Change log for unbound package in Ubuntu

175 of 146 results
Published in jammy-updates
Published in jammy-security
unbound (1.13.1-1ubuntu5.5) jammy-security; urgency=medium

  * SECURITY UPDATE: Unbound could be used to take part in a DoS attack
    - debian/patches/CVE-2024-33655.patch: fix for the DNSBomb
      vulnerability in doc/example.conf.in, doc/unbound.conf.5.in,
      services/cache/infra.c, services/cache/infra.h, services/mesh.c,
      testdata/*, util/config_file.c, util/config_file.h,
      util/configlexer.lex, util/configparser.y.
    - CVE-2024-33655

 -- Marc Deslauriers <email address hidden>  Wed, 15 May 2024 13:34:34 +0200
Published in focal-updates
Published in focal-security
unbound (1.9.4-2ubuntu1.6) focal-security; urgency=medium

  * SECURITY UPDATE: Unbound could be used to take part in a DoS attack
    - debian/patches/CVE-2024-33655.patch: fix for the DNSBomb
      vulnerability in doc/example.conf.in, doc/unbound.conf.5.in,
      services/cache/infra.c, services/cache/infra.h, services/mesh.c,
      testdata/*, util/config_file.c, util/config_file.h,
      util/configlexer.lex, util/configparser.y.
    - CVE-2024-33655

 -- Marc Deslauriers <email address hidden>  Wed, 15 May 2024 15:09:15 +0200
Published in mantic-updates
Published in mantic-security
unbound (1.17.1-2ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: Unbound could be used to take part in a DoS attack
    - debian/patches/CVE-2024-33655.patch: fix for the DNSBomb
      vulnerability in doc/example.conf.in, doc/unbound.conf.5.in,
      services/cache/infra.c, services/cache/infra.h, services/mesh.c,
      testdata/*, util/config_file.c, util/config_file.h,
      util/configlexer.lex, util/configparser.y.
    - CVE-2024-33655

 -- Marc Deslauriers <email address hidden>  Wed, 15 May 2024 12:15:41 +0200
Published in noble-updates
Published in noble-security
unbound (1.19.2-1ubuntu3.1) noble-security; urgency=medium

  * SECURITY UPDATE: Unbound could be used to take part in a DoS attack
    - debian/patches/CVE-2024-33655.patch: fix for the DNSBomb
      vulnerability in doc/example.conf.in, doc/unbound.conf.5.in,
      services/cache/infra.c, services/cache/infra.h, services/mesh.c,
      testdata/*, util/config_file.c, util/config_file.h,
      util/configlexer.lex, util/configparser.y.
    - CVE-2024-33655

 -- Marc Deslauriers <email address hidden>  Wed, 15 May 2024 12:01:37 +0200
Published in oracular-release
Published in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
unbound (1.19.2-1ubuntu3) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <email address hidden>  Sun, 31 Mar 2024 08:30:00 +0000
Superseded in noble-proposed
unbound (1.19.2-1ubuntu2) noble; urgency=medium

  * No-change rebuild against libevent-2.1-7t64

 -- Simon Chopin <email address hidden>  Fri, 29 Mar 2024 17:26:09 +0100

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
unbound (1.19.2-1ubuntu1) noble; urgency=medium

  * Merge with Debian unstable (LP: #2056552). Remaining changes:
    - Don't build with hiredis on i386.  hiredis and redis are not built
      on i386 and require bootstrapping due to circular
      build-dependencies; simpler to just disable this in the i386
      unbound server binary (that no one will ever use).

 -- Andreas Hasenack <email address hidden>  Fri, 08 Mar 2024 10:23:53 -0300
Superseded in noble-proposed
unbound (1.19.1-1ubuntu3) noble; urgency=medium

  * No-change rebuild against libssl3t64

 -- Steve Langasek <email address hidden>  Tue, 05 Mar 2024 02:09:01 +0000
Superseded in noble-proposed
unbound (1.19.1-1ubuntu2) noble; urgency=medium

  * No-change rebuild for python3.12 t64.

 -- Matthias Klose <email address hidden>  Sat, 02 Mar 2024 21:15:53 +0100

Available diffs

Superseded in focal-updates
Superseded in focal-security
unbound (1.9.4-2ubuntu1.5) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service issues via DNSSEC responses
    - debian/patches/CVE-2023-50387-and-CVE-2023-50868.patch:
      patch obtained from Debian's 1.9.0-2+deb10u4 package, thanks to
      Markus Koschany.
    - CVE-2023-50387
    - CVE-2023-50868

 -- Marc Deslauriers <email address hidden>  Tue, 27 Feb 2024 16:55:01 -0500
Superseded in jammy-updates
Superseded in jammy-security
unbound (1.13.1-1ubuntu5.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service issues via DNSSEC responses
    - debian/patches/CVE-2023-50387_CVE-2023-50868_1.12.0-1.13.1.patch:
      patch obtained from Debian's 1.13.1-1+deb11u2 package, thanks to
      Salvatore Bonaccorso.
    - CVE-2023-50387
    - CVE-2023-50868

 -- Marc Deslauriers <email address hidden>  Tue, 27 Feb 2024 16:53:18 -0500
Superseded in mantic-updates
Superseded in mantic-security
unbound (1.17.1-2ubuntu0.1) mantic-security; urgency=medium

  * SECURITY UPDATE: Denial of service issues via DNSSEC responses
    - debian/patches/CVE-2023-50387_CVE-2023-50868_1.16.1-1.17.1.patch:
      patch obtained from Debian's 1.17.1-2+deb12u2 package, thanks to
      Salvatore Bonaccorso.
    - CVE-2023-50387
    - CVE-2023-50868

 -- Marc Deslauriers <email address hidden>  Tue, 27 Feb 2024 16:48:33 -0500
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
unbound (1.19.1-1ubuntu1) noble; urgency=medium

  * Merge with Debian unstable (LP: #2055042). Remaining changes:
    - Don't build with hiredis on i386.  hiredis and redis are not built
      on i386 and require bootstrapping due to circular
      build-dependencies; simpler to just disable this in the i386
      unbound server binary (that no one will ever use).

 -- Andreas Hasenack <email address hidden>  Mon, 26 Feb 2024 10:03:33 -0300

Available diffs

Deleted in noble-updates (Reason: superseded by release)
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
unbound (1.18.0-2ubuntu2) noble; urgency=medium

  * No-change rebuild with Python 3.12 as default

 -- Graham Inggs <email address hidden>  Fri, 19 Jan 2024 21:03:32 +0000

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
unbound (1.18.0-2ubuntu1) noble; urgency=medium

  * Don't build with hiredis on i386.  hiredis and redis are not built on
    i386 and require bootstrapping due to circular build-dependencies;
    simpler to just disable this in the i386 unbound server binary (that no
    one will ever use).

 -- Steve Langasek <email address hidden>  Fri, 24 Nov 2023 10:36:50 -0800
Superseded in noble-proposed
unbound (1.18.0-2) unstable; urgency=medium

   * d/resolvconf-forwards: remove -e (Closes: #1035800), shorten sed expr
   * d/changelog: mention #1013957 in previous changelog entry
   * d/control, d/rules: switch from libnettle back to libssl once it is
     GPL-compatible (#828699 is of no concern anymore).  This fixes libunbound
     init failure.  Also Closes: #1007260
   * d/control, d/rules: build daemon with --enable-cachedb --with-libhiredis,
     build-depend on libhiredis-dev (Closes: #1014456)

 -- Michael Tokarev <email address hidden>  Wed, 06 Sep 2023 16:34:32 +0300
Superseded in noble-release
Published in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
unbound (1.17.1-2) unstable; urgency=medium

  * unbound-helper: return 0 explicitly in a few places
    (Closes: #1019140)

 -- Michael Tokarev <email address hidden>  Sun, 09 Apr 2023 15:59:14 +0300

Available diffs

Superseded in mantic-release
Published in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar)
unbound (1.17.1-1) unstable; urgency=medium

  [ Michael Tokarev ]
  * new upstream release. Release notes:

    This release fixes a number of bugs. There are also new configuration
    options that by default do not change the existing behaviour of Unbound.

    With `statistics-inhibit-zero` the printout of zero values by stats can
    be controlled. Similarly with `max-sent-count` and `max-query-restarts`
    the iterator behaviour can be controlled. The maximum CNAME chain length
    that is accepted can be changed by increasing the `max-query-restarts`
    number. This takes more time to follow those elements.

    The keep-cache option allows reloads to change configuration whilst
    keeping the cache memory intact, making the cache hot for good response
    times after the change has completed.

    The release contains an additional fix for service downgrade due to
    wrong hash values for wildcards in a hyperlocal zone, that was reported
    by Sergey Kacheev.

    Features
    - Expose 'statistics-inhibit-zero' as a configuration option; the
      default value retains Unbound's behavior.
    - Expose 'max-sent-count' as a configuration option; the
      default value retains Unbound's behavior.
    - Merge #461 from Christian Allred: Add max-query-restarts option.
      Exposes an internal configuration but the default value retains
      Unbound's behavior.
    - Merge #569 from JINMEI Tatuya: add keep-cache option to
      'unbound-control reload' to keep caches.

    Bug Fixes
    - Merge #768 from fobser: Arithmetic on a pointer to void is a GNU
      extension.
    - In unit test, print python script name list correctly.
    - testcode/dohclient sets log identity to its name.
    - Clarify the use of MAX_SENT_COUNT in the iterator code.
    - Fix that cachedb does not store failures in the external cache.
    - Merge #767 from jonathangray: consistently use IPv4/IPv6 in
      unbound.conf.5.
    - Fix to ignore tcp events for closed comm points.
    - Fix to make sure to not read again after a tcp comm point is closed.
    - Fix #775: libunbound: subprocess reap causes parent process reap
      to hang.
    - iana portlist update.
    - Complementary fix for distutils.sysconfig deprecation in Python 3.10
      to commit 62c5039ab9da42713e006e840b7578e01d66e7f2.
    - Fix #779: [doc] Missing documentation in ub_resolve_event() for
      callback parameter was_ratelimited.
    - Ignore expired error responses.
    - Merge #720 from jonathangray: fix use after free when
      WSACreateEvent() fails.
    - Fix for the ignore of tcp events for closed comm points, preserve
      the use after free protection features.
    - Fix #782: Segmentation fault in stats.c:404.
    - Add SVCB and HTTPS to the types removed by 'unbound-control flush'.
    - Clear documentation for interactivity between the subnet module and
      the serve-expired and prefetch configuration options.
    - Fix #773: When used with systemd-networkd, unbound does not start
      until systemd-networkd-wait-online.service times out.
    - Merge #808: Wrap Makefile script's directory variables in quotes.
    - Fix to wrap Makefile scripts directory in quotes for uninstall.
    - Fix windows compile for libunbound subprocess reap comm point closes.
    - Update github workflows to use checkout v3.
    - Fix wildcard in hyperlocal zone service degradation, reported
      by Sergey Kacheev.

  * lintian-overrides fixes/additions

  [ Helmut Grohne ]
  * Fix FTCBFS: export _PYTHON_SYSCONFIGDATA_NAME. (Closes: #1024422)

 -- Michael Tokarev <email address hidden>  Thu, 12 Jan 2023 18:28:54 +0300
Superseded in lunar-proposed
unbound (1.17.0-1build1) lunar; urgency=medium

  * No-change rebuild with Python 3.11 as default

 -- Graham Inggs <email address hidden>  Sun, 25 Dec 2022 20:46:17 +0000
Published in bionic-updates
Published in bionic-security
unbound (1.6.7-1ubuntu2.6) bionic-security; urgency=medium

  * SECURITY UPDATE: Non-Responsive Delegation Attack
    - debian/patches/CVE-2022-3204.patch: limit number of lookups in
      iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c,
      services/cache/dns.c, services/mesh.*.
    - CVE-2022-3204

 -- Marc Deslauriers <email address hidden>  Tue, 15 Nov 2022 15:07:17 -0500
Superseded in focal-updates
Superseded in focal-security
unbound (1.9.4-2ubuntu1.4) focal-security; urgency=medium

  * SECURITY UPDATE: Non-Responsive Delegation Attack
    - debian/patches/CVE-2022-3204.patch: limit number of lookups in
      iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c,
      services/cache/dns.c, services/mesh.*.
    - CVE-2022-3204

 -- Marc Deslauriers <email address hidden>  Tue, 15 Nov 2022 15:05:15 -0500
Superseded in jammy-updates
Superseded in jammy-security
unbound (1.13.1-1ubuntu5.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Non-Responsive Delegation Attack
    - debian/patches/CVE-2022-3204.patch: limit number of lookups in
      iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c,
      services/cache/dns.c, services/mesh.*.
    - CVE-2022-3204

 -- Marc Deslauriers <email address hidden>  Tue, 15 Nov 2022 15:03:03 -0500
Obsolete in kinetic-updates
Obsolete in kinetic-security
unbound (1.16.2-1ubuntu0.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: Non-Responsive Delegation Attack
    - debian/patches/CVE-2022-3204.patch: limit number of lookups in
      iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c,
      services/cache/dns.c, services/mesh.*.
    - CVE-2022-3204

 -- Marc Deslauriers <email address hidden>  Tue, 15 Nov 2022 14:59:47 -0500
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar)
unbound (1.17.0-1) unstable; urgency=medium

  * new upstream release

 -- Michael Tokarev <email address hidden>  Thu, 13 Oct 2022 14:01:15 +0300
Superseded in lunar-release
Obsolete in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
unbound (1.16.2-1build1) kinetic; urgency=medium

  * No-change rebuild against libevent-2.1-7a (LP: #1990941)

 -- Benjamin Drung <email address hidden>  Fri, 07 Oct 2022 19:59:02 +0200
Superseded in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates)
unbound (1.13.1-1ubuntu5.2) jammy; urgency=medium

  * Resolve interfaces using existing interface names with unbound-checkconf
    (LP: #1988055):
    - d/p/fix-checkconf-interface-name-error.patch: Resolve known interface
      names correctly when using unbound-checkconf
    - d/p/resolve-control-interface-names.patch: Resolve interface names on
      control-interface so unbound-checkconf can work correctly when checking
      names of known interfaces

 -- Lena Voytek <email address hidden>  Wed, 07 Sep 2022 10:52:50 -0700
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
unbound (1.16.2-1) unstable; urgency=medium

  * new upstream minor release with many bugfixes and 2 features.
    Closes: #1016493, CVE-2022-30698, CVE-2022-30699
  * d/unbound.docs: install doc/Changelog file
  * d/copyright: mark debian/patches/* as GPL-2 (#1013957)
    (not closing the bug since it is more than d/patches/)

 -- Michael Tokarev <email address hidden>  Fri, 12 Aug 2022 12:57:33 +0300

Available diffs

Superseded in bionic-updates
Superseded in bionic-security
unbound (1.6.7-1ubuntu2.5) bionic-security; urgency=medium

  * SECURITY UPDATE: Ghost domain names issues
    - debian/patches/CVE-2022-3069x-pre1.patch: fix that cachedb could
      return a partial CNAME chain in cachedb/cachedb.c,
      iterator/iterator.c, services/cache/dns.c, services/cache/dns.h.
    - debian/patches/CVE-2022-3069x-pre2.patch: backport a version of the
      iter_stub_fwd_no_cache function in iterator/iter_utils.c,
      iterator/iter_utils.h.
    - debian/patches/CVE-2022-3069x-pre3.patch: fix that nxdomain synthesis
      does not happen above the stub or forward definition in
      cachedb/cachedb.c, iterator/iter_utils.c, iterator/iter_utils.h,
      iterator/iterator.c, services/cache/dns.c, services/cache/dns.h.
    - debian/patches/CVE-2022-3069x.patch: fix the novel ghost domain
      issues in cachedb/cachedb.c, daemon/cachedump.c, daemon/worker.c,
      dns64/dns64.c, ipsecmod/ipsecmod.c, iterator/iter_utils.c,
      iterator/iter_utils.h, iterator/iterator.c, pythonmod/interface.i,
      pythonmod/pythonmod_utils.c, services/cache/dns.c,
      services/cache/dns.h, services/mesh.c,
      testdata/iter_prefetch_change.rpl, util/module.h,
      validator/validator.c.
    - CVE-2022-30698
    - CVE-2022-30699

 -- Marc Deslauriers <email address hidden>  Thu, 04 Aug 2022 07:56:04 -0400
Superseded in focal-updates
Superseded in focal-security
unbound (1.9.4-2ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: Ghost domain names issues
    - debian/patches/CVE-2022-3069x-pre1.patch: fix that nxdomain synthesis
      does not happen above the stub or forward definition in
      cachedb/cachedb.c, edns-subnet/subnetmod.c, iterator/iter_utils.c,
      iterator/iter_utils.h, iterator/iterator.c, services/cache/dns.c,
      services/cache/dns.h.
    - debian/patches/CVE-2022-3069x.patch: fix the novel ghost domain
      issues in cachedb/cachedb.c, daemon/cachedump.c, daemon/worker.c,
      dns64/dns64.c, ipsecmod/ipsecmod.c, iterator/iter_utils.c,
      iterator/iter_utils.h, iterator/iterator.c, pythonmod/interface.i,
      pythonmod/pythonmod_utils.c, services/cache/dns.c,
      services/cache/dns.h, services/mesh.c,
      testdata/iter_prefetch_change.rpl, util/module.h,
      validator/validator.c.
    - CVE-2022-30698
    - CVE-2022-30699

 -- Marc Deslauriers <email address hidden>  Tue, 02 Aug 2022 09:55:28 -0400
Superseded in jammy-updates
Superseded in jammy-security
unbound (1.13.1-1ubuntu5.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Ghost domain names issues
    - debian/patches/CVE-2022-3069x-pre1.patch: fix that nxdomain synthesis
      does not happen above the stub or forward definition in
      cachedb/cachedb.c, edns-subnet/subnetmod.c, iterator/iter_utils.c,
      iterator/iter_utils.h, iterator/iterator.c, services/cache/dns.c,
      services/cache/dns.h.
    - debian/patches/CVE-2022-3069x.patch: fix the novel ghost domain
      issues in cachedb/cachedb.c, daemon/cachedump.c, daemon/worker.c,
      dns64/dns64.c, ipsecmod/ipsecmod.c, iterator/iter_utils.c,
      iterator/iter_utils.h, iterator/iterator.c, pythonmod/interface.i,
      pythonmod/pythonmod_utils.c, services/cache/dns.c,
      services/cache/dns.h, services/mesh.c,
      testdata/iter_prefetch_change.rpl, util/module.h,
      validator/validator.c.
    - CVE-2022-30698
    - CVE-2022-30699

 -- Marc Deslauriers <email address hidden>  Tue, 02 Aug 2022 09:52:58 -0400
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
unbound (1.16.0-2) unstable; urgency=medium

  * revert the python path change in previous upload, and set python
    module directory explicitly to /usr/lib/python3/dist-packages/.

 -- Michael Tokarev <email address hidden>  Thu, 02 Jun 2022 19:35:26 +0300
Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
unbound (1.13.1-1ubuntu5) jammy; urgency=medium

  * Cherry-pick upstream commits for Python 3.10 compatibility

 -- Rico Tzschichholz <email address hidden>  Tue, 01 Feb 2022 15:23:57 +0100
Superseded in jammy-proposed
unbound (1.13.1-1ubuntu4) jammy; urgency=medium

  * No-change rebuild with Python 3.10 as default version

 -- Graham Inggs <email address hidden>  Thu, 13 Jan 2022 20:38:08 +0000

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
unbound (1.13.1-1ubuntu3) jammy; urgency=medium

  * debian/patches/openssl3.patch: compatibility with OpenSSL 3.

 -- Steve Langasek <email address hidden>  Thu, 09 Dec 2021 20:51:29 +0000
Superseded in jammy-proposed
unbound (1.13.1-1ubuntu2) jammy; urgency=medium

  * No-change rebuild against libssl3

 -- Steve Langasek <email address hidden>  Thu, 09 Dec 2021 00:22:14 +0000

Available diffs

Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
unbound (1.13.1-1ubuntu1) impish; urgency=medium

  * Enable DNS-over-HTTPS support (LP: #1927877)
    - d/control: add Build-Depends on libnghttp2-dev
    - d/rules: compile with libnghttp2

 -- Athos Ribeiro <email address hidden>  Thu, 01 Jul 2021 11:16:26 -0300
Superseded in bionic-updates
Superseded in bionic-security
unbound (1.6.7-1ubuntu2.4) bionic-security; urgency=medium

  * SECURITY UPDATE: configuration injection via MITM
    - debian/patches/CVE-2019-25031.patch: use https, remove special
      characters in contrib/create_unbound_ad_servers.sh.
    - CVE-2019-25031
  * SECURITY UPDATE: integer overflows in the regional allocator
    - debian/patches/CVE-2019-25032.patch: fix overflows in config.h.in,
      configure, configure.ac, util/regional.c.
    - CVE-2019-25032
    - CVE-2019-25033
  * SECURITY UPDATE: integer overflow in sldns_str2wire_dname_buf_origin
    - debian/patches/CVE-2019-25034.patch: check lengths in
      sldns/str2wire.c.
    - CVE-2019-25034
  * SECURITY UPDATE: out-of-bounds write in sldns_bget_token_par
    - debian/patches/CVE-2019-25035.patch: check for space in
      sldns/parse.c.
    - CVE-2019-25035
  * SECURITY UPDATE: assertion failure and denial of service
    - debian/patches/CVE-2019-25036.patch: validate lengths in
      iterator/iter_scrub.c.
    - CVE-2019-25036
  * SECURITY UPDATE: assertion failure and denial of service
    - debian/patches/CVE-2019-25037.patch: validate length in
      util/data/dname.c.
    - CVE-2019-25037
  * SECURITY UPDATE: integer overflow in a size calculation
    - debian/patches/CVE-2019-25038.patch: check for overflows in
      dnscrypt/dnscrypt.c, respip/respip.c.
    - CVE-2019-25038
    - CVE-2019-25039
  * SECURITY UPDATE: infinite loop and assertion fail via compressed name
    - debian/patches/CVE-2019-25040.patch: validate compression pointers in
      util/data/dname.c.
    - CVE-2019-25040
    - CVE-2019-25041
  * SECURITY UPDATE: out-of-bounds write via a compressed name
    - debian/patches/CVE-2019-25042.patch: move assert in
      util/data/msgreply.c.
    - CVE-2019-25042
  * SECURITY UPDATE: incorrect PID file handling
    - debian/patches/CVE-2020-28935.patch: check for symlinks in
      daemon/unbound.c.
    - CVE-2020-28935
  * debian/patches: rename debian-changes to misc-changes.patch.

 -- Marc Deslauriers <email address hidden>  Wed, 05 May 2021 07:38:50 -0400
Superseded in focal-updates
Superseded in focal-security
unbound (1.9.4-2ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: configuration injection via MITM
    - debian/patches/CVE-2019-25031.patch: use https, remove special
      characters in contrib/create_unbound_ad_servers.sh.
    - CVE-2019-25031
  * SECURITY UPDATE: integer overflows in the regional allocator
    - debian/patches/CVE-2019-25032.patch: fix overflows in config.h.in,
      configure, configure.ac, util/regional.c.
    - CVE-2019-25032
    - CVE-2019-25033
  * SECURITY UPDATE: integer overflow in sldns_str2wire_dname_buf_origin
    - debian/patches/CVE-2019-25034.patch: check lengths in
      sldns/str2wire.c.
    - CVE-2019-25034
  * SECURITY UPDATE: out-of-bounds write in sldns_bget_token_par
    - debian/patches/CVE-2019-25035.patch: check for space in
      sldns/parse.c.
    - CVE-2019-25035
  * SECURITY UPDATE: assertion failure and denial of service
    - debian/patches/CVE-2019-25036.patch: validate lengths in
      iterator/iter_scrub.c.
    - CVE-2019-25036
  * SECURITY UPDATE: assertion failure and denial of service
    - debian/patches/CVE-2019-25037.patch: validate length in
      util/data/dname.c.
    - CVE-2019-25037
  * SECURITY UPDATE: integer overflow in a size calculation
    - debian/patches/CVE-2019-25038.patch: check for overflows in
      dnscrypt/dnscrypt.c, respip/respip.c.
    - CVE-2019-25038
    - CVE-2019-25039
  * SECURITY UPDATE: infinite loop and assertion fail via compressed name
    - debian/patches/CVE-2019-25040.patch: validate compression pointers in
      util/data/dname.c.
    - CVE-2019-25040
    - CVE-2019-25041
  * SECURITY UPDATE: out-of-bounds write via a compressed name
    - debian/patches/CVE-2019-25042.patch: move assert in
      util/data/msgreply.c.
    - CVE-2019-25042
  * SECURITY UPDATE: incorrect PID file handling
    - debian/patches/CVE-2020-28935.patch: check for symlinks in
      daemon/unbound.c.
    - CVE-2020-28935
  * debian/patches: rename debian-changes to fix-nettle-build.patch.

 -- Marc Deslauriers <email address hidden>  Wed, 05 May 2021 07:22:34 -0400
Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release)
unbound (1.13.1-1) unstable; urgency=medium

  * New upstream version 1.13.1
  * debian/gbp.conf: [import-orig] upstream-signatures = True
  * Drop debian/patches/0002-Fix-358-Squelch-udp-connect-no-route-to-host-
    errors-.patch (included in 1.13.1 release)
  * debian/copyright: 2021

 -- Robert Edmonds <email address hidden>  Tue, 09 Feb 2021 17:53:57 -0500

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release)
unbound (1.13.0-1) unstable; urgency=medium

  * New upstream version 1.13.0
    - Fix CVE-2020-28935: PID file vulnerability (Closes: #977165)
  * debian/patches/0002-Fix-358-Squelch-udp-connect-no-route-to-host-
    errors-.patch: Cherry-pick upstream commit
    5906811ff19f005110b2edbda5aa144ad5fa05b1 to suppress UDP connect()
    errors on low verbosity

 -- Robert Edmonds <email address hidden>  Wed, 23 Dec 2020 19:34:24 -0500
Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release)
unbound (1.12.0-1build1) hirsute; urgency=medium

  * No-change rebuild to build with python3.9 as default.

 -- Matthias Klose <email address hidden>  Thu, 19 Nov 2020 18:39:37 +0100
Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release)
unbound (1.12.0-1) unstable; urgency=medium

  * New upstream version 1.12.0

 -- Robert Edmonds <email address hidden>  Mon, 19 Oct 2020 00:35:38 -0400

Available diffs

Superseded in hirsute-release
Obsolete in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
unbound (1.11.0-1) unstable; urgency=medium

  [ Simon Deziel ]
  * systemd: don't create a PID file
  * debian/package-helper: mount --bind systemd notify socket into chroot
    (Closes: #867187)

  [ Robert Edmonds ]
  * New upstream version 1.11.0
    - Merge PR #241 by Robert Edmonds: contrib/libunbound.pc.in: Do not use
      "Requires:". (Closes: #958331)
    - Introduce "include-toplevel:" configuration option.
    - Adds its own implementation of Frame Streams for dnstap support.
  * debian/control: Remove build dependency on libfstrm-dev
  * debian/unbound.conf: Use "include-toplevel:" instead of "include:"
    (Closes: #950754)
  * debian/NEWS: Add entry for 1.11.0-1 regarding the change of
    /etc/unbound/unbound.conf to using the "include-toplevel:" directive
  * debian/patches/: Refresh patches

 -- Robert Edmonds <email address hidden>  Sun, 09 Aug 2020 20:57:15 -0400
Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
unbound (1.10.1-1build1) groovy; urgency=medium

  * No change rebuild against new libnettle8 and libhogweed6 ABI.

 -- Dimitri John Ledkov <email address hidden>  Mon, 29 Jun 2020 22:41:48 +0100
Superseded in focal-updates
Superseded in focal-security
unbound (1.9.4-2ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: amplification attack and denial of service
    - debian/patches/CVE-2020-1226x.patch: fix iterator logic in
      iterator/iter_delegpt.c, iterator/iter_delegpt.h,
      iterator/iter_scrub.c, iterator/iter_utils.c, iterator/iterator.c,
      iterator/iterator.h, services/cache/dns.c, util/data/dname.c,
      util/data/msgparse.c.
    - CVE-2020-12263
    - CVE-2020-12264

 -- Marc Deslauriers <email address hidden>  Fri, 22 May 2020 08:51:12 -0400
Superseded in bionic-updates
Superseded in bionic-security
unbound (1.6.7-1ubuntu2.3) bionic-security; urgency=medium

  * SECURITY UPDATE: amplification attack and denial of service
    - debian/patches/CVE-2020-1226x.patch: fix iterator logic in
      iterator/iter_delegpt.c, iterator/iter_delegpt.h,
      iterator/iter_scrub.c, iterator/iter_utils.c, iterator/iterator.c,
      iterator/iterator.h, services/cache/dns.c, util/data/dname.c,
      util/data/msgparse.c.
    - CVE-2020-12263
    - CVE-2020-12264

 -- Marc Deslauriers <email address hidden>  Fri, 22 May 2020 09:11:45 -0400
Obsolete in eoan-updates
Obsolete in eoan-security
unbound (1.9.0-2ubuntu1.1) eoan-security; urgency=medium

  * SECURITY UPDATE: amplification attack and denial of service
    - debian/patches/CVE-2020-1226x.patch: fix iterator logic in
      iterator/iter_delegpt.c, iterator/iter_delegpt.h,
      iterator/iter_scrub.c, iterator/iter_utils.c, iterator/iterator.c,
      iterator/iterator.h, services/cache/dns.c, util/data/dname.c,
      util/data/msgparse.c.
    - CVE-2020-12263
    - CVE-2020-12264

 -- Marc Deslauriers <email address hidden>  Fri, 22 May 2020 08:56:12 -0400
Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
unbound (1.10.1-1) unstable; urgency=high

  * New upstream version 1.10.1
    - Fix CVE-2020-12662: Unbound can be tricked into amplifying an incoming
      query into a large number of queries directed to a target.
    - Fix CVE-2020-12663: Malformed answers from upstream name servers can be
      used to make Unbound unresponsive.

 -- Robert Edmonds <email address hidden>  Tue, 19 May 2020 11:36:53 -0400

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
unbound (1.10.0-1) unstable; urgency=medium

  [ Robert Edmonds ]
  * New upstream version 1.10.0
  * Drop debian/patches/0002-Allow-use-of-libbsd-functions-with-configure-
    option-.patch (applied upstream)

  [ Stuart Prescott ]
  * Drop Python 2 module package (Closes: #938752)

 -- Robert Edmonds <email address hidden>  Sat, 18 Apr 2020 19:29:50 -0400
Superseded in groovy-release
Published in focal-release
Deleted in focal-proposed (Reason: moved to Release)
unbound (1.9.4-2ubuntu1) focal; urgency=medium

  * Build-depend on python-all-dev.

 -- Matthias Klose <email address hidden>  Sat, 25 Jan 2020 11:43:33 +0100
Superseded in focal-proposed
unbound (1.9.4-2build1) focal; urgency=medium

  * No-change rebuild to build with python3.8.

 -- Matthias Klose <email address hidden>  Sat, 25 Jan 2020 04:41:11 +0000
Superseded in focal-proposed
unbound (1.9.0-2ubuntu3) focal; urgency=medium

  * No-change rebuild against libnettle7

 -- Steve Langasek <email address hidden>  Thu, 31 Oct 2019 22:16:07 +0000

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
unbound (1.9.4-2) unstable; urgency=medium

  * Cherry-pick upstream commit ec021e0d, "fix build with nettle-3.5"
    (Closes: #941041)

 -- Robert Edmonds <email address hidden>  Sat, 26 Oct 2019 08:00:58 -0400
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
unbound (1.9.0-2ubuntu2) focal; urgency=medium

  * No-change rebuild for libevent soname changes.

 -- Matthias Klose <email address hidden>  Sat, 19 Oct 2019 19:58:53 +0000

Available diffs

Superseded in focal-release
Obsolete in eoan-release
Deleted in eoan-proposed (Reason: moved to Release)
unbound (1.9.0-2ubuntu1) eoan; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-16866.diff: sets edns to zero
      to avoid access to an uninitialized memory in
      util/data/msgparse.c.
    - CVE-2019-16866

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 07 Oct 2019 15:14:33 -0300
Obsolete in disco-updates
Obsolete in disco-security
unbound (1.9.0-2ubuntu0.1) disco-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-16866.diff: sets edns to zero
      to avoid access to an uninitialized memory in
      util/data/msgparse.c.
    - CVE-2019-16866

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 07 Oct 2019 14:49:35 -0300
Superseded in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release)
unbound (1.9.0-2) unstable; urgency=medium

  [ Simon Deziel ]
  * Disable chroot'ing (Closes: #921538)

 -- Robert Edmonds <email address hidden>  Sat, 09 Feb 2019 21:10:52 -0500

Available diffs

Superseded in disco-proposed
unbound (1.9.0-1) unstable; urgency=medium

  * New upstream version 1.9.0
  * Team upload
  * Include dpkg/default.mk instead of only buildflags.mk
  * Update d/watch to reflect new download location and add signature check

 -- Ondřej Surý <email address hidden>  Tue, 05 Feb 2019 09:49:04 +0000

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
unbound (1.8.1-1) unstable; urgency=medium

  * New upstream version 1.8.1

 -- Robert Edmonds <email address hidden>  Thu, 08 Nov 2018 16:50:36 -0500
Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
unbound (1.7.3-1build2) disco; urgency=medium

  * No-change rebuild to build for python3.7 as the default.

 -- Matthias Klose <email address hidden>  Wed, 31 Oct 2018 12:37:16 +0000

Available diffs

Superseded in disco-release
Obsolete in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
unbound (1.7.3-1build1) cosmic; urgency=high

  * No change rebuild against openssl 1.1.1 with TLS 1.3 support.

 -- Dimitri John Ledkov <email address hidden>  Sat, 29 Sep 2018 01:37:00 +0100
Superseded in bionic-updates
Deleted in bionic-proposed (Reason: moved to -updates)
unbound (1.6.7-1ubuntu2.2) bionic; urgency=medium

  * d/p/lp-1788622-fix-systemd-reload.patch: Fix hang due to all worker threads
    stopping on reload (LP: #1788622)

 -- Christian Ehrhardt <email address hidden>  Mon, 27 Aug 2018 14:12:29 +0200
Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
unbound (1.7.3-1) unstable; urgency=medium

  * New upstream version 1.7.3
    - Don't count CNAME response types received during qname minimisation as
      query restart. (Closes: #900800)

 -- Robert Edmonds <email address hidden>  Thu, 21 Jun 2018 12:45:09 -0400

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
unbound (1.7.2-1) unstable; urgency=medium

  [ Robert Edmonds ]
  * New upstream version 1.7.2
  * debian/control: Update Maintainer field (Closes: #899758)

  [ Vincent Bernat ]
  * daemon/daemon.c: Fix reload hangs with systemd (Closes: #892914)

 -- Robert Edmonds <email address hidden>  Wed, 20 Jun 2018 17:30:34 -0400

Available diffs

Published in xenial-updates
Published in xenial-security
unbound (1.5.8-1ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: vulnerability in the processing of wildcard
    synthesized NSEC records (LP: #1773720)
    - debian/patches/CVE-2017-15105.patch
    - CVE-2017-15105
  * Fix install of trust anchor when two anchors are present
    - debian/patches/unbound-r4302.patch

 -- Simon Deziel <email address hidden>  Mon, 28 May 2018 02:38:19 +0000
Published in trusty-updates
Published in trusty-security
unbound (1.4.22-1ubuntu4.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: vulnerability in the processing of wildcard
    synthesized NSEC records (LP: #1773720)
    - debian/patches/CVE-2017-15105.patch
    - CVE-2017-15105
  * Fix install of trust anchor when two anchors are present
    - debian/patches/unbound-r4302.patch

 -- Steve Beattie <email address hidden>  Thu, 07 Jun 2018 11:19:28 -0700
Obsolete in artful-updates
Obsolete in artful-security
unbound (1.6.5-1ubuntu0.2) artful-security; urgency=medium

  * SECURITY UPDATE: vulnerability in the processing of wildcard
    synthesized NSEC records (LP: #1773720)
    - debian/patches/CVE-2017-15105.patch
    - CVE-2017-15105

 -- Simon Deziel <email address hidden>  Mon, 28 May 2018 02:38:19 +0000
Superseded in bionic-updates
Superseded in bionic-security
unbound (1.6.7-1ubuntu2.1) bionic-security; urgency=medium

  * SECURITY UPDATE: vulnerability in the processing of wildcard
    synthesized NSEC records (LP: #1773720)
    - debian/patches/CVE-2017-15105.patch
    - CVE-2017-15105

 -- Simon Deziel <email address hidden>  Mon, 28 May 2018 02:38:19 +0000
Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
unbound (1.7.1-1) unstable; urgency=medium

  [ Robert Edmonds ]
  * debian/control: Update Vcs-* links to use salsa.debian.org URLs
  * New upstream version 1.7.1

  [ Simon Deziel ]
  * debian/apparmor-profile: Add capabilities to chown/chmod Unix control
    socket (Closes: #891705)
  * debian/apparmor-profile: Allow reading /var/lib/sss/mc/initgroups
  * debian/apparmor-profile: Permit unbound to notify readiness to systemd
    (Closes: #867186)
  * debian/apparmor-profile: Let unbound r/w anywhere under
    /var/lib/unbound (Closes: #882731)
  * debian/apparmor-profile: Use attach_disconnected

 -- Robert Edmonds <email address hidden>  Wed, 23 May 2018 15:41:54 -0400
Superseded in cosmic-release
Published in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
unbound (1.6.7-1ubuntu2) bionic; urgency=medium

  * debian/apparmor-profile: add capabilities to chown/chmod Unix
    control socket and allow reading /var/lib/sss/mc/initgroups
    (Closes: #891705, LP: #1749931)

 -- Simon Deziel <email address hidden>  Tue, 27 Feb 2018 21:31:49 -0500

Available diffs

Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
unbound (1.6.7-1ubuntu1) bionic; urgency=medium

  * debian/apparmor: update to allow writing to /run/systemd/notify
    (Closes: #867186, LP: #1723900)

 -- Jamie Strandboge <email address hidden>  Thu, 22 Feb 2018 19:35:23 +0000

Available diffs

Superseded in artful-updates
Superseded in artful-security
unbound (1.6.5-1ubuntu0.1) artful-security; urgency=medium

  * apparmor: permit unbound to notify readiness to systemd
   (Closes: #867186, LP: #1723900)

 -- Simon Deziel <email address hidden>  Mon, 16 Oct 2017 13:11:12 +0000
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
unbound (1.6.7-1build1) bionic; urgency=high

  * No change rebuild against openssl1.1.

 -- Dimitri John Ledkov <email address hidden>  Mon, 05 Feb 2018 23:29:28 +0000
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
unbound (1.6.7-1) unstable; urgency=medium

  * New upstream version 1.6.7

 -- Robert Edmonds <email address hidden>  Sun, 15 Oct 2017 17:46:46 -0400

Available diffs

Superseded in bionic-release
Obsolete in artful-release
Deleted in artful-proposed (Reason: moved to release)
unbound (1.6.5-1) unstable; urgency=high

  [ Robert Edmonds ]
  * New upstream version 1.6.5
    - Fix install of trust anchor when two anchors are present, makes both
      valid. Checks hash of DS but not signature of new key. This fixes
      installs between sep11 and oct11 2017.
  * debian/rules: Enable EDNS Client Subnet in daemon

  [ Simon Deziel ]
  * debian/unbound.service: Set PIDFile= (Closes: #867192)

  [ Antony Antony ]
  * debian/rules: Enable libevent for libunbound2 API (Closes: #871675)

 -- Robert Edmonds <email address hidden>  Tue, 22 Aug 2017 22:50:56 -0400
175 of 146 results