Re: Supporting unbound in stretch by upgrading to 1.9
Sylvain Beucler wrote:
> Hi Security Team,
> The LTS project would like to keep supporting 'unbound', for which security
> support was dropped last May (DSA 4694-1), IIRC due to the risks of
> maintaining a version that was not supported upstream anymore.
> The plan we identified is to backport buster's versions (1.9.0-2+deb10uX),
> along with rebuilding 3 reverse dependencies (getdns/gnutls28/opendkim) to
> use the newer libunbound8, which appears backward-compatible. The version
> scheme could be 1.9.0-2+deb10uX~deb9uY.
> Would you be OK with this plan?
> (Adding maintainer Robert Edmonds in Cc: as well, in case we missed a
> blocking issue.)
> Sylvain Beucler
> Debian LTS Team
There is an unfixed issue in Unbound 1.9.0 (#962459 / #973052) that
affects some users (I have not been able to reproduce it). Upstream has
invested some time in helping the Debian maintainers track down
potential combinations of commits from later releases that may be
related to the issue, but we were not able to produce a working,
targeted fix. I would prefer that 1.9.0 not be exposed to more Debian
users, especially a combination of stretch's libevent and buster's
unbound that AFAIK has not been tested before.