Public bug reported:

Upstream: tbd
Debian:   1.22.0-1    
Ubuntu:   1.20.0-1ubuntu2


Debian does new releases regularly, so it's likely there will be newer
versions available before FF that we can pick up if this merge is done
later in the cycle.

If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.

If this merge pulls in a new upstream version, also consider adding an
entry to the Jammy Release Notes:
https://discourse.ubuntu.com/c/release/38


### New Debian Changes ###

unbound (1.22.0-1) unstable; urgency=medium

  * new upstream release (1.22.0)

 -- Michael Tokarev <[email protected]>  Sat, 19 Oct 2024 13:11:14 +0300

unbound (1.21.1-1) unstable; urgency=medium

  * new upstream release 1.21.1
    Closes: #1078647, CVE-2024-43167 (NULL ptr deref in ub_ctx_set_fwd)
    Closes: #1083282, CVE-2024-8508 (Unbounded name compression)

 -- Michael Tokarev <[email protected]>  Fri, 04 Oct 2024 17:48:04 +0300

unbound (1.20.0-1) unstable; urgency=medium

  * new upstream release with some new features and many bugfixes
    Closes: CVE-2024-33655 (DNSBomb issue)
  * remove do-not-look-at-pidfile.patch now once upstream
    stopped chowning the pidfile
  * +spelling-overriden.patch
  * d/rules: enable -j in MAKEFLAGS when parallel is in DEB_BUILD_OPTIONS
  * d/control: Standards-Version: 4.6.0=>4.6.2

 -- Michael Tokarev <[email protected]>  Thu, 09 May 2024 14:47:04 +0300

unbound (1.19.2-1) unstable; urgency=medium

  * new upstream bugfix release. Closes: CVE-2024-1931,
    denial of service when trimming EDE text on positive replies
  * d/changelog: add the forgotten Closes for
    #1063845, #1051817, #1051818, #1056631 to the previous
    changelog entry

 -- Michael Tokarev <[email protected]>  Thu, 07 Mar 2024 23:35:52 +0300

unbound (1.19.1-1) unstable; urgency=medium

  * new upstream bugfix release (1.19.1) (Closes: #1063845):
   o Fix CVE-2023-50387, DNSSEC verification complexity can be exploited
     to exhaust CPU resources and stall DNS resolvers
   o Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU
  * new upstream release (1.19.0) (Closes: #1051817, #1051818, #1056631)
  * d/control: Build-Depends: pkg-config => pkgconf
  * d/unbound.lintian-overrides: remove
    package-supports-alternative-init-but-no-init.d-script
  * d/unbound.lintian-overrides: adjust for /lib=>/usr/lib move

 -- Michael Tokarev <[email protected]>  Tue, 13 Feb 2024 22:40:40 +0300

unbound (1.18.0-2) unstable; urgency=medium

   * d/resolvconf-forwards: remove -e (Closes: #1035800), shorten sed expr
   * d/changelog: mention #1013957 in previous changelog entry
   * d/control, d/rules: switch from libnettle back to libssl once it is
     GPL-compatible (#828699 is of no concern anymore).  This fixes libunbound
     init failure.  Also Closes: #1007260
   * d/control, d/rules: build daemon with --enable-cachedb --with-libhiredis,
     build-depend on libhiredis-dev (Closes: #1014456)

 -- Michael Tokarev <[email protected]>  Wed, 06 Sep 2023 16:34:32 +0300

unbound (1.18.0-1) unstable; urgency=medium

  * new upstream release
    Closes: #1038243
  * d/copyright: relicense debian/patches/* under ISC license
    (Closes: #1013957)

 -- Michael Tokarev <[email protected]>  Mon, 04 Sep 2023 09:41:58 +0300

unbound (1.17.1-2) unstable; urgency=medium

  * unbound-helper: return 0 explicitly in a few places
    (Closes: #1019140)

 -- Michael Tokarev <[email protected]>  Sun, 09 Apr 2023 15:59:14 +0300

unbound (1.17.1-1) unstable; urgency=medium

  [ Michael Tokarev ]
  * new upstream release. Release notes:

    This release fixes a number of bugs. There are also new configuration
    options that by default do not change the existing behaviour of Unbound.

    With `statistics-inhibit-zero` the printout of zero values by stats can
    be controlled. Similarly with `max-sent-count` and `max-query-restarts`
    the iterator behaviour can be controlled. The maximum CNAME chain length
    that is accepted can be changed by increasing the `max-query-restarts`
    number. This takes more time to follow those elements.

    The keep-cache option allows reloads to change configuration whilst
    keeping the cache memory intact, making the cache hot for good response
    times after the change has completed.

    The release contains an additional fix for service downgrade due to
    wrong hash values for wildcards in a hyperlocal zone, that was reported
    by Sergey Kacheev.


### Old Ubuntu Delta ###

unbound (1.20.0-1ubuntu2) oracular; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2024-43167-1.patch: fix null pointer
      dereference issue in function ub_ctx_set_fwd of file
      libunbound/libunbound.c
    - debian/patches/CVE-2024-43167-2.patch: fix to print a parse
      error when config is read with no name for a forward-zone, stub-
      zone or view.
    - CVE-2024-43167

 -- Bruce Cable <[email protected]>  Mon, 09 Sep 2024 10:48:56
+1000

unbound (1.20.0-1ubuntu1) oracular; urgency=medium

  * Merge with Debian unstable (LP: #2064475). Remaining changes:
    - Don't build with hiredis on i386.  hiredis and redis are not built
      on i386 and require bootstrapping due to circular
      build-dependencies; simpler to just disable this in the i386
      unbound server binary (that no one will ever use).

 -- Andreas Hasenack <[email protected]>  Mon, 12 Aug 2024 15:41:36
-0300

** Affects: unbound (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: needs-merge upgrade-software-version

** Changed in: unbound (Ubuntu)
    Milestone: None => ubuntu-25.01

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085302

Title:
  Merge unbound from Debian unstable for jammy

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/2085302/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to