Commit Graph

339 Commits

Author SHA1 Message Date
Paul Wouters
97c849787b Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound
Conflicts:
	unbound.spec
2013-08-12 11:56:28 -04:00
Paul Wouters
cfcdefa766 * Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-16
- Change unbound.conf to only use ephemeral ports (32768-65535)
2013-08-12 11:55:20 -04:00
Dennis Gilmore
98184a59cc - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-04 00:32:18 -05:00
Tomas Hozza
308ffc60bc provide man page for unbound-streamtcp
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-22 09:33:13 +02:00
Paul Wouters
5bca060465 * Mon Jul 08 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-15
- Re-introduce hardening flags for full relro and pie
- Fixes compilation failure for python module
2013-07-08 15:53:04 -04:00
Paul Wouters
0f4cecfaa6 Revert "don't hardcode hardening flags, let hardened build macro handles it"
This reverts commit f577e323b0.

The reason is two-fold. It causes the unbound daemon to have less security
(no full relro, no PIE) and it failed to compile for me at all on f19,
failing with:

	checking consistency of all components of python development environment... no
2013-07-08 15:48:24 -04:00
Tomas Hozza
f577e323b0 don't hardcode hardening flags, let hardened build macro handles it
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-03 15:25:13 +02:00
Tomas Hozza
b3131e6051 remove missing unbound-rootkey.service from post/preun/postun sections
Also remove initscript from repo, since it is not needed any more.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-03 15:22:48 +02:00
Paul Wouters
113e33794a * Sat Jun 01 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-13
- Run unbound-anchor as user unbound in unbound.service
2013-05-31 23:53:15 -04:00
Paul Wouters
6fff6fa4e6 *bump evr 2013-05-28 18:14:20 -04:00
Paul Wouters
3f230f2522 * fixup unbound.conf and the service file to use root.key, not root.anchor 2013-05-28 18:06:00 -04:00
Paul Wouters
3ee340512c * bump evr 2013-05-28 17:25:51 -04:00
Paul Wouters
2dbdb36bf9 * add unbound-1.4.20-roundrobin.patch 2013-05-28 17:24:24 -04:00
Paul Wouters
6ac27d6e17 * bump version, use more common root.key (not root.anchor) 2013-05-25 13:45:48 -04:00
Paul Wouters
6d2a1ea7ef * Don't copy the unbound.anchor into /etc/unbound 2013-05-24 16:49:57 -04:00
Paul Wouters
259a0ee4dc +* Tue May 21 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-9
- Use /var/lib/unbound/root.anchor (more consistent with other distros)
- Enable round-robin (with noths() patch)
- Enable minimal responses
2013-05-24 16:42:52 -04:00
Paul Wouters
463a11e746 * refix the runuser command in %post 2013-04-22 11:51:40 -04:00
Paul Wouters
179f964c04 * fix runuser call in post 2013-04-19 11:40:58 -04:00
Paul Wouters
2f81455df4 * Tue Apr 16 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-6
- /var/lib/unbound should be owned by unbound. group write is not enough
2013-04-16 21:30:41 -04:00
Paul Wouters
e1ae447acf * install uses -p, not -a 2013-04-12 19:57:45 -04:00
Paul Wouters
92f8605409 * Fri Apr 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-5
- Fix cron job syntax (rhbz#951725)
- Use install -a to prevent .rpmnew files that are identical to originals
2013-04-12 19:39:09 -04:00
Paul Wouters
938672c248 * fixup hardening, incorporating remaining buzilla items 2013-04-11 13:12:28 -04:00
Paul Wouters
a7bd8d0fd1 * bump release 2013-04-08 17:45:47 -04:00
Paul Wouters
84b927f0cc * bump for space fix 2013-04-08 17:44:53 -04:00
Paul Wouters
41fd112537 udpated changelog 2013-04-08 11:59:58 -04:00
Paul Wouters
b591aebdf2 * add Requires: crontabs for unbound-libs 2013-04-08 11:56:45 -04:00
Paul Wouters
2d358950a3 * use %{_sharedstatedir}/unbound for root key 2013-04-08 11:51:59 -04:00
Paul Wouters
709024d8d5 Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound
Conflicts:
	unbound.spec
2013-04-08 11:05:38 -04:00
Paul Wouters
79e69dc533 * move/rename root key to /var/lib/unbound/root.key 2013-04-08 11:04:39 -04:00
Paul Wouters
f2c4fe0294 * update changelog 2013-04-08 10:53:49 -04:00
Paul Wouters
6d7184e9c8 * move root.anchor to /var/lib/unbound 2013-04-08 10:52:51 -04:00
Paul Wouters
b9ddae3b26 * update to 1.4.20 2013-03-21 16:07:08 -04:00
Adam Tkac
0f03662997 Build with full RELRO and symlink unbound-control-setup.8 manpage to unbound-control.8
Signed-off-by: Adam Tkac <atkac@redhat.com>
2013-03-05 16:24:17 +01:00
Dennis Gilmore
d6a62e25ba - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild 2013-02-14 20:26:05 -06:00
Paul Wouters
0ab380f115 * -2 was a flawed build, bump again 2012-12-20 15:24:06 -05:00
Paul Wouters
41e5fb9115 * bump 2012-12-20 15:22:59 -05:00
Paul Wouters
d5df5a5afd bump version 2012-12-20 15:09:21 -05:00
Paul Wouters
cb4a1dc6c8 *add patch for #888759 2012-12-20 13:36:24 -05:00
Paul Wouters
c7ac0a0adb * release was -2 instead of -1 2012-12-12 18:25:41 -05:00
Paul Wouters
86feacb2f6 * update to 1.4.19 2012-12-12 08:51:45 -05:00
Paul Wouters
a574083b54 * Fri Nov 09 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-6
- Patch to ensure stube-zone's aren't lost when using dnssec-triggerd
- added unbound-munin.README file
2012-11-10 17:03:02 -05:00
Paul Wouters
daed88d0ec * Added unbound-munin.README 2012-11-10 12:03:14 -05:00
Paul Wouters
06648b78ed * added unbound-1.4.18-stub-hole.patch 2012-11-09 12:36:35 -05:00
Paul Wouters
570b1daab2 - unbound-anchor moved to unbound-libs package. It is needed
to update the root.anchor key file.
2012-11-03 18:55:14 -04:00
Paul Wouters
6a27d5e317 * put the munin define in the right location 2012-11-03 18:44:12 -04:00
Paul Wouters
0062f43896 * fixup cvs anomalies :( 2012-11-03 17:44:41 -04:00
Paul Wouters
b6e4e1c6e6 remove duplicate source line 2012-11-03 17:34:49 -04:00
Paul Wouters
a7ba25e01c * various unbound fixed
- sub packages now depends on base package of same arch
- Build munin package as noarch
- systemd does not handle empty env vars properly
2012-11-03 17:33:45 -04:00
Paul Wouters
a7f7f61a06 Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound
Conflicts:
	unbound.spec
2012-11-03 17:32:35 -04:00
Paul Wouters
90deaa6495 * add unbound-anchor support and more flexible config directories 2012-11-03 17:12:29 -04:00
Paul Wouters
c4f62ca05e * add anchor support and more flexible config directories 2012-11-03 13:05:24 -04:00
Paul Wouters
95ed9b464e * remove temp ulimit call to get core on build system. 2012-09-26 18:08:08 -04:00
Paul Wouters
63b4d75846 * missing patch3 2012-09-26 13:08:55 -04:00
Paul Wouters
6f8d333aae * Wed Sep 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-4
- Patch to allow wildcards in include: statements
- Add directories /etc/unbound/keys.d,conf.d,local.d with
  example entries
2012-09-26 12:38:51 -04:00
Paul Wouters
43af8615e5 * Temp add ulimit to code on build system 2012-09-06 11:00:02 -04:00
Paul Wouters
63b8685833 * Tue Sep 04 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-3
- Fix openssl thread locking bug under high query load
2012-09-04 14:14:02 -04:00
Paul Wouters
8c4f681b8d * Thu Aug 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-2
- Use new systemd-rpm macros (rhbz#850351)
- Clean up old obsoleted dnssec-conf from < fedora 15
2012-08-23 14:40:49 -04:00
Paul Wouters
0d6241b192 - added comment to root.key file 2012-08-05 09:10:11 -04:00
Paul Wouters
136c5eb822 * Fri Aug 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-1
- Updated to 1.4.18 (FIPS related fixes mostly)
- Removed patches that were merged in upstream
2012-08-03 15:38:16 -04:00
Paul Wouters
8580858b0c * Mon Jul 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-5
- Fix for unbound crasher (upstream bug #452)
- Support libunbound functions in man pages and place in -devel
2012-07-23 13:37:51 -04:00
Dennis Gilmore
6b10e8014b - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-21 20:41:00 -05:00
Paul Wouters
943f80f422 slightly reword changelog - add rhbz# 2012-07-03 11:58:40 -04:00
Paul Wouters
9cc8f6adf8 * Tue Jul 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-3
- unbound FIPS patches for lack of md5, and randomness
2012-07-03 11:37:57 -04:00
Adam Tkac
0a7dcbe0ca Don't build unbound-munin on RHEL
Signed-off-by: Adam Tkac <atkac@redhat.com>
2012-06-15 14:37:47 +02:00
Paul Wouters
18cdf892ca * Update unbound to 1.4.17 2012-05-24 13:36:44 -04:00
Paul Wouters
236e44ada3 * Wed Feb 29 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-3
- Since the daemon links to the libs staticly, add Requires:
  (this is rhbz#745288)
- Package up streamtcp as unbound-streamtcp (for monitoring)
2012-02-29 12:44:32 -05:00
Paul Wouters
5458f44889 * Add change for next release 2012-02-27 21:19:58 -05:00
Paul Wouters
6920848c7e * Mon Feb 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-2
- Don't ghost the directory (rhbz#788805)
- Patch for unbound to support unbound-control forward_zone
  (needed for openswan in XAUTH mode)
2012-02-27 21:03:44 -05:00
Paul Wouters
62096c1a2d * Thu Feb 02 2012 Paul Wouters <paul@nohats.ca> - 1.4.16-1
- Upgraded to 1.4.16, which was relesed due to the soname
  and some DNSSEC validation failures
2012-02-02 10:00:37 -05:00
Paul Wouters
1637b0e712 * Wed Feb 01 2012 Paul Wouters <paul@nohats.ca> - 1.4.15-2
- Patch for SONAME version (libtool's -version-number vs -version-info)
2012-01-31 21:09:27 -05:00
Paul Wouters
3bde9d279c * Fri Jan 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.15-1
- Upgraded to 1.4.15
- Updated unbound.conf to show how to configure listening on tls443
2012-01-27 12:08:41 -05:00
Dennis Gilmore
1b9b4dc191 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-14 01:30:46 -06:00
Paul Wouters
9af263621b * Mon Dec 19 2011 Paul Wouters <paul@cypherpunks.ca> - 1.4.14-1
- Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659
- SSL-wrapped query support for dnssec-trigger
- EDNS handling changes
- Removed integrated EDNS patches
- Disabled use-caps-for-id, GoDaddy domains now break on it
- Enabled new harden-below-nxdomain
2011-12-19 10:29:22 -05:00
Paul Wouters
d576f6ecc2 * update version/changelog for unbound 1.4.14 2011-12-19 10:04:11 -05:00
Paul Wouters
0bd071a0d7 * brainfart on sitearch 2011-09-15 14:04:40 -04:00
Paul Wouters
157674d4dd * Fix python to go into archlib instead of sitelib 2011-09-15 13:45:22 -04:00
Paul Wouters
d8a37a0637 Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound
Conflicts:
	unbound.spec
2011-09-15 13:30:00 -04:00
Paul Wouters
5023789b72 * Thu Sep 15 2011 Paul Wouters <paul@xelerance.com> - 1.4.13-1
- Upgraded to 1.4.13
- Removed merged in pythonmod patch
- Added EDNS1480 patch to fix unbound on broken EDNS/UDP networks
2011-09-15 13:19:04 -04:00
Tom "spot" Callaway
a5236243e9 convert to systemd 2011-09-14 16:20:56 -04:00
Paul Wouters
c11a13d55f * Bump release 2011-08-08 18:49:10 -04:00
Paul Wouters
026f7df935 * Mon Aug 08 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-3
- Added pythonmod docs and examples
2011-08-08 18:39:54 -04:00
Paul Wouters
446ddec917 * Mon Aug 08 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-2
- Fix for python module load in the server (Tom Hendrikx)
- No longer enable --enable-debug as it causes degraded  performance
  under load.
2011-08-08 18:02:05 -04:00
Paul Wouters
087b8ded39 * Updated to unbound 1.4.12 2011-07-18 23:44:31 -04:00
Paul Wouters
e0c8cdaf6a * Sun Jul 03 2011 Paul Wouters <paul@xelerance.com> - 1.4.11-1
- Updated to 1.4.11
- removed integrated CVE patch
- updated stock unbound.conf for new options introduced
2011-07-03 18:16:09 -04:00
Paul Wouters
ff840b581b new version of unbound. add #ghost on /var/run file 2011-06-06 22:07:26 -04:00
Paul Wouters
e74f680c47 * Wed May 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-2
- Applied patch for CVE-2011-1922 DoS vulnerability
2011-05-25 15:18:44 -04:00
Paul Wouters
1eeebaf90f added missing files-attr-not-set 2011-03-27 11:55:53 +02:00
Paul Wouters
bff1fb771e updated to 1.4.9 2011-03-27 11:08:46 +02:00
Paul Wouters
df40db990f * Sat Feb 12 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-2
- rebuilt
2011-02-12 13:01:38 -05:00
Paul Wouters
4c0de488f0 * Tue Jan 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-1
- Updated to 1.4.8
- Enable root key for DNSSEC
- Fix unbound-munin to use proper file (could cause excessive logging)
- Build unbound-python per default
- Disable gost as Fedora/EPEL does not allow ECC and has mangled openssl
2011-01-25 20:56:16 -05:00
Paul Wouters
ebb8bd324a - Revert last build - it was on the wrong branch 2010-10-26 11:20:05 -04:00
Paul Wouters
67d14129ba Revert "Disable IPv6 per default, as it causes strong ipv4 degradation on machines"
This reverts commit ba73b71d51.
2010-10-26 11:18:45 -04:00
Paul Wouters
ba73b71d51 Disable IPv6 per default, as it causes strong ipv4 degradation on machines
with no or bad IPv6. Added comments in unbound.conf pointing to discussion
and test sites.
2010-10-26 10:32:35 -04:00
Paul Wouters
7533ac1594 - Bump release - forgot to upload the new tar ball. 2010-06-15 23:39:07 +00:00
Paul Wouters
bcd4f96fdd - Upgraded to 1.4.5 2010-06-15 23:31:11 +00:00
Paul Wouters
a5c5f622e4 - Added accidentally omitted svn patches to cvs 2010-05-31 15:34:14 +00:00
Paul Wouters
75c1f2ea3a - Upgraded to 1.4.4 with svn patches
- Obsolete dnssec-conf to ensure it is de-installed
2010-05-31 15:29:30 +00:00
Paul Wouters
c5fbe5de65 - Update to 1.4.3 that fixes 64bit crasher 2010-03-11 15:08:03 +00:00
Paul Wouters
243e7f46b8 - Updated to 1.4.2
- Updated unbound.conf with new options
- Enabled pre-fetching DNSKEY records (DNSSEC speedup)
- Enabled re-fetching popular records before they expire
- Enabled logging of DNSSEC validation errors
2010-03-09 15:48:42 +00:00
Paul Wouters
cd8741f710 - Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues with
pthreads
2010-03-01 16:22:27 +00:00
Paul Wouters
1f3eace2a1 - Change make/configure lines to attempt to fix -lphtread linking issue 2010-02-24 23:01:53 +00:00
Paul Wouters
6ba3622c40 Add missing line in changelog on svn commit r1953 2010-02-23 20:37:57 +00:00
Paul Wouters
4a09e96e47 - Removed dependancy for dnssec-conf
- Added ISC DLV key (formerly in dnssec-conf)
- Fixup old DLV locations in unbound.conf file via %post
2010-02-23 20:32:08 +00:00
Paul Wouters
213d4a3ccc - Updated to 1.4.1
- Changed %define to %global
2010-01-05 23:07:02 +00:00
Paul Wouters
6b8c1b5bf0 bump version 2009-10-09 01:59:19 +00:00
Paul Wouters
bd0a549f1e - Upgraded to 1.3.4. Security fix with validating NSEC3 records 2009-10-09 01:24:23 +00:00
Tomáš Mráz
03856e01e0 - rebuilt with new openssl 2009-08-21 16:18:36 +00:00
Paul Wouters
dacab27813 - Updated to 1.3.3 2009-08-17 15:10:16 +00:00
Jesse Keating
aa5a68f4d0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-27 06:31:10 +00:00
Paul Wouters
b51bd8aa76 - Added missing glob patch to cvs
- Place python macros within the %with_python check
2009-06-21 04:23:10 +00:00
Paul Wouters
41fa06700a - Updated to 1.3.0
- Added unbound-python sub package. disabled for now
- Patch from svn to fix DLV lookups
- Patches from svn to detect wrong truncated response from BIND 9.6.1 with
    minimal-responses
- Added Default-Start and Default-Stop to unbound.init
- Re-enabled --enable-sha2
- Re-enabled glob.patch
2009-06-21 04:14:54 +00:00
Paul Wouters
422c05d749 - unbound-iterator.patch was not commited 2009-05-20 16:43:09 +00:00
Paul Wouters
17c9b5a493 Added unbound-initgroups-r1453.patch to properly drop group root 2009-05-20 16:17:12 +00:00
Paul Wouters
7a4cedca67 - Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793 2009-05-20 16:15:09 +00:00
Paul Wouters
c63c0b48de - Use --nocheck to avoid giving an error on missing unbound-remote
certs/keys
2009-03-17 05:28:45 +00:00
Paul Wouters
438b0e489d - enable DNSSEC only if it is enabled in sysconfig/dnssec 2009-03-11 19:17:12 +00:00
Adam Tkac
4abd8a925d - add DNSSEC support to initscript, enabled it per default
- add requires dnssec-conf
2009-03-09 20:36:02 +00:00
Jesse Keating
77a522a8e6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-25 22:57:23 +00:00
Paul Wouters
39680537e5 fix a missing hyphen in --with-libevent on the configure line 2009-02-16 22:01:28 +00:00
Paul Wouters
70a277a027 - updated to 1.2.1 2009-02-10 15:19:33 +00:00
Tomáš Mráz
6719db829b - rebuild with new openssl 2009-01-18 14:52:30 +00:00
Paul Wouters
10df4c1379 put libevent back in (got confused between devel and EL-5) 2009-01-14 15:44:12 +00:00
Paul Wouters
9366b83942 Commented out libevent use (we need >= 1.4.5 but fedora only has 1.1) Fix
openssl requirements
2009-01-14 15:15:35 +00:00
Paul Wouters
dc8410b119 remove patches that got accepted upstream 2009-01-14 15:00:44 +00:00
Paul Wouters
24585b987f merge spec file 2009-01-14 14:57:11 +00:00
Paul Wouters
482e5e4041 - Modified scandir patch to silently fail when wildcard matches nothing
- Patch to allow unbound-checkconf to find empty wildcard matches
2009-01-05 13:19:32 +00:00
Paul Wouters
1555a15e2e bump version 2009-01-05 11:50:27 +00:00
Paul Wouters
291d242e15 Fix patch command 2009-01-05 11:49:14 +00:00
Paul Wouters
fbc16b5cb1 fix merge conflict 2009-01-05 11:37:42 +00:00
Paul Wouters
1e7e03b4fd - Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules. 2008-12-08 20:42:45 +00:00
Paul Wouters
09de94e566 bump version, fix .cvsignore. Fix cvs anomalies. 2008-12-02 02:13:31 +00:00
Adam Tkac
cd8c01206e - removed all obsolete chroot related stuff
- label control certs after generation correctly
2008-11-28 09:46:49 +00:00
Paul Wouters
74035300f4 - Updated to unbound 1.1.1 which fixes a crasher and addresses nlnetlabs
bug #219
2008-11-20 15:10:25 +00:00
Paul Wouters
12d3cd563e - Remove the chroot, obsoleted by SElinux
- Add additional munin plugin links supported by unbound plugin
- Move configuration directory from /var/lib/unbound to /etc/unbound
- Modified unbound.init and unbound.conf to account for chroot changes
- Updated unbound.conf with new available options
- Enabled dns-0x20 protection per default
2008-11-19 23:11:51 +00:00
Adam Tkac
39b47dbaf1 - unbound-1.1.0-log_open.patch
- make sure log is opened before chroot call
- tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219
- removed /dev/log and /var/run/unbound and /etc/resolv.conf from chroot,
    not needed
- don't mount files in chroot, it causes problems during updates
- fixed typo in default config file
- removed old 1.0.2 version from sources
2008-11-19 15:39:16 +00:00
Paul Wouters
e4c51b0f38 mark munin plugin config file as such 2008-11-15 06:50:03 +00:00
Paul Wouters
d2fe1dc7ca added munin capabilities to unbound 2008-11-15 06:45:37 +00:00
Paul Wouters
c41f9f1f37 Fix statistics settings in unbound.conf files for unbound-munin 2008-11-15 05:46:07 +00:00
Paul Wouters
05f86a0fef initial srpm import of unbound 2008-10-31 22:29:15 +00:00