Control: tags -1 d-i confirmed Bernhard Schmidt: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Please unblock package bind9 > > -4 and -5 have the following changes over -3 currently in testing. > > - CVE-2018-5743 (Bug#927923) > The patch for this have been pulled directly from upstream. There is an > additional patch needed for platforms without atomic support > - Some additions to the AppArmor policy > The seldomly used case of bind9 directly serving ActiveDirectory zones from > Samba through a DLZ (Dynamically Loadable Zone) module was quite broken > before > because Samba in Buster changed some important paths and the AppArmor policy > only really got enforced in Buster. Thanks to Steven Monai for filing bugs > (928398, 920530) this should be fixed. I consider it low-risk because it > only > adds paths. > - During Buster EDDSA crypto was temporarily disabled because it added a > dependency > on OpenSSL 1.1.1, which was at that point preventing testing migration. In > our eyes it makes no sense to keep it disabled. Ed448 is currently broken > upstream (https://gitlab.isc.org/isc-projects/bind9/issues/225) so there is > an > additional patch to keep that disabled. > > -4 has been in sid for more than a week without reported regressions, -5 only > adds a single line to the AppArmor policy > > unblock bind9/1:9.11.5.P4+dfsg-5 >
Hi, I have flagged it as ok from the RT PoV and is CC'ing KiBi for a d-i review before it is finally unblocked. Thanks, ~Niels