bind9 1:9.18.1-1ubuntu1 source package in Ubuntu

Changelog

bind9 (1:9.18.1-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1965981). Remaining changes:
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1104.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap nor install dnstap.proto
    - Add back apport:
      + d/bind9.apport: add back old bind9 apport hook, but without calling
        attach_conffiles() since that is already done by apport itself, with
        confirmation from the user.
      + d/control, d/rules: build-depends on dh-apport and use it
    - d/NEWS: mention some of the bigger changes in 9.16.0 packaging
    - d/bind9.named.service: use systemd Type=forking to signal daemon init.
      This fixes a regression of #900788 where services whose startup depend
      on name resolutions may fail due to bind9 not being ready (LP #1899902).
    - d/control: remove optional libjemalloc-dev Build-Depends as it is not in
      main.
    - d/NEWS: mention some of the relevant changes in 9.18.0 packaging
      or functionality that may affect usability.
  * Dropped changes:
    - d/p/0003-Remove-spurious-debugging-true.patch: remove development leftover
      debugging flag from nslookup code (LP: #1961556).
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: cache poisoning via bogus NS records
      + debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of
        records into the cache in lib/dns/resolver.c.
      + CVE-2021-25220
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: DoS via specially crafted TCP stream
      + debian/patches/CVE-2022-0396.patch: ensure correct ordering in
        lib/isc/netmgr/netmgr.c.
      + CVE-2022-0396
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: DNAME insist with synth-from-dnssec enabled
      + debian/patches/CVE-2022-0635.patch: fix logic in lib/dns/rbtdb.c.
      + CVE-2022-0635
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: Assertion failure on delayed DS lookup
      + debian/patches/CVE-2022-0667.patch: fix logic in lib/dns/resolver.c.
      + CVE-2022-0667
      [ Incorporated in 9.18.1. ]
  * Added changes:
    - d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe.patch,
      d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo.patch,
      d/p/lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error-.patch,
      d/p/lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh.patch,
      d/p/lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv.patch,
      d/p/lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC.patch,
      d/p/lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the.patch:
      Fix dig error when trying the next server after a TCP connection
      failure.  This upstream patchset also fixes a crash when using
      the "host" command for numeric lookups (LP: #1964400) and an
      infinite hang when passing a non-existent hostname to "host" (LP:
      #1964686).

 -- Sergio Durigan Junior <email address hidden>  Wed, 23 Mar 2022 13:48:30 -0400