bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u20) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team.
  * CVE-2018-5735: A denial of service flaw was found in the way BIND handled
    DNSSEC validation. A remote attacker could use this flaw to make named
    exit unexpectedly with an assertion failure via a specially crafted DNS
    response. This issue is closely related to CVE-2017-3139. (Closes: #889285)

 -- Roberto C. Sanchez <roberto@debian.org>  Wed, 07 Feb 2018 23:36:28 -0500

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u19) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * CVE-2017-3145
    Addresses could be referenced after being freed in resolver.c, 
    causing an assertion failure.

 -- Thorsten Alteholz <debian@alteholz.de>  Sun, 21 Dec 2018 18:40:12 +0100

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u18) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * addresses a TSIG regression introduced in previous upload

 -- Thorsten Alteholz <debian@alteholz.de>  Wed, 19 Jul 2017 20:40:12 +0200

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u17) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * CVE-2017-3142
    An error in TSIG authentication can permit unauthorized 
    zone transfers.
  * CVE-2017-3143
    An error in TSIG authentication can permit unauthorized 
    dynamic updates.

 -- Thorsten Alteholz <debian@alteholz.de>  Tue, 11 Jul 2017 18:40:39 +0200

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u16) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * Dns64 with "break-dnssec yes;" can result in a assertion failure.
    (CVE-2017-3136) 
  * Prerequisite for CVE-2017-3137 cherry-picked from upstream change #4190.
    If not cherry-picking this change the fix for CVE-2017-3137 can cause an
    assertion failure to appear in name.c.
  * Some chaining (CNAME or DNAME) responses to upstream queries could trigger
    assertion failures (CVE-2017-3137) 
  * Reimplement: Some chaining (CNAME or DNAME) responses to upstream queries
    could trigger assertion failures. (CVE-2017-3137)
  * Fix regression introduced when handling CNAME to referral below the
    current domain 
  * 'rndc ""' could trigger a assertion failure in named. (CVE-2017-3138)
  * patch basically adapted from diff of Jessie version

 -- Thorsten Alteholz <debian@alteholz.de>  Sat, 20 May 2017 14:40:39 +0200

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u15) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * CVE-2017-3135
    Assertion failure when using DNS64 and RPZ can lead to crash.

 -- Thorsten Alteholz <debian@alteholz.de>  Fri, 24 Feb 2017 18:40:39 +0100

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u14) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * Apply patches from ISC and borrowed from stretch
  * CVE-2016-9131: Assertion failure related to caching of TKEY records
    in upstream DNS responses.
  * CVE-2016-9147: Processing of RRSIG records in upstream DNS response
    without corresponding signed data could lead to an assertion failure.
  * CVE-2016-9444: Missing RRSIG records in the authority section of
    upstream responses could lead to an assertion failure.
  * RT #43779: Fix handling of CNAME/DNAME responses.  (Regression due
    to the CVE-2016-8864 fix.)

 -- Thorsten Alteholz <debian@alteholz.de>  Wed, 25 Jan 2017 19:31:39 +0100

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u13) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * CVE-2016-8864: Fix assertion failure in DNAME processing with patch
    provided by ISC.

 -- Thorsten Alteholz <debian@alteholz.de>  Wed, 02 Nov 2016 19:31:39 +0100

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u12) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * CVE-2016-2848: A server vulnerable to this defect can be forced to 
    exit with an assertion failure if it receives a malformed packet.  
    Authoritative and recursive servers are both vulnerable.

 -- Thorsten Alteholz <debian@alteholz.de>  Wed, 19 Oct 2016 22:31:39 +0200

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u11) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * CVE-2016-2775: lwresd crash with long query name.
    Backport of upstream commit 38cc2d14e218e536e0102fa70deef99461354232.
    Closes: #831796.
  * CVE-2016-2776: assertion failure due to unspecified crafted query.
    Fix based on 43139-9-9.patch from ISC.  Closes: #839010.

 -- Thorsten Alteholz <debian@alteholz.de>  Tue, 04 Oct 2016 21:51:39 +0200

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u10) wheezy-security; urgency=high

  * Fix CVE-2016-1285: error parsing control channel input.
  * Fix CVE-2016-1286: error parsing DNAME resource records.

 -- Michael Gilbert <mgilbert@debian.org>  Tue, 08 Mar 2016 02:51:39 +0000

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u9) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c.
    A buffer size check used to guard against overflow could cause named to
    exit with an INSIST failure In apl_42.c.

 -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 16 Jan 2016 10:50:12 +0100

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u8) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Add patch to fix CVE-2015-8000.
    CVE-2015-8000: Insufficient testing when parsing a message allowed
    records with an incorrect class to be be accepted, triggering a REQUIRE
    failure when those records were subsequently cached.

 -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 14 Dec 2015 20:09:13 +0100

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u7) wheezy-security; urgency=high

  * CVE-2015-5722: maliciously crafted DNSSEC key can cause named to crash.

 -- Michael Gilbert <mgilbert@debian.org>  Thu, 03 Sep 2015 01:03:45 +0000

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u6) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2015-5477: A failure to reset a value to NULL in tkey.c could
    result in an assertion failure.

 -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 27 Jul 2015 20:52:06 +0200

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u5) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2015-4620: Specially constructed zone data can cause a resolver to
    crash when validating.

 -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 30 Jun 2015 17:53:38 +0200

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u4) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2015-1349: avoid crash due to managed-key rollover.
    Revoking a managed trust anchor and supplying an untrusted replacement
    could cause named to crash with an assertion failure.

 -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 18 Feb 2015 08:25:15 +0100

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u3) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2014-8500: Failure to place limits on delegation chaining can allow an
    attacker to crash BIND or cause memory exhaustion.

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 08 Dec 2014 20:02:06 +0100

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u2) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2014-0591: named crash when handling malformed NSEC3-signed zones.
    A remote attacker could use this flaw against an authoritative name
    server that served NCES3-signed zones by sending a specially crafted
    query, which, when processed, would cause named to crash. (Closes: #735190)

 -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 05 Sep 2014 22:18:48 +0200

bind9 (1:9.8.4.dfsg.P1-6+nmu2+deb7u1) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2013-4854: A specially crafted query that includes malformed rdata can
    cause named to terminate with an assertion failure while rejecting the
    malformed query. (Closes: #717936).

 -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 27 Jul 2013 10:39:42 +0200

bind9 (1:9.8.4.dfsg.P1-6+nmu2) unstable; urgency=medium

  * Non-maintainer upload.
  * Install /usr/include/dns/rrl.h (closes: #699834).

 -- Michael Gilbert <mgilbert@debian.org>  Tue, 16 Apr 2013 01:59:05 +0000

bind9 (1:9.8.4.dfsg.P1-6+nmu1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix cve-2012-5689: issue in nameservers using DNS64 to perform a AAAA
    lookup for a record with an A record overwrite rule in a Response Policy
    Zone (closes: #699145).
  * Fix cve-2013-2266: issues in regular expression handling (closes: #704174).

 -- Michael Gilbert <mgilbert@debian.org>  Fri, 29 Mar 2013 00:47:25 +0000

bind9 (1:9.8.4.dfsg.P1-6) unstable; urgency=low

  [Ben Hutchings]

  * Initialise OpenSSL before calling chroot().  Closes: #696661

 -- LaMont Jones <lamont@debian.org>  Fri, 01 Mar 2013 08:23:27 -0700

bind9 (1:9.8.4.dfsg.P1-5) unstable; urgency=low

  [LaMont Jones]

  * Properly acknowledge 1:9.8.1.dfsg.P1-4.4: [Philipp Kern]
    - Fix CVE-2012-4244. Thanks to Moritz Mühlenhoff for providing the patch.

  [Paul Vixie]

  * Include rpz/rrl patches from http://www.redbarn.org/dns/ratelimits. 
    Closes: #698641

 -- LaMont Jones <lamont@debian.org>  Wed, 30 Jan 2013 14:04:35 -0700

bind9 (1:9.8.4.dfsg.P1-4) unstable; urgency=high

  * The rest of the dnssec validation logspam removal.  Closes: #697681

 -- LaMont Jones <lamont@debian.org>  Mon, 21 Jan 2013 13:18:53 -0700

bind9 (1:9.8.4.dfsg.P1-3) unstable; urgency=low

  [Marc Deslauriers]

  * debian/bind9.apport: Add AppArmor info and logs to apport hook.

  [LaMont Jones]

  * Reduce log level for "sucessfully validated after lower casing" dnssec
    based on mail from Mark Andrews.  Closes: #697681
  * remove /var/lib/bind/bind9-default.md5sum in postrm
  * remove /etc/bind/named.conf.options on purge.  Closes: #668801

 -- LaMont Jones <lamont@debian.org>  Wed, 09 Jan 2013 09:47:24 -0700

bind9 (1:9.8.4.dfsg.P1-2) unstable; urgency=low

  [Michael Gilbert]

  * Use /var/lib/bind for state file.  Closes: #689332

  [LaMont Jones]

  * Re-enable dlopen, do not build the test that fails.  Closes: #692416
  * Update db.root with new IP for D.root-servers.net.  Closes: #697352

 -- LaMont Jones <lamont@debian.org>  Mon, 07 Jan 2013 06:50:25 -0700

bind9 (1:9.8.4.dfsg.P1-1) unstable; urgency=low

  * Named could die on specific queries with dns64 enabled.
    [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
    CVE-2012-5688  Closes: #695192

 -- LaMont Jones <lamont@debian.org>  Wed, 05 Dec 2012 05:22:06 -0700

bind9 (1:9.8.4.dfsg-1) unstable; urgency=low

  [Matthew Grant]

  * Turn off dlopen as it was causing test compile failures.
  * Add missing library .postrm files for debhelper

  [LaMont Jones]

  * New upstream version
  * soname fixup
  * Ack NMUs

 -- LaMont Jones <lamont@debian.org>  Mon, 29 Oct 2012 08:37:49 -0600

bind9 (1:9.8.1.dfsg.P1-4.4) testing-proposed-updates; urgency=low

  * Non-maintainer upload.
  * Fix CVE-2012-4244. Thanks to Moritz Mühlenhoff for providing
    the patch.

 -- Philipp Kern <pkern@debian.org>  Sat, 03 Nov 2012 20:43:43 +0100

bind9 (1:9.8.1.dfsg.P1-4.3) unstable; urgency=medium

  [ Philipp Kern ]
  * Non-maintainer upload.

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via specific combinations of RDATA
    - bin/named/query.c: fix logic
    - Patch backported from 9.8.3-P4
    - CVE-2012-5166

 -- Philipp Kern <pkern@debian.org>  Sun, 28 Oct 2012 20:28:11 +0100

bind9 (1:9.8.1.dfsg.P1-4.2) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix denial of service vulnerability triggered
    through an assert because of using bad cache
    (CVE-2012-3817; Closes: #683259).

 -- Nico Golde <nion@debian.org>  Mon, 30 Jul 2012 20:56:10 +0200

bind9 (1:9.8.1.dfsg.P1-4.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * SECURITY UPDATE: ghost domain names attack
    - lib/dns/rbtdb.c: Restrict the TTL of NS RRset to no more than that
      of the old NS RRset when replacing it.
    - Patch backported from 9.8.2.
    - CVE-2012-1033
  * SECURITY UPDATE: denial of service via zero length rdata handling
    - lib/dns/rdata.c,lib/dns/rdataslab.c: use sentinel pointer for
      duplicate rdata.
    - Patch backported from 9.8.3-P1.
    - CVE-2012-1667

 -- Luk Claes <luk@debian.org>  Wed, 20 Jun 2012 15:26:09 -0400

bind9 (1:9.8.1.dfsg.P1-4) unstable; urgency=low

  [Christoph Egger]

  * define _GNU_SOURCE on kfreebsd et al.  Closes: #658201

  [LaMont Jones]

  * chmod typo in postinst.  LP: #980798
  * Correctly order debhelper bits in postrm.  Closes: #661040

 -- LaMont Jones <lamont@debian.org>  Fri, 13 Apr 2012 12:09:24 -0600

bind9 (1:9.8.1.dfsg.P1-3) unstable; urgency=low

  [Zlatan Todoric]

  * fixed Serbian latin translation of debconf template.  Closes: #634951

  [Peter Eisentraut]

  * Add support for "status" action to lwresd init script.  Closes: #651540

  [Bjørn Steensrud]

  * NB Translations.  Closes: #654454

  [LaMont Jones]

  * Default to run_resolvconf=false.  LP: #933723
  * Deliver named.conf.options on fresh install.  Closes: #657042  LP: #920202
  * Do not deliver /usr/share/bind9/bind9-default.md5sum in the bind9 deb. 
    Closes: #620007  LP: #681536
  * Deliver and use /etc/apparmor.d/local/usr.sbin.named for local overrides.
    LP: #929563

 -- LaMont Jones <lamont@debian.org>  Fri, 17 Feb 2012 14:40:29 -0800

bind9 (1:9.8.1.dfsg.P1-2) unstable; urgency=low

  * Deliver named.conf.options on fresh install.  Closes: #657042  LP: #920202

 -- LaMont Jones <lamont@debian.org>  Wed, 25 Jan 2012 03:55:21 -0700

bind9 (1:9.8.1.dfsg.P1-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * 9.8.1-P1
    -  Cache lookup could return RRSIG data associated with nonexistent
       records, leading to an assertion failure.

  [LaMont Jones]

  * add a readme entry for DNSSEC-by-default
  * Failed to install due to chgrp on non-existant directory.  Closes: #647598
  * ack NMU: l10n issues

 -- LaMont Jones <lamont@debian.org>  Wed, 18 Jan 2012 10:44:14 -0700

bind9 (1:9.8.1.dfsg-1.1) unstable; urgency=low

  * Non-maintainer upload.
  * Fix pending l10n issues. Debconf translations:
    - Danish (Joe Hansen).  Closes: #619302
    - Korean (강민지).  Closes: #632006, #632016
    - Serbian (FULL NAME).  Closes: #634886

 -- Christian Perrier <bubulle@debian.org>  Sat, 03 Dec 2011 17:22:12 +0100

bind9 (1:9.8.1.dfsg-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * New upstream release

  [LaMont Jones]

  * cleanup the messages around killing named
  * enable dnssec validation: deliver named.conf.options outside of
    conffiledom, and update if able, complain and do not update if not
    Closes: #516979
  * typo in min-ncache-ttl processing
  * disable dlz until we get a patch to make it build again

  [Jay Ford]

  * Fix "waiting for pid $pid to die" loop to not be infinite.  Closes: #570852

 -- LaMont Jones <lamont@debian.org>  Tue, 01 Nov 2011 16:39:19 -0600

bind9 (1:9.8.0.dfsg.P1-0) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * 9.8.0-P1

  [LaMont Jones]

  * soname changes

 -- LaMont Jones <lamont@debian.org>  Fri, 13 May 2011 03:46:22 -0600

bind9 (1:9.7.4.dfsg-0) unstable; urgency=low

  * New upstream

 -- LaMont Jones <lamont@debian.org>  Sun, 21 Aug 2011 04:43:16 -0600

bind9 (1:9.7.3.dfsg-1ubuntu4) oneiric; urgency=low

  * debian/apparmor-profile: Allow /var/run and /run. (LP: #810270)

 -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 14 Jul 2011 15:15:45 +0200

bind9 (1:9.7.3.dfsg-1ubuntu3) oneiric; urgency=low

  * SECURITY UPDATE: denial of service via specially crafted packet
    - lib/dns/include/dns/rdataset.h, lib/dns/{masterdump,message,ncache,
      nsec3,rbtdb,rdataset,resolver,validator}.c: Use an rdataset attribute
      flag to indicate negative-cache records rather than using rrtype 0.
    - Patch backported from 9.7.3-P3.
    - CVE-2011-2464

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 05 Jul 2011 08:33:30 -0400

bind9 (1:9.7.3.dfsg-1ubuntu2.1) natty-security; urgency=low

  * SECURITY UPDATE: denial of service via off-by-one
    - lib/dns/ncache.c: correctly validate length.
    - Patch backported from 9.7.3-P1.
    - CVE-2011-1910

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 27 May 2011 12:50:40 -0400

bind9 (1:9.7.3.dfsg-1ubuntu2) natty; urgency=low

  * debian/rules, configure, contrib/dlz/config.dlz.in: use
    DEB_HOST_MULTIARCH so we can find multiarch libraries and fix FTBFS.
    (LP: #745642)

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 30 Mar 2011 10:19:37 -0400

bind9 (1:9.7.3.dfsg-1ubuntu1) natty; urgency=low

  * debian/bind9-default.md5sum:
    - updated to reflect the default md5sum in maverick and natty, this
      avoids a bogus /etc/default/bind9.dpkg-dist file
      (LP: #556332)

 -- Michael Vogt <michael.vogt@ubuntu.com>  Tue, 29 Mar 2011 10:13:11 +0200

bind9 (1:9.7.3.dfsg-1) unstable; urgency=low

  [Peter Palfrader]

  * Add db-4.6 to bdb_libnames in dlz/config.dlz.in so that it finds the right
    db.

  [Internet Systems Consortium, Inc]

  * 9.7.3 - Closes: #612287

  [Mahyuddin Susanto]

  * Updated Indonesian debconf templates.  Closes: #608559

  [LaMont Jones]

  * soname changes

 -- LaMont Jones <lamont@debian.org>  Wed, 23 Feb 2011 09:14:36 -0700

bind9 (1:9.7.3.dfsg~rc1-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * New upstream

  [Peter Palfrader]

  * Add db-4.6 to bdb_libnames in dlz/config.dlz.in so that it finds the right
    db.

  [Mahyuddin Susanto]

  * Updated Indonesian debconf templates.  Closes: #608559

  [LaMont Jones]

  * soname changes for new upstream

 -- LaMont Jones <lamont@debian.org>  Fri, 04 Feb 2011 21:20:05 -0700

bind9 (1:9.7.2.dfsg.P3-1) unstable; urgency=high

  [ISC]
  * Fix denial of service via ncache entry and a rrsig for the
    same type (CVE-2010-3613)
  * answers were incorrectly marked as insecure during key algorithm
    rollover (CVE-2010-3614)
  * Using "allow-query" in the "options" or "view" statements to
    restrict access to authoritative zones had no effect.
    (CVE-2010-3615)

  [LaMont Jones]

  * Adjust indentation for dpkg change.  Closes: #597171

 -- LaMont Jones <lamont@debian.org>  Wed, 01 Dec 2010 16:32:48 -0700

bind9 (1:9.7.2.dfsg.P2-3) unstable; urgency=low

  [LaMont Jones]

  * Adjust indentation for dpkg change.  Closes: #597171
  * acknowledge and incorporate ubuntu change.

 -- LaMont Jones <lamont@debian.org>  Fri, 26 Nov 2010 05:18:43 -0700

bind9 (1:9.7.2.dfsg.P2-2ubuntu1) natty; urgency=low

  [ Andres Rodriguez ]
  * Add apport hook (LP: #533601):
    - debian/bind9.apport: Added.

  [ Martin Pitt ]
  * debian/rules: Install Apport hook when building on Ubuntu.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 26 Nov 2010 10:50:17 +0100

bind9 (1:9.7.2.dfsg.P2-2) unstable; urgency=low

  [Roy Jamison]

  * lib/isc/unix/resource.c was missing inttypes.h include.  LP: #674199

 -- LaMont Jones <lamont@debian.org>  Fri, 12 Nov 2010 10:52:32 -0700

bind9 (1:9.7.2.dfsg.P2-1) unstable; urgency=low

  [Joe Dalton]

  * Add Danish translation of debconf templates.  Closes: #599431

  [Internet Software Consortium, Inc]

  * v9.7.2-P2

  [José Figueiredo]

  * Add Brazilian Portuguese debconf templates translation.  Closes: #597616

  [LaMont Jones]

  * drop this v3 (quilt) source format idea.  Closes: #589916

 -- LaMont Jones <lamont@debian.org>  Sun, 10 Oct 2010 19:01:57 -0600

bind9 (1:9.7.1.dfsg.P2-2) unstable; urgency=low

  * Correct conflicts for bind9-host

 -- LaMont Jones <lamont@debian.org>  Fri, 16 Jul 2010 05:24:38 -0600

bind9 (1:9.7.1.dfsg.P2-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * Temporarily and partially disable change 2864 because it would cause
    inifinite attempts of RRSIG queries.  This is an urgent care fix; we'll
    revisit the issue and complete the fix later.  [RT #21710]
  * Temporarially rollback change 2748. [RT #21594]
  * Named failed to accept uncachable negative responses from insecure zones.
    [RT# 21555]

  [LaMont Jones]

  * freshen copyright file

 -- LaMont Jones <lamont@debian.org>  Thu, 15 Jul 2010 15:07:54 -0600

bind9 (1:9.7.1.dfsg.0-1) unstable; urgency=low

  * Repack to drop zkt/doc/{draft,rfc}*  Closes: #588055

 -- LaMont Jones <lamont@debian.org>  Mon, 05 Jul 2010 07:21:34 -0600

bind9 (1:9.7.1.dfsg-2) unstable; urgency=low

  [Regid Ichira]

  * explicitly add nsupdate to dynamic updates in README.Debian. 
    Closes: #577398

  [LaMont Jones]

  * Cleanup bind9-host description.  Closes: #579421
  * switch to 3.0 (quilt) source format, but not to quilt.  Closes: #578210

  [Stephen Gran]

  * updated geoip patch for ipv6, based on work by John 'Warthog9' Hawley
    <warthog9@eaglescrag.net>.  Closes: #584603

 -- LaMont Jones <lamont@debian.org>  Fri, 02 Jul 2010 08:19:29 -0600

bind9 (1:9.7.1.dfsg-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * 9.7.1

  [LaMont Jones]

  * Add freebsd support.  Closes: #578447
  * soname changes
  * freshen root cache.  LP: #596363

 -- LaMont Jones <lamont@debian.org>  Mon, 21 Jun 2010 09:53:30 -0600

bind9 (1:9.7.0.dfsg.P1-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * 9.7.0-P1
    - 2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619]

 -- LaMont Jones <lamont@debian.org>  Wed, 17 Mar 2010 08:06:42 -0600

bind9 (1:9.7.0.dfsg.1-1) unstable; urgency=low

  [Niko Tyni]

  * fix mips/mipsel startup.  Closes: #516616

  [LaMont Jones]

  * ignore failures due to a lack of /etc/bind/named.conf*.  LP: #422968
  * ldap API changed regarding % sign.  LP: #227344
  * Drop more rfc and draft files.  Closes: #572606
  * update config.guess, config.sub.  Closes: #572528

 -- LaMont Jones <lamont@debian.org>  Fri, 12 Mar 2010 14:56:08 -0700

bind9 (1:9.7.0.dfsg-2) unstable; urgency=low

  [Aurelien Jarno]

  * kfreebsd has linux threads.  Closes: #470500

  [LaMont Jones]

  * do not error out on initial install.  Closes: #572443

 -- LaMont Jones <lamont@debian.org>  Thu, 04 Mar 2010 09:32:13 -0700

bind9 (1:9.7.0.dfsg-1) unstable; urgency=low

  * New upstream release

 -- LaMont Jones <lamont@debian.org>  Wed, 17 Feb 2010 14:53:36 -0700

bind9 (1:9.7.0.dfsg~rc2-1) experimental; urgency=low

  * New upstream release

 -- LaMont Jones <lamont@debian.org>  Thu, 28 Jan 2010 05:46:50 -0700

bind9 (1:9.7.0.dfsg~b3-2) experimental; urgency=low

  * merge changes from 9.6.1.dfsg.P2-1
  * meta: drop verisoned depends from library packages, for less upgrade pain
  * apparmor: allow named to create /var/run/named/session.key

 -- LaMont Jones <lamont@debian.org>  Sun, 06 Dec 2009 11:46:17 -0700

bind9 (1:9.7.0.dfsg~b3-1) experimental; urgency=low

  [Internet Software Consortium, Inc]

  * 9.7.0b3

  [LaMont Jones]

  * Merge remote branch 'origin/master'
  * soname changes

 -- LaMont Jones <lamont@debian.org>  Mon, 30 Nov 2009 21:07:58 -0700

bind9 (1:9.6.1.dfsg.P2-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * 9.6.1-P2
    - When validating, track whether pending data was from the
      additional section or not and only return it if validates
      as secure. [RT #20438] CVE-2009-4022

  [LaMont Jones]

  * prerm: do not stop named on upgrade.  Closes: #542888
  * Drop some RFCs that crept into the diff.
  * meta: add ${misc:Depends}
  * lintian: update config.guess, config.sub in idnkit-1.0 tree
  * dnsutils: remove pre-sarge dpkg-divert calls in postinst
  * meta: soname changes
  * l10n: missing newline in pofile.

 -- LaMont Jones <lamont@debian.org>  Fri, 27 Nov 2009 10:07:10 -0700

bind9 (1:9.7.0.dfsg~b2-2) experimental; urgency=low

  * dnsutils: remove pre-sarge dpkg-divert calls in postinst

 -- LaMont Jones <lamont@debian.org>  Tue, 17 Nov 2009 22:42:40 -0600

bind9 (1:9.7.0.dfsg~b2-1) experimental; urgency=low

  [Internet Software Consortium, Inc]

  * 9.7.0b2

  [LaMont Jones]

  * /etc/bind/bind.keys need not be executable.
  * bind9: drop old stale code from postinst
  * prerm: do not stop named on upgrade.  Closes: #542888
  * Drop some RFCs that crept into the diff.
  * meta: add ${misc:Depends}
  * lintian: update config.guess, config.sub in idnkit-1.0 tree
  * l10n: missing newline in pofile.

 -- LaMont Jones <lamont@debian.org>  Mon, 16 Nov 2009 18:53:24 -0700

bind9 (1:9.7.0~a1.dfsg-0) experimental; urgency=low

  [Internet Software Consortium, Inc]

  * 9.7.0a1

 -- LaMont Jones <lamont@debian.org>  Wed, 24 Jun 2009 15:10:08 -0600

bind9 (1:9.6.1.dfsg.P1-3) unstable; urgency=low

  * Build-Depend on the fixed libgeoip-dev.  Closes: #540973

 -- LaMont Jones <lamont@debian.org>  Mon, 17 Aug 2009 06:53:11 -0600

bind9 (1:9.6.1.dfsg.P1-2) unstable; urgency=low

  [Jamie Strandboge]

  * reload individual named profile, not all of apparmor.  LP: #412751

  [Guillaume Delacour]

  * bind9 did not purge cleanly.  Closes: #497959

  [LaMont Jones]

  * postinst: do not append a blank line to /etc/default/bind9. 
    Closes: #541469
  * init.d stop needs to not error out.  LP: #398033
  * meta: fix build-depends.  Closes: #539230

 -- LaMont Jones <lamont@debian.org>  Fri, 14 Aug 2009 17:03:31 -0600

bind9 (1:9.6.1.dfsg.P1-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * A specially crafted update packet will cause named to exit. 
    CVE-2009-0696, CERT VU#725188.  Closes: #538975

  [InterNIC]

  * Update db.root hints file.

  [LaMont Jones]

  * Move default zone definitions from named.conf to named.conf.default-zones.
     Closes: #492308
  * use start-stop-daemon if rndc stop fails.  Closes: #536487
  * lwresd: pidfile name was wrong in init script.  Closes: #527137

 -- LaMont Jones <lamont@debian.org>  Tue, 28 Jul 2009 22:03:14 -0600

bind9 (1:9.6.1.dfsg-2) unstable; urgency=low

  * ia64: fix atomic.h

 -- LaMont Jones <lamont@debian.org>  Tue, 23 Jun 2009 01:56:35 -0600

bind9 (1:9.6.1.dfsg-1) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * 9.6.1

 -- LaMont Jones <lamont@debian.org>  Mon, 22 Jun 2009 14:33:20 -0600

bind9 (1:9.6.0.dfsg.P1-3) unstable; urgency=low

  [Martin Zobel-Helas]

  * GEO-IP Patch from
    git://git.kernel.org/pub/scm/network/bind/bind-geodns.git.  Closes: #395191

  [LaMont Jones]

  * Remove /var/lib/bind on purge.  Closes: #527613
  * Build-Depend: libdb-dev (>4.6).  Closes: #527877, #528772
  * init.d: detect rndc errors better.  LP: #380962
  * init.d: clean up exit status.  Closes: #523454
  * Enable pkcs11 support, and then Revert - causes assertion failures
    c.f.: #516552

 -- LaMont Jones <lamont@debian.org>  Mon, 22 Jun 2009 13:58:32 -0600

bind9 (1:9.6.0.dfsg.P1-2) unstable; urgency=low

  * random_1 broke memory usage assertions.

 -- LaMont Jones <lamont@debian.org>  Thu, 23 Apr 2009 05:15:45 -0600

bind9 (1:9.6.0.dfsg.P1-1) experimental; urgency=low

  [Michael Milligan]

  * Add min-cache-ttl and min-ncache-ttl keywords

  [LaMont Jones]
  
  * Fix merge errors from 9.6.0.dfsg.P1-0

 -- LaMont Jones <lamont@debian.org>  Fri, 20 Mar 2009 15:50:50 -0600

bind9 (1:9.6.0.dfsg.P1-0) experimental; urgency=low

  [Internet Software Consortium, Inc]

  * 9.6.0-P1

  [LaMont Jones]

  * meta: fix override disparity
  * meta: soname package fixups for 9.6.0
  * meta: update Standards-Version: 3.7.3.0
  * upstream now uses a bind subdir.  Closes: #212659

  [Sven Joachim]

  * meta: pass host and build into configure for hybrid build machines. 
    Closes: #515110

 -- LaMont Jones <lamont@debian.org>  Fri, 20 Mar 2009 11:54:55 -0600

bind9 (1:9.5.1.dfsg.P1-3) unstable; urgency=low

  * package -2 for unstable

 -- LaMont Jones <lamont@debian.org>  Wed, 18 Mar 2009 09:40:18 -0600

bind9 (1:9.5.1.dfsg.P1-2) stable; urgency=low

  [Juhana Helovuo]

  * fix atomic operations on alpha.  Closes: #512285

  [Dann Frazier]

  * fix atomic operations on ia64.  Closes: #520179

  [LaMont Jones]

  * build-conflict: libdb4.2-dev.  Closes: #515074, #507013

  [localization folks]

  * l10n: Basque debconf template.  Closes: #516549 (Piarres Beobide)

 -- LaMont Jones <lamont@debian.org>  Wed, 18 Mar 2009 05:30:22 -0600

bind9 (1:9.5.1.dfsg.P1-1) unstable; urgency=low

  * New upstream patch release
    - supportable version of fix from 9.5.0.dfsg.P2-5.1
    - CVE-2009-0025:  Closes: #511936
    - 2475: Overly agressive cache entry removal.  Closes: #511768
    - other bug fixes worthy of patch-release inclusion

 -- LaMont Jones <lamont@debian.org>  Mon, 26 Jan 2009 10:33:42 -0700

bind9 (1:9.5.0.dfsg.P2-5.1) unstable; urgency=low

  * Non-maintainer upload.
  * Apply upstream ACL fixes from 9.5.1 to fix RC bug. Patch was provided
    by Evan Hunt (upstream bind9 developer) after Emmanuel Bouthenot
    contacted him. Closes: #496954, #501800.
  * Remove obsolete dh_installmanpages invocation which was adding
    unwanted manual pages to bind9. Closes: #486196.

 -- Ben Hutchings <ben@decadent.org.uk>  Fri, 02 Jan 2009 16:51:42 +0000

bind9 (1:9.5.0.dfsg.P2-5) unstable; urgency=low

  [ISC]

  * 2463: IPv6 Advanced Socket API broken on linux.  LP: #249824

  [Jamie Strandboge]

  * apparmor: add capability sys_resource
  * apparmor: add krb keytab access.  LP: #277370

  [LaMont Jones]

  * apparmor: allow proc/*/net/if_inet6 read access too.  LP: #289060
  * apparmor: add /var/log/named/* entries.  LP: #294935

  [Ben Hutchings]

  * meta: Add dependency of bind9 on net-tools (ifconfig used in init script)
  * meta: Fix bind9utils Depends.
  * meta: fix typo in package description

  [localization folks]

  * l10n: add polish debconf translations.  Closes: #506856 (L)

 -- LaMont Jones <lamont@debian.org>  Sun, 07 Dec 2008 21:03:29 -0700

bind9 (1:9.5.0.dfsg.P2-4) unstable; urgency=low

  * meta: fix typo in Depends: lsb-base.  Closes: #501365

 -- LaMont Jones <lamont@debian.org>  Tue, 07 Oct 2008 17:20:11 -0600

bind9 (1:9.5.0.dfsg.P2-3) unstable; urgency=low

  [LaMont Jones]

  * enable largefile support.  Closes: #497040

  [localization folks]

  * l10n: Dutch translation.  Closes: #499977 (Paul Gevers)
  * l10n: simplified chinese debconf template.  Closes: #501103 (LI Daobing)
  * l10n: Update spanish template.  Closes: #493775 (Ignacio Mondino)

 -- LaMont Jones <lamont@debian.org>  Sun, 05 Oct 2008 20:20:00 -0600

bind9 (1:9.5.0.dfsg.P2-2) unstable; urgency=low

  [Kees Cook]

  * debian/{control,rules}: enable PIE hardening (from -1ubuntu1)

  [Nicolas Valcárcel]

  * Add ufw integration (from -1ubuntu2)

  [Dustin Kirkland]

  * use pid file in init.d/bind9 status.  LP: #247084

  [LaMont Jones]

  * dig: add -DDIG_SIGCHASE to compile options.  LP: #257682
  * apparmor profile: add /var/log/named

  [Nikita Ofitserov]

  * ipv6 support requires _GNU_SOURCE definition.  LP: #249824

 -- LaMont Jones <lamont@debian.org>  Thu, 28 Aug 2008 23:08:36 -0600

bind9 (1:9.5.0.dfsg.P2-1) unstable; urgency=low

  [LaMont Jones]

  * default to using resolvconf if it is installed
  * fix sonames and dependencies.  Closes: #149259, #492418
  * Do not build-depend libcap2-dev on non-linux.  Closes: #493392
  * drop unused query-loc manpage.  Closes: #492564
  * lwresd: Deliver /etc/bind directory.  Closes: #490027
  * fix query-source comment in default install

  [Internet Software Consortium, Inc]

  * 9.5.0-P2.  Closes: #492949

  [localization folks]

  * l10n: Spanish debconf translation.  Closes: #492425 (Ignacio Mondino)
  * l10n: Swedish debconf templates.  Closes: #491369 (Martin Ågren)
  * l10n: Japanese debconf translations.  Closes: #492048 (Hideki Yamane
    (Debian-JP))
  * l10n: Finnish translation.  Closes: #490630 (Esko Arajärvi)
  * l10n: Italian debconf translations.  Closes: #492587 (Alessandro Vietta)

 -- LaMont Jones <lamont@debian.org>  Sat, 02 Aug 2008 14:20:20 -0600

bind9 (1:9.5.0.dfsg.P1-2) unstable; urgency=low

  * Revert "meta: merge the mess of single-lib packages back into one large
    one." - That way lies madness and pain.
  * init.d/bind9: implement status function.  LP: #203169

 -- LaMont Jones <lamont@debian.org>  Tue, 08 Jul 2008 21:56:58 -0600

bind9 (1:9.5.0.dfsg.P1-1) unstable; urgency=low

  * Repackage 9.5.0.dfsg-5 with the -P1 tarball.

 -- LaMont Jones <lamont@debian.org>  Tue, 08 Jul 2008 15:06:07 -0600

bind9 (1:9.5.0.dfsg-5) unstable; urgency=low

  [Internet Software Consortium, Inc]

  * Randomize UDP query source ports to improve forgery resilience.
    (CVE-2008-1447)                                                                              

  [LaMont Jones]

  * add build-depends: texlive-latex-base, xsltproc, remove Bv9ARM.pdf in clean
  * fix sonames
  * drop unneeded build-deps, since we do not actually deliver B9vARM.pdf
  * meta: cleanup libbind9-41 Provides/Conflicts
  * build: fix sonames for new libraries
  * postinst: really restart bind/lwresd in postinst

 -- LaMont Jones <lamont@debian.org>  Sun, 06 Jul 2008 21:34:18 -0600

bind9 (1:9.5.0.dfsg-4) unstable; urgency=low

  [LaMont Jones]

  * control: fix dnsutils description to avoid list reformatting. 
    Closes: #480317
  * lwresd: restart in postinst.  Closes: #486481
  * meta: merge the mess of single-lib packages back into one large one.
  * apparmor: allow bind to create files in /var/{lib,cache}/bind
  * build: drop .la files.  Closes: #486969
  * build: drop the extra lib path from the library-package merge
  * meta: liblwres40 does not conflict with the libbind9-40-provided libbind0

  [localization folks]

  * l10n: German debconf translation.  Closes: #486547 (Helge Kreutzmann)
  * l10n: Indonesian debconf translations.  Closes: #486503 (Arief S Fitrianto)
  * l10n: Slovak po-debconf translation Closes: #488905 (helix84)
  * l10n: Turkish debconf template.  Closes: #486479 (Mert Dirik)

 -- LaMont Jones <lamont@debian.org>  Mon, 30 Jun 2008 11:22:05 -0600

bind9 (1:9.4.2-12) unstable; urgency=low

  * apparmor: allow bind to create files in /var/{lib,cache}/bind

 -- LaMont Jones <lamont@debian.org>  Mon, 30 Jun 2008 11:17:53 -0600

bind9 (1:9.4.2-11) unstable; urgency=low

  * apparmor: add dnscvsutil package files
  * lwresd Depends: adduser
  * control: fix dnsutils description to avoid list reformatting. 
    Closes: #480317

 -- LaMont Jones <lamont@debian.org>  Tue, 17 Jun 2008 21:30:12 -0600

bind9 (1:9.5.0.dfsg-3) unstable; urgency=low

  [LaMont Jones]

  * bind9utils Depends: libbind9-40.  Closes: #486194
  * bind9 should not deliver manpages for nonexistant binaries. 
    Closes: #486196

  [localization folks]

  * l10n: Vietnamese debconf templates translation update.  Closes: #486185
    (Clytie Siddall)
  * l10n: Russian debconf templates translation.  Closes: #486191 (Yuri Kozlov)
  * l10n: Galician debconf template.  Closes: #486215 (Jacobo Tarrio)
  * l10n: French debconf templates.  Closes: #486325 (CALARESU Luc)
  * l10n: Czech debconf translation.  Closes: #486337 (Miroslav Kure)
  * l10n: Updated Portuguese translation.  Closes: #486267 (Traduz -
    Portuguese Translation Team)

 -- LaMont Jones <lamont@debian.org>  Sun, 15 Jun 2008 18:25:02 -0600

bind9 (1:9.5.0.dfsg-2) unstable; urgency=low

  [Tim Spriggs]

  * init.d: Nexenta has different ifconfig arguments

  [LaMont Jones]

  * templates rework from debian-l10n-english
  * reload named when an interface goes up or down.  LP: #226495
  * build: need to create the directories for interface restart triggering
  * Build-Depends: libcap2-dev.  Closes: #485747
  * Leave named running during update.  Closes: #453765
  * Fix path to uname, cleaning up the nexenta checks.
  * l10n: avoid double-question in templates.

  [localization folks]

  * l10n: Vietnamese debconf translations.  Closes: #483911 (Clytie Siddall)
  * l10n: Portuguese debconf translations.  Closes: #483872 (Traduz -
    Portuguese Translation Team)

 -- LaMont Jones <lamont@debian.org>  Fri, 13 Jun 2008 16:54:42 -0600

bind9 (1:9.5.0.dfsg-1) unstable; urgency=low

  [LaMont Jones]

  * manpages: fix references that should say /etc/bind
  * meta: build-depend libxml2-dev for statistics support

 -- LaMont Jones <lamont@debian.org>  Sat, 31 May 2008 12:17:21 -0600

bind9 (1:9.5.0.dfsg-0) experimental; urgency=low

  [Internet Software Consortium, Inc]

  * 9.5.0 release

  [LaMont Jones]

  * Only use capabilities if they are present: reprise.  Closes: #360339, #212226
  * control: fix dnsutils description to avoid list reformatting.  Closes: #480317
  * build: use the correct directories in dh_shlibdeps invocation
  * build: turn on dlz.  No pgsql or mysql support yet.  LP: #227344

 -- LaMont Jones <lamont@debian.org>  Thu, 29 May 2008 22:05:19 -0600

bind9 (1:9.5.0~rc1-2~0ubuntu2) intrepid; urgency=low

  * build: use the correct directories in dh_shlibdeps invocation
  * build: turn on dlz.  LP: #227344

 -- LaMont Jones <lamont@ubuntu.com>  Tue, 27 May 2008 21:43:06 -0600

bind9 (1:9.5.0~rc1-2~0ubuntu1) intrepid; urgency=low

  * Upload what will become (maybe an ancestor of) -2 to intrepid.
    - Only use capabilities if they are present: reprise.  Closes: #360339, #212226
    - control: fix dnsutils description to avoid list reformatting.  Closes: #480317

 -- LaMont Jones <lamont@ubuntu.com>  Mon, 26 May 2008 11:46:27 -0600

bind9 (1:9.5.0~rc1-1) experimental; urgency=low

  [Patrick Winnertz]

  * postinst: make add debconf support.  Closes: #473460

  [Jamie Strandboge]

  * debian/bind9.preinst: Apparmor force-complain on upgrade without
    existing profile.  LP: #204658

  [LaMont Jones]

  * bind9utils: fix typos in .install
  * host: manpage inaccurately describes default query.  LP: #203087
  * apparmor: add dnscvsutil package files
  * Revert "Only use capabilities if they are present." for merge of 9.5.0rc1.
  * soname: libdns41 -> 42
  * fix typos in debconf patch, #473460
  * cleanup more files in clean target
  * lwresd Depends: adduser

 -- LaMont Jones <lamont@debian.org>  Thu, 15 May 2008 17:59:54 -0600

bind9 (1:9.5.0~b2-2) experimental; urgency=low

  * meta: add bind9utils binary package, with various useful utilities.  Closes: #151957, #130445, #160483

 -- LaMont Jones <lamont@debian.org>  Thu, 03 Apr 2008 07:01:42 -0600

bind9 (1:9.4.2-10) unstable; urgency=low

  [Jamie Strandboge]

  * debian/bind9.preinst: AA force-complain on upgrade without existing
    profile.  LP: #204658

  [LaMont Jones]

  * host: manpage inaccurately describes default query.  LP: #203087

 -- LaMont Jones <lamont@debian.org>  Tue, 08 Apr 2008 22:45:57 -0600

bind9 (1:9.4.2-9) unstable; urgency=low

  * apparmor: allow subdirs in {/etc,/var/cache,/var/lib}/bind
  * apparmor: make profile match README.Debian

 -- LaMont Jones <lamont@debian.org>  Tue, 01 Apr 2008 21:13:05 -0600

bind9 (1:9.4.2-8) unstable; urgency=low

  [ISC]

  * CVE-2008-0122: off by one error in (unused) inet_network function.
    Closes: #462783  LP: #203476

  [Michael Milligan]

  * Fix min-cache-ttl and min-ncache-ttl keywords

  [Jamie Strandboge]

  * apparmor: force complain-mode for apparmor on certain upgrades.  LP: #203528
  * debian/bind9.postrm: purge /etc/apparmor.d/force-complain/usr.sbin.named

 -- LaMont Jones <lamont@debian.org>  Tue, 18 Mar 2008 18:35:15 -0600

bind9 (1:9.4.2-7) unstable; urgency=low

  [Jamie Strandboge]

  * Allow rw access to /var/lib/bind/* in apparmor-profile.  LP: #201954

  [LaMont Jones]

  * Drop root-delegation comments from named.conf.  Closes: #217829, #297219

 -- LaMont Jones <lamont@debian.org>  Sat, 15 Mar 2008 09:48:10 -0600

bind9 (1:9.4.2-6) unstable; urgency=low

  * Correct apparmor profile filename.  LP: #200739

 -- LaMont Jones <lamont@debian.org>  Mon, 10 Mar 2008 14:28:01 -0600

bind9 (1:9.4.2-5) unstable; urgency=low

  * add "order random_1" support (return one random RR)
  * Fix doc pathnames in README.Debian.  Closes: #266891
  * Add AAAA ::1 entry to db.local.  Closes: #230088

 -- LaMont Jones <lamont@debian.org>  Mon, 10 Mar 2008 13:51:28 -0600

bind9 (1:9.5.0~b2-1) experimental; urgency=low

  [Thiemo Seufer]

  * mips:atomic.h: improve implementation of atomic ops, fix mips{el,64}

  [LaMont Jones]

  * manpages: call it /etc/bind/named.conf throughout, and typos.  Closes: #419750
  * named.conf.5: correct filename.  Closes: #428015
  * manpages: fix typo errors.  Closes: #395834
  * Makefile.in: be explicit about library paths
  * build: Turn on GSS-TSIG support.  LP: #158197
  * build: soname changes
  * db.root: include AAAA RRs.  Closes: #464111
  * soname: lib{dns,isc}40 -> 41
  * meta: use binary:Version instead of Source-Version

  [Andreas John]

  * Only use capabilities if they are present.  Closes: #360339, #212226

 -- LaMont Jones <lamont@debian.org>  Sat, 23 Feb 2008 08:06:17 -0700

bind9 (1:9.4.2-4) unstable; urgency=low

  * incorporate ubuntu apparmor change from Jamie Strandboge,
    with changes:
    - Add apparmor profile, reload apparmor profile on config
    - Add a note about apparmor to README.Debian
    - conflicts/replaces old apparmor versions
  * db.root: include AAAA RRs.  Closes: #464111
  * Don't die when /var/lib/bind already exists.  LP: #191685
  * build: turn on optimization.  Closes: #435194

 -- LaMont Jones <lamont@debian.org>  Fri, 22 Feb 2008 22:05:25 -0700

bind9 (1:9.4.2-3ubuntu1) hardy; urgency=low

  * add AppArmor profile
    + debian/apparmor-profile
    + debian/bind9.postinst: Reload AA profile on configuration
  * updated debian/README.Debian for note on AppArmor
  * debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
    should now take control
  * debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
    to make sure that if earlier version of apparmor-profiles gets installed
    it won't overwrite our profile
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 13 Feb 2008 17:30:45 +0000

bind9 (1:9.4.2-3) unstable; urgency=low

  * don't run rndc-confgen when it's not there.  Closes: #459551
  * control: drop use of ${Source-Version}

 -- LaMont Jones <lamont@debian.org>  Mon, 07 Jan 2008 10:16:06 -0700

bind9 (1:9.4.2-2) unstable; urgency=low

  * init.d: add --oknodo to start-stop-daemon.  Closes: #411881
  * init: LSB dependency info.  Closes: #459421, #448006
  * meta: bind9 Suggests: resolvconf.  Closes: #252285
  * bind9: deliver /var/lib/bind directory, and document.
    Closes: #248771, #200253, #202981, #209022
  * lwresd: create bind user/group and rndc key if needed, at install.
    Closes: #190742
  * dnsutils: update long description.  Closes: #236901

 -- LaMont Jones <lamont@debian.org>  Sun, 06 Jan 2008 12:25:31 -0700

bind9 (1:9.4.2-1) unstable; urgency=low

  [Mike O'Connor]

  * bind9.init: LSB compliance.  Closes: #448006

  [Internet Software Consortium, Inc]

  * New release: 9.4.2

  [LaMont Jones]

  * soname shifts for new release

 -- LaMont Jones <lamont@debian.org>  Sat, 17 Nov 2007 10:50:07 -0700

bind9 (1:9.4.2~rc2-1) experimental; urgency=low

  * New upstream release

 -- LaMont Jones <lamont@debian.org>  Fri, 12 Oct 2007 18:33:57 -0600

bind9 (1:9.4.1-P1-4) unstable; urgency=low

  [Thomas Antepoth]

  * unix/socket.c: don't send to a socket with pending_send.  Closes: #430065

  [LaMont Jones]

  * document git repositories
  * db.root: l.root-servers.net changed IP address.  Closes: #449148  LP: #160176
  * init.d: if there are no networks configured, error out quickly

 -- LaMont Jones <lamont@debian.org>  Thu, 08 Nov 2007 21:31:55 -0700

bind9 (1:9.4.1-P1-3) unstable; urgency=low

  * Only deliver upstream changes with bind9-doc

 -- LaMont Jones <lamont@debian.org>  Thu, 04 Oct 2007 08:30:55 -0600

bind9 (1:9.4.1-P1-2) unstable; urgency=low

  * manpages: fix typo errors.  Closes: #395834
  * manpages: call it /etc/bind/named.conf throughout, and typos.  Closes: #419750
  * named.conf.5: correct filename.  Closes: #428015
  * bind9.NEWS: update version for ACL change doc.  Closes: #435225
  * build: don't have dnsutils deliver man pages that it shouldn't.  LP: #82178
  * nslookup.1: some of the manpage was not visible.  LP: #131415
  * document git repositories
  * unix/socket.c: don't send to a socket with pending_send.  Closes: #430065

 -- LaMont Jones <lamont@debian.org>  Wed, 03 Oct 2007 01:10:59 -0600

bind9 (1:9.4.1-P1-1) unstable; urgency=high

  * New upstream version, addresses CVE-2007-2926 and CVE-2007-2925 

 -- Bdale Garbee <bdale@gag.com>  Thu, 26 Jul 2007 16:41:50 -0600

bind9 (1:9.4.1-1) unstable; urgency=low

  * New upstream version

 -- LaMont Jones <lamont@debian.org>  Mon, 30 Apr 2007 16:59:05 -0600

bind9 (1:9.4.0-2) unstable; urgency=low

  * upload to unstable

 -- LaMont Jones <lamont@debian.org>  Tue, 10 Apr 2007 11:12:16 -0600

bind9 (1:9.4.0-1) experimental; urgency=low

  * New upstream version
  * more mipsel patch.  Closes: #406409

 -- LaMont Jones <lamont@debian.org>  Sun, 25 Feb 2007 11:44:11 -0700

bind9 (1:9.4.0~rc2-1) experimental; urgency=low

  * New upstream version.  Addresses CVE-2007-0493 CVE-2007-0494

 -- LaMont Jones <lamont@debian.org>  Thu, 25 Jan 2007 14:26:12 -0700

bind9 (1:9.4.0~rc1.0-3) experimental; urgency=low

  * add NEWS file talking about the change in defaults:
    As of bind 9.4, allow-query-cache and allow-recursion default to the
    builtin acls 'localnets' and 'localhost'.  If you are setting up a
    name server for a network, you will almost certainly need to change
    this.

    The change in default has been done to make caching servers less
    attractive as reflective amplifying targets for spoofed traffic.
    This still leaves authoritative servers exposed.

 -- LaMont Jones <lamont@debian.org>  Wed, 24 Jan 2007 09:35:06 -0700

bind9 (1:9.4.0~rc1.0-2) experimental; urgency=low

  * Fix mips64.  Closes: #406409

 -- LaMont Jones <lamont@debian.org>  Sun, 21 Jan 2007 15:32:27 -0700

bind9 (1:9.4.0~rc1.0-1) experimental; urgency=low

  * Broken orig.tar.gz.

 -- LaMont Jones <lamont@debian.org>  Thu, 28 Dec 2006 23:04:05 -0700

bind9 (1:9.4.0~rc1-1) experimental; urgency=low

  * New upstream

 -- LaMont Jones <lamont@debian.org>  Thu, 28 Dec 2006 19:00:37 -0700

bind9 (1:9.3.4-2etch2) stable-proposed-updates; urgency=low

  [Thomas Antepoth]

  * unix/socket.c: don't send to a socket with pending_send.  Closes: #430065

  [LaMont Jones]

  * document git repositories
  * db.root: l.root-servers.net changed IP address.  Closes: #449148

 -- LaMont Jones <lamont@debian.org>  Mon, 05 Nov 2007 19:48:23 -0700

bind9 (1:9.3.4-2etch1) stable-security; urgency=high

  * Fix DNS cache poisoning through predictable query IDs. (CVE-2007-2926)

 -- Moritz Muehlenhoff <jmm@debian.org>  Tue, 24 Jul 2007 22:09:35 +0000

bind9 (1:9.3.4-2) unstable; urgency=high

  * Actually really do the merge of 9.3.4.  Sigh.  Closes: #408925

 -- LaMont Jones <lamont@debian.org>  Mon, 29 Jan 2007 06:09:03 -0700

bind9 (1:9.3.4-1) unstable; urgency=high

  * New upstream version.  Addresses CVE-2007-0493 CVE-2007-0494

 -- LaMont Jones <lamont@debian.org>  Thu, 25 Jan 2007 14:31:09 -0700

bind9 (1:9.3.3-1) unstable; urgency=low

  * New upstream version

 -- LaMont Jones <lamont@debian.org>  Tue, 12 Dec 2006 23:31:51 -0700

bind9 (1:9.3.2-P1.0-1) unstable; urgency=low

  * Fix README.Debian to point to the URL.  Closes: #387437
  * Strip rfc's from orig.tar.gz.  Closes: #393359

 -- LaMont Jones <lamont@mmjgroup.com>  Mon, 16 Oct 2006 06:38:22 -0600

bind9 (1:9.3.2-P1-2) unstable; urgency=low

  * Fix init script output.  Closes: #354192
    Thanks to Joey Hess for the patch.
  * Default install should listen on ipv6 interfaces.  Closes: #382438

 -- LaMont Jones <lamont@debian.org>  Sat,  9 Sep 2006 19:01:53 -0600

bind9 (1:9.3.2-P1-1) unstable; urgency=high

  * New upstream, fixes CVE-2006-4095 and CVE-2006-4096.
    Closes: #386237, #386245
  * Drop gcc-3.4 [powerpc] dependency.  Closes: #342957, #372203
  * Add -fno-strict-aliasing for type-punned pointer aliasing issues
    Closes: #386224
  * Use getent in postinst instead of chown/chgrp.  Closes: #386091, #239665
  * Drop redundant update-rc.d calls.  Closes: #356914

 -- LaMont Jones <lamont@debian.org>  Wed,  6 Sep 2006 08:07:13 -0600

bind9 (1:9.3.2-2) unstable; urgency=low

  * correct force-reload.  Closes: #333841
  * Fix init.d's usage message.  Closes: #331090
  * resolvconf tweaks.  Closes: #252232, #275412

 -- LaMont Jones <lamont@debian.org>  Mon, 16 Jan 2006 15:17:04 -0700

bind9 (1:9.3.2-1) unstable; urgency=low

  * New upstream
  * use lsb-base for start/stop messages in init.d.
  * switch to debhelper 4

 -- LaMont Jones <lamont@debian.org>  Thu,  5 Jan 2006 12:29:28 -0700

bind9 (1:9.3.1-2) unstable; urgency=low

  * Getting good reports from experimental, uploading to sid.
    Release team, please consider this package for sarge.  Thanks.
  * correct pidfile name in init.d/lwresd.  Closes: #298100

 -- LaMont Jones <lamont@debian.org>  Sat, 19 Mar 2005 17:46:31 -0700

bind9 (1:9.3.1-1) experimental; urgency=low

  * Build with gcc-3.4 on powerpc, to work around #292958.

 -- LaMont Jones <lamont@debian.org>  Sat, 19 Mar 2005 11:40:06 -0700

bind9 (1:9.3.1-0) experimental; urgency=low

  * New upstream version.

 -- LaMont Jones <lamont@debian.org>  Sun, 13 Mar 2005 21:44:57 -0700

bind9 (1:9.3.0+9.3.1beta2-1) experimental; urgency=low

  * new upstream version

 -- LaMont Jones <lamont@debian.org>  Tue, 25 Jan 2005 14:21:51 -0700

bind9 (1:9.3.0-1) experimental; urgency=low

  * New upstream version

 -- LaMont Jones <lamont@debian.org>  Sat, 25 Sep 2004 21:35:46 -0600

bind9 (1:9.2.4-1) unstable; urgency=high

  * New upstream version.  Closes: #269157 and others.
  * Version debhelper build-dep.  Closes: #262720

 -- LaMont Jones <lamont@mmjgroup.com>  Thu, 23 Sep 2004 09:11:37 -0600

bind9 (1:9.2.3+9.2.4-rc7-1) unstable; urgency=low

  * New upstream

 -- LaMont Jones <lamont@mmjgroup.com>  Wed,  1 Sep 2004 00:04:55 -0600

bind9 (1:9.2.3+9.2.4-rc6-1) unstable; urgency=low

  * New upstream.
  * Comment out delegation-only directives in named.conf

 -- LaMont Jones <lamont@debian.org>  Mon,  2 Aug 2004 10:00:38 -0600

bind9 (1:9.2.3+9.2.4-rc5-1) unstable; urgency=low

  * New upstream release candidate

 -- LaMont Jones <lamont@debian.org>  Thu, 17 Jun 2004 19:50:37 -0600

bind9 (1:9.2.3+9.2.4-rc2-1) unstable; urgency=low

  * New upstream release candidate
  * Remove shared library symlinks in clean.  Closes: #243109
  * Deal with capset being a module.  Closes: #245043, #240874, #241605
  * deliver /var/run/bind/run in lwresd as well.  Closes: #186569

 -- LaMont Jones <lamont@debian.org>  Thu, 22 Apr 2004 12:20:05 -0600

bind9 (1:9.2.3-3) unstable; urgency=low

  * new IP for b.root-servers.net.  Closes: #234278
  * Fix RC linkages to match bind8.  Closes: #218007

 -- LaMont Jones <lamont@debian.org>  Mon,  1 Mar 2004 15:00:44 -0700

bind9 (1:9.2.3-2) unstable; urgency=low

  * Rebuild autoconf files for mips.  Closes: #221419

 -- LaMont Jones <lamont@debian.org>  Tue, 18 Nov 2003 06:33:34 -0700

bind9 (1:9.2.3-1) unstable; urgency=low

  * New upstream.
  * cleanup zones.rfc1918/db.empty stuff.
  * Fix Makefiles to work even if the build environment is unclean.
    Closes: #211503
  * Add comments about root-delegation-only to named.conf.  Closes: #212243
  * Add resolvconf support.  Closes: #199255
  * more SO_BSDCOMPAT hacks for linux.  Closes: #220735, #214460

 -- LaMont Jones <lamont@debian.org>  Mon, 17 Nov 2003 21:30:33 -0700

bind9 (1:9.2.2+9.2.3rc4-1) unstable; urgency=low

  * Yet another new upstream release.

 -- LaMont Jones <lamont@debian.org>  Mon, 22 Sep 2003 09:39:50 -0600

bind9 (1:9.2.2+9.2.3rc3-1) unstable; urgency=low

  * New upstream.  Closes: #211752. #211503. #211496, #211520

 -- LaMont Jones <lamont@debian.org>  Sat, 20 Sep 2003 12:22:59 -0600

bind9 (1:9.2.2+9.2.3rc2-4) unstable; urgency=low

  * Really fix versioned depends.  Closes: #211590

 -- LaMont Jones <lamont@debian.org>  Thu, 18 Sep 2003 17:29:47 -0600

bind9 (1:9.2.2+9.2.3rc2-3) unstable; urgency=low

  * Version depends for all the libraries. sigh.  Closes: #211412,#210293

 -- LaMont Jones <lamont@debian.org>  Wed, 17 Sep 2003 10:56:36 -0600

bind9 (1:9.2.2+9.2.3rc2-2) unstable; urgency=low

  * Need a versioned depend. sigh.

 -- LaMont Jones <lamont@debian.org>  Wed, 17 Sep 2003 10:25:35 -0600

bind9 (1:9.2.2+9.2.3rc2-1) unstable; urgency=low

  * New upstream release.  Closes: #211373
  * Remove RFC's from package, per policy.
  * Make com and net zones delegation-only by default.

 -- LaMont Jones <lamont@debian.org>  Wed, 17 Sep 2003 07:15:37 -0600

bind9 (1:9.2.2+9.2.3rc1-3) unstable; urgency=low

  * A bit more cleanup of descriptions.
  * fix package sections
  * Fix b0rkage with dependencies.

 -- LaMont Jones <lamont@debian.org>  Sun, 14 Sep 2003 09:05:10 -0600

bind9 (1:9.2.2+9.2.3rc1-2) unstable; urgency=low

  * Explicitly link libraries.  Closes: #210653
  * Fix descriptions.  Closes: #209563, #209853, #210063

 -- LaMont Jones <lamont@debian.org>  Sat, 13 Sep 2003 19:29:05 -0600

bind9 (1:9.2.2+9.2.3rc1-1) unstable; urgency=low

  * New upstream release candidate.
  * Quit using SO_BSDCOMPAT (why is it still in the header files??) so
    that the kernel will shut up about it's advertised, obsolete option.
    Closes: #201293, #204282, #205590

 -- LaMont Jones <lamont@debian.org>  Thu, 28 Aug 2003 14:44:28 -0600

bind9 (1:9.2.2-2) unstable; urgency=low

  * Fix libtool.m4. Closes: #183791
  * move lib packages into Section: libs.  Closes: #184788
  * make sure it's libssl0.9.7.  Closes: #182363
  * Add /etc/default/lwresd.  Closes: #169727
  * Add fakeroot dir to dh_shlibdeps.  Closes: #169622
  * Fix rndc manpage.  Closes: #179353
  * Deliver /usr/bin/isc-config.sh (in libbind-dev).  Closes: #178186

 -- LaMont Jones <lamont@debian.org>  Sat, 15 Mar 2003 16:34:15 -0700

bind9 (1:9.2.2-1) unstable; urgency=low

  * New upstream version
  * Document /etc/default/bind9 in init.d script.  Closes: #170267

 -- LaMont Jones <lamont@debian.org>  Tue,  4 Mar 2003 22:43:58 -0700

bind9 (1:9.2.1-7) unstable; urgency=low

  * One more overrides disparity.
  * Fix bashism in postinst.  Closes: #169531

 -- LaMont Jones <lamont@debian.org>  Sun, 17 Nov 2002 19:22:58 -0700

bind9 (1:9.2.1-6) unstable; urgency=low

  * The "I give up for now" release.
  *   Only convert to running as bind if named.conf hasn't been modified.
  *   Closes: #163552, #164352
  * Fix overrides
  * Cleanup README.Debian wrt non-root-by-default.
  * Make sure that /var/run/bind/run exists in init.d script.  Closes: #168912
  * New IP for j.root-servers.net.  Closes: #167818
  * Check for 2.2.18 kernel in preinst.  Closes: #164349
  * Move local options to /etc/default/bind9.  Closes: #169132, #163073
  * Cleanup old bugs (fixed in -5, really).  Closes: #165864
  * Add /etc/bind/named.conf.local, included from named.conf.  Closes: #129576
  * Do options definitions in /etc/bind/named.conf.options, makes life
    easier in the face of named.conf changes from upstream.
  * Add missing Depends: adduser

 -- LaMont Jones <lamont@debian.org>  Sat, 16 Nov 2002 17:05:45 -0700

bind9 (1:9.2.1-5) unstable; urgency=low

  * Run named a non-privileged user by default.  Closes: #149059

 -- LaMont Jones <lamont@debian.org>  Thu, 12 Sep 2002 16:57:37 -0600

bind9 (1:9.2.1-4) unstable; urgency=low

  * swap maintainer/uploader status so LaMont is primary and Bdale is backup
  * Deal with bind/bind9 collisions better.  Closes: #149580
  * Fix some documentation.  Closes: #151579

 -- LaMont Jones <lamont@debian.org>  Wed,  4 Sep 2002 23:25:33 -0600

bind9 (1:9.2.1-3) unstable; urgency=high

  * fold in lib/bind/resolv from 8.3.3 to resolve buffer overlow issue in
    resolver library, closes: #151342, #151431

 -- Bdale Garbee <bdale@gag.com>  Mon,  1 Jul 2002 00:16:31 -0600

bind9 (1:9.2.1-1.woody.1) testing-security woody-proposed-updates; urgency=high

  * backport to woody (simple rebuild) since 9.2.1 resolves a security issue

 -- Bdale Garbee <bdale@gag.com>  Tue,  4 Jun 2002 10:30:57 -0600

bind9 (1:9.2.1-2) unstable; urgency=low

  * don't include nslint man page, closes: #148695
  * fix typo in rndc.8, closes: #139602
  * add a section to README.Debian explaining the rndc key mode that has been
    our default since 9.2.0-2, closes: #129849
  * fix paths for named.conf in named.8 to reflect our default, closes: #143443
  * upstream fixed the nsupdate man page at some point, closes: #121108

 -- Bdale Garbee <bdale@gag.com>  Mon,  3 Jun 2002 15:44:37 -0600

bind9 (1:9.2.1-1) unstable; urgency=medium

  * new upstream version
  * have bind9-host provide host, closes: #140174
  * move bind9-host to priority standard since dnsutils depends on it or host,
    and we prefer bind9-host over host.
  * move libdns5 and libisc4 to priority standard since dnsutils depends on
    them and is priority standard

 -- Bdale Garbee <bdale@gag.com>  Thu, 30 May 2002 10:38:39 -0600

bind9 (1:9.2.0-6) unstable; urgency=low

  * move to US main!  Yippee!  Closes: #123969
  * add info to README.Debian about 2.5 kernels vs --disable-linux-caps

 -- Bdale Garbee <bdale@gag.com>  Sat, 23 Mar 2002 00:18:05 -0700

bind9 (1:9.2.0-5) unstable; urgency=medium

  * clean up various issues in the rules file
  * make bind9-host conflict/replace old dnsutils as host does, otherwise we
    can have problems upgrading from potato to woody, closes: #136686
  * use /dev/urandom for rndc-confgen in postinst, it should be good enough for
    this purpose, and will keep the postinst from blocking arbitrarily.
    closes: #130372
  * add fresh pointers to chroot howto to README.Debian, closes: #135774

 -- Bdale Garbee <bdale@gag.com>  Sun,  3 Mar 2002 16:47:12 -0700

bind9 (1:9.2.0-4) unstable; urgency=low

  * bind9-host needs to conflict with host, closes: #127395

 -- Bdale Garbee <bdale@gag.com>  Tue,  1 Jan 2002 20:12:14 -0700

bind9 (1:9.2.0-3) unstable; urgency=low

  * force removal of old diverted files, closes: #126236
  * change priority of liblwres1 from optional to standard per ftp admins
  * add a bind9-host package so that the 'host' provided with the BIND 9.X
    source tree can be an alternative to the aging NIKHEF version packaged
    separately.  Update dnsutils dependencies to depend on one of the two,
    with preference to this one since it has fewer bugs (but fewer features,
    too).

 -- Bdale Garbee <bdale@gag.com>  Sun, 23 Dec 2001 00:59:15 -0700

bind9 (1:9.2.0-2) unstable; urgency=medium

  * change rc.d links to ensure daemon starts before and stops after other
    daemons that may fail if name service is not working (bug was filed 
    against 8.X bind packages, but is just as relevant here!)
  * use rndc for daemon shutdown instead of start-stop-daemon, closes: #111935
  * add a postinst to dnsutils to remove any lingering diversions from old 
    dnsutils packages, closes: #122227
  * not much point in delivering zone2ldap.1 since we aren't delivering 
    zone2ldap right now (though we might someday?), closes: #124058
  * be more verbose with shared library descriptions, closes: #123426, #123428
  * 9.2.0 added a new rndc.key file that both named and rndc will read to 
    obtain a shared key, and rndc-confgen will easily create this file with 
    a unique-per-system key.  Modify named.conf and remove rndc.conf
    to take advantage of this mechanism and stop delivering a pre-determined 
    static key to all Debian systems (which has been a mild security risk).  
    Create the key in postinst if the key file doesn't already exist, and 
    remove the file in postrm if purging.
    Closes: #86718, #87208

 -- Bdale Garbee <bdale@gag.com>  Fri, 21 Dec 2001 04:04:30 -0700

bind9 (1:9.2.0-1) unstable; urgency=low

  * new upstream version, closes: #108243, #112266, #114250, #119506, #120657
  * /etc/bind/rndc.conf is now a conffile
  * minor hacks to the README.Debian since the chroot instructions it points
    to are 8.X specific, part of addressing bug 111868.
  * libomapi is gone, replaced by libisccc and libisccfg
  * a few lintian-motivated cosmetic cleanups
  * lose task-dns-server meta package, since tasksel doesn't need it now
  * dig problem not reproducible in this version, closes: #89526
  * named-checkconf now uses $sysconfdir, closes: #107835
  * no longer deliver man pages for contributed binaries we're not including
    in dnsutils, closes: #108220
  * fix section in nslookup man page, though that's the least of the man
    page's problems...  glitch reported is unreproducible
    closes: #103630, #120946
  * update libbind-dev README.Debian, closes: #121050

 -- Bdale Garbee <bdale@gag.com>  Tue, 27 Nov 2001 01:41:00 -0700

bind9 (1:9.1.3-1) unstable; urgency=low

  * new upstream version, closes: #96483, #99824, #100647, #101568, #103429
  * update config.sub/guess for hppa/ia64 support
  * small init.d patch from Marco d'Itri to ease adding options on invocation
  * stop having bind9-doc conflict/replace bind-doc since they don't really
    conflict and there's no reason to prevent having both installed at the
    same time, closes: #90994
  * the CHANGES file documents fixes since 9.1.1 that probably cured the
    reported assertion failure.  If it turns out that I'm wrong, the bug can
    be re-opened or a new one filed.  I can't see any way to reproduce the bug 
    in a test case here.  Closes: #99352
  * have libbind-dev depend on the runtime library packages it delivers 
    compile-time symlinks for, closes: #100898, #103855
  * fix lwres man pages to source man3/* instead of * so all the page content
    can actually be found, closes: #85450, #103865

 -- Bdale Garbee <bdale@gag.com>  Mon,  9 Jul 2001 11:30:39 -0600

bind9 (1:9.1.1-1) unstable; urgency=low

  * new upstream release
  * update build-depends for libssl-dev
  * add build-depends on bison, closes: #90150, #90752, #90159
  * split up libbind0 since libdns is changing so numbers
  * downgrade rblcheck from a depends to a suggests, closes: #90783
  * bind9 mkdep creates files in the current working directory, closes: #58353

 -- Bdale Garbee <bdale@gag.com>  Wed, 25 Apr 2001 22:53:21 -0600

bind9 (1:9.1.0-3) unstable; urgency=low

  * merge patch from Zack Weinberg that solves compilation problem, and 
    reduces the memory footprint of applications by making configure.in
    smarter.  Closes: #86776, #86910
  * the bind-doc package includes all relevant documentation from the bind9
    source tree, including HTML content in /usr/share/doc/bind9-doc/arm,
    closes: #85718
  * default named.conf and rndc.conf to not world-readable.  This is an
    interim step towards addressing the concerns about security raised by 
    bugs 86718 and closes: #86836  A better long-term solution would be for
    rndc.conf to allow includes, so that both named.conf and rndc.conf could
    include a key file built on the fly during installation while themselves
    retaining conffile status.  The required functionality has been requested
    of the bind9 upstream, this will limit vulnerability in the meantime.
  * add replaces logic to the dnsutils package to avoid complaints about the
    delivery of nsupdate.8.gz, closes: #86759
  * move a couple of man pages back from dnsutils to bind9 that really belong
    there.  sigh.

 -- Bdale Garbee <bdale@gag.com>  Thu, 22 Feb 2001 16:39:02 -0700

bind9 (1:9.1.0-2) unstable; urgency=low

  * merge patch from Luca Filipozzi <lfilipoz@debian.org> - thanks!
    + bind9:  ships with a working rndc.conf file, closes: #84572
    + bind9:  init.d calls rndc rather than ndc on reload, closes: #85481
    + bind9:  named.conf ships with 'key' and 'control' sections
    + bind9:  correctly creates /var/cache/bind, closes: #85457
    + lwresd: lwresd is split off into its own package, closes: #85627
  * nsupdate is delivered by the dnsutils package, but the (wrong) man page 
    was accidentally also included in the bind9 package, closes: #85717
  * freshen config.sub and config.guess for ia64 and hppa support

 -- Bdale Garbee <bdale@gag.com>  Mon, 12 Feb 2001 23:43:55 -0700

bind9 (1:9.1.0-1) unstable; urgency=low

  * Initial packaging of BIND 9.1.0.  Must use epoch so that meta packages 
    retain their sequencing from the bind 8 package version stream.
  * snarf a couple of man pages from the 8.X tree for now

 -- Bdale Garbee <bdale@gag.com>  Thu,  1 Feb 2001 16:30:35 -0700

