sabato 12 dicembre 2009

Nuovi aggiornamenti di sicurezza per Ubuntu 9.10 Karmic Koala

Maria Susana Diaz | 20:56 |
Ecco i tradizionali aggiornamenti settimanali sulla sicurezza del PC (importanti) pubblicati da Canonical.

Gli sviluppatori Ubuntu possono rilasciare degli aggiornamenti per la sicurezza o per nuove funzionalità per le applicazioni e i pacchetti di Ubuntu.

Quando questi aggiornamenti sono disponibili, Ubuntu vi avviserà attraverso una finestra pop-up e una icona rossa nell'area delle notifiche. Per aggiornare il sistema fare clic sull'icona rossa, inserire la password e fare clic su OK.

Il programma Gestore aggiornamenti mostrerà tutti gli aggiornamenti disponibili. Per scaricarli e installarli fare clic sul pulsante Installa aggiornamenti. Ubuntu scaricherà e installerà gli aggiornamenti da Internet.

Quando Gestore aggiornamenti finisce l'aggiornamento del sistema, chiudere la finestra pop-up facendo clic sul pulsante Chiudi quindi chiudere Gestore aggiornamenti per completare l'aggiornamento.


In questo caso riguardano:

BIND9-HOST
DNSUTILS
DNSUTILS
GNOME-SCREENSAVER
GRUB-COMMON
LIBBIND9-50
LIBDNS50
LIBISC50
LIBISCCFG50
LIBWRES50
NTPDATE

Dopo aver installato aggiornamenti importanti, può essere necessario riavviare il computer. Ubuntu vi informerà attraverso una finestra pop-up e una icona nell'area delle notifiche.


BIND9-HOST This package provides the 'host' program in the form that is bundled with the BIND 9.X sources. This version differs from the one provided in the package called host, which is from NIKHEF, and has a similar but different set of features/options. Cambiamenti per le versioni: 1:9.6.1.dfsg.P1-3 1:9.6.1.dfsg.P1-3ubuntu0.2 Scaricamento dell'elenco dei cambiamenti non riuscito. Verificare la connessione a Internet.

DNSUTILS The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org. This package delivers various client programs related to DNS that are derived from the BIND source tree. * dig - query the DNS in various ways * nslookup - the older way to do it * nsupdate - perform dynamic updates (See RFC2136) Cambiamenti per le versioni: 1:9.6.1.dfsg.P1-3 1:9.6.1.dfsg.P1-3ubuntu0.2 Versione 1:9.6.1.dfsg.P1-3ubuntu0.2: * SECURITY UPDATE: incorrect cache update from additional section - CHANGES, bin/named/query.c, lib/dns/{include/dns/types.h, masterdump.c,rbtdb.c,resolver.c,validator.c}: handle the additional section properly. lib/dns/api, version: increment versions. - debian/*: increment to libdns53, add libdns50 metapackage so upgrade-manager won't hold the bind9 upgrade back. - CVE-2009-4022

GNOME-SCREENSAVER gnome-screensaver is a screen saver and locker that aims to have simple, sane and secure defaults, and be well integrated with the GNOME desktop. It is designed to support, among other things: * the ability to lock down configuration settings * translation into other languages * user switching Cambiamenti per le versioni: 2.28.0-0ubuntu3 2.28.0-0ubuntu3.1 Versione 2.28.0-0ubuntu3.1: * SECURITY UPDATE: broken screen-locking idle timeout (LP: #411350) - debian/patches/09_remove_session_inhibitors.patch: Fix issue when applications leave inhibitors behind. GRUB-COMMON This package contains common files shared by the distinct flavours of GRUB. Cambiamenti per le versioni: 1.97~beta4-1ubuntu4 1.97~beta4-1ubuntu4.1 Versione 1.97~beta4-1ubuntu4.1: * SECURITY UPDATE: fix password validation when using password-based authentication - debian/patches/970_security_fix_password_validation.diff: update grub_auth_strcmp() to use grub_strcmp() and add a small added delay. Also update grub_auth_check_authentication() to add a delay if authentication does not succeed. - CVE-2009-4128

LIBBIND9-50
Cambiamenti per le versioni: 1.97~beta4-1ubuntu4 1.97~beta4-1ubuntu4.1 Versione 1.97~beta4-1ubuntu4.1: * SECURITY UPDATE: fix password validation when using password-based authentication - debian/patches/970_security_fix_password_validation.diff: update grub_auth_strcmp() to use grub_strcmp() and add a small added delay. Also update grub_auth_check_authentication() to add a delay if authentication does not succeed. - CVE-2009-4128 Cambiamenti per le versioni: 1:9.6.1.dfsg.P1-3 1:9.6.1.dfsg.P1-3ubuntu0.2 Versione 1:9.6.1.dfsg.P1-3ubuntu0.2: * SECURITY UPDATE: incorrect cache update from additional section - CHANGES, bin/named/query.c, lib/dns/{include/dns/types.h, masterdump.c,rbtdb.c,resolver.c,validator.c}: handle the additional section properly. lib/dns/api, version: increment versions. - debian/*: increment to libdns53, add libdns50 metapackage so upgrade-manager won't hold the bind9 upgrade back. - CVE-2009-4022

LIBDNS50 The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org. This metapackage eases the upgrade path to libdns53. Cambiamenti per le versioni: 1:9.6.1.dfsg.P1-3 1:9.6.1.dfsg.P1-3ubuntu0.2 Versione 1:9.6.1.dfsg.P1-3ubuntu0.2: * SECURITY UPDATE: incorrect cache update from additional section - CHANGES, bin/named/query.c, lib/dns/{include/dns/types.h, masterdump.c,rbtdb.c,resolver.c,validator.c}: handle the additional section properly. lib/dns/api, version: increment versions. - debian/*: increment to libdns53, add libdns50 metapackage so upgrade-manager won't hold the bind9 upgrade back. - CVE-2009-4022

LIBDNS53 (Nuova Installazione) The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org. This package delivers the libdns shared library used by BIND's daemons and clients. Cambiamenti per le versioni: None 1:9.6.1.dfsg.P1-3ubuntu0.2 Versione 1:9.6.1.dfsg.P1-3ubuntu0.2: * SECURITY UPDATE: incorrect cache update from additional section - CHANGES, bin/named/query.c, lib/dns/{include/dns/types.h, masterdump.c,rbtdb.c,resolver.c,validator.c}: handle the additional section properly. lib/dns/api, version: increment versions. - debian/*: increment to libdns53, add libdns50 metapackage so upgrade-manager won't hold the bind9 upgrade back. - CVE-2009-4022 Versione 1:9.6.1.dfsg.P1-3: * Build-Depend on the fixed libgeoip-dev. Closes: #540973 Versione 1:9.6.1.dfsg.P1-2: [Jamie Strandboge] * reload individual named profile, not all of apparmor. LP: #412751 [Guillaume Delacour] * bind9 did not purge cleanly. Closes: #497959 [LaMont Jones] * postinst: do not append a blank line to /etc/default/bind9. Closes: #541469 * init.d stop needs to not error out. LP: #398033 * meta: fix build-depends. Closes: #539230 Versione 1:9.6.1.dfsg.P1-1: [Internet Software Consortium, Inc] * A specially crafted update packet will cause named to exit. CVE-2009-0696, CERT VU#725188. Closes: #538975 [InterNIC] * Update db.root hints file. [LaMont Jones] * Move default zone definitions from named.conf to named.conf.default-zones. Closes: #492308 * use start-stop-daemon if rndc stop fails. Closes: #536487 * lwresd: pidfile name was wrong in init script. Closes: #527137 Versione 1:9.6.1.dfsg-2: * ia64: fix atomic.h Versione 1:9.6.1.dfsg-1: [Internet Software Consortium, Inc] * 9.6.1 Versione 1:9.6.0.dfsg.P1-3: [Martin Zobel-Helas] * GEO-IP Patch from git://git.kernel.org/pub/scm/network/bind/bind-geodns.git. Closes: #395191 [LaMont Jones] * Remove /var/lib/bind on purge. Closes: #527613 * Build-Depend: libdb-dev (>4.6). Closes: #527877, #528772 * init.d: detect rndc errors better. LP: #380962 * init.d: clean up exit status. Closes: #523454 * Enable pkcs11 support, and then Revert - causes assertion failures c.f.: #516552 Versione 1:9.6.0.dfsg.P1-2: * random_1 broke memory usage assertions. Versione 1:9.6.0.dfsg.P1-1: [Michael Milligan] * Add min-cache-ttl and min-ncache-ttl keywords [LaMont Jones] * Fix merge errors from 9.6.0.dfsg.P1-0 Versione 1:9.6.0.dfsg.P1-0: [Internet Software Consortium, Inc] * 9.6.0-P1 [LaMont Jones] * meta: fix override disparity * meta: soname package fixups for 9.6.0 * meta: update Standards-Version: 3.7.3.0 * upstream now uses a bind subdir. Closes: #212659 [Sven Joachim] * meta: pass host and build into configure for hybrid build machines. Closes: #515110 Versione 1:9.5.1.dfsg.P1-3: * package -2 for unstable Versione 1:9.5.1.dfsg.P1-2: [Juhana Helovuo] * fix atomic operations on alpha. Closes: #512285 [Dann Frazier] * fix atomic operations on ia64. Closes: #520179 [LaMont Jones] * build-conflict: libdb4.2-dev. Closes: #515074, #507013 [localization folks] * l10n: Basque debconf template. Closes: #516549 (Piarres Beobide) Versione 1:9.5.1.dfsg.P1-1: * New upstream patch release - supportable version of fix from 9.5.0.dfsg.P2-5.1 - CVE-2009-0025: Closes: #511936 - 2475: Overly agressive cache entry removal. Closes: #511768 - other bug fixes worthy of patch-release inclusion Versione 1:9.5.0.dfsg.P2-5.1: * Non-maintainer upload. * Apply upstream ACL fixes from 9.5.1 to fix RC bug. Patch was provided by Evan Hunt (upstream bind9 developer) after Emmanuel Bouthenot contacted him. Closes: #496954, #501800. * Remove obsolete dh_installmanpages invocation which was adding unwanted manual pages to bind9. Closes: #486196. Versione 1:9.5.0.dfsg.P2-5: [ISC] * 2463: IPv6 Advanced Socket API broken on linux. LP: #249824 [Jamie Strandboge] * apparmor: add capability sys_resource * apparmor: add krb keytab access. LP: #277370 [LaMont Jones] * apparmor: allow proc/*/net/if_inet6 read access too. LP: #289060 * apparmor: add /var/log/named/* entries. LP: #294935 [Ben Hutchings] * meta: Add dependency of bind9 on net-tools (ifconfig used in init script) * meta: Fix bind9utils Depends. * meta: fix typo in package description [localization folks] * l10n: add polish debconf translations. Closes: #506856 (L) Versione 1:9.5.0.dfsg.P2-4: * meta: fix typo in Depends: lsb-base. Closes: #501365 Versione 1:9.5.0.dfsg.P2-3: [LaMont Jones] * enable largefile support. Closes: #497040 [localization folks] * l10n: Dutch translation. Closes: #499977 (Paul Gevers) * l10n: simplified chinese debconf template. Closes: #501103 (LI Daobing) * l10n: Update spanish template. Closes: #493775 (Ignacio Mondino) Versione 1:9.5.0.dfsg.P2-2: [Kees Cook] * debian/{control,rules}: enable PIE hardening (from -1ubuntu1) [Nicolas Valcárcel] * Add ufw integration (from -1ubuntu2) [Dustin Kirkland] * use pid file in init.d/bind9 status. LP: #247084 [LaMont Jones] * dig: add -DDIG_SIGCHASE to compile options. LP: #257682 * apparmor profile: add /var/log/named [Nikita Ofitserov] * ipv6 support requires _GNU_SOURCE definition. LP: #249824 Versione 1:9.5.0.dfsg.P2-1: [LaMont Jones] * default to using resolvconf if it is installed * fix sonames and dependencies. Closes: #149259, #492418 * Do not build-depend libcap2-dev on non-linux. Closes: #493392 * drop unused query-loc manpage. Closes: #492564 * lwresd: Deliver /etc/bind directory. Closes: #490027 * fix query-source comment in default install [Internet Software Consortium, Inc] * 9.5.0-P2. Closes: #492949 [localization folks] * l10n: Spanish debconf translation. Closes: #492425 (Ignacio Mondino) * l10n: Swedish debconf templates. Closes: #491369 (Martin Ågren) * l10n: Japanese debconf translations. Closes: #492048 (Hideki Yamane (Debian-JP)) * l10n: Finnish translation. Closes: #490630 (Esko Arajärvi) * l10n: Italian debconf translations. Closes: #492587 (Alessandro Vietta) Versione 1:9.5.0.dfsg.P1-2: * Revert "meta: merge the mess of single-lib packages back into one large one." - That way lies madness and pain. * init.d/bind9: implement status function. LP: #203169 Versione 1:9.5.0.dfsg.P1-1: * Repackage 9.5.0.dfsg-5 with the -P1 tarball. Versione 1:9.5.0.dfsg-5: [Internet Software Consortium, Inc] * Randomize UDP query source ports to improve forgery resilience. (CVE-2008-1447) [LaMont Jones] * add build-depends: texlive-latex-base, xsltproc, remove Bv9ARM.pdf in clean * fix sonames * drop unneeded build-deps, since we do not actually deliver B9vARM.pdf * meta: cleanup libbind9-41 Provides/Conflicts * build: fix sonames for new libraries * postinst: really restart bind/lwresd in postinst Versione 1:9.5.0.dfsg-4: [LaMont Jones] * control: fix dnsutils description to avoid list reformatting. Closes: #480317 * lwresd: restart in postinst. Closes: #486481 * meta: merge the mess of single-lib packages back into one large one. * apparmor: allow bind to create files in /var/{lib,cache}/bind * build: drop .la files. Closes: #486969 * build: drop the extra lib path from the library-package merge * meta: liblwres40 does not conflict with the libbind9-40-provided libbind0 [localization folks] * l10n: German debconf translation. Closes: #486547 (Helge Kreutzmann) * l10n: Indonesian debconf translations. Closes: #486503 (Arief S Fitrianto) * l10n: Slovak po-debconf translation Closes: #488905 (helix84) * l10n: Turkish debconf template. Closes: #486479 (Mert Dirik) Versione 1:9.4.2-12: * apparmor: allow bind to create files in /var/{lib,cache}/bind Versione 1:9.4.2-11: * apparmor: add dnscvsutil package files * lwresd Depends: adduser * control: fix dnsutils description to avoid list reformatting. Closes: #480317 Versione 1:9.5.0.dfsg-3: [LaMont Jones] * bind9utils Depends: libbind9-40. Closes: #486194 * bind9 should not deliver manpages for nonexistant binaries. Closes: #486196 [localization folks] * l10n: Vietnamese debconf templates translation update. Closes: #486185 (Clytie Siddall) * l10n: Russian debconf templates translation. Closes: #486191 (Yuri Kozlov) * l10n: Galician debconf template. Closes: #486215 (Jacobo Tarrio) * l10n: French debconf templates. Closes: #486325 (CALARESU Luc) * l10n: Czech debconf translation. Closes: #486337 (Miroslav Kure) * l10n: Updated Portuguese translation. Closes: #486267 (Traduz - Portuguese Translation Team) Versione 1:9.5.0.dfsg-2: [Tim Spriggs] * init.d: Nexenta has different ifconfig arguments [LaMont Jones] * templates rework from debian-l10n-english * reload named when an interface goes up or down. LP: #226495 * build: need to create the directories for interface restart triggering * Build-Depends: libcap2-dev. Closes: #485747 * Leave named running during update. Closes: #453765 * Fix path to uname, cleaning up the nexenta checks. * l10n: avoid double-question in templates. [localization folks] * l10n: Vietnamese debconf translations. Closes: #483911 (Clytie Siddall) * l10n: Portuguese debconf translations. Closes: #483872 (Traduz - Portuguese Translation Team) Versione 1:9.5.0.dfsg-1: [LaMont Jones] * manpages: fix references that should say /etc/bind * meta: build-depend libxml2-dev for statistics support Versione 1:9.5.0.dfsg-0: [Internet Software Consortium, Inc] * 9.5.0 release [LaMont Jones] * Only use capabilities if they are present: reprise. Closes: #360339, #212226 * control: fix dnsutils description to avoid list reformatting. Closes: #480317 * build: use the correct directories in dh_shlibdeps invocation * build: turn on dlz. No pgsql or mysql support yet. LP: #227344 Versione 1:9.5.0~rc1-2~0ubuntu2: * build: use the correct directories in dh_shlibdeps invocation * build: turn on dlz. LP: #227344 Versione 1:9.5.0~rc1-2~0ubuntu1: * Upload what will become (maybe an ancestor of) -2 to intrepid. - Only use capabilities if they are present: reprise. Closes: #360339, #212226 - control: fix dnsutils description to avoid list reformatting. Closes: #480317 Versione 1:9.5.0~rc1-1: [Patrick Winnertz] * postinst: make add debconf support. Closes: #473460 [Jamie Strandboge] * debian/bind9.preinst: Apparmor force-complain on upgrade without existing profile. LP: #204658 [LaMont Jones] * bind9utils: fix typos in .install * host: manpage inaccurately describes default query. LP: #203087 * apparmor: add dnscvsutil package files * Revert "Only use capabilities if they are present." for merge of 9.5.0rc1. * soname: libdns41 -> 42 * fix typos in debconf patch, #473460 * cleanup more files in clean target * lwresd Depends: adduser Versione 1:9.5.0~b2-2: * meta: add bind9utils binary package, with various useful utilities. Closes: #151957, #130445, #160483 Versione 1:9.4.2-10: [Jamie Strandboge] * debian/bind9.preinst: AA force-complain on upgrade without existing profile. LP: #204658 [LaMont Jones] * host: manpage inaccurately describes default query. LP: #203087 Versione 1:9.4.2-9: * apparmor: allow subdirs in {/etc,/var/cache,/var/lib}/bind * apparmor: make profile match README.Debian Versione 1:9.4.2-8: [ISC] * CVE-2008-0122: off by one error in (unused) inet_network function. Closes: #462783 LP: #203476 [Michael Milligan] * Fix min-cache-ttl and min-ncache-ttl keywords [Jamie Strandboge] * apparmor: force complain-mode for apparmor on certain upgrades. LP: #203528 * debian/bind9.postrm: purge /etc/apparmor.d/force-complain/usr.sbin.named Versione 1:9.4.2-7: [Jamie Strandboge] * Allow rw access to /var/lib/bind/* in apparmor-profile. LP: #201954 [LaMont Jones] * Drop root-delegation comments from named.conf. Closes: #217829, #297219 Versione 1:9.4.2-6: * Correct apparmor profile filename. LP: #200739 Versione 1:9.4.2-5: * add "order random_1" support (return one random RR) * Fix doc pathnames in README.Debian. Closes: #266891 * Add AAAA ::1 entry to db.local. Closes: #230088 Versione 1:9.5.0~b2-1: [Thiemo Seufer] * mips:atomic.h: improve implementation of atomic ops, fix mips{el,64} [LaMont Jones] * manpages: call it /etc/bind/named.conf throughout, and typos. Closes: #419750 * named.conf.5: correct filename. Closes: #428015 * manpages: fix typo errors. Closes: #395834 * Makefile.in: be explicit about library paths * build: Turn on GSS-TSIG support. LP: #158197 * build: soname changes * db.root: include AAAA RRs. Closes: #464111 * soname: lib{dns,isc}40 -> 41 * meta: use binary:Version instead of Source-Version [Andreas John] * Only use capabilities if they are present. Closes: #360339, #212226 Versione 1:9.4.2-4: * incorporate ubuntu apparmor change from Jamie Strandboge, with changes: - Add apparmor profile, reload apparmor profile on config - Add a note about apparmor to README.Debian - conflicts/replaces old apparmor versions * db.root: include AAAA RRs. Closes: #464111 * Don't die when /var/lib/bind already exists. LP: #191685 * build: turn on optimization. Closes: #435194 Versione 1:9.4.2-3ubuntu1: * add AppArmor profile + debian/apparmor-profile + debian/bind9.postinst: Reload AA profile on configuration * updated debian/README.Debian for note on AppArmor * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we should now take control * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmor-profiles gets installed it won't overwrite our profile * Modify Maintainer value to match the DebianMaintainerField specification. Versione 1:9.4.2-3: * don't run rndc-confgen when it's not there. Closes: #459551 * control: drop use of ${Source-Version} Versione 1:9.4.2-2: * init.d: add --oknodo to start-stop-daemon. Closes: #411881 * init: LSB dependency info. Closes: #459421, #448006 * meta: bind9 Suggests: resolvconf. Closes: #252285 * bind9: deliver /var/lib/bind directory, and document. Closes: #248771, #200253, #202981, #209022 * lwresd: create bind user/group and rndc key if needed, at install. Closes: #190742 * dnsutils: update long description. Closes: #236901 Versione 1:9.4.2-1: [Mike O'Connor] * bind9.init: LSB compliance. Closes: #448006 [Internet Software Consortium, Inc] * New release: 9.4.2 [LaMont Jones] * soname shifts for new release Versione 1:9.4.2~rc2-1: * New upstream release Versione 1:9.4.1-P1-4: [Thomas Antepoth] * unix/socket.c: don't send to a socket with pending_send. Closes: #430065 [LaMont Jones] * document git repositories * db.root: l.root-servers.net changed IP address. Closes: #449148 LP: #160176 * init.d: if there are no networks configured, error out quickly Versione 1:9.4.1-P1-3: * Only deliver upstream changes with bind9-doc Versione 1:9.4.1-P1-2: * manpages: fix typo errors. Closes: #395834 * manpages: call it /etc/bind/named.conf throughout, and typos. Closes: #419750 * named.conf.5: correct filename. Closes: #428015 * bind9.NEWS: update version for ACL change doc. Closes: #435225 * build: don't have dnsutils deliver man pages that it shouldn't. LP: #82178 * nslookup.1: some of the manpage was not visible. LP: #131415 * document git repositories * unix/socket.c: don't send to a socket with pending_send. Closes: #430065 Versione 1:9.4.1-P1-1: * New upstream version, addresses CVE-2007-2926 and CVE-2007-2925 Versione 1:9.4.1-1: * New upstream version Versione 1:9.4.0-2: * upload to unstable Versione 1:9.4.0-1: * New upstream version * more mipsel patch. Closes: #406409 Versione 1:9.4.0~rc2-1: * New upstream version. Addresses CVE-2007-0493 CVE-2007-0494 Versione 1:9.4.0~rc1.0-3: * add NEWS file talking about the change in defaults: As of bind 9.4, allow-query-cache and allow-recursion default to the builtin acls 'localnets' and 'localhost'. If you are setting up a name server for a network, you will almost certainly need to change this. The change in default has been done to make caching servers less attractive as reflective amplifying targets for spoofed traffic. This still leaves authoritative servers exposed. Versione 1:9.4.0~rc1.0-2: * Fix mips64. Closes: #406409 Versione 1:9.4.0~rc1.0-1: * Broken orig.tar.gz.
Versione 1:9.4.0~rc1-1: * New upstream Versione 1:9.3.4-2etch2: [Thomas Antepoth] * unix/socket.c: don't send to a socket with pending_send. Closes: #430065 [LaMont Jones] * document git repositories * db.root: l.root-servers.net changed IP address. Closes: #449148 Versione 1:9.3.4-2etch1: * Fix DNS cache poisoning through predictable query IDs. (CVE-2007-2926) Versione 1:9.3.4-2: * Actually really do the merge of 9.3.4. Sigh. Closes: #408925 Versione 1:9.3.4-1: * New upstream version. Addresses CVE-2007-0493 CVE-2007-0494 Versione 1:9.3.3-1: * New upstream version Versione 1:9.3.2-P1.0-1: * Fix README.Debian to point to the URL. Closes: #387437 * Strip rfc's from orig.tar.gz. Closes: #393359 Versione 1:9.3.2-P1-2: * Fix init script output. Closes: #354192 Thanks to Joey Hess for the patch. * Default install should listen on ipv6 interfaces. Closes: #382438 Versione 1:9.3.2-P1-1: * New upstream, fixes CVE-2006-4095 and CVE-2006-4096. Closes: #386237, #386245 * Drop gcc-3.4 [powerpc] dependency. Closes: #342957, #372203 * Add -fno-strict-aliasing for type-punned pointer aliasing issues Closes: #386224 * Use getent in postinst instead of chown/chgrp. Closes: #386091, #239665 * Drop redundant update-rc.d calls. Closes: #356914 Versione 1:9.3.2-2: * correct force-reload. Closes: #333841 * Fix init.d's usage message. Closes: #331090 * resolvconf tweaks. Closes: #252232, #275412 Versione 1:9.3.2-1: * New upstream * use lsb-base for start/stop messages in init.d. * switch to debhelper 4 Versione 1:9.3.1-2: * Getting good reports from experimental, uploading to sid. Release team, please consider this package for sarge. Thanks. * correct pidfile name in init.d/lwresd. Closes: #298100 Versione 1:9.3.1-1: * Build with gcc-3.4 on powerpc, to work around #292958. Versione 1:9.3.1-0: * New upstream version. Versione 1:9.3.0+9.3.1beta2-1: * new upstream version Versione 1:9.3.0-1: * New upstream version Versione 1:9.2.4-1: * New upstream version. Closes: #269157 and others. * Version debhelper build-dep. Closes: #262720 Versione 1:9.2.3+9.2.4-rc7-1: * New upstream Versione 1:9.2.3+9.2.4-rc6-1: * New upstream. * Comment out delegation-only directives in named.conf Versione 1:9.2.3+9.2.4-rc5-1: * New upstream release candidate Versione 1:9.2.3+9.2.4-rc2-1: * New upstream release candidate * Remove shared library symlinks in clean. Closes: #243109 * Deal with capset being a module. Closes: #245043, #240874, #241605 * deliver /var/run/bind/run in lwresd as well. Closes: #186569 Versione 1:9.2.3-3: * new IP for b.root-servers.net. Closes: #234278 * Fix RC linkages to match bind8. Closes: #218007 Versione 1:9.2.3-2: * Rebuild autoconf files for mips. Closes: #221419 Versione 1:9.2.3-1: * New upstream. * cleanup zones.rfc1918/db.empty stuff. * Fix Makefiles to work even if the build environment is unclean. Closes: #211503 * Add comments about root-delegation-only to named.conf. Closes: #212243 * Add resolvconf support. Closes: #199255 * more SO_BSDCOMPAT hacks for linux. Closes: #220735, #214460 Versione 1:9.2.2+9.2.3rc4-1: * Yet another new upstream release. Versione 1:9.2.2+9.2.3rc3-1: * New upstream. Closes: #211752. #211503. #211496, #211520 Versione 1:9.2.2+9.2.3rc2-4: * Really fix versioned depends. Closes: #211590 Versione 1:9.2.2+9.2.3rc2-3: * Version depends for all the libraries. sigh. Closes: #211412,#210293 Versione 1:9.2.2+9.2.3rc2-2: * Need a versioned depend. sigh. Versione 1:9.2.2+9.2.3rc2-1: * New upstream release. Closes: #211373 * Remove RFC's from package, per policy. * Make com and net zones delegation-only by default. Versione 1:9.2.2+9.2.3rc1-3: * A bit more cleanup of descriptions. * fix package sections * Fix b0rkage with dependencies. Versione 1:9.2.2+9.2.3rc1-2: * Explicitly link libraries. Closes: #210653 * Fix descriptions. Closes: #209563, #209853, #210063 Versione 1:9.2.2+9.2.3rc1-1: * New upstream release candidate. * Quit using SO_BSDCOMPAT (why is it still in the header files??) so that the kernel will shut up about it's advertised, obsolete option. Closes: #201293, #204282, #205590 Versione 1:9.2.2-2: * Fix libtool.m4. Closes: #183791 * move lib packages into Section: libs. Closes: #184788 * make sure it's libssl0.9.7. Closes: #182363 * Add /etc/default/lwresd. Closes: #169727 * Add fakeroot dir to dh_shlibdeps. Closes: #169622 * Fix rndc manpage. Closes: #179353 * Deliver /usr/bin/isc-config.sh (in libbind-dev). Closes: #178186 Versione 1:9.2.2-1: * New upstream version * Document /etc/default/bind9 in init.d script. Closes: #170267 Versione 1:9.2.1-7: * One more overrides disparity. * Fix bashism in postinst. Closes: #169531 Versione 1:9.2.1-6: * The "I give up for now" release. * Only convert to running as bind if named.conf hasn't been modified. * Closes: #163552, #164352 * Fix overrides * Cleanup README.Debian wrt non-root-by-default. * Make sure that /var/run/bind/run exists in init.d script. Closes: #168912 * New IP for j.root-servers.net. Closes: #167818 * Check for 2.2.18 kernel in preinst. Closes: #164349 * Move local options to /etc/default/bind9. Closes: #169132, #163073 * Cleanup old bugs (fixed in -5, really). Closes: #165864 * Add /etc/bind/named.conf.local, included from named.conf. Closes: #129576 * Do options definitions in /etc/bind/named.conf.options, makes life easier in the face of named.conf changes from upstream. * Add missing Depends: adduser Versione 1:9.2.1-5: * Run named a non-privileged user by default. Closes: #149059 Versione 1:9.2.1-4: * swap maintainer/uploader status so LaMont is primary and Bdale is backup * Deal with bind/bind9 collisions better. Closes: #149580 * Fix some documentation. Closes: #151579 Versione 1:9.2.1-3: * fold in lib/bind/resolv from 8.3.3 to resolve buffer overlow issue in resolver library, closes: #151342, #151431 Versione 1:9.2.1-1.woody.1: * backport to woody (simple rebuild) since 9.2.1 resolves a security issue Versione 1:9.2.1-2: * don't include nslint man page, closes: #148695 * fix typo in rndc.8, closes: #139602 * add a section to README.Debian explaining the rndc key mode that has been our default since 9.2.0-2, closes: #129849 * fix paths for named.conf in named.8 to reflect our default, closes: #143443 * upstream fixed the nsupdate man page at some point, closes: #121108 Versione 1:9.2.1-1: * new upstream version * have bind9-host provide host, closes: #140174 * move bind9-host to priority standard since dnsutils depends on it or host, and we prefer bind9-host over host. * move libdns5 and libisc4 to priority standard since dnsutils depends on them and is priority standard Versione 1:9.2.0-6: * move to US main! Yippee! Closes: #123969 * add info to README.Debian about 2.5 kernels vs --disable-linux-caps Versione 1:9.2.0-5: * clean up various issues in the rules file * make bind9-host conflict/replace old dnsutils as host does, otherwise we can have problems upgrading from potato to woody, closes: #136686 * use /dev/urandom for rndc-confgen in postinst, it should be good enough for this purpose, and will keep the postinst from blocking arbitrarily. closes: #130372 * add fresh pointers to chroot howto to README.Debian, closes: #135774 Versione 1:9.2.0-4: * bind9-host needs to conflict with host, closes: #127395 Versione 1:9.2.0-3: * force removal of old diverted files, closes: #126236 * change priority of liblwres1 from optional to standard per ftp admins * add a bind9-host package so that the 'host' provided with the BIND 9.X source tree can be an alternative to the aging NIKHEF version packaged separately. Update dnsutils dependencies to depend on one of the two, with preference to this one since it has fewer bugs (but fewer features, too). Versione 1:9.2.0-2: * change rc.d links to ensure daemon starts before and stops after other daemons that may fail if name service is not working (bug was filed against 8.X bind packages, but is just as relevant here!) * use rndc for daemon shutdown instead of start-stop-daemon, closes: #111935 * add a postinst to dnsutils to remove any lingering diversions from old dnsutils packages, closes: #122227 * not much point in delivering zone2ldap.1 since we aren't delivering zone2ldap right now (though we might someday?), closes: #124058 * be more verbose with shared library descriptions, closes: #123426, #123428 * 9.2.0 added a new rndc.key file that both named and rndc will read to obtain a shared key, and rndc-confgen will easily create this file with a unique-per-system key. Modify named.conf and remove rndc.conf to take advantage of this mechanism and stop delivering a pre-determined static key to all Debian systems (which has been a mild security risk). Create the key in postinst if the key file doesn't already exist, and remove the file in postrm if purging. Closes: #86718, #87208 Versione 1:9.2.0-1: * new upstream version, closes: #108243, #112266, #114250, #119506, #120657 * /etc/bind/rndc.conf is now a conffile * minor hacks to the README.Debian since the chroot instructions it points to are 8.X specific, part of addressing bug 111868. * libomapi is gone, replaced by libisccc and libisccfg * a few lintian-motivated cosmetic cleanups * lose task-dns-server meta package, since tasksel doesn't need it now * dig problem not reproducible in this version, closes: #89526 * named-checkconf now uses $sysconfdir, closes: #107835 * no longer deliver man pages for contributed binaries we're not including in dnsutils, closes: #108220 * fix section in nslookup man page, though that's the least of the man page's problems... glitch reported is unreproducible closes: #103630, #120946 * update libbind-dev README.Debian, closes: #121050 Versione 1:9.1.3-1: * new upstream version, closes: #96483, #99824, #100647, #101568, #103429 * update config.sub/guess for hppa/ia64 support * small init.d patch from Marco d'Itri to ease adding options on invocation * stop having bind9-doc conflict/replace bind-doc since they don't really conflict and there's no reason to prevent having both installed at the same time, closes: #90994 * the CHANGES file documents fixes since 9.1.1 that probably cured the reported assertion failure. If it turns out that I'm wrong, the bug can be re-opened or a new one filed. I can't see any way to reproduce the bug in a test case here. Closes: #99352 * have libbind-dev depend on the runtime library packages it delivers compile-time symlinks for, closes: #100898, #103855 * fix lwres man pages to source man3/* instead of * so all the page content can actually be found, closes: #85450, #103865 Versione 1:9.1.1-1: * new upstream release * update build-depends for libssl-dev * add build-depends on bison, closes: #90150, #90752, #90159 * split up libbind0 since libdns is changing so numbers * downgrade rblcheck from a depends to a suggests, closes: #90783 * bind9 mkdep creates files in the current working directory, closes: #58353 Versione 1:9.1.0-3: * merge patch from Zack Weinberg that solves compilation problem, and reduces the memory footprint of applications by making configure.in smarter. Closes: #86776, #86910 * the bind-doc package includes all relevant documentation from the bind9 source tree, including HTML content in /usr/share/doc/bind9-doc/arm, closes: #85718 * default named.conf and rndc.conf to not world-readable. This is an interim step towards addressing the concerns about security raised by bugs 86718 and closes: #86836 A better long-term solution would be for rndc.conf to allow includes, so that both named.conf and rndc.conf could include a key file built on the fly during installation while themselves retaining conffile status. The required functionality has been requested of the bind9 upstream, this will limit vulnerability in the meantime. * add replaces logic to the dnsutils package to avoid complaints about the delivery of nsupdate.8.gz, closes: #86759 * move a couple of man pages back from dnsutils to bind9 that really belong there. sigh. Versione 1:9.1.0-2: * merge patch from Luca Filipozzi <lfilipoz@debian.org> - thanks! + bind9: ships with a working rndc.conf file, closes: #84572 + bind9: init.d calls rndc rather than ndc on reload, closes: #85481 + bind9: named.conf ships with 'key' and 'control' sections + bind9: correctly creates /var/cache/bind, closes: #85457 + lwresd: lwresd is split off into its own package, closes: #85627 * nsupdate is delivered by the dnsutils package, but the (wrong) man page was accidentally also included in the bind9 package, closes: #85717 * freshen config.sub and config.guess for ia64 and hppa support Versione 1:9.1.0-1: * Initial packaging of BIND 9.1.0. Must use epoch so that meta packages retain their sequencing from the bind 8 package version stream. * snarf a couple of man pages from the 8.X tree for now LIBISC50 The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org. This package delivers the libisc shared library used by BIND's daemons and clients. Cambiamenti per le versioni: 1:9.6.1.dfsg.P1-3 1:9.6.1.dfsg.P1-3ubuntu0.2 Versione 1:9.6.1.dfsg.P1-3ubuntu0.2: * SECURITY UPDATE: incorrect cache update from additional section - CHANGES, bin/named/query.c, lib/dns/{include/dns/types.h, masterdump.c,rbtdb.c,resolver.c,validator.c}: handle the additional section properly. lib/dns/api, version: increment versions. - debian/*: increment to libdns53, add libdns50 metapackage so upgrade-manager won't hold the bind9 upgrade back. - CVE-2009-4022



LIBISCCC50 The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org. This package delivers the libisccc shared library used by BIND's daemons and clients, particularly rndc. Cambiamenti per le versioni: 1:9.6.1.dfsg.P1-3 1:9.6.1.dfsg.P1-3ubuntu0.2 Versione 1:9.6.1.dfsg.P1-3ubuntu0.2: * SECURITY UPDATE: incorrect cache update from additional section - CHANGES, bin/named/query.c, lib/dns/{include/dns/types.h, masterdump.c,rbtdb.c,resolver.c,validator.c}: handle the additional section properly. lib/dns/api, version: increment versions. - debian/*: increment to libdns53, add libdns50 metapackage so upgrade-manager won't hold the bind9 upgrade back. - CVE-2009-4022

LIBISCCFG50
The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org. This package delivers the libisccfg shared library used by BIND's daemons and clients to read and write ISC-style configuration files like named.conf and rndc.conf. Cambiamenti per le versioni: 1:9.6.1.dfsg.P1-3 1:9.6.1.dfsg.P1-3ubuntu0.2 Versione 1:9.6.1.dfsg.P1-3ubuntu0.2: * SECURITY UPDATE: incorrect cache update from additional section - CHANGES, bin/named/query.c, lib/dns/{include/dns/types.h, masterdump.c,rbtdb.c,resolver.c,validator.c}: handle the additional section properly. lib/dns/api, version: increment versions. - debian/*: increment to libdns53, add libdns50 metapackage so upgrade-manager won't hold the bind9 upgrade back. - CVE-2009-4022

LIBWRES50
The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supported by the Internet Software Consortium, www.isc.org. This package delivers the liblwres shared library used by BIND's daemons and clients. Cambiamenti per le versioni: 1:9.6.1.dfsg.P1-3 1:9.6.1.dfsg.P1-3ubuntu0.2 Versione 1:9.6.1.dfsg.P1-3ubuntu0.2: * SECURITY UPDATE: incorrect cache update from additional section - CHANGES, bin/named/query.c, lib/dns/{include/dns/types.h, masterdump.c,rbtdb.c,resolver.c,validator.c}: handle the additional section properly. lib/dns/api, version: increment versions. - debian/*: increment to libdns53, add libdns50 metapackage so upgrade-manager won't hold the bind9 upgrade back. - CVE-2009-4022

NTPDATE
NTP, the Network Time Protocol, is used to keep computer clocks accurate by synchronizing them over the Internet or a local network, or by following an accurate hardware receiver that interprets GPS, DCF-77, NIST or similar time signals. ntpdate is a simple NTP client that sets a system's clock to match the time obtained by communicating with one or more NTP servers. It is not sufficient, however, for maintaining an accurate clock in the long run. ntpdate by itself is useful for occasionally setting the time on machines that do not have full-time network access, such as laptops. If the full NTP daemon from the package "ntp" is installed, then ntpdate is not necessary. Cambiamenti per le versioni: 1:4.2.4p6+dfsg-1ubuntu5 1:4.2.4p6+dfsg-1ubuntu5.1 Versione 1:4.2.4p6+dfsg-1ubuntu5.1: * SECURITY UPDATE: fix DoS with mode 7 (MODE_PRIVATE) packets - debian/patches/CVE-2009-3563.patch: update ntpd/ntp_request.c to not send a response packet for and rate limit logging of invalid mode 7 requests and responses - CVE-2009-3563
Se ti è piaciuto l'articolo, iscriviti al feed per tenerti sempre aggiornato sui nuovi contenuti del blog:

TiPI (Ti Potrebbe Interessare)


LinuxLinks

Trovato questo articolo interessante? Condividilo sulla tua rete di contatti in Twitter, sulla tua bacheca su Facebook, in Linkedin, Instagram o Pinterest. Diffondere contenuti che trovi rilevanti aiuta questo blog a crescere. Grazie!

LINKEDIN