- security isseues
  . CVE-2020-8617 Correct tests covering
  . CVE-2020-8616 Limit number of queries triggered by a request
  . CVE-2020-8617 Fix invalid tsig request

- rebuild on AN2
- Fix CVE-2018-5743

- Fix CVE-2018-5740

- Fix CVE-2017-3145

- Fix CVE-2017-3145

- Fix CVE-2017-3142 and CVE-2017-3143

- Fix DNSKEY that encountered a CNAME (#1447869, ISC change 3391)

- Fix CVE-2017-3136 (ISC change 4575)
- Fix CVE-2017-3137 (ISC change 4578)

- Fix and test caching CNAME before DNAME (ISC change 4558)

- Fix CVE-2016-9147 (ISC change 4510)
- Fix regression introduced by CVE-2016-8864 (ISC change 4530)

- Fix CVE-2016-8864
  A denial of service flaw was found in the way BIND handled responses
  containing a DNAME answer. A remote attacker could use this flaw to make
  named exit unexpectedly with an assertion failure via a specially crafted
  DNS response.

- Fix CVE-2016-2848
  allows remote attackers to cause a denial of service (assertion failure and
  daemon exit) via malformed options data in an OPT resource record.

- Fix CVE-2016-2776

- security issues
  . Fix CVE-2016-1285
    named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows
    remote attackers to cause a denial of service (assertion failure and daemon
    exit) via a malformed packet to the rndc (aka control channel) interface,
    related to alist.c and sexpr.c.

  . Fix CVE-2016-1286
    named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows
    remote attackers to cause a denial of service (assertion failure and daemon
    exit) via a crafted signature record for a DNAME record, related to db.c and
    resolver.c.

- security issues
  . Fix CVE-2016-1285
    named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows
    remote attackers to cause a denial of service (assertion failure and daemon
    exit) via a malformed packet to the rndc (aka control channel) interface,
    related to alist.c and sexpr.c.

  . Fix CVE-2016-1286
    named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows
    remote attackers to cause a denial of service (assertion failure and daemon
    exit) via a crafted signature record for a DNAME record, related to db.c and
    resolver.c.

- security issues
  . Fix CVE-2015-8704
    apl_42.c in ISC BIND 9.x before 9.9.8-P3 and 9.9.x and 9.10.x before
    9.10.3-P3 allows remote authenticated users to cause a denial of service
    (INSIST assertion failure and daemon exit) via a malformed Address Prefix
    List (APL) record.

- security issues
  . Fix CVE-2015-8000
    A denial of service flaw was found in the way BIND processed certain
    records with malformed class attributes. A remote attacker could use this
    flaw to send a query to request a cached record with a malformed class
    attribute that would cause named functioning as an authoritative or
    recursive server to crash.

- security issues
  . Fix CVE-2015-5722
    A flaw was found in the way BIND handled requests for TKEY DNS resource
    records. A remote attacker could use this flaw to make named (functioning
    as an authoritative DNS server or a DNS resolver) exit unexpectedly with
    an assertion failure via a specially crafted DNS request packet.

- Apply previously not applied patch for CVE-2015-5722

- security issues
  . Fix CVE-2015-5477
    named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows
    remote attackers to cause a denial of service (REQUIRE assertion failure
    and daemon exit) via TKEY queries.

- security issues
  . Fix CVE-2015-4620
    name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x
    before 9.10.2-P2, when configured as a recursive resolver with DNSSEC
    validation, allows remote attackers to cause a denial of service (REQUIRE
    assertion failure and daemon exit) by constructing crafted zone data and
    then making a query for a name in that zone.

- DNS resolution failure in high load environment with SERVFAIL and "out of memory/success" in the log (#1220366)

- security issues
  . CVE-2015-1349
    named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before
    9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled,
    allows remote attackers to cause a denial of service (assertion failure and
    daemon exit, or daemon crash) by triggering an incorrect trust-anchor
    management scenario in which no key is ready for use.

- security issues
  . CVE-2014-8500 (#1171973) 
    ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through
    9.10.1 does not limit delegation chaining, which allows remote attackers
    to cause a denial of service (memory consumption and named crash) via a
    large or infinite number of referrals.

- add geodns patch
  GEOIP_NOCHK="no" in /etc/sysconfig/named
  https://code.google.com/p/bind-geoip/wiki/UsageGuide

- rebuild for AnNyung 2.4
- https://rhn.redhat.com/errata/RHBA-2014-1373.html

- Refix gssapictx memory leak (#911167)
- security issues
  . CVE-2014-0591 named crash when handling malformed NSEC3-signed zones

- Fix gssapictx memory leak (#996955)

- security issues
  . CVE-2013-4854 crash with an assertion failure on parsing malformed rdata

- ship dns/rrl.h in -devel subpkg
- security issues
  . CVE-2013-2266 libdns regular expressions excessive resource consumption DoS

- add response rate limit patch (#873624)
- remove one bogus file from /usr/share/doc, introduced by RRL patch
- security issues
  . CVE-2012-5689
    denial of service when processing queries and with both DNS64 and RPZ enabled

- repackaging only chroot mode

- repackaging only chroot mode

- repackaging only chroot mode

- repackaging only chroot mode