Commit Graph

78 Commits

Author SHA1 Message Date
Petr Menšík
2c00b91a49 Update to 1.16.0
Adds basic support for EDE (RFC 8914).

https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-0
2022-06-04 12:08:37 +02:00
Petr Menšík
84e89add4a Update to 1.15.0
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-15-0

- Fix #596: unset the RA bit when a query is blocked by an unbound RPZ nxdomain reply.
  The option rpz-signal-nxdomain-ra allows to signal that a domain is externally
  blocked to clients when it is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is authoritatively answered
  for, so the RPZ zone contents can be checked with DNS queries directed at the RPZ zone.
- Merge PR #616: Update ratelimit logic. It also introduces ratelimit-backoff and
  ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.
2022-03-29 17:25:53 +02:00
Paul Wouters
0ce96eb790
- Resolves: rhbz#1992985 unbound-1.13.2 is available
- Use system-wide crypto policies
2021-08-12 17:58:22 -04:00
Paul Wouters
cf0e47e9b7 add gpg sig 2021-02-09 22:26:31 -05:00
Paul Wouters
809b23a9f1 - Resolves rhbz#1860887 unbound-1.13.1 is available
- Fixup unbound.conf
2021-02-09 21:11:43 -05:00
Petr Menšík
65b8de222e Update to 1.13.0
Enabled TLS and TCP stream reuse for increased performance.
2020-12-10 12:01:38 +01:00
Petr Menšík
9b40e98f88 Update to 1.12.0
- DNS flag day 2020 applied
- DNS over HTTPS support
- EDNS client tag support

Upstream changelog:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-12-0
2020-11-10 17:11:44 +01:00
Paul Wouters
554ef607af update sources for sig file 2020-05-19 15:18:53 -04:00
Paul Wouters
b2855b7bff * Tue May 19 2020 Paul Wouters <pwouters@redhat.com> - 1.10.1-1
- Resolves: rhbz#1837279 unbound-1.10.1 is available
- Resolves: rhbz#1837598 CVE-2020-12662 unbound: insufficient control of network message volume leads to DoS
- Resolves: rhbz#1837609 CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers
- Updated unbound.conf for new options in 1.10.1
2020-05-19 15:12:15 -04:00
Petr Menšík
c78f3c816f Update to 1.10.0 (#1805199)
Build with a new release.
2020-03-19 13:39:24 +01:00
Paul Wouters
cd68171bad * Fri Dec 13 2019 Paul Wouters <pwouters@redhat.com> - 1.9.6-1
- Resolves: rhbz#1758107 unbound-1.9.5 is available
- Resolves: CVE-2019-18934
2019-12-13 15:20:12 -05:00
Paul Wouters
8890aaa359 * Fri Nov 01 2019 Paul Wouters <pwouters@redhat.com> - 1.9.4-1
- Fix build on rhel/centos systems
- Resolves: rhbz#1767955 (CVE-2019-16866) uninitialized memory accesses leads to crash via a crafted NOTIFY query
2019-11-01 15:15:09 -04:00
Paul Wouters
5bfdf89e03 * Tue Aug 27 2019 Paul Wouters <pwouters@redhat.com> - 1.9.3-1
- Updated to 1.9.3
- Resolves: rhbz#1672578 unbound-1.9.2 is available
- Resolves: rhbz#1694831 [/usr/lib/tmpfiles.d/unbound.conf:1] Line references path below legacy directory /var/run/
- Resolves: rhbz# 1667387 [abrt] unbound: memmove(): unbound killed by SIGABRT
2019-08-27 12:14:51 -04:00
Paul Wouters
42a7ed2926 - Updated to 1.8.3 with fixes the dns64 bug and has some other minor fixes 2018-12-11 22:07:23 -05:00
Paul Wouters
901f4a3b5b new sources 2018-12-04 14:10:46 -05:00
Petr Menšík
3d0c001d3e Update to 1.8.1
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-10-08 18:30:41 +02:00
Petr Menšík
b3bb4ed3ea Rebase to 1.8.0
Remove all patches accepted upstream
2018-09-17 15:30:23 +02:00
Petr Menšík
e9c5e93a5b Update sources to 1.7.3 2018-06-27 11:40:56 +02:00
Paul Wouters
e9cb729533 * Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1
- Resolves rhbz#1589807 unbound-1.7.2 is available
- Add patch to fix stub/forward zone not returning ServFail when TTL expires
- Enabled the new root-key-sentinel option
2018-06-11 16:49:15 -04:00
Petr Menšík
749ca6b65b Update to 1.7.1 (#1574495)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-05-30 21:08:03 +02:00
Paul Wouters
5a52aae95e * Thu Mar 15 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-1
- Updated to 1.7.0 (aggressive nsec, local root support, bugfixes)
2018-03-15 17:56:52 -04:00
Paul Wouters
6a2501df2d * Mon Jan 22 2018 Paul Wouters <pwouters@redhat.com> - 1.6.8-1
- Resolves rhbz#1483572 unbound-1.6.8 is available
- Resolves rhbz#1507049 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records
- Resolves rhbz#1536518 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records [fedora-all]
2018-01-22 14:26:50 -05:00
Paul Wouters
4c89c2a677 - Updated to 1.6.7 (minor bugfixes) 2017-10-12 00:49:47 -04:00
Paul Wouters
115c5666a2 * Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1
- Resolves: rhbz#1483572 unbound-1.6.6 is available
- Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
2017-09-22 12:47:01 -04:00
Paul Wouters
82db9e94c2 * Sun Jul 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-1
- Updated to 1.6.4 full release, patch to allow missing ipsechook
- Resolves rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook
2017-07-02 13:46:10 +02:00
Paul Wouters
cfe48497cc newsources 2017-06-22 16:43:40 -04:00
Paul Wouters
7d28caf1f9 - Updated to 1.6.3 (fixes assertion failure when receiving malformed packet with 0x20 enabled) 2017-06-13 14:20:12 -04:00
Paul Wouters
a57c3b8b64 * Wed Apr 26 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-1
- Update to 1.6.2 (rhbz#1425649)
- Updated unbound.conf with new options
2017-04-26 21:46:09 -04:00
Kevin Fenzi
652f3fa496 Update to 1.6.0 2016-12-21 12:15:01 -07:00
Paul Wouters
9c5452fa42 new sources 2016-09-27 19:46:41 -04:00
Paul Wouters
eb8bec78f6 - Updated to 1.5.9 2016-06-13 11:26:30 -04:00
Paul Wouters
8e51532c90 * Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1
- Update to 1.5.8 which incorporates rhbz#1294339 fix
- Updated unbound.conf with new upstream options
- Enabled ip-transparent: yes (see rhbz#1291449)
2016-03-02 12:35:36 -05:00
Paul Wouters
ec26998079 * Fri Dec 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.7-1
- Update to 1.5.7
- Enable query minimalization for enhanced DNS query privacy
- Enable nxdomain hardening to assist with query minimalization and SBLs
- Updated default unbound.conf for new features from upstream.
2015-12-11 10:06:07 -05:00
Tomas Hozza
86e8e4801e Update to 1.5.6 (#1176729) 2015-11-13 15:20:08 +01:00
Tomas Hozza
63b277e028 New upstream release 1.5.5 (#1269137)
- Removed the anchor update from %post section of -libs subpackage (#1269137#c2)

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-10-07 17:04:36 +02:00
Paul Wouters
fdd77f9ee3 * Tue Jul 14 2015 Paul Wouters <pwouters@redhat.com> - 1.5.4-1
- Update to 1.5.4
- Removed patches merged into upstream
2015-07-13 22:45:42 -04:00
Paul Wouters
b22a91503b * Mon Mar 16 2015 Paul Wouters <pwouters@redhat.com> - 1.5.3-1
- Updated to 1.5.3 which is a bugfix on 1.5.2 for sighup handling
- Updated to 1.5.2 which fixes DNSSEC validation with different
  trust anchors upstream, local-zone has a new keyword 'inform'
2015-03-16 12:18:28 -04:00
Paul Wouters
74933bccdc - Update to 1.5.1 for CVE-2014-8602
- Removed unbound-aarch64.patch which was merged upstream
2014-12-08 23:34:41 -05:00
Tomas Hozza
72771a7943 update to 1.5.1rc1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-28 18:35:08 +01:00
Tomas Hozza
6cdcf55a00 update to 1.5.0
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-19 17:41:10 +01:00
Paul Wouters
035078ba01 * Thu Mar 13 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-1
- Updated to 1.4.22
- No longer requires the ldns library
2014-03-13 21:44:08 -04:00
Paul Wouters
90b7fa1c7e * Thu Sep 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.21-1
- Updated to 1.4.21,
- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)
- Removed patched merged in by upstream
- Enable statistics-cumulative for munin-plugin
- Updated unbound.conf
2013-09-19 10:21:30 -04:00
Paul Wouters
34289517d1 update sources 2013-04-08 10:54:03 -04:00
Paul Wouters
b9ddae3b26 * update to 1.4.20 2013-03-21 16:07:08 -04:00
Paul Wouters
86feacb2f6 * update to 1.4.19 2012-12-12 08:51:45 -05:00
Paul Wouters
136c5eb822 * Fri Aug 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-1
- Updated to 1.4.18 (FIPS related fixes mostly)
- Removed patches that were merged in upstream
2012-08-03 15:38:16 -04:00
Paul Wouters
5386b737f2 added unbound-1.4.17-fips.patch 2012-07-17 22:51:50 -04:00
Paul Wouters
00ecadb24f uploaded unbound 1.4.17 2012-05-24 13:38:08 -04:00
Paul Wouters
62096c1a2d * Thu Feb 02 2012 Paul Wouters <paul@nohats.ca> - 1.4.16-1
- Upgraded to 1.4.16, which was relesed due to the soname
  and some DNSSEC validation failures
2012-02-02 10:00:37 -05:00
Paul Wouters
3bde9d279c * Fri Jan 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.15-1
- Upgraded to 1.4.15
- Updated unbound.conf to show how to configure listening on tls443
2012-01-27 12:08:41 -05:00