Accepted bind9 1:9.8.4.dfsg.P1-6+nmu1~bpo60+1 (source all i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 15 Apr 2013 09:42:52 +0200
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-80 libdns88 libisc84 liblwres80 libisccc80 libisccfg82 dnsutils lwresd
Architecture: source all i386
Version: 1:9.8.4.dfsg.P1-6+nmu1~bpo60+1
Distribution: squeeze-backports
Urgency: high
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
host - Transitional package
libbind-dev - Static Libraries and Headers used by BIND
libbind9-80 - BIND9 Shared Library used by BIND
libdns88 - DNS Shared Library used by BIND
libisc84 - ISC Shared Library used by BIND
libisccc80 - Command Channel Library used by BIND
libisccfg82 - Config File Handling Library used by BIND
liblwres80 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Closes: 58353 84572 85450 85457 85481 85627 85717 85718 86718 86759 86776 86836 86910 87208 89526 90150 90159 90752 90783 90994 96483 99352 99824 100647 100898 101568 103429 103630 103855 103865 107835 108220 108243 111935 112266 114250 119506 120657 120946 121050 121108 122227 123426 123428 123969 124058 126236 127395 129576 129849 130372 130445 135774 136686 139602 140174 143443 148695 149059 149259 149580 151342 151431 151579 151957 160483 163073 163552 164349 164352 165864 167818 168912 169132 169531 169622 169727 170267 178186 179353 182363 183791 184788 186569 190742 199255 200253 201293 202981 204282 205590 209022 209563 209853 210063 210293 210653 211373 211412 211503 211590 211752 212226 212243 212659 214460 217829 218007 220735 221419 230088 234278 236901 239665 240874 241605 243109 245043 248771 252232 252285 262720 266891 269157 275412 297219 298100 331090 333841 342957 354192 356914 360339 372203 382438 386091 386224 386237 386245 387437 393359 395191 395834 4064
09 408925 411881 419750 428015 430065 435194 435225 448006 449148 453765 459421 459551 462783 464111 470500 473460 480317 483872 483911 485747 486185 486191 486194 486196 486215 486267 486325 486337 486479 486481 486503 486547 486969 488905 490027 490630 491369 492048 492308 492418 492425 492564 492587 492949 493392 493775 496954 497040 497959 499977 501103 501365 501800 506856 507013 511768 511936 512285 515074 515110 516549 516616 516979 520179 523454 527137 527613 527877 528772 536487 538975 539230 540973 541469 542888 570852 572443 572528 572606 577398 578210 578447 579421 584603 588055 589916 597171 597616 599431 608559 612287 619302 620007 632006 632016 634886 634951 647598 651540 654454 657042 658201 661040 668801 683259 689332 692416 695192 696661 697352 697681 698641 699145 704174
Changes:
bind9 (1:9.8.4.dfsg.P1-6+nmu1~bpo60+1) squeeze-backports; urgency=low
.
* Rebuild for squeeze-backports.
.
bind9 (1:9.8.4.dfsg.P1-6+nmu1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix cve-2012-5689: issue in nameservers using DNS64 to perform a AAAA
lookup for a record with an A record overwrite rule in a Response Policy
Zone (closes: #699145).
* Fix cve-2013-2266: issues in regular expression handling (closes: #704174).
.
bind9 (1:9.8.4.dfsg.P1-6) unstable; urgency=low
.
[Ben Hutchings]
.
* Initialise OpenSSL before calling chroot(). Closes: #696661
.
bind9 (1:9.8.4.dfsg.P1-5) unstable; urgency=low
.
[LaMont Jones]
.
* Properly acknowledge 1:9.8.1.dfsg.P1-4.4: [Philipp Kern]
- Fix CVE-2012-4244. Thanks to Moritz Mühlenhoff for providing the patch.
.
[Paul Vixie]
.
* Include rpz/rrl patches from http://www.redbarn.org/dns/ratelimits.
Closes: #698641
.
bind9 (1:9.8.4.dfsg.P1-4) unstable; urgency=high
.
* The rest of the dnssec validation logspam removal. Closes: #697681
.
bind9 (1:9.8.4.dfsg.P1-3) unstable; urgency=low
.
[Marc Deslauriers]
.
* debian/bind9.apport: Add AppArmor info and logs to apport hook.
.
[LaMont Jones]
.
* Reduce log level for "sucessfully validated after lower casing" dnssec
based on mail from Mark Andrews. Closes: #697681
* remove /var/lib/bind/bind9-default.md5sum in postrm
* remove /etc/bind/named.conf.options on purge. Closes: #668801
.
bind9 (1:9.8.4.dfsg.P1-2) unstable; urgency=low
.
[Michael Gilbert]
.
* Use /var/lib/bind for state file. Closes: #689332
.
[LaMont Jones]
.
* Re-enable dlopen, do not build the test that fails. Closes: #692416
* Update db.root with new IP for D.root-servers.net. Closes: #697352
.
bind9 (1:9.8.4.dfsg.P1-1) unstable; urgency=low
.
* Named could die on specific queries with dns64 enabled.
[Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
CVE-2012-5688 Closes: #695192
.
bind9 (1:9.8.4.dfsg-1) unstable; urgency=low
.
[Matthew Grant]
.
* Turn off dlopen as it was causing test compile failures.
* Add missing library .postrm files for debhelper
.
[LaMont Jones]
.
* New upstream version
* soname fixup
* Ack NMUs
.
bind9 (1:9.8.1.dfsg.P1-4.4) testing-proposed-updates; urgency=low
.
* Non-maintainer upload.
* Fix CVE-2012-4244. Thanks to Moritz Mühlenhoff for providing
the patch.
.
bind9 (1:9.8.1.dfsg.P1-4.3) unstable; urgency=medium
.
[ Philipp Kern ]
* Non-maintainer upload.
.
[ Marc Deslauriers ]
* SECURITY UPDATE: denial of service via specific combinations of RDATA
- bin/named/query.c: fix logic
- Patch backported from 9.8.3-P4
- CVE-2012-5166
.
bind9 (1:9.8.1.dfsg.P1-4.2) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix denial of service vulnerability triggered
through an assert because of using bad cache
(CVE-2012-3817; Closes: #683259).
.
bind9 (1:9.8.1.dfsg.P1-4.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* SECURITY UPDATE: ghost domain names attack
- lib/dns/rbtdb.c: Restrict the TTL of NS RRset to no more than that
of the old NS RRset when replacing it.
- Patch backported from 9.8.2.
- CVE-2012-1033
* SECURITY UPDATE: denial of service via zero length rdata handling
- lib/dns/rdata.c,lib/dns/rdataslab.c: use sentinel pointer for
duplicate rdata.
- Patch backported from 9.8.3-P1.
- CVE-2012-1667
.
bind9 (1:9.8.1.dfsg.P1-4) unstable; urgency=low
.
[Christoph Egger]
.
* define _GNU_SOURCE on kfreebsd et al. Closes: #658201
.
[LaMont Jones]
.
* chmod typo in postinst. LP: #980798
* Correctly order debhelper bits in postrm. Closes: #661040
.
bind9 (1:9.8.1.dfsg.P1-3) unstable; urgency=low
.
[Zlatan Todoric]
.
* fixed Serbian latin translation of debconf template. Closes: #634951
.
[Peter Eisentraut]
.
* Add support for "status" action to lwresd init script. Closes: #651540
.
[Bjørn Steensrud]
.
* NB Translations. Closes: #654454
.
[LaMont Jones]
.
* Default to run_resolvconf=false. LP: #933723
* Deliver named.conf.options on fresh install. Closes: #657042 LP: #920202
* Do not deliver /usr/share/bind9/bind9-default.md5sum in the bind9 deb.
Closes: #620007 LP: #681536
* Deliver and use /etc/apparmor.d/local/usr.sbin.named for local overrides.
LP: #929563
.
bind9 (1:9.8.1.dfsg.P1-2) unstable; urgency=low
.
* Deliver named.conf.options on fresh install. Closes: #657042 LP: #920202
.
bind9 (1:9.8.1.dfsg.P1-1) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* 9.8.1-P1
- Cache lookup could return RRSIG data associated with nonexistent
records, leading to an assertion failure.
.
[LaMont Jones]
.
* add a readme entry for DNSSEC-by-default
* Failed to install due to chgrp on non-existant directory. Closes: #647598
* ack NMU: l10n issues
.
bind9 (1:9.8.1.dfsg-1.1) unstable; urgency=low
.
* Non-maintainer upload.
* Fix pending l10n issues. Debconf translations:
- Danish (Joe Hansen). Closes: #619302
- Korean (강민지). Closes: #632006, #632016
- Serbian (FULL NAME). Closes: #634886
.
bind9 (1:9.8.1.dfsg-1) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* New upstream release
.
[LaMont Jones]
.
* cleanup the messages around killing named
* enable dnssec validation: deliver named.conf.options outside of
conffiledom, and update if able, complain and do not update if not
Closes: #516979
* typo in min-ncache-ttl processing
* disable dlz until we get a patch to make it build again
.
[Jay Ford]
.
* Fix "waiting for pid $pid to die" loop to not be infinite. Closes: #570852
.
bind9 (1:9.8.0.dfsg.P1-0) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* 9.8.0-P1
.
[LaMont Jones]
.
* soname changes
.
bind9 (1:9.7.4.dfsg-0) unstable; urgency=low
.
* New upstream
.
bind9 (1:9.7.3.dfsg-1ubuntu4) oneiric; urgency=low
.
* debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)
.
bind9 (1:9.7.3.dfsg-1ubuntu3) oneiric; urgency=low
.
* SECURITY UPDATE: denial of service via specially crafted packet
- lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
flag to indicate negative-cache records rather than using rrtype 0.
- Patch backported from 9.7.3-P3.
- CVE-2011-2464
.
bind9 (1:9.7.3.dfsg-1ubuntu2.1) natty-security; urgency=low
.
* SECURITY UPDATE: denial of service via off-by-one
- lib/dns/ncache.c: correctly validate length.
- Patch backported from 9.7.3-P1.
- CVE-2011-1910
.
bind9 (1:9.7.3.dfsg-1ubuntu2) natty; urgency=low
.
* debian/rules, configure, contrib/dlz/config.dlz.in: use
DEB_HOST_MULTIARCH so we can find multiarch libraries and fix FTBFS.
(LP: #745642)
.
bind9 (1:9.7.3.dfsg-1ubuntu1) natty; urgency=low
.
* debian/bind9-default.md5sum:
- updated to reflect the default md5sum in maverick and natty, this
avoids a bogus /etc/default/bind9.dpkg-dist file
(LP: #556332)
.
bind9 (1:9.7.3.dfsg-1) unstable; urgency=low
.
[Peter Palfrader]
.
* Add db-4.6 to bdb_libnames in dlz/config.dlz.in so that it finds the right
db.
.
[Internet Systems Consortium, Inc]
.
* 9.7.3 - Closes: #612287
.
[Mahyuddin Susanto]
.
* Updated Indonesian debconf templates. Closes: #608559
.
[LaMont Jones]
.
* soname changes
.
bind9 (1:9.7.3.dfsg~rc1-1) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* New upstream
.
[Peter Palfrader]
.
* Add db-4.6 to bdb_libnames in dlz/config.dlz.in so that it finds the right
db.
.
[Mahyuddin Susanto]
.
* Updated Indonesian debconf templates. Closes: #608559
.
[LaMont Jones]
.
* soname changes for new upstream
.
bind9 (1:9.7.2.dfsg.P3-1) unstable; urgency=high
.
[ISC]
* Fix denial of service via ncache entry and a rrsig for the
same type (CVE-2010-3613)
* answers were incorrectly marked as insecure during key algorithm
rollover (CVE-2010-3614)
* Using "allow-query" in the "options" or "view" statements to
restrict access to authoritative zones had no effect.
(CVE-2010-3615)
.
[LaMont Jones]
.
* Adjust indentation for dpkg change. Closes: #597171
.
bind9 (1:9.7.2.dfsg.P2-3) unstable; urgency=low
.
[LaMont Jones]
.
* Adjust indentation for dpkg change. Closes: #597171
* acknowledge and incorporate ubuntu change.
.
bind9 (1:9.7.2.dfsg.P2-2ubuntu1) natty; urgency=low
.
[ Andres Rodriguez ]
* Add apport hook (LP: #533601):
- debian/bind9.apport: Added.
.
[ Martin Pitt ]
* debian/rules: Install Apport hook when building on Ubuntu.
.
bind9 (1:9.7.2.dfsg.P2-2) unstable; urgency=low
.
[Roy Jamison]
.
* lib/isc/unix/resource.c was missing inttypes.h include. LP: #674199
.
bind9 (1:9.7.2.dfsg.P2-1) unstable; urgency=low
.
[Joe Dalton]
.
* Add Danish translation of debconf templates. Closes: #599431
.
[Internet Software Consortium, Inc]
.
* v9.7.2-P2
.
[José Figueiredo]
.
* Add Brazilian Portuguese debconf templates translation. Closes: #597616
.
[LaMont Jones]
.
* drop this v3 (quilt) source format idea. Closes: #589916
.
bind9 (1:9.7.1.dfsg.P2-2) unstable; urgency=low
.
* Correct conflicts for bind9-host
.
bind9 (1:9.7.1.dfsg.P2-1) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* Temporarily and partially disable change 2864 because it would cause
inifinite attempts of RRSIG queries. This is an urgent care fix; we'll
revisit the issue and complete the fix later. [RT #21710]
* Temporarially rollback change 2748. [RT #21594]
* Named failed to accept uncachable negative responses from insecure zones.
[RT# 21555]
.
[LaMont Jones]
.
* freshen copyright file
.
bind9 (1:9.7.1.dfsg.0-1) unstable; urgency=low
.
* Repack to drop zkt/doc/{draft,rfc}* Closes: #588055
.
bind9 (1:9.7.1.dfsg-2) unstable; urgency=low
.
[Regid Ichira]
.
* explicitly add nsupdate to dynamic updates in README.Debian.
Closes: #577398
.
[LaMont Jones]
.
* Cleanup bind9-host description. Closes: #579421
* switch to 3.0 (quilt) source format, but not to quilt. Closes: #578210
.
[Stephen Gran]
.
* updated geoip patch for ipv6, based on work by John 'Warthog9' Hawley
<warthog9@eaglescrag.net>. Closes: #584603
.
bind9 (1:9.7.1.dfsg-1) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* 9.7.1
.
[LaMont Jones]
.
* Add freebsd support. Closes: #578447
* soname changes
* freshen root cache. LP: #596363
.
bind9 (1:9.7.0.dfsg.P1-1) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* 9.7.0-P1
- 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]
.
bind9 (1:9.7.0.dfsg.1-1) unstable; urgency=low
.
[Niko Tyni]
.
* fix mips/mipsel startup. Closes: #516616
.
[LaMont Jones]
.
* ignore failures due to a lack of /etc/bind/named.conf*. LP: #422968
* ldap API changed regarding % sign. LP: #227344
* Drop more rfc and draft files. Closes: #572606
* update config.guess, config.sub. Closes: #572528
.
bind9 (1:9.7.0.dfsg-2) unstable; urgency=low
.
[Aurelien Jarno]
.
* kfreebsd has linux threads. Closes: #470500
.
[LaMont Jones]
.
* do not error out on initial install. Closes: #572443
.
bind9 (1:9.7.0.dfsg-1) unstable; urgency=low
.
* New upstream release
.
bind9 (1:9.7.0.dfsg~rc2-1) experimental; urgency=low
.
* New upstream release
.
bind9 (1:9.7.0.dfsg~b3-2) experimental; urgency=low
.
* merge changes from 9.6.1.dfsg.P2-1
* meta: drop verisoned depends from library packages, for less upgrade pain
* apparmor: allow named to create /var/run/named/session.key
.
bind9 (1:9.7.0.dfsg~b3-1) experimental; urgency=low
.
[Internet Software Consortium, Inc]
.
* 9.7.0b3
.
[LaMont Jones]
.
* Merge remote branch 'origin/master'
* soname changes
.
bind9 (1:9.6.1.dfsg.P2-1) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* 9.6.1-P2
- When validating, track whether pending data was from the
additional section or not and only return it if validates
as secure. [RT #20438] CVE-2009-4022
.
[LaMont Jones]
.
* prerm: do not stop named on upgrade. Closes: #542888
* Drop some RFCs that crept into the diff.
* meta: add ${misc:Depends}
* lintian: update config.guess, config.sub in idnkit-1.0 tree
* dnsutils: remove pre-sarge dpkg-divert calls in postinst
* meta: soname changes
* l10n: missing newline in pofile.
.
bind9 (1:9.7.0.dfsg~b2-2) experimental; urgency=low
.
* dnsutils: remove pre-sarge dpkg-divert calls in postinst
.
bind9 (1:9.7.0.dfsg~b2-1) experimental; urgency=low
.
[Internet Software Consortium, Inc]
.
* 9.7.0b2
.
[LaMont Jones]
.
* /etc/bind/bind.keys need not be executable.
* bind9: drop old stale code from postinst
* prerm: do not stop named on upgrade. Closes: #542888
* Drop some RFCs that crept into the diff.
* meta: add ${misc:Depends}
* lintian: update config.guess, config.sub in idnkit-1.0 tree
* l10n: missing newline in pofile.
.
bind9 (1:9.7.0~a1.dfsg-0) experimental; urgency=low
.
[Internet Software Consortium, Inc]
.
* 9.7.0a1
.
bind9 (1:9.6.1.dfsg.P1-3) unstable; urgency=low
.
* Build-Depend on the fixed libgeoip-dev. Closes: #540973
.
bind9 (1:9.6.1.dfsg.P1-2) unstable; urgency=low
.
[Jamie Strandboge]
.
* reload individual named profile, not all of apparmor. LP: #412751
.
[Guillaume Delacour]
.
* bind9 did not purge cleanly. Closes: #497959
.
[LaMont Jones]
.
* postinst: do not append a blank line to /etc/default/bind9.
Closes: #541469
* init.d stop needs to not error out. LP: #398033
* meta: fix build-depends. Closes: #539230
.
bind9 (1:9.6.1.dfsg.P1-1) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* A specially crafted update packet will cause named to exit.
CVE-2009-0696, CERT VU#725188. Closes: #538975
.
[InterNIC]
.
* Update db.root hints file.
.
[LaMont Jones]
.
* Move default zone definitions from named.conf to named.conf.default-zones.
Closes: #492308
* use start-stop-daemon if rndc stop fails. Closes: #536487
* lwresd: pidfile name was wrong in init script. Closes: #527137
.
bind9 (1:9.6.1.dfsg-2) unstable; urgency=low
.
* ia64: fix atomic.h
.
bind9 (1:9.6.1.dfsg-1) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* 9.6.1
.
bind9 (1:9.6.0.dfsg.P1-3) unstable; urgency=low
.
[Martin Zobel-Helas]
.
* GEO-IP Patch from
git://git.kernel.org/pub/scm/network/bind/bind-geodns.git. Closes: #395191
.
[LaMont Jones]
.
* Remove /var/lib/bind on purge. Closes: #527613
* Build-Depend: libdb-dev (>4.6). Closes: #527877, #528772
* init.d: detect rndc errors better. LP: #380962
* init.d: clean up exit status. Closes: #523454
* Enable pkcs11 support, and then Revert - causes assertion failures
c.f.: #516552
.
bind9 (1:9.6.0.dfsg.P1-2) unstable; urgency=low
.
* random_1 broke memory usage assertions.
.
bind9 (1:9.6.0.dfsg.P1-1) experimental; urgency=low
.
[Michael Milligan]
.
* Add min-cache-ttl and min-ncache-ttl keywords
.
[LaMont Jones]
.
* Fix merge errors from 9.6.0.dfsg.P1-0
.
bind9 (1:9.6.0.dfsg.P1-0) experimental; urgency=low
.
[Internet Software Consortium, Inc]
.
* 9.6.0-P1
.
[LaMont Jones]
.
* meta: fix override disparity
* meta: soname package fixups for 9.6.0
* meta: update Standards-Version: 3.7.3.0
* upstream now uses a bind subdir. Closes: #212659
.
[Sven Joachim]
.
* meta: pass host and build into configure for hybrid build machines.
Closes: #515110
.
bind9 (1:9.5.1.dfsg.P1-3) unstable; urgency=low
.
* package -2 for unstable
.
bind9 (1:9.5.1.dfsg.P1-2) stable; urgency=low
.
[Juhana Helovuo]
.
* fix atomic operations on alpha. Closes: #512285
.
[Dann Frazier]
.
* fix atomic operations on ia64. Closes: #520179
.
[LaMont Jones]
.
* build-conflict: libdb4.2-dev. Closes: #515074, #507013
.
[localization folks]
.
* l10n: Basque debconf template. Closes: #516549 (Piarres Beobide)
.
bind9 (1:9.5.1.dfsg.P1-1) unstable; urgency=low
.
* New upstream patch release
- supportable version of fix from 9.5.0.dfsg.P2-5.1
- CVE-2009-0025: Closes: #511936
- 2475: Overly agressive cache entry removal. Closes: #511768
- other bug fixes worthy of patch-release inclusion
.
bind9 (1:9.5.0.dfsg.P2-5.1) unstable; urgency=low
.
* Non-maintainer upload.
* Apply upstream ACL fixes from 9.5.1 to fix RC bug. Patch was provided
by Evan Hunt (upstream bind9 developer) after Emmanuel Bouthenot
contacted him. Closes: #496954, #501800.
* Remove obsolete dh_installmanpages invocation which was adding
unwanted manual pages to bind9. Closes: #486196.
.
bind9 (1:9.5.0.dfsg.P2-5) unstable; urgency=low
.
[ISC]
.
* 2463: IPv6 Advanced Socket API broken on linux. LP: #249824
.
[Jamie Strandboge]
.
* apparmor: add capability sys_resource
* apparmor: add krb keytab access. LP: #277370
.
[LaMont Jones]
.
* apparmor: allow proc/*/net/if_inet6 read access too. LP: #289060
* apparmor: add /var/log/named/* entries. LP: #294935
.
[Ben Hutchings]
.
* meta: Add dependency of bind9 on net-tools (ifconfig used in init script)
* meta: Fix bind9utils Depends.
* meta: fix typo in package description
.
[localization folks]
.
* l10n: add polish debconf translations. Closes: #506856 (L)
.
bind9 (1:9.5.0.dfsg.P2-4) unstable; urgency=low
.
* meta: fix typo in Depends: lsb-base. Closes: #501365
.
bind9 (1:9.5.0.dfsg.P2-3) unstable; urgency=low
.
[LaMont Jones]
.
* enable largefile support. Closes: #497040
.
[localization folks]
.
* l10n: Dutch translation. Closes: #499977 (Paul Gevers)
* l10n: simplified chinese debconf template. Closes: #501103 (LI Daobing)
* l10n: Update spanish template. Closes: #493775 (Ignacio Mondino)
.
bind9 (1:9.5.0.dfsg.P2-2) unstable; urgency=low
.
[Kees Cook]
.
* debian/{control,rules}: enable PIE hardening (from -1ubuntu1)
.
[Nicolas Valcárcel]
.
* Add ufw integration (from -1ubuntu2)
.
[Dustin Kirkland]
.
* use pid file in init.d/bind9 status. LP: #247084
.
[LaMont Jones]
.
* dig: add -DDIG_SIGCHASE to compile options. LP: #257682
* apparmor profile: add /var/log/named
.
[Nikita Ofitserov]
.
* ipv6 support requires _GNU_SOURCE definition. LP: #249824
.
bind9 (1:9.5.0.dfsg.P2-1) unstable; urgency=low
.
[LaMont Jones]
.
* default to using resolvconf if it is installed
* fix sonames and dependencies. Closes: #149259, #492418
* Do not build-depend libcap2-dev on non-linux. Closes: #493392
* drop unused query-loc manpage. Closes: #492564
* lwresd: Deliver /etc/bind directory. Closes: #490027
* fix query-source comment in default install
.
[Internet Software Consortium, Inc]
.
* 9.5.0-P2. Closes: #492949
.
[localization folks]
.
* l10n: Spanish debconf translation. Closes: #492425 (Ignacio Mondino)
* l10n: Swedish debconf templates. Closes: #491369 (Martin Ågren)
* l10n: Japanese debconf translations. Closes: #492048 (Hideki Yamane
(Debian-JP))
* l10n: Finnish translation. Closes: #490630 (Esko Arajärvi)
* l10n: Italian debconf translations. Closes: #492587 (Alessandro Vietta)
.
bind9 (1:9.5.0.dfsg.P1-2) unstable; urgency=low
.
* Revert "meta: merge the mess of single-lib packages back into one large
one." - That way lies madness and pain.
* init.d/bind9: implement status function. LP: #203169
.
bind9 (1:9.5.0.dfsg.P1-1) unstable; urgency=low
.
* Repackage 9.5.0.dfsg-5 with the -P1 tarball.
.
bind9 (1:9.5.0.dfsg-5) unstable; urgency=low
.
[Internet Software Consortium, Inc]
.
* Randomize UDP query source ports to improve forgery resilience.
(CVE-2008-1447)
.
[LaMont Jones]
.
* add build-depends: texlive-latex-base, xsltproc, remove Bv9ARM.pdf in clean
* fix sonames
* drop unneeded build-deps, since we do not actually deliver B9vARM.pdf
* meta: cleanup libbind9-41 Provides/Conflicts
* build: fix sonames for new libraries
* postinst: really restart bind/lwresd in postinst
.
bind9 (1:9.5.0.dfsg-4) unstable; urgency=low
.
[LaMont Jones]
.
* control: fix dnsutils description to avoid list reformatting.
Closes: #480317
* lwresd: restart in postinst. Closes: #486481
* meta: merge the mess of single-lib packages back into one large one.
* apparmor: allow bind to create files in /var/{lib,cache}/bind
* build: drop .la files. Closes: #486969
* build: drop the extra lib path from the library-package merge
* meta: liblwres40 does not conflict with the libbind9-40-provided libbind0
.
[localization folks]
.
* l10n: German debconf translation. Closes: #486547 (Helge Kreutzmann)
* l10n: Indonesian debconf translations. Closes: #486503 (Arief S Fitrianto)
* l10n: Slovak po-debconf translation Closes: #488905 (helix84)
* l10n: Turkish debconf template. Closes: #486479 (Mert Dirik)
.
bind9 (1:9.4.2-12) unstable; urgency=low
.
* apparmor: allow bind to create files in /var/{lib,cache}/bind
.
bind9 (1:9.4.2-11) unstable; urgency=low
.
* apparmor: add dnscvsutil package files
* lwresd Depends: adduser
* control: fix dnsutils description to avoid list reformatting.
Closes: #480317
.
bind9 (1:9.5.0.dfsg-3) unstable; urgency=low
.
[LaMont Jones]
.
* bind9utils Depends: libbind9-40. Closes: #486194
* bind9 should not deliver manpages for nonexistant binaries.
Closes: #486196
.
[localization folks]
.
* l10n: Vietnamese debconf templates translation update. Closes: #486185
(Clytie Siddall)
* l10n: Russian debconf templates translation. Closes: #486191 (Yuri Kozlov)
* l10n: Galician debconf template. Closes: #486215 (Jacobo Tarrio)
* l10n: French debconf templates. Closes: #486325 (CALARESU Luc)
* l10n: Czech debconf translation. Closes: #486337 (Miroslav Kure)
* l10n: Updated Portuguese translation. Closes: #486267 (Traduz -
Portuguese Translation Team)
.
bind9 (1:9.5.0.dfsg-2) unstable; urgency=low
.
[Tim Spriggs]
.
* init.d: Nexenta has different ifconfig arguments
.
[LaMont Jones]
.
* templates rework from debian-l10n-english
* reload named when an interface goes up or down. LP: #226495
* build: need to create the directories for interface restart triggering
* Build-Depends: libcap2-dev. Closes: #485747
* Leave named running during update. Closes: #453765
* Fix path to uname, cleaning up the nexenta checks.
* l10n: avoid double-question in templates.
.
[localization folks]
.
* l10n: Vietnamese debconf translations. Closes: #483911 (Clytie Siddall)
* l10n: Portuguese debconf translations. Closes: #483872 (Traduz -
Portuguese Translation Team)
.
bind9 (1:9.5.0.dfsg-1) unstable; urgency=low
.
[LaMont Jones]
.
* manpages: fix references that should say /etc/bind
* meta: build-depend libxml2-dev for statistics support
.
bind9 (1:9.5.0.dfsg-0) experimental; urgency=low
.
[Internet Software Consortium, Inc]
.
* 9.5.0 release
.
[LaMont Jones]
.
* Only use capabilities if they are present: reprise. Closes: #360339, #212226
* control: fix dnsutils description to avoid list reformatting. Closes: #480317
* build: use the correct directories in dh_shlibdeps invocation
* build: turn on dlz. No pgsql or mysql support yet. LP: #227344
.
bind9 (1:9.5.0~rc1-2~0ubuntu2) intrepid; urgency=low
.
* build: use the correct directories in dh_shlibdeps invocation
* build: turn on dlz. LP: #227344
.
bind9 (1:9.5.0~rc1-2~0ubuntu1) intrepid; urgency=low
.
* Upload what will become (maybe an ancestor of) -2 to intrepid.
- Only use capabilities if they are present: reprise. Closes: #360339, #212226
- control: fix dnsutils description to avoid list reformatting. Closes: #480317
.
bind9 (1:9.5.0~rc1-1) experimental; urgency=low
.
[Patrick Winnertz]
.
* postinst: make add debconf support. Closes: #473460
.
[Jamie Strandboge]
.
* debian/bind9.preinst: Apparmor force-complain on upgrade without
existing profile. LP: #204658
.
[LaMont Jones]
.
* bind9utils: fix typos in .install
* host: manpage inaccurately describes default query. LP: #203087
* apparmor: add dnscvsutil package files
* Revert "Only use capabilities if they are present." for merge of 9.5.0rc1.
* soname: libdns41 -> 42
* fix typos in debconf patch, #473460
* cleanup more files in clean target
* lwresd Depends: adduser
.
bind9 (1:9.5.0~b2-2) experimental; urgency=low
.
* meta: add bind9utils binary package, with various useful utilities. Closes: #151957, #130445, #160483
.
bind9 (1:9.4.2-10) unstable; urgency=low
.
[Jamie Strandboge]
.
* debian/bind9.preinst: AA force-complain on upgrade without existing
profile. LP: #204658
.
[LaMont Jones]
.
* host: manpage inaccurately describes default query. LP: #203087
.
bind9 (1:9.4.2-9) unstable; urgency=low
.
* apparmor: allow subdirs in {/etc,/var/cache,/var/lib}/bind
* apparmor: make profile match README.Debian
.
bind9 (1:9.4.2-8) unstable; urgency=low
.
[ISC]
.
* CVE-2008-0122: off by one error in (unused) inet_network function.
Closes: #462783 LP: #203476
.
[Michael Milligan]
.
* Fix min-cache-ttl and min-ncache-ttl keywords
.
[Jamie Strandboge]
.
* apparmor: force complain-mode for apparmor on certain upgrades. LP: #203528
* debian/bind9.postrm: purge /etc/apparmor.d/force-complain/usr.sbin.named
.
bind9 (1:9.4.2-7) unstable; urgency=low
.
[Jamie Strandboge]
.
* Allow rw access to /var/lib/bind/* in apparmor-profile. LP: #201954
.
[LaMont Jones]
.
* Drop root-delegation comments from named.conf. Closes: #217829, #297219
.
bind9 (1:9.4.2-6) unstable; urgency=low
.
* Correct apparmor profile filename. LP: #200739
.
bind9 (1:9.4.2-5) unstable; urgency=low
.
* add "order random_1" support (return one random RR)
* Fix doc pathnames in README.Debian. Closes: #266891
* Add AAAA ::1 entry to db.local. Closes: #230088
.
bind9 (1:9.5.0~b2-1) experimental; urgency=low
.
[Thiemo Seufer]
.
* mips:atomic.h: improve implementation of atomic ops, fix mips{el,64}
.
[LaMont Jones]
.
* manpages: call it /etc/bind/named.conf throughout, and typos. Closes: #419750
* named.conf.5: correct filename. Closes: #428015
* manpages: fix typo errors. Closes: #395834
* Makefile.in: be explicit about library paths
* build: Turn on GSS-TSIG support. LP: #158197
* build: soname changes
* db.root: include AAAA RRs. Closes: #464111
* soname: lib{dns,isc}40 -> 41
* meta: use binary:Version instead of Source-Version
.
[Andreas John]
.
* Only use capabilities if they are present. Closes: #360339, #212226
.
bind9 (1:9.4.2-4) unstable; urgency=low
.
* incorporate ubuntu apparmor change from Jamie Strandboge,
with changes:
- Add apparmor profile, reload apparmor profile on config
- Add a note about apparmor to README.Debian
- conflicts/replaces old apparmor versions
* db.root: include AAAA RRs. Closes: #464111
* Don't die when /var/lib/bind already exists. LP: #191685
* build: turn on optimization. Closes: #435194
.
bind9 (1:9.4.2-3ubuntu1) hardy; urgency=low
.
* add AppArmor profile
+ debian/apparmor-profile
+ debian/bind9.postinst: Reload AA profile on configuration
* updated debian/README.Debian for note on AppArmor
* debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
should now take control
* debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
to make sure that if earlier version of apparmor-profiles gets installed
it won't overwrite our profile
* Modify Maintainer value to match the DebianMaintainerField
specification.
.
bind9 (1:9.4.2-3) unstable; urgency=low
.
* don't run rndc-confgen when it's not there. Closes: #459551
* control: drop use of ${Source-Version}
.
bind9 (1:9.4.2-2) unstable; urgency=low
.
* init.d: add --oknodo to start-stop-daemon. Closes: #411881
* init: LSB dependency info. Closes: #459421, #448006
* meta: bind9 Suggests: resolvconf. Closes: #252285
* bind9: deliver /var/lib/bind directory, and document.
Closes: #248771, #200253, #202981, #209022
* lwresd: create bind user/group and rndc key if needed, at install.
Closes: #190742
* dnsutils: update long description. Closes: #236901
.
bind9 (1:9.4.2-1) unstable; urgency=low
.
[Mike O'Connor]
.
* bind9.init: LSB compliance. Closes: #448006
.
[Internet Software Consortium, Inc]
.
* New release: 9.4.2
.
[LaMont Jones]
.
* soname shifts for new release
.
bind9 (1:9.4.2~rc2-1) experimental; urgency=low
.
* New upstream release
.
bind9 (1:9.4.1-P1-4) unstable; urgency=low
.
[Thomas Antepoth]
.
* unix/socket.c: don't send to a socket with pending_send. Closes: #430065
.
[LaMont Jones]
.
* document git repositories
* db.root: l.root-servers.net changed IP address. Closes: #449148 LP: #160176
* init.d: if there are no networks configured, error out quickly
.
bind9 (1:9.4.1-P1-3) unstable; urgency=low
.
* Only deliver upstream changes with bind9-doc
.
bind9 (1:9.4.1-P1-2) unstable; urgency=low
.
* manpages: fix typo errors. Closes: #395834
* manpages: call it /etc/bind/named.conf throughout, and typos. Closes: #419750
* named.conf.5: correct filename. Closes: #428015
* bind9.NEWS: update version for ACL change doc. Closes: #435225
* build: don't have dnsutils deliver man pages that it shouldn't. LP: #82178
* nslookup.1: some of the manpage was not visible. LP: #131415
* document git repositories
* unix/socket.c: don't send to a socket with pending_send. Closes: #430065
.
bind9 (1:9.4.1-P1-1) unstable; urgency=high
.
* New upstream version, addresses CVE-2007-2926 and CVE-2007-2925
.
bind9 (1:9.4.1-1) unstable; urgency=low
.
* New upstream version
.
bind9 (1:9.4.0-2) unstable; urgency=low
.
* upload to unstable
.
bind9 (1:9.4.0-1) experimental; urgency=low
.
* New upstream version
* more mipsel patch. Closes: #406409
.
bind9 (1:9.4.0~rc2-1) experimental; urgency=low
.
* New upstream version. Addresses CVE-2007-0493 CVE-2007-0494
.
bind9 (1:9.4.0~rc1.0-3) experimental; urgency=low
.
* add NEWS file talking about the change in defaults:
As of bind 9.4, allow-query-cache and allow-recursion default to the
builtin acls 'localnets' and 'localhost'. If you are setting up a
name server for a network, you will almost certainly need to change
this.
.
The change in default has been done to make caching servers less
attractive as reflective amplifying targets for spoofed traffic.
This still leaves authoritative servers exposed.
.
bind9 (1:9.4.0~rc1.0-2) experimental; urgency=low
.
* Fix mips64. Closes: #406409
.
bind9 (1:9.4.0~rc1.0-1) experimental; urgency=low
.
* Broken orig.tar.gz.
.
bind9 (1:9.4.0~rc1-1) experimental; urgency=low
.
* New upstream
.
bind9 (1:9.3.4-2etch2) stable-proposed-updates; urgency=low
.
[Thomas Antepoth]
.
* unix/socket.c: don't send to a socket with pending_send. Closes: #430065
.
[LaMont Jones]
.
* document git repositories
* db.root: l.root-servers.net changed IP address. Closes: #449148
.
bind9 (1:9.3.4-2etch1) stable-security; urgency=high
.
* Fix DNS cache poisoning through predictable query IDs. (CVE-2007-2926)
.
bind9 (1:9.3.4-2) unstable; urgency=high
.
* Actually really do the merge of 9.3.4. Sigh. Closes: #408925
.
bind9 (1:9.3.4-1) unstable; urgency=high
.
* New upstream version. Addresses CVE-2007-0493 CVE-2007-0494
.
bind9 (1:9.3.3-1) unstable; urgency=low
.
* New upstream version
.
bind9 (1:9.3.2-P1.0-1) unstable; urgency=low
.
* Fix README.Debian to point to the URL. Closes: #387437
* Strip rfc's from orig.tar.gz. Closes: #393359
.
bind9 (1:9.3.2-P1-2) unstable; urgency=low
.
* Fix init script output. Closes: #354192
Thanks to Joey Hess for the patch.
* Default install should listen on ipv6 interfaces. Closes: #382438
.
bind9 (1:9.3.2-P1-1) unstable; urgency=high
.
* New upstream, fixes CVE-2006-4095 and CVE-2006-4096.
Closes: #386237, #386245
* Drop gcc-3.4 [powerpc] dependency. Closes: #342957, #372203
* Add -fno-strict-aliasing for type-punned pointer aliasing issues
Closes: #386224
* Use getent in postinst instead of chown/chgrp. Closes: #386091, #239665
* Drop redundant update-rc.d calls. Closes: #356914
.
bind9 (1:9.3.2-2) unstable; urgency=low
.
* correct force-reload. Closes: #333841
* Fix init.d's usage message. Closes: #331090
* resolvconf tweaks. Closes: #252232, #275412
.
bind9 (1:9.3.2-1) unstable; urgency=low
.
* New upstream
* use lsb-base for start/stop messages in init.d.
* switch to debhelper 4
.
bind9 (1:9.3.1-2) unstable; urgency=low
.
* Getting good reports from experimental, uploading to sid.
Release team, please consider this package for sarge. Thanks.
* correct pidfile name in init.d/lwresd. Closes: #298100
.
bind9 (1:9.3.1-1) experimental; urgency=low
.
* Build with gcc-3.4 on powerpc, to work around #292958.
.
bind9 (1:9.3.1-0) experimental; urgency=low
.
* New upstream version.
.
bind9 (1:9.3.0+9.3.1beta2-1) experimental; urgency=low
.
* new upstream version
.
bind9 (1:9.3.0-1) experimental; urgency=low
.
* New upstream version
.
bind9 (1:9.2.4-1) unstable; urgency=high
.
* New upstream version. Closes: #269157 and others.
* Version debhelper build-dep. Closes: #262720
.
bind9 (1:9.2.3+9.2.4-rc7-1) unstable; urgency=low
.
* New upstream
.
bind9 (1:9.2.3+9.2.4-rc6-1) unstable; urgency=low
.
* New upstream.
* Comment out delegation-only directives in named.conf
.
bind9 (1:9.2.3+9.2.4-rc5-1) unstable; urgency=low
.
* New upstream release candidate
.
bind9 (1:9.2.3+9.2.4-rc2-1) unstable; urgency=low
.
* New upstream release candidate
* Remove shared library symlinks in clean. Closes: #243109
* Deal with capset being a module. Closes: #245043, #240874, #241605
* deliver /var/run/bind/run in lwresd as well. Closes: #186569
.
bind9 (1:9.2.3-3) unstable; urgency=low
.
* new IP for b.root-servers.net. Closes: #234278
* Fix RC linkages to match bind8. Closes: #218007
.
bind9 (1:9.2.3-2) unstable; urgency=low
.
* Rebuild autoconf files for mips. Closes: #221419
.
bind9 (1:9.2.3-1) unstable; urgency=low
.
* New upstream.
* cleanup zones.rfc1918/db.empty stuff.
* Fix Makefiles to work even if the build environment is unclean.
Closes: #211503
* Add comments about root-delegation-only to named.conf. Closes: #212243
* Add resolvconf support. Closes: #199255
* more SO_BSDCOMPAT hacks for linux. Closes: #220735, #214460
.
bind9 (1:9.2.2+9.2.3rc4-1) unstable; urgency=low
.
* Yet another new upstream release.
.
bind9 (1:9.2.2+9.2.3rc3-1) unstable; urgency=low
.
* New upstream. Closes: #211752. #211503. #211496, #211520
.
bind9 (1:9.2.2+9.2.3rc2-4) unstable; urgency=low
.
* Really fix versioned depends. Closes: #211590
.
bind9 (1:9.2.2+9.2.3rc2-3) unstable; urgency=low
.
* Version depends for all the libraries. sigh. Closes: #211412,#210293
.
bind9 (1:9.2.2+9.2.3rc2-2) unstable; urgency=low
.
* Need a versioned depend. sigh.
.
bind9 (1:9.2.2+9.2.3rc2-1) unstable; urgency=low
.
* New upstream release. Closes: #211373
* Remove RFC's from package, per policy.
* Make com and net zones delegation-only by default.
.
bind9 (1:9.2.2+9.2.3rc1-3) unstable; urgency=low
.
* A bit more cleanup of descriptions.
* fix package sections
* Fix b0rkage with dependencies.
.
bind9 (1:9.2.2+9.2.3rc1-2) unstable; urgency=low
.
* Explicitly link libraries. Closes: #210653
* Fix descriptions. Closes: #209563, #209853, #210063
.
bind9 (1:9.2.2+9.2.3rc1-1) unstable; urgency=low
.
* New upstream release candidate.
* Quit using SO_BSDCOMPAT (why is it still in the header files??) so
that the kernel will shut up about it's advertised, obsolete option.
Closes: #201293, #204282, #205590
.
bind9 (1:9.2.2-2) unstable; urgency=low
.
* Fix libtool.m4. Closes: #183791
* move lib packages into Section: libs. Closes: #184788
* make sure it's libssl0.9.7. Closes: #182363
* Add /etc/default/lwresd. Closes: #169727
* Add fakeroot dir to dh_shlibdeps. Closes: #169622
* Fix rndc manpage. Closes: #179353
* Deliver /usr/bin/isc-config.sh (in libbind-dev). Closes: #178186
.
bind9 (1:9.2.2-1) unstable; urgency=low
.
* New upstream version
* Document /etc/default/bind9 in init.d script. Closes: #170267
.
bind9 (1:9.2.1-7) unstable; urgency=low
.
* One more overrides disparity.
* Fix bashism in postinst. Closes: #169531
.
bind9 (1:9.2.1-6) unstable; urgency=low
.
* The "I give up for now" release.
* Only convert to running as bind if named.conf hasn't been modified.
* Closes: #163552, #164352
* Fix overrides
* Cleanup README.Debian wrt non-root-by-default.
* Make sure that /var/run/bind/run exists in init.d script. Closes: #168912
* New IP for j.root-servers.net. Closes: #167818
* Check for 2.2.18 kernel in preinst. Closes: #164349
* Move local options to /etc/default/bind9. Closes: #169132, #163073
* Cleanup old bugs (fixed in -5, really). Closes: #165864
* Add /etc/bind/named.conf.local, included from named.conf. Closes: #129576
* Do options definitions in /etc/bind/named.conf.options, makes life
easier in the face of named.conf changes from upstream.
* Add missing Depends: adduser
.
bind9 (1:9.2.1-5) unstable; urgency=low
.
* Run named a non-privileged user by default. Closes: #149059
.
bind9 (1:9.2.1-4) unstable; urgency=low
.
* swap maintainer/uploader status so LaMont is primary and Bdale is backup
* Deal with bind/bind9 collisions better. Closes: #149580
* Fix some documentation. Closes: #151579
.
bind9 (1:9.2.1-3) unstable; urgency=high
.
* fold in lib/bind/resolv from 8.3.3 to resolve buffer overlow issue in
resolver library, closes: #151342, #151431
.
bind9 (1:9.2.1-1.woody.1) testing-security woody-proposed-updates; urgency=high
.
* backport to woody (simple rebuild) since 9.2.1 resolves a security issue
.
bind9 (1:9.2.1-2) unstable; urgency=low
.
* don't include nslint man page, closes: #148695
* fix typo in rndc.8, closes: #139602
* add a section to README.Debian explaining the rndc key mode that has been
our default since 9.2.0-2, closes: #129849
* fix paths for named.conf in named.8 to reflect our default, closes: #143443
* upstream fixed the nsupdate man page at some point, closes: #121108
.
bind9 (1:9.2.1-1) unstable; urgency=medium
.
* new upstream version
* have bind9-host provide host, closes: #140174
* move bind9-host to priority standard since dnsutils depends on it or host,
and we prefer bind9-host over host.
* move libdns5 and libisc4 to priority standard since dnsutils depends on
them and is priority standard
.
bind9 (1:9.2.0-6) unstable; urgency=low
.
* move to US main! Yippee! Closes: #123969
* add info to README.Debian about 2.5 kernels vs --disable-linux-caps
.
bind9 (1:9.2.0-5) unstable; urgency=medium
.
* clean up various issues in the rules file
* make bind9-host conflict/replace old dnsutils as host does, otherwise we
can have problems upgrading from potato to woody, closes: #136686
* use /dev/urandom for rndc-confgen in postinst, it should be good enough for
this purpose, and will keep the postinst from blocking arbitrarily.
closes: #130372
* add fresh pointers to chroot howto to README.Debian, closes: #135774
.
bind9 (1:9.2.0-4) unstable; urgency=low
.
* bind9-host needs to conflict with host, closes: #127395
.
bind9 (1:9.2.0-3) unstable; urgency=low
.
* force removal of old diverted files, closes: #126236
* change priority of liblwres1 from optional to standard per ftp admins
* add a bind9-host package so that the 'host' provided with the BIND 9.X
source tree can be an alternative to the aging NIKHEF version packaged
separately. Update dnsutils dependencies to depend on one of the two,
with preference to this one since it has fewer bugs (but fewer features,
too).
.
bind9 (1:9.2.0-2) unstable; urgency=medium
.
* change rc.d links to ensure daemon starts before and stops after other
daemons that may fail if name service is not working (bug was filed
against 8.X bind packages, but is just as relevant here!)
* use rndc for daemon shutdown instead of start-stop-daemon, closes: #111935
* add a postinst to dnsutils to remove any lingering diversions from old
dnsutils packages, closes: #122227
* not much point in delivering zone2ldap.1 since we aren't delivering
zone2ldap right now (though we might someday?), closes: #124058
* be more verbose with shared library descriptions, closes: #123426, #123428
* 9.2.0 added a new rndc.key file that both named and rndc will read to
obtain a shared key, and rndc-confgen will easily create this file with
a unique-per-system key. Modify named.conf and remove rndc.conf
to take advantage of this mechanism and stop delivering a pre-determined
static key to all Debian systems (which has been a mild security risk).
Create the key in postinst if the key file doesn't already exist, and
remove the file in postrm if purging.
Closes: #86718, #87208
.
bind9 (1:9.2.0-1) unstable; urgency=low
.
* new upstream version, closes: #108243, #112266, #114250, #119506, #120657
* /etc/bind/rndc.conf is now a conffile
* minor hacks to the README.Debian since the chroot instructions it points
to are 8.X specific, part of addressing bug 111868.
* libomapi is gone, replaced by libisccc and libisccfg
* a few lintian-motivated cosmetic cleanups
* lose task-dns-server meta package, since tasksel doesn't need it now
* dig problem not reproducible in this version, closes: #89526
* named-checkconf now uses $sysconfdir, closes: #107835
* no longer deliver man pages for contributed binaries we're not including
in dnsutils, closes: #108220
* fix section in nslookup man page, though that's the least of the man
page's problems... glitch reported is unreproducible
closes: #103630, #120946
* update libbind-dev README.Debian, closes: #121050
.
bind9 (1:9.1.3-1) unstable; urgency=low
.
* new upstream version, closes: #96483, #99824, #100647, #101568, #103429
* update config.sub/guess for hppa/ia64 support
* small init.d patch from Marco d'Itri to ease adding options on invocation
* stop having bind9-doc conflict/replace bind-doc since they don't really
conflict and there's no reason to prevent having both installed at the
same time, closes: #90994
* the CHANGES file documents fixes since 9.1.1 that probably cured the
reported assertion failure. If it turns out that I'm wrong, the bug can
be re-opened or a new one filed. I can't see any way to reproduce the bug
in a test case here. Closes: #99352
* have libbind-dev depend on the runtime library packages it delivers
compile-time symlinks for, closes: #100898, #103855
* fix lwres man pages to source man3/* instead of * so all the page content
can actually be found, closes: #85450, #103865
.
bind9 (1:9.1.1-1) unstable; urgency=low
.
* new upstream release
* update build-depends for libssl-dev
* add build-depends on bison, closes: #90150, #90752, #90159
* split up libbind0 since libdns is changing so numbers
* downgrade rblcheck from a depends to a suggests, closes: #90783
* bind9 mkdep creates files in the current working directory, closes: #58353
.
bind9 (1:9.1.0-3) unstable; urgency=low
.
* merge patch from Zack Weinberg that solves compilation problem, and
reduces the memory footprint of applications by making configure.in
smarter. Closes: #86776, #86910
* the bind-doc package includes all relevant documentation from the bind9
source tree, including HTML content in /usr/share/doc/bind9-doc/arm,
closes: #85718
* default named.conf and rndc.conf to not world-readable. This is an
interim step towards addressing the concerns about security raised by
bugs 86718 and closes: #86836 A better long-term solution would be for
rndc.conf to allow includes, so that both named.conf and rndc.conf could
include a key file built on the fly during installation while themselves
retaining conffile status. The required functionality has been requested
of the bind9 upstream, this will limit vulnerability in the meantime.
* add replaces logic to the dnsutils package to avoid complaints about the
delivery of nsupdate.8.gz, closes: #86759
* move a couple of man pages back from dnsutils to bind9 that really belong
there. sigh.
.
bind9 (1:9.1.0-2) unstable; urgency=low
.
* merge patch from Luca Filipozzi <lfilipoz@debian.org> - thanks!
+ bind9: ships with a working rndc.conf file, closes: #84572
+ bind9: init.d calls rndc rather than ndc on reload, closes: #85481
+ bind9: named.conf ships with 'key' and 'control' sections
+ bind9: correctly creates /var/cache/bind, closes: #85457
+ lwresd: lwresd is split off into its own package, closes: #85627
* nsupdate is delivered by the dnsutils package, but the (wrong) man page
was accidentally also included in the bind9 package, closes: #85717
* freshen config.sub and config.guess for ia64 and hppa support
.
bind9 (1:9.1.0-1) unstable; urgency=low
.
* Initial packaging of BIND 9.1.0. Must use epoch so that meta packages
retain their sequencing from the bind 8 package version stream.
* snarf a couple of man pages from the 8.X tree for now
Checksums-Sha1:
1e06e2085ed1b70ef7aa831fdcef86154b155fce 2225 bind9_9.8.4.dfsg.P1-6+nmu1~bpo60+1.dsc
3ab83667ab3ce2df6bdf558cc1e5a361fe5b539b 7258441 bind9_9.8.4.dfsg.P1.orig.tar.gz
941708ab2fa1596635f6571aa55838e5509245e2 716864 bind9_9.8.4.dfsg.P1-6+nmu1~bpo60+1.diff.gz
2f33adb55b265e4808c126307b99f2e8109a0e50 364452 bind9-doc_9.8.4.dfsg.P1-6+nmu1~bpo60+1_all.deb
3ffdfa1d0b91f1df718a2e91344e55129b396777 20460 host_9.8.4.dfsg.P1-6+nmu1~bpo60+1_all.deb
2beebc227b19cdb2a9b5c149ef00e57a99d66b55 354110 bind9_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
d59ca7b7ea1c1d98a924117492ecaea7317c8c2a 122066 bind9utils_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
d3e31e8a3e181167fc7da3107468c68a515503cb 70470 bind9-host_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
75096dd697d939fe12849900fae5185dfe77d311 1505064 libbind-dev_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
15acfc93285b13257e5b7c0eb463daaa45ce3244 42384 libbind9-80_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
3197c378fd5a5f477bb5cb40cf548349c1d44954 717006 libdns88_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
b9cced143bdbc16382d599819ea0c9a727da0635 166360 libisc84_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
2b3f2554c6a4df21852cfc428f67b0b8eb0afe34 52954 liblwres80_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
df54ca273338be984545acd2694ce0ae942374fe 33822 libisccc80_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
6e109c2f67e8d974e99b49335db0772ec4101e5f 55492 libisccfg82_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
f5eb19240cd936d73fa8ecc76330d50b9b0342f1 157956 dnsutils_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
d716d43ef15bc090dcee71452fe7bfc47e8f91ce 243878 lwresd_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
Checksums-Sha256:
82684a12e0243aa889ffffa25b10f26316b42b357984e0d18afc00ba8defc5ad 2225 bind9_9.8.4.dfsg.P1-6+nmu1~bpo60+1.dsc
de7b8ef3f5336ba2c19e7ad8cec618e1bf77fbd81cc2e45cc7f798544e843bdb 7258441 bind9_9.8.4.dfsg.P1.orig.tar.gz
ea1411d6e5caed266cfd4c3adf9f47857630b3e5f724c3d66866fc2e54c70e94 716864 bind9_9.8.4.dfsg.P1-6+nmu1~bpo60+1.diff.gz
fbe1849504385eab8c62d21f96f0cd1dd0eae089a19d1de68cfdb31b92ae831b 364452 bind9-doc_9.8.4.dfsg.P1-6+nmu1~bpo60+1_all.deb
87c649adbbe2bf2a74ecd1a99b4f7c13a4ab4837b40fcad52494ae39cb958814 20460 host_9.8.4.dfsg.P1-6+nmu1~bpo60+1_all.deb
b907c2d257839191449546143b82b2bc8e20a74b26ede1f897509cc013c55ac0 354110 bind9_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
51fde469ac1cf7b04878c476ef8ecb40477b9a31c3bbd797755d25d3664f912b 122066 bind9utils_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
97de72b153aac0a71cc9d29771b5f72ac4cc08f0fbde9db35c521fd6395fe14e 70470 bind9-host_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
2a766aca50e148915610f02cd6e7168adcfbd70c66f4f629ecbc11939dc9280c 1505064 libbind-dev_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
b9096e0fbe0a32816b9bb398c9c32c783a6e95abd3d69360744e1fa93161f839 42384 libbind9-80_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
9dbb4064ccfb9e3494d4a84b32e2a397f05c38251c82b8b8ba93adfec3a04adc 717006 libdns88_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
4156a681b1d8422f6fa823c32e6728409eb982f5bf8fb647e744193667507a98 166360 libisc84_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
5bc1d1c037020ab9c1bdd789028e85a8c3ffe42e545873abff7941b14edf1f74 52954 liblwres80_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
c2c8af5af7303b1a51baa6199a0419dee93f9bd518625db2ebabb4aaebcfa6a4 33822 libisccc80_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
298309a69e3d84a2a596f9a86ffca456d2f275ae20a35210558c7ae00a6a5f03 55492 libisccfg82_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
c90fcdbeeb391fb5da9ff8db3ddc5be28275b4b88626850e7b915462b557a14d 157956 dnsutils_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
e656c3f2f4d7798ad718a37d5cacc0ebf3c4e4c58dcef4b1fe62c78a5fe69a1a 243878 lwresd_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
Files:
56437d7bc6a61e6be9e26b8ad800e6f9 2225 net optional bind9_9.8.4.dfsg.P1-6+nmu1~bpo60+1.dsc
96f5c03a8b42d29519c8860bea5a8353 7258441 net optional bind9_9.8.4.dfsg.P1.orig.tar.gz
7fc65adf8086e5472a9155244cf31030 716864 net optional bind9_9.8.4.dfsg.P1-6+nmu1~bpo60+1.diff.gz
91b145f9989790ae855872f72002b5a5 364452 doc optional bind9-doc_9.8.4.dfsg.P1-6+nmu1~bpo60+1_all.deb
9b5b9f71f20acce0b06a789e65d2e53f 20460 net standard host_9.8.4.dfsg.P1-6+nmu1~bpo60+1_all.deb
cbbf0e6aecda379eea0c6f817aa29225 354110 net optional bind9_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
25b6db4c55b50f6a04ef496bd8289dd4 122066 net optional bind9utils_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
a2a9b639ca16027914a3268aa69fd7ae 70470 net standard bind9-host_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
ae98c18dcb27160ee65d2d60866a83cf 1505064 libdevel optional libbind-dev_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
3aeb8b6c6319dd32ea12d2a4176ead45 42384 libs standard libbind9-80_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
ca04678a4a6d849c77f63494e48c1b37 717006 libs standard libdns88_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
2e46f3acee02c5e171ab822ad0869a65 166360 libs standard libisc84_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
1850b09337dda9be5a1b61a2dda02c73 52954 libs standard liblwres80_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
f26afc557b5123d15b69930c15402220 33822 libs optional libisccc80_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
69dbe734812c1f98bc852bbcb3af4f79 55492 libs optional libisccfg82_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
3b882577ec56f9bd8192eeb4a4afd4b9 157956 net standard dnsutils_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
b73a39f78c492f390f6162afe2e57559 243878 net optional lwresd_9.8.4.dfsg.P1-6+nmu1~bpo60+1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRd988AAoJEExaa6sS0qeuIYcP/RlJtHgJJvpyuViuenGRZ7ts
M5HYL1ubfOpiCVs1qU2SLqElVzh7PtRrl8joU0nem1E3quL28szlXSG0XQazeiiK
7+sWCLTgmUERBs6XeVdamk8rMR3BOo9qTa9WcPgzPH9zRCUvbBCaNg2JlF5z5lNu
4WwEILmDtYWN59fbJAs9fLL9/DXBN0mex+5oFddgRKNGu36F2oJPJ9bRHaakHb1P
7jenm8qRIo2KyUv70gahTDSlIoJOYYxtDQ1IhF5785xNaVkHFEdETLpNZ0V4u4cE
wcNB17qHpmvO9QVaftdsjmkVxj319qL8VEK8dMAp/oBpx/ntminaLYubR2K53/iv
kXqlcRMutoHOXWQsvY7eQtbAXFsqgG7dxnDKivhLJeFGkNftaS9KqCxRsbnCZdeL
Uu/2KjtmxshQ2oniHgRb4HjUhvOFD/S/xjtL+5oAiFP3rWJD2BCdbXSY84NG//0T
WNsN6abQ0FfO32j6o4I0c7ILDYsv2SwLrUJnFkVlbuwPVz9djI4fweStTwvdZOb3
gvpEz7XJ7EtTAD684f8QkJdqzi1K74YnAi3P/tqJ/PRTIHUfq7Az2yEm5s5MKerR
tnovOaz27tfdfDA19PvLMOPhxpBsL+bPfRr5K8v2Ypx8F5JGf2iQA7XcZK7+R7bN
EdKiiLl9kK0hl51CTtmd
=J/YA
-----END PGP SIGNATURE-----
YA
-----END PGP SIGNATURE-----
Reply to: