unbound (1.9.4-2ubuntu1.9) focal-security; urgency=medium

  * SECURITY UPDATE: denial of service via large RRsets compression
    - debian/patches/CVE-2024-8508.patch: limit name compression
      calculations per packet to avoid CPU lockup in util/data/msgencode.c
    - CVE-2024-8508
  * debian/source/options: Remove 'single-debian-patch' option

 -- Vyom Yadav <vyom.yadav@canonical.com>  Thu, 17 Oct 2024 13:58:08 +0530

unbound (1.9.4-2ubuntu1.8) focal-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2024-43167-1.patch: fix null pointer
      dereference issue in function ub_ctx_set_fwd of file
      libunbound/libunbound.c
    - debian/patches/CVE-2024-43167-2.patch: fix to print a parse
      error when config is read with no name for a forward-zone, stub-
      zone or view.
    - CVE-2024-43167
  * SECURITY UPDATE: heap buffer overflow
    - debian/patches/CVE-2024-43168-1.patch: fix heap-buffer-overflow
      issue in function cfg_mark_ports of file util/config_file.c
    - debian/patches/CVE-2024-43168-2.patch: adjust error text and 
      disallow negative ports in other parts of cfg_mark_ports.
    - CVE-2024-43168

 -- Bruce Cable <bruce.cable@canonical.com>  Thu, 05 Sep 2024 16:30:26 +1000

unbound (1.9.4-2ubuntu1.6) focal-security; urgency=medium

  * SECURITY UPDATE: Unbound could be used to take part in a DoS attack
    - debian/patches/CVE-2024-33655.patch: fix for the DNSBomb
      vulnerability in doc/example.conf.in, doc/unbound.conf.5.in,
      services/cache/infra.c, services/cache/infra.h, services/mesh.c,
      testdata/*, util/config_file.c, util/config_file.h,
      util/configlexer.lex, util/configparser.y.
    - CVE-2024-33655

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 15 May 2024 15:09:15 +0200

unbound (1.9.4-2ubuntu1.5) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service issues via DNSSEC responses
    - debian/patches/CVE-2023-50387-and-CVE-2023-50868.patch:
      patch obtained from Debian's 1.9.0-2+deb10u4 package, thanks to
      Markus Koschany.
    - CVE-2023-50387
    - CVE-2023-50868

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 27 Feb 2024 16:55:01 -0500

unbound (1.9.4-2ubuntu1.4) focal-security; urgency=medium

  * SECURITY UPDATE: Non-Responsive Delegation Attack
    - debian/patches/CVE-2022-3204.patch: limit number of lookups in
      iterator/iter_delegpt.*, iterator/iter_utils.*, iterator/iterator.c,
      services/cache/dns.c, services/mesh.*.
    - CVE-2022-3204

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 15 Nov 2022 15:05:15 -0500

unbound (1.9.4-2ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: Ghost domain names issues
    - debian/patches/CVE-2022-3069x-pre1.patch: fix that nxdomain synthesis
      does not happen above the stub or forward definition in
      cachedb/cachedb.c, edns-subnet/subnetmod.c, iterator/iter_utils.c,
      iterator/iter_utils.h, iterator/iterator.c, services/cache/dns.c,
      services/cache/dns.h.
    - debian/patches/CVE-2022-3069x.patch: fix the novel ghost domain
      issues in cachedb/cachedb.c, daemon/cachedump.c, daemon/worker.c,
      dns64/dns64.c, ipsecmod/ipsecmod.c, iterator/iter_utils.c,
      iterator/iter_utils.h, iterator/iterator.c, pythonmod/interface.i,
      pythonmod/pythonmod_utils.c, services/cache/dns.c,
      services/cache/dns.h, services/mesh.c,
      testdata/iter_prefetch_change.rpl, util/module.h,
      validator/validator.c.
    - CVE-2022-30698
    - CVE-2022-30699

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 02 Aug 2022 09:55:28 -0400

unbound (1.9.4-2ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: configuration injection via MITM
    - debian/patches/CVE-2019-25031.patch: use https, remove special
      characters in contrib/create_unbound_ad_servers.sh.
    - CVE-2019-25031
  * SECURITY UPDATE: integer overflows in the regional allocator
    - debian/patches/CVE-2019-25032.patch: fix overflows in config.h.in,
      configure, configure.ac, util/regional.c.
    - CVE-2019-25032
    - CVE-2019-25033
  * SECURITY UPDATE: integer overflow in sldns_str2wire_dname_buf_origin
    - debian/patches/CVE-2019-25034.patch: check lengths in
      sldns/str2wire.c.
    - CVE-2019-25034
  * SECURITY UPDATE: out-of-bounds write in sldns_bget_token_par
    - debian/patches/CVE-2019-25035.patch: check for space in
      sldns/parse.c.
    - CVE-2019-25035
  * SECURITY UPDATE: assertion failure and denial of service
    - debian/patches/CVE-2019-25036.patch: validate lengths in
      iterator/iter_scrub.c.
    - CVE-2019-25036
  * SECURITY UPDATE: assertion failure and denial of service
    - debian/patches/CVE-2019-25037.patch: validate length in
      util/data/dname.c.
    - CVE-2019-25037
  * SECURITY UPDATE: integer overflow in a size calculation
    - debian/patches/CVE-2019-25038.patch: check for overflows in
      dnscrypt/dnscrypt.c, respip/respip.c.
    - CVE-2019-25038
    - CVE-2019-25039
  * SECURITY UPDATE: infinite loop and assertion fail via compressed name
    - debian/patches/CVE-2019-25040.patch: validate compression pointers in
      util/data/dname.c.
    - CVE-2019-25040
    - CVE-2019-25041
  * SECURITY UPDATE: out-of-bounds write via a compressed name
    - debian/patches/CVE-2019-25042.patch: move assert in
      util/data/msgreply.c.
    - CVE-2019-25042
  * SECURITY UPDATE: incorrect PID file handling
    - debian/patches/CVE-2020-28935.patch: check for symlinks in
      daemon/unbound.c.
    - CVE-2020-28935
  * debian/patches: rename debian-changes to fix-nettle-build.patch.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 05 May 2021 07:22:34 -0400

unbound (1.9.4-2ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: amplification attack and denial of service
    - debian/patches/CVE-2020-1226x.patch: fix iterator logic in
      iterator/iter_delegpt.c, iterator/iter_delegpt.h,
      iterator/iter_scrub.c, iterator/iter_utils.c, iterator/iterator.c,
      iterator/iterator.h, services/cache/dns.c, util/data/dname.c,
      util/data/msgparse.c.
    - CVE-2020-12263
    - CVE-2020-12264

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 22 May 2020 08:51:12 -0400

unbound (1.9.4-2ubuntu1) focal; urgency=medium

  * Build-depend on python-all-dev.

 -- Matthias Klose <doko@ubuntu.com>  Sat, 25 Jan 2020 11:43:33 +0100

unbound (1.9.4-2build1) focal; urgency=medium

  * No-change rebuild to build with python3.8.

 -- Matthias Klose <doko@ubuntu.com>  Sat, 25 Jan 2020 04:41:11 +0000

unbound (1.9.4-2) unstable; urgency=medium

  * Cherry-pick upstream commit ec021e0d, "fix build with nettle-3.5"
    (Closes: #941041)

 -- Robert Edmonds <edmonds@debian.org>  Sat, 26 Oct 2019 08:00:58 -0400

unbound (1.9.4-1) unstable; urgency=high

  * New upstream version 1.9.4
    - Fix CVE-2019-16866: uninitialized memory access when parsing specially
      crafted NOTIFY query.

 -- Robert Edmonds <edmonds@debian.org>  Fri, 04 Oct 2019 00:43:19 -0400

unbound (1.9.3-1) unstable; urgency=medium

  * New upstream version 1.9.3

 -- Robert Edmonds <edmonds@debian.org>  Tue, 27 Aug 2019 14:24:11 -0400

unbound (1.9.3~rc1-1) experimental; urgency=medium

  * New upstream version 1.9.3~rc1
  * debian/control: Bump Standards-Version to 4.4.0 (no changes)

 -- Robert Edmonds <edmonds@debian.org>  Sat, 17 Aug 2019 18:01:56 -0400

unbound (1.9.0-2) unstable; urgency=medium

  [ Simon Deziel ]
  * Disable chroot'ing (Closes: #921538)

 -- Robert Edmonds <edmonds@debian.org>  Sat, 09 Feb 2019 21:10:52 -0500

unbound (1.9.0-1) unstable; urgency=medium

  * New upstream version 1.9.0
  * Team upload
  * Include dpkg/default.mk instead of only buildflags.mk
  * Update d/watch to reflect new download location and add signature check

 -- Ondřej Surý <ondrej@debian.org>  Tue, 05 Feb 2019 09:49:04 +0000

unbound (1.8.1-1) unstable; urgency=medium

  * New upstream version 1.8.1

 -- Robert Edmonds <edmonds@debian.org>  Thu, 08 Nov 2018 16:50:36 -0500

unbound (1.8.0-1) unstable; urgency=medium

  * New upstream version 1.8.0
  * debian/: libunbound2.symbols → libunbound8.symbols
  * debian/rules: libunbound2 → libunbound8
  * debian/control: libunbound2 → libunbound8
  * daemon/daemon.c: Fix systemd service manager state change notification

 -- Robert Edmonds <edmonds@debian.org>  Sat, 15 Sep 2018 16:21:11 -0400

unbound (1.7.3-1) unstable; urgency=medium

  * New upstream version 1.7.3
    - Don't count CNAME response types received during qname minimisation as
      query restart. (Closes: #900800)

 -- Robert Edmonds <edmonds@debian.org>  Thu, 21 Jun 2018 12:45:09 -0400

unbound (1.7.2-1) unstable; urgency=medium

  [ Robert Edmonds ]
  * New upstream version 1.7.2
  * debian/control: Update Maintainer field (Closes: #899758)

  [ Vincent Bernat ]
  * daemon/daemon.c: Fix reload hangs with systemd (Closes: #892914)

 -- Robert Edmonds <edmonds@debian.org>  Wed, 20 Jun 2018 17:30:34 -0400

unbound (1.7.1-1) unstable; urgency=medium

  [ Robert Edmonds ]
  * debian/control: Update Vcs-* links to use salsa.debian.org URLs
  * New upstream version 1.7.1

  [ Simon Deziel ]
  * debian/apparmor-profile: Add capabilities to chown/chmod Unix control
    socket (Closes: #891705)
  * debian/apparmor-profile: Allow reading /var/lib/sss/mc/initgroups
  * debian/apparmor-profile: Permit unbound to notify readiness to systemd
    (Closes: #867186)
  * debian/apparmor-profile: Let unbound r/w anywhere under
    /var/lib/unbound (Closes: #882731)
  * debian/apparmor-profile: Use attach_disconnected

 -- Robert Edmonds <edmonds@debian.org>  Wed, 23 May 2018 15:41:54 -0400

unbound (1.6.7-1) unstable; urgency=medium

  * New upstream version 1.6.7

 -- Robert Edmonds <edmonds@debian.org>  Sun, 15 Oct 2017 17:46:46 -0400

unbound (1.6.6-1) unstable; urgency=medium

  * New upstream version 1.6.6
  * debian/control: Drop obsolete build-depends on dh-systemd
  * debian/control: Bump Standards-Version to 4.1.1 (no changes)

 -- Robert Edmonds <edmonds@debian.org>  Sat, 07 Oct 2017 00:40:08 -0400

unbound (1.6.5-1) unstable; urgency=high

  [ Robert Edmonds ]
  * New upstream version 1.6.5
    - Fix install of trust anchor when two anchors are present, makes both
      valid. Checks hash of DS but not signature of new key. This fixes
      installs between sep11 and oct11 2017.
  * debian/rules: Enable EDNS Client Subnet in daemon

  [ Simon Deziel ]
  * debian/unbound.service: Set PIDFile= (Closes: #867192)

  [ Antony Antony ]
  * debian/rules: Enable libevent for libunbound2 API (Closes: #871675)

 -- Robert Edmonds <edmonds@debian.org>  Tue, 22 Aug 2017 22:50:56 -0400

unbound (1.6.4-1) unstable; urgency=medium

  [ Robert Edmonds ]
  * New upstream version 1.6.4
    - Fixes 'malformed packet DoS when "use-caps-for-id" enabled'
      (Closes: #864730)
  * debian/copyright: Use https form of the copyright-format URL
  * debian/copyright: Bump NLnet Labs copyright years through 2017
  * debian/control: Bump Standards-Version to 4.0.0
  * debian/: Enable systemd support
  * debian/unbound.service: Use Type=notify process start-up type
    (Closes: #866804)
  * debian/: Enable experimental pluggable event base libunbound API
    (Closes: #859584)
  * debian/control: Add Depends on lsb-base to satisfy lintian's
    "init.d-script-needs-depends-on-lsb-base"

  [ Steve Langasek ]
  * debian/control: Build-Depend on python '-dev' packages, not '-all-dev'
    (Closes: #864334, #866770)

  [ Steven Chamberlain ]
  * Allow use of libbsd functions with configure option --with-libbsd
  * debian/: Configure with --with-libbsd (Closes: #853751)

 -- Robert Edmonds <edmonds@debian.org>  Mon, 03 Jul 2017 16:30:17 -0400

unbound (1.6.0-3) unstable; urgency=medium

  * Cherry-pick upstream commit svn r4000, "Include root trust anchor id
    20326 in unbound-anchor". (Closes: #855484)

 -- Robert Edmonds <edmonds@debian.org>  Sun, 19 Feb 2017 20:04:34 -0500

unbound (1.6.0-2) unstable; urgency=high

  [ Helmut Grohne ]
  * Only use fake_dsa when HAVE_SSL is defined (Closes: #848339)

 -- Robert Edmonds <edmonds@debian.org>  Sun, 18 Dec 2016 15:00:12 -0500

unbound (1.6.0-1) unstable; urgency=medium

  [ Robert Edmonds ]
  * New upstream version 1.6.0

  [ Helmut Grohne ]
  * Add pkg.unbound.libonly build profile. (Closes: #847130)

 -- Robert Edmonds <edmonds@debian.org>  Thu, 15 Dec 2016 15:26:15 -0500

unbound (1.5.10-3) unstable; urgency=medium

  [ Helmut Grohne ]
  * Fix FTCBFS: (Closes: #845941)
    + Convert python Build-Depends to cross-friendly ones.
    + Let dh_auto_configure pass --host to ./configure.

 -- Robert Edmonds <edmonds@debian.org>  Sun, 27 Nov 2016 14:41:30 -0500

unbound (1.5.10-2) unstable; urgency=medium

  * debian/unbound.install: Install usr/sbin/unbound-checkconf
    (Closes: #842797)

 -- Robert Edmonds <edmonds@debian.org>  Tue, 01 Nov 2016 16:37:52 -0400

unbound (1.5.10-1) unstable; urgency=medium

  * New upstream version 1.5.10
    - Fixes FTBFS with OpenSSL 1.1.0 (Closes: #828584)
  * debian/: Build libunbound against nettle (Closes: #828699)
  * debian/: Support Python 3 (Closes: #835972)
  * debian/rules: Install libunbound.pc into the libunbound-dev package
  * debian/copyright: Update

 -- Robert Edmonds <edmonds@debian.org>  Tue, 04 Oct 2016 03:43:45 -0400

unbound (1.5.9-3) unstable; urgency=medium

  [ Nicolas Braud-Santoni ]
  * debian/: Ship AppArmor profile (Closes: #518002)
  * debian/control: Use HTTPS for Vcs-Git link
  * debian/unbound.service: Add documentation to the systemd unit file
  * debian/control: Bump Standards-Version to 3.9.8 (no changes)

 -- Robert Edmonds <edmonds@debian.org>  Sat, 06 Aug 2016 14:51:52 -0400

unbound (1.5.9-2) unstable; urgency=low

  * debian/unbound.init: Call start-stop-daemon with --retry for 'stop'
    action (based on patch from Julien Cristau)
  * debian/: Add unbound.service, unbound-resolvconf.service
    (Closes: #826241) (Thanks to Michael Biebl)
  * debian/rules: Configure with --with-rootkey-file=/var/lib/unbound/root.key

 -- Robert Edmonds <edmonds@debian.org>  Sun, 24 Jul 2016 19:48:56 -0400

unbound (1.5.9-1) unstable; urgency=medium

  * Imported Upstream version 1.5.9
    - Updated L-Root IPv6 address (Closes: #818292)
  * debian/unbound.init: Add "pidfile" magic comment (Closes: #807132)
  * debian/libunbound2.symbols: Add new symbol 'ub_ctx_create_ub_event'
  * Enable DNS query name minimisation by default

 -- Robert Edmonds <edmonds@debian.org>  Fri, 10 Jun 2016 23:01:15 -0400

unbound (1.5.8-1) unstable; urgency=medium

  * Imported Upstream version 1.5.8
  * debian/libunbound2.symbols: Add new symbol 'ub_ctx_set_stub'
  * debian/unbound.postinst: Clean up permissions on the resolvconf
    forwarder hook on upgrades (Closes: #816425)

 -- Robert Edmonds <edmonds@debian.org>  Sun, 06 Mar 2016 22:52:28 -0500

unbound (1.5.7-2) unstable; urgency=medium

  * debian/control: Add dh-python to Build-Depends
  * debian/: Install contrib/update-anchor.sh, contrib/unbound_munin_
    (Closes: #573329)
  * Makefile.in: Pass PYTHON_CPPFLAGS to swig instead of CPPFLAGS (Closes:
    #809055)
  * debian/: Run "wrap-and-sort -sabt"
  * debian/resolvconf: No longer use RESOLVCONF_FORWARDERS from
    /etc/default/unbound
  * debian/unbound.postinst: Remove unbound-anchor invocation
  * debian/package-helper: Add helper script for init scripts and
    resolvconf
  * debian/unbound.init: Rewrite to use package-helper script
  * debian/unbound.default: Remove
  * debian/unbound.maintscript: Remove conffile /etc/default/unbound
  * debian/resolvconf-package: Add resolvconf packaging-event hook script
    (Closes: #777228)
  * debian/control: unbound: Depend on dns-root-data, for root trust
    anchor updates (Closes: #760461)
  * debian/rules: Disable the resolvconf update.d hook by default
  * debian/gbp.conf: Remove [dch] id-length
  * debian/NEWS.Debian: Add NEWS entry for 1.5.7-2
  * debian/unbound.postinst: Always chown /var/lib/unbound (Closes:
    #763901)
  * debian/package-helper: Invoke unbound-anchor as user/group unbound
  * debian/: unbound.doc -> unbound.docs; Actually install upstream docs
  * debian/unbound.docs: Install doc/README.DNS64
  * debian/unbound.docs: Install debian/NEWS.Debian
  * debian/package-helper: Clean old chroot files (Closes: #790392) (Patch
    from Simon Deziel)

 -- Robert Edmonds <edmonds@debian.org>  Sun, 21 Feb 2016 16:22:23 -0500

unbound (1.5.7-1) unstable; urgency=medium

  * [3cf7971b] debian/control: Vcs-Browser should point to cgit
    (Closes: #804437)
  * [66955294] Imported Upstream version 1.5.7

 -- Robert Edmonds <edmonds@debian.org>  Sat, 12 Dec 2015 14:48:03 -0500

unbound (1.5.6-1) unstable; urgency=medium

  * [0d5117d5] Imported Upstream version 1.5.4
  * [8327e145] Imported Upstream version 1.5.5
  * [eb2adc8c] Imported Upstream version 1.5.6
    - Closes: #796934, #803042.
  * [5a973651] debian/control: Update Maintainer, Uploaders for pkg-dns
  * [543459fa] debian/control: Update Vcs-Browser, Vcs-Git
  * [b69e513f] debian/: Run "wrap-and-sort -sbt"
  * [730f3622] debian/gbp.conf: Add [dch] section
  * [6b383656] debian/: Enable dnstap support

 -- Robert Edmonds <edmonds@debian.org>  Sun, 08 Nov 2015 01:26:27 -0500

unbound (1.5.3-1) experimental; urgency=medium

  * New upstream release.

 -- Robert Edmonds <edmonds@debian.org>  Sat, 14 Mar 2015 14:16:27 -0400

unbound (1.5.2-1) experimental; urgency=medium

  * New upstream release.
  * Migrate pidfile from /var/run to /run; closes: #773247.
  * Fix unbound-checkconf to recognize "python" in module-config;
    closes: #777193.

 -- Robert Edmonds <edmonds@debian.org>  Sat, 28 Feb 2015 21:04:03 -0500

unbound (1.5.1-1) experimental; urgency=medium

  * New upstream release.
    - Fix CVE-2014-8602: denial of service by making resolver chase
      endless series of delegations.

 -- Robert Edmonds <edmonds@debian.org>  Mon, 08 Dec 2014 15:08:30 -0500

unbound (1.5.0~rc1-1) experimental; urgency=medium

  * New upstream release.
  * Upload to experimental.

 -- Robert Edmonds <edmonds@debian.org>  Tue, 11 Nov 2014 19:18:44 -0500

unbound (1.4.22-2) unstable; urgency=medium

  * Drop unneeded Build-Dependency on doxygen.
  * Drop unneeded Build-Dependency on automake. (Unbound does not use
    automake.)
  * Use dh_autotools-dev_updateconfig to update the config.{guess,sub} files
    at build time; closes: #746313.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 18 Aug 2014 16:20:28 -0400

unbound (1.4.22-1) unstable; urgency=medium

  * New upstream release.
  * Drop Build-Dependency on libldns-dev. Unbound no longer relies on
    libldns.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 12 Mar 2014 13:21:58 -0400

unbound (1.4.21-1) unstable; urgency=low

  * New upstream release.
  * Don't compress the example config file in /usr/share/doc/unbound;
    closes: #722708.
  * Fully enable hardening options; closes: #709837.
    (Patch from Simon Deziel.)
  * Add support for .d style configuration in /etc/unbound/unbound.conf.d;
    closes: #656549.
  * Move auto-trust-anchor-file configuration for the root into the new
    /etc/unbound/unbound.conf.d directory.

 -- Robert S. Edmonds <edmonds@debian.org>  Thu, 19 Sep 2013 21:45:39 -0400

unbound (1.4.20-1) unstable; urgency=low

  * New upstream release.
    - Updates IPv4 address hint for D.ROOT-SERVERS.NET; closes: #697351.
  * Correct exit code for "/etc/init.d/unbound status"; closes: #685052.
    (Patch from micah anderson.)
  * Finish dh_python2 conversion; closes: #697575.
    (Patch from Micah Gersten.)
  * Check for multiarch Python headers; closes: #697576.
    (Patch from Micah Gersten.)
  * Automatically set up the chroot directory if enabled; closes: #579622.
    (Patch from Simon Deziel.)

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 13 Apr 2013 15:34:47 -0400

unbound (1.4.19-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Fri, 14 Dec 2012 21:33:42 -0500

unbound (1.4.18-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 05 Aug 2012 21:54:05 -0400

unbound (1.4.17-2) unstable; urgency=low

  * Build-depend on libldns-dev (>= 1.6.13~) for ECDSA support.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 28 May 2012 14:19:57 -0400

unbound (1.4.17-1) unstable; urgency=low

  * New upstream release; closes: #674434.
  * Implement 'status' command in init script; closes: #666388.
  * Fix build system bug that negated fully hardening the build;
    closes: #658021. (Patch from Simon Ruderich.)
  * Disable ECDSA support (for now) as this requires a newer ldns than is in
    the archive.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 27 May 2012 16:41:41 -0400

unbound (1.4.16-2) unstable; urgency=low

  * Enable hardened build flags; closes: #658021.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 21 Apr 2012 15:35:16 -0400

unbound (1.4.16-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 05 Feb 2012 20:02:24 -0500

unbound (1.4.14-2) unstable; urgency=high

  * Work around gcc bugs by disabling link time optimization on build
    architectures that are not i386/amd64.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 21 Dec 2011 15:52:17 -0500

unbound (1.4.14-1) unstable; urgency=high

   * New upstream release.
     - CVE-2011-4528.
   * Call dh_python2 in debian/rules; closes: #652294.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 19 Dec 2011 11:00:46 -0500

unbound (1.4.13-2) unstable; urgency=low

  * Reduce the run-time dependencies of libunbound and the unbound-*
    utilities.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 29 Oct 2011 16:16:19 -0400

unbound (1.4.13-1) unstable; urgency=low

  * New upstream release.
  * Only install forwarders learned from resolvconf into unbound if
    RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #637198.
  * Split unbound-anchor utility into separate binary package.
  * Support multi-arch.
  * Fix FTBFS with dpkg-dev 1.16.1.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 23 Oct 2011 16:55:45 -0400

unbound (1.4.12-1) unstable; urgency=medium

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 18 Jul 2011 15:56:42 -0400

unbound (1.4.11-1) unstable; urgency=low

  * New upstream release.
  * Fix FTBFS with default python >> 2.6; closes: #625520.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 03 Jul 2011 16:32:49 -0400

unbound (1.4.10-1) unstable; urgency=low

  * New upstream release:
    - CVE-2011-1922.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 25 May 2011 15:48:34 -0700

unbound (1.4.9-2) unstable; urgency=low

  * Build-depend on libldns-dev (>= 1.6.9-2~) for GOST support.
  * Configure without --disable-gost.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 03 Apr 2011 14:31:40 -0400

unbound (1.4.9-1) unstable; urgency=low

  * New upstream release.
  * Convert packaging to git.
  * Configure with --with-pythonmodule.
  * Configure with --with-pyunbound.
  * Build new python-unbound package; closes: #542094.
  * Automatically create and remove remote control key material on package
    configuration and package purge.
  * Set default remote control port to 53953 to avoid conflicting with the
    bind9 package's default use of port 953 for rndc.
  * Securely fetch or update the root trust anchor at postinst and before
    starting the unbound daemon if ROOT_TRUST_ANCHOR_UPDATE is set in
    /etc/default/unbound; closes: #594911.
  * If unbound is listening on a loopback address, provide this address as
    a nameserver to resolvconf if RESOLVCONF is enabled in
    /etc/default/unbound; closes: #562031.
  * Configure resolvconf discovered nameservers as forwarders if
    RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #567879.
  * Don't exit from the init script with an error if UNBOUND_ENABLE is not
    true; default UNBOUND_ENABLE to true if the default file is missing
    entirely; closes: #618815.
  * Support /etc/init.d/unbound reload; closes: #620256.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 02 Apr 2011 22:52:16 -0400

unbound (1.4.8-2) unstable; urgency=low

  * Add build-dependency on libexpat1-dev; closes: #612261.
  * Install unbound-anchor utility in unbound package.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 07 Feb 2011 16:06:00 -0500

unbound (1.4.8-1) unstable; urgency=low

  * New upstream release; closes: #611527.
  * Add /etc/insserv.conf.d/unbound file declaring unbound to be a name
    daemon; closes: #596488, #600118.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 06 Feb 2011 23:33:04 -0500

unbound (1.4.6-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 15 Aug 2010 18:26:43 -0400

unbound (1.4.5-1) unstable; urgency=low

  * New upstream release.
  * Add dependency on openssl to the unbound binary package; closes: #585808.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 20 Jun 2010 16:50:42 -0400

unbound (1.4.4-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Thu, 22 Apr 2010 15:24:06 -0400

unbound (1.4.3-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Thu, 11 Mar 2010 15:55:33 -0500

unbound (1.4.2-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Tue, 09 Mar 2010 14:13:31 -0500

unbound (1.4.1-2) unstable; urgency=low

  * Invoke dh_installinit with --restart-after-upgrade; closes: #563033.

 -- Robert S. Edmonds <edmonds@debian.org>  Tue, 29 Dec 2009 21:54:26 -0500

unbound (1.4.1-1) unstable; urgency=low

  * New upstream release.
  * Document copyright status of util/configparser.c, util/configparser.h;
    closes: #552066.
  * Enable libev support; closes: #552424.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 26 Dec 2009 17:19:10 -0500

unbound (1.4.0-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Fri, 04 Dec 2009 20:32:52 -0800

unbound (1.3.4-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 07 Oct 2009 12:59:21 -0400

unbound (1.3.3-1) unstable; urgency=low

  * New upstream release.
  * Drop .la file from libunbound-dev; closes: #541640.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 23 Aug 2009 13:25:53 -0400

unbound (1.3.2-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 13 Jul 2009 05:50:47 -0400

unbound (1.3.0-1) unstable; urgency=low

  * New upstream release; closes: #533613.
  * Move pid file to /var/run; closes: #533611.
  * Use "unbound-checkconf -o pidfile" in init script to determine pid file
    location (thanks Michael Tokarev).

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 29 Jun 2009 01:10:00 -0400

unbound (1.2.1-2) unstable; urgency=low

  * Closes: #527753, #509535.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 09 May 2009 16:46:32 -0400

unbound (1.2.1-1) unstable; urgency=low

  * New upstream release.
  * Remove init script chroot setup.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 28 Feb 2009 19:46:09 -0500

unbound (1.0.2-1.2) unstable; urgency=low

  * Enable unbound by default (Closes: #508884)
  * Call dh_installinit with --error-handler=true (Closes: #500176)

 -- Ondřej Surý <ondrej@debian.org>  Tue, 16 Dec 2008 11:54:15 +0100

unbound (1.0.2-1.1) unstable; urgency=low

  [ Hideki Yamane (Debian-JP) ]
  * debian/{unbound.init,unbound.default}
    + set not start by default, to avoid that port 53 blocking by other name
      servers will cause install problems
  * debian/unbound.prerm
    + fix lintian "unbound: maintainer-script-hides-init-failure prerm:5" error

  [ Ondřej Surý ]
  * Non-maintainer upload.
  * Minor tweaks to patched init.d file to make it work.

 -- Ondřej Surý <ondrej@debian.org>  Mon, 15 Dec 2008 19:54:44 +0100

unbound (1.0.2-1) unstable; urgency=low

  * New upstream release;
    + stricter filtering of DNS messages to combat cache poisoning

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 25 Aug 2008 01:03:59 -0400

unbound (1.0.1-2) unstable; urgency=low

  * unbound tries too hard to chroot(); ship a default config that doesn't
    fail to start on new installs; closes: #492243.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 02 Aug 2008 17:46:24 -0400

unbound (1.0.1-1) unstable; urgency=low

  * New upstream release.
  * Drop 'return' from init script; closes: #488650.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 16 Jul 2008 12:38:55 -0400

unbound (1.0.0-3) unstable; urgency=low

  * Lintian clean; closes: #485438.
  * Don't chroot by default; note manual syslog configuration in
    README.Debian; closes: #486303.
  * Update to policy 3.8.0.0.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 15 Jun 2008 17:25:04 -0400

unbound (1.0.0-2) unstable; urgency=low

  * Fix Build-Deps.
  * Split unbound-host into a separate package.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 25 May 2008 16:12:21 -0400

unbound (1.0.0-1) unstable; urgency=low

  * Initial release; closes: #482277.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 21 May 2008 14:13:28 -0400

