Bug#928407: unblock: bind9/1:9.11.5.P4+dfsg-5
Control: tags -1 d-i confirmed
Bernhard Schmidt:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Please unblock package bind9
>
> -4 and -5 have the following changes over -3 currently in testing.
>
> - CVE-2018-5743 (Bug#927923)
> The patch for this have been pulled directly from upstream. There is an
> additional patch needed for platforms without atomic support
> - Some additions to the AppArmor policy
> The seldomly used case of bind9 directly serving ActiveDirectory zones from
> Samba through a DLZ (Dynamically Loadable Zone) module was quite broken before
> because Samba in Buster changed some important paths and the AppArmor policy
> only really got enforced in Buster. Thanks to Steven Monai for filing bugs
> (928398, 920530) this should be fixed. I consider it low-risk because it only
> adds paths.
> - During Buster EDDSA crypto was temporarily disabled because it added a dependency
> on OpenSSL 1.1.1, which was at that point preventing testing migration. In
> our eyes it makes no sense to keep it disabled. Ed448 is currently broken
> upstream (https://gitlab.isc.org/isc-projects/bind9/issues/225) so there is an
> additional patch to keep that disabled.
>
> -4 has been in sid for more than a week without reported regressions, -5 only
> adds a single line to the AppArmor policy
>
> unblock bind9/1:9.11.5.P4+dfsg-5
>
Hi,
I have flagged it as ok from the RT PoV and is CC'ing KiBi for a d-i
review before it is finally unblocked.
Thanks,
~Niels
Reply to: