Commit Graph

243 Commits

Author SHA1 Message Date
Paul Wouters
eb8bec78f6 - Updated to 1.5.9 2016-06-13 11:26:30 -04:00
Toshio Kuratomi
cfb4c4d4ca Fix streamtcp to link against libpython3.x instead of libpython2.x 2016-04-21 16:53:58 -07:00
Paul Wouters
e76827e11e update changelog line 2016-03-02 12:39:04 -05:00
Paul Wouters
8e51532c90 * Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1
- Update to 1.5.8 which incorporates rhbz#1294339 fix
- Updated unbound.conf with new upstream options
- Enabled ip-transparent: yes (see rhbz#1291449)
2016-03-02 12:35:36 -05:00
Fedora Release Engineering
5f261fac04 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-05 02:19:55 +00:00
Tomas Hozza
aa8e8f6541 Fix escaping of shell chars in unbound-control-setup (#1294339) 2016-01-21 12:35:02 +01:00
Paul Wouters
ec26998079 * Fri Dec 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.7-1
- Update to 1.5.7
- Enable query minimalization for enhanced DNS query privacy
- Enable nxdomain hardening to assist with query minimalization and SBLs
- Updated default unbound.conf for new features from upstream.
2015-12-11 10:06:07 -05:00
Tomas Hozza
86e8e4801e Update to 1.5.6 (#1176729) 2015-11-13 15:20:08 +01:00
Robert Kuska
3247f52bf4 Rebuilt for Python3.5 rebuild 2015-11-04 12:56:16 +01:00
Tomas Hozza
63b277e028 New upstream release 1.5.5 (#1269137)
- Removed the anchor update from %post section of -libs subpackage (#1269137#c2)

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-10-07 17:04:36 +02:00
Tomas Hozza
bbc56d0b27 Removed dependency and ordering on unbound-anchor.service in unbound.service
Once ntpdate.service is fixed to order itself After nss-lookup.target,
there will be an ordering loop. To reproduce this do:

[root@notas ~]# yum -y install unbound ntpdate chrony
[root@notas ~]# systemctl enable ntpdate.service chronyd.service unbound-anchor.timer unbound.service unbound-anchor.service
[root@notas ~]# systemd-analyze verify /usr/lib/systemd/system/*

And then in the output you can find:
Found ordering cycle on ntpdate.service/stop
Found dependency on nss-lookup.target/start
Found dependency on unbound.service/start
Found dependency on unbound-anchor.service/start
Found dependency on unbound-anchor.timer/start
Found dependency on time-sync.target/start
Found dependency on chrony-wait.service/stop
Found dependency on chronyd.service/stop
Found dependency on ntpdate.service/stop

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-15 14:44:53 +02:00
Tomas Hozza
61d5f48558 Prefer Python3 build over Python2 build for now (#1254566)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-03 19:56:57 +02:00
Tomas Hozza
9668107e96 Removed After syslog.target since it is not needed any more
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-20 14:38:36 +02:00
Tomas Hozza
308425859f Added ExecReload section to unbound.service (#1195785)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-20 14:36:58 +02:00
Tomas Hozza
d0f71ea19f Rename root.anchor to root.key in %post section
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-16 14:04:06 +02:00
Tomas Hozza
7aa01f9152 Start unbound-anchor.timer only on new installations
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-16 13:44:16 +02:00
Paul Wouters
fdd77f9ee3 * Tue Jul 14 2015 Paul Wouters <pwouters@redhat.com> - 1.5.4-1
- Update to 1.5.4
- Removed patches merged into upstream
2015-07-13 22:45:42 -04:00
Tomas Hozza
59bf21ae42 Revert: Use low maximum negative cache TTL (5 sec)
The TTL will be rather set by the dnssec-trigger-script

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-16 21:53:11 +02:00
Tomas Hozza
c5473f18c9 Revert "Use low maximum negative cache TTL (5 sec) (#1229596)"
This reverts commit d8ef6e9f01.
2015-06-16 21:50:42 +02:00
Tomas Hozza
d8ef6e9f01 Use low maximum negative cache TTL (5 sec) (#1229596)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-15 19:35:41 +02:00
Tomas Hozza
41b8e28ac9 Add option for maximum negative cache TTL (#1229599) 2015-06-15 19:20:46 +02:00
Tomas Hozza
6b19dd7ea5 Removed usage of DLV from the default configuration (#1223363)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-26 13:02:06 +02:00
Tomas Hozza
3e229ffe15 unbound.service now Wants unbound-anchor.timer
- unbound-anchor man page moved to the unbound-libs

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-13 13:17:43 +02:00
Paul Wouters
631b26d099 - Fixup scriptlets causing systemctl: command not found
- Resolves rhbz#1219587 Error in PREIN scriptlet in rpm package unbound-libs
2015-05-11 12:56:15 -04:00
Tomas Hozza
2a169a866b migrate cronjob to systemd timer unit (#1177285)
- change the period for unbound-anchor from monthly to daily (#1180267)
- Thanks to Tomasz Torcz <ttorcz@fedoraproject.org> for the initial patch

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-04-27 16:50:57 +02:00
Tomas Hozza
9d0daced90 Fix FTBFS and build Python 2 and 3 bindings
- Fix FTBFS (#1206129)
- Build python3-unbound and python-unbound bindings for Python 3 and 2 (#1188080)

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-04-16 16:18:59 +02:00
Tomas Hozza
ebc942cc93 Fix install command when creating directories
Previously the command created a directory with the same name as specified permissions

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-04-13 12:50:34 +02:00
Paul Wouters
b22a91503b * Mon Mar 16 2015 Paul Wouters <pwouters@redhat.com> - 1.5.3-1
- Updated to 1.5.3 which is a bugfix on 1.5.2 for sighup handling
- Updated to 1.5.2 which fixes DNSSEC validation with different
  trust anchors upstream, local-zone has a new keyword 'inform'
2015-03-16 12:18:28 -04:00
Paul Wouters
ff66ad8069 - Build with --enable-ecdsa 2015-02-02 10:28:06 -05:00
Paul Wouters
c1af899a71 - Fix post to create root.anchor, not root.key, to match cron job 2015-02-01 18:23:25 -05:00
Paul Wouters
98e1f21028 fixup tmpfiles copying 2014-12-09 23:29:13 -05:00
Paul Wouters
6c95ea5c5e bump master with updated changes 2014-12-09 15:58:42 -05:00
Paul Wouters
04cacaef52 - Change systemd-units to systemd
- Use _tmpfilesdir macro, don't mark tmpfiles as config
2014-12-09 15:56:24 -05:00
Paul Wouters
69a3c141e3 add CVE rhbz to changelog 2014-12-09 10:55:58 -05:00
Paul Wouters
74933bccdc - Update to 1.5.1 for CVE-2014-8602
- Removed unbound-aarch64.patch which was merged upstream
2014-12-08 23:34:41 -05:00
Tomas Hozza
72771a7943 update to 1.5.1rc1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-28 18:35:08 +01:00
Peter Robinson
fb8c9b5d1d fix build on aarch64 2014-11-28 13:39:55 +00:00
Tomas Hozza
3249758581 Fix race condition in arc4random (#1166878)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-26 14:20:31 +01:00
Tomas Hozza
6cdcf55a00 update to 1.5.0
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-19 17:41:10 +01:00
Pavel Šimerda
748fd03a49 Resolves: #1115489 - build with python 3.x for fedora >= 22 2014-09-24 14:41:54 +02:00
Pavel Šimerda
bba137d935 Revert "new version 1.4.22"
This reverts commit e92ef1f2e1.
2014-09-19 11:02:43 +02:00
Pavel Šimerda
e92ef1f2e1 new version 1.4.22 2014-09-18 16:06:33 +02:00
Kevin Fenzi
0f1dab65a6 Rebuild for rpm bug 1131960 2014-08-21 11:54:02 -06:00
Peter Robinson
1b0f647092 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-18 06:53:47 +00:00
Dennis Gilmore
60ed64b6d1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 21:44:54 -05:00
Paul Wouters
1b364a79c9 * Thu May 01 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-2
- Added flushcache patch (SVN commit 3125)
2014-05-01 10:12:56 -04:00
Paul Wouters
5f65c3ce7c Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound
Conflicts:
	unbound.spec
2014-03-13 21:48:56 -04:00
Paul Wouters
035078ba01 * Thu Mar 13 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-1
- Updated to 1.4.22
- No longer requires the ldns library
2014-03-13 21:44:08 -04:00
Tomas Hozza
79ada299ec Fix segfault on adding insecure forward zone when using only iterator (#1054192)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-16 19:57:06 +01:00
Tomas Hozza
1321c082e2 run test suite during the build
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-21 11:58:51 +02:00
Paul Wouters
24ebb22384 unbound.conf: also add outgoing-port-avoid: 0-32767 to ensure we
don't hit the SElinux restrictions of ephemeral ports
2013-09-19 10:25:20 -04:00
Paul Wouters
90b7fa1c7e * Thu Sep 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.21-1
- Updated to 1.4.21,
- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)
- Removed patched merged in by upstream
- Enable statistics-cumulative for munin-plugin
- Updated unbound.conf
2013-09-19 10:21:30 -04:00
Paul Wouters
720e14aefa fix old date 2013-09-19 10:01:10 -04:00
Tomas Hozza
46f5a8d1d5 Fix errors found by static analysis of source
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-26 15:50:38 +02:00
Paul Wouters
97c849787b Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound
Conflicts:
	unbound.spec
2013-08-12 11:56:28 -04:00
Paul Wouters
cfcdefa766 * Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-16
- Change unbound.conf to only use ephemeral ports (32768-65535)
2013-08-12 11:55:20 -04:00
Dennis Gilmore
98184a59cc - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-04 00:32:18 -05:00
Tomas Hozza
308ffc60bc provide man page for unbound-streamtcp
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-22 09:33:13 +02:00
Paul Wouters
5bca060465 * Mon Jul 08 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-15
- Re-introduce hardening flags for full relro and pie
- Fixes compilation failure for python module
2013-07-08 15:53:04 -04:00
Paul Wouters
0f4cecfaa6 Revert "don't hardcode hardening flags, let hardened build macro handles it"
This reverts commit f577e323b0.

The reason is two-fold. It causes the unbound daemon to have less security
(no full relro, no PIE) and it failed to compile for me at all on f19,
failing with:

	checking consistency of all components of python development environment... no
2013-07-08 15:48:24 -04:00
Tomas Hozza
f577e323b0 don't hardcode hardening flags, let hardened build macro handles it
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-03 15:25:13 +02:00
Tomas Hozza
b3131e6051 remove missing unbound-rootkey.service from post/preun/postun sections
Also remove initscript from repo, since it is not needed any more.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-03 15:22:48 +02:00
Paul Wouters
113e33794a * Sat Jun 01 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-13
- Run unbound-anchor as user unbound in unbound.service
2013-05-31 23:53:15 -04:00
Paul Wouters
6fff6fa4e6 *bump evr 2013-05-28 18:14:20 -04:00
Paul Wouters
3f230f2522 * fixup unbound.conf and the service file to use root.key, not root.anchor 2013-05-28 18:06:00 -04:00
Paul Wouters
3ee340512c * bump evr 2013-05-28 17:25:51 -04:00
Paul Wouters
2dbdb36bf9 * add unbound-1.4.20-roundrobin.patch 2013-05-28 17:24:24 -04:00
Paul Wouters
6ac27d6e17 * bump version, use more common root.key (not root.anchor) 2013-05-25 13:45:48 -04:00
Paul Wouters
6d2a1ea7ef * Don't copy the unbound.anchor into /etc/unbound 2013-05-24 16:49:57 -04:00
Paul Wouters
259a0ee4dc +* Tue May 21 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-9
- Use /var/lib/unbound/root.anchor (more consistent with other distros)
- Enable round-robin (with noths() patch)
- Enable minimal responses
2013-05-24 16:42:52 -04:00
Paul Wouters
463a11e746 * refix the runuser command in %post 2013-04-22 11:51:40 -04:00
Paul Wouters
179f964c04 * fix runuser call in post 2013-04-19 11:40:58 -04:00
Paul Wouters
2f81455df4 * Tue Apr 16 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-6
- /var/lib/unbound should be owned by unbound. group write is not enough
2013-04-16 21:30:41 -04:00
Paul Wouters
e1ae447acf * install uses -p, not -a 2013-04-12 19:57:45 -04:00
Paul Wouters
92f8605409 * Fri Apr 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-5
- Fix cron job syntax (rhbz#951725)
- Use install -a to prevent .rpmnew files that are identical to originals
2013-04-12 19:39:09 -04:00
Paul Wouters
938672c248 * fixup hardening, incorporating remaining buzilla items 2013-04-11 13:12:28 -04:00
Paul Wouters
a7bd8d0fd1 * bump release 2013-04-08 17:45:47 -04:00
Paul Wouters
84b927f0cc * bump for space fix 2013-04-08 17:44:53 -04:00
Paul Wouters
41fd112537 udpated changelog 2013-04-08 11:59:58 -04:00
Paul Wouters
b591aebdf2 * add Requires: crontabs for unbound-libs 2013-04-08 11:56:45 -04:00
Paul Wouters
2d358950a3 * use %{_sharedstatedir}/unbound for root key 2013-04-08 11:51:59 -04:00
Paul Wouters
709024d8d5 Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound
Conflicts:
	unbound.spec
2013-04-08 11:05:38 -04:00
Paul Wouters
79e69dc533 * move/rename root key to /var/lib/unbound/root.key 2013-04-08 11:04:39 -04:00
Paul Wouters
f2c4fe0294 * update changelog 2013-04-08 10:53:49 -04:00
Paul Wouters
6d7184e9c8 * move root.anchor to /var/lib/unbound 2013-04-08 10:52:51 -04:00
Paul Wouters
b9ddae3b26 * update to 1.4.20 2013-03-21 16:07:08 -04:00
Adam Tkac
0f03662997 Build with full RELRO and symlink unbound-control-setup.8 manpage to unbound-control.8
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-03-05 16:24:17 +01:00
Dennis Gilmore
d6a62e25ba - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild 2013-02-14 20:26:05 -06:00
Paul Wouters
0ab380f115 * -2 was a flawed build, bump again 2012-12-20 15:24:06 -05:00
Paul Wouters
41e5fb9115 * bump 2012-12-20 15:22:59 -05:00
Paul Wouters
d5df5a5afd bump version 2012-12-20 15:09:21 -05:00
Paul Wouters
cb4a1dc6c8 *add patch for #888759 2012-12-20 13:36:24 -05:00
Paul Wouters
c7ac0a0adb * release was -2 instead of -1 2012-12-12 18:25:41 -05:00
Paul Wouters
86feacb2f6 * update to 1.4.19 2012-12-12 08:51:45 -05:00
Paul Wouters
a574083b54 * Fri Nov 09 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-6
- Patch to ensure stube-zone's aren't lost when using dnssec-triggerd
- added unbound-munin.README file
2012-11-10 17:03:02 -05:00
Paul Wouters
daed88d0ec * Added unbound-munin.README 2012-11-10 12:03:14 -05:00
Paul Wouters
06648b78ed * added unbound-1.4.18-stub-hole.patch 2012-11-09 12:36:35 -05:00
Paul Wouters
570b1daab2 - unbound-anchor moved to unbound-libs package. It is needed
to update the root.anchor key file.
2012-11-03 18:55:14 -04:00
Paul Wouters
6a27d5e317 * put the munin define in the right location 2012-11-03 18:44:12 -04:00
Paul Wouters
0062f43896 * fixup cvs anomalies :( 2012-11-03 17:44:41 -04:00