ldns (1.8.3-2) unstable; urgency=medium * ldns-rdf-typemap-fixes-for-swig-4.2.0.patch (Closes: #1066217) From upstream https://github.com/NLnetLabs/ldns/pull/231 -- Michael Tokarev Sat, 16 Mar 2024 18:04:34 +0300 ldns (1.8.3-1.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1064167 -- Lukas Märdian Thu, 29 Feb 2024 08:19:16 +0000 ldns (1.8.3-1) unstable; urgency=medium * new upstream version 1.8.3 * d/libldns3.symbols: include new symbols * doxygen-in-builddir.patch: patch from upstream to fix doxygen build in a separate build directory * always build in a subdir (build/main for the main build), - no need to hack clean target anymore * d/rules: mark all build/install targets as .PHONY (makes build target work with build subdir) * d/libldns-dev.install: do not install libldns.pc, it is already installed by upstream as ldns.pc * disable GOST algorithm (Closes: #862207) GOST R 34.10-2001 is an obsolete algorithm which should not be used in production. It is not provided by openssl too, a special plugin is required to be installed. This change removes it entirely. This removes 4 symbols out of libldns3.so: ldns_gost2pkey_raw ldns_gost_engine ldns_key_EVP_load_gost_id ldns_key_EVP_unload_gost Technicallly we should bump soname when removing symbols from a shared library. Or alternatively, we can provide stubs which just return failure. But in this case there should be no problems, since the symbols aren't used by any of rdepends, and they should not be used by anything either, given the context. If lack of one of these symbols will be problematic we can solve it down the line. * d/rules: since compat9 dh_auto_* tools export CFLAGS/LDFLAGS already * d/changelog: fix typo in previous entry -- Michael Tokarev Mon, 05 Sep 2022 11:39:52 +0300 ldns (1.8.1-1) unstable; urgency=medium * New upstream version 1.8.1 Closes: #1008638 (FTBFS with python 3.10 due to distutils check) Closes: #1005646 (FTBFS with OpenSSL 3.0) Closes: #1009385 (output of ldns-key2ds changes after compiler changes) Closes: CVE-2020-19860 (heap buffer overflow while verifying zone file) Closes: CVE-2020-19861 (heap overflow/leakage when reading a zone file) * rework the build system, fixing numerous issues: - stop overwriting files at install time from different builds and ending up using the build with wrong configure options - stop running install twice - stop removing system-installed files if any on clean - stop doing (re)build of everything just for the python build - build python bits in the main build and perform extra steps only if there's more than one python version to build for (this effectively eliminates miltiple builds completely) - clarify build with multiple pyversions and why it still fails - remove old, now irrelevant, stuff (like overriding options which are being in effect anyway, or which has no effect) - move variable-based custom install rule for libldns.pc into .install file once dh now allows variables in there - reduce startup time by eliminating dpkg's default.mk which is slow - remove the wrongly-generated staic lib for the python bindings (_ldns.{a,la}) in the install rules instead of ignoring them in dh_install -X - fix add --with-trust-anchor= so it actually works - replace dh --with python with Build-Depend: dh-sequence-python3 - run dh only for supported targets/sequences * update symbols file for 1.8 version, adding 6 new symbols * remove Makefile-remove-install-libldns-pc.patch * update short descriptions of all packages to mention what is actually in there instead of being the same for all packages * remove Build-Dependes: chrpath & pkg-config (not used) * add fix-pyldns-include.patch to fix building pyldns outside source dir * d/control: update Stdandards-Version to 4.6.0.1 (no changes) * d/watch: rework, simplify, use https, enable pgp signature verification * add upstream/signing-key.asc with the followig key: E5F8F8212F77A498 "Willem Toorop " * remove trailing whitespace from d/changelog * add myself to uploaders -- Michael Tokarev Tue, 26 Apr 2022 16:05:17 +0300 ldns (1.7.1-3) unstable; urgency=medium * Acknowledge NMU (thanks, Michael Tokarev!) [ Robert Edmonds ] * debian/rules: Add "--with-trust-anchor=/usr/share/dns/root.key" to configure parameters * debian/control: Add "Recommends: dns-root-data" to ldnsutils [ Daniel Kahn Gillmor ] * added myself to uploaders * Import upstream patch to fix SHA-256 on GCC 11 (Closes: #1009385) * d/watch: update to version 4 (and use https) * d/clean: clean up some generated files -- Daniel Kahn Gillmor Wed, 13 Apr 2022 10:27:03 -0700 ldns (1.7.1-2.1) unstable; urgency=medium * Non-maintainer upload. * add fix-wrong-python-distutils-configure-check.diff to fix the incorrect distutils package check (it should be checking the return code not the emptiness of the output). This fixes FTBFS with new python (3.10) and allows the python3.10 transition to happen, but it is not fixing the actual issiue with ldns using distutils which should be addressed later. Closes: #1008638 -- Michael Tokarev Thu, 07 Apr 2022 16:03:29 +0300 ldns (1.7.1-2) unstable; urgency=low * Team upload. * Upload to unstable. -- Santiago Ruano Rincón Wed, 24 Jun 2020 14:08:19 +0200 ldns (1.7.1-1) experimental; urgency=low * Team upload. * New upstream version 1.7.1 - Fixes: libldns2: CDS/CDNSKEY RRs are signed with ZSK instead of KSK (Closes: #945324) * Remove no longer needed patches: - 0002-Check-parse-limit-before-t-increment.patch - 0003-bugfix-1257-Free-after-reallocing-to-0-size.patch - swig4.0-support-from-jitka-plesnkov.patch * Stop building python-ldns (Closes: #936832) * Add Makefile-remove-install-libldns-pc.patch to avoid FTBFS * Bump soname. Rename libldns2 to libldns3 * Update and rename libldns3.symbols * Add debian/salsa-ci.yml * Fix FTCBFS: Multiarchify python Build-Depends. (Closes: #929578) Patch by Helmut Grohne * Specify Rules-Requires-Root: no * Bump debhelper-compat to v13 -- Santiago Ruano Rincón Wed, 03 Jun 2020 23:02:22 +0200 ldns (1.7.0-4.1) unstable; urgency=medium * Non-maintainer upload. * Use upstream patch to fix FTBFS with SWIG 4.0 (Closes: #951899) -- Ivo De Decker Fri, 20 Mar 2020 13:39:43 +0000 ldns (1.7.0-4) unstable; urgency=medium * Fix invalid maintainer (Closes: #899938) * Add two upstream patches to address security issues: + CVE-2017-1000231: Memory corruption in ldns_rr_new_frm_fp_l (Closes: #882015) + CVE-2017-1000232: Memory corruption in ldns_str2rdf_long_str (Closes: #882014) * Bump debhelper compat to v12 * Update the Vcs-* links to salsa.d.o * Bump the policy to the latest version (no change) * Add upstream Homepage link to d/control * Disable GOST and enable Ed25519 algorithm (see draft-wouters-sury-dnsop-algorithm-update) -- Ondřej Surý Sun, 10 Mar 2019 21:56:02 +0000 ldns (1.7.0-3.1) unstable; urgency=medium * Non-maintainer upload. * Don't build-depend on python3-all-dev, the build rules don't handle multiple versions of python3 correctly. Closes: #904038 Thanks to Steve Langasek for the patch. * Enable parallel building. -- Mattia Rizzolo Thu, 27 Sep 2018 10:36:04 +0200 ldns (1.7.0-3) unstable; urgency=medium * Build depend on OpenSSL >= 1.1.0 to support offline DANE verification -- Ondřej Surý Fri, 23 Jun 2017 10:12:00 +0200 ldns (1.7.0-2) unstable; urgency=medium [ Christoph Egger ] * Add python3 bindings -- Ondřej Surý Mon, 19 Jun 2017 10:38:39 +0200 ldns (1.7.0-1) unstable; urgency=medium * Imported Upstream version 1.7.0 * Use --enable-gost-anyway to enable GOST even when not available at compile time -- Ondřej Surý Wed, 21 Dec 2016 13:12:52 +0100 ldns (1.7.0~rc3-1) unstable; urgency=medium * Imported Upstream version 1.7.0~rc3 * Upload to unstable -- Ondřej Surý Sat, 17 Dec 2016 10:36:30 +0100 ldns (1.7.0~rc1-0~exp1) experimental; urgency=medium * Imported Upstream version 1.7.0~rc1 * Rebase patches on top of 1.7.0~rc1 release * Remove debuild build files from repository * Update packaging for libldns.so.2 transition * Enable full hardening and symbols check * Update libldns.so.2 symbols -- Ondřej Surý Fri, 02 Dec 2016 18:45:42 +0100 ldns (1.6.17-10) unstable; urgency=medium [ A. Schulze ] * experimental support openssl-1.1.x (Closes: #828377) -- Ondřej Surý Thu, 27 Oct 2016 16:53:07 +0200 ldns (1.6.17-9) unstable; urgency=medium * Add ldns_resolver_clone function needed by libnet-ldns-perl -- Ondřej Surý Tue, 28 Jun 2016 13:11:24 +0200 ldns (1.6.17-8) unstable; urgency=medium [ Robert Edmonds ] * Makefile.in: Don't pass CPPFLAGS to swig (Closes: #811230) -- Ondřej Surý Mon, 15 Feb 2016 12:21:40 +0100 ldns (1.6.17-7) unstable; urgency=medium * Add lintian overrides for slightly errorneous man pages * Disable ldns-config distribution; please use pkg-config * Add missing dh-python B-D * Fix perl error in doxyparse.pl (Closes: #808665) -- Ondřej Surý Wed, 23 Dec 2015 11:05:32 +0100 ldns (1.6.17-6) unstable; urgency=medium * Update packaging to debhelper compat level 9 and convert libldns to MultiArch package * Move the package under pkg-dns group umbrella -- Ondřej Surý Tue, 22 Dec 2015 15:24:37 +0100 ldns (1.6.17-5) unstable; urgency=medium * Add upstream fix for double free for answers bigger than 4096 bytes * Add upstream fix whitespace bug in ldns-read-zone -- Ondřej Surý Thu, 19 Jun 2014 09:45:26 +0200 ldns (1.6.17-4) unstable; urgency=high * [CVE-2014-3209]: fix ldns-keygen writing private DNSKEYs with default umask (Closes: #746758) -- Ondřej Surý Mon, 16 Jun 2014 11:40:18 +0200 ldns (1.6.17-3) unstable; urgency=high * Add Breaks for dnssec-trigger as well to allow its backports without symbol breakage in libldns1 -- Ondřej Surý Fri, 13 Jun 2014 14:23:43 +0200 ldns (1.6.17-2) unstable; urgency=high * Install libldns.pc into correct location (Closes: #746614) * Add Breaks for opendnssec version that uses strlcpy symbol from ldns (Closes: #720702) -- Ondřej Surý Fri, 13 Jun 2014 13:47:22 +0200 ldns (1.6.17-1) unstable; urgency=low * New upstream version 1.6.17 * Use updated watch file * Refresh patches for 1.6.17 release * Install libldns.pc to /usr/lib/pkg-config (Closes: #696025) * Update symbols file that has removed some internal symbols -- Ondřej Surý Tue, 11 Feb 2014 15:22:50 +0100 ldns (1.6.16-1) unstable; urgency=low * New upstream version 1.6.16 * Update patches for release 1.6.16 -- Ondřej Surý Wed, 10 Jul 2013 12:47:56 +0200 ldns (1.6.13-4) unstable; urgency=low * Add correct Breaks/Replaces, fix typo and version (Closes: #694468) -- Ondřej Surý Tue, 27 Nov 2012 12:05:04 +0100 ldns (1.6.13-3) unstable; urgency=low * Also move manual page for ldns-config to libldns-dev package -- Ondřej Surý Fri, 07 Sep 2012 14:36:11 +0200 ldns (1.6.13-2) unstable; urgency=low * Convert python-ldns package to dh_python2 * Move ldns-config to /usr/sbin and to libldns-dev where it belongs -- Ondřej Surý Fri, 13 Jul 2012 12:43:03 +0200 ldns (1.6.13-1) unstable; urgency=low [ Daniel Baumann ] * Removing gost symbols in libldns1 if needed (Closes: #649695) [ Ondřej Surý ] * Generate symbols file in dh_makeshlibs target * Imported Upstream version 1.6.13 (Closes: #674458) * Add new symbols introduced in 1.6.13 -- Ondřej Surý Mon, 28 May 2012 09:32:24 +0200 ldns (1.6.12-2) unstable; urgency=low [ Robert S. Edmonds ] * debian/: add libldns1-dbg debugging symbol package -- Ondřej Surý Mon, 26 Mar 2012 13:56:03 +0200 ldns (1.6.12-1) unstable; urgency=low * Fix brace-expansion-in-debhelper-config-file warning * Imported Upstream version 1.6.12 * Update patch for new release -- Ondřej Surý Mon, 16 Jan 2012 15:34:20 +0100 ldns (1.6.11-1) unstable; urgency=low * Conditionally enable GOST algorithm support based on OpenSSL version * Make GOST symbols optional to allow easy backporting * Imported Upstream version 1.6.11 * Update patches to the new release * Update libldns1 symbols (and make GOST symbols mandatory again, it will break ABI if they are missing) -- Ondřej Surý Thu, 29 Sep 2011 17:38:20 +0200 ldns (1.6.10-2) unstable; urgency=low * Add dependency on libssl-dev to libldns-dev (Closes: #629888) -- Ondřej Surý Thu, 09 Jun 2011 11:20:41 +0200 ldns (1.6.10-1) unstable; urgency=low * Link libtool to current directory in the clean target if not found (Closes: #623320) * Update Vcs-* links * Imported Upstream version 1.6.10 -- Ondřej Surý Tue, 31 May 2011 15:54:59 +0200 ldns (1.6.9-2) unstable; urgency=low * Don't perform checks, because upstream target test is broken * Enable GOST algorithm (Closes: #620598) -- Ondřej Surý Sun, 03 Apr 2011 12:07:36 +0200 ldns (1.6.9-1) unstable; urgency=low * Imported Upstream version 1.6.9 -- Ondřej Surý Fri, 18 Mar 2011 13:48:47 +0100 ldns (1.6.8-1) unstable; urgency=low * Imported Upstream version 1.6.8 -- Ondřej Surý Mon, 24 Jan 2011 15:50:09 +0100 ldns (1.6.7-1) unstable; urgency=low * New upstream release -- Ondřej Surý Fri, 14 Jan 2011 12:13:33 +0100 ldns (1.6.6-2) unstable; urgency=high * Install ldns.py into python-ldns package (Closes: #609955) -- Ondřej Surý Fri, 14 Jan 2011 10:53:30 +0100 ldns (1.6.6-1) unstable; urgency=low * New upstream release * Add Changelog to debian/docs (Closes: #592437) -- Ondřej Surý Thu, 12 Aug 2010 13:06:10 +0200 ldns (1.6.5-1) unstable; urgency=low * New upstream release * Fix _ldns.so install command -- Ondřej Surý Wed, 04 Aug 2010 16:08:00 +0200 ldns (1.6.5~rc1-1) unstable; urgency=low * New upstream RC release * Updated patches to 1.6.5rc1 -- Ondřej Surý Mon, 07 Jun 2010 20:23:13 +0200 ldns (1.6.4-5) unstable; urgency=low * allow installing with just one version of python (Closes: #583350) * add explicit call to python-support and quilt from debhelper -- Ondřej Surý Fri, 26 Mar 2010 17:01:28 +0100 ldns (1.6.4-4) unstable; urgency=low * Add support for all python versions (Closes: #571494) -- Ondřej Surý Mon, 01 Mar 2010 13:29:06 +0100 ldns (1.6.4-3) unstable; urgency=low * Disable building with binutils-gold -- Ondřej Surý Tue, 02 Feb 2010 14:51:07 +0100 ldns (1.6.4-2) unstable; urgency=low * Don't uselessly link to all libraries around -- Ondřej Surý Thu, 28 Jan 2010 22:33:05 +0100 ldns (1.6.4-1) unstable; urgency=low * New Upstream version 1.6.4 * Bump standards version to 3.8.3 * Enable pyldns bindings (python-pyldns package) * Use DESTDIR= instead of prefix= when doing 'make install' * Don't uselessly link to all libraries around -- Ondřej Surý Thu, 28 Jan 2010 11:39:17 +0100 ldns (1.6.1-1) unstable; urgency=low * New Upstream Version -- Ondřej Surý Sat, 24 Oct 2009 11:14:17 +0200 ldns (1.6.0-1) unstable; urgency=low * New Upstream Version -- Ondřej Surý Thu, 30 Jul 2009 21:31:34 +0200 ldns (1.5.1-1) unstable; urgency=low * New upstream release. * Merged upstream: - debian/patches/01_put_ldns_library_check_to_bottom.dpatch - debian/patches/02_buffer_overflow_in_rr.c.dpatch -- Ondřej Surý Tue, 03 Mar 2009 11:53:42 +0100 ldns (1.4.0-2) unstable; urgency=low * Make dh_makeshlibs call versioned. * Cherry pick possible buffer overflow in rr.c from 1.5.x branch. -- Ondřej Surý Tue, 10 Feb 2009 17:05:45 +0100 ldns (1.4.0-1) unstable; urgency=low * New upstream release. * Merged upstream: - debian/patches/01_ldns-1.3.0.ldns-new-dnssec-tools.dpatch - debian/patches/02_ldns-1.3.0.ldns-read-zone.dpatch - debian/patches/03_ldns-1.3.0_hex_can_contain_space.dpatch - debian/patches/04_ldns-1.3.0_ldns-compare-zones.dpatch -- Ondřej Surý Thu, 20 Nov 2008 20:33:14 +0100 ldns (1.3.0-6) unstable; urgency=low * Various improvements and fixes for ldns-compare-zones - Change opt_* from int to bool - Fix double zones read - Canonicalize and sort zones before comparing (can be disabled by -z) -- Ondřej Surý Tue, 30 Sep 2008 16:52:22 +0200 ldns (1.3.0-5) unstable; urgency=low * Reverse read order of zones to keep SOA of first zone in output -- Ondřej Surý Sun, 07 Sep 2008 00:58:00 +0200 ldns (1.3.0-4) unstable; urgency=low * Must test what I write. Fix double free in ldns-merge-dnssec. -- Ondřej Surý Sat, 06 Sep 2008 14:56:24 +0200 ldns (1.3.0-3) unstable; urgency=low * Build ldns-merge-dnssec as well * Fix bunch of lintian warnings. -- Ondřej Surý Sat, 06 Sep 2008 14:25:27 +0200 ldns (1.3.0-2) unstable; urgency=low * debian/patches/01_ldns-1.3.0.ldns-new-dnssec-tools.dpatch: - Add two new DNSSEC related tools * 02_ldns-1.3.0.ldns-read-zone.dpatch: - Small fixups for ldns-read-zone -- Ondřej Surý Sat, 06 Sep 2008 13:49:04 +0200 ldns (1.3.0-1) unstable; urgency=low * New upstream release (final 1.3.0). -- Ondřej Surý Mon, 02 Jun 2008 17:38:34 +0200 ldns (1.2.99.pre.1.3.0.20080528-1) unstable; urgency=low * New upstream release candidate. -- Ondřej Surý Wed, 28 May 2008 12:10:07 +0200 ldns (1.2.99.pre.1.3.0.20080229-2) unstable; urgency=low * Add correct dependencies for libldns-dev ... again (Closes: #454905) -- Ondřej Surý Wed, 21 May 2008 22:16:38 +0200 ldns (1.2.99.pre.1.3.0.20080229-1) unstable; urgency=low * New upstream pre-release, stolen from unbound. * Library soname finally sane. * Upload to unstable to prepare for unbound upload. -- Ondřej Surý Thu, 08 May 2008 11:27:38 +0200 ldns (1.2.99.pre.1.3.0.20080114-1) experimental; urgency=low * New upstream pre-release. * patches/03_doxygen.pl.dpatch: - removed, merged upstream -- Ondřej Surý Thu, 28 Feb 2008 17:23:29 +0100 ldns (1.2.99.pre.1.3.0.20071102-1) experimental; urgency=low * New upstream pre-release. * Release only to experimental. * patches/02_dname-off-by-one.dpatch, patches/05_ldns-compare-zones.dpatch: - removed, merged upstream -- Ondřej Surý Fri, 16 Nov 2007 10:12:05 +0100 ldns (1.2.1-2) unstable; urgency=low * patches/05_ldns-compare-zones.dpatch: - add ldns-compare-zones tool * debian/control: - build depend on libpcap-dev to allow ldns-dpa build - build depend on doxygen to allow documentation build (Closes: #451470) -- Ondřej Surý Fri, 16 Nov 2007 09:41:29 +0100 ldns (1.2.1-1) unstable; urgency=low * Initial release (Closes: #348970) * patches/01_doxygen-u.dpatch: - update doxygen configuration * patches/02_dname-off-by-one.dpatch: - Fix ldns_dname_compare * patches/03_doxygen.pl.dpatch: - Fix man section in generated man pages * patches/04_examples-man-pages.dpatch: - Fix some errors in man pages of examples -- Ondřej Surý Thu, 11 Oct 2007 13:40:14 +0200