Commit Graph

371 Commits

Author SHA1 Message Date
Python Maint
3e61cdf850 Rebuilt for Python 3.11 2022-06-13 15:31:01 +02:00
Petr Menšík
9cab78fef5 Do not keep keygen running, check certs each time
Rely on condition of unbound-keygen service. If it does stop after
generating them, then it will recreate also after restart later. That
might be the case if someone removes these certificates.
2022-06-07 14:17:11 +02:00
Petr Menšík
2c00b91a49 Update to 1.16.0
Adds basic support for EDE (RFC 8914).

https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-0
2022-06-04 12:08:37 +02:00
Petr Menšík
2bc40de869 Stop creating wrong devel manual pages
Devel manual pages install correct manual pages with 3.gz suffix. But
there are also additional links just with .gz suffix. They are created
only in spec file. I think they were needed before unbound contained
proper installation of manuals for development. It is missing .3 suffix.
But it is not necessary anymore, because such recipe already exists in
upstream Makefile.in.

Resolves: rhbz#2078929
2022-04-26 16:07:07 +02:00
Petr Sklenar
9038e97724 Adding fmf plan 2022-04-20 19:53:53 +00:00
Petr Menšík
c7f8c027aa Add lint exceptions to avoid errors on updates
Fixed something, others are just unimportant warnings.
2022-04-20 21:52:45 +02:00
Petr Menšík
e00e1b55bb Update icann bundle, fix spec errors
rpmlint detects several errors, fix some detected issues.
2022-04-20 21:52:43 +02:00
Petr Menšík
c469ecef15 Import few changes to configuration 2022-03-29 17:28:39 +02:00
Petr Menšík
84e89add4a Update to 1.15.0
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-15-0

- Fix #596: unset the RA bit when a query is blocked by an unbound RPZ nxdomain reply.
  The option rpz-signal-nxdomain-ra allows to signal that a domain is externally
  blocked to clients when it is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is authoritatively answered
  for, so the RPZ zone contents can be checked with DNS queries directed at the RPZ zone.
- Merge PR #616: Update ratelimit logic. It also introduces ratelimit-backoff and
  ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.
2022-03-29 17:25:53 +02:00
Fedora Release Engineering
24949785a4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-22 03:29:59 +00:00
Adrian Reber
b35e3fb2d2
Rebuilt for protobuf 3.19.0 2021-11-06 13:03:18 +01:00
Adrian Reber
63ab0fcf80
Rebuilt for protobuf 3.18.1 2021-10-25 17:38:09 +02:00
Sahana Prasad
c9eef9068b Rebuilt with OpenSSL 3.0.0 2021-09-14 19:17:21 +02:00
Paul Wouters
0ce96eb790
- Resolves: rhbz#1992985 unbound-1.13.2 is available
- Use system-wide crypto policies
2021-08-12 17:58:22 -04:00
Fedora Release Engineering
d747677049 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-23 20:01:00 +00:00
Petr Menšík
adccc55c5a Update source signer's key link
Modifies existing key to better key, since original link stopped
working.
2021-06-24 13:06:57 +02:00
Python Maint
680ab1f23e Rebuilt for Python 3.10 2021-06-02 21:47:49 +02:00
Artem Egorenkov
195a78ed8e Option --enable-linux-ip-local-port-range added to use system configured port range for libunbound on Linux
Resolves: rhbz#1935101
2021-04-24 15:27:48 +02:00
Paul Wouters
2b640c85f8 - Fix unbound.service to use After=network-online.target 2021-04-13 11:33:09 -04:00
Artem Egorenkov
30c1e39469 DISABLE_UNBOUND_ANCHOR == "yes" disable unbound-anchor on unbound.service startup 2021-04-07 11:16:46 +02:00
Zbigniew Jędrzejewski-Szmek
e90de70c69 Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
2021-03-02 16:12:06 +01:00
Victor Stinner
67f3c8594f Fix build on Python 3.10
Backport upstream commit:
e0d426ebb1

Resolves: rhbz#1889726
2021-02-16 11:38:52 +01:00
Paul Wouters
cf0e47e9b7 add gpg sig 2021-02-09 22:26:31 -05:00
Paul Wouters
809b23a9f1 - Resolves rhbz#1860887 unbound-1.13.1 is available
- Fixup unbound.conf
2021-02-09 21:11:43 -05:00
Fedora Release Engineering
4bc5d30582 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-27 22:38:55 +00:00
Petr Menšík
f70050e6d6 Update default configuration from 1.13.0
Add new additions to default configuration. None of them is uncommented,
but some of they changed default values.
2020-12-10 19:46:23 +01:00
Petr Menšík
65b8de222e Update to 1.13.0
Enabled TLS and TCP stream reuse for increased performance.
2020-12-10 12:01:38 +01:00
Petr Menšík
b29f943a4c Build on EPEL without signature check
%gpgverify is defined on RHEL 8 in incompatible way to Fedora. Use it
only on Fedora, leave to manual signatures for other distributions.
2020-11-10 17:11:48 +01:00
Petr Menšík
ac21a84ee9 Enable DNSTAP
Allows easy recording of incoming and outgoing queries.
2020-11-10 17:11:48 +01:00
Petr Menšík
07b18f13c3 Enable DNS over HTTPS 2020-11-10 17:11:48 +01:00
Petr Menšík
ee9c33779e Update config file to 1.12.0
Use new defaults from example.conf in Fedora shipped default file.
Don't include dnstap and DoH features yet.
2020-11-10 17:11:48 +01:00
Petr Menšík
9b40e98f88 Update to 1.12.0
- DNS flag day 2020 applied
- DNS over HTTPS support
- EDNS client tag support

Upstream changelog:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-12-0
2020-11-10 17:11:44 +01:00
Anna Khaitovich
9bf72f2b97 Revert "Rebuilt for rawhide"
This reverts commit 058dac652c.
2020-09-18 14:24:52 +02:00
Anna Khaitovich
058dac652c Rebuilt for rawhide 2020-09-18 13:39:03 +02:00
Petr Menšík
db21e34ec3 Rebuilt for libevent rebase
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2020-09-15 14:59:21 +02:00
Fedora Release Engineering
29d755fba8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-29 13:15:57 +00:00
Tom Stellard
66b41c854a Use make macros
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
2020-07-14 14:38:00 +00:00
Miro Hrončok
741df0971d Rebuilt for Python 3.9 2020-05-22 21:10:05 +02:00
Paul Wouters
554ef607af update sources for sig file 2020-05-19 15:18:53 -04:00
Paul Wouters
b2855b7bff * Tue May 19 2020 Paul Wouters <pwouters@redhat.com> - 1.10.1-1
- Resolves: rhbz#1837279 unbound-1.10.1 is available
- Resolves: rhbz#1837598 CVE-2020-12662 unbound: insufficient control of network message volume leads to DoS
- Resolves: rhbz#1837609 CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers
- Updated unbound.conf for new options in 1.10.1
2020-05-19 15:12:15 -04:00
Paul Wouters
ed8559effa - Resolves: rhbz#1667742 SELinux is preventing unbound from 'name_bind' accesses on the udp_socket port 61000. 2020-04-29 17:29:43 -04:00
Artem Egorenkov
effb538e20 Upstream isue linked for patch 2020-04-16 17:58:05 +02:00
Artem Egorenkov
4f85ef9c9a bz1824536. Crash on termination fixed. 2020-04-16 16:49:04 +02:00
Petr Menšík
776a059376 Add dnstap and systemd option build support 2020-03-20 12:33:00 +01:00
Petr Menšík
b6d9ed08b0 Add source signature verification 2020-03-19 14:01:50 +01:00
Petr Menšík
c78f3c816f Update to 1.10.0 (#1805199)
Build with a new release.
2020-03-19 13:39:24 +01:00
Petr Menšík
c8f0468078 Use autopatch for new patches
Remove unused patch file, simplify adding a new patch. Just Patch: entry
is required with patch file name, autopatch will apply it.

Use new primary website for unbound upstream.
2020-03-19 11:13:20 +01:00
Fedora Release Engineering
7d6a427be7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-31 02:33:41 +00:00
Paul Wouters
cd68171bad * Fri Dec 13 2019 Paul Wouters <pwouters@redhat.com> - 1.9.6-1
- Resolves: rhbz#1758107 unbound-1.9.5 is available
- Resolves: CVE-2019-18934
2019-12-13 15:20:12 -05:00
Paul Wouters
8890aaa359 * Fri Nov 01 2019 Paul Wouters <pwouters@redhat.com> - 1.9.4-1
- Fix build on rhel/centos systems
- Resolves: rhbz#1767955 (CVE-2019-16866) uninitialized memory accesses leads to crash via a crafted NOTIFY query
2019-11-01 15:15:09 -04:00