Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/unbound.git#cf0e47e9b70b8c471b740bc51ede0a1ee2bfa0a6
This commit is contained in:
DistroBaker 2021-02-11 16:57:05 +00:00
parent fe0201bcb3
commit 218baa837d
4 changed files with 41 additions and 27 deletions

2
.gitignore vendored
View File

@ -63,3 +63,5 @@ unbound-1.4.5.tar.gz
/unbound-1.12.0.tar.gz.asc /unbound-1.12.0.tar.gz.asc
/unbound-1.13.0.tar.gz /unbound-1.13.0.tar.gz
/unbound-1.13.0.tar.gz.asc /unbound-1.13.0.tar.gz.asc
/unbound-1.13.1.tar.gz
/unbound-1.13.1.tar.gz.asc

View File

@ -1,2 +1,2 @@
SHA512 (unbound-1.13.0.tar.gz) = d4f3c5a7df5d46f8b1ee32b61e68bdc0d63030820d236ecc51bc3ac356d15248acb9a5e0b6009e1936b03b751e8dd05a071a95ab239fdbbbb308442a59642ad5 SHA512 (unbound-1.13.1.tar.gz) = f4d26dca28dbcc33a5e65a55147fa01077c331292e88b6a87798cb6c3d4edb0515015d131fd893c92b74d22d9998a640f0adce404e6192d61ebe69a6a599287c
SHA512 (unbound-1.13.0.tar.gz.asc) = 924396fe8c92945386cedcfd5a52ec65b892b3dac20f2b6bf7dd99f7e263f5e3a11ce1f8f6ccc8107529c3be81d6b61d14e66bdda2d3e5c8bc8a8462b93c7d84 SHA512 (unbound-1.13.1.tar.gz.asc) = a4a943841c4db14b2d236b4b80ac80129148c42f7b3d82246b0e0150c1e3e3e294863d5c72d1ac41c2164126d1d10f9044554f97aa6d94019acb41b5f7ed7d34

View File

@ -328,7 +328,7 @@ server:
# The pid file can be absolute and outside of the chroot, it is # The pid file can be absolute and outside of the chroot, it is
# written just prior to performing the chroot and dropping permissions. # written just prior to performing the chroot and dropping permissions.
# #
# Additionally, unbound may need to access /dev/random (for entropy). # Additionally, unbound may need to access /dev/urandom (for entropy).
# How to do this is specific to your OS. # How to do this is specific to your OS.
# #
# If you give "" no chroot is performed. The path must not end in a /. # If you give "" no chroot is performed. The path must not end in a /.
@ -393,6 +393,9 @@ server:
# enable to not answer version.server and version.bind queries. # enable to not answer version.server and version.bind queries.
# hide-version: no # hide-version: no
# NSID identity (hex string, or "ascii_somestring"). default disabled.
# nsid: "aabbccdd"
# enable to not answer trustanchor.unbound queries. # enable to not answer trustanchor.unbound queries.
# hide-trustanchor: no # hide-trustanchor: no
@ -413,7 +416,7 @@ server:
# target-fetch-policy: "3 2 1 0 0" # target-fetch-policy: "3 2 1 0 0"
# Harden against very small EDNS buffer sizes. # Harden against very small EDNS buffer sizes.
# harden-short-bufsize: no # harden-short-bufsize: yes
# Harden against unseemly large queries. # Harden against unseemly large queries.
# harden-large-queries: no # harden-large-queries: no
@ -624,6 +627,13 @@ server:
# A recommended value is 1800. # A recommended value is 1800.
# serve-expired-client-timeout: 0 # serve-expired-client-timeout: 0
# Return the original TTL as received from the upstream name server rather
# than the decrementing TTL as stored in the cache. Enabling this feature
# does not impact cache expiry, it only changes the TTL unbound embeds in
# responses to queries. Note that enabling this feature implicitly disables
# enforcement of the configured minimum and maximum TTL.
# serve-original-ttl: no
# Have the validator log failed validations for your diagnosis. # Have the validator log failed validations for your diagnosis.
# 0: off. 1: A line per failed user query. 2: With reason and bad IP. # 0: off. 1: A line per failed user query. 2: With reason and bad IP.
val-log-level: 1 val-log-level: 1
@ -733,8 +743,10 @@ server:
# o inform acts like transparent, but logs client IP address # o inform acts like transparent, but logs client IP address
# o inform_deny drops queries and logs client IP address # o inform_deny drops queries and logs client IP address
# o inform_redirect redirects queries and logs client IP address # o inform_redirect redirects queries and logs client IP address
# o always_transparent, always_refuse, always_nxdomain, resolve in # o always_transparent, always_refuse, always_nxdomain, always_nodata,
# that way but ignore local data for that name # always_deny resolve in that way but ignore local data for
# that name
# o always_null returns 0.0.0.0 or ::0 for any name in the zone.
# o noview breaks out of that view towards global local-zones. # o noview breaks out of that view towards global local-zones.
# #
# defaults are localhost address, reverse for 127.0.0.1 and ::1 # defaults are localhost address, reverse for 127.0.0.1 and ::1
@ -784,6 +796,12 @@ server:
# cipher setting for TLSv1.3 # cipher setting for TLSv1.3
# tls-ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" # tls-ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
# Pad responses to padded queries received over TLS
# pad-responses: yes
# Padded responses will be padded to the closest multiple of this size.
# pad-responses-block-size: 468
# Use the SNI extension for TLS connections. Default is yes. # Use the SNI extension for TLS connections. Default is yes.
# Changing the value requires a reload. # Changing the value requires a reload.
# tls-use-sni: yes # tls-use-sni: yes
@ -806,6 +824,12 @@ server:
# Add system certs to the cert bundle, from the Windows Cert Store # Add system certs to the cert bundle, from the Windows Cert Store
# tls-win-cert: no # tls-win-cert: no
# Pad queries over TLS upstreams
# pad-queries: yes
# Padded queries will be padded to the closest multiple of this size.
# pad-queries-block-size: 128
# Also serve tls on these port numbers (eg. 443, ...), by listing # Also serve tls on these port numbers (eg. 443, ...), by listing
# tls-additional-port: portno for each of the port numbers. # tls-additional-port: portno for each of the port numbers.
@ -825,22 +849,6 @@ server:
# service. # service.
# http-nodelay: yes # http-nodelay: yes
# HTTP endpoint to provide DNS-over-HTTPS service on.
# http-endpoint: "/dns-query"
# HTTP/2 SETTINGS_MAX_CONCURRENT_STREAMS value to use.
# http-max-streams: 100
# Maximum number of bytes used for all HTTP/2 query buffers.
# http-query-buffer-size: 4m
# Maximum number of bytes used for all HTTP/2 response buffers.
# http-response-buffer-size: 4m
# Set TCP_NODELAY socket option on sockets used for DNS-over-HTTPS
# service.
# http-nodelay: yes
# Disable TLS for DNS-over-HTTP downstream service. # Disable TLS for DNS-over-HTTP downstream service.
# http-notls-downstream: no # http-notls-downstream: no
@ -1115,7 +1123,7 @@ auth-zone:
# IPSet # IPSet
# Add specify domain into set via ipset. # Add specify domain into set via ipset.
# Note: To enable ipset unbound needs run as root user. # Note: To enable ipset unbound needs to run as root user.
# ipset: # ipset:
# # set name for ip v4 addresses # # set name for ip v4 addresses
# name-v4: "list-v4" # name-v4: "list-v4"
@ -1130,7 +1138,7 @@ auth-zone:
# dnstap-enable: no # dnstap-enable: no
# # if set to yes frame streams will be used in bidirectional mode # # if set to yes frame streams will be used in bidirectional mode
# dnstap-bidirectional: yes # dnstap-bidirectional: yes
# dnstap-socket-path: "" # dnstap-socket-path: "/etc/unbound/dnstap.sock"
# # if "" use the unix socket in dnstap-socket-path, otherwise, # # if "" use the unix socket in dnstap-socket-path, otherwise,
# # set it to "IPaddress[@port]" of the destination. # # set it to "IPaddress[@port]" of the destination.
# dnstap-ip: "" # dnstap-ip: ""
@ -1166,7 +1174,7 @@ auth-zone:
# rpz: # rpz:
# name: "rpz.example.com" # name: "rpz.example.com"
# zonefile: "rpz.example.com" # zonefile: "rpz.example.com"
# master: 192.0.2.0 # primary: 192.0.2.0
# allow-notify: 192.0.2.0/32 # allow-notify: 192.0.2.0/32
# url: http://www.example.com/rpz.example.org.zone # url: http://www.example.com/rpz.example.org.zone
# rpz-action-override: cname # rpz-action-override: cname

View File

@ -36,8 +36,8 @@
Summary: Validating, recursive, and caching DNS(SEC) resolver Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound Name: unbound
Version: 1.13.0 Version: 1.13.1
Release: 2%{?extra_version:.%{extra_version}}%{?dist} Release: 1%{?extra_version:.%{extra_version}}%{?dist}
License: BSD License: BSD
Url: https://nlnetlabs.nl/projects/unbound/ Url: https://nlnetlabs.nl/projects/unbound/
Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
@ -458,6 +458,10 @@ popd
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key %attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
%changelog %changelog
* Wed Feb 10 2021 Paul Wouters <pwouters@redhat.com> - 1.13.1-1
- Resolves rhbz#1860887 unbound-1.13.1 is available
- Fixup unbound.conf
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.0-2 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild