[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#867159: stretch-pu: package pdns-recursor/4.0.4-1

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

pdns-recursor has an embedded copy of the DNS root (".") zone public
signing key ("KSK"), for DNSSEC verification purposes. ICANN has
created a new key and expects it to use starting from October 11,
2017, in place of the old key.

This update adds the new key to the trusted set. If users do not get
this update, DNSSEC validation will fail for them starting on Oct.
11, until they manually update the configuration.

The same fix is already in unstable (as 4.0.4-2).

Thanks,
Chris


diff -Nru pdns-recursor-4.0.4/debian/changelog pdns-recursor-4.0.4/debian/changelog
--- pdns-recursor-4.0.4/debian/changelog	2017-01-14 03:03:18.000000000 +0000
+++ pdns-recursor-4.0.4/debian/changelog	2017-06-27 12:31:08.000000000 +0000
@@ -1,3 +1,10 @@
+pdns-recursor (4.0.4-1+deb9u1) stretch; urgency=medium
+
+  * Add new root trust anchor KSK-2017 to embedded root trust list.
+    (Closes: #866112)
+
+ -- Christian Hofstaedtler <zeha@debian.org>  Tue, 27 Jun 2017 12:31:08 +0000
+
 pdns-recursor (4.0.4-1) unstable; urgency=medium
 
   * New upstream version, fixing security issues CVE-2016-7068 and
diff -Nru pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch
--- pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch	1970-01-01 00:00:00.000000000 +0000
+++ pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch	2017-06-27 12:31:08.000000000 +0000
@@ -0,0 +1,20 @@
+From d5037c4d34ffbc89ca5d4f79554dd87aa49fdbc8 Mon Sep 17 00:00:00 2001
+From: Pieter Lexis <pieter.lexis@powerdns.com>
+Date: Fri, 3 Feb 2017 09:03:35 +0100
+Subject: [PATCH] Add the 2017 root key
+
+---
+ pdns/root-dnssec.hh | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/pdns/root-dnssec.hh b/pdns/root-dnssec.hh
+index 0d4b3b4ea1..1f5bb37fe7 100644
+--- a/root-dnssec.hh
++++ b/root-dnssec.hh
+@@ -22,4 +22,5 @@
+ 
+ #pragma once
+ 
+-static const char*rootDSs[]={"19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5"};
++static const char*rootDSs[]={"19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5",
++                             "20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d"};
diff -Nru pdns-recursor-4.0.4/debian/patches/series pdns-recursor-4.0.4/debian/patches/series
--- pdns-recursor-4.0.4/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ pdns-recursor-4.0.4/debian/patches/series	2017-06-27 12:31:08.000000000 +0000
@@ -0,0 +1 @@
+0001-Add-the-2017-root-key.patch
Reply to: