[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#867159: marked as done (stretch-pu: package pdns-recursor/4.0.4-1)

Your message dated Sat, 22 Jul 2017 13:17:18 +0100
with message-id <1500725838.14212.3.camel@adam-barratt.org.uk>
and subject line Closing bugs for 9.1 p-u fixes
has caused the Debian Bug report #867159,
regarding stretch-pu: package pdns-recursor/4.0.4-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
867159: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867159
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

pdns-recursor has an embedded copy of the DNS root (".") zone public
signing key ("KSK"), for DNSSEC verification purposes. ICANN has
created a new key and expects it to use starting from October 11,
2017, in place of the old key.

This update adds the new key to the trusted set. If users do not get
this update, DNSSEC validation will fail for them starting on Oct.
11, until they manually update the configuration.

The same fix is already in unstable (as 4.0.4-2).

Thanks,
Chris


diff -Nru pdns-recursor-4.0.4/debian/changelog pdns-recursor-4.0.4/debian/changelog
--- pdns-recursor-4.0.4/debian/changelog	2017-01-14 03:03:18.000000000 +0000
+++ pdns-recursor-4.0.4/debian/changelog	2017-06-27 12:31:08.000000000 +0000
@@ -1,3 +1,10 @@
+pdns-recursor (4.0.4-1+deb9u1) stretch; urgency=medium
+
+  * Add new root trust anchor KSK-2017 to embedded root trust list.
+    (Closes: #866112)
+
+ -- Christian Hofstaedtler <zeha@debian.org>  Tue, 27 Jun 2017 12:31:08 +0000
+
 pdns-recursor (4.0.4-1) unstable; urgency=medium
 
   * New upstream version, fixing security issues CVE-2016-7068 and
diff -Nru pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch
--- pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch	1970-01-01 00:00:00.000000000 +0000
+++ pdns-recursor-4.0.4/debian/patches/0001-Add-the-2017-root-key.patch	2017-06-27 12:31:08.000000000 +0000
@@ -0,0 +1,20 @@
+From d5037c4d34ffbc89ca5d4f79554dd87aa49fdbc8 Mon Sep 17 00:00:00 2001
+From: Pieter Lexis <pieter.lexis@powerdns.com>
+Date: Fri, 3 Feb 2017 09:03:35 +0100
+Subject: [PATCH] Add the 2017 root key
+
+---
+ pdns/root-dnssec.hh | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/pdns/root-dnssec.hh b/pdns/root-dnssec.hh
+index 0d4b3b4ea1..1f5bb37fe7 100644
+--- a/root-dnssec.hh
++++ b/root-dnssec.hh
+@@ -22,4 +22,5 @@
+ 
+ #pragma once
+ 
+-static const char*rootDSs[]={"19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5"};
++static const char*rootDSs[]={"19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5",
++                             "20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d"};
diff -Nru pdns-recursor-4.0.4/debian/patches/series pdns-recursor-4.0.4/debian/patches/series
--- pdns-recursor-4.0.4/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ pdns-recursor-4.0.4/debian/patches/series	2017-06-27 12:31:08.000000000 +0000
@@ -0,0 +1 @@
+0001-Add-the-2017-root-key.patch

--- End Message ---
--- Begin Message --- 
Version: 9.1

Hi,

These bugs all relate to updates which were included in today's stretch
point release.

Regards,

Adam

--- End Message ---
Reply to: