Petr Menšík
1b9764fb5a
Revert "Improve config formatting"
...
This reverts commit 3d0bac0df2
.
Uncomment again commented out value and bump version.
Comment by Paul Wouters:
The value of 3072 was tailored to cause a failure for ANY requries to isc.org,
which are used a lot by attackers. Now with 4096,
it will fit and the query can be abused again to
cause amplification with that popular dns query.
2018-02-22 11:05:25 +01:00
Petr Menšík
ba13eb790b
Bump the spec instead, previous is already built
2018-02-21 19:55:03 +01:00
Petr Menšík
26cbcabb59
Use default RPM build flags and configure parameters ( #1539097 )
2018-02-21 19:49:44 +01:00
Petr Menšík
14fc685097
Remove group write permission to installed examples
2018-02-21 11:41:22 +01:00
Filipe Rosset
2cd4f499ad
- rebuilt due new libevent 2.1.8
2018-02-14 21:55:14 -02:00
Igor Gnatenko
2883f3f78c
Escape macros in %changelog
...
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-09 09:06:27 +01:00
Paul Wouters
6a2501df2d
* Mon Jan 22 2018 Paul Wouters <pwouters@redhat.com> - 1.6.8-1
...
- Resolves rhbz#1483572 unbound-1.6.8 is available
- Resolves rhbz#1507049 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records
- Resolves rhbz#1536518 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records [fedora-all]
2018-01-22 14:26:50 -05:00
Zbigniew Jędrzejewski-Szmek
bced8e7019
Python 2 binary package renamed to python2-unbound
2017-12-17 12:47:15 -05:00
Paul Wouters
4c89c2a677
- Updated to 1.6.7 (minor bugfixes)
2017-10-12 00:49:47 -04:00
Petr Menšík
3c9b28d8d6
Update icannbundle.pem
2017-10-03 16:19:36 +02:00
Paul Wouters
594dd4101a
- Enable RFC 8145 Trust Anchor Signaling to help the root zone get keytag statistics
2017-10-02 16:52:53 -04:00
Paul Wouters
115c5666a2
* Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1
...
- Resolves: rhbz#1483572 unbound-1.6.6 is available
- Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
2017-09-22 12:47:01 -04:00
genodeftest
8906a869c6
Update upstream URL and use HTTPS where possible
...
According to https://www.nlnetlabs.nl/projects/unbound/ , unbound project URL has moved to the new address.
2017-09-06 18:46:25 +00:00
Paul Wouters
39e1d789fa
* Wed Aug 16 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-4
...
- Rebuilt with KSK2017 added to root.key and root.anchor
- Remove noreplace for root key files. We can only improve these files over local copies
2017-08-16 14:02:44 -04:00
Fedora Release Engineering
f7b2da0bf0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-08-03 09:46:08 +00:00
Fedora Release Engineering
46d2764132
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-27 20:57:58 +00:00
Paul Wouters
82db9e94c2
* Sun Jul 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-1
...
- Updated to 1.6.4 full release, patch to allow missing ipsechook
- Resolves rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook
2017-07-02 13:46:10 +02:00
Paul Wouters
07097d2518
- Update to 1.6.4 (esubnet, ipsecmod support, bugfixes)
2017-06-22 16:34:47 -04:00
Paul Wouters
7d28caf1f9
- Updated to 1.6.3 (fixes assertion failure when receiving malformed packet with 0x20 enabled)
2017-06-13 14:20:12 -04:00
Paul Wouters
a1c71a375c
- Patch for cmd: unbound-control set_option val-permissive-mode: yes
2017-06-08 15:44:41 -04:00
Paul Wouters
a57c3b8b64
* Wed Apr 26 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-1
...
- Update to 1.6.2 (rhbz#1425649)
- Updated unbound.conf with new options
2017-04-26 21:46:09 -04:00
Paul Wouters
1d0203d0e6
only call install once doing both actions
2017-03-22 12:41:12 -04:00
Paul Wouters
3e1303eda9
- Call make unbound-event-install to install unbound-event.h
2017-03-21 22:19:44 -04:00
Fedora Release Engineering
2e01d6cda8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-11 16:42:20 +00:00
Paul Wouters
9f873e2e1a
fixup dlv/root key install
2017-01-18 12:41:19 -05:00
Paul Wouters
d83b37c251
- Remove obsoleted DLV key
2017-01-18 12:04:34 -05:00
Paul Wouters
791e5b5f56
- Actually remove dependency because minimum is always satisfied
...
(and otherwise we need a %{isa} requirement)
2017-01-02 17:24:43 -05:00
Paul Wouters
6be4d94c08
Depend on openssl-libs, not opensl
2017-01-02 14:30:14 -05:00
Kevin Fenzi
652f3fa496
Update to 1.6.0
2016-12-21 12:15:01 -07:00
Miro Hrončok
67a4fff523
Rebuild for Python 3.6
2016-12-19 18:20:38 +01:00
Paul Wouters
83df90d678
* Wed Oct 26 2016 Ilya Evseev <evseev.i@cdnnow.ru> - 1.5.10-2
...
- Bugfix building without python2 and python3
- Fixup streamtcp build (Paul)
Signed-off-by: Paul Wouters <pwouters@redhat.com>
2016-11-04 10:32:18 +05:30
Paul Wouters
be41633bf0
* Tue Sep 27 2016 Paul Wouters <pwouters@redhat.com> - 1.5.10-1
...
- Updated to 1.5.10 (better TCP handling, bugfixes)
- Install pkgconfig file in -devel package
- Updated unbound.conf
2016-09-27 19:26:26 -04:00
Fedora Release Engineering
b2ddf2a810
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
2016-07-19 13:04:34 +00:00
Paul Wouters
a147b9358d
- Fix upper port range to 60999 because that's what selinux allows
2016-07-07 19:22:06 +03:00
Paul Wouters
b0dab5d25d
- Patch for allowing more queries before failure (needed for query minimalization)
2016-06-16 09:29:16 -04:00
Paul Wouters
eb8bec78f6
- Updated to 1.5.9
2016-06-13 11:26:30 -04:00
Toshio Kuratomi
cfb4c4d4ca
Fix streamtcp to link against libpython3.x instead of libpython2.x
2016-04-21 16:53:58 -07:00
Paul Wouters
e76827e11e
update changelog line
2016-03-02 12:39:04 -05:00
Paul Wouters
8e51532c90
* Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1
...
- Update to 1.5.8 which incorporates rhbz#1294339 fix
- Updated unbound.conf with new upstream options
- Enabled ip-transparent: yes (see rhbz#1291449)
2016-03-02 12:35:36 -05:00
Fedora Release Engineering
5f261fac04
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-05 02:19:55 +00:00
Tomas Hozza
aa8e8f6541
Fix escaping of shell chars in unbound-control-setup ( #1294339 )
2016-01-21 12:35:02 +01:00
Paul Wouters
ec26998079
* Fri Dec 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.7-1
...
- Update to 1.5.7
- Enable query minimalization for enhanced DNS query privacy
- Enable nxdomain hardening to assist with query minimalization and SBLs
- Updated default unbound.conf for new features from upstream.
2015-12-11 10:06:07 -05:00
Tomas Hozza
86e8e4801e
Update to 1.5.6 ( #1176729 )
2015-11-13 15:20:08 +01:00
Robert Kuska
3247f52bf4
Rebuilt for Python3.5 rebuild
2015-11-04 12:56:16 +01:00
Tomas Hozza
63b277e028
New upstream release 1.5.5 ( #1269137 )
...
- Removed the anchor update from %post section of -libs subpackage (#1269137#c2)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-10-07 17:04:36 +02:00
Tomas Hozza
bbc56d0b27
Removed dependency and ordering on unbound-anchor.service in unbound.service
...
Once ntpdate.service is fixed to order itself After nss-lookup.target,
there will be an ordering loop. To reproduce this do:
[root@notas ~]# yum -y install unbound ntpdate chrony
[root@notas ~]# systemctl enable ntpdate.service chronyd.service unbound-anchor.timer unbound.service unbound-anchor.service
[root@notas ~]# systemd-analyze verify /usr/lib/systemd/system/*
And then in the output you can find:
Found ordering cycle on ntpdate.service/stop
Found dependency on nss-lookup.target/start
Found dependency on unbound.service/start
Found dependency on unbound-anchor.service/start
Found dependency on unbound-anchor.timer/start
Found dependency on time-sync.target/start
Found dependency on chrony-wait.service/stop
Found dependency on chronyd.service/stop
Found dependency on ntpdate.service/stop
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-15 14:44:53 +02:00
Tomas Hozza
61d5f48558
Prefer Python3 build over Python2 build for now ( #1254566 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-03 19:56:57 +02:00
Tomas Hozza
9668107e96
Removed After syslog.target since it is not needed any more
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-20 14:38:36 +02:00
Tomas Hozza
308425859f
Added ExecReload section to unbound.service ( #1195785 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-20 14:36:58 +02:00
Tomas Hozza
d0f71ea19f
Rename root.anchor to root.key in %post section
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-16 14:04:06 +02:00
Tomas Hozza
7aa01f9152
Start unbound-anchor.timer only on new installations
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-16 13:44:16 +02:00
Paul Wouters
fdd77f9ee3
* Tue Jul 14 2015 Paul Wouters <pwouters@redhat.com> - 1.5.4-1
...
- Update to 1.5.4
- Removed patches merged into upstream
2015-07-13 22:45:42 -04:00
Tomas Hozza
59bf21ae42
Revert: Use low maximum negative cache TTL (5 sec)
...
The TTL will be rather set by the dnssec-trigger-script
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-16 21:53:11 +02:00
Tomas Hozza
c5473f18c9
Revert "Use low maximum negative cache TTL (5 sec) ( #1229596 )"
...
This reverts commit d8ef6e9f01
.
2015-06-16 21:50:42 +02:00
Tomas Hozza
d8ef6e9f01
Use low maximum negative cache TTL (5 sec) ( #1229596 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-15 19:35:41 +02:00
Tomas Hozza
41b8e28ac9
Add option for maximum negative cache TTL ( #1229599 )
2015-06-15 19:20:46 +02:00
Tomas Hozza
6b19dd7ea5
Removed usage of DLV from the default configuration ( #1223363 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-26 13:02:06 +02:00
Tomas Hozza
3e229ffe15
unbound.service now Wants unbound-anchor.timer
...
- unbound-anchor man page moved to the unbound-libs
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-13 13:17:43 +02:00
Paul Wouters
631b26d099
- Fixup scriptlets causing systemctl: command not found
...
- Resolves rhbz#1219587 Error in PREIN scriptlet in rpm package unbound-libs
2015-05-11 12:56:15 -04:00
Tomas Hozza
2a169a866b
migrate cronjob to systemd timer unit ( #1177285 )
...
- change the period for unbound-anchor from monthly to daily (#1180267 )
- Thanks to Tomasz Torcz <ttorcz@fedoraproject.org> for the initial patch
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-04-27 16:50:57 +02:00
Tomas Hozza
9d0daced90
Fix FTBFS and build Python 2 and 3 bindings
...
- Fix FTBFS (#1206129 )
- Build python3-unbound and python-unbound bindings for Python 3 and 2 (#1188080 )
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-04-16 16:18:59 +02:00
Tomas Hozza
ebc942cc93
Fix install command when creating directories
...
Previously the command created a directory with the same name as specified permissions
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-04-13 12:50:34 +02:00
Paul Wouters
b22a91503b
* Mon Mar 16 2015 Paul Wouters <pwouters@redhat.com> - 1.5.3-1
...
- Updated to 1.5.3 which is a bugfix on 1.5.2 for sighup handling
- Updated to 1.5.2 which fixes DNSSEC validation with different
trust anchors upstream, local-zone has a new keyword 'inform'
2015-03-16 12:18:28 -04:00
Paul Wouters
ff66ad8069
- Build with --enable-ecdsa
2015-02-02 10:28:06 -05:00
Paul Wouters
c1af899a71
- Fix post to create root.anchor, not root.key, to match cron job
2015-02-01 18:23:25 -05:00
Paul Wouters
98e1f21028
fixup tmpfiles copying
2014-12-09 23:29:13 -05:00
Paul Wouters
6c95ea5c5e
bump master with updated changes
2014-12-09 15:58:42 -05:00
Paul Wouters
04cacaef52
- Change systemd-units to systemd
...
- Use _tmpfilesdir macro, don't mark tmpfiles as config
2014-12-09 15:56:24 -05:00
Paul Wouters
69a3c141e3
add CVE rhbz to changelog
2014-12-09 10:55:58 -05:00
Paul Wouters
74933bccdc
- Update to 1.5.1 for CVE-2014-8602
...
- Removed unbound-aarch64.patch which was merged upstream
2014-12-08 23:34:41 -05:00
Tomas Hozza
72771a7943
update to 1.5.1rc1
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-28 18:35:08 +01:00
Peter Robinson
fb8c9b5d1d
fix build on aarch64
2014-11-28 13:39:55 +00:00
Tomas Hozza
3249758581
Fix race condition in arc4random ( #1166878 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-26 14:20:31 +01:00
Tomas Hozza
6cdcf55a00
update to 1.5.0
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-19 17:41:10 +01:00
Pavel Šimerda
748fd03a49
Resolves : #1115489 - build with python 3.x for fedora >= 22
2014-09-24 14:41:54 +02:00
Pavel Šimerda
bba137d935
Revert "new version 1.4.22"
...
This reverts commit e92ef1f2e1
.
2014-09-19 11:02:43 +02:00
Pavel Šimerda
e92ef1f2e1
new version 1.4.22
2014-09-18 16:06:33 +02:00
Kevin Fenzi
0f1dab65a6
Rebuild for rpm bug 1131960
2014-08-21 11:54:02 -06:00
Peter Robinson
1b0f647092
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-18 06:53:47 +00:00
Dennis Gilmore
60ed64b6d1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 21:44:54 -05:00
Paul Wouters
1b364a79c9
* Thu May 01 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-2
...
- Added flushcache patch (SVN commit 3125)
2014-05-01 10:12:56 -04:00
Paul Wouters
5f65c3ce7c
Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound
...
Conflicts:
unbound.spec
2014-03-13 21:48:56 -04:00
Paul Wouters
035078ba01
* Thu Mar 13 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-1
...
- Updated to 1.4.22
- No longer requires the ldns library
2014-03-13 21:44:08 -04:00
Tomas Hozza
79ada299ec
Fix segfault on adding insecure forward zone when using only iterator ( #1054192 )
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-16 19:57:06 +01:00
Tomas Hozza
1321c082e2
run test suite during the build
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-21 11:58:51 +02:00
Paul Wouters
24ebb22384
unbound.conf: also add outgoing-port-avoid: 0-32767 to ensure we
...
don't hit the SElinux restrictions of ephemeral ports
2013-09-19 10:25:20 -04:00
Paul Wouters
90b7fa1c7e
* Thu Sep 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.21-1
...
- Updated to 1.4.21,
- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)
- Removed patched merged in by upstream
- Enable statistics-cumulative for munin-plugin
- Updated unbound.conf
2013-09-19 10:21:30 -04:00
Paul Wouters
720e14aefa
fix old date
2013-09-19 10:01:10 -04:00
Tomas Hozza
46f5a8d1d5
Fix errors found by static analysis of source
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-26 15:50:38 +02:00
Paul Wouters
97c849787b
Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound
...
Conflicts:
unbound.spec
2013-08-12 11:56:28 -04:00
Paul Wouters
cfcdefa766
* Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-16
...
- Change unbound.conf to only use ephemeral ports (32768-65535)
2013-08-12 11:55:20 -04:00
Dennis Gilmore
98184a59cc
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
2013-08-04 00:32:18 -05:00
Tomas Hozza
308ffc60bc
provide man page for unbound-streamtcp
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-22 09:33:13 +02:00
Paul Wouters
5bca060465
* Mon Jul 08 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-15
...
- Re-introduce hardening flags for full relro and pie
- Fixes compilation failure for python module
2013-07-08 15:53:04 -04:00
Paul Wouters
0f4cecfaa6
Revert "don't hardcode hardening flags, let hardened build macro handles it"
...
This reverts commit f577e323b0
.
The reason is two-fold. It causes the unbound daemon to have less security
(no full relro, no PIE) and it failed to compile for me at all on f19,
failing with:
checking consistency of all components of python development environment... no
2013-07-08 15:48:24 -04:00
Tomas Hozza
f577e323b0
don't hardcode hardening flags, let hardened build macro handles it
...
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-03 15:25:13 +02:00
Tomas Hozza
b3131e6051
remove missing unbound-rootkey.service from post/preun/postun sections
...
Also remove initscript from repo, since it is not needed any more.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-03 15:22:48 +02:00
Paul Wouters
113e33794a
* Sat Jun 01 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-13
...
- Run unbound-anchor as user unbound in unbound.service
2013-05-31 23:53:15 -04:00
Paul Wouters
6fff6fa4e6
*bump evr
2013-05-28 18:14:20 -04:00
Paul Wouters
3f230f2522
* fixup unbound.conf and the service file to use root.key, not root.anchor
2013-05-28 18:06:00 -04:00