rpms/unbound
7
0
Fork 0
Code Issues Pull Requests Releases Activity
347 Commits 7 Branches 38 Tags 1.1 MiB
4bc5d30582
Commit Graph

293 Commits

Author SHA1 Message Date
Petr Menšík
985c6a75ed Prefer local resolvers over direct root access. Enables successful trust 
anchor updates also when no direct queries are available, but local
resolvers support dnssec. Fixes bug #1598078
 2018-07-04 12:42:14 +02:00
Miro Hrončok
f39c7483df Rebuilt for Python 3.7 2018-07-02 18:24:21 +02:00
Petr Menšík
d062cd9952 Update to 1.7.3 (#1593708) 2018-06-27 11:33:18 +02:00
Petr Menšík
631ffb8d75 Remove last python2 dependency from python3 build 2018-06-27 11:10:36 +02:00
Miro Hrončok
157c83d87f Rebuilt for Python 3.7 2018-06-19 11:29:56 +02:00
Paul Wouters
e9cb729533 * Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1 
- Resolves rhbz#1589807 unbound-1.7.2 is available
- Add patch to fix stub/forward zone not returning ServFail when TTL expires
- Enabled the new root-key-sentinel option
 2018-06-11 16:49:15 -04:00
Petr Menšík
749ca6b65b Update to 1.7.1 (#1574495) 
Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-05-30 21:08:03 +02:00
Petr Menšík
f81c94bdec Fix disabled python versions in non-Fedora builds 2018-04-09 16:50:39 +02:00
Petr Menšík
749ab1486e Make primary python3 version, but install it last 2018-04-09 11:56:51 +02:00
Petr Menšík
1b283a2c9d Simplify building with single python version 2018-04-09 11:51:39 +02:00
Petr Menšík
20982803c9 Require gcc and make on build 
Remove group, simplify systemd requires

Signed-off-by: Petr Menšík <pemensik@redhat.com>
 2018-04-09 11:35:15 +02:00
Paul Wouters
06f08e4505 * Mon Apr 09 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-4 
- Patch for prefetching after flushing cache
 2018-04-09 11:10:41 +02:00
Paul Wouters
bdec72db18 * Fri Apr 06 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-3 
- Patch for referral with auth-zone: response
 2018-04-06 17:01:26 +02:00
Paul Wouters
7760424284 - Patch for broken Aggressive NSEC + stub-zone configuration causing NXDOMAIN at TTL expiry 2018-03-21 22:01:22 +00:00
Paul Wouters
5a52aae95e * Thu Mar 15 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-1 
- Updated to 1.7.0 (aggressive nsec, local root support, bugfixes)
 2018-03-15 17:56:52 -04:00
Petr Menšík
1b9764fb5a Revert "Improve config formatting" 
This reverts commit 3d0bac0df2.

Uncomment again commented out value and bump version.

Comment by Paul Wouters:
The value of 3072 was tailored to cause a failure for ANY requries to isc.org,
which are used a lot by attackers. Now with 4096,
it will fit and the query can be abused again to
cause amplification with that popular dns query.
 2018-02-22 11:05:25 +01:00
Petr Menšík
ba13eb790b Bump the spec instead, previous is already built 2018-02-21 19:55:03 +01:00
Petr Menšík
26cbcabb59 Use default RPM build flags and configure parameters (#1539097) 2018-02-21 19:49:44 +01:00
Petr Menšík
14fc685097 Remove group write permission to installed examples 2018-02-21 11:41:22 +01:00
Filipe Rosset
2cd4f499ad - rebuilt due new libevent 2.1.8 2018-02-14 21:55:14 -02:00
Igor Gnatenko
2883f3f78c
Escape macros in %changelog 
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-09 09:06:27 +01:00
Paul Wouters
6a2501df2d * Mon Jan 22 2018 Paul Wouters <pwouters@redhat.com> - 1.6.8-1 
- Resolves rhbz#1483572 unbound-1.6.8 is available
- Resolves rhbz#1507049 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records
- Resolves rhbz#1536518 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records [fedora-all]
 2018-01-22 14:26:50 -05:00
Zbigniew Jędrzejewski-Szmek
bced8e7019 Python 2 binary package renamed to python2-unbound 2017-12-17 12:47:15 -05:00
Paul Wouters
4c89c2a677 - Updated to 1.6.7 (minor bugfixes) 2017-10-12 00:49:47 -04:00
Petr Menšík
3c9b28d8d6 Update icannbundle.pem 2017-10-03 16:19:36 +02:00
Paul Wouters
594dd4101a - Enable RFC 8145 Trust Anchor Signaling to help the root zone get keytag statistics 2017-10-02 16:52:53 -04:00
Paul Wouters
115c5666a2 * Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1 
- Resolves: rhbz#1483572 unbound-1.6.6 is available
- Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
 2017-09-22 12:47:01 -04:00
genodeftest
8906a869c6 Update upstream URL and use HTTPS where possible 
According to https://www.nlnetlabs.nl/projects/unbound/, unbound project URL has moved to the new address.
 2017-09-06 18:46:25 +00:00
Paul Wouters
39e1d789fa * Wed Aug 16 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-4 
- Rebuilt with KSK2017 added to root.key and root.anchor
- Remove noreplace for root key files. We can only improve these files over local copies
 2017-08-16 14:02:44 -04:00
Fedora Release Engineering
f7b2da0bf0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 09:46:08 +00:00
Fedora Release Engineering
46d2764132 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 20:57:58 +00:00
Paul Wouters
82db9e94c2 * Sun Jul 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-1 
- Updated to 1.6.4 full release, patch to allow missing ipsechook
- Resolves rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook
 2017-07-02 13:46:10 +02:00
Paul Wouters
07097d2518 - Update to 1.6.4 (esubnet, ipsecmod support, bugfixes) 2017-06-22 16:34:47 -04:00
Paul Wouters
7d28caf1f9 - Updated to 1.6.3 (fixes assertion failure when receiving malformed packet with 0x20 enabled) 2017-06-13 14:20:12 -04:00
Paul Wouters
a1c71a375c - Patch for cmd: unbound-control set_option val-permissive-mode: yes 2017-06-08 15:44:41 -04:00
Paul Wouters
a57c3b8b64 * Wed Apr 26 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-1 
- Update to 1.6.2 (rhbz#1425649)
- Updated unbound.conf with new options
 2017-04-26 21:46:09 -04:00
Paul Wouters
1d0203d0e6 only call install once doing both actions 2017-03-22 12:41:12 -04:00
Paul Wouters
3e1303eda9 - Call make unbound-event-install to install unbound-event.h 2017-03-21 22:19:44 -04:00
Fedora Release Engineering
2e01d6cda8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 16:42:20 +00:00
Paul Wouters
9f873e2e1a fixup dlv/root key install 2017-01-18 12:41:19 -05:00
Paul Wouters
d83b37c251 - Remove obsoleted DLV key 2017-01-18 12:04:34 -05:00
Paul Wouters
791e5b5f56 - Actually remove dependency because minimum is always satisfied 
(and otherwise we need a %{isa} requirement)
 2017-01-02 17:24:43 -05:00
Paul Wouters
6be4d94c08 Depend on openssl-libs, not opensl 2017-01-02 14:30:14 -05:00
Kevin Fenzi
652f3fa496 Update to 1.6.0 2016-12-21 12:15:01 -07:00
Miro Hrončok
67a4fff523 Rebuild for Python 3.6 2016-12-19 18:20:38 +01:00
Paul Wouters
83df90d678 * Wed Oct 26 2016 Ilya Evseev <evseev.i@cdnnow.ru> - 1.5.10-2 
- Bugfix building without python2 and python3
- Fixup streamtcp build (Paul)

Signed-off-by: Paul Wouters <pwouters@redhat.com>
 2016-11-04 10:32:18 +05:30
Paul Wouters
be41633bf0 * Tue Sep 27 2016 Paul Wouters <pwouters@redhat.com> - 1.5.10-1 
- Updated to 1.5.10 (better TCP handling, bugfixes)
- Install pkgconfig file in -devel package
- Updated unbound.conf
 2016-09-27 19:26:26 -04:00
Fedora Release Engineering
b2ddf2a810 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages 2016-07-19 13:04:34 +00:00
Paul Wouters
a147b9358d - Fix upper port range to 60999 because that's what selinux allows 2016-07-07 19:22:06 +03:00
Paul Wouters
b0dab5d25d - Patch for allowing more queries before failure (needed for query minimalization) 2016-06-16 09:29:16 -04:00
Paul Wouters
eb8bec78f6 - Updated to 1.5.9 2016-06-13 11:26:30 -04:00
Toshio Kuratomi
cfb4c4d4ca Fix streamtcp to link against libpython3.x instead of libpython2.x 2016-04-21 16:53:58 -07:00
Paul Wouters
e76827e11e update changelog line 2016-03-02 12:39:04 -05:00
Paul Wouters
8e51532c90 * Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1 
- Update to 1.5.8 which incorporates rhbz#1294339 fix
- Updated unbound.conf with new upstream options
- Enabled ip-transparent: yes (see rhbz#1291449)
 2016-03-02 12:35:36 -05:00
Fedora Release Engineering
5f261fac04 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-05 02:19:55 +00:00
Tomas Hozza
aa8e8f6541 Fix escaping of shell chars in unbound-control-setup (#1294339) 2016-01-21 12:35:02 +01:00
Paul Wouters
ec26998079 * Fri Dec 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.7-1 
- Update to 1.5.7
- Enable query minimalization for enhanced DNS query privacy
- Enable nxdomain hardening to assist with query minimalization and SBLs
- Updated default unbound.conf for new features from upstream.
 2015-12-11 10:06:07 -05:00
Tomas Hozza
86e8e4801e Update to 1.5.6 (#1176729) 2015-11-13 15:20:08 +01:00
Robert Kuska
3247f52bf4 Rebuilt for Python3.5 rebuild 2015-11-04 12:56:16 +01:00
Tomas Hozza
63b277e028 New upstream release 1.5.5 (#1269137) 
- Removed the anchor update from %post section of -libs subpackage (#1269137#c2)

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-10-07 17:04:36 +02:00
Tomas Hozza
bbc56d0b27 Removed dependency and ordering on unbound-anchor.service in unbound.service 
Once ntpdate.service is fixed to order itself After nss-lookup.target,
there will be an ordering loop. To reproduce this do:

[root@notas ~]# yum -y install unbound ntpdate chrony
[root@notas ~]# systemctl enable ntpdate.service chronyd.service unbound-anchor.timer unbound.service unbound-anchor.service
[root@notas ~]# systemd-analyze verify /usr/lib/systemd/system/*

And then in the output you can find:
Found ordering cycle on ntpdate.service/stop
Found dependency on nss-lookup.target/start
Found dependency on unbound.service/start
Found dependency on unbound-anchor.service/start
Found dependency on unbound-anchor.timer/start
Found dependency on time-sync.target/start
Found dependency on chrony-wait.service/stop
Found dependency on chronyd.service/stop
Found dependency on ntpdate.service/stop

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-09-15 14:44:53 +02:00
Tomas Hozza
61d5f48558 Prefer Python3 build over Python2 build for now (#1254566) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-09-03 19:56:57 +02:00
Tomas Hozza
9668107e96 Removed After syslog.target since it is not needed any more 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-07-20 14:38:36 +02:00
Tomas Hozza
308425859f Added ExecReload section to unbound.service (#1195785) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-07-20 14:36:58 +02:00
Tomas Hozza
d0f71ea19f Rename root.anchor to root.key in %post section 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-07-16 14:04:06 +02:00
Tomas Hozza
7aa01f9152 Start unbound-anchor.timer only on new installations 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-07-16 13:44:16 +02:00
Paul Wouters
fdd77f9ee3 * Tue Jul 14 2015 Paul Wouters <pwouters@redhat.com> - 1.5.4-1 
- Update to 1.5.4
- Removed patches merged into upstream
 2015-07-13 22:45:42 -04:00
Tomas Hozza
59bf21ae42 Revert: Use low maximum negative cache TTL (5 sec) 
The TTL will be rather set by the dnssec-trigger-script

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-06-16 21:53:11 +02:00
Tomas Hozza
c5473f18c9 Revert "Use low maximum negative cache TTL (5 sec) (#1229596)" 
This reverts commit d8ef6e9f01.
 2015-06-16 21:50:42 +02:00
Tomas Hozza
d8ef6e9f01 Use low maximum negative cache TTL (5 sec) (#1229596) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-06-15 19:35:41 +02:00
Tomas Hozza
41b8e28ac9 Add option for maximum negative cache TTL (#1229599) 2015-06-15 19:20:46 +02:00
Tomas Hozza
6b19dd7ea5 Removed usage of DLV from the default configuration (#1223363) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-05-26 13:02:06 +02:00
Tomas Hozza
3e229ffe15 unbound.service now Wants unbound-anchor.timer 
- unbound-anchor man page moved to the unbound-libs

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-05-13 13:17:43 +02:00
Paul Wouters
631b26d099 - Fixup scriptlets causing systemctl: command not found 
- Resolves rhbz#1219587 Error in PREIN scriptlet in rpm package unbound-libs
 2015-05-11 12:56:15 -04:00
Tomas Hozza
2a169a866b migrate cronjob to systemd timer unit (#1177285) 
- change the period for unbound-anchor from monthly to daily (#1180267)
- Thanks to Tomasz Torcz <ttorcz@fedoraproject.org> for the initial patch

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-04-27 16:50:57 +02:00
Tomas Hozza
9d0daced90 Fix FTBFS and build Python 2 and 3 bindings 
- Fix FTBFS (#1206129)
- Build python3-unbound and python-unbound bindings for Python 3 and 2 (#1188080)

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-04-16 16:18:59 +02:00
Tomas Hozza
ebc942cc93 Fix install command when creating directories 
Previously the command created a directory with the same name as specified permissions

Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2015-04-13 12:50:34 +02:00
Paul Wouters
b22a91503b * Mon Mar 16 2015 Paul Wouters <pwouters@redhat.com> - 1.5.3-1 
- Updated to 1.5.3 which is a bugfix on 1.5.2 for sighup handling
- Updated to 1.5.2 which fixes DNSSEC validation with different
  trust anchors upstream, local-zone has a new keyword 'inform'
 2015-03-16 12:18:28 -04:00
Paul Wouters
ff66ad8069 - Build with --enable-ecdsa 2015-02-02 10:28:06 -05:00
Paul Wouters
c1af899a71 - Fix post to create root.anchor, not root.key, to match cron job 2015-02-01 18:23:25 -05:00
Paul Wouters
98e1f21028 fixup tmpfiles copying 2014-12-09 23:29:13 -05:00
Paul Wouters
6c95ea5c5e bump master with updated changes 2014-12-09 15:58:42 -05:00
Paul Wouters
04cacaef52 - Change systemd-units to systemd 
- Use _tmpfilesdir macro, don't mark tmpfiles as config
 2014-12-09 15:56:24 -05:00
Paul Wouters
69a3c141e3 add CVE rhbz to changelog 2014-12-09 10:55:58 -05:00
Paul Wouters
74933bccdc - Update to 1.5.1 for CVE-2014-8602 
- Removed unbound-aarch64.patch which was merged upstream
 2014-12-08 23:34:41 -05:00
Tomas Hozza
72771a7943 update to 1.5.1rc1 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-11-28 18:35:08 +01:00
Peter Robinson
fb8c9b5d1d fix build on aarch64 2014-11-28 13:39:55 +00:00
Tomas Hozza
3249758581 Fix race condition in arc4random (#1166878) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-11-26 14:20:31 +01:00
Tomas Hozza
6cdcf55a00 update to 1.5.0 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-11-19 17:41:10 +01:00
Pavel Šimerda
748fd03a49 Resolves: #1115489 - build with python 3.x for fedora >= 22 2014-09-24 14:41:54 +02:00
Pavel Šimerda
bba137d935 Revert "new version 1.4.22" 
This reverts commit e92ef1f2e1.
 2014-09-19 11:02:43 +02:00
Pavel Šimerda
e92ef1f2e1 new version 1.4.22 2014-09-18 16:06:33 +02:00
Kevin Fenzi
0f1dab65a6 Rebuild for rpm bug 1131960 2014-08-21 11:54:02 -06:00
Peter Robinson
1b0f647092 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-18 06:53:47 +00:00
Dennis Gilmore
60ed64b6d1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 21:44:54 -05:00
Paul Wouters
1b364a79c9 * Thu May 01 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-2 
- Added flushcache patch (SVN commit 3125)
 2014-05-01 10:12:56 -04:00
Paul Wouters
5f65c3ce7c Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound 
Conflicts:
	unbound.spec
 2014-03-13 21:48:56 -04:00
Paul Wouters
035078ba01 * Thu Mar 13 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-1 
- Updated to 1.4.22
- No longer requires the ldns library
 2014-03-13 21:44:08 -04:00
Tomas Hozza
79ada299ec Fix segfault on adding insecure forward zone when using only iterator (#1054192) 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2014-01-16 19:57:06 +01:00
Tomas Hozza
1321c082e2 run test suite during the build 
Signed-off-by: Tomas Hozza <thozza@redhat.com>
 2013-10-21 11:58:51 +02:00