Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: bind9

bind9 (1:9.11.4+dfsg-3ubuntu4) cosmic; urgency=medium * SECURITY UPDATE: denial of service crash when deny-answer-aliases option is used - debian/patches/CVE-2018-5740-1.patch: explicit DNAME query could trigger a crash if deny-answer-aliases was set - debian/patches/CVE-2018-5740-2.patch: add tests - debian/patches/CVE-2018-5740-3.patch: caclulate nlabels and set chainingp correctly, add test - CVE-2018-5740 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 20 Sep 2018 11:11:05 +0200 bind9 (1:9.11.4+dfsg-3ubuntu3) cosmic; urgency=medium * Cherrypick from debian: Add new dst__openssleddsa_init optional symbol (it depends on OpenSSL version) (Closes: #897643) -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 18 Sep 2018 10:39:12 +0200 bind9 (1:9.11.4+dfsg-3ubuntu2) cosmic; urgency=medium * d/p/skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11 crashing on startup. (LP: #1769440) -- Karl Stenerud <karl.stenerud@canonical.com> Thu, 30 Aug 2018 07:11:39 -0700 bind9 (1:9.11.4+dfsg-3ubuntu1) cosmic; urgency=medium * Merge with Debian unstable. Remaining changes: - Build without lmdb support as that package is in Universe * Added: - Don't build dnstap as it depends on universe packages: + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and protobuf-c-compiler (universe packages) + d/dnsutils.install: don't install dnstap + d/libdns1102.symbols: don't include dnstap symbols + d/rules: don't build dnstap - d/extras/apparmor.d/usr.sbin.named: add missing comma at the end of the line (Closes: #904983) -- Andreas Hasenack <andreas@canonical.com> Mon, 30 Jul 2018 10:56:04 -0300

Modifications :
  1. Download patch debian/patches/skip-rtld-deepbind-for-dyndb.diff

    --- 1:9.11.4+dfsg-3/debian/patches/skip-rtld-deepbind-for-dyndb.diff 1970-01-01 00:00:00.000000000 +0000 +++ 1:9.11.4+dfsg-3ubuntu4/debian/patches/skip-rtld-deepbind-for-dyndb.diff 2018-08-30 14:11:39.000000000 +0000 @@ -0,0 +1,23 @@ +Description: RTLD_DEEPBIND conflicts with pkcs11 libraries, skip it for dyndb +Author: Karl Stenerud <karl.stenerud@canonical.com> +Origin: https://salsa.debian.org/dns-team/bind9/commit/afc6b5fe2e359e4e7eadc256cd94481965418b4b +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440 +Forwarded: no +Description: This is a Distro only patch that won't be forwarded and is in Debian. +Last-Update: 2018-08-30 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +diff --git a/lib/dns/dyndb.c b/lib/dns/dyndb.c +index e21a84c7..ac18162c 100644 +--- a/lib/dns/dyndb.c ++++ b/lib/dns/dyndb.c +@@ -133,9 +133,6 @@ load_library(isc_mem_t *mctx, const char *filename, const char *instname, + instname, filename); + + flags = RTLD_NOW|RTLD_LOCAL; +-#ifdef RTLD_DEEPBIND +- flags |= RTLD_DEEPBIND; +-#endif + + handle = dlopen(filename, flags); + if (handle == NULL)
  2. Download patch debian/rules

    --- 1:9.11.4+dfsg-3/debian/rules 2018-07-29 21:26:09.000000000 +0000 +++ 1:9.11.4+dfsg-3ubuntu4/debian/rules 2018-08-30 14:11:39.000000000 +0000 @@ -82,7 +82,7 @@ override_dh_auto_configure: --with-gssapi=/usr \ --with-libidn2 \ --with-libjson=/usr \ - --with-lmdb=/usr \ + --without-lmdb \ --with-gnu-ld \ --with-geoip=/usr \ --with-atf=no \ @@ -92,7 +92,6 @@ override_dh_auto_configure: --enable-native-pkcs11 \ --with-pkcs11=\$${prefix}/lib/softhsm/libsofthsm2.so \ --with-randomdev=/dev/urandom \ - --enable-dnstap \ $(EXTRA_FEATURES) dh_auto_configure -B build-udeb -- \ --sysconfdir=/etc/bind \ @@ -117,8 +116,6 @@ override_dh_auto_configure: # no need to build these targets here sed -i 's/dnssec-pkcs11//;s/named-pkcs11//' build-udeb/bin/Makefile sed -i 's/dns-pkcs11//;s/isc-pkcs11//' build-udeb/lib/Makefile - cp lib/dns/dnstap.proto build/lib/dns - cp lib/dns-pkcs11/dnstap.proto build/lib/dns-pkcs11 override_dh_auto_build: dh_auto_build -B build
  3. Download patch debian/control

    --- 1:9.11.4+dfsg-3/debian/control 2018-07-29 21:26:09.000000000 +0000 +++ 1:9.11.4+dfsg-3ubuntu4/debian/control 2018-08-30 14:11:39.000000000 +0000 @@ -1,7 +1,8 @@ Source: bind9 Section: net Priority: optional -Maintainer: BIND 9 Package <bind9@package.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: BIND 9 Package <bind9@package.debian.org> Uploaders: LaMont Jones <lamont@debian.org>, Michael Gilbert <mgilbert@debian.org>, Robie Basak <robie.basak@canonical.com>, @@ -15,18 +16,14 @@ Build-Depends: bison, dpkg-dev (>= 1.16.1~), libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], libdb-dev (>>4.6), - libfstrm-dev, libgeoip-dev (>= 1.4.6.dfsg-5), libidn2-dev, libjson-c-dev, libkrb5-dev, libldap2-dev, - liblmdb-dev, - libprotobuf-c-dev, libssl-dev, libtool, libxml2-dev, - protobuf-c-compiler, python3, python3-distutils, python3-ply
  4. Download patch debian/libdns1102.symbols

    --- 1:9.11.4+dfsg-3/debian/libdns1102.symbols 2018-07-29 21:26:09.000000000 +0000 +++ 1:9.11.4+dfsg-3ubuntu4/debian/libdns1102.symbols 2018-09-18 08:38:47.000000000 +0000 @@ -358,21 +358,6 @@ libdns-pkcs11.so.1102 libdns1102 #MINVER dns_dsdigest_format@Base 1:9.11.3+dfsg dns_dsdigest_fromtext@Base 1:9.11.3+dfsg dns_dsdigest_totext@Base 1:9.11.3+dfsg - dns_dt_attach@Base 1:9.11.4+dfsg-2 - dns_dt_close@Base 1:9.11.4+dfsg-2 - dns_dt_create@Base 1:9.11.4+dfsg-2 - dns_dt_datatotext@Base 1:9.11.4+dfsg-2 - dns_dt_detach@Base 1:9.11.4+dfsg-2 - dns_dt_getframe@Base 1:9.11.4+dfsg-2 - dns_dt_getstats@Base 1:9.11.4+dfsg-2 - dns_dt_open@Base 1:9.11.4+dfsg-2 - dns_dt_parse@Base 1:9.11.4+dfsg-2 - dns_dt_reopen@Base 1:9.11.4+dfsg-2 - dns_dt_send@Base 1:9.11.4+dfsg-2 - dns_dt_setidentity@Base 1:9.11.4+dfsg-2 - dns_dt_setversion@Base 1:9.11.4+dfsg-2 - dns_dt_shutdown@Base 1:9.11.4+dfsg-2 - dns_dtdata_free@Base 1:9.11.4+dfsg-2 dns_dumpctx_attach@Base 1:9.11.3+dfsg dns_dumpctx_cancel@Base 1:9.11.3+dfsg dns_dumpctx_db@Base 1:9.11.3+dfsg @@ -1440,24 +1425,6 @@ libdns-pkcs11.so.1102 libdns1102 #MINVER dns_zt_setviewcommit@Base 1:9.11.3+dfsg dns_zt_setviewrevert@Base 1:9.11.3+dfsg dns_zt_unmount@Base 1:9.11.3+dfsg - dnstap__dnstap__descriptor@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__free_unpacked@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__get_packed_size@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__init@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__pack@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__pack_to_buffer@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__type__descriptor@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__unpack@Base 1:9.11.4+dfsg-2 - dnstap__message__descriptor@Base 1:9.11.4+dfsg-2 - dnstap__message__free_unpacked@Base 1:9.11.4+dfsg-2 - dnstap__message__get_packed_size@Base 1:9.11.4+dfsg-2 - dnstap__message__init@Base 1:9.11.4+dfsg-2 - dnstap__message__pack@Base 1:9.11.4+dfsg-2 - dnstap__message__pack_to_buffer@Base 1:9.11.4+dfsg-2 - dnstap__message__type__descriptor@Base 1:9.11.4+dfsg-2 - dnstap__message__unpack@Base 1:9.11.4+dfsg-2 - dnstap__socket_family__descriptor@Base 1:9.11.4+dfsg-2 - dnstap__socket_protocol__descriptor@Base 1:9.11.4+dfsg-2 dst__entropy_getdata@Base 1:9.11.3+dfsg dst__entropy_status@Base 1:9.11.3+dfsg dst__gssapi_init@Base 1:9.11.3+dfsg @@ -1937,21 +1904,6 @@ libdns.so.1102 libdns1102 #MINVER# dns_dsdigest_format@Base 1:9.11.3+dfsg dns_dsdigest_fromtext@Base 1:9.11.3+dfsg dns_dsdigest_totext@Base 1:9.11.3+dfsg - dns_dt_attach@Base 1:9.11.4+dfsg-2 - dns_dt_close@Base 1:9.11.4+dfsg-2 - dns_dt_create@Base 1:9.11.4+dfsg-2 - dns_dt_datatotext@Base 1:9.11.4+dfsg-2 - dns_dt_detach@Base 1:9.11.4+dfsg-2 - dns_dt_getframe@Base 1:9.11.4+dfsg-2 - dns_dt_getstats@Base 1:9.11.4+dfsg-2 - dns_dt_open@Base 1:9.11.4+dfsg-2 - dns_dt_parse@Base 1:9.11.4+dfsg-2 - dns_dt_reopen@Base 1:9.11.4+dfsg-2 - dns_dt_send@Base 1:9.11.4+dfsg-2 - dns_dt_setidentity@Base 1:9.11.4+dfsg-2 - dns_dt_setversion@Base 1:9.11.4+dfsg-2 - dns_dt_shutdown@Base 1:9.11.4+dfsg-2 - dns_dtdata_free@Base 1:9.11.4+dfsg-2 dns_dumpctx_attach@Base 1:9.11.3+dfsg dns_dumpctx_cancel@Base 1:9.11.3+dfsg dns_dumpctx_db@Base 1:9.11.3+dfsg @@ -3026,24 +2978,6 @@ libdns.so.1102 libdns1102 #MINVER# dns_zt_setviewcommit@Base 1:9.11.3+dfsg dns_zt_setviewrevert@Base 1:9.11.3+dfsg dns_zt_unmount@Base 1:9.11.3+dfsg - dnstap__dnstap__descriptor@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__free_unpacked@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__get_packed_size@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__init@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__pack@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__pack_to_buffer@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__type__descriptor@Base 1:9.11.4+dfsg-2 - dnstap__dnstap__unpack@Base 1:9.11.4+dfsg-2 - dnstap__message__descriptor@Base 1:9.11.4+dfsg-2 - dnstap__message__free_unpacked@Base 1:9.11.4+dfsg-2 - dnstap__message__get_packed_size@Base 1:9.11.4+dfsg-2 - dnstap__message__init@Base 1:9.11.4+dfsg-2 - dnstap__message__pack@Base 1:9.11.4+dfsg-2 - dnstap__message__pack_to_buffer@Base 1:9.11.4+dfsg-2 - dnstap__message__type__descriptor@Base 1:9.11.4+dfsg-2 - dnstap__message__unpack@Base 1:9.11.4+dfsg-2 - dnstap__socket_family__descriptor@Base 1:9.11.4+dfsg-2 - dnstap__socket_protocol__descriptor@Base 1:9.11.4+dfsg-2 dst__entropy_getdata@Base 1:9.11.3+dfsg dst__entropy_status@Base 1:9.11.3+dfsg dst__gssapi_init@Base 1:9.11.3+dfsg @@ -3063,6 +2997,7 @@ libdns.so.1102 libdns1102 #MINVER# dst__openssldh_init@Base 1:9.11.3+dfsg dst__openssldsa_init@Base 1:9.11.3+dfsg dst__opensslecdsa_init@Base 1:9.11.3+dfsg + (optional)dst__openssleddsa_init@Base 1:9.11.4.P1+dfsg dst__opensslrsa_init@Base 1:9.11.3+dfsg dst__privstruct_free@Base 1:9.11.3+dfsg dst__privstruct_parse@Base 1:9.11.3+dfsg
  5. Download patch debian/patches/CVE-2018-5740-1.patch

    --- 1:9.11.4+dfsg-3/debian/patches/CVE-2018-5740-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1:9.11.4+dfsg-3ubuntu4/debian/patches/CVE-2018-5740-1.patch 2018-09-20 09:10:51.000000000 +0000 @@ -0,0 +1,61 @@ +From 98b2377de3125e4f12c05f0b04f8cac214b76120 Mon Sep 17 00:00:00 2001 +From: Evan Hunt <each@isc.org> +Date: Thu, 5 Jul 2018 14:34:30 -0700 +Subject: [PATCH] explicit DNAME query could trigger a crash if + deny-answer-aliases was set + +(cherry picked from commit a21c3810d3453548cc05ae19995125dabea9ca9c) +(cherry picked from commit 6e187b86562088147656ba22a9ed3bb74e1fe58c) +--- + lib/dns/resolver.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +Index: bind9-9.11.4+dfsg/lib/dns/resolver.c +=================================================================== +--- bind9-9.11.4+dfsg.orig/lib/dns/resolver.c 2018-09-20 11:10:48.904519485 +0200 ++++ bind9-9.11.4+dfsg/lib/dns/resolver.c 2018-09-20 11:10:48.900519535 +0200 +@@ -6326,6 +6326,7 @@ is_answertarget_allowed(fetchctx_t *fctx + unsigned int nlabels; + dns_fixedname_t fixed; + dns_name_t prefix; ++ int order; + + REQUIRE(rdataset != NULL); + REQUIRE(rdataset->type == dns_rdatatype_cname || +@@ -6348,17 +6349,24 @@ is_answertarget_allowed(fetchctx_t *fctx + tname = &cname.cname; + break; + case dns_rdatatype_dname: ++ if (dns_name_fullcompare(qname, rname, &order, &nlabels) != ++ dns_namereln_subdomain) ++ { ++ return (ISC_TRUE); ++ } + result = dns_rdata_tostruct(&rdata, &dname, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + dns_name_init(&prefix, NULL); + tname = dns_fixedname_initname(&fixed); + nlabels = dns_name_countlabels(qname) - + dns_name_countlabels(rname); ++ INSIST(nlabels > 0); + dns_name_split(qname, nlabels, &prefix, NULL); + result = dns_name_concatenate(&prefix, &dname.dname, tname, + NULL); +- if (result == DNS_R_NAMETOOLONG) ++ if (result == DNS_R_NAMETOOLONG) { + return (ISC_TRUE); ++ } + RUNTIME_CHECK(result == ISC_R_SUCCESS); + break; + default: +@@ -7079,7 +7087,9 @@ answer_response(fetchctx_t *fctx) { + } + if ((ardataset->type == dns_rdatatype_cname || + ardataset->type == dns_rdatatype_dname) && +- !is_answertarget_allowed(fctx, qname, aname, ardataset, ++ type != ardataset->type && ++ type != dns_rdatatype_any && ++ !is_answertarget_allowed(fctx, qname, aname, ardataset, + NULL)) + { + return (DNS_R_SERVFAIL);
  6. Download patch debian/extras/apparmor.d/usr.sbin.named

    --- 1:9.11.4+dfsg-3/debian/extras/apparmor.d/usr.sbin.named 2018-07-29 21:26:09.000000000 +0000 +++ 1:9.11.4+dfsg-3ubuntu4/debian/extras/apparmor.d/usr.sbin.named 2018-08-30 14:11:39.000000000 +0000 @@ -30,7 +30,7 @@ /etc/ssl/openssl.cnf r, # root hints from dns-data-root - /usr/share/dns/root.* r + /usr/share/dns/root.* r, # GeoIP data files for GeoIP ACLs /usr/share/GeoIP/** r,
  7. Download patch debian/patches/CVE-2018-5740-2.patch

    --- 1:9.11.4+dfsg-3/debian/patches/CVE-2018-5740-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1:9.11.4+dfsg-3ubuntu4/debian/patches/CVE-2018-5740-2.patch 2018-09-20 09:10:54.000000000 +0000 @@ -0,0 +1,59 @@ +From 02e8b3f8dcfdb9877cb053af7ca34809e8543420 Mon Sep 17 00:00:00 2001 +From: Evan Hunt <each@isc.org> +Date: Thu, 5 Jul 2018 18:57:48 -0700 +Subject: [PATCH] test case + +(cherry picked from commit 73486c13f743407a50d5bbadde90c949a696506f) +(cherry picked from commit 584a1cff8b8c00310cee6b1735cb39664bf6899d) +--- + bin/tests/system/chain/ns7/named.conf.in | 6 ++++++ + bin/tests/system/chain/tests.sh | 17 +++++++++++++++++ + 2 files changed, 23 insertions(+) + +diff --git a/bin/tests/system/chain/ns7/named.conf.in b/bin/tests/system/chain/ns7/named.conf.in +index 21f5a998c5..c314922a7c 100644 +--- a/bin/tests/system/chain/ns7/named.conf.in ++++ b/bin/tests/system/chain/ns7/named.conf.in +@@ -20,6 +20,12 @@ options { + listen-on-v6 { fd92:7065:b8e:ffff::7; }; + recursion yes; + allow-recursion { any; }; ++ dnssec-validation yes; ++ deny-answer-aliases { ++ "example"; ++ } except-from { ++ "example"; ++ }; + }; + + key rndc_key { +diff --git a/bin/tests/system/chain/tests.sh b/bin/tests/system/chain/tests.sh +index fa42243901..e7ad91ea9f 100644 +--- a/bin/tests/system/chain/tests.sh ++++ b/bin/tests/system/chain/tests.sh +@@ -248,5 +248,22 @@ $RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i + if [ $ret != 0 ]; then echo_i "failed"; fi + status=`expr $status + $ret` + ++n=`expr $n + 1` ++echo_i "checking explicit DNAME query ($n)" ++ret=0 ++$DIG $DIGOPTS @10.53.0.7 dname short-dname.example > dig.out.7.$n 2>&1 ++grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1 ++if [ $ret != 0 ]; then echo_i "failed"; fi ++status=`expr $status + $ret` ++ ++n=`expr $n + 1` ++echo_i "checking DNAME via ANY query ($n)" ++ret=0 ++$RNDCCMD 10.53.0.7 flush 2>&1 | sed 's/^/ns7 /' | cat_i ++$DIG $DIGOPTS @10.53.0.7 any short-dname.example > dig.out.7.$n 2>&1 ++grep 'status: NOERROR' dig.out.7.$n > /dev/null 2>&1 || ret=1 ++if [ $ret != 0 ]; then echo_i "failed"; fi ++status=`expr $status + $ret` ++ + echo_i "exit status: $status" + [ $status -eq 0 ] || exit 1 +-- +2.18.0 +
  8. Download patch debian/patches/CVE-2018-5740-3.patch

    --- 1:9.11.4+dfsg-3/debian/patches/CVE-2018-5740-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1:9.11.4+dfsg-3ubuntu4/debian/patches/CVE-2018-5740-3.patch 2018-09-20 09:11:02.000000000 +0000 @@ -0,0 +1,45 @@ +From ba162bd0d49dfb699162712b1c22783bc88b1632 Mon Sep 17 00:00:00 2001 +From: Evan Hunt <each@isc.org> +Date: Tue, 24 Jul 2018 10:21:52 -0700 +Subject: [PATCH] caclulate nlabels and set *chainingp correctly + +(cherry picked from commit e78e55f435e2ee901e609750595f94225cb3e369) +--- + bin/tests/system/resolver/tests.sh | 1 + + lib/dns/resolver.c | 7 ++++--- + 2 files changed, 5 insertions(+), 3 deletions(-) + +Index: bind9-9.11.4+dfsg/bin/tests/system/resolver/tests.sh +=================================================================== +--- bind9-9.11.4+dfsg.orig/bin/tests/system/resolver/tests.sh 2018-09-20 11:11:00.060380431 +0200 ++++ bind9-9.11.4+dfsg/bin/tests/system/resolver/tests.sh 2018-09-20 11:11:00.056380480 +0200 +@@ -204,6 +204,7 @@ n=`expr $n + 1` + echo_i "checking DNAME target filtering (deny) ($n)" + ret=0 + $DIG $DIGOPTS +tcp foo.baddname.example.net @10.53.0.1 a > dig.out.ns1.test${n} || ret=1 ++grep "DNAME target foo.baddname.example.org denied for foo.baddname.example.net/IN" ns1/named.run >/dev/null || ret=1 + grep "status: SERVFAIL" dig.out.ns1.test${n} > /dev/null || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=`expr $status + $ret` +Index: bind9-9.11.4+dfsg/lib/dns/resolver.c +=================================================================== +--- bind9-9.11.4+dfsg.orig/lib/dns/resolver.c 2018-09-20 11:11:00.060380431 +0200 ++++ bind9-9.11.4+dfsg/lib/dns/resolver.c 2018-09-20 11:11:00.060380431 +0200 +@@ -6358,13 +6358,14 @@ is_answertarget_allowed(fetchctx_t *fctx + RUNTIME_CHECK(result == ISC_R_SUCCESS); + dns_name_init(&prefix, NULL); + tname = dns_fixedname_initname(&fixed); +- nlabels = dns_name_countlabels(qname) - +- dns_name_countlabels(rname); +- INSIST(nlabels > 0); ++ nlabels = dns_name_countlabels(rname); + dns_name_split(qname, nlabels, &prefix, NULL); + result = dns_name_concatenate(&prefix, &dname.dname, tname, + NULL); + if (result == DNS_R_NAMETOOLONG) { ++ if (chainingp != NULL) { ++ *chainingp = ISC_TRUE; ++ } + return (ISC_TRUE); + } + RUNTIME_CHECK(result == ISC_R_SUCCESS);
  9. Download patch debian/patches/series

    --- 1:9.11.4+dfsg-3/debian/patches/series 2018-07-29 21:26:09.000000000 +0000 +++ 1:9.11.4+dfsg-3ubuntu4/debian/patches/series 2018-09-20 09:10:58.000000000 +0000 @@ -8,3 +8,7 @@ 75_ctxstart_no_sighandling.diff 80_reproducible_build.diff Add_--install-layout=deb_to_setup.py_call.patch +skip-rtld-deepbind-for-dyndb.diff +CVE-2018-5740-1.patch +CVE-2018-5740-2.patch +CVE-2018-5740-3.patch
  10. Download patch debian/bind9.install

    --- 1:9.11.4+dfsg-3/debian/bind9.install 2018-07-29 21:26:09.000000000 +0000 +++ 1:9.11.4+dfsg-3ubuntu4/debian/bind9.install 2018-08-30 14:11:39.000000000 +0000 @@ -16,7 +16,6 @@ usr/sbin/genrandom usr/sbin/isc-hmac-fixup usr/sbin/named usr/sbin/named-journalprint -usr/sbin/named-nzd2nzf usr/sbin/named-pkcs11 usr/sbin/nsec3hash usr/sbin/tsig-keygen @@ -32,7 +31,6 @@ usr/share/man/man8/dnssec-importkey.8 usr/share/man/man8/genrandom.8 usr/share/man/man8/isc-hmac-fixup.8 usr/share/man/man8/named-journalprint.8 -usr/share/man/man8/named-nzd2nzf.8 usr/share/man/man8/named.8 usr/share/man/man8/nsec3hash.8 usr/share/man/man8/tsig-keygen.8
  11. Download patch debian/dnsutils.install

    --- 1:9.11.4+dfsg-3/debian/dnsutils.install 2018-07-29 21:26:09.000000000 +0000 +++ 1:9.11.4+dfsg-3ubuntu4/debian/dnsutils.install 2018-08-30 14:11:39.000000000 +0000 @@ -1,12 +1,10 @@ usr/bin/delv usr/bin/dig -usr/bin/dnstap-read usr/bin/mdig usr/bin/nslookup usr/bin/nsupdate usr/share/man/man1/delv.1 usr/share/man/man1/dig.1 -usr/share/man/man1/dnstap-read.1 usr/share/man/man1/mdig.1 usr/share/man/man1/nslookup.1 usr/share/man/man1/nsupdate.1
  1. bind9