Update to 1.15.0
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-15-0
- Fix #596: unset the RA bit when a query is blocked by an unbound RPZ nxdomain reply.
The option rpz-signal-nxdomain-ra allows to signal that a domain is externally
blocked to clients when it is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is authoritatively answered
for, so the RPZ zone contents can be checked with DNS queries directed at the RPZ zone.
- Merge PR #616: Update ratelimit logic. It also introduces ratelimit-backoff and
ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.
(cherry picked from commit 84e89add4a
)
Resolves: rhbz#2087120
This commit is contained in:
parent
faddb7371b
commit
c5810ec4d9
2
.gitignore
vendored
2
.gitignore
vendored
@ -67,3 +67,5 @@ unbound-1.4.5.tar.gz
|
|||||||
/unbound-1.13.1.tar.gz.asc
|
/unbound-1.13.1.tar.gz.asc
|
||||||
/unbound-1.13.2.tar.gz
|
/unbound-1.13.2.tar.gz
|
||||||
/unbound-1.13.2.tar.gz.asc
|
/unbound-1.13.2.tar.gz.asc
|
||||||
|
/unbound-1.15.0.tar.gz
|
||||||
|
/unbound-1.15.0.tar.gz.asc
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (unbound-1.13.2.tar.gz) = 1e89441446e7a25c6a49bded645f8b348c1758c3be54e3a986041cb1f00c45d152fd469dc52666fb820574db9d51b16f1627dc8afcb9519508d4833ca358191a
|
SHA512 (unbound-1.15.0.tar.gz) = c5dab305694c14f64e05080700bb52f6e6bf5b76f15e1fde34e35c932cb3ffed0de2c03b570cf4bfe18165cb10e82e67ee9b12c6583295380f88c2c03800cc1f
|
||||||
SHA512 (unbound-1.13.2.tar.gz.asc) = b905f5f981361131e7a8d3403df632603304778bd7d4fffba8d113c4246d8133f26903a5af53d21b979b652cbae8f6e92620d3a262d8b2837ab8c2a5712650ee
|
SHA512 (unbound-1.15.0.tar.gz.asc) = 123818a855689ee3d402fd8f4b5a4646c08d5602e4544ce872d132c4c0de4a79c9efcc2d49324bf58ab06521f02deef795d89bdf632eee758e6ec36b408ea54a
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
diff --git a/util/net_help.c b/util/net_help.c
|
|
||||||
index 3b5527a..42a7666 100644
|
|
||||||
--- a/util/net_help.c
|
|
||||||
+++ b/util/net_help.c
|
|
||||||
@@ -1172,6 +1172,7 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert)
|
|
||||||
if((SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION) &
|
|
||||||
SSL_OP_NO_RENEGOTIATION) != SSL_OP_NO_RENEGOTIATION) {
|
|
||||||
log_crypto_err("could not set SSL_OP_NO_RENEGOTIATION");
|
|
||||||
+ SSL_CTX_free(ctx);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#endif
|
|
@ -1,19 +0,0 @@
|
|||||||
diff --git a/dns64/dns64.c b/dns64/dns64.c
|
|
||||||
index c79bc9c..fddbc62 100644
|
|
||||||
--- a/dns64/dns64.c
|
|
||||||
+++ b/dns64/dns64.c
|
|
||||||
@@ -685,8 +685,12 @@ dns64_operate(struct module_qstate* qstate, enum module_ev event, int id,
|
|
||||||
switch(event) {
|
|
||||||
case module_event_new:
|
|
||||||
/* Tag this query as being new and fall through. */
|
|
||||||
- iq = (struct dns64_qstate*)regional_alloc(
|
|
||||||
- qstate->region, sizeof(*iq));
|
|
||||||
+ if (!(iq = (struct dns64_qstate*)regional_alloc(
|
|
||||||
+ qstate->region, sizeof(*iq)))) {
|
|
||||||
+ log_err("out of memory");
|
|
||||||
+ qstate->ext_state[id] = module_error;
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
qstate->minfo[id] = iq;
|
|
||||||
iq->state = DNS64_NEW_QUERY;
|
|
||||||
iq->started_no_cache_store = qstate->no_cache_store;
|
|
@ -29,7 +29,7 @@
|
|||||||
|
|
||||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||||
Name: unbound
|
Name: unbound
|
||||||
Version: 1.13.2
|
Version: 1.15.0
|
||||||
Release: 1%{?extra_version:.%{extra_version}}%{?dist}
|
Release: 1%{?extra_version:.%{extra_version}}%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Url: https://nlnetlabs.nl/projects/unbound/
|
Url: https://nlnetlabs.nl/projects/unbound/
|
||||||
@ -53,9 +53,6 @@ Source17: unbound-anchor.service
|
|||||||
Source18: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz.asc
|
Source18: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz.asc
|
||||||
Source19: http://keys.gnupg.net/pks/lookup?op=get&search=0x9F6F1C2D7E045F8D#/wouter.nlnetlabs.nl.key
|
Source19: http://keys.gnupg.net/pks/lookup?op=get&search=0x9F6F1C2D7E045F8D#/wouter.nlnetlabs.nl.key
|
||||||
|
|
||||||
Patch3: unbound-1.13.1-rh1977400.patch
|
|
||||||
Patch4: unbound-1.13.1-rh1977401.patch
|
|
||||||
|
|
||||||
BuildRequires: gcc, make
|
BuildRequires: gcc, make
|
||||||
BuildRequires: flex, openssl-devel
|
BuildRequires: flex, openssl-devel
|
||||||
BuildRequires: libevent-devel expat-devel
|
BuildRequires: libevent-devel expat-devel
|
||||||
@ -447,6 +444,9 @@ popd
|
|||||||
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 02 2022 Petr Menšík <pemensik@redhat.com> - 1.15.0-1
|
||||||
|
- Update to 1.15.0 (#2030608)
|
||||||
|
|
||||||
* Mon May 02 2022 Paul Wouters <paul.wouters@aiven.io> - 1.13.2-1
|
* Mon May 02 2022 Paul Wouters <paul.wouters@aiven.io> - 1.13.2-1
|
||||||
- Resolves: rhbz#1992985 unbound-1.13.2 is available
|
- Resolves: rhbz#1992985 unbound-1.13.2 is available
|
||||||
- Use system-wide crypto policies
|
- Use system-wide crypto policies
|
||||||
|
Loading…
Reference in New Issue
Block a user