Re: Supporting unbound in stretch by upgrading to 1.9
Markus Koschany wrote:
> Hi Robert,
> Am Samstag, den 06.02.2021, 19:46 -0500 schrieb Robert Edmonds:
> > Hi, Markus:
> > I'm OK with both of these plans.
> > For the proposed 1.9.6 buster update, can you send me git commits based
> > against
> > https://salsa.debian.org/dns-team/unbound/-/tree/branches/1.9.0-2_deb10
> > ?
> > Thanks!
> I have opened a merge request on salsa for the 1.9.6 update.
OK, I created a new unbound branch based on that:
$ git shortlog branches/1.9.0-2_deb10..branches/1.9.6-0_deb10
Markus Koschany (1):
Apply NLnet Labs patch for CVE-2020-28935 (Closes: #977165)
Robert Edmonds (11):
New upstream version 1.9.3~rc1
New upstream version 1.9.3
New upstream version 1.9.4
New upstream version 1.9.6
debian/source/options: Remove "single-debian-patch" option
Revert "debian/source/patch-header: Add patch header for "single-debian-patch" mode"
Revert "Apply NLnet Labs patch for CVE-2019-16866 (Closes: #941692)"
Revert "Apply NLnet Labs patch for CVE-2020-12662, CVE-2020-12663"
Merge tag 'upstream/1.9.6'
Re-apply NLnet Labs patch for CVE-2020-12662, CVE-2020-12663
I built it and uploaded it here:
The /usr/sbin/unbound binary is identical (same hash) to the binary in
the package you built at https://people.debian.org/~apo/buster/unbound/.
I removed the "single-debian-patch" source option because it makes it
hard to understand what is in the combined Debian patch looking just at
the source package, especially now that we're dealing with multiple
security patches. (I also removed it from the main branch a while back,
sometime after the buster release.)
I asked the reporter of #962459 to see if they can test the candidate
The candidate unbound package is now running on two of my buster
machines serving DNS at two small sites (30-40+ devices) for testing