unbound (1.13.1-1+deb11u4) bullseye-security; urgency=medium * Non-maintainer upload by the Debian LTS Team. * d/patches/CVE-2024-8508.patch: Fix CVE-2024-8508. When handling replies with very large RRsets that unbound needs to perform name compression for, it can spend a considerable time applying name compression to downstream replies, potentially leading to degraded performance and eventually denial of service in well orchestrated attacks (closes: #1083282). * d/patches/update-root-hints.patch: Update addresses for b.root-servers.net. * d/patches/allow-small-keys-in-tests.patch: Allow small key sizes for tests. * d/patches/disable-remote-control-in-tests-with-two-instances.patch: Disable the remote control port in tests which require two instances to avoid the binding conflict. -- Daniel Leidert Thu, 14 Nov 2024 17:21:36 +0100 unbound (1.13.1-1+deb11u3) bullseye-security; urgency=medium * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2024-43168: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized * Fix: CVE-2024-43167: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing -- Daniel Leidert Sun, 29 Sep 2024 02:28:35 +0200 unbound (1.13.1-1+deb11u2) bullseye-security; urgency=high * Non-maintainer upload by the Security Team. * Address DNSSEC protocol vulnerabilities (Closes: #1063845) - Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. - Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU. -- Salvatore Bonaccorso Tue, 13 Feb 2024 21:15:34 +0100 unbound (1.13.1-1+deb11u1) bullseye; urgency=high * Non-maintainer upload by the LTS team. * Fix the following security vulnerabilities. CVE-2022-3204: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From now on Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records. * CVE-2022-30698 and CVE-2022-30699: (Closes: #1016493) Unbound is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From now on Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten. -- Markus Koschany Wed, 05 Apr 2023 23:06:47 +0200 unbound (1.13.1-1) unstable; urgency=medium * New upstream version 1.13.1 * debian/gbp.conf: [import-orig] upstream-signatures = True * Drop debian/patches/0002-Fix-358-Squelch-udp-connect-no-route-to-host- errors-.patch (included in 1.13.1 release) * debian/copyright: 2021 -- Robert Edmonds Tue, 09 Feb 2021 17:53:57 -0500 unbound (1.13.0-1) unstable; urgency=medium * New upstream version 1.13.0 - Fix CVE-2020-28935: PID file vulnerability (Closes: #977165) * debian/patches/0002-Fix-358-Squelch-udp-connect-no-route-to-host- errors-.patch: Cherry-pick upstream commit 5906811ff19f005110b2edbda5aa144ad5fa05b1 to suppress UDP connect() errors on low verbosity -- Robert Edmonds Wed, 23 Dec 2020 19:34:24 -0500 unbound (1.12.0-1) unstable; urgency=medium * New upstream version 1.12.0 -- Robert Edmonds Mon, 19 Oct 2020 00:35:38 -0400 unbound (1.11.0-1) unstable; urgency=medium [ Simon Deziel ] * systemd: don't create a PID file * debian/package-helper: mount --bind systemd notify socket into chroot (Closes: #867187) [ Robert Edmonds ] * New upstream version 1.11.0 - Merge PR #241 by Robert Edmonds: contrib/libunbound.pc.in: Do not use "Requires:". (Closes: #958331) - Introduce "include-toplevel:" configuration option. - Adds its own implementation of Frame Streams for dnstap support. * debian/control: Remove build dependency on libfstrm-dev * debian/unbound.conf: Use "include-toplevel:" instead of "include:" (Closes: #950754) * debian/NEWS: Add entry for 1.11.0-1 regarding the change of /etc/unbound/unbound.conf to using the "include-toplevel:" directive * debian/patches/: Refresh patches -- Robert Edmonds Sun, 09 Aug 2020 20:57:15 -0400 unbound (1.10.1-1) unstable; urgency=high * New upstream version 1.10.1 - Fix CVE-2020-12662: Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target. - Fix CVE-2020-12663: Malformed answers from upstream name servers can be used to make Unbound unresponsive. -- Robert Edmonds Tue, 19 May 2020 11:36:53 -0400 unbound (1.10.0-1) unstable; urgency=medium [ Robert Edmonds ] * New upstream version 1.10.0 * Drop debian/patches/0002-Allow-use-of-libbsd-functions-with-configure- option-.patch (applied upstream) [ Stuart Prescott ] * Drop Python 2 module package (Closes: #938752) -- Robert Edmonds Sat, 18 Apr 2020 19:29:50 -0400 unbound (1.9.6-2) unstable; urgency=medium * debian/unbound.maintscript: Remove obsolete conffile /etc/unbound/unbound.conf.d/qname-minimisation.conf (Closes: #950406) -- Robert Edmonds Sat, 01 Feb 2020 14:44:39 -0500 unbound (1.9.6-1) unstable; urgency=medium [ Robert Edmonds ] * New upstream version 1.9.6 (Closes: #948036) - Fixes 'unbound crashes with "Assertion nread >= 0 failed in evmap_io_del_"' (Closes: #930699) - Fixes "unbound: Fails to answer TCP queries due to broken idle-timeout" (Closes: #946421) * debian/source/options: Remove 'single-debian-patch' option * debian/unbound.service: Change ExecReload to send SIGHUP rather than using unbound-control (Closes: #923314) * Enable remote-control by default (Closes: #923314) * Allow use of libbsd functions with configure option --with-libbsd * Remove "qname-minimisation: yes" config file setting, since this is now the default (Closes: #915056) * debian/package-helper: No longer invoke unbound-anchor for root trust anchor update (Closes: #910675) * debian/control: Bump Standards-Version to 4.5.0 (no changes) * debian/control: Remove build dependencies on autotools-dev, dh- autoreconf * debian/libunbound8.symbols: Add "* Build-Depends-Package: libunbound- dev" * Rename debian/NEWS.Debian -> debian/NEWS [ Matthew Palmer ] * Fix insecure use of start-stop-daemon --pidfile (Closes: #941573) [ Simon Deziel ] * Install Apparmor profile prior to service startup (Closes: #919511) [ Debian Janitor ] * Trim trailing whitespace. * Drop use of autotools-dev debhelper. * Bump debhelper from old 9 to 10. * Set field Upstream-Name in debian/copyright. -- Robert Edmonds Sun, 26 Jan 2020 22:45:45 -0500 unbound (1.9.4-2) unstable; urgency=medium * Cherry-pick upstream commit ec021e0d, "fix build with nettle-3.5" (Closes: #941041) -- Robert Edmonds Sat, 26 Oct 2019 08:00:58 -0400 unbound (1.9.4-1) unstable; urgency=high * New upstream version 1.9.4 - Fix CVE-2019-16866: uninitialized memory access when parsing specially crafted NOTIFY query. -- Robert Edmonds Fri, 04 Oct 2019 00:43:19 -0400 unbound (1.9.3-1) unstable; urgency=medium * New upstream version 1.9.3 -- Robert Edmonds Tue, 27 Aug 2019 14:24:11 -0400 unbound (1.9.3~rc1-1) experimental; urgency=medium * New upstream version 1.9.3~rc1 * debian/control: Bump Standards-Version to 4.4.0 (no changes) -- Robert Edmonds Sat, 17 Aug 2019 18:01:56 -0400 unbound (1.9.0-2) unstable; urgency=medium [ Simon Deziel ] * Disable chroot'ing (Closes: #921538) -- Robert Edmonds Sat, 09 Feb 2019 21:10:52 -0500 unbound (1.9.0-1) unstable; urgency=medium * New upstream version 1.9.0 * Team upload * Include dpkg/default.mk instead of only buildflags.mk * Update d/watch to reflect new download location and add signature check -- Ondřej Surý Tue, 05 Feb 2019 09:49:04 +0000 unbound (1.8.1-1) unstable; urgency=medium * New upstream version 1.8.1 -- Robert Edmonds Thu, 08 Nov 2018 16:50:36 -0500 unbound (1.8.0-1) unstable; urgency=medium * New upstream version 1.8.0 * debian/: libunbound2.symbols → libunbound8.symbols * debian/rules: libunbound2 → libunbound8 * debian/control: libunbound2 → libunbound8 * daemon/daemon.c: Fix systemd service manager state change notification -- Robert Edmonds Sat, 15 Sep 2018 16:21:11 -0400 unbound (1.7.3-1) unstable; urgency=medium * New upstream version 1.7.3 - Don't count CNAME response types received during qname minimisation as query restart. (Closes: #900800) -- Robert Edmonds Thu, 21 Jun 2018 12:45:09 -0400 unbound (1.7.2-1) unstable; urgency=medium [ Robert Edmonds ] * New upstream version 1.7.2 * debian/control: Update Maintainer field (Closes: #899758) [ Vincent Bernat ] * daemon/daemon.c: Fix reload hangs with systemd (Closes: #892914) -- Robert Edmonds Wed, 20 Jun 2018 17:30:34 -0400 unbound (1.7.1-1) unstable; urgency=medium [ Robert Edmonds ] * debian/control: Update Vcs-* links to use salsa.debian.org URLs * New upstream version 1.7.1 [ Simon Deziel ] * debian/apparmor-profile: Add capabilities to chown/chmod Unix control socket (Closes: #891705) * debian/apparmor-profile: Allow reading /var/lib/sss/mc/initgroups * debian/apparmor-profile: Permit unbound to notify readiness to systemd (Closes: #867186) * debian/apparmor-profile: Let unbound r/w anywhere under /var/lib/unbound (Closes: #882731) * debian/apparmor-profile: Use attach_disconnected -- Robert Edmonds Wed, 23 May 2018 15:41:54 -0400 unbound (1.6.7-1) unstable; urgency=medium * New upstream version 1.6.7 -- Robert Edmonds Sun, 15 Oct 2017 17:46:46 -0400 unbound (1.6.6-1) unstable; urgency=medium * New upstream version 1.6.6 * debian/control: Drop obsolete build-depends on dh-systemd * debian/control: Bump Standards-Version to 4.1.1 (no changes) -- Robert Edmonds Sat, 07 Oct 2017 00:40:08 -0400 unbound (1.6.5-1) unstable; urgency=high [ Robert Edmonds ] * New upstream version 1.6.5 - Fix install of trust anchor when two anchors are present, makes both valid. Checks hash of DS but not signature of new key. This fixes installs between sep11 and oct11 2017. * debian/rules: Enable EDNS Client Subnet in daemon [ Simon Deziel ] * debian/unbound.service: Set PIDFile= (Closes: #867192) [ Antony Antony ] * debian/rules: Enable libevent for libunbound2 API (Closes: #871675) -- Robert Edmonds Tue, 22 Aug 2017 22:50:56 -0400 unbound (1.6.4-1) unstable; urgency=medium [ Robert Edmonds ] * New upstream version 1.6.4 - Fixes 'malformed packet DoS when "use-caps-for-id" enabled' (Closes: #864730) * debian/copyright: Use https form of the copyright-format URL * debian/copyright: Bump NLnet Labs copyright years through 2017 * debian/control: Bump Standards-Version to 4.0.0 * debian/: Enable systemd support * debian/unbound.service: Use Type=notify process start-up type (Closes: #866804) * debian/: Enable experimental pluggable event base libunbound API (Closes: #859584) * debian/control: Add Depends on lsb-base to satisfy lintian's "init.d-script-needs-depends-on-lsb-base" [ Steve Langasek ] * debian/control: Build-Depend on python '-dev' packages, not '-all-dev' (Closes: #864334, #866770) [ Steven Chamberlain ] * Allow use of libbsd functions with configure option --with-libbsd * debian/: Configure with --with-libbsd (Closes: #853751) -- Robert Edmonds Mon, 03 Jul 2017 16:30:17 -0400 unbound (1.6.0-3) unstable; urgency=medium * Cherry-pick upstream commit svn r4000, "Include root trust anchor id 20326 in unbound-anchor". (Closes: #855484) -- Robert Edmonds Sun, 19 Feb 2017 20:04:34 -0500 unbound (1.6.0-2) unstable; urgency=high [ Helmut Grohne ] * Only use fake_dsa when HAVE_SSL is defined (Closes: #848339) -- Robert Edmonds Sun, 18 Dec 2016 15:00:12 -0500 unbound (1.6.0-1) unstable; urgency=medium [ Robert Edmonds ] * New upstream version 1.6.0 [ Helmut Grohne ] * Add pkg.unbound.libonly build profile. (Closes: #847130) -- Robert Edmonds Thu, 15 Dec 2016 15:26:15 -0500 unbound (1.5.10-3) unstable; urgency=medium [ Helmut Grohne ] * Fix FTCBFS: (Closes: #845941) + Convert python Build-Depends to cross-friendly ones. + Let dh_auto_configure pass --host to ./configure. -- Robert Edmonds Sun, 27 Nov 2016 14:41:30 -0500 unbound (1.5.10-2) unstable; urgency=medium * debian/unbound.install: Install usr/sbin/unbound-checkconf (Closes: #842797) -- Robert Edmonds Tue, 01 Nov 2016 16:37:52 -0400 unbound (1.5.10-1) unstable; urgency=medium * New upstream version 1.5.10 - Fixes FTBFS with OpenSSL 1.1.0 (Closes: #828584) * debian/: Build libunbound against nettle (Closes: #828699) * debian/: Support Python 3 (Closes: #835972) * debian/rules: Install libunbound.pc into the libunbound-dev package * debian/copyright: Update -- Robert Edmonds Tue, 04 Oct 2016 03:43:45 -0400 unbound (1.5.9-3) unstable; urgency=medium [ Nicolas Braud-Santoni ] * debian/: Ship AppArmor profile (Closes: #518002) * debian/control: Use HTTPS for Vcs-Git link * debian/unbound.service: Add documentation to the systemd unit file * debian/control: Bump Standards-Version to 3.9.8 (no changes) -- Robert Edmonds Sat, 06 Aug 2016 14:51:52 -0400 unbound (1.5.9-2) unstable; urgency=low * debian/unbound.init: Call start-stop-daemon with --retry for 'stop' action (based on patch from Julien Cristau) * debian/: Add unbound.service, unbound-resolvconf.service (Closes: #826241) (Thanks to Michael Biebl) * debian/rules: Configure with --with-rootkey-file=/var/lib/unbound/root.key -- Robert Edmonds Sun, 24 Jul 2016 19:48:56 -0400 unbound (1.5.9-1) unstable; urgency=medium * Imported Upstream version 1.5.9 - Updated L-Root IPv6 address (Closes: #818292) * debian/unbound.init: Add "pidfile" magic comment (Closes: #807132) * debian/libunbound2.symbols: Add new symbol 'ub_ctx_create_ub_event' * Enable DNS query name minimisation by default -- Robert Edmonds Fri, 10 Jun 2016 23:01:15 -0400 unbound (1.5.8-1) unstable; urgency=medium * Imported Upstream version 1.5.8 * debian/libunbound2.symbols: Add new symbol 'ub_ctx_set_stub' * debian/unbound.postinst: Clean up permissions on the resolvconf forwarder hook on upgrades (Closes: #816425) -- Robert Edmonds Sun, 06 Mar 2016 22:52:28 -0500 unbound (1.5.7-2) unstable; urgency=medium * debian/control: Add dh-python to Build-Depends * debian/: Install contrib/update-anchor.sh, contrib/unbound_munin_ (Closes: #573329) * Makefile.in: Pass PYTHON_CPPFLAGS to swig instead of CPPFLAGS (Closes: #809055) * debian/: Run "wrap-and-sort -sabt" * debian/resolvconf: No longer use RESOLVCONF_FORWARDERS from /etc/default/unbound * debian/unbound.postinst: Remove unbound-anchor invocation * debian/package-helper: Add helper script for init scripts and resolvconf * debian/unbound.init: Rewrite to use package-helper script * debian/unbound.default: Remove * debian/unbound.maintscript: Remove conffile /etc/default/unbound * debian/resolvconf-package: Add resolvconf packaging-event hook script (Closes: #777228) * debian/control: unbound: Depend on dns-root-data, for root trust anchor updates (Closes: #760461) * debian/rules: Disable the resolvconf update.d hook by default * debian/gbp.conf: Remove [dch] id-length * debian/NEWS.Debian: Add NEWS entry for 1.5.7-2 * debian/unbound.postinst: Always chown /var/lib/unbound (Closes: #763901) * debian/package-helper: Invoke unbound-anchor as user/group unbound * debian/: unbound.doc -> unbound.docs; Actually install upstream docs * debian/unbound.docs: Install doc/README.DNS64 * debian/unbound.docs: Install debian/NEWS.Debian * debian/package-helper: Clean old chroot files (Closes: #790392) (Patch from Simon Deziel) -- Robert Edmonds Sun, 21 Feb 2016 16:22:23 -0500 unbound (1.5.7-1) unstable; urgency=medium * [3cf7971b] debian/control: Vcs-Browser should point to cgit (Closes: #804437) * [66955294] Imported Upstream version 1.5.7 -- Robert Edmonds Sat, 12 Dec 2015 14:48:03 -0500 unbound (1.5.6-1) unstable; urgency=medium * [0d5117d5] Imported Upstream version 1.5.4 * [8327e145] Imported Upstream version 1.5.5 * [eb2adc8c] Imported Upstream version 1.5.6 - Closes: #796934, #803042. * [5a973651] debian/control: Update Maintainer, Uploaders for pkg-dns * [543459fa] debian/control: Update Vcs-Browser, Vcs-Git * [b69e513f] debian/: Run "wrap-and-sort -sbt" * [730f3622] debian/gbp.conf: Add [dch] section * [6b383656] debian/: Enable dnstap support -- Robert Edmonds Sun, 08 Nov 2015 01:26:27 -0500 unbound (1.5.3-1) experimental; urgency=medium * New upstream release. -- Robert Edmonds Sat, 14 Mar 2015 14:16:27 -0400 unbound (1.5.2-1) experimental; urgency=medium * New upstream release. * Migrate pidfile from /var/run to /run; closes: #773247. * Fix unbound-checkconf to recognize "python" in module-config; closes: #777193. -- Robert Edmonds Sat, 28 Feb 2015 21:04:03 -0500 unbound (1.5.1-1) experimental; urgency=medium * New upstream release. - Fix CVE-2014-8602: denial of service by making resolver chase endless series of delegations. -- Robert Edmonds Mon, 08 Dec 2014 15:08:30 -0500 unbound (1.5.0~rc1-1) experimental; urgency=medium * New upstream release. * Upload to experimental. -- Robert Edmonds Tue, 11 Nov 2014 19:18:44 -0500 unbound (1.4.22-2) unstable; urgency=medium * Drop unneeded Build-Dependency on doxygen. * Drop unneeded Build-Dependency on automake. (Unbound does not use automake.) * Use dh_autotools-dev_updateconfig to update the config.{guess,sub} files at build time; closes: #746313. -- Robert S. Edmonds Mon, 18 Aug 2014 16:20:28 -0400 unbound (1.4.22-1) unstable; urgency=medium * New upstream release. * Drop Build-Dependency on libldns-dev. Unbound no longer relies on libldns. -- Robert S. Edmonds Wed, 12 Mar 2014 13:21:58 -0400 unbound (1.4.21-1) unstable; urgency=low * New upstream release. * Don't compress the example config file in /usr/share/doc/unbound; closes: #722708. * Fully enable hardening options; closes: #709837. (Patch from Simon Deziel.) * Add support for .d style configuration in /etc/unbound/unbound.conf.d; closes: #656549. * Move auto-trust-anchor-file configuration for the root into the new /etc/unbound/unbound.conf.d directory. -- Robert S. Edmonds Thu, 19 Sep 2013 21:45:39 -0400 unbound (1.4.20-1) unstable; urgency=low * New upstream release. - Updates IPv4 address hint for D.ROOT-SERVERS.NET; closes: #697351. * Correct exit code for "/etc/init.d/unbound status"; closes: #685052. (Patch from micah anderson.) * Finish dh_python2 conversion; closes: #697575. (Patch from Micah Gersten.) * Check for multiarch Python headers; closes: #697576. (Patch from Micah Gersten.) * Automatically set up the chroot directory if enabled; closes: #579622. (Patch from Simon Deziel.) -- Robert S. Edmonds Sat, 13 Apr 2013 15:34:47 -0400 unbound (1.4.19-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Fri, 14 Dec 2012 21:33:42 -0500 unbound (1.4.18-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Sun, 05 Aug 2012 21:54:05 -0400 unbound (1.4.17-2) unstable; urgency=low * Build-depend on libldns-dev (>= 1.6.13~) for ECDSA support. -- Robert S. Edmonds Mon, 28 May 2012 14:19:57 -0400 unbound (1.4.17-1) unstable; urgency=low * New upstream release; closes: #674434. * Implement 'status' command in init script; closes: #666388. * Fix build system bug that negated fully hardening the build; closes: #658021. (Patch from Simon Ruderich.) * Disable ECDSA support (for now) as this requires a newer ldns than is in the archive. -- Robert S. Edmonds Sun, 27 May 2012 16:41:41 -0400 unbound (1.4.16-2) unstable; urgency=low * Enable hardened build flags; closes: #658021. -- Robert S. Edmonds Sat, 21 Apr 2012 15:35:16 -0400 unbound (1.4.16-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Sun, 05 Feb 2012 20:02:24 -0500 unbound (1.4.14-2) unstable; urgency=high * Work around gcc bugs by disabling link time optimization on build architectures that are not i386/amd64. -- Robert S. Edmonds Wed, 21 Dec 2011 15:52:17 -0500 unbound (1.4.14-1) unstable; urgency=high * New upstream release. - CVE-2011-4528. * Call dh_python2 in debian/rules; closes: #652294. -- Robert S. Edmonds Mon, 19 Dec 2011 11:00:46 -0500 unbound (1.4.13-2) unstable; urgency=low * Reduce the run-time dependencies of libunbound and the unbound-* utilities. -- Robert S. Edmonds Sat, 29 Oct 2011 16:16:19 -0400 unbound (1.4.13-1) unstable; urgency=low * New upstream release. * Only install forwarders learned from resolvconf into unbound if RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #637198. * Split unbound-anchor utility into separate binary package. * Support multi-arch. * Fix FTBFS with dpkg-dev 1.16.1. -- Robert S. Edmonds Sun, 23 Oct 2011 16:55:45 -0400 unbound (1.4.12-1) unstable; urgency=medium * New upstream release. -- Robert S. Edmonds Mon, 18 Jul 2011 15:56:42 -0400 unbound (1.4.11-1) unstable; urgency=low * New upstream release. * Fix FTBFS with default python >> 2.6; closes: #625520. -- Robert S. Edmonds Sun, 03 Jul 2011 16:32:49 -0400 unbound (1.4.10-1) unstable; urgency=low * New upstream release: - CVE-2011-1922. -- Robert S. Edmonds Wed, 25 May 2011 15:48:34 -0700 unbound (1.4.9-2) unstable; urgency=low * Build-depend on libldns-dev (>= 1.6.9-2~) for GOST support. * Configure without --disable-gost. -- Robert S. Edmonds Sun, 03 Apr 2011 14:31:40 -0400 unbound (1.4.9-1) unstable; urgency=low * New upstream release. * Convert packaging to git. * Configure with --with-pythonmodule. * Configure with --with-pyunbound. * Build new python-unbound package; closes: #542094. * Automatically create and remove remote control key material on package configuration and package purge. * Set default remote control port to 53953 to avoid conflicting with the bind9 package's default use of port 953 for rndc. * Securely fetch or update the root trust anchor at postinst and before starting the unbound daemon if ROOT_TRUST_ANCHOR_UPDATE is set in /etc/default/unbound; closes: #594911. * If unbound is listening on a loopback address, provide this address as a nameserver to resolvconf if RESOLVCONF is enabled in /etc/default/unbound; closes: #562031. * Configure resolvconf discovered nameservers as forwarders if RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #567879. * Don't exit from the init script with an error if UNBOUND_ENABLE is not true; default UNBOUND_ENABLE to true if the default file is missing entirely; closes: #618815. * Support /etc/init.d/unbound reload; closes: #620256. -- Robert S. Edmonds Sat, 02 Apr 2011 22:52:16 -0400 unbound (1.4.8-2) unstable; urgency=low * Add build-dependency on libexpat1-dev; closes: #612261. * Install unbound-anchor utility in unbound package. -- Robert S. Edmonds Mon, 07 Feb 2011 16:06:00 -0500 unbound (1.4.8-1) unstable; urgency=low * New upstream release; closes: #611527. * Add /etc/insserv.conf.d/unbound file declaring unbound to be a name daemon; closes: #596488, #600118. -- Robert S. Edmonds Sun, 06 Feb 2011 23:33:04 -0500 unbound (1.4.6-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Sun, 15 Aug 2010 18:26:43 -0400 unbound (1.4.5-1) unstable; urgency=low * New upstream release. * Add dependency on openssl to the unbound binary package; closes: #585808. -- Robert S. Edmonds Sun, 20 Jun 2010 16:50:42 -0400 unbound (1.4.4-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Thu, 22 Apr 2010 15:24:06 -0400 unbound (1.4.3-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Thu, 11 Mar 2010 15:55:33 -0500 unbound (1.4.2-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Tue, 09 Mar 2010 14:13:31 -0500 unbound (1.4.1-2) unstable; urgency=low * Invoke dh_installinit with --restart-after-upgrade; closes: #563033. -- Robert S. Edmonds Tue, 29 Dec 2009 21:54:26 -0500 unbound (1.4.1-1) unstable; urgency=low * New upstream release. * Document copyright status of util/configparser.c, util/configparser.h; closes: #552066. * Enable libev support; closes: #552424. -- Robert S. Edmonds Sat, 26 Dec 2009 17:19:10 -0500 unbound (1.4.0-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Fri, 04 Dec 2009 20:32:52 -0800 unbound (1.3.4-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Wed, 07 Oct 2009 12:59:21 -0400 unbound (1.3.3-1) unstable; urgency=low * New upstream release. * Drop .la file from libunbound-dev; closes: #541640. -- Robert S. Edmonds Sun, 23 Aug 2009 13:25:53 -0400 unbound (1.3.2-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Mon, 13 Jul 2009 05:50:47 -0400 unbound (1.3.0-1) unstable; urgency=low * New upstream release; closes: #533613. * Move pid file to /var/run; closes: #533611. * Use "unbound-checkconf -o pidfile" in init script to determine pid file location (thanks Michael Tokarev). -- Robert S. Edmonds Mon, 29 Jun 2009 01:10:00 -0400 unbound (1.2.1-2) unstable; urgency=low * Closes: #527753, #509535. -- Robert S. Edmonds Sat, 09 May 2009 16:46:32 -0400 unbound (1.2.1-1) unstable; urgency=low * New upstream release. * Remove init script chroot setup. -- Robert S. Edmonds Sat, 28 Feb 2009 19:46:09 -0500 unbound (1.0.2-1.2) unstable; urgency=low * Enable unbound by default (Closes: #508884) * Call dh_installinit with --error-handler=true (Closes: #500176) -- Ondřej Surý Tue, 16 Dec 2008 11:54:15 +0100 unbound (1.0.2-1.1) unstable; urgency=low [ Hideki Yamane (Debian-JP) ] * debian/{unbound.init,unbound.default} + set not start by default, to avoid that port 53 blocking by other name servers will cause install problems * debian/unbound.prerm + fix lintian "unbound: maintainer-script-hides-init-failure prerm:5" error [ Ondřej Surý ] * Non-maintainer upload. * Minor tweaks to patched init.d file to make it work. -- Ondřej Surý Mon, 15 Dec 2008 19:54:44 +0100 unbound (1.0.2-1) unstable; urgency=low * New upstream release; + stricter filtering of DNS messages to combat cache poisoning -- Robert S. Edmonds Mon, 25 Aug 2008 01:03:59 -0400 unbound (1.0.1-2) unstable; urgency=low * unbound tries too hard to chroot(); ship a default config that doesn't fail to start on new installs; closes: #492243. -- Robert S. Edmonds Sat, 02 Aug 2008 17:46:24 -0400 unbound (1.0.1-1) unstable; urgency=low * New upstream release. * Drop 'return' from init script; closes: #488650. -- Robert S. Edmonds Wed, 16 Jul 2008 12:38:55 -0400 unbound (1.0.0-3) unstable; urgency=low * Lintian clean; closes: #485438. * Don't chroot by default; note manual syslog configuration in README.Debian; closes: #486303. * Update to policy 3.8.0.0. -- Robert S. Edmonds Sun, 15 Jun 2008 17:25:04 -0400 unbound (1.0.0-2) unstable; urgency=low * Fix Build-Deps. * Split unbound-host into a separate package. -- Robert S. Edmonds Sun, 25 May 2008 16:12:21 -0400 unbound (1.0.0-1) unstable; urgency=low * Initial release; closes: #482277. -- Robert S. Edmonds Wed, 21 May 2008 14:13:28 -0400