Re: Supporting unbound in stretch by upgrading to 1.9

To: Robert Edmonds <edmonds@debian.org>
Cc: debian-lts <debian-lts@lists.debian.org>, team <team@security.debian.org>, 982671@bugs.debian.org
Subject: Re: Supporting unbound in stretch by upgrading to 1.9
From: Markus Koschany <apo@debian.org>
Date: Wed, 17 Feb 2021 20:22:49 +0100
Message-id: <[🔎] f57e3a3cdf51b029e76659274de0ac8eb83a18ec.camel@debian.org>
In-reply-to: <[🔎] YC1p2wY9RLwKEZKu@mycre.ws>
References: <240f6cd3-77b0-2a24-ac14-99e7af98179b@beuc.net> <YAex8kxx0iJVyyxs@mycre.ws> <YAftVdSpPGsBL7/o@t14-buxy.home.ouaza.com> <YAf4rcX+8/UA5Hui@mycre.ws> <[🔎] 80e11f170c176d09c2b08b0826d597cc737c1cea.camel@debian.org> <[🔎] YC1VrQ2gOIeog70P@mycre.ws> <[🔎] a31bbf2e60715a550b9b6bb2f46c70146068c9fb.camel@debian.org> <[🔎] YC1p2wY9RLwKEZKu@mycre.ws>

Hello,

Am Mittwoch, den 17.02.2021, 14:09 -0500 schrieb Robert Edmonds:
> Hi,
> 
> #982671 / #982672 is incorrectly reported against the python-unbound
> package. It should instead be against the unbound binary package because
> this functionality is in the unbound daemon.

Please feel free to reassign and/or adjust the bug report as necessary.


>  The error message cited in
> the original report is an error message generated by the unbound daemon:
> 
>     [123376:0] error: module init for module python failed
> 
> Based on the original report this failure occurred after the bug
> reporter upgraded to src:unbound1.9's unbound package in oldstable.
> 
> The embedded Python scripting support is in the unbound daemon and
> enabled by the the '--with-pythonmodule' parameter to the unbound
> configure script. It results in this dependency in the built unbound
> package:
> 
> $ dpkg-deb -I unbound_1.9.0-2+deb10u2~deb9u1_amd64.deb | grep '^ Depends:'
>  Depends: adduser, dns-root-data, lsb-base (>= 3.0-6), openssl,
>      unbound-anchor, init-system-helpers (>= 1.18~), libc6 (>= 2.17),
>      libevent-2.0-5 (>= 2.0.10-stable), libfstrm0 (>= 0.2.0), libprotobuf-c1
>                  vvvvvvvvvvvvvvvvvvvvvvvvvv
>      (>= 1.0.1), libpython3.5 (>= 3.5.0~b1), libssl1.1 (>= 1.1.0),
>                  ^^^^^^^^^^^^^^^^^^^^^^^^^^
>      libsystemd0
> 
> The python{3,}-unbound packages implement the Python extension module
> bindings for the C libunbound library. The Python extension module is
> enabled by the '--with-pyunbound' parameter to the unbound configure
> script.

We don't intend to build the python bindings for unbound1.9. This decision was
intentional, so here are the alternatives. 

1. Don't upgrade unbound 1.6 if you are sure, you are not affected by the
   existing security vulnerabilities.

2. I could remove the configure option --with-pyunbound and announce this with
a new DLA, this would it make explicit that the python bindings are not
supported.

However the end result will always be the same. You can't use the existing
python bindings with the 1.9 version.

Regards,

Markus

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: Supporting unbound in stretch by upgrading to 1.9
  - From: Robert Edmonds <edmonds@debian.org>

References:
- Re: Supporting unbound in stretch by upgrading to 1.9
  - From: Markus Koschany <apo@debian.org>
- Re: Supporting unbound in stretch by upgrading to 1.9
  - From: Robert Edmonds <edmonds@debian.org>
- Re: Supporting unbound in stretch by upgrading to 1.9
  - From: Markus Koschany <apo@debian.org>
- Re: Supporting unbound in stretch by upgrading to 1.9
  - From: Robert Edmonds <edmonds@debian.org>

Prev by Date: Re: Supporting unbound in stretch by upgrading to 1.9
Next by Date: Re: Supporting unbound in stretch by upgrading to 1.9
Previous by thread: Re: Supporting unbound in stretch by upgrading to 1.9
Next by thread: Re: Supporting unbound in stretch by upgrading to 1.9
Index(es):
- Date
- Thread