[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Supporting unbound in stretch by upgrading to 1.9

Markus Koschany wrote:
> Am Mittwoch, den 20.01.2021, 04:32 -0500 schrieb Robert Edmonds:
> [...]
> > I would be OK with promoting an unbound package based on 1.9.6-2 (the
> > last 1.9.x package) to buster, if that's OK with the release team.
> Hello Robert,
> As you know we have had a request from users to "resurrect" unbound in Debian 9
> "Stretch". We have discussed several options internally and we came to the
> conclusion that we can just backport the current version of unbound in Buster
> and apply the patch to fix CVE-2020-28935. In order to avoid rebuilds of
> reverse-dependencies we have decided to introduce a new source package called
> unbound1.9 which takes over the binary packages unbound, unbound-anchor,
> unbound-host and libunbound8. This allows us to avoid rebuilding reverse-
> dependencies of libunbound2 in Stretch which is not necessary because they are
> not affected by the reported security vulnerabilities. You also don't have to
> feel responsible for those changes because we track them in a different source
> package.


It looks like #982671 / #982672 was assigned by the BTS to src:unbound
rather than src:unbound1.9. I attempted to re-assign the bug to
src:unbound1.9 with notfound/found but I don't think that worked since I
don't see it on

This bug also should have been reported against the unbound binary
package built by src:unbound1.9, not python-unbound, because the bug
appears to be about src:unbound1.9's unbound daemon failing to start. My
understanding is that the embedded Python scripting support in the
unbound daemon (which is built on stretch against Python 3, not Python 2
anyway) does not require the python-unbound or python3-unbound packages,
which are unrelated Python extension module bindings for the APIs in the
C libunbound library.

Also, it looks like the upload of unbound1.9 1.9.0-2+deb10u2~deb9u1
dropped the python-unbound and python3-unbound binary packages. It's not
clear why and it would be nice if the reason were documented in


Robert Edmonds

Reply to: