unbound (1.9.0-2+deb10u2) buster-security; urgency=high * Apply NLnet Labs patch for CVE-2020-12662, CVE-2020-12663 -- Robert Edmonds Mon, 25 May 2020 16:23:43 -0400 unbound (1.9.0-2+deb10u1) buster-security; urgency=high * Apply NLnet Labs patch for CVE-2019-16866 (Closes: #941692) -- Robert Edmonds Sat, 12 Oct 2019 20:40:17 -0400 unbound (1.9.0-2) unstable; urgency=medium [ Simon Deziel ] * Disable chroot'ing (Closes: #921538) -- Robert Edmonds Sat, 09 Feb 2019 21:10:52 -0500 unbound (1.9.0-1) unstable; urgency=medium * New upstream version 1.9.0 * Team upload * Include dpkg/default.mk instead of only buildflags.mk * Update d/watch to reflect new download location and add signature check -- Ondřej Surý Tue, 05 Feb 2019 09:49:04 +0000 unbound (1.8.1-1) unstable; urgency=medium * New upstream version 1.8.1 -- Robert Edmonds Thu, 08 Nov 2018 16:50:36 -0500 unbound (1.8.0-1) unstable; urgency=medium * New upstream version 1.8.0 * debian/: libunbound2.symbols → libunbound8.symbols * debian/rules: libunbound2 → libunbound8 * debian/control: libunbound2 → libunbound8 * daemon/daemon.c: Fix systemd service manager state change notification -- Robert Edmonds Sat, 15 Sep 2018 16:21:11 -0400 unbound (1.7.3-1) unstable; urgency=medium * New upstream version 1.7.3 - Don't count CNAME response types received during qname minimisation as query restart. (Closes: #900800) -- Robert Edmonds Thu, 21 Jun 2018 12:45:09 -0400 unbound (1.7.2-1) unstable; urgency=medium [ Robert Edmonds ] * New upstream version 1.7.2 * debian/control: Update Maintainer field (Closes: #899758) [ Vincent Bernat ] * daemon/daemon.c: Fix reload hangs with systemd (Closes: #892914) -- Robert Edmonds Wed, 20 Jun 2018 17:30:34 -0400 unbound (1.7.1-1) unstable; urgency=medium [ Robert Edmonds ] * debian/control: Update Vcs-* links to use salsa.debian.org URLs * New upstream version 1.7.1 [ Simon Deziel ] * debian/apparmor-profile: Add capabilities to chown/chmod Unix control socket (Closes: #891705) * debian/apparmor-profile: Allow reading /var/lib/sss/mc/initgroups * debian/apparmor-profile: Permit unbound to notify readiness to systemd (Closes: #867186) * debian/apparmor-profile: Let unbound r/w anywhere under /var/lib/unbound (Closes: #882731) * debian/apparmor-profile: Use attach_disconnected -- Robert Edmonds Wed, 23 May 2018 15:41:54 -0400 unbound (1.6.7-1) unstable; urgency=medium * New upstream version 1.6.7 -- Robert Edmonds Sun, 15 Oct 2017 17:46:46 -0400 unbound (1.6.6-1) unstable; urgency=medium * New upstream version 1.6.6 * debian/control: Drop obsolete build-depends on dh-systemd * debian/control: Bump Standards-Version to 4.1.1 (no changes) -- Robert Edmonds Sat, 07 Oct 2017 00:40:08 -0400 unbound (1.6.5-1) unstable; urgency=high [ Robert Edmonds ] * New upstream version 1.6.5 - Fix install of trust anchor when two anchors are present, makes both valid. Checks hash of DS but not signature of new key. This fixes installs between sep11 and oct11 2017. * debian/rules: Enable EDNS Client Subnet in daemon [ Simon Deziel ] * debian/unbound.service: Set PIDFile= (Closes: #867192) [ Antony Antony ] * debian/rules: Enable libevent for libunbound2 API (Closes: #871675) -- Robert Edmonds Tue, 22 Aug 2017 22:50:56 -0400 unbound (1.6.4-1) unstable; urgency=medium [ Robert Edmonds ] * New upstream version 1.6.4 - Fixes 'malformed packet DoS when "use-caps-for-id" enabled' (Closes: #864730) * debian/copyright: Use https form of the copyright-format URL * debian/copyright: Bump NLnet Labs copyright years through 2017 * debian/control: Bump Standards-Version to 4.0.0 * debian/: Enable systemd support * debian/unbound.service: Use Type=notify process start-up type (Closes: #866804) * debian/: Enable experimental pluggable event base libunbound API (Closes: #859584) * debian/control: Add Depends on lsb-base to satisfy lintian's "init.d-script-needs-depends-on-lsb-base" [ Steve Langasek ] * debian/control: Build-Depend on python '-dev' packages, not '-all-dev' (Closes: #864334, #866770) [ Steven Chamberlain ] * Allow use of libbsd functions with configure option --with-libbsd * debian/: Configure with --with-libbsd (Closes: #853751) -- Robert Edmonds Mon, 03 Jul 2017 16:30:17 -0400 unbound (1.6.0-3) unstable; urgency=medium * Cherry-pick upstream commit svn r4000, "Include root trust anchor id 20326 in unbound-anchor". (Closes: #855484) -- Robert Edmonds Sun, 19 Feb 2017 20:04:34 -0500 unbound (1.6.0-2) unstable; urgency=high [ Helmut Grohne ] * Only use fake_dsa when HAVE_SSL is defined (Closes: #848339) -- Robert Edmonds Sun, 18 Dec 2016 15:00:12 -0500 unbound (1.6.0-1) unstable; urgency=medium [ Robert Edmonds ] * New upstream version 1.6.0 [ Helmut Grohne ] * Add pkg.unbound.libonly build profile. (Closes: #847130) -- Robert Edmonds Thu, 15 Dec 2016 15:26:15 -0500 unbound (1.5.10-3) unstable; urgency=medium [ Helmut Grohne ] * Fix FTCBFS: (Closes: #845941) + Convert python Build-Depends to cross-friendly ones. + Let dh_auto_configure pass --host to ./configure. -- Robert Edmonds Sun, 27 Nov 2016 14:41:30 -0500 unbound (1.5.10-2) unstable; urgency=medium * debian/unbound.install: Install usr/sbin/unbound-checkconf (Closes: #842797) -- Robert Edmonds Tue, 01 Nov 2016 16:37:52 -0400 unbound (1.5.10-1) unstable; urgency=medium * New upstream version 1.5.10 - Fixes FTBFS with OpenSSL 1.1.0 (Closes: #828584) * debian/: Build libunbound against nettle (Closes: #828699) * debian/: Support Python 3 (Closes: #835972) * debian/rules: Install libunbound.pc into the libunbound-dev package * debian/copyright: Update -- Robert Edmonds Tue, 04 Oct 2016 03:43:45 -0400 unbound (1.5.9-3) unstable; urgency=medium [ Nicolas Braud-Santoni ] * debian/: Ship AppArmor profile (Closes: #518002) * debian/control: Use HTTPS for Vcs-Git link * debian/unbound.service: Add documentation to the systemd unit file * debian/control: Bump Standards-Version to 3.9.8 (no changes) -- Robert Edmonds Sat, 06 Aug 2016 14:51:52 -0400 unbound (1.5.9-2) unstable; urgency=low * debian/unbound.init: Call start-stop-daemon with --retry for 'stop' action (based on patch from Julien Cristau) * debian/: Add unbound.service, unbound-resolvconf.service (Closes: #826241) (Thanks to Michael Biebl) * debian/rules: Configure with --with-rootkey-file=/var/lib/unbound/root.key -- Robert Edmonds Sun, 24 Jul 2016 19:48:56 -0400 unbound (1.5.9-1) unstable; urgency=medium * Imported Upstream version 1.5.9 - Updated L-Root IPv6 address (Closes: #818292) * debian/unbound.init: Add "pidfile" magic comment (Closes: #807132) * debian/libunbound2.symbols: Add new symbol 'ub_ctx_create_ub_event' * Enable DNS query name minimisation by default -- Robert Edmonds Fri, 10 Jun 2016 23:01:15 -0400 unbound (1.5.8-1) unstable; urgency=medium * Imported Upstream version 1.5.8 * debian/libunbound2.symbols: Add new symbol 'ub_ctx_set_stub' * debian/unbound.postinst: Clean up permissions on the resolvconf forwarder hook on upgrades (Closes: #816425) -- Robert Edmonds Sun, 06 Mar 2016 22:52:28 -0500 unbound (1.5.7-2) unstable; urgency=medium * debian/control: Add dh-python to Build-Depends * debian/: Install contrib/update-anchor.sh, contrib/unbound_munin_ (Closes: #573329) * Makefile.in: Pass PYTHON_CPPFLAGS to swig instead of CPPFLAGS (Closes: #809055) * debian/: Run "wrap-and-sort -sabt" * debian/resolvconf: No longer use RESOLVCONF_FORWARDERS from /etc/default/unbound * debian/unbound.postinst: Remove unbound-anchor invocation * debian/package-helper: Add helper script for init scripts and resolvconf * debian/unbound.init: Rewrite to use package-helper script * debian/unbound.default: Remove * debian/unbound.maintscript: Remove conffile /etc/default/unbound * debian/resolvconf-package: Add resolvconf packaging-event hook script (Closes: #777228) * debian/control: unbound: Depend on dns-root-data, for root trust anchor updates (Closes: #760461) * debian/rules: Disable the resolvconf update.d hook by default * debian/gbp.conf: Remove [dch] id-length * debian/NEWS.Debian: Add NEWS entry for 1.5.7-2 * debian/unbound.postinst: Always chown /var/lib/unbound (Closes: #763901) * debian/package-helper: Invoke unbound-anchor as user/group unbound * debian/: unbound.doc -> unbound.docs; Actually install upstream docs * debian/unbound.docs: Install doc/README.DNS64 * debian/unbound.docs: Install debian/NEWS.Debian * debian/package-helper: Clean old chroot files (Closes: #790392) (Patch from Simon Deziel) -- Robert Edmonds Sun, 21 Feb 2016 16:22:23 -0500 unbound (1.5.7-1) unstable; urgency=medium * [3cf7971b] debian/control: Vcs-Browser should point to cgit (Closes: #804437) * [66955294] Imported Upstream version 1.5.7 -- Robert Edmonds Sat, 12 Dec 2015 14:48:03 -0500 unbound (1.5.6-1) unstable; urgency=medium * [0d5117d5] Imported Upstream version 1.5.4 * [8327e145] Imported Upstream version 1.5.5 * [eb2adc8c] Imported Upstream version 1.5.6 - Closes: #796934, #803042. * [5a973651] debian/control: Update Maintainer, Uploaders for pkg-dns * [543459fa] debian/control: Update Vcs-Browser, Vcs-Git * [b69e513f] debian/: Run "wrap-and-sort -sbt" * [730f3622] debian/gbp.conf: Add [dch] section * [6b383656] debian/: Enable dnstap support -- Robert Edmonds Sun, 08 Nov 2015 01:26:27 -0500 unbound (1.5.3-1) experimental; urgency=medium * New upstream release. -- Robert Edmonds Sat, 14 Mar 2015 14:16:27 -0400 unbound (1.5.2-1) experimental; urgency=medium * New upstream release. * Migrate pidfile from /var/run to /run; closes: #773247. * Fix unbound-checkconf to recognize "python" in module-config; closes: #777193. -- Robert Edmonds Sat, 28 Feb 2015 21:04:03 -0500 unbound (1.5.1-1) experimental; urgency=medium * New upstream release. - Fix CVE-2014-8602: denial of service by making resolver chase endless series of delegations. -- Robert Edmonds Mon, 08 Dec 2014 15:08:30 -0500 unbound (1.5.0~rc1-1) experimental; urgency=medium * New upstream release. * Upload to experimental. -- Robert Edmonds Tue, 11 Nov 2014 19:18:44 -0500 unbound (1.4.22-2) unstable; urgency=medium * Drop unneeded Build-Dependency on doxygen. * Drop unneeded Build-Dependency on automake. (Unbound does not use automake.) * Use dh_autotools-dev_updateconfig to update the config.{guess,sub} files at build time; closes: #746313. -- Robert S. Edmonds Mon, 18 Aug 2014 16:20:28 -0400 unbound (1.4.22-1) unstable; urgency=medium * New upstream release. * Drop Build-Dependency on libldns-dev. Unbound no longer relies on libldns. -- Robert S. Edmonds Wed, 12 Mar 2014 13:21:58 -0400 unbound (1.4.21-1) unstable; urgency=low * New upstream release. * Don't compress the example config file in /usr/share/doc/unbound; closes: #722708. * Fully enable hardening options; closes: #709837. (Patch from Simon Deziel.) * Add support for .d style configuration in /etc/unbound/unbound.conf.d; closes: #656549. * Move auto-trust-anchor-file configuration for the root into the new /etc/unbound/unbound.conf.d directory. -- Robert S. Edmonds Thu, 19 Sep 2013 21:45:39 -0400 unbound (1.4.20-1) unstable; urgency=low * New upstream release. - Updates IPv4 address hint for D.ROOT-SERVERS.NET; closes: #697351. * Correct exit code for "/etc/init.d/unbound status"; closes: #685052. (Patch from micah anderson.) * Finish dh_python2 conversion; closes: #697575. (Patch from Micah Gersten.) * Check for multiarch Python headers; closes: #697576. (Patch from Micah Gersten.) * Automatically set up the chroot directory if enabled; closes: #579622. (Patch from Simon Deziel.) -- Robert S. Edmonds Sat, 13 Apr 2013 15:34:47 -0400 unbound (1.4.19-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Fri, 14 Dec 2012 21:33:42 -0500 unbound (1.4.18-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Sun, 05 Aug 2012 21:54:05 -0400 unbound (1.4.17-2) unstable; urgency=low * Build-depend on libldns-dev (>= 1.6.13~) for ECDSA support. -- Robert S. Edmonds Mon, 28 May 2012 14:19:57 -0400 unbound (1.4.17-1) unstable; urgency=low * New upstream release; closes: #674434. * Implement 'status' command in init script; closes: #666388. * Fix build system bug that negated fully hardening the build; closes: #658021. (Patch from Simon Ruderich.) * Disable ECDSA support (for now) as this requires a newer ldns than is in the archive. -- Robert S. Edmonds Sun, 27 May 2012 16:41:41 -0400 unbound (1.4.16-2) unstable; urgency=low * Enable hardened build flags; closes: #658021. -- Robert S. Edmonds Sat, 21 Apr 2012 15:35:16 -0400 unbound (1.4.16-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Sun, 05 Feb 2012 20:02:24 -0500 unbound (1.4.14-2) unstable; urgency=high * Work around gcc bugs by disabling link time optimization on build architectures that are not i386/amd64. -- Robert S. Edmonds Wed, 21 Dec 2011 15:52:17 -0500 unbound (1.4.14-1) unstable; urgency=high * New upstream release. - CVE-2011-4528. * Call dh_python2 in debian/rules; closes: #652294. -- Robert S. Edmonds Mon, 19 Dec 2011 11:00:46 -0500 unbound (1.4.13-2) unstable; urgency=low * Reduce the run-time dependencies of libunbound and the unbound-* utilities. -- Robert S. Edmonds Sat, 29 Oct 2011 16:16:19 -0400 unbound (1.4.13-1) unstable; urgency=low * New upstream release. * Only install forwarders learned from resolvconf into unbound if RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #637198. * Split unbound-anchor utility into separate binary package. * Support multi-arch. * Fix FTBFS with dpkg-dev 1.16.1. -- Robert S. Edmonds Sun, 23 Oct 2011 16:55:45 -0400 unbound (1.4.12-1) unstable; urgency=medium * New upstream release. -- Robert S. Edmonds Mon, 18 Jul 2011 15:56:42 -0400 unbound (1.4.11-1) unstable; urgency=low * New upstream release. * Fix FTBFS with default python >> 2.6; closes: #625520. -- Robert S. Edmonds Sun, 03 Jul 2011 16:32:49 -0400 unbound (1.4.10-1) unstable; urgency=low * New upstream release: - CVE-2011-1922. -- Robert S. Edmonds Wed, 25 May 2011 15:48:34 -0700 unbound (1.4.9-2) unstable; urgency=low * Build-depend on libldns-dev (>= 1.6.9-2~) for GOST support. * Configure without --disable-gost. -- Robert S. Edmonds Sun, 03 Apr 2011 14:31:40 -0400 unbound (1.4.9-1) unstable; urgency=low * New upstream release. * Convert packaging to git. * Configure with --with-pythonmodule. * Configure with --with-pyunbound. * Build new python-unbound package; closes: #542094. * Automatically create and remove remote control key material on package configuration and package purge. * Set default remote control port to 53953 to avoid conflicting with the bind9 package's default use of port 953 for rndc. * Securely fetch or update the root trust anchor at postinst and before starting the unbound daemon if ROOT_TRUST_ANCHOR_UPDATE is set in /etc/default/unbound; closes: #594911. * If unbound is listening on a loopback address, provide this address as a nameserver to resolvconf if RESOLVCONF is enabled in /etc/default/unbound; closes: #562031. * Configure resolvconf discovered nameservers as forwarders if RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #567879. * Don't exit from the init script with an error if UNBOUND_ENABLE is not true; default UNBOUND_ENABLE to true if the default file is missing entirely; closes: #618815. * Support /etc/init.d/unbound reload; closes: #620256. -- Robert S. Edmonds Sat, 02 Apr 2011 22:52:16 -0400 unbound (1.4.8-2) unstable; urgency=low * Add build-dependency on libexpat1-dev; closes: #612261. * Install unbound-anchor utility in unbound package. -- Robert S. Edmonds Mon, 07 Feb 2011 16:06:00 -0500 unbound (1.4.8-1) unstable; urgency=low * New upstream release; closes: #611527. * Add /etc/insserv.conf.d/unbound file declaring unbound to be a name daemon; closes: #596488, #600118. -- Robert S. Edmonds Sun, 06 Feb 2011 23:33:04 -0500 unbound (1.4.6-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Sun, 15 Aug 2010 18:26:43 -0400 unbound (1.4.5-1) unstable; urgency=low * New upstream release. * Add dependency on openssl to the unbound binary package; closes: #585808. -- Robert S. Edmonds Sun, 20 Jun 2010 16:50:42 -0400 unbound (1.4.4-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Thu, 22 Apr 2010 15:24:06 -0400 unbound (1.4.3-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Thu, 11 Mar 2010 15:55:33 -0500 unbound (1.4.2-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Tue, 09 Mar 2010 14:13:31 -0500 unbound (1.4.1-2) unstable; urgency=low * Invoke dh_installinit with --restart-after-upgrade; closes: #563033. -- Robert S. Edmonds Tue, 29 Dec 2009 21:54:26 -0500 unbound (1.4.1-1) unstable; urgency=low * New upstream release. * Document copyright status of util/configparser.c, util/configparser.h; closes: #552066. * Enable libev support; closes: #552424. -- Robert S. Edmonds Sat, 26 Dec 2009 17:19:10 -0500 unbound (1.4.0-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Fri, 04 Dec 2009 20:32:52 -0800 unbound (1.3.4-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Wed, 07 Oct 2009 12:59:21 -0400 unbound (1.3.3-1) unstable; urgency=low * New upstream release. * Drop .la file from libunbound-dev; closes: #541640. -- Robert S. Edmonds Sun, 23 Aug 2009 13:25:53 -0400 unbound (1.3.2-1) unstable; urgency=low * New upstream release. -- Robert S. Edmonds Mon, 13 Jul 2009 05:50:47 -0400 unbound (1.3.0-1) unstable; urgency=low * New upstream release; closes: #533613. * Move pid file to /var/run; closes: #533611. * Use "unbound-checkconf -o pidfile" in init script to determine pid file location (thanks Michael Tokarev). -- Robert S. Edmonds Mon, 29 Jun 2009 01:10:00 -0400 unbound (1.2.1-2) unstable; urgency=low * Closes: #527753, #509535. -- Robert S. Edmonds Sat, 09 May 2009 16:46:32 -0400 unbound (1.2.1-1) unstable; urgency=low * New upstream release. * Remove init script chroot setup. -- Robert S. Edmonds Sat, 28 Feb 2009 19:46:09 -0500 unbound (1.0.2-1.2) unstable; urgency=low * Enable unbound by default (Closes: #508884) * Call dh_installinit with --error-handler=true (Closes: #500176) -- Ondřej Surý Tue, 16 Dec 2008 11:54:15 +0100 unbound (1.0.2-1.1) unstable; urgency=low [ Hideki Yamane (Debian-JP) ] * debian/{unbound.init,unbound.default} + set not start by default, to avoid that port 53 blocking by other name servers will cause install problems * debian/unbound.prerm + fix lintian "unbound: maintainer-script-hides-init-failure prerm:5" error [ Ondřej Surý ] * Non-maintainer upload. * Minor tweaks to patched init.d file to make it work. -- Ondřej Surý Mon, 15 Dec 2008 19:54:44 +0100 unbound (1.0.2-1) unstable; urgency=low * New upstream release; + stricter filtering of DNS messages to combat cache poisoning -- Robert S. Edmonds Mon, 25 Aug 2008 01:03:59 -0400 unbound (1.0.1-2) unstable; urgency=low * unbound tries too hard to chroot(); ship a default config that doesn't fail to start on new installs; closes: #492243. -- Robert S. Edmonds Sat, 02 Aug 2008 17:46:24 -0400 unbound (1.0.1-1) unstable; urgency=low * New upstream release. * Drop 'return' from init script; closes: #488650. -- Robert S. Edmonds Wed, 16 Jul 2008 12:38:55 -0400 unbound (1.0.0-3) unstable; urgency=low * Lintian clean; closes: #485438. * Don't chroot by default; note manual syslog configuration in README.Debian; closes: #486303. * Update to policy 3.8.0.0. -- Robert S. Edmonds Sun, 15 Jun 2008 17:25:04 -0400 unbound (1.0.0-2) unstable; urgency=low * Fix Build-Deps. * Split unbound-host into a separate package. -- Robert S. Edmonds Sun, 25 May 2008 16:12:21 -0400 unbound (1.0.0-1) unstable; urgency=low * Initial release; closes: #482277. -- Robert S. Edmonds Wed, 21 May 2008 14:13:28 -0400