Bug#769583: marked as done (unblock: bind9/ 9.9.5 with patch or 9.9.6?)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 01 Dec 2014 12:33:24 +0000
with message-id <a364d8c3def67e5f7ea413bd589a40ad@mail.adsl.funky-badger.org>
and subject line Re: Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
has caused the Debian Bug report #769583,
regarding unblock: bind9/ 9.9.5 with patch or 9.9.6?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
769583: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769583
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: bind9/ 9.9.5 with patch or 9.9.6?
• From: Daniel Pocock <daniel@pocock.pro>
• Date: Fri, 14 Nov 2014 19:28:02 +0100
• Message-id: <546649B2.9030101@pocock.pro>

Package: release.debian.org
X-Debbugs-CC: security@debian.org,lamont@debian.org,mgilbert@debian.org
User: release.debian.org@packages.debian.org
UserTags: unblock


testing currently has bind9 version 1:9.9.5.dfsg-5

Upstream released 9.9.6 fixing some bugs with an impact on compatibility
and at least one appears to be security related
"Corrected bugs in the handling of wildcard records by the DNSSEC
validator: invalid wildcard expansions could be treated as valid if
signed, and valid wildcard expansions in NSEC3 opt-out ranges had the AD
bit set incorrectly in responses. [RT #37093] [RT #37072]"

Full upstream changelogs:
https://kb.isc.org/article/AA-01210/0/BIND-9.9.6-Release-Notes.html

I haven't made a debdiff but looking at the list of things in the
changelog it probably isn't trivial.

There is also one outstanding RC issue in bind9 that can be fixed with a
one line patch against the existing package or it is fixed upstream by
the 9.9.6 release, missing dlz_dlopen.h header file:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769117

I understand the release team would usually prefer to see the one line
fix for debian/rules against the existing package and I'm happy to NMU
if the maintainers aren't able to provide that in the next couple of
days.  However, does anybody feel there is a strong enough case to jump
directly to the latest version, 9.9.6, does the security team have any
opinion on this package and its upstream changelog?

Looking at the upstream support lifecycle, bind9 9.9.x appears to be
supported until June 2017, this appears OK for the support lifecycle of
jessie:
http://www.isc.org/downloads/software-support-policy/

--- End Message ---

--- Begin Message ---

• To: Cyril Brulebois <kibi@debian.org>
• Cc: 769583-done@bugs.debian.org
• Subject: Re: Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Mon, 01 Dec 2014 12:33:24 +0000
• Message-id: <a364d8c3def67e5f7ea413bd589a40ad@mail.adsl.funky-badger.org>
• In-reply-to: <[🔎] 20141201120608.GF3236@mraw.org>
• References: <546649B2.9030101@pocock.pro> <20141117181932.GA32179@mix.mmjgroup.com> <546A471A.7000303@thykier.net> <20141117224334.GA24426@mix.mmjgroup.com> <546F7D3A.5080703@thykier.net> <54782B1F.1000603@pocock.pro> <[🔎] 45df5d5d8cde7d4a9efc824e6ac3dbdc@mail.adsl.funky-badger.org> <[🔎] 20141201120608.GF3236@mraw.org>

On 2014-12-01 12:06, Cyril Brulebois wrote:

Control: tag -1 confirmed
Adam D. Barratt <adam@adam-barratt.org.uk> (2014-12-01):

I've unblocked 1:9.9.5.dfsg-6, but it'll need a d-i ack due to the udeb.

No objections.

Ta.

unblock-udeb added.

Regards,

Adam

--- End Message ---