-
unbound (1.20.0-1) unstable; urgency=medium
* new upstream release with some new features and many bugfixes
Closes: CVE-2024-33655 (DNSBomb issue)
* remove do-not-look-at-pidfile.patch now once upstream
stopped chowning the pidfile
* +spelling-overriden.patch
* d/rules: enable -j in MAKEFLAGS when parallel is in DEB_BUILD_OPTIONS
* d/control: Standards-Version: 4.6.0=>4.6.2
-- Michael Tokarev <email address hidden> Thu, 09 May 2024 14:47:04 +0300
-
unbound (1.19.2-1) unstable; urgency=medium
* new upstream bugfix release. Closes: CVE-2024-1931,
denial of service when trimming EDE text on positive replies
* d/changelog: add the forgotten Closes for
#1063845, #1051817, #1051818, #1056631 to the previous
changelog entry
-- Michael Tokarev <email address hidden> Thu, 07 Mar 2024 23:35:52 +0300
-
unbound (1.19.1-1) unstable; urgency=medium
* new upstream bugfix release (1.19.1):
o Fix CVE-2023-50387, DNSSEC verification complexity can be exploited
to exhaust CPU resources and stall DNS resolvers
o Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU
* new upstream release (1.19.0)
* d/control: Build-Depends: pkg-config => pkgconf
* d/unbound.lintian-overrides: remove
package-supports-alternative-init-but-no-init.d-script
* d/unbound.lintian-overrides: adjust for /lib=>/usr/lib move
-- Michael Tokarev <email address hidden> Tue, 13 Feb 2024 22:40:40 +0300
-
unbound (1.18.0-2) unstable; urgency=medium
* d/resolvconf-forwards: remove -e (Closes: #1035800), shorten sed expr
* d/changelog: mention #1013957 in previous changelog entry
* d/control, d/rules: switch from libnettle back to libssl once it is
GPL-compatible (#828699 is of no concern anymore). This fixes libunbound
init failure. Also Closes: #1007260
* d/control, d/rules: build daemon with --enable-cachedb --with-libhiredis,
build-depend on libhiredis-dev (Closes: #1014456)
-- Michael Tokarev <email address hidden> Wed, 06 Sep 2023 16:34:32 +0300
-
unbound (1.18.0-1) unstable; urgency=medium
* new upstream release
Closes: #1038243
-- Michael Tokarev <email address hidden> Mon, 04 Sep 2023 09:41:58 +0300
-
unbound (1.17.1-2) unstable; urgency=medium
* unbound-helper: return 0 explicitly in a few places
(Closes: #1019140)
-- Michael Tokarev <email address hidden> Sun, 09 Apr 2023 15:59:14 +0300
-
unbound (1.17.1-1) unstable; urgency=medium
[ Michael Tokarev ]
* new upstream release. Release notes:
This release fixes a number of bugs. There are also new configuration
options that by default do not change the existing behaviour of Unbound.
With `statistics-inhibit-zero` the printout of zero values by stats can
be controlled. Similarly with `max-sent-count` and `max-query-restarts`
the iterator behaviour can be controlled. The maximum CNAME chain length
that is accepted can be changed by increasing the `max-query-restarts`
number. This takes more time to follow those elements.
The keep-cache option allows reloads to change configuration whilst
keeping the cache memory intact, making the cache hot for good response
times after the change has completed.
The release contains an additional fix for service downgrade due to
wrong hash values for wildcards in a hyperlocal zone, that was reported
by Sergey Kacheev.
Features
- Expose 'statistics-inhibit-zero' as a configuration option; the
default value retains Unbound's behavior.
- Expose 'max-sent-count' as a configuration option; the
default value retains Unbound's behavior.
- Merge #461 from Christian Allred: Add max-query-restarts option.
Exposes an internal configuration but the default value retains
Unbound's behavior.
- Merge #569 from JINMEI Tatuya: add keep-cache option to
'unbound-control reload' to keep caches.
Bug Fixes
- Merge #768 from fobser: Arithmetic on a pointer to void is a GNU
extension.
- In unit test, print python script name list correctly.
- testcode/dohclient sets log identity to its name.
- Clarify the use of MAX_SENT_COUNT in the iterator code.
- Fix that cachedb does not store failures in the external cache.
- Merge #767 from jonathangray: consistently use IPv4/IPv6 in
unbound.conf.5.
- Fix to ignore tcp events for closed comm points.
- Fix to make sure to not read again after a tcp comm point is closed.
- Fix #775: libunbound: subprocess reap causes parent process reap
to hang.
- iana portlist update.
- Complementary fix for distutils.sysconfig deprecation in Python 3.10
to commit 62c5039ab9da42713e006e840b7578e01d66e7f2.
- Fix #779: [doc] Missing documentation in ub_resolve_event() for
callback parameter was_ratelimited.
- Ignore expired error responses.
- Merge #720 from jonathangray: fix use after free when
WSACreateEvent() fails.
- Fix for the ignore of tcp events for closed comm points, preserve
the use after free protection features.
- Fix #782: Segmentation fault in stats.c:404.
- Add SVCB and HTTPS to the types removed by 'unbound-control flush'.
- Clear documentation for interactivity between the subnet module and
the serve-expired and prefetch configuration options.
- Fix #773: When used with systemd-networkd, unbound does not start
until systemd-networkd-wait-online.service times out.
- Merge #808: Wrap Makefile script's directory variables in quotes.
- Fix to wrap Makefile scripts directory in quotes for uninstall.
- Fix windows compile for libunbound subprocess reap comm point closes.
- Update github workflows to use checkout v3.
- Fix wildcard in hyperlocal zone service degradation, reported
by Sergey Kacheev.
* lintian-overrides fixes/additions
[ Helmut Grohne ]
* Fix FTCBFS: export _PYTHON_SYSCONFIGDATA_NAME. (Closes: #1024422)
-- Michael Tokarev <email address hidden> Thu, 12 Jan 2023 18:28:54 +0300
-
unbound (1.17.0-1) unstable; urgency=medium
* new upstream release
-- Michael Tokarev <email address hidden> Thu, 13 Oct 2022 14:01:15 +0300
-
unbound (1.16.3-1) unstable; urgency=medium
* new upstream minor release with the following change:
- Patch for CVE-2022-3204 Non-Responsive Delegation Attack
-- Michael Tokarev <email address hidden> Wed, 21 Sep 2022 13:21:43 +0300
-
unbound (1.16.2-1) unstable; urgency=medium
* new upstream minor release with many bugfixes and 2 features.
Closes: #1016493, CVE-2022-30698, CVE-2022-30699
* d/unbound.docs: install doc/Changelog file
* d/copyright: mark debian/patches/* as GPL-2 (#1013957)
(not closing the bug since it is more than d/patches/)
-- Michael Tokarev <email address hidden> Fri, 12 Aug 2022 12:57:33 +0300
-
unbound (1.16.0-2) unstable; urgency=medium
* revert the python path change in previous upload, and set python
module directory explicitly to /usr/lib/python3/dist-packages/.
-- Michael Tokarev <email address hidden> Thu, 02 Jun 2022 19:35:26 +0300
-
unbound (1.15.0-11) unstable; urgency=medium
[ Simon Deziel ]
* d/unbound.postinst: fix configure action to have unbound user/group created
* d/apparmor-profile: use profile name specifier
[ Michael Tokarev ]
* tests/runzones: add 1s delay after starting daemon:
apparently the pid file is created/written too late
-- Michael Tokarev <email address hidden> Sun, 15 May 2022 22:22:19 +0300
-
unbound (1.15.0-10) unstable; urgency=medium
* d/tests/: fix the test to not rely on presence of unbound.pid after
daemon start. Apparently unbound creates the pid file at a wrong time
-- Michael Tokarev <email address hidden> Sun, 08 May 2022 10:17:45 +0300
-
unbound (1.15.0-9) unstable; urgency=medium
* d/apparmor-profile: remove old /var/run/ alternatives for /run
* d/apparmor-profile: allow /etc/unbound/var/lib/unbound/ access too,
for chrooting to upstream-preferred /etc/unbound (Closes: #1010517)
* d/rules: stop explicitly exporting CFLAGS/LDFLAGS, dh_auto_* does this
automatically since dh-compat 9
* d/rules: do not enable --with-lto-server on kfreebsd (this fixes FTBFS)
It is a good candicate for an autoconf test.
* d/rules: add comments for --disable-lto, --with-libbsd
* d/tests/: add simple autopkgtest (verify www.debian.org record with DNSSEC)
-- Michael Tokarev <email address hidden> Sat, 07 May 2022 10:34:09 +0300
-
unbound (1.15.0-8) unstable; urgency=medium
* fix the brown-paper bag bug in the previous upload. I did it again:
it is var += newvalue, not var := newvalue. This made the previous
upload to built without many build options
-- Michael Tokarev <email address hidden> Fri, 29 Apr 2022 18:33:16 +0300
-
unbound (1.15.0-6) unstable; urgency=medium
* actually install the forgotten remote-control.conf.
-- Michael Tokarev <email address hidden> Thu, 28 Apr 2022 20:15:21 +0300
-
unbound (1.15.0-4) unstable; urgency=medium
* d/unbound.conf: move and fix the remote-control section
Move the remote-control section above the include directive so it is
possible to override it there, and fix comment. Do this remote-control
section in unbound.conf directly (instead of in new unbound.conf.d/
fragment), so it is more obvious that the default were flipped and
the default value is changed.
-- Michael Tokarev <email address hidden> Wed, 20 Apr 2022 10:52:26 +0300
-
unbound (1.15.0-3) unstable; urgency=medium
* modify the default unbound.conf to include control-enale: yes so
the remote control is enabled by default even if the default value
is not flipped by a patch (upstream sets it to "no")
* d/control: use the right spelling for Recommends:
-- Michael Tokarev <email address hidden> Wed, 20 Apr 2022 00:37:17 +0300
-
unbound (1.13.1-1.1) unstable; urgency=medium
* Non-maintainer upload
[ Rico Tzschichholz ]
* Cherry-pick upstream commits for Python 3.10 compatibility (Closes:
#1008641)
-- Sebastian Ramacher <email address hidden> Wed, 06 Apr 2022 21:37:02 +0200
-
unbound (1.13.1-1) unstable; urgency=medium
* New upstream version 1.13.1
* debian/gbp.conf: [import-orig] upstream-signatures = True
* Drop debian/patches/0002-Fix-358-Squelch-udp-connect-no-route-to-host-
errors-.patch (included in 1.13.1 release)
* debian/copyright: 2021
-- Robert Edmonds <email address hidden> Tue, 09 Feb 2021 17:53:57 -0500
-
unbound (1.13.0-1) unstable; urgency=medium
* New upstream version 1.13.0
- Fix CVE-2020-28935: PID file vulnerability (Closes: #977165)
* debian/patches/0002-Fix-358-Squelch-udp-connect-no-route-to-host-
errors-.patch: Cherry-pick upstream commit
5906811ff19f005110b2edbda5aa144ad5fa05b1 to suppress UDP connect()
errors on low verbosity
-- Robert Edmonds <email address hidden> Wed, 23 Dec 2020 19:34:24 -0500
-
unbound (1.12.0-1) unstable; urgency=medium
* New upstream version 1.12.0
-- Robert Edmonds <email address hidden> Mon, 19 Oct 2020 00:35:38 -0400
-
unbound (1.11.0-1) unstable; urgency=medium
[ Simon Deziel ]
* systemd: don't create a PID file
* debian/package-helper: mount --bind systemd notify socket into chroot
(Closes: #867187)
[ Robert Edmonds ]
* New upstream version 1.11.0
- Merge PR #241 by Robert Edmonds: contrib/libunbound.pc.in: Do not use
"Requires:". (Closes: #958331)
- Introduce "include-toplevel:" configuration option.
- Adds its own implementation of Frame Streams for dnstap support.
* debian/control: Remove build dependency on libfstrm-dev
* debian/unbound.conf: Use "include-toplevel:" instead of "include:"
(Closes: #950754)
* debian/NEWS: Add entry for 1.11.0-1 regarding the change of
/etc/unbound/unbound.conf to using the "include-toplevel:" directive
* debian/patches/: Refresh patches
-- Robert Edmonds <email address hidden> Sun, 09 Aug 2020 20:57:15 -0400
-
unbound (1.10.1-1) unstable; urgency=high
* New upstream version 1.10.1
- Fix CVE-2020-12662: Unbound can be tricked into amplifying an incoming
query into a large number of queries directed to a target.
- Fix CVE-2020-12663: Malformed answers from upstream name servers can be
used to make Unbound unresponsive.
-- Robert Edmonds <email address hidden> Tue, 19 May 2020 11:36:53 -0400
-
unbound (1.10.0-1) unstable; urgency=medium
[ Robert Edmonds ]
* New upstream version 1.10.0
* Drop debian/patches/0002-Allow-use-of-libbsd-functions-with-configure-
option-.patch (applied upstream)
[ Stuart Prescott ]
* Drop Python 2 module package (Closes: #938752)
-- Robert Edmonds <email address hidden> Sat, 18 Apr 2020 19:29:50 -0400
-
unbound (1.9.6-2) unstable; urgency=medium
* debian/unbound.maintscript: Remove obsolete conffile
/etc/unbound/unbound.conf.d/qname-minimisation.conf (Closes: #950406)
-- Robert Edmonds <email address hidden> Sat, 01 Feb 2020 14:44:39 -0500
-
unbound (1.9.6-1) unstable; urgency=medium
[ Robert Edmonds ]
* New upstream version 1.9.6 (Closes: #948036)
- Fixes 'unbound crashes with "Assertion nread >= 0 failed in
evmap_io_del_"' (Closes: #930699)
- Fixes "unbound: Fails to answer TCP queries due to broken idle-timeout"
(Closes: #946421)
* debian/source/options: Remove 'single-debian-patch' option
* debian/unbound.service: Change ExecReload to send SIGHUP rather than
using unbound-control (Closes: #923314)
* Enable remote-control by default (Closes: #923314)
* Allow use of libbsd functions with configure option --with-libbsd
* Remove "qname-minimisation: yes" config file setting, since this is
now the default (Closes: #915056)
* debian/package-helper: No longer invoke unbound-anchor for root trust
anchor update (Closes: #910675)
* debian/control: Bump Standards-Version to 4.5.0 (no changes)
* debian/control: Remove build dependencies on autotools-dev, dh-
autoreconf
* debian/libunbound8.symbols: Add "* Build-Depends-Package: libunbound-
dev"
* Rename debian/NEWS.Debian -> debian/NEWS
[ Matthew Palmer ]
* Fix insecure use of start-stop-daemon --pidfile (Closes: #941573)
[ Simon Deziel ]
* Install Apparmor profile prior to service startup (Closes: #919511)
[ Debian Janitor ]
* Trim trailing whitespace.
* Drop use of autotools-dev debhelper.
* Bump debhelper from old 9 to 10.
* Set field Upstream-Name in debian/copyright.
-- Robert Edmonds <email address hidden> Sun, 26 Jan 2020 22:45:45 -0500
-
unbound (1.9.4-2) unstable; urgency=medium
* Cherry-pick upstream commit ec021e0d, "fix build with nettle-3.5"
(Closes: #941041)
-- Robert Edmonds <email address hidden> Sat, 26 Oct 2019 08:00:58 -0400
-
unbound (1.9.4-1) unstable; urgency=high
* New upstream version 1.9.4
- Fix CVE-2019-16866: uninitialized memory access when parsing specially
crafted NOTIFY query.
-- Robert Edmonds <email address hidden> Fri, 04 Oct 2019 00:43:19 -0400
-
unbound (1.9.3-1) unstable; urgency=medium
* New upstream version 1.9.3
-- Robert Edmonds <email address hidden> Tue, 27 Aug 2019 14:24:11 -0400
-
unbound (1.9.0-2) unstable; urgency=medium
[ Simon Deziel ]
* Disable chroot'ing (Closes: #921538)
-- Robert Edmonds <email address hidden> Sat, 09 Feb 2019 21:10:52 -0500
-
unbound (1.9.0-1) unstable; urgency=medium
* New upstream version 1.9.0
* Team upload
* Include dpkg/default.mk instead of only buildflags.mk
* Update d/watch to reflect new download location and add signature check
-- Ondřej Surý <email address hidden> Tue, 05 Feb 2019 09:49:04 +0000
-
unbound (1.8.1-1) unstable; urgency=medium
* New upstream version 1.8.1
-- Robert Edmonds <email address hidden> Thu, 08 Nov 2018 16:50:36 -0500
-
unbound (1.8.0-1) unstable; urgency=medium
* New upstream version 1.8.0
* debian/: libunbound2.symbols → libunbound8.symbols
* debian/rules: libunbound2 → libunbound8
* debian/control: libunbound2 → libunbound8
* daemon/daemon.c: Fix systemd service manager state change notification
-- Robert Edmonds <email address hidden> Sat, 15 Sep 2018 16:21:11 -0400
-
unbound (1.7.3-1) unstable; urgency=medium
* New upstream version 1.7.3
- Don't count CNAME response types received during qname minimisation as
query restart. (Closes: #900800)
-- Robert Edmonds <email address hidden> Thu, 21 Jun 2018 12:45:09 -0400
-
unbound (1.7.2-1) unstable; urgency=medium
[ Robert Edmonds ]
* New upstream version 1.7.2
* debian/control: Update Maintainer field (Closes: #899758)
[ Vincent Bernat ]
* daemon/daemon.c: Fix reload hangs with systemd (Closes: #892914)
-- Robert Edmonds <email address hidden> Wed, 20 Jun 2018 17:30:34 -0400
-
unbound (1.7.1-1) unstable; urgency=medium
[ Robert Edmonds ]
* debian/control: Update Vcs-* links to use salsa.debian.org URLs
* New upstream version 1.7.1
[ Simon Deziel ]
* debian/apparmor-profile: Add capabilities to chown/chmod Unix control
socket (Closes: #891705)
* debian/apparmor-profile: Allow reading /var/lib/sss/mc/initgroups
* debian/apparmor-profile: Permit unbound to notify readiness to systemd
(Closes: #867186)
* debian/apparmor-profile: Let unbound r/w anywhere under
/var/lib/unbound (Closes: #882731)
* debian/apparmor-profile: Use attach_disconnected
-- Robert Edmonds <email address hidden> Wed, 23 May 2018 15:41:54 -0400
-
unbound (1.6.7-1) unstable; urgency=medium
* New upstream version 1.6.7
-- Robert Edmonds <email address hidden> Sun, 15 Oct 2017 17:46:46 -0400
-
unbound (1.6.6-1) unstable; urgency=medium
* New upstream version 1.6.6
* debian/control: Drop obsolete build-depends on dh-systemd
* debian/control: Bump Standards-Version to 4.1.1 (no changes)
-- Robert Edmonds <email address hidden> Sat, 07 Oct 2017 00:40:08 -0400
-
unbound (1.6.5-1) unstable; urgency=high
[ Robert Edmonds ]
* New upstream version 1.6.5
- Fix install of trust anchor when two anchors are present, makes both
valid. Checks hash of DS but not signature of new key. This fixes
installs between sep11 and oct11 2017.
* debian/rules: Enable EDNS Client Subnet in daemon
[ Simon Deziel ]
* debian/unbound.service: Set PIDFile= (Closes: #867192)
[ Antony Antony ]
* debian/rules: Enable libevent for libunbound2 API (Closes: #871675)
-- Robert Edmonds <email address hidden> Tue, 22 Aug 2017 22:50:56 -0400
-
unbound (1.6.4-1) unstable; urgency=medium
[ Robert Edmonds ]
* New upstream version 1.6.4
- Fixes 'malformed packet DoS when "use-caps-for-id" enabled'
(Closes: #864730)
* debian/copyright: Use https form of the copyright-format URL
* debian/copyright: Bump NLnet Labs copyright years through 2017
* debian/control: Bump Standards-Version to 4.0.0
* debian/: Enable systemd support
* debian/unbound.service: Use Type=notify process start-up type
(Closes: #866804)
* debian/: Enable experimental pluggable event base libunbound API
(Closes: #859584)
* debian/control: Add Depends on lsb-base to satisfy lintian's
"init.d-script-needs-depends-on-lsb-base"
[ Steve Langasek ]
* debian/control: Build-Depend on python '-dev' packages, not '-all-dev'
(Closes: #864334, #866770)
[ Steven Chamberlain ]
* Allow use of libbsd functions with configure option --with-libbsd
* debian/: Configure with --with-libbsd (Closes: #853751)
-- Robert Edmonds <email address hidden> Mon, 03 Jul 2017 16:30:17 -0400
-
unbound (1.6.0-3) unstable; urgency=medium
* Cherry-pick upstream commit svn r4000, "Include root trust anchor id
20326 in unbound-anchor". (Closes: #855484)
-- Robert Edmonds <email address hidden> Sun, 19 Feb 2017 20:04:34 -0500
-
unbound (1.6.0-2) unstable; urgency=high
[ Helmut Grohne ]
* Only use fake_dsa when HAVE_SSL is defined (Closes: #848339)
-- Robert Edmonds <email address hidden> Sun, 18 Dec 2016 15:00:12 -0500
-
unbound (1.6.0-1) unstable; urgency=medium
[ Robert Edmonds ]
* New upstream version 1.6.0
[ Helmut Grohne ]
* Add pkg.unbound.libonly build profile. (Closes: #847130)
-- Robert Edmonds <email address hidden> Thu, 15 Dec 2016 15:26:15 -0500
-
unbound (1.5.10-3) unstable; urgency=medium
[ Helmut Grohne ]
* Fix FTCBFS: (Closes: #845941)
+ Convert python Build-Depends to cross-friendly ones.
+ Let dh_auto_configure pass --host to ./configure.
-- Robert Edmonds <email address hidden> Sun, 27 Nov 2016 14:41:30 -0500
-
unbound (1.5.10-2) unstable; urgency=medium
* debian/unbound.install: Install usr/sbin/unbound-checkconf
(Closes: #842797)
-- Robert Edmonds <email address hidden> Tue, 01 Nov 2016 16:37:52 -0400
-
unbound (1.5.10-1) unstable; urgency=medium
* New upstream version 1.5.10
- Fixes FTBFS with OpenSSL 1.1.0 (Closes: #828584)
* debian/: Build libunbound against nettle (Closes: #828699)
* debian/: Support Python 3 (Closes: #835972)
* debian/rules: Install libunbound.pc into the libunbound-dev package
* debian/copyright: Update
-- Robert Edmonds <email address hidden> Tue, 04 Oct 2016 03:43:45 -0400
-
unbound (1.5.9-3) unstable; urgency=medium
[ Nicolas Braud-Santoni ]
* debian/: Ship AppArmor profile (Closes: #518002)
* debian/control: Use HTTPS for Vcs-Git link
* debian/unbound.service: Add documentation to the systemd unit file
* debian/control: Bump Standards-Version to 3.9.8 (no changes)
-- Robert Edmonds <email address hidden> Sat, 06 Aug 2016 14:51:52 -0400
-
unbound (1.5.9-2) unstable; urgency=low
* debian/unbound.init: Call start-stop-daemon with --retry for 'stop'
action (based on patch from Julien Cristau)
* debian/: Add unbound.service, unbound-resolvconf.service
(Closes: #826241) (Thanks to Michael Biebl)
* debian/rules: Configure with --with-rootkey-file=/var/lib/unbound/root.key
-- Robert Edmonds <email address hidden> Sun, 24 Jul 2016 19:48:56 -0400
-
unbound (1.5.9-1) unstable; urgency=medium
* Imported Upstream version 1.5.9
- Updated L-Root IPv6 address (Closes: #818292)
* debian/unbound.init: Add "pidfile" magic comment (Closes: #807132)
* debian/libunbound2.symbols: Add new symbol 'ub_ctx_create_ub_event'
* Enable DNS query name minimisation by default
-- Robert Edmonds <email address hidden> Fri, 10 Jun 2016 23:01:15 -0400
-
unbound (1.5.8-1) unstable; urgency=medium
* Imported Upstream version 1.5.8
* debian/libunbound2.symbols: Add new symbol 'ub_ctx_set_stub'
* debian/unbound.postinst: Clean up permissions on the resolvconf
forwarder hook on upgrades (Closes: #816425)
-- Robert Edmonds <email address hidden> Sun, 06 Mar 2016 22:52:28 -0500
-
unbound (1.5.7-2) unstable; urgency=medium
* debian/control: Add dh-python to Build-Depends
* debian/: Install contrib/update-anchor.sh, contrib/unbound_munin_
(Closes: #573329)
* Makefile.in: Pass PYTHON_CPPFLAGS to swig instead of CPPFLAGS (Closes:
#809055)
* debian/: Run "wrap-and-sort -sabt"
* debian/resolvconf: No longer use RESOLVCONF_FORWARDERS from
/etc/default/unbound
* debian/unbound.postinst: Remove unbound-anchor invocation
* debian/package-helper: Add helper script for init scripts and
resolvconf
* debian/unbound.init: Rewrite to use package-helper script
* debian/unbound.default: Remove
* debian/unbound.maintscript: Remove conffile /etc/default/unbound
* debian/resolvconf-package: Add resolvconf packaging-event hook script
(Closes: #777228)
* debian/control: unbound: Depend on dns-root-data, for root trust
anchor updates (Closes: #760461)
* debian/rules: Disable the resolvconf update.d hook by default
* debian/gbp.conf: Remove [dch] id-length
* debian/NEWS.Debian: Add NEWS entry for 1.5.7-2
* debian/unbound.postinst: Always chown /var/lib/unbound (Closes:
#763901)
* debian/package-helper: Invoke unbound-anchor as user/group unbound
* debian/: unbound.doc -> unbound.docs; Actually install upstream docs
* debian/unbound.docs: Install doc/README.DNS64
* debian/unbound.docs: Install debian/NEWS.Debian
* debian/package-helper: Clean old chroot files (Closes: #790392) (Patch
from Simon Deziel)
-- Robert Edmonds <email address hidden> Sun, 21 Feb 2016 16:22:23 -0500
-
unbound (1.5.7-1) unstable; urgency=medium
* [3cf7971b] debian/control: Vcs-Browser should point to cgit
(Closes: #804437)
* [66955294] Imported Upstream version 1.5.7
-- Robert Edmonds <email address hidden> Sat, 12 Dec 2015 14:48:03 -0500
-
unbound (1.5.6-1) unstable; urgency=medium
* [0d5117d5] Imported Upstream version 1.5.4
* [8327e145] Imported Upstream version 1.5.5
* [eb2adc8c] Imported Upstream version 1.5.6
- Closes: #796934, #803042.
* [5a973651] debian/control: Update Maintainer, Uploaders for pkg-dns
* [543459fa] debian/control: Update Vcs-Browser, Vcs-Git
* [b69e513f] debian/: Run "wrap-and-sort -sbt"
* [730f3622] debian/gbp.conf: Add [dch] section
* [6b383656] debian/: Enable dnstap support
-- Robert Edmonds <email address hidden> Sun, 08 Nov 2015 01:26:27 -0500
-
unbound (1.4.22-3) unstable; urgency=medium
* Fix CVE-2014-8602: denial of service by making resolver chase endless
series of delegations; closes: #772622.
-- Robert Edmonds <email address hidden> Tue, 09 Dec 2014 17:52:08 -0500
-
unbound (1.4.22-2) unstable; urgency=medium
* Drop unneeded Build-Dependency on doxygen.
* Drop unneeded Build-Dependency on automake. (Unbound does not use
automake.)
* Use dh_autotools-dev_updateconfig to update the config.{guess,sub} files
at build time; closes: #746313.
-- Robert S. Edmonds <email address hidden> Mon, 18 Aug 2014 16:20:28 -0400
-
unbound (1.4.22-1) unstable; urgency=medium
* New upstream release.
* Drop Build-Dependency on libldns-dev. Unbound no longer relies on
libldns.
-- Robert S. Edmonds <email address hidden> Wed, 12 Mar 2014 13:21:58 -0400
-
unbound (1.4.21-1) unstable; urgency=low
* New upstream release.
* Don't compress the example config file in /usr/share/doc/unbound;
closes: #722708.
* Fully enable hardening options; closes: #709837.
(Patch from Simon Deziel.)
* Add support for .d style configuration in /etc/unbound/unbound.conf.d;
closes: #656549.
* Move auto-trust-anchor-file configuration for the root into the new
/etc/unbound/unbound.conf.d directory.
-- Robert S. Edmonds <email address hidden> Thu, 19 Sep 2013 21:45:39 -0400
-
unbound (1.4.20-1) unstable; urgency=low
* New upstream release.
- Updates IPv4 address hint for D.ROOT-SERVERS.NET; closes: #697351.
* Correct exit code for "/etc/init.d/unbound status"; closes: #685052.
(Patch from micah anderson.)
* Finish dh_python2 conversion; closes: #697575.
(Patch from Micah Gersten.)
* Check for multiarch Python headers; closes: #697576.
(Patch from Micah Gersten.)
* Automatically set up the chroot directory if enabled; closes: #579622.
(Patch from Simon Deziel.)
-- Robert S. Edmonds <email address hidden> Sat, 13 Apr 2013 15:34:47 -0400
-
unbound (1.4.19-1) unstable; urgency=low
* New upstream release.
-- Robert S. Edmonds <email address hidden> Fri, 14 Dec 2012 21:33:42 -0500
-
unbound (1.4.18-1) unstable; urgency=low
* New upstream release.
-- Robert S. Edmonds <email address hidden> Sun, 05 Aug 2012 21:54:05 -0400
-
unbound (1.4.17-2) unstable; urgency=low
* Build-depend on libldns-dev (>= 1.6.13~) for ECDSA support.
-- Robert S. Edmonds <email address hidden> Mon, 28 May 2012 14:19:57 -0400
-
unbound (1.4.17-1) unstable; urgency=low
* New upstream release; closes: #674434.
* Implement 'status' command in init script; closes: #666388.
* Fix build system bug that negated fully hardening the build;
closes: #658021. (Patch from Simon Ruderich.)
* Disable ECDSA support (for now) as this requires a newer ldns than is in
the archive.
-- Robert S. Edmonds <email address hidden> Sun, 27 May 2012 16:41:41 -0400
-
unbound (1.4.16-2) unstable; urgency=low
* Enable hardened build flags; closes: #658021.
-- Robert S. Edmonds <email address hidden> Sat, 21 Apr 2012 15:35:16 -0400
-
unbound (1.4.16-1) unstable; urgency=low
* New upstream release.
-- Robert S. Edmonds <email address hidden> Sun, 05 Feb 2012 20:02:24 -0500
-
unbound (1.4.14-2) unstable; urgency=high
* Work around gcc bugs by disabling link time optimization on build
architectures that are not i386/amd64.
-- Robert S. Edmonds <email address hidden> Wed, 21 Dec 2011 15:52:17 -0500
-
unbound (1.4.14-1) unstable; urgency=high
* New upstream release.
- CVE-2011-4528.
* Call dh_python2 in debian/rules; closes: #652294.
-- Robert S. Edmonds <email address hidden> Mon, 19 Dec 2011 11:00:46 -0500
-
unbound (1.4.13-2) unstable; urgency=low
* Reduce the run-time dependencies of libunbound and the unbound-*
utilities.
-- Robert S. Edmonds <email address hidden> Sat, 29 Oct 2011 16:16:19 -0400
-
unbound (1.4.13-1) unstable; urgency=low
* New upstream release.
* Only install forwarders learned from resolvconf into unbound if
RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #637198.
* Split unbound-anchor utility into separate binary package.
* Support multi-arch.
* Fix FTBFS with dpkg-dev 1.16.1.
-- Robert S. Edmonds <email address hidden> Sun, 23 Oct 2011 16:55:45 -0400
-
unbound (1.4.12-1) unstable; urgency=medium
* New upstream release. -- Robert S. Edmonds <email address hidden> Mon, 18 Jul 2011 15:56:42 -0400
-
unbound (1.4.11-1) unstable; urgency=low
* New upstream release. * Fix FTBFS with default python >> 2.6; closes: #625520. -- Robert S. Edmonds <email address hidden> Sun, 03 Jul 2011 16:32:49 -0400
-
unbound (1.4.10-1) unstable; urgency=low
* New upstream release: - CVE-2011-1922. -- Robert S. Edmonds <email address hidden> Wed, 25 May 2011 15:48:34 -0700
-
unbound (1.4.9-2) unstable; urgency=low
* Build-depend on libldns-dev (>= 1.6.9-2~) for GOST support. * Configure without --disable-gost. -- Robert S. Edmonds <email address hidden> Sun, 03 Apr 2011 14:31:40 -0400
-
unbound (1.4.9-1) unstable; urgency=low
* New upstream release. * Convert packaging to git. * Configure with --with-pythonmodule. * Configure with --with-pyunbound. * Build new python-unbound package; closes: #542094. * Automatically create and remove remote control key material on package configuration and package purge. * Set default remote control port to 53953 to avoid conflicting with the bind9 package's default use of port 953 for rndc. * Securely fetch or update the root trust anchor at postinst and before starting the unbound daemon if ROOT_TRUST_ANCHOR_UPDATE is set in /etc/default/unbound; closes: #594911. * If unbound is listening on a loopback address, provide this address as a nameserver to resolvconf if RESOLVCONF is enabled in /etc/default/unbound; closes: #562031. * Configure resolvconf discovered nameservers as forwarders if RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #567879. * Don't exit from the init script with an error if UNBOUND_ENABLE is not true; default UNBOUND_ENABLE to true if the default file is missing entirely; closes: #618815. * Support /etc/init.d/unbound reload; closes: #620256. -- Robert S. Edmonds <email address hidden> Sat, 02 Apr 2011 22:52:16 -0400
-
unbound (1.4.8-2) unstable; urgency=low
* Add build-dependency on libexpat1-dev; closes: #612261. * Install unbound-anchor utility in unbound package. -- Robert S. Edmonds <email address hidden> Mon, 07 Feb 2011 16:06:00 -0500
-
unbound (1.4.8-1) unstable; urgency=low
* New upstream release; closes: #611527. * Add /etc/insserv.conf.d/unbound file declaring unbound to be a name daemon; closes: #596488, #600118. -- Robert S. Edmonds <email address hidden> Sun, 06 Feb 2011 23:33:04 -0500
-
unbound (1.4.6-1) unstable; urgency=low
* New upstream release.
-- Robert S. Edmonds <email address hidden> Sun, 15 Aug 2010 18:26:43 -0400
-
unbound (1.4.5-1) unstable; urgency=low
* New upstream release.
* Add dependency on openssl to the unbound binary package; closes: #585808.
-- Robert S. Edmonds <email address hidden> Sun, 20 Jun 2010 16:50:42 -0400
-
unbound (1.4.4-1) unstable; urgency=low
* New upstream release.
-- Robert S. Edmonds <email address hidden> Thu, 22 Apr 2010 15:24:06 -0400
-
unbound (1.4.3-1) unstable; urgency=low
* New upstream release.
-- Robert S. Edmonds <email address hidden> Thu, 11 Mar 2010 15:55:33 -0500
-
unbound (1.4.2-1) unstable; urgency=low
* New upstream release.
-- Robert S. Edmonds <email address hidden> Tue, 09 Mar 2010 14:13:31 -0500
-
unbound (1.4.1-2) unstable; urgency=low
* Invoke dh_installinit with --restart-after-upgrade; closes: #563033.
-- Robert S. Edmonds <email address hidden> Tue, 29 Dec 2009 21:54:26 -0500
-
unbound (1.4.0-1) unstable; urgency=low
* New upstream release.
-- Robert S. Edmonds <email address hidden> Fri, 04 Dec 2009 20:32:52 -0800
-
unbound (1.3.4-1) unstable; urgency=low
* New upstream release.
-- Robert S. Edmonds <email address hidden> Wed, 07 Oct 2009 12:59:21 -0400
-
unbound (1.3.3-1) unstable; urgency=low
* New upstream release.
* Drop .la file from libunbound-dev; closes: #541640.
-- Robert S. Edmonds <email address hidden> Sun, 23 Aug 2009 13:25:53 -0400
-
unbound (1.3.2-1) unstable; urgency=low
* New upstream release.
-- Robert S. Edmonds <email address hidden> Mon, 13 Jul 2009 05:50:47 -0400
-
unbound (1.2.1-2) unstable; urgency=low
* Closes: #527753, #509535.
-- Robert S. Edmonds <email address hidden> Sat, 09 May 2009 16:46:32 -0400
-
unbound (1.2.1-1) unstable; urgency=low
* New upstream release.
* Remove init script chroot setup.
-- Robert S. Edmonds <email address hidden> Sat, 28 Feb 2009 19:46:09 -0500
-
unbound (1.0.2-1.2) unstable; urgency=low
* Enable unbound by default (Closes: #508884)
* Call dh_installinit with --error-handler=true (Closes: #500176)
-- Ondřej Surý <email address hidden> Tue, 16 Dec 2008 11:54:15 +0100
-
unbound (1.0.2-1.1) unstable; urgency=low
[ Hideki Yamane (Debian-JP) ]
* debian/{unbound.init,unbound.default}
+ set not start by default, to avoid that port 53 blocking by other name
servers will cause install problems
* debian/unbound.prerm
+ fix lintian "unbound: maintainer-script-hides-init-failure prerm:5" error
[ Ondřej Surý ]
* Non-maintainer upload.
* Minor tweaks to patched init.d file to make it work.
-- Ondřej Surý <email address hidden> Mon, 15 Dec 2008 19:54:44 +0100
-
unbound (1.0.2-1) unstable; urgency=low
* New upstream release;
+ stricter filtering of DNS messages to combat cache poisoning
-- Robert S. Edmonds <email address hidden> Mon, 25 Aug 2008 01:03:59 -0400
