Re: Supporting unbound in stretch by upgrading to 1.9

Thu, 11 Feb 2021 18:20:24 -0800 

Markus Koschany wrote:
> Hi Robert,
> 
> Am Samstag, den 06.02.2021, 19:46 -0500 schrieb Robert Edmonds:
> [...]
> > Hi, Markus:
> > 
> > I'm OK with both of these plans.
> > 
> > For the proposed 1.9.6 buster update, can you send me git commits based
> > against
> > https://salsa.debian.org/dns-team/unbound/-/tree/branches/1.9.0-2_deb10
> > ?
> > 
> > Thanks!
> 
> I have opened a merge request on salsa for the 1.9.6 update.
> 
> Cheers,
> 
> Markus

OK, I created a new unbound branch based on that:

https://salsa.debian.org/dns-team/unbound/-/commits/branches/1.9.6-0_deb10

    $ git shortlog branches/1.9.0-2_deb10..branches/1.9.6-0_deb10
    Markus Koschany (1):
          Apply NLnet Labs patch for CVE-2020-28935 (Closes: #977165)

    Robert Edmonds (11):
          New upstream version 1.9.3~rc1
          New upstream version 1.9.3
          New upstream version 1.9.4
          New upstream version 1.9.6
          debian/source/options: Remove "single-debian-patch" option
          Revert "debian/source/patch-header: Add patch header for 
"single-debian-patch" mode"
          Revert "Apply NLnet Labs patch for CVE-2019-16866 (Closes: #941692)"
          Revert "Apply NLnet Labs patch for CVE-2020-12662, CVE-2020-12663"
          Merge tag 'upstream/1.9.6'
          Re-apply NLnet Labs patch for CVE-2020-12662, CVE-2020-12663
          debian/changelog: 1.9.6-0+deb10u0

I built it and uploaded it here:

https://people.debian.org/~edmonds/unbound/1.9.6-0+deb10u0/

The /usr/sbin/unbound binary is identical (same hash) to the binary in
the package you built at https://people.debian.org/~apo/buster/unbound/.

I removed the "single-debian-patch" source option because it makes it
hard to understand what is in the combined Debian patch looking just at
the source package, especially now that we're dealing with multiple
security patches. (I also removed it from the main branch a while back,
sometime after the buster release.)

I asked the reporter of #962459 to see if they can test the candidate
package here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962459#42

The candidate unbound package is now running on two of my buster
machines serving DNS at two small sites (30-40+ devices) for testing
purposes.

-- 
Robert Edmonds
edmo...@debian.org

Reply via email to