unbound (1.4.22-3+deb8u3) jessie; urgency=high

  * Cherry-pick upstream commit svn r4301, "Fix install of trust anchor
    when two anchors are present, makes both valid.  Checks hash of DS but
    not signature of new key.  This fixes installs between sep11 and oct11
    2017."
  * Cherry-pick upstream commit svn r4000, "Include root trust anchor id
    20326 in unbound-anchor".

 -- Robert Edmonds <edmonds@debian.org>  Mon, 28 Aug 2017 00:17:29 -0400

unbound (1.4.22-3+deb8u2) jessie; urgency=medium

  * debian/unbound.init: Add "pidfile" magic comment (Closes: #807132)
  * debian/unbound.init: Call start-stop-daemon with --retry for 'stop'
    action (patch from Julien Cristau)

 -- Robert Edmonds <edmonds@debian.org>  Mon, 04 Jul 2016 15:58:01 -0400

unbound (1.4.22-3+deb8u1) jessie; urgency=medium

  * iterator/iter_hints.c: Update hints for H.ROOT-SERVERS.NET
    (Closes: #815370)

 -- Robert Edmonds <edmonds@debian.org>  Sun, 21 Feb 2016 18:36:43 -0500

unbound (1.4.22-3) unstable; urgency=medium

  * Fix CVE-2014-8602: denial of service by making resolver chase endless
    series of delegations; closes: #772622.

 -- Robert Edmonds <edmonds@debian.org>  Tue, 09 Dec 2014 17:52:08 -0500

unbound (1.4.22-2) unstable; urgency=medium

  * Drop unneeded Build-Dependency on doxygen.
  * Drop unneeded Build-Dependency on automake. (Unbound does not use
    automake.)
  * Use dh_autotools-dev_updateconfig to update the config.{guess,sub} files
    at build time; closes: #746313.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 18 Aug 2014 16:20:28 -0400

unbound (1.4.22-1) unstable; urgency=medium

  * New upstream release.
  * Drop Build-Dependency on libldns-dev. Unbound no longer relies on
    libldns.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 12 Mar 2014 13:21:58 -0400

unbound (1.4.21-1) unstable; urgency=low

  * New upstream release.
  * Don't compress the example config file in /usr/share/doc/unbound;
    closes: #722708.
  * Fully enable hardening options; closes: #709837.
    (Patch from Simon Deziel.)
  * Add support for .d style configuration in /etc/unbound/unbound.conf.d;
    closes: #656549.
  * Move auto-trust-anchor-file configuration for the root into the new
    /etc/unbound/unbound.conf.d directory.

 -- Robert S. Edmonds <edmonds@debian.org>  Thu, 19 Sep 2013 21:45:39 -0400

unbound (1.4.20-1) unstable; urgency=low

  * New upstream release.
    - Updates IPv4 address hint for D.ROOT-SERVERS.NET; closes: #697351.
  * Correct exit code for "/etc/init.d/unbound status"; closes: #685052.
    (Patch from micah anderson.)
  * Finish dh_python2 conversion; closes: #697575.
    (Patch from Micah Gersten.)
  * Check for multiarch Python headers; closes: #697576.
    (Patch from Micah Gersten.)
  * Automatically set up the chroot directory if enabled; closes: #579622.
    (Patch from Simon Deziel.)

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 13 Apr 2013 15:34:47 -0400

unbound (1.4.19-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Fri, 14 Dec 2012 21:33:42 -0500

unbound (1.4.18-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 05 Aug 2012 21:54:05 -0400

unbound (1.4.17-2) unstable; urgency=low

  * Build-depend on libldns-dev (>= 1.6.13~) for ECDSA support.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 28 May 2012 14:19:57 -0400

unbound (1.4.17-1) unstable; urgency=low

  * New upstream release; closes: #674434.
  * Implement 'status' command in init script; closes: #666388.
  * Fix build system bug that negated fully hardening the build;
    closes: #658021. (Patch from Simon Ruderich.)
  * Disable ECDSA support (for now) as this requires a newer ldns than is in
    the archive.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 27 May 2012 16:41:41 -0400

unbound (1.4.16-2) unstable; urgency=low

  * Enable hardened build flags; closes: #658021.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 21 Apr 2012 15:35:16 -0400

unbound (1.4.16-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 05 Feb 2012 20:02:24 -0500

unbound (1.4.14-2) unstable; urgency=high

  * Work around gcc bugs by disabling link time optimization on build
    architectures that are not i386/amd64.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 21 Dec 2011 15:52:17 -0500

unbound (1.4.14-1) unstable; urgency=high

   * New upstream release.
     - CVE-2011-4528.
   * Call dh_python2 in debian/rules; closes: #652294.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 19 Dec 2011 11:00:46 -0500

unbound (1.4.13-2) unstable; urgency=low

  * Reduce the run-time dependencies of libunbound and the unbound-*
    utilities.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 29 Oct 2011 16:16:19 -0400

unbound (1.4.13-1) unstable; urgency=low

  * New upstream release.
  * Only install forwarders learned from resolvconf into unbound if
    RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #637198.
  * Split unbound-anchor utility into separate binary package.
  * Support multi-arch.
  * Fix FTBFS with dpkg-dev 1.16.1.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 23 Oct 2011 16:55:45 -0400

unbound (1.4.12-1) unstable; urgency=medium

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 18 Jul 2011 15:56:42 -0400

unbound (1.4.11-1) unstable; urgency=low

  * New upstream release.
  * Fix FTBFS with default python >> 2.6; closes: #625520.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 03 Jul 2011 16:32:49 -0400

unbound (1.4.10-1) unstable; urgency=low

  * New upstream release:
    - CVE-2011-1922.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 25 May 2011 15:48:34 -0700

unbound (1.4.9-2) unstable; urgency=low

  * Build-depend on libldns-dev (>= 1.6.9-2~) for GOST support.
  * Configure without --disable-gost.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 03 Apr 2011 14:31:40 -0400

unbound (1.4.9-1) unstable; urgency=low

  * New upstream release.
  * Convert packaging to git.
  * Configure with --with-pythonmodule.
  * Configure with --with-pyunbound.
  * Build new python-unbound package; closes: #542094.
  * Automatically create and remove remote control key material on package
    configuration and package purge.
  * Set default remote control port to 53953 to avoid conflicting with the
    bind9 package's default use of port 953 for rndc.
  * Securely fetch or update the root trust anchor at postinst and before
    starting the unbound daemon if ROOT_TRUST_ANCHOR_UPDATE is set in
    /etc/default/unbound; closes: #594911.
  * If unbound is listening on a loopback address, provide this address as
    a nameserver to resolvconf if RESOLVCONF is enabled in
    /etc/default/unbound; closes: #562031.
  * Configure resolvconf discovered nameservers as forwarders if
    RESOLVCONF_FORWARDERS is enabled in /etc/default/unbound; closes: #567879.
  * Don't exit from the init script with an error if UNBOUND_ENABLE is not
    true; default UNBOUND_ENABLE to true if the default file is missing
    entirely; closes: #618815.
  * Support /etc/init.d/unbound reload; closes: #620256.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 02 Apr 2011 22:52:16 -0400

unbound (1.4.8-2) unstable; urgency=low

  * Add build-dependency on libexpat1-dev; closes: #612261.
  * Install unbound-anchor utility in unbound package.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 07 Feb 2011 16:06:00 -0500

unbound (1.4.8-1) unstable; urgency=low

  * New upstream release; closes: #611527.
  * Add /etc/insserv.conf.d/unbound file declaring unbound to be a name
    daemon; closes: #596488, #600118.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 06 Feb 2011 23:33:04 -0500

unbound (1.4.6-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 15 Aug 2010 18:26:43 -0400

unbound (1.4.5-1) unstable; urgency=low

  * New upstream release.
  * Add dependency on openssl to the unbound binary package; closes: #585808.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 20 Jun 2010 16:50:42 -0400

unbound (1.4.4-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Thu, 22 Apr 2010 15:24:06 -0400

unbound (1.4.3-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Thu, 11 Mar 2010 15:55:33 -0500

unbound (1.4.2-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Tue, 09 Mar 2010 14:13:31 -0500

unbound (1.4.1-2) unstable; urgency=low

  * Invoke dh_installinit with --restart-after-upgrade; closes: #563033.

 -- Robert S. Edmonds <edmonds@debian.org>  Tue, 29 Dec 2009 21:54:26 -0500

unbound (1.4.1-1) unstable; urgency=low

  * New upstream release.
  * Document copyright status of util/configparser.c, util/configparser.h;
    closes: #552066.
  * Enable libev support; closes: #552424.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 26 Dec 2009 17:19:10 -0500

unbound (1.4.0-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Fri, 04 Dec 2009 20:32:52 -0800

unbound (1.3.4-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 07 Oct 2009 12:59:21 -0400

unbound (1.3.3-1) unstable; urgency=low

  * New upstream release.
  * Drop .la file from libunbound-dev; closes: #541640.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 23 Aug 2009 13:25:53 -0400

unbound (1.3.2-1) unstable; urgency=low

  * New upstream release.

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 13 Jul 2009 05:50:47 -0400

unbound (1.3.0-1) unstable; urgency=low

  * New upstream release; closes: #533613.
  * Move pid file to /var/run; closes: #533611.
  * Use "unbound-checkconf -o pidfile" in init script to determine pid file
    location (thanks Michael Tokarev).

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 29 Jun 2009 01:10:00 -0400

unbound (1.2.1-2) unstable; urgency=low

  * Closes: #527753, #509535.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 09 May 2009 16:46:32 -0400

unbound (1.2.1-1) unstable; urgency=low

  * New upstream release.
  * Remove init script chroot setup.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 28 Feb 2009 19:46:09 -0500

unbound (1.0.2-1.2) unstable; urgency=low

  * Enable unbound by default (Closes: #508884)
  * Call dh_installinit with --error-handler=true (Closes: #500176)

 -- Ondřej Surý <ondrej@debian.org>  Tue, 16 Dec 2008 11:54:15 +0100

unbound (1.0.2-1.1) unstable; urgency=low

  [ Hideki Yamane (Debian-JP) ]
  * debian/{unbound.init,unbound.default}
    + set not start by default, to avoid that port 53 blocking by other name
      servers will cause install problems
  * debian/unbound.prerm
    + fix lintian "unbound: maintainer-script-hides-init-failure prerm:5" error

  [ Ondřej Surý ]
  * Non-maintainer upload.
  * Minor tweaks to patched init.d file to make it work.

 -- Ondřej Surý <ondrej@debian.org>  Mon, 15 Dec 2008 19:54:44 +0100

unbound (1.0.2-1) unstable; urgency=low

  * New upstream release;
    + stricter filtering of DNS messages to combat cache poisoning

 -- Robert S. Edmonds <edmonds@debian.org>  Mon, 25 Aug 2008 01:03:59 -0400

unbound (1.0.1-2) unstable; urgency=low

  * unbound tries too hard to chroot(); ship a default config that doesn't
    fail to start on new installs; closes: #492243.

 -- Robert S. Edmonds <edmonds@debian.org>  Sat, 02 Aug 2008 17:46:24 -0400

unbound (1.0.1-1) unstable; urgency=low

  * New upstream release.
  * Drop 'return' from init script; closes: #488650.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 16 Jul 2008 12:38:55 -0400

unbound (1.0.0-3) unstable; urgency=low

  * Lintian clean; closes: #485438.
  * Don't chroot by default; note manual syslog configuration in
    README.Debian; closes: #486303.
  * Update to policy 3.8.0.0.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 15 Jun 2008 17:25:04 -0400

unbound (1.0.0-2) unstable; urgency=low

  * Fix Build-Deps.
  * Split unbound-host into a separate package.

 -- Robert S. Edmonds <edmonds@debian.org>  Sun, 25 May 2008 16:12:21 -0400

unbound (1.0.0-1) unstable; urgency=low

  * Initial release; closes: #482277.

 -- Robert S. Edmonds <edmonds@debian.org>  Wed, 21 May 2008 14:13:28 -0400

