cc4ed0302ea657 382884 bind9utils_9.10.4-P5-1_amd64.deb
cd9bbcf737a5411019b05b4aeb81d87c8a794687de6536e48185695ccc843d7e 240166 dnsutils-dbgsym_9.10.4-P5-1_amd64.deb
254dbb7be3d2cb7ce7514bcd02900af19dbfcd5fc88f7a139ab52037a18cb13e 288670 dnsutils_9.10.4-P5-1_amd64.deb
b88cdc91811b1baeb13d9409794b4b4a09e93b864f43df7fdf4b12ca4930ecbb 188490 host_9.10.4-P5-1_all.deb
5249c4eb5a983a7c602a2f995df7b5d802e8788e4ece0d079bcf0a0686bdbd8f 1589596 libbind-dev_9.10.4-P5-1_amd64.deb
dfab1c91f81e5d3ef838d904bd470f7cb01ab2fc9aba978286158f251c799ca2 1430980 libbind-export-dev_9.10.4-P5-1_amd64.deb
ddfdce5aafed53c1f45ff03b41068b9a4143875d79759af1222aac5534753364 49594 libbind9-140-dbgsym_9.10.4-P5-1_amd64.deb
76deda7607c602f9c649270676e28478e662ce0cff55662b740494c223da0701 209856 libbind9-140_9.10.4-P5-1_amd64.deb
3b7fc298703fdf46dffcb774142297d2a051da3c161b172d8b13190a998e03a4 2037162 libdns-export165-dbgsym_9.10.4-P5-1_amd64.deb
a598ed95793edd872803e5e77d19d19dce8a95ea599be3d760996b70dede6dc9 677488 libdns-export165-udeb_9.10.4-P5-1_amd64.udeb
98af007d22ca5e641823a9716505d6bfe411585b2467bdfcb422a5ffe19c3465 864084 libdns-export165_9.10.4-P5-1_amd64.deb
1b3724ad0703d89f166fe431a2201fcc7d3befd135de1352e0176cda6ac61bd6 4523926 libdns165-dbgsym_9.10.4-P5-1_amd64.deb
1cb0c1334127d19c5aa8989ac5644eddaf6aadad34b8f9521a73775da16de5ef 1097836 libdns165_9.10.4-P5-1_amd64.deb
47f145b3d06b0c4cc558fb23a0e7af059ac6f72918ee36a3da2c6e572611d286 52468 libirs-export141-dbgsym_9.10.4-P5-1_amd64.deb
a7ac57d1208a074a15bcd870caf25b25cb31312bc6d2facb55b11a454e5dbb85 15022 libirs-export141-udeb_9.10.4-P5-1_amd64.udeb
1a8bd53b5bf959eccb07f36cbc3b4d504fcc881f787f46f568a46c1343bdfa38 203088 libirs-export141_9.10.4-P5-1_amd64.deb
7dabcc27382149c67427aaa2bfe96d496025a7fba3a6b9d9cbb13e993484ca73 54948 libirs141-dbgsym_9.10.4-P5-1_amd64.deb
c339595c6dc3d2fe3693bf221ef17d2cc9aa441ad3e9140278a6740991412c46 203580 libirs141_9.10.4-P5-1_amd64.deb
4574ce113f87ca16d9b137c29d122277f098dbc548a05cbc6960d51585240cd5 365596 libisc-export160-dbgsym_9.10.4-P5-1_amd64.deb
45671fd193d4c926c1f9a10a4462d265a3c6b423ed7fea86811e111b72da496f 151850 libisc-export160-udeb_9.10.4-P5-1_amd64.udeb
5d59363bf3a7f53b3595e7819fb641d2f9c3636cb33bdaf7ac81de848f93ba3d 339714 libisc-export160_9.10.4-P5-1_amd64.deb
2354b6660a02c6c9e71aa85ac4de469290e149171d8e96d32bc9ea14b30baeaa 838052 libisc160-dbgsym_9.10.4-P5-1_amd64.deb
b53c6144fe9c004468f650e3695097951bd28e7bf81a85e2f77110d002a66525 403318 libisc160_9.10.4-P5-1_amd64.deb
733a1091969da47fa086b381f21c52e9fcd00af7dd5c1546c3b066e5ee25f6ec 35040 libisccc-export140-dbgsym_9.10.4-P5-1_amd64.deb
fddb8983ad5379d5f6c73000a250660eb26a079faf61c4b32f85b46ea2243b14 13752 libisccc-export140-udeb_9.10.4-P5-1_amd64.udeb
346c04654b17fcebbae95a4b6922e6262fb4ba11a184eddf05654b160a7162e2 201676 libisccc-export140_9.10.4-P5-1_amd64.deb
25c803b51d7aff6143579994fcbc5847e0357eb4500614c88ad9d48cfb18db91 36030 libisccc140-dbgsym_9.10.4-P5-1_amd64.deb
f34058da50675307f30f8046af5f37afc5fbfc6353c9341e473f7e04bda66ac1 201828 libisccc140_9.10.4-P5-1_amd64.deb
7ada91b720a50fecb8328fbd223709964ba7af572a6f0667cb859fd58153f0c1 76838 libisccfg-export140-dbgsym_9.10.4-P5-1_amd64.deb
ae049905e94cc8a5ea679b091f85e9ea550e27d0c301fba36e8fc9f1535cdc18 36900 libisccfg-export140-udeb_9.10.4-P5-1_amd64.udeb
c4993d092d0c6324cbceede0b4f7b504a49a280ff224c67829462648e0b4548b 224664 libisccfg-export140_9.10.4-P5-1_amd64.deb
edea69b5d37b6f8e742dd5f1151c777e6fea62046db1d042e338088d3f0822cf 84608 libisccfg140-dbgsym_9.10.4-P5-1_amd64.deb
e9d51c6be50c411194baed91045e6fa68f7def2125b9063d0645d16ce2b8e6b0 226588 libisccfg140_9.10.4-P5-1_amd64.deb
7a5e565d5cfea1f27642f0c51e165c1d2d177116e4a6be4673e6bf73360ac8ef 80830 liblwres141-dbgsym_9.10.4-P5-1_amd64.deb
83435f9a3fe4d3dedcc5e601828a112d2335b73c6e983bb01c855243887d5c8c 217624 liblwres141_9.10.4-P5-1_amd64.deb
0e2bee22819992d67b6f4bd8c0361676f93fb5eb175e53b9f7fa98b9e7245fd5 710170 lwresd-dbgsym_9.10.4-P5-1_amd64.deb
aeff45d0b360739436357ae41b825bfecac7c5d4c3e0435a9205260f8a73282f 412046 lwresd_9.10.4-P5-1_amd64.deb
Files:
b564233ac8d3f0381cd7e18c28593f4e 4394 net optional bind9_9.10.4-P5-1.dsc
2e92300b570f2063e775a847450ed088 9247565 net optional bind9_9.10.4-P5.orig.tar.gz
2ca4ab0d2cf2975e202ce69d9ef28fd2 71688 net optional bind9_9.10.4-P5-1.debian.tar.xz
e9a4928e91b96f46c09f0621efaf89b8 1523414 debug extra bind9-dbgsym_9.10.4-P5-1_amd64.deb
f2110d0fc907b99623678731fde581a6 386008 doc optional bind9-doc_9.10.4-P5-1_all.deb
0deef1462435bdde4a7a178508878ca2 88342 debug extra bind9-host-dbgsym_9.10.4-P5-1_amd64.deb
98a8a9aa9f3e854ec0a96d65238d3720 234900 net standard bind9-host_9.10.4-P5-1_amd64.deb
cb84dd775b2ffd27f331e1ba7e6e6fcf 18357 net optional bind9_9.10.4-P5-1_amd64.buildinfo
02555ec22fd757aa1fc2cce4d4ec49ad 557382 net optional bind9_9.10.4-P5-1_amd64.deb
8285839188a22c6264ca3d6f97284fe3 894936 debug extra bind9utils-dbgsym_9.10.4-P5-1_amd64.deb
57d3815a92149aa37689da9de0e92c45 382884 net optional bind9utils_9.10.4-P5-1_amd64.deb
249698123dcbc0b37602788c88faaad9 240166 debug extra dnsutils-dbgsym_9.10.4-P5-1_amd64.deb
dfb5605e7725a742e921d95fc01c9f71 288670 net standard dnsutils_9.10.4-P5-1_amd64.deb
8de02ab1797cab49671e63d4bd2ff725 188490 net standard host_9.10.4-P5-1_all.deb
c1b4a0f7ce5c98ee667b4f478d3ef6ac 1589596 libdevel optional libbind-dev_9.10.4-P5-1_amd64.deb
9ca589d5715d2b76a5e3d85d71c7bc08 1430980 libdevel optional libbind-export-dev_9.10.4-P5-1_amd64.deb
8b40887efb269a073791b1bc8912aff3 49594 debug extra libbind9-140-dbgsym_9.10.4-P5-1_amd64.deb
399e2dfa969b27dcf9e511f265f5551f 209856 libs standard libbind9-140_9.10.4-P5-1_amd64.deb
4b9f4624b2f8b5d57bcecd1336be9686 2037162 debug extra libdns-export165-dbgsym_9.10.4-P5-1_amd64.deb
e19e330e725bb873ab095496c94a3192 677488 debian-installer optional libdns-export165-udeb_9.10.4-P5-1_amd64.udeb
9cfc8b4a90768f715c7d7c19b3a94502 864084 libs optional libdns-export165_9.10.4-P5-1_amd64.deb
c360b969652809c86d57ab8383f74989 4523926 debug extra libdns165-dbgsym_9.10.4-P5-1_amd64.deb
e9de745a036d2e301c37c8cfedc41dd0 1097836 libs standard libdns165_9.10.4-P5-1_amd64.deb
98940551be6047efae2782266ffdf374 52468 debug extra libirs-export141-dbgsym_9.10.4-P5-1_amd64.deb
db3a452c6f61c2bb41bdf049d4d776da 15022 debian-installer optional libirs-export141-udeb_9.10.4-P5-1_amd64.udeb
690dafeba3736a13adea99bc1ea4bfc2 203088 libs optional libirs-export141_9.10.4-P5-1_amd64.deb
22778bd4634982209c48799c24a61615 54948 debug extra libirs141-dbgsym_9.10.4-P5-1_amd64.deb
90e99115f82e17d0693a91b06576e1db 203580 libs standard libirs141_9.10.4-P5-1_amd64.deb
2cb7b276ed65fad4ef1bd350a32f6b46 365596 debug extra libisc-export160-dbgsym_9.10.4-P5-1_amd64.deb
bab940192b044c47a72d7d1e9da9ff73 151850 debian-installer optional libisc-export160-udeb_9.10.4-P5-1_amd64.udeb
c5c97cafd7c216c64b9866fa0d016c98 339714 libs optional libisc-export160_9.10.4-P5-1_amd64.deb
593b9415082bac6c8ff526daf1e4252f 838052 debug extra libisc160-dbgsym_9.10.4-P5-1_amd64.deb
dfc07886f17f6124a0c5e460ecb5557d 403318 libs standard libisc160_9.10.4-P5-1_amd64.deb
1e2b2a678c42d62b6cce7d0e0430fc5a 35040 debug extra libisccc-export140-dbgsym_9.10.4-P5-1_amd64.deb
aeb763de02159202f2333cac7948717d 13752 libs optional libisccc-export140-udeb_9.10.4-P5-1_amd64.udeb
2ee7e3a262a3b8268da37c0d5531d095 201676 libs optional libisccc-export140_9.10.4-P5-1_amd64.deb
e77979ed594f552580226afc934cee90 36030 debug extra libisccc140-dbgsym_9.10.4-P5-1_amd64.deb
997c70bda5e4d80866485276052a3cb3 201828 libs optional libisccc140_9.10.4-P5-1_amd64.deb
6bd8817bd3324e87c1f0e6e92b5a7760 76838 debug extra libisccfg-export140-dbgsym_9.10.4-P5-1_amd64.deb
3dd2f08983333acabc013af7db68831f 36900 debian-installer optional libisccfg-export140-udeb_9.10.4-P5-1_amd64.udeb
05f8a85a4d5bb63e99c3365b6a5d62b1 224664 libs optional libisccfg-export140_9.10.4-P5-1_amd64.deb
ab3857fc4d86055c36c7dfb55a61b339 84608 debug extra libisccfg140-dbgsym_9.10.4-P5-1_amd64.deb
3df88c6d4572610d04a54e56af298576 226588 libs standard libisccfg140_9.10.4-P5-1_amd64.deb
fab0b9ae381b6c190d565ed0b3f09615 80830 debug extra liblwres141-dbgsym_9.10.4-P5-1_amd64.deb
85e61b3f89836d9ccddd93639b0b136d 217624 libs standard liblwres141_9.10.4-P5-1_amd64.deb
a04074b2926afabfa480ab3cc48f9a0c 710170 debug extra lwresd-dbgsym_9.10.4-P5-1_amd64.deb
befe35eac663e99249c765ee5db015e8 412046 net optional lwresd_9.10.4-P5-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlh7OtAACgkQuNayzQLW
9HPWJyAAioJ5PtiFLAsRBPdibUkiqwEhPmvxaKIqeOW7BdQHcECC+nbdDijS4k5H
BP+3d0sd0adFicnzM5KNGaoQgnAfQHjx+K0Umf9SxHP0+Q7nW/RX/7PAoYYRmNmw
eI187nwQBexVtnCnzaz0/B/rB9YZoS4hU/US329zUEyubCtS5a3D3TL9+P2OLVKe
QjzMf131D03IYd9c9t280gy0NbhrHnjoOm0gMxMWuHZLl7tF9HAEu+tkAI6FUmkq
WU8bv1vcM7+kGzQd5zNWhBreofVHuO3t9BMkWnRgu2+PAAE04PDTVWT6O1GmrTnI
9xoi/tKe++Nl253FcoKQfUC2V+ohu8oQ2kFMZhCwURs5vMPjBNeINbm7YgtoioaL
RS+eSEnuygxuORcfOm8p8kFA18uA8vI9P8oo3ZaOo4CF6/WfA6A5bs1aLE79X1aJ
Lhwbz805s1y57rr4Xu01inwZk+AI/Jogp3C7EEUNXrjerr8Ial1vqEvz/OXR0ch9
Oiyc+1LI4sJ7WB00Qf/LqlllVF6fSQNndrapjJIhEU5Luk8EBt03brvR5W/LnUHo
5txgMEL60DLK6Lt4xQueGYJhofpPRv/1QBumnlYB0mTT86XsUoM5q10JTAxg9fuw
x9TMqrK8yzL9AiSlvqpXq5lv6vc+CcC0RjCgjAnXeKYIXibZeZ38zV5VrhDdu37p
6e9Y65V7mfvBH1YVQpbvf3gcxnqCyIeOgVGBWji7BpCpwmqjm6Ys5wpuGgW8JzWa
y5VDPsaydKQuVHReFsUVG9KI5L/3O3MbKxGrseMcVRecXXV1UvEXi6B/HmLhdgpK
hXciopjOEmH90qxwL+c/1lochXrLTytDFo2jOdliPonwvQhMmzudhbNx3pPgL4R6
ePst9O8b3yC+8+T7ExoZLZQO05f79j7+H2DHYKbuWXDCf/PkY1a7tvvHNlp5lKzh
Vtiv+7H97nGLh4A7HEd02xALcwNTJk0IKc4cKz1Tgc4SWleTW3rpqdDG6KP5NjlR
z32v5HnuLCcQwy77ka60pnMn22z2d296khZ22fWV38ZcJ34L3lYgLnmcJdVOwizk
TmzbeS+SlIEJAPRtT5xS6+wVGwxWdqn0fDip76HM8eWfJ2zbvmzWtZF06yqCNtpO
FcZ5+xOn12C4USZmircrIgu5PnHie7ui0rowi8zELpG7rsmYYdPCDuYHaTPKRoLv
yKWJPA1CSKznC6bHGzi8GZPS3x5Hy6CKHzC/XlzsZg2yIcKeGEYFdbZ9vDetCKnT
NlNR8TDioJ2SKN6rcSorS1S4vCmzQziQ6sW5fwE+/kHt8qFKHazHM9pYkmC9DU2P
O+ibMLYQBTkfypWFyPvCuClnkGWbCQ==
=/Tyq
-----END PGP SIGNATURE-----
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Sun, 22 Jan 2017 07:36:03 GMT) (full text, mbox, link).
Notification sent
to Kurt Roeckx <kurt@roeckx.be>:
Bug acknowledged by developer.
(Sun, 22 Jan 2017 07:36:03 GMT) (full text, mbox, link).
Message #53 received at 828082-close@bugs.debian.org (full text, mbox, reply):
Source: bind9
Source-Version: 1:9.10.3.dfsg.P4-11
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 828082@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 19 Jan 2017 04:03:28 +0000
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 libdns162 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils lwresd libbind-export-dev libdns-export162 libdns-export162-udeb libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 libirs-export141-udeb
Architecture: source
Version: 1:9.10.3.dfsg.P4-11
Distribution: unstable
Urgency: medium
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
host - Transitional package
libbind-dev - Static Libraries and Headers used by BIND
libbind-export-dev - Development files for the exported BIND libraries
libbind9-140 - BIND9 Shared Library used by BIND
libdns-export162 - Exported DNS Shared Library
libdns-export162-udeb - Exported DNS library for debian-installer (udeb)
libdns162 - DNS Shared Library used by BIND
libirs-export141 - Exported IRS Shared Library
libirs-export141-udeb - Exported IRS library for debian-installer (udeb)
libirs141 - DNS Shared Library used by BIND
libisc-export160 - Exported ISC Shared Library
libisc-export160-udeb - Exported ISC library for debian-installer (udeb)
libisc160 - ISC Shared Library used by BIND
libisccc-export140 - Command Channel Library used by BIND
libisccc-export140-udeb - Command Channel Library used by BIND (udeb)
libisccc140 - Command Channel Library used by BIND
libisccfg-export140 - Exported ISC CFG Shared Library
libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb)
libisccfg140 - Config File Handling Library used by BIND
liblwres141 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Closes: 828082 831796 839010 842858 848519 851062 851063 851065
Changes:
bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium
.
* Fix some lintian warnings.
* Add lsb-base dependency to lwresd (closes: #848519).
* Fix CVE-2016-2775: crash in lwresd due to a long query name
(closes: #831796).
* Fix CVE-2016-2776: maliciously crafted query can cause named to crash
(closes: #839010).
* Fix CVE-2016-8864: incorrect handling of a DNAME record can cause
named to crash (closes: #842858).
* Fix CVE-2016-9131: maliciously crafted response to an ANY query can
cause named to crash (closes: #851065).
* Fix CVE-2016-9147: query with contradictory DNSSEC information can
cause named to crash (closes: #851063).
* Fix CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS)
record can cause named to crash (closes: #851062).
* Openssl 1.1 is not yet supported, so build with openssl 1.0 for now
(closes: #828082).
.
[ LaMont Jones ]
* Update VCS fields in control.
* -DDIG_SIGCHASE got dropped by the change in hardening.
.
[ Stefan Bader ]
* Use the defaults file in systemd.
Checksums-Sha1:
ab07401804633455b7306f1e1339ba5ea4fd3e49 4445 bind9_9.10.3.dfsg.P4-11.dsc
4b7a849cd74c4fe16a10086c5bf20851f1929e2f 72400 bind9_9.10.3.dfsg.P4-11.debian.tar.xz
Checksums-Sha256:
1b88dbe9dadc24cc929cd918a800d5d459f46cac6cbdb4d27e4d79c04ab04cec 4445 bind9_9.10.3.dfsg.P4-11.dsc
057d64b8e6c6461186cba1aaae20ffe48d38642d2dedd08973055051e2cd823c 72400 bind9_9.10.3.dfsg.P4-11.debian.tar.xz
Files:
f46552b04e1d0f460ca47311eb7630f7 4445 net optional bind9_9.10.3.dfsg.P4-11.dsc
8922bc6f78cac01f0eb01bff879e5bac 72400 net optional bind9_9.10.3.dfsg.P4-11.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAliEXHQACgkQuNayzQLW
9HNQ8yAAgoz2iojLTstzL0j6cV5SYchsP4kgrMRzYmtZNo6B08g0gQYvtW8DTZqK
fELXm7owiA2Becw5fup28bMHWh/LtscPRlZtLp+43RoiulLSpFideGbvMAgbUMWc
+okm5x842vZ36SQvPUA3T163dLL4DzIOWQI41aJC2B0+0oScghJhmRwpQQNXuup5
ZHbgR7nHn1aex37gLsckuHrqRbZ8U9FmF/vZIzKr8zqR5Uga8S1BneTQpkW8HBv3
8AMCmgxeKk7PY0lrBiEAfEL+r39x/vP0DIP6huJ/QaIpH7S/WbK7xXx2AsZG2p+h
fuSppUMxfcb07cBNB+zJ+QII+S9I2eNJFFqe+qH8eSkh3DdXoe8EmXnLf7FF/Cew
2NfGHzfz/2WQPkdkkO0Z+m+BrGNeqM9nD2m16StV6wK4/7u8Mwi/d4eJ+0hJ7D7S
SafFK83IZbgJoHg5xyqHOM9j8q0VL52/As+VLtbUd5qaF3B8sgzrITp/Dkn2ZYvW
VkAsGyuN8l+VQktNIP6h1AsW5UzHTv/o7O55hjzydJDGYL1ROt17ewB9RetnvTDi
9r6SwtRnxIyawR1+23z3VwwU3iPahKaBJKDUf1fclPXdYibNPS9Oqon1I1FtrNzI
d5iYEs9R31aaBpDdqgiUBotZCeMgAU+s9O552cVMVPyaTnyY8eeFZePyOQAgWV+2
siLPGqlX7HTcASAxvmi5XRWvNwwPPs21RG3LPNv7QNDYZ8ZaNIwv5UtMi78nz/jF
YTJotTcOYaAzp9P/AOhl7HuCQkj8leyq7D3/aZS3CoyNsrE++9j8n4PfpleiOYVp
c9KlDTYevKTCFtr8Y2swOLheqJpswuAxVWT68bx2JAUSRI5lBmF83Qn+dHr7ckCi
zLsNVv/+21hC6iGOL39jcOrRDx7VMTAWdv8dMeaiOW9jINmFBQDp10awM2KpTs7m
SEnbpuQ0wHzHEHyNQCLYBaQe6C/pGNZh6rDEu8JxMbux6xQkzTZ136BZYwiBSWqD
++PXlwbeSx/2DaUhjIDgWprWgm9ywNLw0aBjP0V6u5tzu1rOsQ0oiQyxUyzOFo7t
tP3f0bWxn8AvNFZIxdtFEFIQrJIl2TTPM1SRX4Msq5ZVuxAJkuF+hlOjhmV1QEE1
vqeii45CpEUmzE0bbi/K1MhHBC8aVUWwMmwEu9omr9OH4niXqLoelGhn5juXH0fk
us40Z8qWtYTDcdkvWR+3aaes7nowR7IgEKBNSbs8YfOLh3719nwi0AyxavYiOUhY
4ACFkLFIOI9Pa958YaBpdpyYqXNJ5NLGHad4nQRmeEB07y5Ru/yg021V/8bH8K+2
eSB/q3fpOMqfcAA6KDbAodocv0NK/g==
=f9Oz
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#828082; Package src:bind9.
(Sun, 22 Jan 2017 11:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Luca Boccassi <luca.boccassi@gmail.com>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Sun, 22 Jan 2017 11:30:03 GMT) (full text, mbox, link).
Message #58 received at 828082@bugs.debian.org (full text, mbox, reply):
On Sun, 15 Jan 2017 03:45:30 -0500 Michael Gilbert <mgilbert@debian.org> wrote: > On Fri, Jan 13, 2017 at 4 > > Upstream has actually added a patch for this already in the stable > > branch as far as I know, so I expect this to actually have been > > fixed in 9.10.4-P5. > > I worked on this today, their patch is not applied in -P5, so I'll be > uploading a version with Bernhard's suggestion. > > Best wishes, > Mike Hello Mike, Would it be possible to build-depend on: libssl1.0-dev | libssl-dev (<< 1.1.0~) instead of just libssl1.0-dev ? This will allow a clean rebuild for backporting purposes. Would really appreciate a lot if this change could be made :-) Thank you! Kind regards, Luca Boccassi
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#828082; Package src:bind9.
(Sun, 22 Jan 2017 21:21:19 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Sun, 22 Jan 2017 21:21:19 GMT) (full text, mbox, link).
Message #63 received at 828082@bugs.debian.org (full text, mbox, reply):
On Sun, Jan 22, 2017 at 6:26 AM, Luca Boccassi wrote: > This will allow a clean rebuild for backporting purposes. Would really > appreciate a lot if this change could be made :-) There are no jessie backports of bind. Best wishes, Mike
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 25 Mar 2017 07:28:36 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.