Petr Menšík
07b18f13c3
Enable DNS over HTTPS
2020-11-10 17:11:48 +01:00
Petr Menšík
ee9c33779e
Update config file to 1.12.0
...
Use new defaults from example.conf in Fedora shipped default file.
Don't include dnstap and DoH features yet.
2020-11-10 17:11:48 +01:00
Petr Menšík
9b40e98f88
Update to 1.12.0
...
- DNS flag day 2020 applied
- DNS over HTTPS support
- EDNS client tag support
Upstream changelog:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-12-0
2020-11-10 17:11:44 +01:00
Anna Khaitovich
9bf72f2b97
Revert "Rebuilt for rawhide"
...
This reverts commit 058dac652c
.
2020-09-18 14:24:52 +02:00
Anna Khaitovich
058dac652c
Rebuilt for rawhide
2020-09-18 13:39:03 +02:00
Petr Menšík
db21e34ec3
Rebuilt for libevent rebase
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2020-09-15 14:59:21 +02:00
Fedora Release Engineering
29d755fba8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-29 13:15:57 +00:00
Tom Stellard
66b41c854a
Use make macros
...
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
2020-07-14 14:38:00 +00:00
Miro Hrončok
741df0971d
Rebuilt for Python 3.9
2020-05-22 21:10:05 +02:00
Paul Wouters
b2855b7bff
* Tue May 19 2020 Paul Wouters <pwouters@redhat.com> - 1.10.1-1
...
- Resolves: rhbz#1837279 unbound-1.10.1 is available
- Resolves: rhbz#1837598 CVE-2020-12662 unbound: insufficient control of network message volume leads to DoS
- Resolves: rhbz#1837609 CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers
- Updated unbound.conf for new options in 1.10.1
2020-05-19 15:12:15 -04:00
Paul Wouters
ed8559effa
- Resolves: rhbz#1667742 SELinux is preventing unbound from 'name_bind' accesses on the udp_socket port 61000.
2020-04-29 17:29:43 -04:00
Artem Egorenkov
effb538e20
Upstream isue linked for patch
2020-04-16 17:58:05 +02:00
Artem Egorenkov
4f85ef9c9a
bz1824536. Crash on termination fixed.
2020-04-16 16:49:04 +02:00
Petr Menšík
776a059376
Add dnstap and systemd option build support
2020-03-20 12:33:00 +01:00
Petr Menšík
b6d9ed08b0
Add source signature verification
2020-03-19 14:01:50 +01:00
Petr Menšík
c78f3c816f
Update to 1.10.0 ( #1805199 )
...
Build with a new release.
2020-03-19 13:39:24 +01:00
Petr Menšík
c8f0468078
Use autopatch for new patches
...
Remove unused patch file, simplify adding a new patch. Just Patch: entry
is required with patch file name, autopatch will apply it.
Use new primary website for unbound upstream.
2020-03-19 11:13:20 +01:00
Fedora Release Engineering
7d6a427be7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-31 02:33:41 +00:00
Paul Wouters
cd68171bad
* Fri Dec 13 2019 Paul Wouters <pwouters@redhat.com> - 1.9.6-1
...
- Resolves: rhbz#1758107 unbound-1.9.5 is available
- Resolves: CVE-2019-18934
2019-12-13 15:20:12 -05:00
Paul Wouters
8890aaa359
* Fri Nov 01 2019 Paul Wouters <pwouters@redhat.com> - 1.9.4-1
...
- Fix build on rhel/centos systems
- Resolves: rhbz#1767955 (CVE-2019-16866) uninitialized memory accesses leads to crash via a crafted NOTIFY query
2019-11-01 15:15:09 -04:00
Petr Menšík
57baf9aea1
Make obsoleted package removed without asking
...
Messages provided by dnf are somehow confusing. If user wants more recent
version, let it upgrade without additional flags to dnf.
2019-09-27 00:54:35 +02:00
Petr Menšík
e1df65a0ce
Obsolete no longer provided python2 subpackage ( #1749400 )
...
Python2 is no longer provided. If one wants to upgrade, python2-unbound
has to be uninstalled. Since nothing directly depends on it and no update
is expected on Fedora 30+, make its uninstall smooth.
2019-09-27 00:15:49 +02:00
Paul Wouters
5bfdf89e03
* Tue Aug 27 2019 Paul Wouters <pwouters@redhat.com> - 1.9.3-1
...
- Updated to 1.9.3
- Resolves: rhbz#1672578 unbound-1.9.2 is available
- Resolves: rhbz#1694831 [/usr/lib/tmpfiles.d/unbound.conf:1] Line references path below legacy directory /var/run/
- Resolves: rhbz# 1667387 [abrt] unbound: memmove(): unbound killed by SIGABRT
2019-08-27 12:14:51 -04:00
Miro Hrončok
3031aeaab5
Subpackage python2-unbound has been removed
2019-08-22 17:11:45 +02:00
Miro Hrončok
6eaa4e758f
Rebuilt for Python 3.8
2019-08-15 19:23:32 +02:00
Zbigniew Jędrzejewski-Szmek
373ff61647
Drop trailing comments afer %endif
...
RPM 4.15 doesn't like them.
2019-08-05 22:07:17 +02:00
Zbigniew Jędrzejewski-Szmek
98c6ca6194
Remove very old trigger
...
systemd-sysv-convert was removed many years ago.
2019-08-05 22:03:17 +02:00
Zbigniew Jędrzejewski-Szmek
3ebaa955a5
Drop build-time and install-time requirements on systemd
...
This follows the semi-recent guideline changes:
https://pagure.io/packaging-committee/pull-request/828
https://pagure.io/packaging-committee/pull-request/890#comment-86419
2019-08-05 22:03:17 +02:00
Fedora Release Engineering
8e665ac699
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-27 02:27:21 +00:00
Fedora Release Engineering
f4336b7b3a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-03 10:46:32 +00:00
Paul Wouters
d2e15123b5
- Remove KSK-2010 from configs - it has been revoked
2019-01-11 10:37:16 -05:00
Paul Wouters
55f1ad68ab
- Another dns64 fixup
2019-01-11 10:37:12 -05:00
Paul Wouters
42a7ed2926
- Updated to 1.8.3 with fixes the dns64 bug and has some other minor fixes
2018-12-11 22:07:23 -05:00
Paul Wouters
6e953c2adb
- Fix dns64 allocation in wrong region for returned internal queries.
2018-12-10 15:10:31 -05:00
Paul Wouters
2cd0b94125
* Tue Dec 04 2018 Paul Wouters <pwouters@redhat.com> - 1.8.2-1
...
- Updated to 1.8.2.
- Enabled deny ANY query support and edns-tcp-keepalive
- Set serve-stale timeout to 4h
- Updated unbound.conf for latest options
2018-12-04 13:58:11 -05:00
Petr Menšík
9d074af91d
Allow group by default to unbound-control ( #1640259 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-10-22 16:16:09 +02:00
Petr Menšík
3d0c001d3e
Update to 1.8.1
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-10-08 18:30:41 +02:00
Petr Menšík
b3942245cb
- Fix #4188 : IPv6 forwarders without ipv6 result in SERVFAIL, fixes
...
qname minimisation with a forwarder when connectivity has issues
from rejecting responses.
Resolves: rhbz#1633874
2018-10-01 20:11:11 +02:00
Petr Menšík
787382dfd5
Reset release and add changelog
2018-09-19 22:41:32 +02:00
Petr Menšík
b3bb4ed3ea
Rebase to 1.8.0
...
Remove all patches accepted upstream
2018-09-17 15:30:23 +02:00
Paul Wouters
9e1a4984a2
- Fix for restarting unbound service after deleting key/pem files for remote control
2018-08-13 21:36:37 -04:00
Petr Menšík
e60bea7ca0
Release memory in unbound-host
...
triggered by command:
unbound-host -r -t any -v localhost.
2018-07-31 15:49:56 +02:00
Petr Menšík
b1834b1932
Remove unused Group tag
2018-07-23 18:33:13 +02:00
Petr Menšík
dbae66e0fe
Cleanup generated client and server keys ( #1601773 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-07-18 11:26:09 +02:00
Fedora Release Engineering
2c03912e4c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-14 08:12:44 +00:00
Petr Menšík
f4f56550cc
- Do not call ldconfig if possible
...
- Use systemd macros also for library
2018-07-09 21:32:23 +02:00
Petr Menšík
985c6a75ed
Prefer local resolvers over direct root access. Enables successful trust
...
anchor updates also when no direct queries are available, but local
resolvers support dnssec. Fixes bug #1598078
2018-07-04 12:42:14 +02:00
Miro Hrončok
f39c7483df
Rebuilt for Python 3.7
2018-07-02 18:24:21 +02:00
Petr Menšík
d062cd9952
Update to 1.7.3 ( #1593708 )
2018-06-27 11:33:18 +02:00
Petr Menšík
631ffb8d75
Remove last python2 dependency from python3 build
2018-06-27 11:10:36 +02:00
Miro Hrončok
157c83d87f
Rebuilt for Python 3.7
2018-06-19 11:29:56 +02:00
Paul Wouters
e9cb729533
* Mon Jun 11 2018 Paul Wouters <pwouters@redhat.com> - 1.7.2-1
...
- Resolves rhbz#1589807 unbound-1.7.2 is available
- Add patch to fix stub/forward zone not returning ServFail when TTL expires
- Enabled the new root-key-sentinel option
2018-06-11 16:49:15 -04:00
Petr Menšík
749ca6b65b
Update to 1.7.1 ( #1574495 )
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-05-30 21:08:03 +02:00
Petr Menšík
f81c94bdec
Fix disabled python versions in non-Fedora builds
2018-04-09 16:50:39 +02:00
Petr Menšík
749ab1486e
Make primary python3 version, but install it last
2018-04-09 11:56:51 +02:00
Petr Menšík
1b283a2c9d
Simplify building with single python version
2018-04-09 11:51:39 +02:00
Petr Menšík
20982803c9
Require gcc and make on build
...
Remove group, simplify systemd requires
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2018-04-09 11:35:15 +02:00
Paul Wouters
06f08e4505
* Mon Apr 09 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-4
...
- Patch for prefetching after flushing cache
2018-04-09 11:10:41 +02:00
Paul Wouters
bdec72db18
* Fri Apr 06 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-3
...
- Patch for referral with auth-zone: response
2018-04-06 17:01:26 +02:00
Paul Wouters
7760424284
- Patch for broken Aggressive NSEC + stub-zone configuration causing NXDOMAIN at TTL expiry
2018-03-21 22:01:22 +00:00
Paul Wouters
5a52aae95e
* Thu Mar 15 2018 Paul Wouters <pwouters@redhat.com> - 1.7.0-1
...
- Updated to 1.7.0 (aggressive nsec, local root support, bugfixes)
2018-03-15 17:56:52 -04:00
Petr Menšík
1b9764fb5a
Revert "Improve config formatting"
...
This reverts commit 3d0bac0df2
.
Uncomment again commented out value and bump version.
Comment by Paul Wouters:
The value of 3072 was tailored to cause a failure for ANY requries to isc.org,
which are used a lot by attackers. Now with 4096,
it will fit and the query can be abused again to
cause amplification with that popular dns query.
2018-02-22 11:05:25 +01:00
Petr Menšík
ba13eb790b
Bump the spec instead, previous is already built
2018-02-21 19:55:03 +01:00
Petr Menšík
26cbcabb59
Use default RPM build flags and configure parameters ( #1539097 )
2018-02-21 19:49:44 +01:00
Petr Menšík
14fc685097
Remove group write permission to installed examples
2018-02-21 11:41:22 +01:00
Filipe Rosset
2cd4f499ad
- rebuilt due new libevent 2.1.8
2018-02-14 21:55:14 -02:00
Igor Gnatenko
2883f3f78c
Escape macros in %changelog
...
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-09 09:06:27 +01:00
Paul Wouters
6a2501df2d
* Mon Jan 22 2018 Paul Wouters <pwouters@redhat.com> - 1.6.8-1
...
- Resolves rhbz#1483572 unbound-1.6.8 is available
- Resolves rhbz#1507049 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records
- Resolves rhbz#1536518 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records [fedora-all]
2018-01-22 14:26:50 -05:00
Zbigniew Jędrzejewski-Szmek
bced8e7019
Python 2 binary package renamed to python2-unbound
2017-12-17 12:47:15 -05:00
Paul Wouters
4c89c2a677
- Updated to 1.6.7 (minor bugfixes)
2017-10-12 00:49:47 -04:00
Petr Menšík
3c9b28d8d6
Update icannbundle.pem
2017-10-03 16:19:36 +02:00
Paul Wouters
594dd4101a
- Enable RFC 8145 Trust Anchor Signaling to help the root zone get keytag statistics
2017-10-02 16:52:53 -04:00
Paul Wouters
115c5666a2
* Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1
...
- Resolves: rhbz#1483572 unbound-1.6.6 is available
- Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
2017-09-22 12:47:01 -04:00
genodeftest
8906a869c6
Update upstream URL and use HTTPS where possible
...
According to https://www.nlnetlabs.nl/projects/unbound/ , unbound project URL has moved to the new address.
2017-09-06 18:46:25 +00:00
Paul Wouters
39e1d789fa
* Wed Aug 16 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-4
...
- Rebuilt with KSK2017 added to root.key and root.anchor
- Remove noreplace for root key files. We can only improve these files over local copies
2017-08-16 14:02:44 -04:00
Fedora Release Engineering
f7b2da0bf0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-08-03 09:46:08 +00:00
Fedora Release Engineering
46d2764132
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-27 20:57:58 +00:00
Paul Wouters
82db9e94c2
* Sun Jul 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-1
...
- Updated to 1.6.4 full release, patch to allow missing ipsechook
- Resolves rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook
2017-07-02 13:46:10 +02:00
Paul Wouters
07097d2518
- Update to 1.6.4 (esubnet, ipsecmod support, bugfixes)
2017-06-22 16:34:47 -04:00
Paul Wouters
7d28caf1f9
- Updated to 1.6.3 (fixes assertion failure when receiving malformed packet with 0x20 enabled)
2017-06-13 14:20:12 -04:00
Paul Wouters
a1c71a375c
- Patch for cmd: unbound-control set_option val-permissive-mode: yes
2017-06-08 15:44:41 -04:00
Paul Wouters
a57c3b8b64
* Wed Apr 26 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-1
...
- Update to 1.6.2 (rhbz#1425649)
- Updated unbound.conf with new options
2017-04-26 21:46:09 -04:00
Paul Wouters
1d0203d0e6
only call install once doing both actions
2017-03-22 12:41:12 -04:00
Paul Wouters
3e1303eda9
- Call make unbound-event-install to install unbound-event.h
2017-03-21 22:19:44 -04:00
Fedora Release Engineering
2e01d6cda8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-11 16:42:20 +00:00
Paul Wouters
9f873e2e1a
fixup dlv/root key install
2017-01-18 12:41:19 -05:00
Paul Wouters
d83b37c251
- Remove obsoleted DLV key
2017-01-18 12:04:34 -05:00
Paul Wouters
791e5b5f56
- Actually remove dependency because minimum is always satisfied
...
(and otherwise we need a %{isa} requirement)
2017-01-02 17:24:43 -05:00
Paul Wouters
6be4d94c08
Depend on openssl-libs, not opensl
2017-01-02 14:30:14 -05:00
Kevin Fenzi
652f3fa496
Update to 1.6.0
2016-12-21 12:15:01 -07:00
Miro Hrončok
67a4fff523
Rebuild for Python 3.6
2016-12-19 18:20:38 +01:00
Paul Wouters
83df90d678
* Wed Oct 26 2016 Ilya Evseev <evseev.i@cdnnow.ru> - 1.5.10-2
...
- Bugfix building without python2 and python3
- Fixup streamtcp build (Paul)
Signed-off-by: Paul Wouters <pwouters@redhat.com>
2016-11-04 10:32:18 +05:30
Paul Wouters
be41633bf0
* Tue Sep 27 2016 Paul Wouters <pwouters@redhat.com> - 1.5.10-1
...
- Updated to 1.5.10 (better TCP handling, bugfixes)
- Install pkgconfig file in -devel package
- Updated unbound.conf
2016-09-27 19:26:26 -04:00
Fedora Release Engineering
b2ddf2a810
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
2016-07-19 13:04:34 +00:00
Paul Wouters
a147b9358d
- Fix upper port range to 60999 because that's what selinux allows
2016-07-07 19:22:06 +03:00
Paul Wouters
b0dab5d25d
- Patch for allowing more queries before failure (needed for query minimalization)
2016-06-16 09:29:16 -04:00
Paul Wouters
eb8bec78f6
- Updated to 1.5.9
2016-06-13 11:26:30 -04:00
Toshio Kuratomi
cfb4c4d4ca
Fix streamtcp to link against libpython3.x instead of libpython2.x
2016-04-21 16:53:58 -07:00
Paul Wouters
e76827e11e
update changelog line
2016-03-02 12:39:04 -05:00
Paul Wouters
8e51532c90
* Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1
...
- Update to 1.5.8 which incorporates rhbz#1294339 fix
- Updated unbound.conf with new upstream options
- Enabled ip-transparent: yes (see rhbz#1291449)
2016-03-02 12:35:36 -05:00