[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Supporting unbound in stretch by upgrading to 1.9


Am Mittwoch, den 17.02.2021, 14:09 -0500 schrieb Robert Edmonds:
> Hi,
> #982671 / #982672 is incorrectly reported against the python-unbound
> package. It should instead be against the unbound binary package because
> this functionality is in the unbound daemon.

Please feel free to reassign and/or adjust the bug report as necessary.

>  The error message cited in
> the original report is an error message generated by the unbound daemon:
>     [123376:0] error: module init for module python failed
> Based on the original report this failure occurred after the bug
> reporter upgraded to src:unbound1.9's unbound package in oldstable.
> The embedded Python scripting support is in the unbound daemon and
> enabled by the the '--with-pythonmodule' parameter to the unbound
> configure script. It results in this dependency in the built unbound
> package:
> $ dpkg-deb -I unbound_1.9.0-2+deb10u2~deb9u1_amd64.deb | grep '^ Depends:'
>  Depends: adduser, dns-root-data, lsb-base (>= 3.0-6), openssl,
>      unbound-anchor, init-system-helpers (>= 1.18~), libc6 (>= 2.17),
>      libevent-2.0-5 (>= 2.0.10-stable), libfstrm0 (>= 0.2.0), libprotobuf-c1
>                  vvvvvvvvvvvvvvvvvvvvvvvvvv
>      (>= 1.0.1), libpython3.5 (>= 3.5.0~b1), libssl1.1 (>= 1.1.0),
>                  ^^^^^^^^^^^^^^^^^^^^^^^^^^
>      libsystemd0
> The python{3,}-unbound packages implement the Python extension module
> bindings for the C libunbound library. The Python extension module is
> enabled by the '--with-pyunbound' parameter to the unbound configure
> script.

We don't intend to build the python bindings for unbound1.9. This decision was
intentional, so here are the alternatives. 

1. Don't upgrade unbound 1.6 if you are sure, you are not affected by the
   existing security vulnerabilities.

2. I could remove the configure option --with-pyunbound and announce this with
a new DLA, this would it make explicit that the python bindings are not

However the end result will always be the same. You can't use the existing
python bindings with the 1.9 version.



Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: