Petr Menšík
e70e0f040e
Move unbound user creation to libs ( #2149036 )
...
libs contains also few key anchor owned by unbound user. It needs to be
created also for unbound-libs, which is required by all other packages.
2023-01-02 17:51:32 +01:00
Yaakov Selkowitz
2efa55aa14
Disable SHA-1 support in ELN
2022-12-07 19:49:28 -05:00
Petr Menšík
1da004f437
Update to 1.17.0 ( #2134348 )
...
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-0
New Features:
- Merge #753 : ACL per interface. (New interface-* configuration options).
- Merge #760 : PROXYv2 downstream support. (New proxy-protocol-port configuration option).
2022-11-01 16:05:52 +01:00
Petr Menšík
7b3bfe9b4d
Correct issues made by unbound-anchor package split
...
Resolves: rhbz#2110858
2022-10-11 11:34:09 +02:00
Petr Menšík
ad8a93625d
Update License tag to SPDX identifier
2022-09-30 13:02:49 +02:00
Petr Menšík
4e237a1016
Update to 1.16.3
...
Resolves: rhbz#2128638 CVE-2022-3204
2022-09-23 23:01:23 +02:00
Paul Wouters
cb937b3e49
pull in new options of upstream unbound.conf and enable EDE (RFC8914)
2022-08-09 11:08:18 -04:00
Paul Wouters
7722f4b9bb
fix changelog entry
2022-08-09 10:13:35 -04:00
Petr Menšík
2868e371c3
Require openssl tool for unbound-keygen ( #2116790 )
2022-08-09 12:11:15 +02:00
Petr Menšík
9efe622c79
Update to 0.16.2 ( #2105947 )
...
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-2
2022-08-03 20:12:34 +02:00
Fedora Release Engineering
a53f6dc92e
Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-23 11:21:53 +00:00
Petr Menšík
9e8de9414f
Move host and streamtcp utilities to separate package
...
They do not require unbound in any sense. They can work with just
unbound-libs and therefore should be installable independently of main
bigger daemon.
2022-06-27 15:50:24 +02:00
Petr Menšík
ab99d1d23e
Move unbound-anchor to separate package
...
It has the service and requires unbound user created. Make it separate,
because some users of unbound-libs might not want or need anchor
maintenance. Make it also easier to add custom options to unbound-anchor
running from the service.
Do not start timer from unbound.service, start instead unbound-anchor
service before starting unbound. It would ensure root anchor is in the
place. Run it from single place from both timer and unbound service.
2022-06-27 15:50:21 +02:00
Python Maint
3e61cdf850
Rebuilt for Python 3.11
2022-06-13 15:31:01 +02:00
Petr Menšík
9cab78fef5
Do not keep keygen running, check certs each time
...
Rely on condition of unbound-keygen service. If it does stop after
generating them, then it will recreate also after restart later. That
might be the case if someone removes these certificates.
2022-06-07 14:17:11 +02:00
Petr Menšík
2c00b91a49
Update to 1.16.0
...
Adds basic support for EDE (RFC 8914).
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-0
2022-06-04 12:08:37 +02:00
Petr Menšík
2bc40de869
Stop creating wrong devel manual pages
...
Devel manual pages install correct manual pages with 3.gz suffix. But
there are also additional links just with .gz suffix. They are created
only in spec file. I think they were needed before unbound contained
proper installation of manuals for development. It is missing .3 suffix.
But it is not necessary anymore, because such recipe already exists in
upstream Makefile.in.
Resolves: rhbz#2078929
2022-04-26 16:07:07 +02:00
Petr Menšík
e00e1b55bb
Update icann bundle, fix spec errors
...
rpmlint detects several errors, fix some detected issues.
2022-04-20 21:52:43 +02:00
Petr Menšík
84e89add4a
Update to 1.15.0
...
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-15-0
- Fix #596 : unset the RA bit when a query is blocked by an unbound RPZ nxdomain reply.
The option rpz-signal-nxdomain-ra allows to signal that a domain is externally
blocked to clients when it is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is authoritatively answered
for, so the RPZ zone contents can be checked with DNS queries directed at the RPZ zone.
- Merge PR #616 : Update ratelimit logic. It also introduces ratelimit-backoff and
ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.
2022-03-29 17:25:53 +02:00
Fedora Release Engineering
24949785a4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-22 03:29:59 +00:00
Adrian Reber
b35e3fb2d2
Rebuilt for protobuf 3.19.0
2021-11-06 13:03:18 +01:00
Adrian Reber
63ab0fcf80
Rebuilt for protobuf 3.18.1
2021-10-25 17:38:09 +02:00
Sahana Prasad
c9eef9068b
Rebuilt with OpenSSL 3.0.0
2021-09-14 19:17:21 +02:00
Paul Wouters
0ce96eb790
- Resolves: rhbz#1992985 unbound-1.13.2 is available
...
- Use system-wide crypto policies
2021-08-12 17:58:22 -04:00
Fedora Release Engineering
d747677049
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-23 20:01:00 +00:00
Petr Menšík
adccc55c5a
Update source signer's key link
...
Modifies existing key to better key, since original link stopped
working.
2021-06-24 13:06:57 +02:00
Python Maint
680ab1f23e
Rebuilt for Python 3.10
2021-06-02 21:47:49 +02:00
Artem Egorenkov
195a78ed8e
Option --enable-linux-ip-local-port-range added to use system configured port range for libunbound on Linux
...
Resolves: rhbz#1935101
2021-04-24 15:27:48 +02:00
Paul Wouters
2b640c85f8
- Fix unbound.service to use After=network-online.target
2021-04-13 11:33:09 -04:00
Artem Egorenkov
30c1e39469
DISABLE_UNBOUND_ANCHOR == "yes" disable unbound-anchor on unbound.service startup
2021-04-07 11:16:46 +02:00
Zbigniew Jędrzejewski-Szmek
e90de70c69
Rebuilt for updated systemd-rpm-macros
...
See https://pagure.io/fesco/issue/2583 .
2021-03-02 16:12:06 +01:00
Victor Stinner
67f3c8594f
Fix build on Python 3.10
...
Backport upstream commit:
e0d426ebb1
Resolves: rhbz#1889726
2021-02-16 11:38:52 +01:00
Paul Wouters
809b23a9f1
- Resolves rhbz#1860887 unbound-1.13.1 is available
...
- Fixup unbound.conf
2021-02-09 21:11:43 -05:00
Fedora Release Engineering
4bc5d30582
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-27 22:38:55 +00:00
Petr Menšík
65b8de222e
Update to 1.13.0
...
Enabled TLS and TCP stream reuse for increased performance.
2020-12-10 12:01:38 +01:00
Petr Menšík
b29f943a4c
Build on EPEL without signature check
...
%gpgverify is defined on RHEL 8 in incompatible way to Fedora. Use it
only on Fedora, leave to manual signatures for other distributions.
2020-11-10 17:11:48 +01:00
Petr Menšík
ac21a84ee9
Enable DNSTAP
...
Allows easy recording of incoming and outgoing queries.
2020-11-10 17:11:48 +01:00
Petr Menšík
07b18f13c3
Enable DNS over HTTPS
2020-11-10 17:11:48 +01:00
Petr Menšík
ee9c33779e
Update config file to 1.12.0
...
Use new defaults from example.conf in Fedora shipped default file.
Don't include dnstap and DoH features yet.
2020-11-10 17:11:48 +01:00
Petr Menšík
9b40e98f88
Update to 1.12.0
...
- DNS flag day 2020 applied
- DNS over HTTPS support
- EDNS client tag support
Upstream changelog:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-12-0
2020-11-10 17:11:44 +01:00
Anna Khaitovich
9bf72f2b97
Revert "Rebuilt for rawhide"
...
This reverts commit 058dac652c
.
2020-09-18 14:24:52 +02:00
Anna Khaitovich
058dac652c
Rebuilt for rawhide
2020-09-18 13:39:03 +02:00
Petr Menšík
db21e34ec3
Rebuilt for libevent rebase
...
Signed-off-by: Petr Menšík <pemensik@redhat.com>
2020-09-15 14:59:21 +02:00
Fedora Release Engineering
29d755fba8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-29 13:15:57 +00:00
Tom Stellard
66b41c854a
Use make macros
...
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
2020-07-14 14:38:00 +00:00
Miro Hrončok
741df0971d
Rebuilt for Python 3.9
2020-05-22 21:10:05 +02:00
Paul Wouters
b2855b7bff
* Tue May 19 2020 Paul Wouters <pwouters@redhat.com> - 1.10.1-1
...
- Resolves: rhbz#1837279 unbound-1.10.1 is available
- Resolves: rhbz#1837598 CVE-2020-12662 unbound: insufficient control of network message volume leads to DoS
- Resolves: rhbz#1837609 CVE-2020-12663 unbound: infinite loop via malformed DNS answers received from upstream servers
- Updated unbound.conf for new options in 1.10.1
2020-05-19 15:12:15 -04:00
Paul Wouters
ed8559effa
- Resolves: rhbz#1667742 SELinux is preventing unbound from 'name_bind' accesses on the udp_socket port 61000.
2020-04-29 17:29:43 -04:00
Artem Egorenkov
effb538e20
Upstream isue linked for patch
2020-04-16 17:58:05 +02:00
Artem Egorenkov
4f85ef9c9a
bz1824536. Crash on termination fixed.
2020-04-16 16:49:04 +02:00