Merge bind9 from Debian unstable for kinetic

Upstream: 9.18.2
Debian: 1:9.18.2-1
Ubuntu: 1:9.18.1-1ubuntu1

Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.

### New Debian Changes ###

bind9 (1:9.18.2-1) unstable; urgency=medium

  * Drop libldap2-dev from Build-Depends (Closes: #1008021)
  * New upstream version 9.18.2
  * Add runtime dependency on libuv1 >= 1.40.0 (Closes: #1009889)

 -- Ondřej Surý <email address hidden> Tue, 26 Apr 2022 11:03:35 +0200

bind9 (1:9.18.1-1) unstable; urgency=high

  * New upstream version 9.18.1
  * CVE-2021-25220: The rules for acceptance of records into the cache
    have been tightened to prevent the possibility of poisoning if
    forwarders send records outside the configured bailiwick.
  * CVE-2022-0396: TCP connections with 'keep-response-order' enabled
    could leave the TCP sockets in the 'CLOSE_WAIT' state when the client
    did not properly shut down the connection.
  * CVE-2022-0635: Lookups involving a DNAME could trigger an assertion
    failure when 'synth-from-dnssec' was enabled (which is the default)
  * CVE-2022-0667: When chasing DS records, a timed out or artificially
    delayed fetch could cause 'named' to crash while resuming a DS lookup.

 -- Ondřej Surý <email address hidden> Mon, 14 Mar 2022 15:29:31 +0100

bind9 (1:9.18.0-2) unstable; urgency=medium

  * Add patch to use detected L1 cache-line size instead of hard-coded
    value, this should fix architectures with 128-byte L1 cache.

 -- Ondřej Surý <email address hidden> Thu, 27 Jan 2022 13:16:04 +0100

bind9 (1:9.18.0-1) unstable; urgency=medium

  * Bump the upstream version in debian/ to 9.18
  * New upstream version 9.18.0

 -- Ondřej Surý <email address hidden> Wed, 26 Jan 2022 12:31:55 +0100

bind9 (1:9.18.0~0+git28350c-1) unstable; urgency=medium

  * New upstream version 9.18.0~0+git28350c
   + Pull the 9.18.0 pre-release git to have the L1 cache line
     fix (Closes: #1004271)
  * Fix the typo when backing up and restoring configure{,.ac}
    (Closes: #903586)
  * Remove some prehistoring conffile no longer in use
    (Closes: #942377)
  * Pick UTC date for release_date variable (Closes: #1000893)

 -- Ondřej Surý <email address hidden> Mon, 24 Jan 2022 16:00:49 +0100

bind9 (1:9.17.22-1) unstable; urgency=medium

  * New upstream version 9.17.22

 -- Ondřej Surý <email address hidden> Wed, 19 Jan 2022 18:38:13 +0100

bind9 (1:9.17.21-1) unstable; urgency=medium

  * New upstream version 9.17.21

 -- Ondřej Surý <email address hidden> Wed, 15 Dec 2021 15:22:46 +0100

bind9 (1:9.17.20-3) unstable; urgency=medium

  * Retain bind9-resolvconf.service alias (Closes: #1000565)

 -- Ondřej Surý <email address hidden> Thu, 25 Nov 2021 10:10:50 +0100

bind9 (1:9.17.20-2) unstable; urgency=medium

  * Tighten the dependencies on bind9-libs for the utils too
    (Closes: #1000354)

 -- Ondřej Surý <email address hidden> Mon, 22 Nov 2021 08:58:22 +0100

bind9 (1:9.17.20-1) unstable; urgency=medium

  * New upstream version 9.17.20
  * Remove the sphinx-patch, the role has been fixed upstream

 -- Ondřej Surý <email address hidden> Thu, 18 Nov 2021 07:49:14 +0100

bind9 (1:9.17.19-3) unstable; urgency=medium

  * Remove the .so libraries from excluded files

 -- Ondřej Surý <email address hidden> Fri, 12 Nov 2021 14:24:13 +0100

bind9 (1:9.17.19-2) unstable; urgency=medium

  * Add libjemalloc-dev to Build-Depends
  * Sync the packaging between BIND 9.16 and BIND 9.17 branches
  * Don't install static libraries to bind9-dev, they are not built

 -- Ondřej Surý <email address hidden> Tue, 09 Nov 2021 10:42:43 +0100

bind9 (1:9.17.19-1) unstable; urgency=medium

  * New upstream version 9.17.19

### Old Ubuntu Delta ###

bind9 (1:9.18.1-1ubuntu1) jammy; urgency=medium

  * Merge with Debian unstable (LP: #1965981). Remaining changes:
    - Don't build dnstap as it depends on universe packages:
      + d/control: drop build-depends on libfstrm-dev, libprotobuf-c-dev and
        protobuf-c-compiler (universe packages)
      + d/dnsutils.install: don't install dnstap
      + d/libdns1104.symbols: don't include dnstap symbols
      + d/rules: don't build dnstap nor install dnstap.proto
    - Add back apport:
      + d/bind9.apport: add back old bind9 apport hook, but without calling
        attach_conffiles() since that is already done by apport itself, with
        confirmation from the user.
      + d/control, d/rules: build-depends on dh-apport and use it
    - d/NEWS: mention some of the bigger changes in 9.16.0 packaging
    - d/bind9.named.service: use systemd Type=forking to signal daemon init.
      This fixes a regression of #900788 where services whose startup depend
      on name resolutions may fail due to bind9 not being ready (LP #1899902).
    - d/control: remove optional libjemalloc-dev Build-Depends as it is not in
      main.
    - d/NEWS: mention some of the relevant changes in 9.18.0 packaging
      or functionality that may affect usability.
  * Dropped changes:
    - d/p/0003-Remove-spurious-debugging-true.patch: remove development leftover
      debugging flag from nslookup code (LP: #1961556).
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: cache poisoning via bogus NS records
      + debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of
        records into the cache in lib/dns/resolver.c.
      + CVE-2021-25220
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: DoS via specially crafted TCP stream
      + debian/patches/CVE-2022-0396.patch: ensure correct ordering in
        lib/isc/netmgr/netmgr.c.
      + CVE-2022-0396
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: DNAME insist with synth-from-dnssec enabled
      + debian/patches/CVE-2022-0635.patch: fix logic in lib/dns/rbtdb.c.
      + CVE-2022-0635
      [ Incorporated in 9.18.1. ]
    - SECURITY UPDATE: Assertion failure on delayed DS lookup
      + debian/patches/CVE-2022-0667.patch: fix logic in lib/dns/resolver.c.
      + CVE-2022-0667
      [ Incorporated in 9.18.1. ]
  * Added changes:
    - d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe.patch,
      d/p/lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo.patch,
      d/p/lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error-.patch,
      d/p/lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh.patch,
      d/p/lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv.patch,
      d/p/lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC.patch,
      d/p/lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the.patch:
      Fix dig error when trying the next server after a TCP connection
      failure. This upstream patchset also fixes a crash when using
      the 'host' command for numeric lookups (LP: #1964400) and an
      infinite hang when passing a non-existent hostname to 'host' (LP:
      #1964686).

 -- Sergio Durigan Junior <email address hidden> Wed, 23 Mar 2022 13:48:30 -0400