bind9 (1:9.20.15-1~deb13u1) trixie-security; urgency=high
* New upstream version 9.20.15
- [CVE-2025-8677]: DNSSEC validation fails if matching but invalid
DNSKEY is found
- [CVE-2025-40778]: Address various spoofing attacks.
- [CVE-2025-40780]: Cache-poisoning due to weak pseudo-random number
generator
-- Ondřej Surý <ondrej@debian.org> Wed, 22 Oct 2025 18:00:33 +0200
bind9 (1:9.20.11-4) unstable; urgency=medium
* Remove named.conf.default-zones.dpkg-dist from /etc/bind
-- Ondřej Surý <ondrej@debian.org> Sun, 27 Jul 2025 12:04:56 +0200
bind9 (1:9.20.11-3) unstable; urgency=medium
* Remove the /etc/bind/named.conf.default-zones again from the
maintainer script as it might have been reinstalled by
accident. (Closes: #1108945)
-- Ondřej Surý <ondrej@debian.org> Sun, 27 Jul 2025 07:54:24 +0200
bind9 (1:9.20.11-2) unstable; urgency=high
* Remove /etc/bind/named.conf.default-zones from the package as
the intent was to remove this file. (Closes: #1108945)
* Add new /etc/bind/named.conf.root-hints file that makes 'named'
to use root.hints from dns-root-data again.
-- Ondřej Surý <ondrej@debian.org> Sun, 27 Jul 2025 06:48:59 +0200
bind9 (1:9.20.11-1) unstable; urgency=high
* New upstream version 9.20.11
+ [CVE2025-40777]: Fix a possible assertion failure when
stale-answer-client-timeout is set to 0.
-- Ondřej Surý <ondrej@debian.org> Wed, 16 Jul 2025 17:08:46 +0200
bind9 (1:9.20.10-1) unstable; urgency=medium
* New upstream version 9.20.10
-- Ondřej Surý <ondrej@debian.org> Fri, 20 Jun 2025 06:25:07 +0200
bind9 (1:9.20.9-2) unstable; urgency=low
* Fix the default branch in the Vcs-Git field (Closes: #1106677)
-- Ondřej Surý <ondrej@debian.org> Wed, 28 May 2025 13:39:20 +0200
bind9 (1:9.20.9-1) unstable; urgency=high
* New upstream version 9.20.9
+ [CVE-2025-40775] Prevent assertion when processing TSIG algorithm.
-- Ondřej Surý <ondrej@debian.org> Wed, 21 May 2025 13:44:48 +0200
bind9 (1:9.20.8-6) unstable; urgency=medium
* Adjust the autopkg zonetest
-- Ondřej Surý <ondrej@debian.org> Fri, 18 Apr 2025 18:40:30 +0200
bind9 (1:9.20.8-5) unstable; urgency=medium
[ Remus-Gabriel Chelu ]
* [INTL:ro] Romanian debconf templates translation of bind9
[ Ondřej Surý ]
* Fix lintian mismatched-override
* Use pkgconf instead of pkg-config
* Remove superfluous-file-pattern(s) from d/copyright
* Remove full path to named-checkconf in d/bind9.postinst
-- Ondřej Surý <ondrej@debian.org> Thu, 17 Apr 2025 21:50:52 +0200
bind9 (1:9.20.8-4) unstable; urgency=medium
[ Lena Voytek ]
* Add zonetest DEP-8 test
-- Ondřej Surý <ondrej@debian.org> Thu, 17 Apr 2025 21:21:42 +0200
bind9 (1:9.20.8-3) unstable; urgency=medium
[ Lena Voytek ]
* Fix German UTF-8 encoding
* Clean up debian/copyright file
* Remove lsb-base runtime dependency as it is no longer needed
[ Santiago Ruano Rincón ]
* Add debian/salsa-ci.yml
* Make d/tests/validation less flaky.
[ Carles Pina i Estany ]
* Added po-debconf Catalan translation
[ Mitchell Dzurick ]
* d/control: Suggest bind9-doc over bind-doc for the bind9 package
[ Debian Janitor ]
* Apply multi-arch hints. + bind9-doc: Add Multi-Arch: foreign.
-- Ondřej Surý <ondrej@debian.org> Thu, 17 Apr 2025 21:07:33 +0200
bind9 (1:9.20.8-2) unstable; urgency=medium
* Validate configuration file before service restart
(Closes: #995310, #1054314)
-- Ondřej Surý <ondrej@debian.org> Thu, 17 Apr 2025 18:49:10 +0200
bind9 (1:9.20.8-1) unstable; urgency=medium
* New upstream version 9.20.8
-- Ondřej Surý <ondrej@debian.org> Wed, 16 Apr 2025 15:05:13 +0200
bind9 (1:9.20.7-1) unstable; urgency=medium
* New upstream version 9.20.7
-- Ondřej Surý <ondrej@debian.org> Thu, 13 Mar 2025 11:37:20 +0100
bind9 (1:9.20.6-1) unstable; urgency=medium
* Add Provides: bind9utils and Provides: dnsutils to the respective
packages
* New upstream version 9.20.6
-- Ondřej Surý <ondrej@debian.org> Wed, 19 Feb 2025 16:00:19 +0100
bind9 (1:9.20.5-1) unstable; urgency=medium
* New upstream version 9.20.5 (Closes: #1094735)
- CVE-2024-12705: DNS-over-HTTPS flooding fixes
- CVE-2024-11187: Limit additional section processing for large RDATA
sets
* Drop libltdl-dev from Build-Depends, libuv wrappers are used
for dlopen and friends.
-- Ondřej Surý <ondrej@debian.org> Mon, 27 Jan 2025 12:21:49 +0100
bind9 (1:9.20.4-4) unstable; urgency=medium
* Revert "Temporarily use rbtdb as a zone database to prevent assertion
failure"
* Add pre-release patch for the NSEC3 encloser assertion failure
-- Ondřej Surý <ondrej@debian.org> Tue, 21 Jan 2025 16:16:07 +0100
bind9 (1:9.20.4-3) unstable; urgency=high
* Temporarily use rbtdb as a zone database as workaround for an upstream
bug.
-- Ondřej Surý <ondrej@debian.org> Thu, 19 Dec 2024 05:56:30 +0100
bind9 (1:9.20.4-2) unstable; urgency=medium
* Add upstream patch for the new GLUE cache implementation
-- Ondřej Surý <ondrej@debian.org> Sun, 15 Dec 2024 08:02:25 +0100
bind9 (1:9.20.4-1) unstable; urgency=medium
* New upstream version 9.20.4
-- Ondřej Surý <ondrej@debian.org> Wed, 11 Dec 2024 17:35:53 +0100
bind9 (1:9.20.3-1) unstable; urgency=medium
* New upstream version 9.20.3
-- Ondřej Surý <ondrej@debian.org> Thu, 10 Oct 2024 10:37:54 +0200
bind9 (1:9.20.2-1) unstable; urgency=medium
* New upstream version 9.20.2
-- Ondřej Surý <ondrej@debian.org> Fri, 20 Sep 2024 14:35:10 +0200
bind9 (1:9.20.1-1) unstable; urgency=medium
* New upstream version 9.20.1
-- Ondřej Surý <ondrej@debian.org> Wed, 21 Aug 2024 15:07:52 +0200
bind9 (1:9.20.0-2) unstable; urgency=medium
* Fix the assertion failure in samba-libs DLZ module. (Closes: #1074378)
-- Ondřej Surý <ondrej@debian.org> Sat, 27 Jul 2024 05:02:39 +0200
bind9 (1:9.20.0-1) unstable; urgency=high
* New upstream version 9.20.0
- CVE-2024-0760: A flood of DNS messages over TCP may make the server
unstable
- CVE-2024-1737: BIND's database will be slow if a very large number of
RRs exist at the same name
- CVE-2024-1975: SIG(0) can be used to exhaust CPU resources
- CVE-2024-4076: Assertion failure when serving both stale cache data
and authoritative zone content
-- Ondřej Surý <ondrej@debian.org> Tue, 16 Jul 2024 17:26:47 +0200
bind9 (1:9.19.24-185-g392e7199df2-1) unstable; urgency=medium
* New upstream version 9.19.24-185-g392e7199df2
-- Ondřej Surý <ondrej@debian.org> Thu, 20 Jun 2024 15:11:56 +0200
bind9 (1:9.19.24-2) unstable; urgency=medium
* Add dnssec-ksr tool to bind9-utils package
-- Ondřej Surý <ondrej@debian.org> Wed, 15 May 2024 20:59:35 +0200
bind9 (1:9.19.24-1) unstable; urgency=medium
* New upstream version 9.19.24
-- Ondřej Surý <ondrej@debian.org> Wed, 15 May 2024 19:55:59 +0200
bind9 (1:9.19.23-1) unstable; urgency=medium
* New upstream version 9.19.23
-- Ondřej Surý <ondrej@debian.org> Wed, 17 Apr 2024 23:48:03 +0200
bind9 (1:9.19.22-1) unstable; urgency=medium
* New upstream version 9.19.22
- A regression caused by CVE-2023-6516 fix could lead into
an out-of-memory condition when the server is under heavy
load.
-- Ondřej Surý <ondrej@debian.org> Wed, 20 Mar 2024 14:17:43 +0100
bind9 (1:9.19.21-1) unstable; urgency=high
[ Helmut Grohne ]
* Drop unused Build-Depends: python3. (Closes: #1063448)
[ Ondřej Surý ]
* New upstream version 9.19.21
- CVE-2023-4408: Parsing large DNS messages may cause excessive CPU
load
- CVE-2023-5517: Querying RFC 1918 reverse zones may cause an assertion
failure when "nxdomain-redirect" is enabled
- CVE-2023-5679: Enabling both DNS64 and serve-stale may cause an
assertion failure during recursive resolution
- CVE-2023-6516: Specific recursive query patterns may lead to an
out-of-memory condition
- CVE-2023-50387: KeyTrap - Extreme CPU consumption in DNSSEC validator
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof can exhaust
CPU resources
-- Ondřej Surý <ondrej@debian.org> Mon, 12 Feb 2024 17:04:19 +0100
bind9 (1:9.19.19-1) unstable; urgency=medium
[ Ondřej Surý ]
* New upstream version 9.19.19
[ Bernhard Schmidt ]
* Sync 9.18 to 9.19 (Closes: #1056984)
-- Ondřej Surý <ondrej@debian.org> Wed, 20 Dec 2023 17:01:32 +0100
bind9 (1:9.19.18-1) unstable; urgency=medium
* New upstream version 9.19.18
-- Ondřej Surý <ondrej@debian.org> Wed, 15 Nov 2023 17:51:18 +0100
bind9 (1:9.19.17-1) unstable; urgency=medium
* New upstream version 9.19.17
- CVE-2023-3341: A stack exhaustion flaw in control channel code may
cause named to terminate unexpectedly (Closes: #1052416)
- CVE-2023-4236: named may terminate unexpectedly under high
DNS-over-TLS query load (Closes: #1052417)
-- Ondřej Surý <ondrej@debian.org> Wed, 20 Sep 2023 18:13:07 +0200
bind9 (1:9.19.16-1) experimental; urgency=medium
* New upstream version 9.19.16
-- Ondřej Surý <ondrej@debian.org> Wed, 16 Aug 2023 17:54:24 +0200
bind9 (1:9.19.15-1) experimental; urgency=medium
* New upstream version 9.19.15
-- Ondřej Surý <ondrej@debian.org> Wed, 19 Jul 2023 14:16:46 +0200
bind9 (1:9.19.14-1) experimental; urgency=medium
* New upstream version 9.19.14
-- Ondřej Surý <ondrej@debian.org> Wed, 21 Jun 2023 21:00:01 +0200
bind9 (1:9.19.13-1) experimental; urgency=medium
* New upstream version 9.19.13
-- Ondřej Surý <ondrej@debian.org> Wed, 17 May 2023 17:50:48 +0200
bind9 (1:9.19.12-2) experimental; urgency=medium
* Add liburcu-dev to Build-Depends
-- Ondřej Surý <ondrej@debian.org> Thu, 20 Apr 2023 14:24:06 +0200
bind9 (1:9.19.12-1) experimental; urgency=medium
* New upstream version 9.19.12
-- Ondřej Surý <ondrej@debian.org> Wed, 19 Apr 2023 15:01:59 +0200
bind9 (1:9.19.11-1) experimental; urgency=medium
* New upstream version 9.19.11
* Update the d/bind9-dev.install, d/bind9.install and d/not-installed
after library squash
-- Ondřej Surý <ondrej@debian.org> Wed, 15 Mar 2023 18:27:20 +0100
bind9 (1:9.19.10-1) experimental; urgency=medium
* New upstream version 9.19.10
* Drop libtool-bin from B-D (Closes: #1022968)
-- Ondřej Surý <ondrej@debian.org> Fri, 10 Feb 2023 15:16:29 +0100
bind9 (1:9.19.9-2) experimental; urgency=medium
* Allow the named to use systemd notify service
-- Ondřej Surý <ondrej@debian.org> Thu, 26 Jan 2023 21:18:35 +0100
bind9 (1:9.19.9-1) experimental; urgency=medium
* New upstream version 9.19.9
-- Ondřej Surý <ondrej@debian.org> Wed, 25 Jan 2023 16:04:03 +0100
bind9 (1:9.19.8-1) experimental; urgency=medium
* New upstream version 9.19.8
-- Ondřej Surý <ondrej@debian.org> Wed, 21 Dec 2022 18:02:17 +0100
bind9 (1:9.19.7-1) experimental; urgency=medium
* New upstream version 9.19.7
-- Ondřej Surý <ondrej@debian.org> Wed, 16 Nov 2022 14:05:15 +0100
bind9 (1:9.19.6-2) experimental; urgency=medium
* Use systemd notify for service readyness check (Closes: #994696)
-- Bernhard Schmidt <berni@debian.org> Sun, 30 Oct 2022 00:14:05 +0200
bind9 (1:9.19.6-1) experimental; urgency=medium
* New upstream version 9.19.6
-- Ondřej Surý <ondrej@debian.org> Wed, 19 Oct 2022 15:06:31 +0200
bind9 (1:9.19.5-1) experimental; urgency=medium
* New upstream version 9.19.5
- CVE-2022-2795: Processing large delegations may severely degrade
resolver performance
- CVE-2022-2881: Buffer overread in statistics channel code
- CVE-2022-2906: Memory leaks in code handling Diffie-Hellman key
exchange via TKEY RRs (OpenSSL 3.0.0+ only)
- CVE-2022-3080: BIND 9 resolvers configured to answer from stale
cache with zero stale-answer-client-timeout may terminate unexpectedly
- CVE-2022-38177: Memory leak in ECDSA DNSSEC verification code
- CVE-2022-38178: Memory leaks in EdDSA DNSSEC verification code
-- Ondřej Surý <ondrej@debian.org> Wed, 21 Sep 2022 12:55:15 +0200
bind9 (1:9.19.4-1) unstable; urgency=medium
* Remove doc/misc/options.active from the docs
* New upstream version 9.19.4
-- Ondřej Surý <ondrej@debian.org> Thu, 18 Aug 2022 09:48:41 +0200
bind9 (1:9.19.3-1) unstable; urgency=medium
* New upstream version 9.19.3
-- Ondřej Surý <ondrej@debian.org> Wed, 20 Jul 2022 16:42:00 +0200
bind9 (1:9.19.2-1) unstable; urgency=medium
* New upstream version 9.19.2
-- Ondřej Surý <ondrej@debian.org> Wed, 15 Jun 2022 14:43:54 +0200
bind9 (1:9.19.1-1) unstable; urgency=medium
* Disable treat-warnings-as-errors in sphinx-build
* New upstream version 9.19.1
-- Ondřej Surý <ondrej@debian.org> Wed, 18 May 2022 17:26:23 +0200
bind9 (1:9.19.0-1) unstable; urgency=medium
* Update d/ for BIND 9.19 Development
* New upstream version 9.19.0
-- Ondřej Surý <ondrej@debian.org> Thu, 21 Apr 2022 09:51:08 +0200
bind9 (1:9.18.2-1) unstable; urgency=medium
* Drop libldap2-dev from Build-Depends (Closes: #1008021)
* New upstream version 9.18.2
-- Ondřej Surý <ondrej@debian.org> Thu, 21 Apr 2022 09:40:25 +0200
bind9 (1:9.18.1-1) unstable; urgency=high
* New upstream version 9.18.1
* CVE-2021-25220: The rules for acceptance of records into the cache
have been tightened to prevent the possibility of poisoning if
forwarders send records outside the configured bailiwick.
* CVE-2022-0396: TCP connections with 'keep-response-order' enabled
could leave the TCP sockets in the 'CLOSE_WAIT' state when the client
did not properly shut down the connection.
* CVE-2022-0635: Lookups involving a DNAME could trigger an assertion
failure when 'synth-from-dnssec' was enabled (which is the default)
* CVE-2022-0667: When chasing DS records, a timed out or artificially
delayed fetch could cause 'named' to crash while resuming a DS lookup.
-- Ondřej Surý <ondrej@debian.org> Mon, 14 Mar 2022 15:29:31 +0100
bind9 (1:9.18.0-2) unstable; urgency=medium
* Add patch to use detected L1 cache-line size instead of hard-coded
value, this should fix architectures with 128-byte L1 cache.
-- Ondřej Surý <ondrej@debian.org> Thu, 27 Jan 2022 13:16:04 +0100
bind9 (1:9.18.0-1) unstable; urgency=medium
* Bump the upstream version in debian/ to 9.18
* New upstream version 9.18.0
-- Ondřej Surý <ondrej@debian.org> Wed, 26 Jan 2022 12:31:55 +0100
bind9 (1:9.18.0~0+git28350c-1) unstable; urgency=medium
* New upstream version 9.18.0~0+git28350c
+ Pull the 9.18.0 pre-release git to have the L1 cache line
fix (Closes: #1004271)
* Fix the typo when backing up and restoring configure{,.ac}
(Closes: #903586)
* Remove some prehistoring conffile no longer in use
(Closes: #942377)
* Pick UTC date for release_date variable (Closes: #1000893)
-- Ondřej Surý <ondrej@debian.org> Mon, 24 Jan 2022 16:00:49 +0100
bind9 (1:9.17.22-1) unstable; urgency=medium
* New upstream version 9.17.22
-- Ondřej Surý <ondrej@debian.org> Wed, 19 Jan 2022 18:38:13 +0100
bind9 (1:9.17.21-1) unstable; urgency=medium
* New upstream version 9.17.21
-- Ondřej Surý <ondrej@debian.org> Wed, 15 Dec 2021 15:22:46 +0100
bind9 (1:9.17.20-3) unstable; urgency=medium
* Retain bind9-resolvconf.service alias (Closes: #1000565)
-- Ondřej Surý <ondrej@debian.org> Thu, 25 Nov 2021 10:10:50 +0100
bind9 (1:9.17.20-2) unstable; urgency=medium
* Tighten the dependencies on bind9-libs for the utils too
(Closes: #1000354)
-- Ondřej Surý <ondrej@debian.org> Mon, 22 Nov 2021 08:58:22 +0100
bind9 (1:9.17.20-1) unstable; urgency=medium
* New upstream version 9.17.20
* Remove the sphinx-patch, the role has been fixed upstream
-- Ondřej Surý <ondrej@debian.org> Thu, 18 Nov 2021 07:49:14 +0100
bind9 (1:9.17.19-3) unstable; urgency=medium
* Remove the .so libraries from excluded files
-- Ondřej Surý <ondrej@debian.org> Fri, 12 Nov 2021 14:24:13 +0100
bind9 (1:9.17.19-2) unstable; urgency=medium
* Add libjemalloc-dev to Build-Depends
* Sync the packaging between BIND 9.16 and BIND 9.17 branches
* Don't install static libraries to bind9-dev, they are not built
-- Ondřej Surý <ondrej@debian.org> Tue, 09 Nov 2021 10:42:43 +0100
bind9 (1:9.17.19-1) unstable; urgency=medium
* New upstream version 9.17.19
-- Ondřej Surý <ondrej@debian.org> Mon, 25 Oct 2021 14:29:06 +0200
bind9 (1:9.17.18-1) experimental; urgency=medium
* New upstream version 9.17.18
-- Ondřej Surý <ondrej@debian.org> Thu, 16 Sep 2021 10:03:31 +0200
bind9 (1:9.17.17-2) experimental; urgency=medium
* Bump MAPAPI to 3.0
-- Ondřej Surý <ondrej@debian.org> Fri, 20 Aug 2021 14:34:56 +0200
bind9 (1:9.17.17-1) experimental; urgency=medium
* New upstream version 9.17.17
-- Ondřej Surý <ondrej@debian.org> Wed, 18 Aug 2021 18:31:14 +0200
bind9 (1:9.17.16-1) experimental; urgency=medium
* New upstream version 9.17.16
-- Ondřej Surý <ondrej@debian.org> Wed, 21 Jul 2021 20:31:56 +0200
bind9 (1:9.17.15-1) experimental; urgency=medium
* New upstream version 9.17.15
-- Ondřej Surý <ondrej@debian.org> Fri, 18 Jun 2021 15:13:26 +0200
bind9 (1:9.17.14-3) experimental; urgency=medium
* Add upstream patch to address 'Checking of key-directory and
dnssec-policy was broken'
-- Ondřej Surý <ondrej@debian.org> Fri, 18 Jun 2021 09:08:52 +0200
bind9 (1:9.17.14-2) experimental; urgency=medium
* Add upstream patch to fix: 'W' in wildcard expansions was being mapped
to '\000'.
-- Ondřej Surý <ondrej@debian.org> Fri, 18 Jun 2021 06:49:25 +0200
bind9 (1:9.17.14-1) experimental; urgency=medium
* New upstream version 9.17.14
-- Ondřej Surý <ondrej@debian.org> Thu, 17 Jun 2021 00:26:38 +0200
bind9 (1:9.17.13-2) experimental; urgency=medium
* Revert upstream 'Add a Sphinx role for linking GitLab issues/MRs'
-- Ondřej Surý <ondrej@debian.org> Thu, 20 May 2021 11:30:01 +0200
bind9 (1:9.17.13-1) experimental; urgency=medium
* New upstream version 9.17.13
-- Ondřej Surý <ondrej@debian.org> Thu, 20 May 2021 11:05:32 +0200
bind9 (1:9.17.12-2) experimental; urgency=medium
* Add filter-a.so plugin into main package
-- Ondřej Surý <ondrej@debian.org> Sat, 01 May 2021 13:15:40 +0200
bind9 (1:9.17.12-1) experimental; urgency=medium
* New upstream version 9.17.12
* Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance
-- Ondřej Surý <ondrej@debian.org> Thu, 29 Apr 2021 10:49:07 +0200
bind9 (1:9.17.11-1) experimental; urgency=medium
* New upstream version 9.17.11
* Add upstream patches to fix TCP timeouts firing too early
-- Ondřej Surý <ondrej@debian.org> Thu, 18 Mar 2021 14:43:40 +0100
bind9 (1:9.17.10-1) experimental; urgency=high
* New upstream version 9.17.10
+ [CVE-2020-8625]: Fix off-by-one bug in ISC SPNEGO implementation.
* Adjust the bind9-libs package for new upstream library names
* Add libnghttp2-dev to Build-Depends
* Update the way how we ignore development libraries, so the real ones
gets installed
-- Ondřej Surý <ondrej@debian.org> Thu, 18 Feb 2021 09:27:46 +0100
bind9 (1:9.17.9-1) experimental; urgency=medium
* Exclude test-async.so from dh_install
* Update the ISC code-signing key
* New upstream version 9.17.9
-- Ondřej Surý <ondrej@debian.org> Thu, 21 Jan 2021 11:29:33 +0100
bind9 (1:9.17.8-1) experimental; urgency=medium
* New upstream version 9.17.8
-- Ondřej Surý <ondrej@debian.org> Wed, 16 Dec 2020 22:35:50 +0100
bind9 (1:9.17.7-1) experimental; urgency=medium
* New upstream version 9.17.7
-- Ondřej Surý <ondrej@debian.org> Thu, 26 Nov 2020 15:58:54 +0100
bind9 (1:9.17.6-1) experimental; urgency=medium
* New upstream version 9.17.6
-- Ondřej Surý <ondrej@debian.org> Fri, 23 Oct 2020 15:11:42 +0200
bind9 (1:9.17.5-2) experimental; urgency=medium
[ Bernhard Schmidt ]
* Move Build-Depends for documentation to Build-Depends-Indep
* Set Restart=on-failure in systemd unit
-- Ondřej Surý <ondrej@debian.org> Thu, 17 Sep 2020 13:53:04 +0200
bind9 (1:9.17.5-1) experimental; urgency=medium
* New upstream version 9.17.5
-- Ondřej Surý <ondrej@debian.org> Thu, 17 Sep 2020 10:40:29 +0200
bind9 (1:9.17.4-1) experimental; urgency=medium
* Add libtool-bin to Build-Depends
* Disable static linking
* New upstream version 9.17.4
-- Ondřej Surý <ondrej@debian.org> Thu, 20 Aug 2020 21:35:16 +0200
bind9 (1:9.17.3-1) experimental; urgency=medium
* New upstream version 9.17.2
* Adjust d/*.install files after upstream moved binaries from sbin to bin
* Remove rfc-compliance from docs, it's gone
* New upstream version 9.17.3
* Add fonts-freefont-otf, latexmk, texlive-fonts-extra,
texlive-latex-recommended, texlive-xetex, and xindy to Build-Depends
* Install man pages for tsig-gen and named-compilezone
-- Ondřej Surý <ondrej@debian.org> Thu, 16 Jul 2020 00:38:43 +0200
bind9 (1:9.17.1+git20200519-1) experimental; urgency=medium
* New upstream version 9.17.1+git20200519
* Update Debian packaging for autoconf/automake and sphinx-doc
-- Ondřej Surý <ondrej@debian.org> Tue, 19 May 2020 22:02:19 +0200
bind9 (1:9.17.1-1) experimental; urgency=medium
* Update d/copyright (Closes: #947978)
* New upstream version 9.17.1
-- Ondřej Surý <ondrej@debian.org> Thu, 16 Apr 2020 10:34:10 +0200
bind9 (1:9.17.0-1) experimental; urgency=medium
[ Andreas Hasenack ]
* Bring back the DEP8 test from sid
* Use iproute2 instead of net-tools
* d/control: drop hardcoded python3 dependency
[ Bernhard Schmidt ]
* Fix apparmor profile name.
Thanks to Andreas Hasenack
* Enable readline support
[ Andreas Hasenack ]
* Update apparmor profile with what is in sid
* Create the missing transitional packages for dnsutils, bind9utils
* There is a licensing conflict with adding libreadline and we should
use libedit-dev instead.
[ Ondřej Surý ]
* Switch to BIND 9.17 for the -dev packages
* New upstream version 9.17.0
-- Ondřej Surý <ondrej@debian.org> Fri, 20 Mar 2020 14:23:38 +0100
bind9 (1:9.16.22-1) unstable; urgency=medium
* New upstream version 9.16.22
-- Ondřej Surý <ondrej@debian.org> Mon, 25 Oct 2021 14:27:31 +0200
bind9 (1:9.16.21-1) unstable; urgency=medium
* New upstream version 9.16.21
-- Ondřej Surý <ondrej@debian.org> Thu, 16 Sep 2021 09:54:17 +0200
bind9 (1:9.16.20-2) unstable; urgency=medium
* Bump MAPAPI to 3.0
-- Ondřej Surý <ondrej@debian.org> Fri, 20 Aug 2021 14:40:11 +0200
bind9 (1:9.16.20-1) unstable; urgency=medium
* New upstream version 9.16.20
-- Ondřej Surý <ondrej@debian.org> Wed, 18 Aug 2021 18:27:37 +0200
bind9 (1:9.16.19-1) unstable; urgency=medium
* New upstream version 9.16.19
-- Ondřej Surý <ondrej@debian.org> Wed, 21 Jul 2021 20:27:13 +0200
bind9 (1:9.16.18-1) unstable; urgency=medium
* New upstream version 9.16.18
-- Ondřej Surý <ondrej@debian.org> Fri, 18 Jun 2021 15:06:55 +0200
bind9 (1:9.16.17-3) unstable; urgency=medium
* Add upstream patch to address 'Checking of key-directory and
dnssec-policy was broken'
-- Ondřej Surý <ondrej@debian.org> Fri, 18 Jun 2021 09:07:09 +0200
bind9 (1:9.16.17-2) unstable; urgency=high
* Add upstream patch to fix: 'W' in wildcard expansions was being mapped
to '\000'.
-- Ondřej Surý <ondrej@debian.org> Fri, 18 Jun 2021 06:45:25 +0200
bind9 (1:9.16.17-1) unstable; urgency=medium
* New upstream version 9.16.17
-- Ondřej Surý <ondrej@debian.org> Thu, 17 Jun 2021 00:10:22 +0200
bind9 (1:9.16.16-2) unstable; urgency=medium
* Revert upstream 'Add a Sphinx role for linking GitLab issues/MRs'
-- Ondřej Surý <ondrej@debian.org> Thu, 20 May 2021 11:28:18 +0200
bind9 (1:9.16.16-1) unstable; urgency=medium
* New upstream version 9.16.16
* Patches to implement I-D draft-hardaker-dnsop-nsec3-guidance were
merged upstream; remove them from the package.
-- Ondřej Surý <ondrej@debian.org> Thu, 20 May 2021 10:00:00 +0200
bind9 (1:9.16.15-1) unstable; urgency=high
* New upstream version 9.16.15 (Closes: #987741, #987742, #987743)
+ CVE-2021-25214: A malformed incoming IXFR transfer could trigger an
assertion failure in ``named``, causing it to quit abnormally.
+ CVE-2021-25215: ``named`` crashed when a DNAME record placed in the
ANSWER section during DNAME chasing turned out to be the final
answer to a client query.
+ CVE-2021-25216: When a server's configuration set the
``tkey-gssapi-keytab`` or ``tkey-gssapi-credential`` option, a
specially crafted GSS-TSIG query could cause a buffer overflow in
the ISC implementation of SPNEGO (a protocol enabling negotiation of
the security mechanism used for GSSAPI authentication).
* Add patches to implement I-D draft-hardaker-dnsop-nsec3-guidance
-- Ondřej Surý <ondrej@debian.org> Thu, 29 Apr 2021 09:11:32 +0200
bind9 (1:9.16.13-1) unstable; urgency=medium
* New upstream version 9.16.13
* Add upstream patches to fix TCP timeouts firing too early
-- Ondřej Surý <ondrej@debian.org> Thu, 18 Mar 2021 14:23:49 +0100
bind9 (1:9.16.12-3) unstable; urgency=medium
* Add most important patches from upcoming 9.16.13 release
-- Ondřej Surý <ondrej@debian.org> Fri, 12 Mar 2021 09:59:49 +0100
bind9 (1:9.16.12-2) unstable; urgency=medium
* Add patch to fix sphinx-build failure on Ubuntu Xenial
-- Ondřej Surý <ondrej@debian.org> Thu, 18 Feb 2021 12:26:09 +0100
bind9 (1:9.16.12-1) unstable; urgency=high
* New upstream version 9.16.12
+ [CVE-2020-8625]: Fix off-by-one bug in ISC SPNEGO implementation.
(Closes: #983004)
* Adjust the bind9-libs and bind9-dev packages for new upstream library
names
-- Ondřej Surý <ondrej@debian.org> Thu, 18 Feb 2021 08:13:58 +0100
bind9 (1:9.16.11-3) unstable; urgency=medium
* Split the simple validation test to separate file and mark it as flaky
(Closes: #976045)
-- Ondřej Surý <ondrej@debian.org> Sun, 14 Feb 2021 20:04:39 +0100
bind9 (1:9.16.11-2) unstable; urgency=medium
* Cherry-pick upstream commit to fix segfault with named ACLs used in
allow-update (Closes: #980786)
-- Bernhard Schmidt <berni@debian.org> Fri, 29 Jan 2021 08:27:31 +0100
bind9 (1:9.16.11-1) unstable; urgency=medium
* Add the ISC code-signing key for 2021-2022
* New upstream version 9.16.11
-- Ondřej Surý <ondrej@debian.org> Thu, 21 Jan 2021 09:58:33 +0100
bind9 (1:9.16.10-1) unstable; urgency=medium
* New upstream version 9.16.10
-- Ondřej Surý <ondrej@debian.org> Wed, 16 Dec 2020 22:22:25 +0100
bind9 (1:9.16.9-1) unstable; urgency=medium
* New upstream version 9.16.9
-- Ondřej Surý <ondrej@debian.org> Thu, 26 Nov 2020 12:52:28 +0100
bind9 (1:9.16.8-1) unstable; urgency=medium
[ Ondřej Surý ]
* New upstream version 9.16.8
[ Bernhard Schmidt ]
* d/t/control:
- tag autopkgtest with needs-internet (Closes: #973955)
- depend on bind9-dnsutils insead of the transitional dnsutils
* d/rules: change deprecated --with-libjson-c configure argument to
--with-json-c
-- Bernhard Schmidt <berni@debian.org> Mon, 09 Nov 2020 23:03:53 +0100
bind9 (1:9.16.7-1) unstable; urgency=medium
* New upstream version 9.16.7
-- Ondřej Surý <ondrej@debian.org> Thu, 17 Sep 2020 10:36:51 +0200
bind9 (1:9.16.6-3) unstable; urgency=medium
[ Ondřej Surý ]
* Add upstream patches to fix some rare conditions (Closes: #969448)
[ Bernhard Schmidt ]
* Set Restart=on-failure in systemd unit
-- Bernhard Schmidt <berni@debian.org> Tue, 15 Sep 2020 00:26:14 +0200
bind9 (1:9.16.6-2) unstable; urgency=medium
* Move Build-Depends for documentation to Build-Depends-Indep, this
should fix the arch-any build on s390x where xindy is not available.
-- Bernhard Schmidt <berni@debian.org> Sat, 22 Aug 2020 20:06:00 +0200
bind9 (1:9.16.6-1) unstable; urgency=medium
* New upstream version 9.16.6
-- Ondřej Surý <ondrej@debian.org> Thu, 20 Aug 2020 21:32:46 +0200
bind9 (1:9.16.5-1) unstable; urgency=medium
* New upstream version 9.16.5
* Add fonts-freefont-otf, latexmk, texlive-fonts-recommended,
texlive-latex-recommended, texlive-xetex, xindy to Build-Depends
* Install man pages for tsig-gen and named-compilezone
-- Ondřej Surý <ondrej@debian.org> Thu, 16 Jul 2020 00:29:57 +0200
bind9 (1:9.16.4-1) unstable; urgency=medium
* New upstream version 9.16.4
* Update Debian packaging for sphinx-doc documentation
-- Ondřej Surý <ondrej@debian.org> Wed, 17 Jun 2020 09:27:29 +0200
bind9 (1:9.16.3-1) unstable; urgency=medium
* New upstream version 9.16.3
-- Ondřej Surý <ondrej@debian.org> Tue, 19 May 2020 14:14:35 +0200
bind9 (1:9.16.2-3) unstable; urgency=medium
[ Simon Deziel ]
* apparmor: use profile name specifier
-- Bernhard Schmidt <berni@debian.org> Thu, 23 Apr 2020 11:45:43 +0200
bind9 (1:9.16.2-2) unstable; urgency=medium
* Update gbp.conf to debian/master and upstream/latest
* Reintroduce the bind9-dev package (Closes: #954906)
-- Ondřej Surý <ondrej@debian.org> Thu, 16 Apr 2020 12:14:44 +0200
bind9 (1:9.16.2-1) unstable; urgency=medium
* Update d/copyright (Closes: #947978)
* New upstream version 9.16.2 (Closes: #952946, #954919)
-- Ondřej Surý <ondrej@debian.org> Thu, 16 Apr 2020 10:07:07 +0200
bind9 (1:9.16.1-2) unstable; urgency=medium
[ Andreas Hasenack ]
* Bring back the DEP8 test from sid
* Use iproute2 instead of net-tools
* d/control: drop hardcoded python3 dependency
[ Bernhard Schmidt ]
* Fix apparmor profile name.
Thanks to Andreas Hasenack
* Enable readline support
[ Andreas Hasenack ]
* Update apparmor profile with what is in sid
* Create the missing transitional packages for dnsutils, bind9utils
* There is a licensing conflict with adding libreadline and we should
use libedit-dev instead.
[ Ondřej Surý ]
* Add Breaks: freeipa, so the package doesn't migrate to testing before freeipa is fixed
-- Ondřej Surý <ondrej@debian.org> Sun, 22 Mar 2020 09:21:21 +0100
bind9 (1:9.16.1-1) experimental; urgency=medium
* New upstream version 9.16.1
-- Ondřej Surý <ondrej@debian.org> Fri, 20 Mar 2020 13:59:34 +0100
bind9 (1:9.16.0-1) experimental; urgency=medium
* Change the branch to 9.16
* New upstream version 9.16.0
-- Ondřej Surý <ondrej@debian.org> Thu, 20 Feb 2020 10:54:34 +0100
bind9 (1:9.15.8-1) experimental; urgency=medium
* New upstream version 9.15.8
-- Ondřej Surý <ondrej@debian.org> Thu, 23 Jan 2020 14:58:01 +0100
bind9 (1:9.15.7-1) experimental; urgency=medium
* Add libuv1-dev, libcmocka-dev, libedit-dev and zlib1g-dev to B-D
* Update d/watch to use tar.xz
* New upstream version 9.15.7
-- Ondřej Surý <ondrej@debian.org> Thu, 19 Dec 2019 09:40:52 +0100
bind9 (1:9.15.6-1) experimental; urgency=medium
* Remove useless patches
* New upstream version 9.15.6
-- Ondřej Surý <ondrej@debian.org> Wed, 20 Nov 2019 21:58:06 +0100
bind9 (1:9.15.5-1) experimental; urgency=medium
* New upstream version 9.15.5
* Install python files to dist-packages (Courtesy of Jim Popovitch)
* Remove GPL licensed apport file until one with better license is available
* Remove debian/nslookup.1
* Remove 4-clause BSD content from the package
-- Ondřej Surý <ondrej@sury.org> Thu, 17 Oct 2019 08:41:55 +0200
bind9 (1:9.15.4-1) unstable; urgency=medium
* New upstream version 9.15.4
-- Ondřej Surý <ondrej@sury.org> Mon, 23 Sep 2019 11:54:32 +0200
bind9 (1:9.15.3-2) unstable; urgency=medium
* Fix the section for bind9 alias in the systemd unit [GL #1193]
-- Ondřej Surý <ondrej@sury.org> Wed, 28 Aug 2019 21:35:44 +0200
bind9 (1:9.15.3-1) unstable; urgency=medium
* New upstream version 9.15.3
* isc-config has been removed, remove it from the debian/
-- Ondřej Surý <ondrej@sury.org> Mon, 26 Aug 2019 10:26:41 +0200
bind9 (1:9.15.2-2) unstable; urgency=medium
* Tighten libmaxminddb-dev dependency
* Install the tmpfile for named service again
-- Ondřej Surý <ondrej@sury.org> Wed, 07 Aug 2019 11:11:13 +0200
bind9 (1:9.15.2-1) unstable; urgency=medium
* New upstream version 9.15.2
* Disable old GeoIP and enable new GeoIP2
-- Ondřej Surý <ondrej@sury.org> Thu, 18 Jul 2019 10:09:29 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog bind9-dnsutils`.
Generated by dwww version 1.16 on Tue Dec 16 06:32:29 CET 2025.