summaryrefslogtreecommitdiffstats
path: root/debian/changelog
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 07:24:23 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 07:24:23 +0000
commit1e99b22ed2aa3bfed7ae8a7c1ca5c4bb99148a0e (patch)
treeff57125a72fceeaa526bb76fda2bcd1adfd4c20f /debian/changelog
parentAdding upstream version 1:9.16.44. (diff)
downloadbind9-1e99b22ed2aa3bfed7ae8a7c1ca5c4bb99148a0e.tar.xz
bind9-1e99b22ed2aa3bfed7ae8a7c1ca5c4bb99148a0e.zip
Adding debian version 1:9.16.44-1~deb11u1.debian/1%9.16.44-1_deb11u1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog3250
1 files changed, 3250 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..53e35f5
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,3250 @@
+bind9 (1:9.16.44-1~deb11u1) bullseye-security; urgency=high
+
+ * New upstream version 9.16.44
+ - CVE-2023-3341: A stack exhaustion flaw in control channel code may
+ cause named to terminate unexpectedly
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 21 Sep 2023 19:30:52 +0200
+
+bind9 (1:9.16.42-1~deb11u1) bullseye-security; urgency=high
+
+ * Update the upstream signing keys
+ * New upstream version 9.16.42
+ - CVE-2023-2828: The overmem cleaning process has been improved,
+ to prevent the cache from significantly exceeding the configured
+ max-cache-size limit.
+ - CVE-2023-2911: A query that prioritizes stale data over lookup
+ triggers a fetch to refresh the stale data in cache. If the fetch
+ is aborted for exceeding the recursion quota, it was possible for
+ named to enter an infinite callback loop and crash due to stack
+ overflow. This has been fixed.
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 21 Jun 2023 20:31:51 +0200
+
+bind9 (1:9.16.37-1~deb11u1) bullseye-security; urgency=high
+
+ * New upstream version 9.16.37
+ - CVE-2022-3094: An UPDATE message flood could cause named
+ to exhaust all available memory.
+ - CVE-2022-3736: named could crash with an assertion failure
+ when an RRSIG query was received and stale-answer-client-timeout
+ was set to a non-zero value.
+ - CVE-2022-3924: named running as a resolver with the
+ stale-answer-client-timeout option set to any value greater
+ than 0 could crash with an assertion failure, when the
+ recursive-clients soft quota was reached.
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 25 Jan 2023 16:22:22 +0100
+
+bind9 (1:9.16.33-1~deb11u1) bullseye-security; urgency=high
+
+ * New upstream version 9.16.33
+ - CVE-2022-2795: Processing large delegations may severely degrade
+ resolver performance
+ - CVE-2022-2881: Buffer overread in statistics channel code
+ - CVE-2022-2906: Memory leaks in code handling Diffie-Hellman key
+ exchange via TKEY RRs (OpenSSL 3.0.0+ only)
+ - CVE-2022-3080: BIND 9 resolvers configured to answer from stale
+ cache with zero stale-answer-client-timeout may terminate unexpectedly
+ - CVE-2022-38177: Memory leak in ECDSA DNSSEC verification code
+ - CVE-2022-38178: Memory leaks in EdDSA DNSSEC verification code
+ * Drop libldap2-dev from Build-Depends (Closes: #1008021)
+ * Add runtime dependency on libuv1 >= 1.40.0 (Closes: #1009889)
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 21 Sep 2022 12:40:02 +0200
+
+bind9 (1:9.16.27-1~deb11u1) bullseye-security; urgency=high
+
+ * New upstream version 9.16.27
+ * CVE-2022-0396: A synchronous call to closehandle_cb() caused
+ isc__nm_process_sock_buffer() to be called recursively, which in turn
+ left TCP connections hanging in the CLOSE_WAIT state blocking
+ indefinitely when out-of-order processing was disabled.
+ * CVE-2021-25220: The rules for acceptance of records into the cache
+ have been tightened to prevent the possibility of poisoning if
+ forwarders send records outside the configured bailiwick
+ * Remove patch to fix sphinx-build failure (fixed upstream)
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 14 Mar 2022 15:25:15 +0100
+
+bind9 (1:9.16.22-1~deb11u1) bullseye-security; urgency=high
+
+ * New upstream version 9.16.22
+ + CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This
+ effectively disables the lame server cache, as it could previously be
+ abused by an attacker to significantly degrade resolver performance.
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 25 Oct 2021 13:29:14 +0200
+
+bind9 (1:9.16.15-1) unstable; urgency=high
+
+ * New upstream version 9.16.15 (Closes: #987741, #987742, #987743)
+ + CVE-2021-25214: A malformed incoming IXFR transfer could trigger an
+ assertion failure in ``named``, causing it to quit abnormally.
+ + CVE-2021-25215: ``named`` crashed when a DNAME record placed in the
+ ANSWER section during DNAME chasing turned out to be the final
+ answer to a client query.
+ + CVE-2021-25216: When a server's configuration set the
+ ``tkey-gssapi-keytab`` or ``tkey-gssapi-credential`` option, a
+ specially crafted GSS-TSIG query could cause a buffer overflow in
+ the ISC implementation of SPNEGO (a protocol enabling negotiation of
+ the security mechanism used for GSSAPI authentication).
+ * Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 29 Apr 2021 09:11:32 +0200
+
+bind9 (1:9.16.13-1) unstable; urgency=medium
+
+ * New upstream version 9.16.13
+ * Add upstream patches to fix TCP timeouts firing too early
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 18 Mar 2021 14:23:49 +0100
+
+bind9 (1:9.16.12-3) unstable; urgency=medium
+
+ * Add most important patches from upcoming 9.16.13 release
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 12 Mar 2021 09:59:49 +0100
+
+bind9 (1:9.16.12-2) unstable; urgency=medium
+
+ * Add patch to fix sphinx-build failure on Ubuntu Xenial
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 18 Feb 2021 12:26:09 +0100
+
+bind9 (1:9.16.12-1) unstable; urgency=high
+
+ * New upstream version 9.16.12
+ + [CVE-2020-8625]: Fix off-by-one bug in ISC SPNEGO implementation.
+ (Closes: #983004)
+ * Adjust the bind9-libs and bind9-dev packages for new upstream library
+ names
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 18 Feb 2021 08:13:58 +0100
+
+bind9 (1:9.16.11-3) unstable; urgency=medium
+
+ * Split the simple validation test to separate file and mark it as flaky
+ (Closes: #976045)
+
+ -- Ondřej Surý <ondrej@debian.org> Sun, 14 Feb 2021 20:04:39 +0100
+
+bind9 (1:9.16.11-2) unstable; urgency=medium
+
+ * Cherry-pick upstream commit to fix segfault with named ACLs used in
+ allow-update (Closes: #980786)
+
+ -- Bernhard Schmidt <berni@debian.org> Fri, 29 Jan 2021 08:27:31 +0100
+
+bind9 (1:9.16.11-1) unstable; urgency=medium
+
+ * Add the ISC code-signing key for 2021-2022
+ * New upstream version 9.16.11
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 21 Jan 2021 09:58:33 +0100
+
+bind9 (1:9.16.10-1) unstable; urgency=medium
+
+ * New upstream version 9.16.10
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 16 Dec 2020 22:22:25 +0100
+
+bind9 (1:9.16.9-1) unstable; urgency=medium
+
+ * New upstream version 9.16.9
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 26 Nov 2020 12:52:28 +0100
+
+bind9 (1:9.16.8-1) unstable; urgency=medium
+
+ [ Ondřej Surý ]
+ * New upstream version 9.16.8
+
+ [ Bernhard Schmidt ]
+ * d/t/control:
+ - tag autopkgtest with needs-internet (Closes: #973955)
+ - depend on bind9-dnsutils insead of the transitional dnsutils
+ * d/rules: change deprecated --with-libjson-c configure argument to
+ --with-json-c
+
+ -- Bernhard Schmidt <berni@debian.org> Mon, 09 Nov 2020 23:03:53 +0100
+
+bind9 (1:9.16.7-1) unstable; urgency=medium
+
+ * New upstream version 9.16.7
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 17 Sep 2020 10:36:51 +0200
+
+bind9 (1:9.16.6-3) unstable; urgency=medium
+
+ [ Ondřej Surý ]
+ * Add upstream patches to fix some rare conditions (Closes: #969448)
+
+ [ Bernhard Schmidt ]
+ * Set Restart=on-failure in systemd unit
+
+ -- Bernhard Schmidt <berni@debian.org> Tue, 15 Sep 2020 00:26:14 +0200
+
+bind9 (1:9.16.6-2) unstable; urgency=medium
+
+ * Move Build-Depends for documentation to Build-Depends-Indep, this
+ should fix the arch-any build on s390x where xindy is not available.
+
+ -- Bernhard Schmidt <berni@debian.org> Sat, 22 Aug 2020 20:06:00 +0200
+
+bind9 (1:9.16.6-1) unstable; urgency=medium
+
+ * New upstream version 9.16.6
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 20 Aug 2020 21:32:46 +0200
+
+bind9 (1:9.16.5-1) unstable; urgency=medium
+
+ * New upstream version 9.16.5
+ * Add fonts-freefont-otf, latexmk, texlive-fonts-recommended,
+ texlive-latex-recommended, texlive-xetex, xindy to Build-Depends
+ * Install man pages for tsig-gen and named-compilezone
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 16 Jul 2020 00:29:57 +0200
+
+bind9 (1:9.16.4-1) unstable; urgency=medium
+
+ * New upstream version 9.16.4
+ * Update Debian packaging for sphinx-doc documentation
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 17 Jun 2020 09:27:29 +0200
+
+bind9 (1:9.16.3-1) unstable; urgency=medium
+
+ * New upstream version 9.16.3
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 19 May 2020 14:14:35 +0200
+
+bind9 (1:9.16.2-3) unstable; urgency=medium
+
+ [ Simon Deziel ]
+ * apparmor: use profile name specifier
+
+ -- Bernhard Schmidt <berni@debian.org> Thu, 23 Apr 2020 11:45:43 +0200
+
+bind9 (1:9.16.2-2) unstable; urgency=medium
+
+ * Update gbp.conf to debian/master and upstream/latest
+ * Reintroduce the bind9-dev package (Closes: #954906)
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 16 Apr 2020 12:14:44 +0200
+
+bind9 (1:9.16.2-1) unstable; urgency=medium
+
+ * Update d/copyright (Closes: #947978)
+ * New upstream version 9.16.2 (Closes: #952946, #954919)
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 16 Apr 2020 10:07:07 +0200
+
+bind9 (1:9.16.1-2) unstable; urgency=medium
+
+ [ Andreas Hasenack ]
+ * Bring back the DEP8 test from sid
+ * Use iproute2 instead of net-tools
+ * d/control: drop hardcoded python3 dependency
+
+ [ Bernhard Schmidt ]
+ * Fix apparmor profile name.
+ Thanks to Andreas Hasenack
+ * Enable readline support
+
+ [ Andreas Hasenack ]
+ * Update apparmor profile with what is in sid
+ * Create the missing transitional packages for dnsutils, bind9utils
+ * There is a licensing conflict with adding libreadline and we should
+ use libedit-dev instead.
+
+ [ Ondřej Surý ]
+ * Add Breaks: freeipa, so the package doesn't migrate to testing before freeipa is fixed
+
+ -- Ondřej Surý <ondrej@debian.org> Sun, 22 Mar 2020 09:21:21 +0100
+
+bind9 (1:9.16.1-1) experimental; urgency=medium
+
+ * New upstream version 9.16.1
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 20 Mar 2020 13:59:34 +0100
+
+bind9 (1:9.16.0-1) experimental; urgency=medium
+
+ * Change the branch to 9.16
+ * New upstream version 9.16.0
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 20 Feb 2020 10:54:34 +0100
+
+bind9 (1:9.15.8-1) experimental; urgency=medium
+
+ * New upstream version 9.15.8
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 23 Jan 2020 14:58:01 +0100
+
+bind9 (1:9.15.7-1) experimental; urgency=medium
+
+ * Add libuv1-dev, libcmocka-dev, libedit-dev and zlib1g-dev to B-D
+ * Update d/watch to use tar.xz
+ * New upstream version 9.15.7
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 19 Dec 2019 09:40:52 +0100
+
+bind9 (1:9.15.6-1) experimental; urgency=medium
+
+ * Remove useless patches
+ * New upstream version 9.15.6
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 20 Nov 2019 21:58:06 +0100
+
+bind9 (1:9.15.5-1) experimental; urgency=medium
+
+ * New upstream version 9.15.5
+ * Install python files to dist-packages (Courtesy of Jim Popovitch)
+ * Remove GPL licensed apport file until one with better license is available
+ * Remove debian/nslookup.1
+ * Remove 4-clause BSD content from the package
+
+ -- Ondřej Surý <ondrej@sury.org> Thu, 17 Oct 2019 08:41:55 +0200
+
+bind9 (1:9.15.4-1) unstable; urgency=medium
+
+ * New upstream version 9.15.4
+
+ -- Ondřej Surý <ondrej@sury.org> Mon, 23 Sep 2019 11:54:32 +0200
+
+bind9 (1:9.15.3-2) unstable; urgency=medium
+
+ * Fix the section for bind9 alias in the systemd unit [GL #1193]
+
+ -- Ondřej Surý <ondrej@sury.org> Wed, 28 Aug 2019 21:35:44 +0200
+
+bind9 (1:9.15.3-1) unstable; urgency=medium
+
+ * New upstream version 9.15.3
+ * isc-config has been removed, remove it from the debian/
+
+ -- Ondřej Surý <ondrej@sury.org> Mon, 26 Aug 2019 10:26:41 +0200
+
+bind9 (1:9.15.2-2) unstable; urgency=medium
+
+ * Tighten libmaxminddb-dev dependency
+ * Install the tmpfile for named service again
+
+ -- Ondřej Surý <ondrej@sury.org> Wed, 07 Aug 2019 11:11:13 +0200
+
+bind9 (1:9.15.2-1) unstable; urgency=medium
+
+ * New upstream version 9.15.2
+ * Disable old GeoIP and enable new GeoIP2
+
+ -- Ondřej Surý <ondrej@sury.org> Thu, 18 Jul 2019 10:09:29 +0200
+
+bind9 (1:9.15.1-2) experimental; urgency=medium
+
+ * Change --with-json=/usr to --with-json-c (and use pkg-config)
+
+ -- Ondřej Surý <ondrej@sury.org> Thu, 20 Jun 2019 00:34:27 +0200
+
+bind9 (1:9.15.1-1) experimental; urgency=medium
+
+ * New upstream version 9.15.1
+ * Rebase patches for 9.15.1
+
+ -- Ondřej Surý <ondrej@sury.org> Thu, 20 Jun 2019 00:27:55 +0200
+
+bind9 (1:9.15.0-2) experimental; urgency=medium
+
+ * Fix Debian buster armhf build
+
+ -- Ondřej Surý <ondrej@sury.org> Tue, 21 May 2019 20:04:34 +0200
+
+bind9 (1:9.15.0-1) experimental; urgency=medium
+
+ * Update debian/ for BIND 9.15
+ * New upstream version 9.15.0
+
+ -- Ondřej Surý <ondrej@sury.org> Tue, 21 May 2019 13:19:38 +0200
+
+bind9 (1:9.14.2-1) experimental; urgency=medium
+
+ * Make named.service to be known as bind9.service
+ * New upstream version 9.14.2
+
+ -- Ondřej Surý <ondrej@sury.org> Tue, 21 May 2019 13:08:43 +0200
+
+bind9 (1:9.14.1-1) experimental; urgency=medium
+
+ [ Ondřej Surý ]
+ * New upstream version 9.14.1
+ * Remove the transitional packages and only keep bind9 names as the
+ product name is 'BIND 9'
+
+ [ Bernhard Schmidt ]
+ * Update AppArmor policy for Samba AD DLZ.
+ Thanks to Steven Monai (Closes: #920530)
+ * More fixes to the AppArmor policy
+ * AppArmor policy: Allow access to /dev/urandom
+ * AppArmor: Also add /var/lib/samba/bind-dns/dns/** (Closes: #927827)
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 26 Apr 2019 08:57:57 +0000
+
+bind9 (1:9.14.0-1) experimental; urgency=medium
+
+ * New upstream version 9.14.0
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 22 Mar 2019 09:17:03 +0000
+
+bind9 (1:9.14.0~rc3-1) experimental; urgency=medium
+
+ * New upstream version 9.14.0~rc3
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 18 Mar 2019 12:34:17 +0000
+
+bind9 (1:9.14.0~rc2-1) experimental; urgency=medium
+
+ * New upstream version 9.14.0~rc2
+ * Plugins are now in /usr/lib/<triplet>/named/*.so
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 11 Mar 2019 12:42:47 +0000
+
+bind9 (1:9.14.0~rc1-1) experimental; urgency=medium
+
+ * Update branches for DEP-14
+ * Bump the d/watch from 9.13 -> 9.14
+ * New upstream version 9.14.0~rc1
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 01 Mar 2019 10:44:30 +0000
+
+bind9 (1:9.13.6-2) experimental; urgency=medium
+
+ * Add B/R for dnsutils
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 20 Feb 2019 12:20:08 +0000
+
+bind9 (1:9.13.6-1) experimental; urgency=medium
+
+ [ Ondřej Surý ]
+ * New upstream version 9.13.6
+ * Add usr/share/man/man8/filter-aaaa.8 to the bind package
+ * Rename packages back to BIND 9
+ * Rename the init scripts to named to match the name of the daemon
+ * Bump to debhelper compat level 12
+ * Fix dh_install, dh_installinit and dh_installsystemd invocation for
+ debhelper-compat level 12
+ * Add new upstream GPG signing-key
+ * Disable building in subdirectory
+ * Add bind-libs transitional package to cleanly remove src:bind from the
+ archive
+ * Disable subdirectory build in dh_auto_install target
+ * Disable dh_auto_test as neither kyua (needed for unit tests) or
+ setting up virtual interfaces on lo (needed for system tests) is
+ available in Debian builds
+
+ [ Dominik George ]
+ * Support dyndb modules in apparmor.
+ * Also allow mapping from dyndb modules.
+
+ [ Bernhard Schmidt ]
+ * apparmor-policy: permit locking of the allow-new-zones database
+ (Closes: #922065)
+ * apparmor-policy: allow access to Samba DLZ files (Closes: #920530)
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 18 Feb 2019 20:02:55 +0000
+
+bind (1:9.13.5-1) experimental; urgency=medium
+
+ * New upstream version 9.13.5
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 18 Dec 2018 14:50:46 +0000
+
+bind (1:9.13.4-1) experimental; urgency=medium
+
+ * Use team+dns@tracker.debian.org as Maintainer address
+ * New upstream version 9.13.4
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 22 Nov 2018 14:56:03 +0000
+
+bind (1:9.13.3-3) experimental; urgency=medium
+
+ * Remove deprecated -r /dev/urandom option from rndc invocation
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 22 Nov 2018 14:55:53 +0000
+
+bind (1:9.13.3-2) experimental; urgency=medium
+
+ * Remove --disable-static from the dh_auto_configure call
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 26 Sep 2018 10:38:05 +0000
+
+bind (1:9.13.3-1) experimental; urgency=medium
+
+ * New upstream version 9.13.3
+ * Rebase patches for BIND 9.13.3
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 10 Sep 2018 08:13:47 +0000
+
+bind (1:9.13.3~400-g47066d3d01-1) experimental; urgency=medium
+
+ * New upstream version 9.13.3~400-g47066d3d01
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 31 Aug 2018 12:47:48 +0000
+
+bind (1:9.13.3~398-g5c00162f54-1) experimental; urgency=medium
+
+ [ Bernhard Schmidt ]
+ * Enable IDN support for dig+host using libidn2 (Closes: #459010)
+ * Use root.hints from dns-root-data (Closes: #888491)
+ * Adjust apparmor profile for dns-root-data
+ * Fix missing colon in AppArmor profile (Closes: #904983)
+ * d/watch: Properly deal with -P patch releases
+
+ [ Timo Aaltonen ]
+ * skip-rtld-deepbind-for-dyndb.diff: Add a patch to fix named-pkcs11 crashing on startup. (LP: #1769440)
+
+ [ Ondřej Surý ]
+ * New upstream version 9.13.3~398-g5c00162f54
+ * Rebase patches for new upstream snapshot release
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 31 Aug 2018 11:39:51 +0000
+
+bind (1:9.13.2-1~exp0) experimental; urgency=medium
+
+ * Don't repack, all non-free files are gone from BIND 9.13
+ * New upstream version 9.13.2
+ * Rebase patches for BIND 9.13.2
+ * Stop providing bind-dev package and checking for symbols, they are not
+ tightly coupled with rest of the package.
+ * Add docbook-xsl and docbook-xml to Build-Depends
+ * Add pkg-config to Build-Depends and cleanup versioned Build-Depends
+ * Enable dnstap support (Courtesy of Richard James Salts)
+ * Remove auth-nxdomain no; from named.conf.options (Closes: #896889)
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 17 Jul 2018 11:15:07 +0000
+
+bind (1:9.13.1+dfsg-1) experimental; urgency=medium
+
+ * New upstream version 9.13.1+dfsg
+ * d/watch: Always package the latest version
+ * d/patches: Remove 0003-Add-min-cache-ttl-and-min-ncache-ttl-keywords.patch,
+ so we less divert from upstream
+ * d/patches: Refresh patches on top of BIND 9.13.1
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 21 Jun 2018 08:10:49 +0000
+
+bind (1:9.12.0+dfsg-1~exp1) experimental; urgency=medium
+
+ * Move to standard master/upstream/pristine-tar branching
+ * Add /etc/default/bind file to bind package
+ * Don't fail the systemd unit if /etc/default/bind doesn't exist
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 24 Jan 2018 14:16:43 +0000
+
+bind (1:9.12.0+dfsg-1~exp0) experimental; urgency=medium
+
+ * New upstream version 9.12.0+dfsg
+ * Rename bind9 to just bind, and merge all shared libraries into bind-libs.
+ * Update Vcs-* links to salsa.d.o
+ * Update d/watch and d/gbp.conf for BIND 9.12
+ * Remove export version of the libraries; we really need to deprecate ISC-DHCP in buster+1
+ * d/patches changes:
+ + Convert 02_version.diff to sed rule in d/rules
+ + Remove the extra native-pkcs11 patch that double builds everything; a solution with OpenSSL engines is far more suitable and less intrusive
+ + Remove stdatomic.h patches; already merged upstream into BIND 9.12
+ + Refresh all the other patches for BIND 9.12.0
+ + Fix the min-(n)cache-ttl patch for BIND 9.12
+ * Remove isc-hmac-fixup from bind package
+ * Remove man3 from bind-dev package as they are not installed
+ * Add dnssec-cds to bind-utils package
+ * Update missing and new symbols for BIND 9.12
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 24 Jan 2018 09:18:13 +0000
+
+bind9 (1:9.11.2.P1-1) unstable; urgency=medium
+
+ * New upstream version 9.11.2-P1
+ * Refresh patches for new release
+
+ -- Ondřej Surý <ondrej@debian.org> Wed, 17 Jan 2018 06:06:04 +0000
+
+bind9 (1:9.11.2+dfsg-10) unstable; urgency=medium
+
+ * Disable lmdb usage in export version of libraries (Closes: #887407)
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 16 Jan 2018 05:59:31 +0000
+
+bind9 (1:9.11.2+dfsg-9) unstable; urgency=medium
+
+ * Fix various mistakes in bind9 conffiles (Closes: #887398)
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 15 Jan 2018 23:12:43 +0000
+
+bind9 (1:9.11.2+dfsg-8) unstable; urgency=medium
+
+ * Pull more stdatomic patch to fix builds on 32-bit architectures
+ * Remove extra native pkcs11 patch (it has been replaced by sed rules)
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 15 Jan 2018 21:02:30 +0000
+
+bind9 (1:9.11.2+dfsg-7) unstable; urgency=medium
+
+ * Pull upstream patch to use C11 stdatomic where available (Closes: #778720)
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 15 Jan 2018 15:59:48 +0000
+
+bind9 (1:9.11.2+dfsg-6) unstable; urgency=medium
+
+ * Add named-nzd2nzf to bind9 package
+ * Simplify installation rules
+ * Enable lmdb (to actually build named-nzd2nzf)
+ * Move delv from bind9 to dnsutils package (Closes: #887326)
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 15 Jan 2018 14:19:31 +0000
+
+bind9 (1:9.11.2+dfsg-5) unstable; urgency=medium
+
+ * Remove duplicate invoke-rc.d start invocation (Closes: #883575)
+ * Don't fail in postrm when /var/lib/bind cannot be removed (Closes: #882999)
+ * Use dh-apparmor for profile management
+ * apparmor-profile: allow changing thread name (Closes: #883228)
+ * Bump debhelper compat level to 10
+ * Bump Standards-Version to 4.1.2, no changes necessary
+
+ -- Bernhard Schmidt <berni@debian.org> Sun, 10 Dec 2017 20:23:12 +0100
+
+bind9 (1:9.11.2+dfsg-4) unstable; urgency=medium
+
+ * Team upload.
+ * Fix symlinks in libbind-export-dev to point to /lib (Closes: #883536)
+
+ -- Bernhard Schmidt <berni@debian.org> Tue, 05 Dec 2017 00:09:25 +0100
+
+bind9 (1:9.11.2+dfsg-3) unstable; urgency=medium
+
+ * Team upload.
+ * Only install files into bind9:any on arch-any builds (Closes: #883448)
+ * Adjust dependencies for udeb packages (Closes: #883449)
+
+ -- Bernhard Schmidt <berni@debian.org> Mon, 04 Dec 2017 10:56:58 +0100
+
+bind9 (1:9.11.2+dfsg-2) unstable; urgency=medium
+
+ * Team upload.
+ * Workaround for FTBFS on binary-any builds (Closes: #883159)
+
+ -- Bernhard Schmidt <berni@debian.org> Sun, 03 Dec 2017 20:36:32 +0100
+
+bind9 (1:9.11.2+dfsg-1) unstable; urgency=low
+
+ * d/watch: Bump the BIND version to 9.11.x
+ * Remove 'order random_1' patch, it was a horrible deviation from standards
+ * Modernize d/rules using debhelper
+ * New upstream version 9.11.2+dfsg
+ * Delete dyndb patch, as dyndb is now included in upstream sources
+ * Rebase patches for new upstream release.
+ * Add python3-ply to Build-Depends
+ * Restore the native pkcs11 patch
+ * Fix the Debian version parsing
+ * Remove lwresd as it has been deprecated by upstream anyway
+ * Add new tools: mdig to dnsutils and dnssec-keymgr to bind9utils
+ * Update the SONAMEs of BIND libraries
+ * Fix python3 packaging errors
+ * Bump the standards version to 4.1.1.1 (no change)
+ * Add support for dh_missing
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 28 Nov 2017 22:59:30 +0000
+
+bind9 (1:9.10.6+dfsg-5) unstable; urgency=medium
+
+ [ Chris Lamb ]
+ * Make the build reproducible (Closes: #828012)
+
+ [ Micah Cowan ]
+ * Try not to be fragile to varying value of LIBS make var. (Closes: #833307)
+
+ [ Ondřej Surý ]
+ * Update the softhsm2.so non-MA path (Closes: #860722)
+ * Enable JSON output in the statistics channel (Closes: #860722)
+ * Merge NMUs' changelogs (Closes: #880077)
+ * Use /dev/urandom to avoid blocking in the server process. (Closes: #854243)
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 02 Nov 2017 10:31:01 +0000
+
+bind9 (1:9.10.6+dfsg-4) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Improve bind9-resolvconf.service (Closes: #826353)
+
+ [ Ondřej Surý ]
+ * Add insserv.conf.d configuration (Closes: #650538)
+ * Change bind9-resolvconf.server to Type=oneshot + RemainAfterExit=yes (Closes: #832040)
+ * Only add static and development symlinks for *-export.{a,so} libraries (Closes: #857522)
+ * Update Vcs-* fields to standard variants
+ * Rebuild with newer debhelper (Closes: #879542)
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 23 Oct 2017 07:02:50 +0000
+
+bind9 (1:9.10.6+dfsg-3) unstable; urgency=medium
+
+ * Make lwresd hard depend on bind9 package (Closes: #879127)
+
+ -- Ondřej Surý <ondrej@debian.org> Sun, 22 Oct 2017 11:08:20 +0000
+
+bind9 (1:9.10.6+dfsg-2) unstable; urgency=medium
+
+ [ Timo Aaltonen ]
+ * d/copyright: Add Bv9ARM.pdf to Files-Excluded.
+
+ [ Ondřej Surý ]
+ * Replace lwresd with symlink instead of hard copy (Closes: #868538)
+ * Fix the symbols file to compensate for missing bsdcompat symbol on kFreeBSD (Closes: #879017)
+ * Re-enable threading support on kFreeBSD (Closes: #879018)
+ * Drop Multi-Arch: same header from libbind-dev (Closes: #874232)
+ * Remove transitional host package (Closes: #645437, #878228)
+
+ -- Ondřej Surý <ondrej@debian.org> Thu, 19 Oct 2017 09:35:03 +0000
+
+bind9 (1:9.10.6+dfsg-1) unstable; urgency=medium
+
+ * New upstream version 9.10.6+dfsg
+ * Use OpenSSL 1.1.0 for crypto
+ * Add support for downloading upstream sources using d/watch
+ + Make d/copyright machine readable for Files-Excluded: support
+ + Update Files-Exclude: * to remove obsolete software dropped in
+ contrib/, but not really used
+ * Add initial README.source
+ * Limit the d/watch to 9.10.x (aka stable) for now
+ * Update patches for BIND 9.10.6 release
+ * Update PKCS11 patch
+ * Move under pkg-dns umbrella
+ * Reformat files in debian/ with wrap-and-sort -a for better maintainability
+ * Update the d/export.diff for BIND 9.10.6
+ * Remove FAQ from d/bind9.docs
+ * Bump SONAME versions for BIND libraries
+ * Add symbols files for libraries and enable strict symbol checks
+ * arpaname and named-rrchecker has been moved to /usr/bin
+ * Install required python library into bind9utils to accompany
+ dnssec-checkds and dnssec-coverage
+ * Change Vcs-* to pkg-dns/bind9
+ * Also exclude idnkit from upstream tarball
+ * Finish the debian/copyright update into machine readable format
+ * Enable Multi-Arch on libirs-export189
+ * Cleanup maintainer scripts
+ * Add lintian override for false positive on full-path command
+ * Remove unnecessary complexity when generating ${Description} to d/control
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 06 Oct 2017 06:18:21 +0000
+
+bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) stretch; urgency=medium
+
+ [ Bernhard Schmidt ]
+ * Import upcoming DNSSEC KSK-2017 from 9.10.5
+
+ [ Ondřej Surý ]
+ * Non-maintainer upload.
+
+ -- Ondřej Surý <ondrej@debian.org> Mon, 28 Aug 2017 09:36:28 +0200
+
+bind9 (1:9.10.3.dfsg.P4-12.3+deb9u2) stretch-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * debian/patches:
+ - CVE-2017-3142_regression added, fix a regression introduced in with the
+ correction for CVE-2017-3142.
+
+ -- Yves-Alexis Perez <corsac@debian.org> Sat, 22 Jul 2017 21:24:54 +0200
+
+bind9 (1:9.10.3.dfsg.P4-12.3+deb9u1) stretch-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * debian/patches:
+ - debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
+ CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
+ transfers. An attacker may be able to circumvent TSIG authentication of
+ AXFR and Notify requests.
+ CVE-2017-3143: error in TSIG authentication can permit unauthorized
+ dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
+ signature for a dynamic update.
+
+ -- Yves-Alexis Perez <corsac@debian.org> Fri, 30 Jun 2017 16:20:29 +0200
+
+bind9 (1:9.10.3.dfsg.P4-12.3) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Dns64 with "break-dnssec yes;" can result in a assertion failure
+ (CVE-2017-3136) (Closes: #860224)
+ * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
+ assertion failures (CVE-2017-3137) (Closes: #860225)
+ * 'rndc ""' could trigger a assertion failure in named (CVE-2017-3138)
+ (Closes: #860226)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sun, 07 May 2017 15:22:46 +0200
+
+bind9 (1:9.10.3.dfsg.P4-12.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Replace 32_mips_atomic.diff with a version that uses C11 atomics. Fixes
+ hangs and crashes on MIPS. (Closes: #778720)
+
+ -- James Cowgill <jcowgill@debian.org> Tue, 18 Apr 2017 16:42:50 +0100
+
+bind9 (1:9.10.3.dfsg.P4-12.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Use /dev/urandom to avoid blocking in the server process.
+ (closes: #854243)
+
+ -- Bastian Blank <waldi@debian.org> Fri, 17 Mar 2017 19:07:16 +0100
+
+bind9 (1:9.10.3.dfsg.P4-12) unstable; urgency=high
+
+ * Merge and accept the non-maintainer upload.
+ * Fix regression caused by the fix for CVE-2016-8864 (closes: #855540).
+ * Fix CVE-2017-3135: a malicously crafted query can cause named to crash if
+ both DNS64 and RPZ are being used (closes: #855520).
+
+ -- Michael Gilbert <mgilbert@debian.org> Sun, 19 Feb 2017 22:39:32 +0000
+
+bind9 (1:9.10.3.dfsg.P4-11.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Disable GOST to prevent ENGINE_by_id failed (crypto failure) in chroot.
+ Patch by Marc Haber <mh+debian-bugs@zugschlus.de> (Closes: #820974).
+
+ -- Arturo Borrero Gonzalez <arturo@debian.org> Tue, 07 Feb 2017 10:42:00 +0100
+
+bind9 (1:9.10.3.dfsg.P4-11) unstable; urgency=medium
+
+ * Fix some lintian warnings.
+ * Add lsb-base dependency to lwresd (closes: #848519).
+ * Fix CVE-2016-2775: crash in lwresd due to a long query name
+ (closes: #831796).
+ * Fix CVE-2016-2776: maliciously crafted query can cause named to crash
+ (closes: #839010).
+ * Fix CVE-2016-8864: incorrect handling of a DNAME record can cause
+ named to crash (closes: #842858).
+ * Fix CVE-2016-9131: maliciously crafted response to an ANY query can
+ cause named to crash (closes: #851065).
+ * Fix CVE-2016-9147: query with contradictory DNSSEC information can
+ cause named to crash (closes: #851063).
+ * Fix CVE-2016-9444: maliciously formed DNSSEC Delegation Signer (DS)
+ record can cause named to crash (closes: #851062).
+ * Openssl 1.1 is not yet supported, so build with openssl 1.0 for now
+ (closes: #828082).
+
+ [ LaMont Jones ]
+ * Update VCS fields in control.
+ * -DDIG_SIGCHASE got dropped by the change in hardening.
+
+ [ Stefan Bader ]
+ * Use the defaults file in systemd.
+
+ -- Michael Gilbert <mgilbert@debian.org> Thu, 19 Jan 2017 04:03:28 +0000
+
+bind9 (1:9.10.3.dfsg.P4-10.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add explicit ordering for nss-lookup.target in bind9.service,
+ lwresd.service. Patches by Michael Biebl <biebl@debian.org>.
+ (Closes: #826243, #826245)
+
+ -- Christian Hofstaedtler <zeha@debian.org> Sat, 02 Jul 2016 14:32:50 +0200
+
+bind9 (1:9.10.3.dfsg.P4-10) unstable; urgency=medium
+
+ * Use python3
+
+ -- LaMont Jones <lamont@debian.org> Tue, 03 May 2016 17:39:49 -0600
+
+bind9 (1:9.10.3.dfsg.P4-9) unstable; urgency=medium
+
+ * Fix bad patch from when we switched to quilt. Closes: #820847 LP:
+ #1552801, #1549788, #1553460
+ * freshen patch to remove fuzz.
+
+ -- LaMont Jones <lamont@debian.org> Tue, 26 Apr 2016 15:17:58 -0600
+
+bind9 (1:9.10.3.dfsg.P4-8) unstable; urgency=medium
+
+ [Timo Aaltonen]
+
+ * Fix bind9-resolvconf.service installation.
+ * Add support for native pkcs11. LP: #1565392
+
+ [Samuel Thibault]
+
+ * Detect in6_pktinfo on hurd-i386. Closes: #820404
+
+ -- LaMont Jones <lamont@debian.org> Wed, 13 Apr 2016 13:19:37 -0600
+
+bind9 (1:9.10.3.dfsg.P4-7) unstable; urgency=medium
+
+ * Fix libisccc-export dependencies. Closes: #820043
+
+ -- Michael Gilbert <mgilbert@debian.org> Tue, 05 Apr 2016 02:53:22 +0000
+
+bind9 (1:9.10.3.dfsg.P4-6) unstable; urgency=medium
+
+ * Upload 9.10 to unstable. Closes: #781739
+ * Add -DNO_VERSION_DATE to CFLAGS. Closes: #783885
+
+ -- Michael Gilbert <mgilbert@debian.org> Mon, 04 Apr 2016 00:39:57 +0000
+
+bind9 (1:9.10.3.dfsg.P4-5) experimental; urgency=medium
+
+ * Drop dead code in bind9.preinst.
+ * move from /var/run to /run for policy.
+
+ -- LaMont Jones <lamont@debian.org> Sat, 19 Mar 2016 19:52:04 -0600
+
+bind9 (1:9.10.3.dfsg.P4-4) experimental; urgency=medium
+
+ * use multiarch path in udebs
+ * Updated root cache file. Closes: #806954
+
+ -- LaMont Jones <lamont@debian.org> Fri, 18 Mar 2016 20:50:49 -0600
+
+bind9 (1:9.10.3.dfsg.P4-3) experimental; urgency=medium
+
+ * Fix vcs links
+ * build in debian/tmp, use bind9.install
+
+ -- LaMont Jones <lamont@debian.org> Fri, 18 Mar 2016 14:46:30 -0600
+
+bind9 (1:9.10.3.dfsg.P4-2) experimental; urgency=medium
+
+ * updated precise_time patch
+ * add RT#s to some patches
+ * Merge ubuntu changes
+ * Fix debian/rules to properly remove files from bind9 that are delivered
+ elsewhere. LP: #1559090
+
+ -- LaMont Jones <lamont@canonical.com> Fri, 18 Mar 2016 10:58:07 -0600
+
+bind9 (1:9.10.3.dfsg.P4-1ubuntu2) xenial; urgency=medium
+
+ * Bump debhelper to v9 to use dh-exec.
+ * libbind-export-dev: Fix the libbind.so symlink.
+ * Move static libs to the multiarch libdir again.
+
+ -- Matthias Klose <doko@ubuntu.com> Fri, 18 Mar 2016 13:30:03 +0100
+
+bind9 (1:9.10.3.dfsg.P4-1ubuntu1) xenial; urgency=medium
+
+ * Fix udeb dependencies.
+
+ -- Matthias Klose <doko@ubuntu.com> Fri, 18 Mar 2016 12:47:02 +0100
+
+bind9 (1:9.10.3.dfsg.P4-1) experimental; urgency=medium
+
+ [ ISC ]
+ * New upstream: 9.10.3-P3
+ - Specific APL data could trigger a INSIST. (CVE-2015-8704) [RT #41396]
+ - render_ecs errors were mishandled when printing out a OPT record
+ resulting in a assertion failure. (CVE-2015-8705) [RT #41397]
+ - Fixed a regression in resolver.c:possibly_mark() which caused
+ known-bogus servers to be queried anyway. [RT #41321]
+ * New upstream: 9.10.3-P4
+ - Malformed control messages can trigger assertions in named and rndc.
+ (CVE-2016-1285) [RT #41666]
+ - Fix resolver assertion failure due to improper DNAME handling when
+ parsing fetch reply messages. (CVE-2016-1286) [RT #41753]
+ - Duplicate EDNS COOKIE options in a response could trigger an
+ assertion failure. (CVE-2016-2088) [RT #41809]
+
+ [LaMont Jones]
+
+ * Do not build -export libs for libbind90 and liblwres. Relates in part
+ to, and is the last fix to LP: #1551351
+ * update patches for 9.10.3.dfsg.P4. Drop 50_CVE_2015-8704.diff
+
+ [ Stefan Bader ]
+
+ * Do not modify signal handlers for external apps. LP: #1556175
+
+ -- LaMont Jones <lamont@debian.org> Thu, 17 Mar 2016 14:53:36 -0600
+
+bind9 (1:9.10.3.dfsg.P2-7) experimental; urgency=medium
+
+ * Fix my bad merge of autoreconf workaround.
+ * Re-implement -export libraries. LP: #1556175
+ * Deliver libisccc-export library.
+
+ -- LaMont Jones <lamont@debian.org> Wed, 16 Mar 2016 15:14:48 -0600
+
+bind9 (1:9.10.3.dfsg.P2-5) experimental; urgency=medium
+
+ [Timo Aaltonen]
+
+ * Sync 30_dynamic_db.diff from Fedora.
+ * rules: Backup some files which dh_autoreconf_clean would remove, restore
+ on clean.
+
+ [Jamie Strandboge]
+
+ * apparmor: use @{PROC} instead of /proc, allow read on
+ sys.net.ipv4.ip_local_port_range. LP: #1552441
+
+ [LaMont Jones]
+
+ * Return nanosecond-precise time for files, so that we more-correctly know
+ when we can skip loading a zonefile. (Bug introduced 9.9.3b2)
+
+ -- LaMont Jones <lamont@debian.org> Thu, 03 Mar 2016 18:17:06 -0700
+
+bind9 (1:9.10.3.dfsg.P2-4) experimental; urgency=medium
+
+ [Matthias Klose]
+
+ * Fix .so symlinks.
+ * libbind-dev: Depend on libirs141.
+ * For the udeb's, use a separate build with a reduced feature set, drop the
+ name difference, and do both builds in a separate directory.
+
+ [Filip Pytloun]
+
+ * Add apparmor rules needed by freeipa-server. Closes: #814314
+
+ [LaMont Jones]
+
+ * Do not deliver libraries (left in /lib) as part of bind9. LP: #1547052
+ * clean up library path for libirs.
+
+ -- LaMont Jones <lamont@debian.org> Fri, 19 Feb 2016 14:26:08 -0700
+
+bind9 (1:9.10.3.dfsg.P2-3ubuntu3) xenial; urgency=medium
+
+ * For the udeb's, use a separate build with a reduced feature set.
+ * Don't call the reduced build "export"; it was used by isc-dhcp as well.
+ * Do both builds in a separate builddir.
+
+ -- Matthias Klose <doko@ubuntu.com> Fri, 19 Feb 2016 15:01:16 +0100
+
+bind9 (1:9.10.3.dfsg.P2-3~ubuntu2) xenial; urgency=medium
+
+ * libbind-dev: Depend on libirs141.
+ * Ship libirs.{a,so} in libbind-dev.
+ * Remove obsolete debian/*.dirs files.
+
+ -- Matthias Klose <doko@ubuntu.com> Fri, 19 Feb 2016 15:01:16 +0100
+
+bind9 (1:9.10.3.dfsg.P2-3~ubuntu1) xenial; urgency=medium
+
+ * Fix .so symlinks.
+
+ -- Matthias Klose <doko@ubuntu.com> Thu, 18 Feb 2016 13:55:19 +0100
+
+bind9 (1:9.10.3.dfsg.P2-3) experimental; urgency=medium
+
+ [Marc Deslauriers]
+
+ * SECURITY UPDATE: denial of service via string formatting operations.
+ CVE-2015-8704
+
+ [Matthias Klose]
+
+ * Add multiarch support. Closes: #802584.
+ * Standards cleanup.
+
+ [LaMont Jones]
+
+ * Properly finish converting to 3.0 (quilt) format.
+ * Drop geoip_acl patch temporarily while we evaluate the upstream geoip
+ changes.
+ * Prechroot init appears to have been taken upstream.
+
+ -- LaMont Jones <lamont@debian.org> Wed, 17 Feb 2016 10:34:24 -0700
+
+bind9 (1:9.10.3.dfsg.P2-1) experimental; urgency=medium
+
+ * New upstream, no need for export packages with 9.10
+ * Fix sonames
+ * Update how we do hardening.
+ * Add Robie Basak as an uploader
+ * Migrate quilt patches from 9.9.5 branch, and incorporate Michael Gilbert's
+ changes.
+
+ -- LaMont Jones <lamont@debian.org> Thu, 31 Dec 2015 18:41:31 -0700
+
+bind9 (1:9.9.5.dfsg-12.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Add patch to fix CVE-2015-8000.
+ CVE-2015-8000: Insufficient testing when parsing a message allowed
+ records with an incorrect class to be accepted, triggering a REQUIRE
+ failure when those records were subsequently cached. (Closes: #808081)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Wed, 16 Dec 2015 15:01:39 +0100
+
+bind9 (1:9.9.5.dfsg-12) unstable; urgency=high
+
+ * Fix CVE-2015-5722: maliciously crafted DNSSEC key can cause named to crash.
+
+ -- Michael Gilbert <mgilbert@debian.org> Thu, 03 Sep 2015 01:16:32 +0000
+
+bind9 (1:9.9.5.dfsg-11) unstable; urgency=high
+
+ * Fix CVE-2015-5477: maliciously crafted TKEY query can cause named to exit
+ (closes: #793903).
+
+ -- Michael Gilbert <mgilbert@debian.org> Wed, 29 Jul 2015 23:46:48 +0000
+
+bind9 (1:9.9.5.dfsg-10) unstable; urgency=high
+
+ * Fix CVE-2015-4620: DNSSEC validation of a malicously crafted zone can
+ cause the resolver to crash (closes: #791715).
+
+ -- Michael Gilbert <mgilbert@debian.org> Thu, 09 Jul 2015 00:43:38 +0000
+
+bind9 (1:9.9.5.dfsg-9) unstable; urgency=high
+
+ * Fix CVE-2015-1349: named crash due to managed key rollover, primarily only
+ affecting setups using DNSSEC (closes: #778733).
+
+ -- Michael Gilbert <mgilbert@debian.org> Thu, 19 Feb 2015 03:42:21 +0000
+
+bind9 (1:9.9.5.dfsg-8) unstable; urgency=medium
+
+ * Launch rndc command in the background in networking scripts to avoid a
+ hang in named from bringing down the entire network (closes: #760555).
+
+ -- Michael Gilbert <mgilbert@debian.org> Thu, 01 Jan 2015 17:51:52 +0000
+
+bind9 (1:9.9.5.dfsg-7) unstable; urgency=medium
+
+ * Fix CVE-2014-8500: limit recursion in order to avoid memory consuption
+ issues that can lead to denial-of-service (closes: #772610).
+
+ -- Michael Gilbert <mgilbert@debian.org> Sun, 14 Dec 2014 05:05:48 +0000
+
+bind9 (1:9.9.5.dfsg-6) unstable; urgency=medium
+
+ * Include dlz_dlopen.h in libbind-dev (closes: #769117).
+
+ -- Michael Gilbert <mgilbert@debian.org> Sun, 30 Nov 2014 22:53:50 +0000
+
+bind9 (1:9.9.5.dfsg-6) unstable; urgency=medium
+
+ * Include dlz_dlopen.h in libbind-dev (closes: #769117).
+
+ -- Michael Gilbert <mgilbert@debian.org> Sun, 30 Nov 2014 22:53:50 +0000
+
+bind9 (1:9.9.5.dfsg-5) unstable; urgency=medium
+
+ * Avoid libnsl dependency on non-linux architectures. Closes: #766430
+ * Install export libraries to /lib instead of /usr/lib. Closes: #766544
+ * Add myself to the maintainer team with approval from LaMont and Bdale.
+
+ -- Michael Gilbert <mgilbert@debian.org> Thu, 30 Oct 2014 02:42:17 +0000
+
+bind9 (1:9.9.5.dfsg-4.3) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Mark critical section as not parallel in the makefile. Closes: #762766
+
+ -- Michael Gilbert <mgilbert@debian.org> Mon, 13 Oct 2014 04:37:55 +0000
+
+bind9 (1:9.9.5.dfsg-4.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix intermittent parallel build failure. Closes: #762766
+ * Set -fno-delete-null-pointer-checks. Closes: #750760
+ * Use separate packages for the udebs. Closes: #762762
+ * Don't install configuration files to /usr. Closes: #762948
+
+ -- Michael Gilbert <mgilbert@debian.org> Mon, 06 Oct 2014 01:23:57 +0000
+
+bind9 (1:9.9.5.dfsg-4.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Add support for hurd. Closes: #746540
+ * Provide shared libraries for isc-dhcp. Closes: #656150
+
+ -- Michael Gilbert <mgilbert@debian.org> Sun, 14 Sep 2014 00:58:06 +0000
+
+bind9 (1:9.9.5.dfsg-4) unstable; urgency=low
+
+ [Julien Cristau]
+
+ * FTBFS on kfreebsd. Closes: #741285
+
+ [LaMont Jones]
+
+ * revert aclocal.m4 expansion from earlier merge
+
+ -- LaMont Jones <lamont@debian.org> Tue, 29 Apr 2014 14:48:50 -0600
+
+bind9 (1:9.9.5.dfsg-3) unstable; urgency=low
+
+ * Re-enable rrl (now a configure option). Closes: #741059 LP: #1288823
+
+ -- LaMont Jones <lamont@debian.org> Mon, 24 Mar 2014 06:55:55 -0600
+
+bind9 (1:9.9.5.dfsg-2) unstable; urgency=low
+
+ * merge in ubuntu 1:9.9.3.dfsg.P2-4ubuntu3
+ * move dnssec-coverage to bind9utils. Closes: #739994
+ * dnssec-{checkds,verify} manpages in wrong package. Closes: #739995
+
+ -- LaMont Jones <lamont@debian.org> Wed, 26 Feb 2014 09:30:31 -0700
+
+bind9 (1:9.9.5.dfsg-1) experimental; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * New upstream version: 9.9.5 Closes: #735190
+
+ [Martin Nagy]
+
+ * dynamic loading of database backends. See:
+ http://pkgs.fedoraproject.org/cgit/bind.git/tree/bind-96-dyndb.patch.
+ Closes: #722669
+
+ [LaMont Jones]
+
+ * fix sonames
+ * merge ubuntu changes
+ * Deliver dns/rrl.h. Closes: #724844
+ * rules tweak to make backports to pre-dh-systemd releases easier
+
+ -- LaMont Jones <lamont@debian.org> Tue, 11 Feb 2014 09:16:05 -0700
+
+bind9 (1:9.9.4.dfsg-0.3) experimental; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * Upstream version 9.9.4
+
+ [LaMont Jones]
+
+ * fix sonames
+ * merge ubuntu change
+ * Deliver dns/rrl.h. Closes: #724844
+
+ -- LaMont Jones <lamont@debian.org> Wed, 06 Nov 2013 13:27:37 -0700
+
+bind9 (1:9.9.3.dfsg.P2-4ubuntu3) trusty; urgency=low
+
+ * SECURITY UPDATE: denial of service when processing NSEC3-signed zone
+ queries
+ - debian/patches/CVE-2014-0591.patch: don't call memcpy with
+ overlapping ranges in bin/named/query.c.
+ - patch backported from 9.9.4-P2.
+ - CVE-2014-0591
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 10 Jan 2014 09:36:55 -0500
+
+bind9 (1:9.9.3.dfsg.P2-4ubuntu2) trusty; urgency=medium
+
+ * Use dh-autoreconf to update libtool and configure for new ports.
+
+ -- Adam Conrad <adconrad@ubuntu.com> Wed, 18 Dec 2013 04:42:22 -0700
+
+bind9 (1:9.9.3.dfsg.P2-4ubuntu1) saucy; urgency=low
+
+ * Use dh_autotools-dev to update config.{sub,guess} for new ports.
+
+ -- Adam Conrad <adconrad@ubuntu.com> Mon, 07 Oct 2013 23:09:45 -0600
+
+bind9 (1:9.9.3.dfsg.P2-4) unstable; urgency=low
+
+ [Peter Marschall]
+
+ * If rndc.conf exists, skip creation of rndc.key. Closes: #620394
+
+ [Al Tarakanoff]
+
+ * properly quote check of pid in bind9 init.d. LP: #1092243
+
+ [LaMont Jones]
+
+ * include distro and package version in version string
+ * apparmor: allow GeoIP data file access. LP: #834901
+ * enable filter-aaaa. Closes: #701704 LP: #1115168
+
+ -- LaMont Jones <lamont@debian.org> Thu, 29 Aug 2013 16:22:29 -0600
+
+bind9 (1:9.9.3.dfsg.P2-3) unstable; urgency=low
+
+ [Michael Stapelberg]
+
+ * add systemd service file. Closes: #718212
+
+ [LaMont Jones]
+
+ * deliver more dnssec-* tools in bind9utils. Closes: #713026
+ * support parallel=N DEB_BUILD_OPTIONS, fix -j build. Closes: #713025
+ * deliver rrl.h and stat.h Closes: #692483, #720813
+
+ -- LaMont Jones <lamont@debian.org> Tue, 27 Aug 2013 10:06:37 -0600
+
+bind9 (1:9.9.3.dfsg.P2-2build1) saucy; urgency=low
+
+ [Marc Deslauriers]
+
+ * 9.9.2.dfsg.P1-2ubuntu1: fixed in 9.9.3b1
+ * 9.9.2.dfsg.P1-2ubuntu3: fixed in 9.9.3-P2
+
+ [Robie Basak]
+
+ * 9.9.2.dfsg.P1-2ubuntu2: fixed in 9.9.3b1
+
+ [LaMont Jones]
+
+ * Merge ubuntu changes, except: autoconf files are generated as part
+ of the source packagee creation, not on the build host. NAK
+ * deliver more dnssec-* tools in bind9utils. Closes: #713026
+ * support parallel=N DEB_BUILD_OPTIONS, fix -j build
+
+ [Michael Stapelberg]
+
+ * add systemd service file. Closes: #718212
+
+ -- LaMont Jones <lamont@debian.org> Thu, 22 Aug 2013 10:57:17 -0600
+
+bind9 (1:9.9.3.dfsg.P2-2) unstable; urgency=low
+
+ * ack NMUs of 9.8.4
+ - upstream 9.9.3-P2 fixes: CVE-2013-4854, CVE-2012-5689,
+ CVE-2013-2266
+ - deliver rrl.h
+
+ [LaMont Jones]
+
+ * Use ISC's bin/tests
+ * Diff cleanup and rationalization to 9.9.3 upstream
+
+ -- LaMont Jones <lamont@debian.org> Sat, 17 Aug 2013 07:09:54 -0600
+
+bind9 (1:9.9.3.dfsg.P2-1) unstable; urgency=low
+
+
+ [Internet Software Consortium, Inc]
+
+ * 9.9.3-P2
+
+ [Ben Hutchings]
+
+ * Initialise OpenSSL before calling chroot(). Closes: #696661
+
+ [LaMont Jones]
+
+ * soname changes
+
+ [Paul Vixie]
+
+ * Reapply rpz/rrl patches from http://www.redbarn.org/dns/ratelimits
+
+ -- LaMont Jones <lamont@debian.org> Wed, 14 Aug 2013 10:38:59 -0600
+
+bind9 (1:9.9.2.dfsg.P1-3) experimental; urgency=low
+
+ [LaMont Jones]
+
+ * Merge 1:9.8.4.dfsg.P1-6
+
+ [Ben Hutchings]
+
+ * Initialise OpenSSL before calling chroot(). Closes: #696661
+
+ -- LaMont Jones <lamont@debian.org> Mon, 04 Mar 2013 09:30:50 -0700
+
+bind9 (1:9.9.2.dfsg.P1-2ubuntu3) saucy; urgency=low
+
+ * SECURITY UPDATE: denial of service via incorrect bounds checking on
+ private type 'keydata'
+ - lib/dns/rdata/generic/keydata_65533.c: check for correct length.
+ - Patch backported from 9.9.3-P2
+ - CVE-2013-4854
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Sun, 28 Jul 2013 10:13:06 -0400
+
+bind9 (1:9.9.2.dfsg.P1-2ubuntu2) raring; urgency=low
+
+ * configure.in: detect libxml 2.9 as well as 2.[678] (LP: #1164475).
+ * debian/control: add Build-Depends on dh-autoreconf.
+ * debian/rules: use dh_autoreconf and dh_autoreconf_clean.
+
+ -- Robie Basak <robie.basak@canonical.com> Wed, 10 Apr 2013 16:50:28 +0000
+
+bind9 (1:9.9.2.dfsg.P1-2ubuntu1) raring; urgency=low
+
+ * SECURITY UPDATE: denial of service via regex syntax checking
+ - configure,configure.in,config.h.in: remove check for regex.h to
+ disable regex syntax checking.
+ - CVE-2013-2266
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 28 Mar 2013 15:04:57 -0400
+
+bind9 (1:9.9.2.dfsg.P1-2) experimental; urgency=low
+
+ [Michael Gilbert]
+
+ * Use /var/lib/bind for state file. Closes: #689332
+
+ [LaMont Jones]
+
+ * zone transfers now involve link(), update the apparmor profile
+ * Update db.root with new IP for D.root-servers.net. Closes: #697352
+ * re-drop dlzexternal test
+ * Reduce log level for "sucessfully validated after lower casing" dnssec
+ based on mail from Mark Andrews. Closes: #697681
+ * remove /var/lib/bind/bind9-default.md5sum in postrm
+ * remove /etc/bind/named.conf.options on purge. Closes: #668801
+
+ [Sebastian Wiesinger]
+
+ * Build and deliver dnssec-checkds and dnssec-verify in bind9utils
+
+ -- LaMont Jones <lamont@debian.org> Wed, 09 Jan 2013 10:09:40 -0700
+
+bind9 (1:9.8.4.dfsg.P1-6+nmu3) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * CVE-2013-4854: A specially crafted query that includes malformed rdata can
+ cause named to terminate with an assertion failure while rejecting the
+ malformed query. (Closes: #717936).
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Sat, 27 Jul 2013 10:24:07 +0200
+
+bind9 (1:9.8.4.dfsg.P1-6+nmu2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Install /usr/include/dns/rrl.h (closes: #699834).
+
+ -- Michael Gilbert <mgilbert@debian.org> Tue, 16 Apr 2013 01:59:05 +0000
+
+bind9 (1:9.8.4.dfsg.P1-6+nmu1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix cve-2012-5689: issue in nameservers using DNS64 to perform a AAAA
+ lookup for a record with an A record overwrite rule in a Response Policy
+ Zone (closes: #699145).
+ * Fix cve-2013-2266: issues in regular expression handling (closes: #704174).
+
+ -- Michael Gilbert <mgilbert@debian.org> Fri, 29 Mar 2013 00:47:25 +0000
+
+bind9 (1:9.8.4.dfsg.P1-6) unstable; urgency=low
+
+ [Ben Hutchings]
+
+ * Initialise OpenSSL before calling chroot(). Closes: #696661
+
+ -- LaMont Jones <lamont@debian.org> Fri, 01 Mar 2013 08:23:27 -0700
+
+bind9 (1:9.8.4.dfsg.P1-5) unstable; urgency=low
+
+ [LaMont Jones]
+
+ * Properly acknowledge 1:9.8.1.dfsg.P1-4.4: [Philipp Kern]
+ - Fix CVE-2012-4244. Thanks to Moritz Mühlenhoff for providing the patch.
+
+ [Paul Vixie]
+
+ * Include rpz/rrl patches from http://www.redbarn.org/dns/ratelimits.
+ Closes: #698641
+
+ -- LaMont Jones <lamont@debian.org> Wed, 30 Jan 2013 14:04:35 -0700
+
+bind9 (1:9.8.4.dfsg.P1-4) unstable; urgency=high
+
+ * The rest of the dnssec validation logspam removal. Closes: #697681
+
+ -- LaMont Jones <lamont@debian.org> Mon, 21 Jan 2013 13:18:53 -0700
+
+bind9 (1:9.8.4.dfsg.P1-3) unstable; urgency=low
+
+ [Marc Deslauriers]
+
+ * debian/bind9.apport: Add AppArmor info and logs to apport hook.
+
+ [LaMont Jones]
+
+ * Reduce log level for "sucessfully validated after lower casing" dnssec
+ based on mail from Mark Andrews. Closes: #697681
+ * remove /var/lib/bind/bind9-default.md5sum in postrm
+ * remove /etc/bind/named.conf.options on purge. Closes: #668801
+
+ -- LaMont Jones <lamont@debian.org> Wed, 09 Jan 2013 09:47:24 -0700
+
+bind9 (1:9.9.2.dfsg.P1-1) experimental; urgency=low
+
+ * Named could die on specific queries with dns64 enabled.
+ [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
+ CVE-2012-5688 Closes: #695192
+
+ -- LaMont Jones <lamont@debian.org> Wed, 05 Dec 2012 05:27:18 -0700
+
+bind9 (1:9.8.4.dfsg.P1-2) unstable; urgency=low
+
+ [Michael Gilbert]
+
+ * Use /var/lib/bind for state file. Closes: #689332
+
+ [LaMont Jones]
+
+ * Re-enable dlopen, do not build the test that fails. Closes: #692416
+ * Update db.root with new IP for D.root-servers.net. Closes: #697352
+
+ -- LaMont Jones <lamont@debian.org> Mon, 07 Jan 2013 06:50:25 -0700
+
+bind9 (1:9.8.4.dfsg.P1-1) unstable; urgency=low
+
+ * Named could die on specific queries with dns64 enabled.
+ [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
+ CVE-2012-5688 Closes: #695192
+
+ -- LaMont Jones <lamont@debian.org> Wed, 05 Dec 2012 05:22:06 -0700
+
+bind9 (1:9.9.2.dfsg-1) experimental; urgency=low
+
+ [Matthew Grant]
+
+ * Turn off dlopen as it was causing test compile failures.
+ * Add missing library .postrm files for debhelper
+
+ [LaMont Jones]
+
+ * New upstream version 9.9.2
+ * soname fixes
+
+ -- LaMont Jones <lamont@debian.org> Thu, 01 Nov 2012 08:59:57 -0600
+
+bind9 (1:9.9.1.dfsg.P1-1) unstable; urgency=low
+
+ [LaMont Jones]
+
+ * New upstream 9.9.1-P1
+
+ -- LaMont Jones <lamont@debian.org> Wed, 13 Jun 2012 08:22:15 -0600
+
+bind9 (1:9.9.0.dfsg-1) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.9.0 release
+
+ [Christoph Egger]
+
+ * define _GNU_SOURCE on kfreebsd et al. Closes: #658201
+
+ [LaMont Jones]
+
+ * chmod typo in postinst. LP: #980798
+ * Correctly order debhelper bits in postrm. Closes: #661040
+
+ -- LaMont Jones <lamont@debian.org> Mon, 23 Apr 2012 09:52:51 -0600
+
+bind9 (1:9.9.0.dfsg~rc4-1) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * New upstream release
+
+ [LaMont Jones]
+
+ * soname changes for new release
+
+ -- LaMont Jones <lamont@debian.org> Fri, 17 Feb 2012 17:51:39 -0700
+
+bind9 (1:9.8.4.dfsg-1ubuntu2) raring; urgency=low
+
+ * SECURITY UPDATE: denial of service via DNS64 and crafted query
+ - bin/named/query.c: init rdataset before cleanup.
+ - Patch backported from 9.8.4-P1
+ - CVE-2012-5688
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 05 Dec 2012 15:42:08 -0500
+
+bind9 (1:9.8.4.dfsg-1ubuntu1) raring; urgency=low
+
+ * Merge from Debian unstable. Remaining changes:
+ - debian/bind9.apport: Add AppArmor info and logs to apport hook.
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 23 Nov 2012 08:13:50 -0500
+
+bind9 (1:9.8.4.dfsg-1) unstable; urgency=low
+
+ [Matthew Grant]
+
+ * Turn off dlopen as it was causing test compile failures.
+ * Add missing library .postrm files for debhelper
+
+ [LaMont Jones]
+
+ * New upstream version
+ * soname fixup
+ * Ack NMUs
+
+ -- LaMont Jones <lamont@debian.org> Mon, 29 Oct 2012 08:37:49 -0600
+
+bind9 (1:9.8.1.dfsg.P1-4.4) testing-proposed-updates; urgency=low
+
+ * Non-maintainer upload.
+ * Fix CVE-2012-4244. Thanks to Moritz Mühlenhoff for providing
+ the patch.
+
+ -- Philipp Kern <pkern@debian.org> Sat, 03 Nov 2012 20:43:43 +0100
+
+bind9 (1:9.8.1.dfsg.P1-4.3) unstable; urgency=medium
+
+ [ Philipp Kern ]
+ * Non-maintainer upload.
+
+ [ Marc Deslauriers ]
+ * SECURITY UPDATE: denial of service via specific combinations of RDATA
+ - bin/named/query.c: fix logic
+ - Patch backported from 9.8.3-P4
+ - CVE-2012-5166
+
+ -- Philipp Kern <pkern@debian.org> Sun, 28 Oct 2012 20:28:11 +0100
+
+bind9 (1:9.8.1.dfsg.P1-4.2) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix denial of service vulnerability triggered
+ through an assert because of using bad cache
+ (CVE-2012-3817; Closes: #683259).
+
+ -- Nico Golde <nion@debian.org> Mon, 30 Jul 2012 20:56:10 +0200
+
+bind9 (1:9.8.1.dfsg.P1-4.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * SECURITY UPDATE: ghost domain names attack
+ - lib/dns/rbtdb.c: Restrict the TTL of NS RRset to no more than that
+ of the old NS RRset when replacing it.
+ - Patch backported from 9.8.2.
+ - CVE-2012-1033
+ * SECURITY UPDATE: denial of service via zero length rdata handling
+ - lib/dns/rdata.c,lib/dns/rdataslab.c: use sentinel pointer for
+ duplicate rdata.
+ - Patch backported from 9.8.3-P1.
+ - CVE-2012-1667
+
+ -- Luk Claes <luk@debian.org> Wed, 20 Jun 2012 15:26:09 -0400
+
+bind9 (1:9.8.1.dfsg.P1-4) unstable; urgency=low
+
+ [Christoph Egger]
+
+ * define _GNU_SOURCE on kfreebsd et al. Closes: #658201
+
+ [LaMont Jones]
+
+ * chmod typo in postinst. LP: #980798
+ * Correctly order debhelper bits in postrm. Closes: #661040
+
+ -- LaMont Jones <lamont@debian.org> Fri, 13 Apr 2012 12:09:24 -0600
+
+bind9 (1:9.8.1.dfsg.P1-3) unstable; urgency=low
+
+ [Zlatan Todoric]
+
+ * fixed Serbian latin translation of debconf template. Closes: #634951
+
+ [Peter Eisentraut]
+
+ * Add support for "status" action to lwresd init script. Closes: #651540
+
+ [Bjørn Steensrud]
+
+ * NB Translations. Closes: #654454
+
+ [LaMont Jones]
+
+ * Default to run_resolvconf=false. LP: #933723
+ * Deliver named.conf.options on fresh install. Closes: #657042 LP: #920202
+ * Do not deliver /usr/share/bind9/bind9-default.md5sum in the bind9 deb.
+ Closes: #620007 LP: #681536
+ * Deliver and use /etc/apparmor.d/local/usr.sbin.named for local overrides.
+ LP: #929563
+
+ -- LaMont Jones <lamont@debian.org> Fri, 17 Feb 2012 14:40:29 -0800
+
+bind9 (1:9.8.1.dfsg.P1-2) unstable; urgency=low
+
+ * Deliver named.conf.options on fresh install. Closes: #657042 LP: #920202
+
+ -- LaMont Jones <lamont@debian.org> Wed, 25 Jan 2012 03:55:21 -0700
+
+bind9 (1:9.8.1.dfsg.P1-1) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.8.1-P1
+ - Cache lookup could return RRSIG data associated with nonexistent
+ records, leading to an assertion failure.
+
+ [LaMont Jones]
+
+ * add a readme entry for DNSSEC-by-default
+ * Failed to install due to chgrp on non-existant directory. Closes: #647598
+ * ack NMU: l10n issues
+
+ -- LaMont Jones <lamont@debian.org> Wed, 18 Jan 2012 10:44:14 -0700
+
+bind9 (1:9.8.1.dfsg-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix pending l10n issues. Debconf translations:
+ - Danish (Joe Hansen). Closes: #619302
+ - Korean (강민지). Closes: #632006, #632016
+ - Serbian (FULL NAME). Closes: #634886
+
+ -- Christian Perrier <bubulle@debian.org> Sat, 03 Dec 2011 17:22:12 +0100
+
+bind9 (1:9.8.1.dfsg-1) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * New upstream release
+
+ [LaMont Jones]
+
+ * cleanup the messages around killing named
+ * enable dnssec validation: deliver named.conf.options outside of
+ conffiledom, and update if able, complain and do not update if not
+ Closes: #516979
+ * typo in min-ncache-ttl processing
+ * disable dlz until we get a patch to make it build again
+
+ [Jay Ford]
+
+ * Fix "waiting for pid $pid to die" loop to not be infinite. Closes: #570852
+
+ -- LaMont Jones <lamont@debian.org> Tue, 01 Nov 2011 16:39:19 -0600
+
+bind9 (1:9.8.0.dfsg.P1-0) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.8.0-P1
+
+ [LaMont Jones]
+
+ * soname changes
+
+ -- LaMont Jones <lamont@debian.org> Fri, 13 May 2011 03:46:22 -0600
+
+bind9 (1:9.7.4.dfsg-0) unstable; urgency=low
+
+ * New upstream
+
+ -- LaMont Jones <lamont@debian.org> Sun, 21 Aug 2011 04:43:16 -0600
+
+bind9 (1:9.7.3.dfsg-1ubuntu4) oneiric; urgency=low
+
+ * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 14 Jul 2011 15:15:45 +0200
+
+bind9 (1:9.7.3.dfsg-1ubuntu3) oneiric; urgency=low
+
+ * SECURITY UPDATE: denial of service via specially crafted packet
+ - lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
+ nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
+ flag to indicate negative-cache records rather than using rrtype 0.
+ - Patch backported from 9.7.3-P3.
+ - CVE-2011-2464
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Jul 2011 08:33:30 -0400
+
+bind9 (1:9.7.3.dfsg-1ubuntu2.1) natty-security; urgency=low
+
+ * SECURITY UPDATE: denial of service via off-by-one
+ - lib/dns/ncache.c: correctly validate length.
+ - Patch backported from 9.7.3-P1.
+ - CVE-2011-1910
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 27 May 2011 12:50:40 -0400
+
+bind9 (1:9.7.3.dfsg-1ubuntu2) natty; urgency=low
+
+ * debian/rules, configure, contrib/dlz/config.dlz.in: use
+ DEB_HOST_MULTIARCH so we can find multiarch libraries and fix FTBFS.
+ (LP: #745642)
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 30 Mar 2011 10:19:37 -0400
+
+bind9 (1:9.7.3.dfsg-1ubuntu1) natty; urgency=low
+
+ * debian/bind9-default.md5sum:
+ - updated to reflect the default md5sum in maverick and natty, this
+ avoids a bogus /etc/default/bind9.dpkg-dist file
+ (LP: #556332)
+
+ -- Michael Vogt <michael.vogt@ubuntu.com> Tue, 29 Mar 2011 10:13:11 +0200
+
+bind9 (1:9.7.3.dfsg-1) unstable; urgency=low
+
+ [Peter Palfrader]
+
+ * Add db-4.6 to bdb_libnames in dlz/config.dlz.in so that it finds the right
+ db.
+
+ [Internet Systems Consortium, Inc]
+
+ * 9.7.3 - Closes: #612287
+
+ [Mahyuddin Susanto]
+
+ * Updated Indonesian debconf templates. Closes: #608559
+
+ [LaMont Jones]
+
+ * soname changes
+
+ -- LaMont Jones <lamont@debian.org> Wed, 23 Feb 2011 09:14:36 -0700
+
+bind9 (1:9.7.3.dfsg~rc1-1) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * New upstream
+
+ [Peter Palfrader]
+
+ * Add db-4.6 to bdb_libnames in dlz/config.dlz.in so that it finds the right
+ db.
+
+ [Mahyuddin Susanto]
+
+ * Updated Indonesian debconf templates. Closes: #608559
+
+ [LaMont Jones]
+
+ * soname changes for new upstream
+
+ -- LaMont Jones <lamont@debian.org> Fri, 04 Feb 2011 21:20:05 -0700
+
+bind9 (1:9.7.2.dfsg.P3-1) unstable; urgency=high
+
+ [ISC]
+ * Fix denial of service via ncache entry and a rrsig for the
+ same type (CVE-2010-3613)
+ * answers were incorrectly marked as insecure during key algorithm
+ rollover (CVE-2010-3614)
+ * Using "allow-query" in the "options" or "view" statements to
+ restrict access to authoritative zones had no effect.
+ (CVE-2010-3615)
+
+ [LaMont Jones]
+
+ * Adjust indentation for dpkg change. Closes: #597171
+
+ -- LaMont Jones <lamont@debian.org> Wed, 01 Dec 2010 16:32:48 -0700
+
+bind9 (1:9.7.2.dfsg.P2-3) unstable; urgency=low
+
+ [LaMont Jones]
+
+ * Adjust indentation for dpkg change. Closes: #597171
+ * acknowledge and incorporate ubuntu change.
+
+ -- LaMont Jones <lamont@debian.org> Fri, 26 Nov 2010 05:18:43 -0700
+
+bind9 (1:9.7.2.dfsg.P2-2ubuntu1) natty; urgency=low
+
+ [ Andres Rodriguez ]
+ * Add apport hook (LP: #533601):
+ - debian/bind9.apport: Added.
+
+ [ Martin Pitt ]
+ * debian/rules: Install Apport hook when building on Ubuntu.
+
+ -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 26 Nov 2010 10:50:17 +0100
+
+bind9 (1:9.7.2.dfsg.P2-2) unstable; urgency=low
+
+ [Roy Jamison]
+
+ * lib/isc/unix/resource.c was missing inttypes.h include. LP: #674199
+
+ -- LaMont Jones <lamont@debian.org> Fri, 12 Nov 2010 10:52:32 -0700
+
+bind9 (1:9.7.2.dfsg.P2-1) unstable; urgency=low
+
+ [Joe Dalton]
+
+ * Add Danish translation of debconf templates. Closes: #599431
+
+ [Internet Software Consortium, Inc]
+
+ * v9.7.2-P2
+
+ [José Figueiredo]
+
+ * Add Brazilian Portuguese debconf templates translation. Closes: #597616
+
+ [LaMont Jones]
+
+ * drop this v3 (quilt) source format idea. Closes: #589916
+
+ -- LaMont Jones <lamont@debian.org> Sun, 10 Oct 2010 19:01:57 -0600
+
+bind9 (1:9.7.1.dfsg.P2-2) unstable; urgency=low
+
+ * Correct conflicts for bind9-host
+
+ -- LaMont Jones <lamont@debian.org> Fri, 16 Jul 2010 05:24:38 -0600
+
+bind9 (1:9.7.1.dfsg.P2-1) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * Temporarily and partially disable change 2864 because it would cause
+ inifinite attempts of RRSIG queries. This is an urgent care fix; we'll
+ revisit the issue and complete the fix later. [RT #21710]
+ * Temporarially rollback change 2748. [RT #21594]
+ * Named failed to accept uncachable negative responses from insecure zones.
+ [RT# 21555]
+
+ [LaMont Jones]
+
+ * freshen copyright file
+
+ -- LaMont Jones <lamont@debian.org> Thu, 15 Jul 2010 15:07:54 -0600
+
+bind9 (1:9.7.1.dfsg.0-1) unstable; urgency=low
+
+ * Repack to drop zkt/doc/{draft,rfc}* Closes: #588055
+
+ -- LaMont Jones <lamont@debian.org> Mon, 05 Jul 2010 07:21:34 -0600
+
+bind9 (1:9.7.1.dfsg-2) unstable; urgency=low
+
+ [Regid Ichira]
+
+ * explicitly add nsupdate to dynamic updates in README.Debian.
+ Closes: #577398
+
+ [LaMont Jones]
+
+ * Cleanup bind9-host description. Closes: #579421
+ * switch to 3.0 (quilt) source format, but not to quilt. Closes: #578210
+
+ [Stephen Gran]
+
+ * updated geoip patch for ipv6, based on work by John 'Warthog9' Hawley
+ <warthog9@eaglescrag.net>. Closes: #584603
+
+ -- LaMont Jones <lamont@debian.org> Fri, 02 Jul 2010 08:19:29 -0600
+
+bind9 (1:9.7.1.dfsg-1) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.7.1
+
+ [LaMont Jones]
+
+ * Add freebsd support. Closes: #578447
+ * soname changes
+ * freshen root cache. LP: #596363
+
+ -- LaMont Jones <lamont@debian.org> Mon, 21 Jun 2010 09:53:30 -0600
+
+bind9 (1:9.7.0.dfsg.P1-1) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.7.0-P1
+ - 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
+
+ -- LaMont Jones <lamont@debian.org> Wed, 17 Mar 2010 08:06:42 -0600
+
+bind9 (1:9.7.0.dfsg.1-1) unstable; urgency=low
+
+ [Niko Tyni]
+
+ * fix mips/mipsel startup. Closes: #516616
+
+ [LaMont Jones]
+
+ * ignore failures due to a lack of /etc/bind/named.conf*. LP: #422968
+ * ldap API changed regarding % sign. LP: #227344
+ * Drop more rfc and draft files. Closes: #572606
+ * update config.guess, config.sub. Closes: #572528
+
+ -- LaMont Jones <lamont@debian.org> Fri, 12 Mar 2010 14:56:08 -0700
+
+bind9 (1:9.7.0.dfsg-2) unstable; urgency=low
+
+ [Aurelien Jarno]
+
+ * kfreebsd has linux threads. Closes: #470500
+
+ [LaMont Jones]
+
+ * do not error out on initial install. Closes: #572443
+
+ -- LaMont Jones <lamont@debian.org> Thu, 04 Mar 2010 09:32:13 -0700
+
+bind9 (1:9.7.0.dfsg-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- LaMont Jones <lamont@debian.org> Wed, 17 Feb 2010 14:53:36 -0700
+
+bind9 (1:9.7.0.dfsg~rc2-1) experimental; urgency=low
+
+ * New upstream release
+
+ -- LaMont Jones <lamont@debian.org> Thu, 28 Jan 2010 05:46:50 -0700
+
+bind9 (1:9.7.0.dfsg~b3-2) experimental; urgency=low
+
+ * merge changes from 9.6.1.dfsg.P2-1
+ * meta: drop verisoned depends from library packages, for less upgrade pain
+ * apparmor: allow named to create /var/run/named/session.key
+
+ -- LaMont Jones <lamont@debian.org> Sun, 06 Dec 2009 11:46:17 -0700
+
+bind9 (1:9.7.0.dfsg~b3-1) experimental; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.7.0b3
+
+ [LaMont Jones]
+
+ * Merge remote branch 'origin/master'
+ * soname changes
+
+ -- LaMont Jones <lamont@debian.org> Mon, 30 Nov 2009 21:07:58 -0700
+
+bind9 (1:9.6.1.dfsg.P2-1) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.6.1-P2
+ - When validating, track whether pending data was from the
+ additional section or not and only return it if validates
+ as secure. [RT #20438] CVE-2009-4022
+
+ [LaMont Jones]
+
+ * prerm: do not stop named on upgrade. Closes: #542888
+ * Drop some RFCs that crept into the diff.
+ * meta: add ${misc:Depends}
+ * lintian: update config.guess, config.sub in idnkit-1.0 tree
+ * dnsutils: remove pre-sarge dpkg-divert calls in postinst
+ * meta: soname changes
+ * l10n: missing newline in pofile.
+
+ -- LaMont Jones <lamont@debian.org> Fri, 27 Nov 2009 10:07:10 -0700
+
+bind9 (1:9.7.0.dfsg~b2-2) experimental; urgency=low
+
+ * dnsutils: remove pre-sarge dpkg-divert calls in postinst
+
+ -- LaMont Jones <lamont@debian.org> Tue, 17 Nov 2009 22:42:40 -0600
+
+bind9 (1:9.7.0.dfsg~b2-1) experimental; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.7.0b2
+
+ [LaMont Jones]
+
+ * /etc/bind/bind.keys need not be executable.
+ * bind9: drop old stale code from postinst
+ * prerm: do not stop named on upgrade. Closes: #542888
+ * Drop some RFCs that crept into the diff.
+ * meta: add ${misc:Depends}
+ * lintian: update config.guess, config.sub in idnkit-1.0 tree
+ * l10n: missing newline in pofile.
+
+ -- LaMont Jones <lamont@debian.org> Mon, 16 Nov 2009 18:53:24 -0700
+
+bind9 (1:9.7.0~a1.dfsg-0) experimental; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.7.0a1
+
+ -- LaMont Jones <lamont@debian.org> Wed, 24 Jun 2009 15:10:08 -0600
+
+bind9 (1:9.6.1.dfsg.P1-3) unstable; urgency=low
+
+ * Build-Depend on the fixed libgeoip-dev. Closes: #540973
+
+ -- LaMont Jones <lamont@debian.org> Mon, 17 Aug 2009 06:53:11 -0600
+
+bind9 (1:9.6.1.dfsg.P1-2) unstable; urgency=low
+
+ [Jamie Strandboge]
+
+ * reload individual named profile, not all of apparmor. LP: #412751
+
+ [Guillaume Delacour]
+
+ * bind9 did not purge cleanly. Closes: #497959
+
+ [LaMont Jones]
+
+ * postinst: do not append a blank line to /etc/default/bind9.
+ Closes: #541469
+ * init.d stop needs to not error out. LP: #398033
+ * meta: fix build-depends. Closes: #539230
+
+ -- LaMont Jones <lamont@debian.org> Fri, 14 Aug 2009 17:03:31 -0600
+
+bind9 (1:9.6.1.dfsg.P1-1) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * A specially crafted update packet will cause named to exit.
+ CVE-2009-0696, CERT VU#725188. Closes: #538975
+
+ [InterNIC]
+
+ * Update db.root hints file.
+
+ [LaMont Jones]
+
+ * Move default zone definitions from named.conf to named.conf.default-zones.
+ Closes: #492308
+ * use start-stop-daemon if rndc stop fails. Closes: #536487
+ * lwresd: pidfile name was wrong in init script. Closes: #527137
+
+ -- LaMont Jones <lamont@debian.org> Tue, 28 Jul 2009 22:03:14 -0600
+
+bind9 (1:9.6.1.dfsg-2) unstable; urgency=low
+
+ * ia64: fix atomic.h
+
+ -- LaMont Jones <lamont@debian.org> Tue, 23 Jun 2009 01:56:35 -0600
+
+bind9 (1:9.6.1.dfsg-1) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.6.1
+
+ -- LaMont Jones <lamont@debian.org> Mon, 22 Jun 2009 14:33:20 -0600
+
+bind9 (1:9.6.0.dfsg.P1-3) unstable; urgency=low
+
+ [Martin Zobel-Helas]
+
+ * GEO-IP Patch from
+ git://git.kernel.org/pub/scm/network/bind/bind-geodns.git. Closes: #395191
+
+ [LaMont Jones]
+
+ * Remove /var/lib/bind on purge. Closes: #527613
+ * Build-Depend: libdb-dev (>4.6). Closes: #527877, #528772
+ * init.d: detect rndc errors better. LP: #380962
+ * init.d: clean up exit status. Closes: #523454
+ * Enable pkcs11 support, and then Revert - causes assertion failures
+ c.f.: #516552
+
+ -- LaMont Jones <lamont@debian.org> Mon, 22 Jun 2009 13:58:32 -0600
+
+bind9 (1:9.6.0.dfsg.P1-2) unstable; urgency=low
+
+ * random_1 broke memory usage assertions.
+
+ -- LaMont Jones <lamont@debian.org> Thu, 23 Apr 2009 05:15:45 -0600
+
+bind9 (1:9.6.0.dfsg.P1-1) experimental; urgency=low
+
+ [Michael Milligan]
+
+ * Add min-cache-ttl and min-ncache-ttl keywords
+
+ [LaMont Jones]
+
+ * Fix merge errors from 9.6.0.dfsg.P1-0
+
+ -- LaMont Jones <lamont@debian.org> Fri, 20 Mar 2009 15:50:50 -0600
+
+bind9 (1:9.6.0.dfsg.P1-0) experimental; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.6.0-P1
+
+ [LaMont Jones]
+
+ * meta: fix override disparity
+ * meta: soname package fixups for 9.6.0
+ * meta: update Standards-Version: 3.7.3.0
+ * upstream now uses a bind subdir. Closes: #212659
+
+ [Sven Joachim]
+
+ * meta: pass host and build into configure for hybrid build machines.
+ Closes: #515110
+
+ -- LaMont Jones <lamont@debian.org> Fri, 20 Mar 2009 11:54:55 -0600
+
+bind9 (1:9.5.1.dfsg.P1-3) unstable; urgency=low
+
+ * package -2 for unstable
+
+ -- LaMont Jones <lamont@debian.org> Wed, 18 Mar 2009 09:40:18 -0600
+
+bind9 (1:9.5.1.dfsg.P1-2) stable; urgency=low
+
+ [Juhana Helovuo]
+
+ * fix atomic operations on alpha. Closes: #512285
+
+ [Dann Frazier]
+
+ * fix atomic operations on ia64. Closes: #520179
+
+ [LaMont Jones]
+
+ * build-conflict: libdb4.2-dev. Closes: #515074, #507013
+
+ [localization folks]
+
+ * l10n: Basque debconf template. Closes: #516549 (Piarres Beobide)
+
+ -- LaMont Jones <lamont@debian.org> Wed, 18 Mar 2009 05:30:22 -0600
+
+bind9 (1:9.5.1.dfsg.P1-1) unstable; urgency=low
+
+ * New upstream patch release
+ - supportable version of fix from 9.5.0.dfsg.P2-5.1
+ - CVE-2009-0025: Closes: #511936
+ - 2475: Overly agressive cache entry removal. Closes: #511768
+ - other bug fixes worthy of patch-release inclusion
+
+ -- LaMont Jones <lamont@debian.org> Mon, 26 Jan 2009 10:33:42 -0700
+
+bind9 (1:9.5.0.dfsg.P2-5.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Apply upstream ACL fixes from 9.5.1 to fix RC bug. Patch was provided
+ by Evan Hunt (upstream bind9 developer) after Emmanuel Bouthenot
+ contacted him. Closes: #496954, #501800.
+ * Remove obsolete dh_installmanpages invocation which was adding
+ unwanted manual pages to bind9. Closes: #486196.
+
+ -- Ben Hutchings <ben@decadent.org.uk> Fri, 02 Jan 2009 16:51:42 +0000
+
+bind9 (1:9.5.0.dfsg.P2-5) unstable; urgency=low
+
+ [ISC]
+
+ * 2463: IPv6 Advanced Socket API broken on linux. LP: #249824
+
+ [Jamie Strandboge]
+
+ * apparmor: add capability sys_resource
+ * apparmor: add krb keytab access. LP: #277370
+
+ [LaMont Jones]
+
+ * apparmor: allow proc/*/net/if_inet6 read access too. LP: #289060
+ * apparmor: add /var/log/named/* entries. LP: #294935
+
+ [Ben Hutchings]
+
+ * meta: Add dependency of bind9 on net-tools (ifconfig used in init script)
+ * meta: Fix bind9utils Depends.
+ * meta: fix typo in package description
+
+ [localization folks]
+
+ * l10n: add polish debconf translations. Closes: #506856 (L)
+
+ -- LaMont Jones <lamont@debian.org> Sun, 07 Dec 2008 21:03:29 -0700
+
+bind9 (1:9.5.0.dfsg.P2-4) unstable; urgency=low
+
+ * meta: fix typo in Depends: lsb-base. Closes: #501365
+
+ -- LaMont Jones <lamont@debian.org> Tue, 07 Oct 2008 17:20:11 -0600
+
+bind9 (1:9.5.0.dfsg.P2-3) unstable; urgency=low
+
+ [LaMont Jones]
+
+ * enable largefile support. Closes: #497040
+
+ [localization folks]
+
+ * l10n: Dutch translation. Closes: #499977 (Paul Gevers)
+ * l10n: simplified chinese debconf template. Closes: #501103 (LI Daobing)
+ * l10n: Update spanish template. Closes: #493775 (Ignacio Mondino)
+
+ -- LaMont Jones <lamont@debian.org> Sun, 05 Oct 2008 20:20:00 -0600
+
+bind9 (1:9.5.0.dfsg.P2-2) unstable; urgency=low
+
+ [Kees Cook]
+
+ * debian/{control,rules}: enable PIE hardening (from -1ubuntu1)
+
+ [Nicolas Valcárcel]
+
+ * Add ufw integration (from -1ubuntu2)
+
+ [Dustin Kirkland]
+
+ * use pid file in init.d/bind9 status. LP: #247084
+
+ [LaMont Jones]
+
+ * dig: add -DDIG_SIGCHASE to compile options. LP: #257682
+ * apparmor profile: add /var/log/named
+
+ [Nikita Ofitserov]
+
+ * ipv6 support requires _GNU_SOURCE definition. LP: #249824
+
+ -- LaMont Jones <lamont@debian.org> Thu, 28 Aug 2008 23:08:36 -0600
+
+bind9 (1:9.5.0.dfsg.P2-1) unstable; urgency=low
+
+ [LaMont Jones]
+
+ * default to using resolvconf if it is installed
+ * fix sonames and dependencies. Closes: #149259, #492418
+ * Do not build-depend libcap2-dev on non-linux. Closes: #493392
+ * drop unused query-loc manpage. Closes: #492564
+ * lwresd: Deliver /etc/bind directory. Closes: #490027
+ * fix query-source comment in default install
+
+ [Internet Software Consortium, Inc]
+
+ * 9.5.0-P2. Closes: #492949
+
+ [localization folks]
+
+ * l10n: Spanish debconf translation. Closes: #492425 (Ignacio Mondino)
+ * l10n: Swedish debconf templates. Closes: #491369 (Martin Ågren)
+ * l10n: Japanese debconf translations. Closes: #492048 (Hideki Yamane
+ (Debian-JP))
+ * l10n: Finnish translation. Closes: #490630 (Esko Arajärvi)
+ * l10n: Italian debconf translations. Closes: #492587 (Alessandro Vietta)
+
+ -- LaMont Jones <lamont@debian.org> Sat, 02 Aug 2008 14:20:20 -0600
+
+bind9 (1:9.5.0.dfsg.P1-2) unstable; urgency=low
+
+ * Revert "meta: merge the mess of single-lib packages back into one large
+ one." - That way lies madness and pain.
+ * init.d/bind9: implement status function. LP: #203169
+
+ -- LaMont Jones <lamont@debian.org> Tue, 08 Jul 2008 21:56:58 -0600
+
+bind9 (1:9.5.0.dfsg.P1-1) unstable; urgency=low
+
+ * Repackage 9.5.0.dfsg-5 with the -P1 tarball.
+
+ -- LaMont Jones <lamont@debian.org> Tue, 08 Jul 2008 15:06:07 -0600
+
+bind9 (1:9.5.0.dfsg-5) unstable; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * Randomize UDP query source ports to improve forgery resilience.
+ (CVE-2008-1447)
+
+ [LaMont Jones]
+
+ * add build-depends: texlive-latex-base, xsltproc, remove Bv9ARM.pdf in clean
+ * fix sonames
+ * drop unneeded build-deps, since we do not actually deliver B9vARM.pdf
+ * meta: cleanup libbind9-41 Provides/Conflicts
+ * build: fix sonames for new libraries
+ * postinst: really restart bind/lwresd in postinst
+
+ -- LaMont Jones <lamont@debian.org> Sun, 06 Jul 2008 21:34:18 -0600
+
+bind9 (1:9.5.0.dfsg-4) unstable; urgency=low
+
+ [LaMont Jones]
+
+ * control: fix dnsutils description to avoid list reformatting.
+ Closes: #480317
+ * lwresd: restart in postinst. Closes: #486481
+ * meta: merge the mess of single-lib packages back into one large one.
+ * apparmor: allow bind to create files in /var/{lib,cache}/bind
+ * build: drop .la files. Closes: #486969
+ * build: drop the extra lib path from the library-package merge
+ * meta: liblwres40 does not conflict with the libbind9-40-provided libbind0
+
+ [localization folks]
+
+ * l10n: German debconf translation. Closes: #486547 (Helge Kreutzmann)
+ * l10n: Indonesian debconf translations. Closes: #486503 (Arief S Fitrianto)
+ * l10n: Slovak po-debconf translation Closes: #488905 (helix84)
+ * l10n: Turkish debconf template. Closes: #486479 (Mert Dirik)
+
+ -- LaMont Jones <lamont@debian.org> Mon, 30 Jun 2008 11:22:05 -0600
+
+bind9 (1:9.4.2-12) unstable; urgency=low
+
+ * apparmor: allow bind to create files in /var/{lib,cache}/bind
+
+ -- LaMont Jones <lamont@debian.org> Mon, 30 Jun 2008 11:17:53 -0600
+
+bind9 (1:9.4.2-11) unstable; urgency=low
+
+ * apparmor: add dnscvsutil package files
+ * lwresd Depends: adduser
+ * control: fix dnsutils description to avoid list reformatting.
+ Closes: #480317
+
+ -- LaMont Jones <lamont@debian.org> Tue, 17 Jun 2008 21:30:12 -0600
+
+bind9 (1:9.5.0.dfsg-3) unstable; urgency=low
+
+ [LaMont Jones]
+
+ * bind9utils Depends: libbind9-40. Closes: #486194
+ * bind9 should not deliver manpages for nonexistant binaries.
+ Closes: #486196
+
+ [localization folks]
+
+ * l10n: Vietnamese debconf templates translation update. Closes: #486185
+ (Clytie Siddall)
+ * l10n: Russian debconf templates translation. Closes: #486191 (Yuri Kozlov)
+ * l10n: Galician debconf template. Closes: #486215 (Jacobo Tarrio)
+ * l10n: French debconf templates. Closes: #486325 (CALARESU Luc)
+ * l10n: Czech debconf translation. Closes: #486337 (Miroslav Kure)
+ * l10n: Updated Portuguese translation. Closes: #486267 (Traduz -
+ Portuguese Translation Team)
+
+ -- LaMont Jones <lamont@debian.org> Sun, 15 Jun 2008 18:25:02 -0600
+
+bind9 (1:9.5.0.dfsg-2) unstable; urgency=low
+
+ [Tim Spriggs]
+
+ * init.d: Nexenta has different ifconfig arguments
+
+ [LaMont Jones]
+
+ * templates rework from debian-l10n-english
+ * reload named when an interface goes up or down. LP: #226495
+ * build: need to create the directories for interface restart triggering
+ * Build-Depends: libcap2-dev. Closes: #485747
+ * Leave named running during update. Closes: #453765
+ * Fix path to uname, cleaning up the nexenta checks.
+ * l10n: avoid double-question in templates.
+
+ [localization folks]
+
+ * l10n: Vietnamese debconf translations. Closes: #483911 (Clytie Siddall)
+ * l10n: Portuguese debconf translations. Closes: #483872 (Traduz -
+ Portuguese Translation Team)
+
+ -- LaMont Jones <lamont@debian.org> Fri, 13 Jun 2008 16:54:42 -0600
+
+bind9 (1:9.5.0.dfsg-1) unstable; urgency=low
+
+ [LaMont Jones]
+
+ * manpages: fix references that should say /etc/bind
+ * meta: build-depend libxml2-dev for statistics support
+
+ -- LaMont Jones <lamont@debian.org> Sat, 31 May 2008 12:17:21 -0600
+
+bind9 (1:9.5.0.dfsg-0) experimental; urgency=low
+
+ [Internet Software Consortium, Inc]
+
+ * 9.5.0 release
+
+ [LaMont Jones]
+
+ * Only use capabilities if they are present: reprise. Closes: #360339, #212226
+ * control: fix dnsutils description to avoid list reformatting. Closes: #480317
+ * build: use the correct directories in dh_shlibdeps invocation
+ * build: turn on dlz. No pgsql or mysql support yet. LP: #227344
+
+ -- LaMont Jones <lamont@debian.org> Thu, 29 May 2008 22:05:19 -0600
+
+bind9 (1:9.5.0~rc1-2~0ubuntu2) intrepid; urgency=low
+
+ * build: use the correct directories in dh_shlibdeps invocation
+ * build: turn on dlz. LP: #227344
+
+ -- LaMont Jones <lamont@ubuntu.com> Tue, 27 May 2008 21:43:06 -0600
+
+bind9 (1:9.5.0~rc1-2~0ubuntu1) intrepid; urgency=low
+
+ * Upload what will become (maybe an ancestor of) -2 to intrepid.
+ - Only use capabilities if they are present: reprise. Closes: #360339, #212226
+ - control: fix dnsutils description to avoid list reformatting. Closes: #480317
+
+ -- LaMont Jones <lamont@ubuntu.com> Mon, 26 May 2008 11:46:27 -0600
+
+bind9 (1:9.5.0~rc1-1) experimental; urgency=low
+
+ [Patrick Winnertz]
+
+ * postinst: make add debconf support. Closes: #473460
+
+ [Jamie Strandboge]
+
+ * debian/bind9.preinst: Apparmor force-complain on upgrade without
+ existing profile. LP: #204658
+
+ [LaMont Jones]
+
+ * bind9utils: fix typos in .install
+ * host: manpage inaccurately describes default query. LP: #203087
+ * apparmor: add dnscvsutil package files
+ * Revert "Only use capabilities if they are present." for merge of 9.5.0rc1.
+ * soname: libdns41 -> 42
+ * fix typos in debconf patch, #473460
+ * cleanup more files in clean target
+ * lwresd Depends: adduser
+
+ -- LaMont Jones <lamont@debian.org> Thu, 15 May 2008 17:59:54 -0600
+
+bind9 (1:9.5.0~b2-2) experimental; urgency=low
+
+ * meta: add bind9utils binary package, with various useful utilities. Closes: #151957, #130445, #160483
+
+ -- LaMont Jones <lamont@debian.org> Thu, 03 Apr 2008 07:01:42 -0600
+
+bind9 (1:9.4.2-10) unstable; urgency=low
+
+ [Jamie Strandboge]
+
+ * debian/bind9.preinst: AA force-complain on upgrade without existing
+ profile. LP: #204658
+
+ [LaMont Jones]
+
+ * host: manpage inaccurately describes default query. LP: #203087
+
+ -- LaMont Jones <lamont@debian.org> Tue, 08 Apr 2008 22:45:57 -0600
+
+bind9 (1:9.4.2-9) unstable; urgency=low
+
+ * apparmor: allow subdirs in {/etc,/var/cache,/var/lib}/bind
+ * apparmor: make profile match README.Debian
+
+ -- LaMont Jones <lamont@debian.org> Tue, 01 Apr 2008 21:13:05 -0600
+
+bind9 (1:9.4.2-8) unstable; urgency=low
+
+ [ISC]
+
+ * CVE-2008-0122: off by one error in (unused) inet_network function.
+ Closes: #462783 LP: #203476
+
+ [Michael Milligan]
+
+ * Fix min-cache-ttl and min-ncache-ttl keywords
+
+ [Jamie Strandboge]
+
+ * apparmor: force complain-mode for apparmor on certain upgrades. LP: #203528
+ * debian/bind9.postrm: purge /etc/apparmor.d/force-complain/usr.sbin.named
+
+ -- LaMont Jones <lamont@debian.org> Tue, 18 Mar 2008 18:35:15 -0600
+
+bind9 (1:9.4.2-7) unstable; urgency=low
+
+ [Jamie Strandboge]
+
+ * Allow rw access to /var/lib/bind/* in apparmor-profile. LP: #201954
+
+ [LaMont Jones]
+
+ * Drop root-delegation comments from named.conf. Closes: #217829, #297219
+
+ -- LaMont Jones <lamont@debian.org> Sat, 15 Mar 2008 09:48:10 -0600
+
+bind9 (1:9.4.2-6) unstable; urgency=low
+
+ * Correct apparmor profile filename. LP: #200739
+
+ -- LaMont Jones <lamont@debian.org> Mon, 10 Mar 2008 14:28:01 -0600
+
+bind9 (1:9.4.2-5) unstable; urgency=low
+
+ * add "order random_1" support (return one random RR)
+ * Fix doc pathnames in README.Debian. Closes: #266891
+ * Add AAAA ::1 entry to db.local. Closes: #230088
+
+ -- LaMont Jones <lamont@debian.org> Mon, 10 Mar 2008 13:51:28 -0600
+
+bind9 (1:9.5.0~b2-1) experimental; urgency=low
+
+ [Thiemo Seufer]
+
+ * mips:atomic.h: improve implementation of atomic ops, fix mips{el,64}
+
+ [LaMont Jones]
+
+ * manpages: call it /etc/bind/named.conf throughout, and typos. Closes: #419750
+ * named.conf.5: correct filename. Closes: #428015
+ * manpages: fix typo errors. Closes: #395834
+ * Makefile.in: be explicit about library paths
+ * build: Turn on GSS-TSIG support. LP: #158197
+ * build: soname changes
+ * db.root: include AAAA RRs. Closes: #464111
+ * soname: lib{dns,isc}40 -> 41
+ * meta: use binary:Version instead of Source-Version
+
+ [Andreas John]
+
+ * Only use capabilities if they are present. Closes: #360339, #212226
+
+ -- LaMont Jones <lamont@debian.org> Sat, 23 Feb 2008 08:06:17 -0700
+
+bind9 (1:9.4.2-4) unstable; urgency=low
+
+ * incorporate ubuntu apparmor change from Jamie Strandboge,
+ with changes:
+ - Add apparmor profile, reload apparmor profile on config
+ - Add a note about apparmor to README.Debian
+ - conflicts/replaces old apparmor versions
+ * db.root: include AAAA RRs. Closes: #464111
+ * Don't die when /var/lib/bind already exists. LP: #191685
+ * build: turn on optimization. Closes: #435194
+
+ -- LaMont Jones <lamont@debian.org> Fri, 22 Feb 2008 22:05:25 -0700
+
+bind9 (1:9.4.2-3ubuntu1) hardy; urgency=low
+
+ * add AppArmor profile
+ + debian/apparmor-profile
+ + debian/bind9.postinst: Reload AA profile on configuration
+ * updated debian/README.Debian for note on AppArmor
+ * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
+ should now take control
+ * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
+ to make sure that if earlier version of apparmor-profiles gets installed
+ it won't overwrite our profile
+ * Modify Maintainer value to match the DebianMaintainerField
+ specification.
+
+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 Feb 2008 17:30:45 +0000
+
+bind9 (1:9.4.2-3) unstable; urgency=low
+
+ * don't run rndc-confgen when it's not there. Closes: #459551
+ * control: drop use of ${Source-Version}
+
+ -- LaMont Jones <lamont@debian.org> Mon, 07 Jan 2008 10:16:06 -0700
+
+bind9 (1:9.4.2-2) unstable; urgency=low
+
+ * init.d: add --oknodo to start-stop-daemon. Closes: #411881
+ * init: LSB dependency info. Closes: #459421, #448006
+ * meta: bind9 Suggests: resolvconf. Closes: #252285
+ * bind9: deliver /var/lib/bind directory, and document.
+ Closes: #248771, #200253, #202981, #209022
+ * lwresd: create bind user/group and rndc key if needed, at install.
+ Closes: #190742
+ * dnsutils: update long description. Closes: #236901
+
+ -- LaMont Jones <lamont@debian.org> Sun, 06 Jan 2008 12:25:31 -0700
+
+bind9 (1:9.4.2-1) unstable; urgency=low
+
+ [Mike O'Connor]
+
+ * bind9.init: LSB compliance. Closes: #448006
+
+ [Internet Software Consortium, Inc]
+
+ * New release: 9.4.2
+
+ [LaMont Jones]
+
+ * soname shifts for new release
+
+ -- LaMont Jones <lamont@debian.org> Sat, 17 Nov 2007 10:50:07 -0700
+
+bind9 (1:9.4.2~rc2-1) experimental; urgency=low
+
+ * New upstream release
+
+ -- LaMont Jones <lamont@debian.org> Fri, 12 Oct 2007 18:33:57 -0600
+
+bind9 (1:9.4.1-P1-4) unstable; urgency=low
+
+ [Thomas Antepoth]
+
+ * unix/socket.c: don't send to a socket with pending_send. Closes: #430065
+
+ [LaMont Jones]
+
+ * document git repositories
+ * db.root: l.root-servers.net changed IP address. Closes: #449148 LP: #160176
+ * init.d: if there are no networks configured, error out quickly
+
+ -- LaMont Jones <lamont@debian.org> Thu, 08 Nov 2007 21:31:55 -0700
+
+bind9 (1:9.4.1-P1-3) unstable; urgency=low
+
+ * Only deliver upstream changes with bind9-doc
+
+ -- LaMont Jones <lamont@debian.org> Thu, 04 Oct 2007 08:30:55 -0600
+
+bind9 (1:9.4.1-P1-2) unstable; urgency=low
+
+ * manpages: fix typo errors. Closes: #395834
+ * manpages: call it /etc/bind/named.conf throughout, and typos. Closes: #419750
+ * named.conf.5: correct filename. Closes: #428015
+ * bind9.NEWS: update version for ACL change doc. Closes: #435225
+ * build: don't have dnsutils deliver man pages that it shouldn't. LP: #82178
+ * nslookup.1: some of the manpage was not visible. LP: #131415
+ * document git repositories
+ * unix/socket.c: don't send to a socket with pending_send. Closes: #430065
+
+ -- LaMont Jones <lamont@debian.org> Wed, 03 Oct 2007 01:10:59 -0600
+
+bind9 (1:9.4.1-P1-1) unstable; urgency=high
+
+ * New upstream version, addresses CVE-2007-2926 and CVE-2007-2925
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 26 Jul 2007 16:41:50 -0600
+
+bind9 (1:9.4.1-1) unstable; urgency=low
+
+ * New upstream version
+
+ -- LaMont Jones <lamont@debian.org> Mon, 30 Apr 2007 16:59:05 -0600
+
+bind9 (1:9.4.0-2) unstable; urgency=low
+
+ * upload to unstable
+
+ -- LaMont Jones <lamont@debian.org> Tue, 10 Apr 2007 11:12:16 -0600
+
+bind9 (1:9.4.0-1) experimental; urgency=low
+
+ * New upstream version
+ * more mipsel patch. Closes: #406409
+
+ -- LaMont Jones <lamont@debian.org> Sun, 25 Feb 2007 11:44:11 -0700
+
+bind9 (1:9.4.0~rc2-1) experimental; urgency=low
+
+ * New upstream version. Addresses CVE-2007-0493 CVE-2007-0494
+
+ -- LaMont Jones <lamont@debian.org> Thu, 25 Jan 2007 14:26:12 -0700
+
+bind9 (1:9.4.0~rc1.0-3) experimental; urgency=low
+
+ * add NEWS file talking about the change in defaults:
+ As of bind 9.4, allow-query-cache and allow-recursion default to the
+ builtin acls 'localnets' and 'localhost'. If you are setting up a
+ name server for a network, you will almost certainly need to change
+ this.
+
+ The change in default has been done to make caching servers less
+ attractive as reflective amplifying targets for spoofed traffic.
+ This still leaves authoritative servers exposed.
+
+ -- LaMont Jones <lamont@debian.org> Wed, 24 Jan 2007 09:35:06 -0700
+
+bind9 (1:9.4.0~rc1.0-2) experimental; urgency=low
+
+ * Fix mips64. Closes: #406409
+
+ -- LaMont Jones <lamont@debian.org> Sun, 21 Jan 2007 15:32:27 -0700
+
+bind9 (1:9.4.0~rc1.0-1) experimental; urgency=low
+
+ * Broken orig.tar.gz.
+
+ -- LaMont Jones <lamont@debian.org> Thu, 28 Dec 2006 23:04:05 -0700
+
+bind9 (1:9.4.0~rc1-1) experimental; urgency=low
+
+ * New upstream
+
+ -- LaMont Jones <lamont@debian.org> Thu, 28 Dec 2006 19:00:37 -0700
+
+bind9 (1:9.3.4-2etch2) stable-proposed-updates; urgency=low
+
+ [Thomas Antepoth]
+
+ * unix/socket.c: don't send to a socket with pending_send. Closes: #430065
+
+ [LaMont Jones]
+
+ * document git repositories
+ * db.root: l.root-servers.net changed IP address. Closes: #449148
+
+ -- LaMont Jones <lamont@debian.org> Mon, 05 Nov 2007 19:48:23 -0700
+
+bind9 (1:9.3.4-2etch1) stable-security; urgency=high
+
+ * Fix DNS cache poisoning through predictable query IDs. (CVE-2007-2926)
+
+ -- Moritz Muehlenhoff <jmm@debian.org> Tue, 24 Jul 2007 22:09:35 +0000
+
+bind9 (1:9.3.4-2) unstable; urgency=high
+
+ * Actually really do the merge of 9.3.4. Sigh. Closes: #408925
+
+ -- LaMont Jones <lamont@debian.org> Mon, 29 Jan 2007 06:09:03 -0700
+
+bind9 (1:9.3.4-1) unstable; urgency=high
+
+ * New upstream version. Addresses CVE-2007-0493 CVE-2007-0494
+
+ -- LaMont Jones <lamont@debian.org> Thu, 25 Jan 2007 14:31:09 -0700
+
+bind9 (1:9.3.3-1) unstable; urgency=low
+
+ * New upstream version
+
+ -- LaMont Jones <lamont@debian.org> Tue, 12 Dec 2006 23:31:51 -0700
+
+bind9 (1:9.3.2-P1.0-1) unstable; urgency=low
+
+ * Fix README.Debian to point to the URL. Closes: #387437
+ * Strip rfc's from orig.tar.gz. Closes: #393359
+
+ -- LaMont Jones <lamont@mmjgroup.com> Mon, 16 Oct 2006 06:38:22 -0600
+
+bind9 (1:9.3.2-P1-2) unstable; urgency=low
+
+ * Fix init script output. Closes: #354192
+ Thanks to Joey Hess for the patch.
+ * Default install should listen on ipv6 interfaces. Closes: #382438
+
+ -- LaMont Jones <lamont@debian.org> Sat, 9 Sep 2006 19:01:53 -0600
+
+bind9 (1:9.3.2-P1-1) unstable; urgency=high
+
+ * New upstream, fixes CVE-2006-4095 and CVE-2006-4096.
+ Closes: #386237, #386245
+ * Drop gcc-3.4 [powerpc] dependency. Closes: #342957, #372203
+ * Add -fno-strict-aliasing for type-punned pointer aliasing issues
+ Closes: #386224
+ * Use getent in postinst instead of chown/chgrp. Closes: #386091, #239665
+ * Drop redundant update-rc.d calls. Closes: #356914
+
+ -- LaMont Jones <lamont@debian.org> Wed, 6 Sep 2006 08:07:13 -0600
+
+bind9 (1:9.3.2-2) unstable; urgency=low
+
+ * correct force-reload. Closes: #333841
+ * Fix init.d's usage message. Closes: #331090
+ * resolvconf tweaks. Closes: #252232, #275412
+
+ -- LaMont Jones <lamont@debian.org> Mon, 16 Jan 2006 15:17:04 -0700
+
+bind9 (1:9.3.2-1) unstable; urgency=low
+
+ * New upstream
+ * use lsb-base for start/stop messages in init.d.
+ * switch to debhelper 4
+
+ -- LaMont Jones <lamont@debian.org> Thu, 5 Jan 2006 12:29:28 -0700
+
+bind9 (1:9.3.1-2) unstable; urgency=low
+
+ * Getting good reports from experimental, uploading to sid.
+ Release team, please consider this package for sarge. Thanks.
+ * correct pidfile name in init.d/lwresd. Closes: #298100
+
+ -- LaMont Jones <lamont@debian.org> Sat, 19 Mar 2005 17:46:31 -0700
+
+bind9 (1:9.3.1-1) experimental; urgency=low
+
+ * Build with gcc-3.4 on powerpc, to work around #292958.
+
+ -- LaMont Jones <lamont@debian.org> Sat, 19 Mar 2005 11:40:06 -0700
+
+bind9 (1:9.3.1-0) experimental; urgency=low
+
+ * New upstream version.
+
+ -- LaMont Jones <lamont@debian.org> Sun, 13 Mar 2005 21:44:57 -0700
+
+bind9 (1:9.3.0+9.3.1beta2-1) experimental; urgency=low
+
+ * new upstream version
+
+ -- LaMont Jones <lamont@debian.org> Tue, 25 Jan 2005 14:21:51 -0700
+
+bind9 (1:9.3.0-1) experimental; urgency=low
+
+ * New upstream version
+
+ -- LaMont Jones <lamont@debian.org> Sat, 25 Sep 2004 21:35:46 -0600
+
+bind9 (1:9.2.4-1) unstable; urgency=high
+
+ * New upstream version. Closes: #269157 and others.
+ * Version debhelper build-dep. Closes: #262720
+
+ -- LaMont Jones <lamont@mmjgroup.com> Thu, 23 Sep 2004 09:11:37 -0600
+
+bind9 (1:9.2.3+9.2.4-rc7-1) unstable; urgency=low
+
+ * New upstream
+
+ -- LaMont Jones <lamont@mmjgroup.com> Wed, 1 Sep 2004 00:04:55 -0600
+
+bind9 (1:9.2.3+9.2.4-rc6-1) unstable; urgency=low
+
+ * New upstream.
+ * Comment out delegation-only directives in named.conf
+
+ -- LaMont Jones <lamont@debian.org> Mon, 2 Aug 2004 10:00:38 -0600
+
+bind9 (1:9.2.3+9.2.4-rc5-1) unstable; urgency=low
+
+ * New upstream release candidate
+
+ -- LaMont Jones <lamont@debian.org> Thu, 17 Jun 2004 19:50:37 -0600
+
+bind9 (1:9.2.3+9.2.4-rc2-1) unstable; urgency=low
+
+ * New upstream release candidate
+ * Remove shared library symlinks in clean. Closes: #243109
+ * Deal with capset being a module. Closes: #245043, #240874, #241605
+ * deliver /var/run/bind/run in lwresd as well. Closes: #186569
+
+ -- LaMont Jones <lamont@debian.org> Thu, 22 Apr 2004 12:20:05 -0600
+
+bind9 (1:9.2.3-3) unstable; urgency=low
+
+ * new IP for b.root-servers.net. Closes: #234278
+ * Fix RC linkages to match bind8. Closes: #218007
+
+ -- LaMont Jones <lamont@debian.org> Mon, 1 Mar 2004 15:00:44 -0700
+
+bind9 (1:9.2.3-2) unstable; urgency=low
+
+ * Rebuild autoconf files for mips. Closes: #221419
+
+ -- LaMont Jones <lamont@debian.org> Tue, 18 Nov 2003 06:33:34 -0700
+
+bind9 (1:9.2.3-1) unstable; urgency=low
+
+ * New upstream.
+ * cleanup zones.rfc1918/db.empty stuff.
+ * Fix Makefiles to work even if the build environment is unclean.
+ Closes: #211503
+ * Add comments about root-delegation-only to named.conf. Closes: #212243
+ * Add resolvconf support. Closes: #199255
+ * more SO_BSDCOMPAT hacks for linux. Closes: #220735, #214460
+
+ -- LaMont Jones <lamont@debian.org> Mon, 17 Nov 2003 21:30:33 -0700
+
+bind9 (1:9.2.2+9.2.3rc4-1) unstable; urgency=low
+
+ * Yet another new upstream release.
+
+ -- LaMont Jones <lamont@debian.org> Mon, 22 Sep 2003 09:39:50 -0600
+
+bind9 (1:9.2.2+9.2.3rc3-1) unstable; urgency=low
+
+ * New upstream. Closes: #211752. #211503. #211496, #211520
+
+ -- LaMont Jones <lamont@debian.org> Sat, 20 Sep 2003 12:22:59 -0600
+
+bind9 (1:9.2.2+9.2.3rc2-4) unstable; urgency=low
+
+ * Really fix versioned depends. Closes: #211590
+
+ -- LaMont Jones <lamont@debian.org> Thu, 18 Sep 2003 17:29:47 -0600
+
+bind9 (1:9.2.2+9.2.3rc2-3) unstable; urgency=low
+
+ * Version depends for all the libraries. sigh. Closes: #211412,#210293
+
+ -- LaMont Jones <lamont@debian.org> Wed, 17 Sep 2003 10:56:36 -0600
+
+bind9 (1:9.2.2+9.2.3rc2-2) unstable; urgency=low
+
+ * Need a versioned depend. sigh.
+
+ -- LaMont Jones <lamont@debian.org> Wed, 17 Sep 2003 10:25:35 -0600
+
+bind9 (1:9.2.2+9.2.3rc2-1) unstable; urgency=low
+
+ * New upstream release. Closes: #211373
+ * Remove RFC's from package, per policy.
+ * Make com and net zones delegation-only by default.
+
+ -- LaMont Jones <lamont@debian.org> Wed, 17 Sep 2003 07:15:37 -0600
+
+bind9 (1:9.2.2+9.2.3rc1-3) unstable; urgency=low
+
+ * A bit more cleanup of descriptions.
+ * fix package sections
+ * Fix b0rkage with dependencies.
+
+ -- LaMont Jones <lamont@debian.org> Sun, 14 Sep 2003 09:05:10 -0600
+
+bind9 (1:9.2.2+9.2.3rc1-2) unstable; urgency=low
+
+ * Explicitly link libraries. Closes: #210653
+ * Fix descriptions. Closes: #209563, #209853, #210063
+
+ -- LaMont Jones <lamont@debian.org> Sat, 13 Sep 2003 19:29:05 -0600
+
+bind9 (1:9.2.2+9.2.3rc1-1) unstable; urgency=low
+
+ * New upstream release candidate.
+ * Quit using SO_BSDCOMPAT (why is it still in the header files??) so
+ that the kernel will shut up about it's advertised, obsolete option.
+ Closes: #201293, #204282, #205590
+
+ -- LaMont Jones <lamont@debian.org> Thu, 28 Aug 2003 14:44:28 -0600
+
+bind9 (1:9.2.2-2) unstable; urgency=low
+
+ * Fix libtool.m4. Closes: #183791
+ * move lib packages into Section: libs. Closes: #184788
+ * make sure it's libssl0.9.7. Closes: #182363
+ * Add /etc/default/lwresd. Closes: #169727
+ * Add fakeroot dir to dh_shlibdeps. Closes: #169622
+ * Fix rndc manpage. Closes: #179353
+ * Deliver /usr/bin/isc-config.sh (in libbind-dev). Closes: #178186
+
+ -- LaMont Jones <lamont@debian.org> Sat, 15 Mar 2003 16:34:15 -0700
+
+bind9 (1:9.2.2-1) unstable; urgency=low
+
+ * New upstream version
+ * Document /etc/default/bind9 in init.d script. Closes: #170267
+
+ -- LaMont Jones <lamont@debian.org> Tue, 4 Mar 2003 22:43:58 -0700
+
+bind9 (1:9.2.1-7) unstable; urgency=low
+
+ * One more overrides disparity.
+ * Fix bashism in postinst. Closes: #169531
+
+ -- LaMont Jones <lamont@debian.org> Sun, 17 Nov 2002 19:22:58 -0700
+
+bind9 (1:9.2.1-6) unstable; urgency=low
+
+ * The "I give up for now" release.
+ * Only convert to running as bind if named.conf hasn't been modified.
+ * Closes: #163552, #164352
+ * Fix overrides
+ * Cleanup README.Debian wrt non-root-by-default.
+ * Make sure that /var/run/bind/run exists in init.d script. Closes: #168912
+ * New IP for j.root-servers.net. Closes: #167818
+ * Check for 2.2.18 kernel in preinst. Closes: #164349
+ * Move local options to /etc/default/bind9. Closes: #169132, #163073
+ * Cleanup old bugs (fixed in -5, really). Closes: #165864
+ * Add /etc/bind/named.conf.local, included from named.conf. Closes: #129576
+ * Do options definitions in /etc/bind/named.conf.options, makes life
+ easier in the face of named.conf changes from upstream.
+ * Add missing Depends: adduser
+
+ -- LaMont Jones <lamont@debian.org> Sat, 16 Nov 2002 17:05:45 -0700
+
+bind9 (1:9.2.1-5) unstable; urgency=low
+
+ * Run named a non-privileged user by default. Closes: #149059
+
+ -- LaMont Jones <lamont@debian.org> Thu, 12 Sep 2002 16:57:37 -0600
+
+bind9 (1:9.2.1-4) unstable; urgency=low
+
+ * swap maintainer/uploader status so LaMont is primary and Bdale is backup
+ * Deal with bind/bind9 collisions better. Closes: #149580
+ * Fix some documentation. Closes: #151579
+
+ -- LaMont Jones <lamont@debian.org> Wed, 4 Sep 2002 23:25:33 -0600
+
+bind9 (1:9.2.1-3) unstable; urgency=high
+
+ * fold in lib/bind/resolv from 8.3.3 to resolve buffer overlow issue in
+ resolver library, closes: #151342, #151431
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 1 Jul 2002 00:16:31 -0600
+
+bind9 (1:9.2.1-1.woody.1) testing-security woody-proposed-updates; urgency=high
+
+ * backport to woody (simple rebuild) since 9.2.1 resolves a security issue
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 4 Jun 2002 10:30:57 -0600
+
+bind9 (1:9.2.1-2) unstable; urgency=low
+
+ * don't include nslint man page, closes: #148695
+ * fix typo in rndc.8, closes: #139602
+ * add a section to README.Debian explaining the rndc key mode that has been
+ our default since 9.2.0-2, closes: #129849
+ * fix paths for named.conf in named.8 to reflect our default, closes: #143443
+ * upstream fixed the nsupdate man page at some point, closes: #121108
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 3 Jun 2002 15:44:37 -0600
+
+bind9 (1:9.2.1-1) unstable; urgency=medium
+
+ * new upstream version
+ * have bind9-host provide host, closes: #140174
+ * move bind9-host to priority standard since dnsutils depends on it or host,
+ and we prefer bind9-host over host.
+ * move libdns5 and libisc4 to priority standard since dnsutils depends on
+ them and is priority standard
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 30 May 2002 10:38:39 -0600
+
+bind9 (1:9.2.0-6) unstable; urgency=low
+
+ * move to US main! Yippee! Closes: #123969
+ * add info to README.Debian about 2.5 kernels vs --disable-linux-caps
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 23 Mar 2002 00:18:05 -0700
+
+bind9 (1:9.2.0-5) unstable; urgency=medium
+
+ * clean up various issues in the rules file
+ * make bind9-host conflict/replace old dnsutils as host does, otherwise we
+ can have problems upgrading from potato to woody, closes: #136686
+ * use /dev/urandom for rndc-confgen in postinst, it should be good enough for
+ this purpose, and will keep the postinst from blocking arbitrarily.
+ closes: #130372
+ * add fresh pointers to chroot howto to README.Debian, closes: #135774
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 16:47:12 -0700
+
+bind9 (1:9.2.0-4) unstable; urgency=low
+
+ * bind9-host needs to conflict with host, closes: #127395
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 1 Jan 2002 20:12:14 -0700
+
+bind9 (1:9.2.0-3) unstable; urgency=low
+
+ * force removal of old diverted files, closes: #126236
+ * change priority of liblwres1 from optional to standard per ftp admins
+ * add a bind9-host package so that the 'host' provided with the BIND 9.X
+ source tree can be an alternative to the aging NIKHEF version packaged
+ separately. Update dnsutils dependencies to depend on one of the two,
+ with preference to this one since it has fewer bugs (but fewer features,
+ too).
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 23 Dec 2001 00:59:15 -0700
+
+bind9 (1:9.2.0-2) unstable; urgency=medium
+
+ * change rc.d links to ensure daemon starts before and stops after other
+ daemons that may fail if name service is not working (bug was filed
+ against 8.X bind packages, but is just as relevant here!)
+ * use rndc for daemon shutdown instead of start-stop-daemon, closes: #111935
+ * add a postinst to dnsutils to remove any lingering diversions from old
+ dnsutils packages, closes: #122227
+ * not much point in delivering zone2ldap.1 since we aren't delivering
+ zone2ldap right now (though we might someday?), closes: #124058
+ * be more verbose with shared library descriptions, closes: #123426, #123428
+ * 9.2.0 added a new rndc.key file that both named and rndc will read to
+ obtain a shared key, and rndc-confgen will easily create this file with
+ a unique-per-system key. Modify named.conf and remove rndc.conf
+ to take advantage of this mechanism and stop delivering a pre-determined
+ static key to all Debian systems (which has been a mild security risk).
+ Create the key in postinst if the key file doesn't already exist, and
+ remove the file in postrm if purging.
+ Closes: #86718, #87208
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 21 Dec 2001 04:04:30 -0700
+
+bind9 (1:9.2.0-1) unstable; urgency=low
+
+ * new upstream version, closes: #108243, #112266, #114250, #119506, #120657
+ * /etc/bind/rndc.conf is now a conffile
+ * minor hacks to the README.Debian since the chroot instructions it points
+ to are 8.X specific, part of addressing bug 111868.
+ * libomapi is gone, replaced by libisccc and libisccfg
+ * a few lintian-motivated cosmetic cleanups
+ * lose task-dns-server meta package, since tasksel doesn't need it now
+ * dig problem not reproducible in this version, closes: #89526
+ * named-checkconf now uses $sysconfdir, closes: #107835
+ * no longer deliver man pages for contributed binaries we're not including
+ in dnsutils, closes: #108220
+ * fix section in nslookup man page, though that's the least of the man
+ page's problems... glitch reported is unreproducible
+ closes: #103630, #120946
+ * update libbind-dev README.Debian, closes: #121050
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 27 Nov 2001 01:41:00 -0700
+
+bind9 (1:9.1.3-1) unstable; urgency=low
+
+ * new upstream version, closes: #96483, #99824, #100647, #101568, #103429
+ * update config.sub/guess for hppa/ia64 support
+ * small init.d patch from Marco d'Itri to ease adding options on invocation
+ * stop having bind9-doc conflict/replace bind-doc since they don't really
+ conflict and there's no reason to prevent having both installed at the
+ same time, closes: #90994
+ * the CHANGES file documents fixes since 9.1.1 that probably cured the
+ reported assertion failure. If it turns out that I'm wrong, the bug can
+ be re-opened or a new one filed. I can't see any way to reproduce the bug
+ in a test case here. Closes: #99352
+ * have libbind-dev depend on the runtime library packages it delivers
+ compile-time symlinks for, closes: #100898, #103855
+ * fix lwres man pages to source man3/* instead of * so all the page content
+ can actually be found, closes: #85450, #103865
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 9 Jul 2001 11:30:39 -0600
+
+bind9 (1:9.1.1-1) unstable; urgency=low
+
+ * new upstream release
+ * update build-depends for libssl-dev
+ * add build-depends on bison, closes: #90150, #90752, #90159
+ * split up libbind0 since libdns is changing so numbers
+ * downgrade rblcheck from a depends to a suggests, closes: #90783
+ * bind9 mkdep creates files in the current working directory, closes: #58353
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 25 Apr 2001 22:53:21 -0600
+
+bind9 (1:9.1.0-3) unstable; urgency=low
+
+ * merge patch from Zack Weinberg that solves compilation problem, and
+ reduces the memory footprint of applications by making configure.in
+ smarter. Closes: #86776, #86910
+ * the bind-doc package includes all relevant documentation from the bind9
+ source tree, including HTML content in /usr/share/doc/bind9-doc/arm,
+ closes: #85718
+ * default named.conf and rndc.conf to not world-readable. This is an
+ interim step towards addressing the concerns about security raised by
+ bugs 86718 and closes: #86836 A better long-term solution would be for
+ rndc.conf to allow includes, so that both named.conf and rndc.conf could
+ include a key file built on the fly during installation while themselves
+ retaining conffile status. The required functionality has been requested
+ of the bind9 upstream, this will limit vulnerability in the meantime.
+ * add replaces logic to the dnsutils package to avoid complaints about the
+ delivery of nsupdate.8.gz, closes: #86759
+ * move a couple of man pages back from dnsutils to bind9 that really belong
+ there. sigh.
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 22 Feb 2001 16:39:02 -0700
+
+bind9 (1:9.1.0-2) unstable; urgency=low
+
+ * merge patch from Luca Filipozzi <lfilipoz@debian.org> - thanks!
+ + bind9: ships with a working rndc.conf file, closes: #84572
+ + bind9: init.d calls rndc rather than ndc on reload, closes: #85481
+ + bind9: named.conf ships with 'key' and 'control' sections
+ + bind9: correctly creates /var/cache/bind, closes: #85457
+ + lwresd: lwresd is split off into its own package, closes: #85627
+ * nsupdate is delivered by the dnsutils package, but the (wrong) man page
+ was accidentally also included in the bind9 package, closes: #85717
+ * freshen config.sub and config.guess for ia64 and hppa support
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 12 Feb 2001 23:43:55 -0700
+
+bind9 (1:9.1.0-1) unstable; urgency=low
+
+ * Initial packaging of BIND 9.1.0. Must use epoch so that meta packages
+ retain their sequencing from the bind 8 package version stream.
+ * snarf a couple of man pages from the 8.X tree for now
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 1 Feb 2001 16:30:35 -0700
+