Commit Graph

405 Commits

Author SHA1 Message Date
Petr Menšík
a8b2f2adc2 Always auto-restart on crash events
Although no way of crashing is known, ensure unbound will restart itself
in case of crash. That should minimize possible damage and allow less
degraded service until a fix for crashes arrives.

Do not try to restart on configuration failures. There restarts will not
likely to fix the issue anyway.
2024-01-29 12:35:47 +01:00
Petr Menšík
c89e088ab8 Update address of b.root-servers.net (#2253461)
Modification of a config file differs from upstream version, we have it
uncommented in Fedora.

Resolves: rhbz#2253461
2024-01-29 12:32:41 +01:00
Fedora Release Engineering
5a98539d51 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-27 07:05:17 +00:00
Petr Menšík
cac99bf119 Convert to %autorelease and %autochangelog
Finish Paul's conversion to autorelease. Used rpmautospec convert to
migrate old part of changelog into a separate file. That should still
include old changelog entries in the package.

[skip changelog]
2023-12-07 12:33:51 +01:00
Petr Menšík
06e6f74d5f Consider unbound-anchor maintained root.key config file
Required to keep it maintained by the unbound-anchor.service. Do not
reset it to vendor file again on package upgrade. If it were once
modified, keep it modified.

Resolves: rhbz#2142368
2023-12-06 21:59:14 +01:00
Petr Menšík
f3b35b2ddd Rename unbound.sysusers to unbound.conf
Resolves: rhbz#2252265
2023-12-06 21:18:39 +01:00
Petr Menšík
8eb43fc467 Generate configuration file from upstream example.conf
To reduce rebase burden, just modify upstream example with our Fedora
specific changes. The result should be the same, but without the need to
manually add new features into separate config file.
2023-11-10 16:25:39 +01:00
Petr Menšík
d389610bfb Update to 1.19.0 (#2248686)
- New disable-edns-do option

Changes:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-19-0
https://lists.nlnetlabs.nl/pipermail/unbound-users/2023-November/008186.html
2023-11-10 14:23:28 +01:00
Paul Wouters
218f551c24
Fix for resolving outlook.com via forwarders
- See https://github.com/NLnetLabs/unbound/issues/946
- Use autochangelog macro
2023-10-11 16:55:31 -04:00
Petr Menšík
997299863e Correct dependencies on creating the unbound user
Move correct requirements in the package to libs subpackage, which
creates the user.
2023-09-26 20:30:20 +02:00
Petr Menšík
940496db6d Skip failing tests on ELN builds
Some tests are failing, caused by SHA-1 disabled on openssl in those
branches. Skip those tests only on RHEL branches, where this should be a
problem.

Related: https://github.com/NLnetLabs/unbound/pull/770
2023-09-06 13:31:59 +02:00
Petr Menšík
249e1d5601 Update to 1.18.0
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-18-0

- NAT64 support
- Downstream DNS cookies
- EDE caching
- Set max-udp-size default to 1232

Resolves: rhbz#2236097
2023-09-01 11:05:19 +02:00
Fedora Release Engineering
6fcb60a14d Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-22 17:05:22 +00:00
Python Maint
2572eb13e5 Rebuilt for Python 3.12 2023-06-13 20:56:32 +02:00
Chloe Kudryavtsev
fd868a8caf fix building with redis 2023-04-07 02:48:56 +00:00
Fedora Release Engineering
0f8f31408c Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-21 05:47:20 +00:00
Paul Wouters
49e721cb96
clarify gpgverify a bit to make it look less magical 2023-01-13 19:23:47 -05:00
Paul Wouters
ff081b069f
update sources 2023-01-13 19:23:47 -05:00
Paul Wouters
668ceaffe5
update to 1.17.1
- Resolved rhbz#2160397 unbound-1.17.1 is available (bugfix release)
- Add support for building with redis
- update unbound.conf
2023-01-13 19:23:46 -05:00
Petr Menšík
00b1b0c570 Use static dnssec-root.key with link from lib
Points to static data, which would be overwritten by
unbound-anchor.service. Makes default key kept intact and dynamic data
put instead of symlink.

Ignore most of file properties of %_localstatedir/unbound/root.key,
default symlink is replaced with anchor maintained regular file.

Resolves: rhbz#2132103
2023-01-02 21:26:57 +01:00
Petr Menšík
0953d81204 Use systemd-sysusers for user creation (#2105416) 2023-01-02 17:52:10 +01:00
Petr Menšík
e70e0f040e Move unbound user creation to libs (#2149036)
libs contains also few key anchor owned by unbound user. It needs to be
created also for unbound-libs, which is required by all other packages.
2023-01-02 17:51:32 +01:00
Yaakov Selkowitz
2efa55aa14 Disable SHA-1 support in ELN 2022-12-07 19:49:28 -05:00
Petr Menšík
1da004f437 Update to 1.17.0 (#2134348)
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-0

New Features:

- Merge #753: ACL per interface. (New interface-* configuration options).
- Merge #760: PROXYv2 downstream support. (New proxy-protocol-port configuration option).
2022-11-01 16:05:52 +01:00
Petr Menšík
7b3bfe9b4d Correct issues made by unbound-anchor package split
Resolves: rhbz#2110858
2022-10-11 11:34:09 +02:00
Petr Menšík
ad8a93625d Update License tag to SPDX identifier 2022-09-30 13:02:49 +02:00
Petr Menšík
4e237a1016 Update to 1.16.3
Resolves: rhbz#2128638 CVE-2022-3204
2022-09-23 23:01:23 +02:00
Paul Wouters
cb937b3e49
pull in new options of upstream unbound.conf and enable EDE (RFC8914) 2022-08-09 11:08:18 -04:00
Paul Wouters
7722f4b9bb
fix changelog entry 2022-08-09 10:13:35 -04:00
Petr Menšík
2868e371c3 Require openssl tool for unbound-keygen (#2116790) 2022-08-09 12:11:15 +02:00
Petr Menšík
9efe622c79 Update to 0.16.2 (#2105947)
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-2
2022-08-03 20:12:34 +02:00
Fedora Release Engineering
a53f6dc92e Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-23 11:21:53 +00:00
Petr Menšík
9e8de9414f Move host and streamtcp utilities to separate package
They do not require unbound in any sense. They can work with just
unbound-libs and therefore should be installable independently of main
bigger daemon.
2022-06-27 15:50:24 +02:00
Petr Menšík
ab99d1d23e Move unbound-anchor to separate package
It has the service and requires unbound user created. Make it separate,
because some users of unbound-libs might not want or need anchor
maintenance. Make it also easier to add custom options to unbound-anchor
running from the service.

Do not start timer from unbound.service, start instead unbound-anchor
service before starting unbound. It would ensure root anchor is in the
place. Run it from single place from both timer and unbound service.
2022-06-27 15:50:21 +02:00
Python Maint
3e61cdf850 Rebuilt for Python 3.11 2022-06-13 15:31:01 +02:00
Petr Menšík
9cab78fef5 Do not keep keygen running, check certs each time
Rely on condition of unbound-keygen service. If it does stop after
generating them, then it will recreate also after restart later. That
might be the case if someone removes these certificates.
2022-06-07 14:17:11 +02:00
Petr Menšík
2c00b91a49 Update to 1.16.0
Adds basic support for EDE (RFC 8914).

https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-0
2022-06-04 12:08:37 +02:00
Petr Menšík
2bc40de869 Stop creating wrong devel manual pages
Devel manual pages install correct manual pages with 3.gz suffix. But
there are also additional links just with .gz suffix. They are created
only in spec file. I think they were needed before unbound contained
proper installation of manuals for development. It is missing .3 suffix.
But it is not necessary anymore, because such recipe already exists in
upstream Makefile.in.

Resolves: rhbz#2078929
2022-04-26 16:07:07 +02:00
Petr Sklenar
9038e97724 Adding fmf plan 2022-04-20 19:53:53 +00:00
Petr Menšík
c7f8c027aa Add lint exceptions to avoid errors on updates
Fixed something, others are just unimportant warnings.
2022-04-20 21:52:45 +02:00
Petr Menšík
e00e1b55bb Update icann bundle, fix spec errors
rpmlint detects several errors, fix some detected issues.
2022-04-20 21:52:43 +02:00
Petr Menšík
c469ecef15 Import few changes to configuration 2022-03-29 17:28:39 +02:00
Petr Menšík
84e89add4a Update to 1.15.0
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-15-0

- Fix #596: unset the RA bit when a query is blocked by an unbound RPZ nxdomain reply.
  The option rpz-signal-nxdomain-ra allows to signal that a domain is externally
  blocked to clients when it is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is authoritatively answered
  for, so the RPZ zone contents can be checked with DNS queries directed at the RPZ zone.
- Merge PR #616: Update ratelimit logic. It also introduces ratelimit-backoff and
  ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.
2022-03-29 17:25:53 +02:00
Fedora Release Engineering
24949785a4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-22 03:29:59 +00:00
Adrian Reber
b35e3fb2d2
Rebuilt for protobuf 3.19.0 2021-11-06 13:03:18 +01:00
Adrian Reber
63ab0fcf80
Rebuilt for protobuf 3.18.1 2021-10-25 17:38:09 +02:00
Sahana Prasad
c9eef9068b Rebuilt with OpenSSL 3.0.0 2021-09-14 19:17:21 +02:00
Paul Wouters
0ce96eb790
- Resolves: rhbz#1992985 unbound-1.13.2 is available
- Use system-wide crypto policies
2021-08-12 17:58:22 -04:00
Fedora Release Engineering
d747677049 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-23 20:01:00 +00:00
Petr Menšík
adccc55c5a Update source signer's key link
Modifies existing key to better key, since original link stopped
working.
2021-06-24 13:06:57 +02:00