diff --git a/.gitignore b/.gitignore index 85c3c60..9241e5c 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ unbound-1.4.5.tar.gz /unbound-1.5.5.tar.gz /unbound-1.5.6.tar.gz /unbound-1.5.7.tar.gz +/unbound-1.5.8.tar.gz diff --git a/sources b/sources index 219747e..146be70 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a1253cbbb339dbca03404dcc58365d71 unbound-1.5.7.tar.gz +1c34282bae0c625b86374ee9caaef6f7 unbound-1.5.8.tar.gz diff --git a/unbound.conf b/unbound.conf index 7e30946..313096c 100644 --- a/unbound.conf +++ b/unbound.conf @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.5.7. +# See unbound.conf(5) man page, version 1.5.8. # # this is a comment. @@ -106,7 +106,8 @@ server: # use IP_TRANSPARENT so the interface: addresses can be non-local # and you can config non-existing IPs that are going to work later on - # ip-transparent: no + # (uses IP_BINDANY on FreeBSD). + ip-transparent: yes # EDNS reassembly buffer to advertise to UDP peers (the actual buffer # is set with msg-buffer-size). 1480 can solve fragmentation (timeouts). @@ -192,6 +193,14 @@ server: # useful for tunneling scenarios, default no. # tcp-upstream: no + # Maximum segment size (MSS) of TCP socket on which the server + # responds to queries. Default is 0, system default MSS. + # tcp-mss: 0 + + # Maximum segment size (MSS) of TCP socket for outgoing queries. + # Default is 0, system default MSS. + # outgoing-tcp-mss: 0 + # Detach from the terminal, run in background, "yes" or "no". # do-daemonize: yes @@ -324,7 +333,7 @@ server: # Use 0x20-encoded random bits in the query to foil spoof attempts. # This feature is an experimental implementation of draft dns-0x20. # (enabling used to cause some failures, like on GoDaddy customer domains) - use-caps-for-id: no + # use-caps-for-id: no # Domains (and domains in them) without support for dns-0x20 and # the fallback fails because they keep sending different answers. @@ -506,6 +515,7 @@ server: # local-zone: "localhost." nodefault # local-zone: "127.in-addr.arpa." nodefault # local-zone: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." nodefault + # local-zone: "onion." nodefault # local-zone: "10.in-addr.arpa." nodefault # local-zone: "16.172.in-addr.arpa." nodefault # local-zone: "17.172.in-addr.arpa." nodefault @@ -546,6 +556,10 @@ server: # leakage of local lan information. # unblock-lan-zones: no + # The insecure-lan-zones option disables validation for + # these zones, as if they were all listed as domain-insecure. + # insecure-lan-zones: no + # a number of locally served zones can be configured. # local-zone: # local-data: "" diff --git a/unbound.spec b/unbound.spec index a49daf5..66422ed 100644 --- a/unbound.spec +++ b/unbound.spec @@ -20,8 +20,8 @@ Summary: Validating, recursive, and caching DNS(SEC) resolver Name: unbound -Version: 1.5.7 -Release: 3%{?extra_version:.%{extra_version}}%{?dist} +Version: 1.5.8 +Release: 1%{?extra_version:.%{extra_version}}%{?dist} License: BSD Url: http://www.nlnetlabs.nl/unbound/ Source: http://www.unbound.net/downloads/%{name}-%{version}%{?extra_version}.tar.gz @@ -44,8 +44,6 @@ Source15: unbound-anchor.timer Source16: unbound-munin.README Source17: unbound-anchor.service -Patch0: unbound-1.5.7-bz1294339.patch - Group: System Environment/Daemons BuildRequires: flex, openssl-devel BuildRequires: libevent-devel expat-devel @@ -143,10 +141,6 @@ mv %{pkgname} %{pkgname}_python2 pushd %{pkgname}_python2 %endif # with_python -#Add patches here -%patch0 -p1 -b .bz1294339 - - # only for snapshots # autoreconf -iv @@ -433,6 +427,11 @@ popd %changelog +* Wed Mar 02 2016 Paul Wouters - 1.5.8-1 +- Update to 1.5.8 which incorporates rhbz#1294339 fix +- Updated unbound.conf with new upstream options +- Enabled ip-transparent: yes (see rhbz#1291449) + * Fri Feb 05 2016 Fedora Release Engineering - 1.5.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild