pdns-recursor (3.5.3-1ubuntu0.1) trusty-security; urgency=high

  * SECURITY UPDATE:
  * References
  * CVE-2014-8601: PowerDNS Recursor before 3.6.2 does not limit delegation
    chaining, which allows remote attackers to cause a denial of service
    ("performance degradations") via a large or infinite number of referrals,
    as demonstrated by resolving domains hosted by ezdns.it.
    - Added debian/patches/CVE-2014-8601.patch
  * CVE-2015-1868: The label decompression functionality in PowerDNS Recursor
    3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth)
    Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote
    attackers to cause a denial of service (CPU consumption or crash) via a
    request with a name that refers to itself.
    - Added debian/patches/CVE-2015-1868.patch
  * CVE-2015-5470: The label decompression functionality in PowerDNS Recursor
    before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before
    3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of
    service (CPU consumption or crash) via a request with a long name that
    refers to itself. NOTE: this vulnerability exists because of an incomplete
    fix for CVE-2015-1868.
    - Added debian/patches/CVE-2015-1868-2.patch
  * CVE-2016-7068: Florian Heinz and Martin Kluge reported that pdns-recursor
    parses all records present in a query regardless of whether they are
    needed or even legitimate, allowing a remote, unauthenticated attacker to
    cause an abnormal CPU usage load on the pdns server, resulting in a
    partial denial of service if the system becomes overloaded.
    - Added debian/patches/CVE-2016-7068.patch
  * Add debian/patches/qtypes.patch so qtypes required for CVE-2016-7068.patch
    are available

 -- Scott Kitterman <scott@kitterman.com>  Fri, 13 Jan 2017 15:20:50 -0500

pdns-recursor (3.5.3-1) unstable; urgency=low

  * New upstream version

 -- Matthijs Möhlmann <matthijs@cacholong.nl>  Sun, 22 Sep 2013 14:45:58 +0200

pdns-recursor (3.5.2-2) unstable; urgency=low

  * Enable on all architectures (Closes: #579194)

 -- Matthijs Möhlmann <matthijs@cacholong.nl>  Sat, 24 Aug 2013 16:13:37 +0200

pdns-recursor (3.5.2-1) unstable; urgency=low

  * New upstream version (Closes: #710048, #682851, #671592, #697355, #649724)
    - Refresh patches
  * Improve the patch to make pdns-recursor less chatty
  * Standards-Version: 3.9.4 (no changes necessary)
  * Remove pdns_hw on cleanup (Closes: #652833)

 -- Matthijs Möhlmann <matthijs@cacholong.nl>  Tue, 06 Aug 2013 21:43:01 +0200

pdns-recursor (3.3-3) unstable; urgency=low

  * new maintainer team
  * new Vcs links
  * add Homepage
  * debhelper 9 (enable hardening) (Closes: 656859)
  * prepare new version
  * set unapply-patches
  * set Architecture to "all but arm{el,hf}" (Closes: 661959)
  * Standards-Version: 3.9.3 (no changes necessary)

 -- Marc Haber <mh+debian-packages@zugschlus.de>  Mon, 18 Jun 2012 14:45:50 +0000

pdns-recursor (3.3-2) unstable; urgency=low

  * Fix my name in the init script and debian/control too.
  * Update Standards-Version to 3.9.2
  * Use new build system dh instead of individual dh_* commands.

 -- Matthijs Möhlmann <matthijs@cacholong.nl>  Mon, 08 Aug 2011 11:56:58 +0200

pdns-recursor (3.3-1) unstable; urgency=low

  * New upstream release. (Closes: #565052)
  * Init loop is fixed in pdns (Closes: #594805)
  * Now my name is spelled correctly.
  * Update Standards-Version to 3.9.1
  * Update the recursor.conf and include new configuration parameters.
  * Add debug package (Closes: #594243)

 -- Matthijs Möhlmann <matthijs@cacholong.nl>  Sat, 22 Jan 2011 16:39:02 +0100

pdns-recursor (3.2-4) unstable; urgency=high

  * Upgrading from a previous version fails when the pdns-recursor isn't
    started, this is RC bug hence urgency high. (Closes: #565415)
  * Fix watch file
  * Fix FTBFS on hurd again.

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Tue, 20 Jul 2010 13:42:45 +0200

pdns-recursor (3.2-3) unstable; urgency=low

  * Add watch file
  * Switch to dpkg-source 3.0 (quilt) format
  * Fix FTBFS on hurd
  * Update logcheck rules. (Closes: #588135)
  * Update Standards-Version to 3.9.0
  * Use dh_installinit instead of the pdns-recursor.install file.

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Mon, 19 Jul 2010 14:39:02 +0200

pdns-recursor (3.2-2) unstable; urgency=low

  * Remove Christoph Haas from Uploaders. Thanks for the great work!
  * Add fix for FTBFS thanks to Petr Salinger <Petr.Salinger@seznam.cz>
    (Closes: #575006)
  * Make pdns-recursor on startup less chatty (Closes: #438469)

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Sat, 03 Apr 2010 13:46:23 +0200

pdns-recursor (3.2-1) unstable; urgency=low

  * New upstream version.
  * Update Standards-Version to 3.8.4
  * Fix boot order, thanks to Petter Reinholdtsen (Closes: #566877)
  * All architectures enabled, needs testing (Closes: #489925)

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Wed, 17 Mar 2010 10:59:28 +0100

pdns-recursor (3.1.7.2-1) unstable; urgency=high

  * New upstream version. (CVE-2009-4009 and CVE-2009-4010) (Closes: #564145)
  * Make lintian happy.
  * Now really add sh4 to the architecture list. (Closes: #551153)

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Fri, 08 Jan 2010 18:14:44 +0100

pdns-recursor (3.1.7.1-4) unstable; urgency=low

  * Add mips, mipsel and sh4 to the supported list of architectures, only arm,
    armel and armeb are missing. See #369453 (Closes: #551153)

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Fri, 06 Nov 2009 18:09:29 +0100

pdns-recursor (3.1.7.1-3) unstable; urgency=low

  * Update incorrect dependencies in the init.d script. (Closes: #547033)

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Sun, 11 Oct 2009 18:46:58 +0200

pdns-recursor (3.1.7.1-2) unstable; urgency=low

  * Fixing FTBFS on several archs (Closes: #540867, #541689)
  * Added hppa and sparc architectures. See #489925, leaving open because of
    more unsupported architectures.

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Sun, 16 Aug 2009 15:39:54 +0200

pdns-recursor (3.1.7.1-1) unstable; urgency=low

  * New upstream release (Closes: #497920)
  * Using new patch system quilt.
  * Updated Standards-Version to 3.8.2
  * Enable lua scripting support (Closes: #534893)

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Sun, 09 Aug 2009 12:58:06 +0200

pdns-recursor (3.1.7-5) unstable; urgency=low

  * Fix FTBFS bug with GCC 4.4 (closes: #506003)
  * Make pdns-recursor available on hppa and sparc (closes: #489925)
    by adding libc6-dev in a recent version to debian/control

 -- Christoph Haas <haas@debian.org>  Wed, 13 May 2009 21:36:55 +0200

pdns-recursor (3.1.7-4) unstable; urgency=low

  * Fix FTBFS bug (closes: #528164)

 -- Christoph Haas <haas@debian.org>  Mon, 11 May 2009 22:24:44 +0200

pdns-recursor (3.1.7-3) unstable; urgency=low

  * Fixed repository URL (SVN->Git)
  * Increased policy version to 3.8.0 (lintian warning)
  * Added proper description for gcc-4.2-ftbfs-fix.dpatch dpatch
    (lintian warning)
  * Fixed PIDFILE setting in init.d script (thanks to Serge Belyshev)

 -- Christoph Haas <haas@debian.org>  Sun, 14 Sep 2008 22:48:59 +0200

pdns-recursor (3.1.7-2) unstable; urgency=low

  * Regard return code from stopping pdns in init.d script (Closes: #478593) 
  * Fixed init.d script's force-stop function.

 -- Christoph Haas <haas@debian.org>  Sun, 14 Sep 2008 17:36:42 +0200

pdns-recursor (3.1.7-1) unstable; urgency=low

  * New upstream version (Closes: #490069) (Closes: #477130)
  * init.d scripts gets socket-dir information from recursor.conf
    (Closes: #471568)
  * Added config file directives
  * Set dont-query to nothing so it won't break pre-3.1.7 configs. (Closes: #476841)

 -- Christoph Haas <haas@debian.org>  Mon, 31 Mar 2008 21:51:59 +0200

pdns-recursor (3.1.4-6) unstable; urgency=low

  * Standards-Version 3.7.3.0
  * Remove pdns_hw too on cleanup.
  * Fix for truncating long TXT queries (Closes: #462114)
  * Don't ignore build errors (Closes: #462128)
  * Build option noopt was inoperative (Closes: #462126)
  * Added gcc 4.3 fixes from upstream (Closes: #455631)

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Wed, 13 Feb 2008 22:49:08 +0100

pdns-recursor (3.1.4-5) unstable; urgency=low

  * daemon=no is now working if used in /etc/powerdns/recursor.conf
    (Closes: #440020)
  * patch added to reflect change of L root server (Closes: #449483)
  * Makefile patched to prevent stripping of binaries (Closes: #437765)

 -- Christoph Haas <haas@debian.org>  Fri, 09 Nov 2007 21:57:58 +0100

pdns-recursor (3.1.4-4) unstable; urgency=low

  * Update to debhelper 5.
  * Fix lintian warning: debian-rules-sets-DH_COMPAT.
  * Restore the changelog, it was partly removed by accident. (Closes: #421393)
  * Fix FTBFS with gcc-4.2 (Closes: #387113)

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Sun, 03 Jun 2007 15:11:22 +0200

pdns-recursor (3.1.4-3) unstable; urgency=low

  * Stop/stop script does not return an error code when being called as
    'stop' when the service is actually not running. (Closes: #406428)

 -- Debian PowerDNS Maintainers <powerdns-debian@workaround.org>  Wed, 21 Feb 2007 23:10:00 +0200

pdns-recursor (3.1.4-2) unstable; urgency=medium

  * Run pdns-recursor by default as non-privileged user. (Closes: #399669)
  * swapcontext is supported by kfreebsd (Fixes a FTBFS) (Closes: #403746)
  * Added lsb-base to the dependencies. (Closes: #402732)

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Mon, 25 Dec 2006 14:00:10 +0100

pdns-recursor (3.1.4-1) unstable; urgency=medium

  * New upstream release.

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Sun, 12 Nov 2006 23:52:20 +0100

pdns-recursor (3.1.3-3) unstable; urgency=low

  [ Matthijs Mohlmann ]
  * Don't build pdns-recursor for the following architectures: arm, mips,
    mipsel, hppa and sparc. No support for swapcontext system call.
    (Closes: #395801)
  * Fix a big endian problem with TCP processing large answers.
  * Fix a crash on any record we couldn't properly print for whatever reason.

 -- Matthijs Mohlmann <matthijs@cacholong.nl>  Sun, 29 Oct 2006 17:50:34 +0100

pdns-recursor (3.1.3-2) unstable; urgency=low

  * Added patch to close a connectionless socket on an error.
  * Added patch to fix a FD leak.
  * Added missing lsb keyword Short-Description.

 -- Debian PowerDNS Maintainers <powerdns-debian@workaround.org>  Sun,  1 Oct 2006 14:52:46 +0200

pdns-recursor (3.1.3-1) unstable; urgency=low

  * New upstream release.
  * Make a lsb compliant init script, fixes a lintian warning.

 -- Debian PowerDNS Maintainers <powerdns-debian@workaround.org>  Thu, 14 Sep 2006 21:20:56 +0200

pdns-recursor (3.1.2-2) unstable; urgency=low

  * Added patch to fix crashes on 64bit platforms (Closes: #380403)
  * Added patch to prevent overwriting of auth data by unauth data.
  * Fix a small memleak.

 -- Debian PowerDNS Maintainers <powerdns-debian@workaround.org>  Sun,  6 Aug 2006 13:20:45 +0200

pdns-recursor (3.1.2-1) unstable; urgency=low

  * New upstream release.
  * Drop build-with-g++-4.1 patch. g++ 4.1 is default now. (Closes: #376696)
  * Fixed minor typo in recursor.conf (Closes: #369957)
  * Add logcheck rule for pdns-recursor to suppress logcheck warnings.
    (Closes: #367702)

 -- Debian PowerDNS Maintainers <powerdns-debian@workaround.org>  Tue,  4 Jul 2006 19:16:19 +0200

pdns-recursor (3.1.1-1) unstable; urgency=low

  * New upstream version.

 -- Debian PowerDNS Maintainers <powerdns-debian@workaround.org>  Wed, 24 May 2006 19:41:09 +0200

pdns-recursor (3.0.1-1) unstable; urgency=low

  * New upstream release (Closes: #366681)

 -- Debian PowerDNS Maintainers <powerdns-debian@workaround.org>  Tue, 25 Apr 2006 21:27:26 +0200
