Commit Graph

278 Commits

Author SHA1 Message Date
Petr Menšík
1b9764fb5a Revert "Improve config formatting"
This reverts commit 3d0bac0df2.

Uncomment again commented out value and bump version.

Comment by Paul Wouters:
The value of 3072 was tailored to cause a failure for ANY requries to isc.org,
which are used a lot by attackers. Now with 4096,
it will fit and the query can be abused again to
cause amplification with that popular dns query.
2018-02-22 11:05:25 +01:00
Petr Menšík
ba13eb790b Bump the spec instead, previous is already built 2018-02-21 19:55:03 +01:00
Petr Menšík
26cbcabb59 Use default RPM build flags and configure parameters (#1539097) 2018-02-21 19:49:44 +01:00
Petr Menšík
14fc685097 Remove group write permission to installed examples 2018-02-21 11:41:22 +01:00
Filipe Rosset
2cd4f499ad - rebuilt due new libevent 2.1.8 2018-02-14 21:55:14 -02:00
Igor Gnatenko
2883f3f78c
Escape macros in %changelog
Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-09 09:06:27 +01:00
Paul Wouters
6a2501df2d * Mon Jan 22 2018 Paul Wouters <pwouters@redhat.com> - 1.6.8-1
- Resolves rhbz#1483572 unbound-1.6.8 is available
- Resolves rhbz#1507049 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records
- Resolves rhbz#1536518 CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records [fedora-all]
2018-01-22 14:26:50 -05:00
Zbigniew Jędrzejewski-Szmek
bced8e7019 Python 2 binary package renamed to python2-unbound 2017-12-17 12:47:15 -05:00
Paul Wouters
4c89c2a677 - Updated to 1.6.7 (minor bugfixes) 2017-10-12 00:49:47 -04:00
Petr Menšík
3c9b28d8d6 Update icannbundle.pem 2017-10-03 16:19:36 +02:00
Paul Wouters
594dd4101a - Enable RFC 8145 Trust Anchor Signaling to help the root zone get keytag statistics 2017-10-02 16:52:53 -04:00
Paul Wouters
115c5666a2 * Fri Sep 22 2017 Paul Wouters <pwouters@redhat.com> - 1.6.6-1
- Resolves: rhbz#1483572 unbound-1.6.6 is available
- Resolves: rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook (edit)
2017-09-22 12:47:01 -04:00
genodeftest
8906a869c6 Update upstream URL and use HTTPS where possible
According to https://www.nlnetlabs.nl/projects/unbound/, unbound project URL has moved to the new address.
2017-09-06 18:46:25 +00:00
Paul Wouters
39e1d789fa * Wed Aug 16 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-4
- Rebuilt with KSK2017 added to root.key and root.anchor
- Remove noreplace for root key files. We can only improve these files over local copies
2017-08-16 14:02:44 -04:00
Fedora Release Engineering
f7b2da0bf0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 09:46:08 +00:00
Fedora Release Engineering
46d2764132 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 20:57:58 +00:00
Paul Wouters
82db9e94c2 * Sun Jul 02 2017 Paul Wouters <pwouters@redhat.com> - 1.6.4-1
- Updated to 1.6.4 full release, patch to allow missing ipsechook
- Resolves rhbz#1465575 unbound fails to start up, complains about missing ipsecmod-hook
2017-07-02 13:46:10 +02:00
Paul Wouters
07097d2518 - Update to 1.6.4 (esubnet, ipsecmod support, bugfixes) 2017-06-22 16:34:47 -04:00
Paul Wouters
7d28caf1f9 - Updated to 1.6.3 (fixes assertion failure when receiving malformed packet with 0x20 enabled) 2017-06-13 14:20:12 -04:00
Paul Wouters
a1c71a375c - Patch for cmd: unbound-control set_option val-permissive-mode: yes 2017-06-08 15:44:41 -04:00
Paul Wouters
a57c3b8b64 * Wed Apr 26 2017 Paul Wouters <pwouters@redhat.com> - 1.6.2-1
- Update to 1.6.2 (rhbz#1425649)
- Updated unbound.conf with new options
2017-04-26 21:46:09 -04:00
Paul Wouters
1d0203d0e6 only call install once doing both actions 2017-03-22 12:41:12 -04:00
Paul Wouters
3e1303eda9 - Call make unbound-event-install to install unbound-event.h 2017-03-21 22:19:44 -04:00
Fedora Release Engineering
2e01d6cda8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 16:42:20 +00:00
Paul Wouters
9f873e2e1a fixup dlv/root key install 2017-01-18 12:41:19 -05:00
Paul Wouters
d83b37c251 - Remove obsoleted DLV key 2017-01-18 12:04:34 -05:00
Paul Wouters
791e5b5f56 - Actually remove dependency because minimum is always satisfied
(and otherwise we need a %{isa} requirement)
2017-01-02 17:24:43 -05:00
Paul Wouters
6be4d94c08 Depend on openssl-libs, not opensl 2017-01-02 14:30:14 -05:00
Kevin Fenzi
652f3fa496 Update to 1.6.0 2016-12-21 12:15:01 -07:00
Miro Hrončok
67a4fff523 Rebuild for Python 3.6 2016-12-19 18:20:38 +01:00
Paul Wouters
83df90d678 * Wed Oct 26 2016 Ilya Evseev <evseev.i@cdnnow.ru> - 1.5.10-2
- Bugfix building without python2 and python3
- Fixup streamtcp build (Paul)

Signed-off-by: Paul Wouters <pwouters@redhat.com>
2016-11-04 10:32:18 +05:30
Paul Wouters
be41633bf0 * Tue Sep 27 2016 Paul Wouters <pwouters@redhat.com> - 1.5.10-1
- Updated to 1.5.10 (better TCP handling, bugfixes)
- Install pkgconfig file in -devel package
- Updated unbound.conf
2016-09-27 19:26:26 -04:00
Fedora Release Engineering
b2ddf2a810 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages 2016-07-19 13:04:34 +00:00
Paul Wouters
a147b9358d - Fix upper port range to 60999 because that's what selinux allows 2016-07-07 19:22:06 +03:00
Paul Wouters
b0dab5d25d - Patch for allowing more queries before failure (needed for query minimalization) 2016-06-16 09:29:16 -04:00
Paul Wouters
eb8bec78f6 - Updated to 1.5.9 2016-06-13 11:26:30 -04:00
Toshio Kuratomi
cfb4c4d4ca Fix streamtcp to link against libpython3.x instead of libpython2.x 2016-04-21 16:53:58 -07:00
Paul Wouters
e76827e11e update changelog line 2016-03-02 12:39:04 -05:00
Paul Wouters
8e51532c90 * Wed Mar 02 2016 Paul Wouters <pwouters@redhat.com> - 1.5.8-1
- Update to 1.5.8 which incorporates rhbz#1294339 fix
- Updated unbound.conf with new upstream options
- Enabled ip-transparent: yes (see rhbz#1291449)
2016-03-02 12:35:36 -05:00
Fedora Release Engineering
5f261fac04 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-05 02:19:55 +00:00
Tomas Hozza
aa8e8f6541 Fix escaping of shell chars in unbound-control-setup (#1294339) 2016-01-21 12:35:02 +01:00
Paul Wouters
ec26998079 * Fri Dec 11 2015 Paul Wouters <pwouters@redhat.com> - 1.5.7-1
- Update to 1.5.7
- Enable query minimalization for enhanced DNS query privacy
- Enable nxdomain hardening to assist with query minimalization and SBLs
- Updated default unbound.conf for new features from upstream.
2015-12-11 10:06:07 -05:00
Tomas Hozza
86e8e4801e Update to 1.5.6 (#1176729) 2015-11-13 15:20:08 +01:00
Robert Kuska
3247f52bf4 Rebuilt for Python3.5 rebuild 2015-11-04 12:56:16 +01:00
Tomas Hozza
63b277e028 New upstream release 1.5.5 (#1269137)
- Removed the anchor update from %post section of -libs subpackage (#1269137#c2)

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-10-07 17:04:36 +02:00
Tomas Hozza
bbc56d0b27 Removed dependency and ordering on unbound-anchor.service in unbound.service
Once ntpdate.service is fixed to order itself After nss-lookup.target,
there will be an ordering loop. To reproduce this do:

[root@notas ~]# yum -y install unbound ntpdate chrony
[root@notas ~]# systemctl enable ntpdate.service chronyd.service unbound-anchor.timer unbound.service unbound-anchor.service
[root@notas ~]# systemd-analyze verify /usr/lib/systemd/system/*

And then in the output you can find:
Found ordering cycle on ntpdate.service/stop
Found dependency on nss-lookup.target/start
Found dependency on unbound.service/start
Found dependency on unbound-anchor.service/start
Found dependency on unbound-anchor.timer/start
Found dependency on time-sync.target/start
Found dependency on chrony-wait.service/stop
Found dependency on chronyd.service/stop
Found dependency on ntpdate.service/stop

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-15 14:44:53 +02:00
Tomas Hozza
61d5f48558 Prefer Python3 build over Python2 build for now (#1254566)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-09-03 19:56:57 +02:00
Tomas Hozza
9668107e96 Removed After syslog.target since it is not needed any more
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-20 14:38:36 +02:00
Tomas Hozza
308425859f Added ExecReload section to unbound.service (#1195785)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-20 14:36:58 +02:00
Tomas Hozza
d0f71ea19f Rename root.anchor to root.key in %post section
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-16 14:04:06 +02:00
Tomas Hozza
7aa01f9152 Start unbound-anchor.timer only on new installations
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-07-16 13:44:16 +02:00
Paul Wouters
fdd77f9ee3 * Tue Jul 14 2015 Paul Wouters <pwouters@redhat.com> - 1.5.4-1
- Update to 1.5.4
- Removed patches merged into upstream
2015-07-13 22:45:42 -04:00
Tomas Hozza
59bf21ae42 Revert: Use low maximum negative cache TTL (5 sec)
The TTL will be rather set by the dnssec-trigger-script

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-16 21:53:11 +02:00
Tomas Hozza
c5473f18c9 Revert "Use low maximum negative cache TTL (5 sec) (#1229596)"
This reverts commit d8ef6e9f01.
2015-06-16 21:50:42 +02:00
Tomas Hozza
d8ef6e9f01 Use low maximum negative cache TTL (5 sec) (#1229596)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-06-15 19:35:41 +02:00
Tomas Hozza
41b8e28ac9 Add option for maximum negative cache TTL (#1229599) 2015-06-15 19:20:46 +02:00
Tomas Hozza
6b19dd7ea5 Removed usage of DLV from the default configuration (#1223363)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-26 13:02:06 +02:00
Tomas Hozza
3e229ffe15 unbound.service now Wants unbound-anchor.timer
- unbound-anchor man page moved to the unbound-libs

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-05-13 13:17:43 +02:00
Paul Wouters
631b26d099 - Fixup scriptlets causing systemctl: command not found
- Resolves rhbz#1219587 Error in PREIN scriptlet in rpm package unbound-libs
2015-05-11 12:56:15 -04:00
Tomas Hozza
2a169a866b migrate cronjob to systemd timer unit (#1177285)
- change the period for unbound-anchor from monthly to daily (#1180267)
- Thanks to Tomasz Torcz <ttorcz@fedoraproject.org> for the initial patch

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-04-27 16:50:57 +02:00
Tomas Hozza
9d0daced90 Fix FTBFS and build Python 2 and 3 bindings
- Fix FTBFS (#1206129)
- Build python3-unbound and python-unbound bindings for Python 3 and 2 (#1188080)

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-04-16 16:18:59 +02:00
Tomas Hozza
ebc942cc93 Fix install command when creating directories
Previously the command created a directory with the same name as specified permissions

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2015-04-13 12:50:34 +02:00
Paul Wouters
b22a91503b * Mon Mar 16 2015 Paul Wouters <pwouters@redhat.com> - 1.5.3-1
- Updated to 1.5.3 which is a bugfix on 1.5.2 for sighup handling
- Updated to 1.5.2 which fixes DNSSEC validation with different
  trust anchors upstream, local-zone has a new keyword 'inform'
2015-03-16 12:18:28 -04:00
Paul Wouters
ff66ad8069 - Build with --enable-ecdsa 2015-02-02 10:28:06 -05:00
Paul Wouters
c1af899a71 - Fix post to create root.anchor, not root.key, to match cron job 2015-02-01 18:23:25 -05:00
Paul Wouters
98e1f21028 fixup tmpfiles copying 2014-12-09 23:29:13 -05:00
Paul Wouters
6c95ea5c5e bump master with updated changes 2014-12-09 15:58:42 -05:00
Paul Wouters
04cacaef52 - Change systemd-units to systemd
- Use _tmpfilesdir macro, don't mark tmpfiles as config
2014-12-09 15:56:24 -05:00
Paul Wouters
69a3c141e3 add CVE rhbz to changelog 2014-12-09 10:55:58 -05:00
Paul Wouters
74933bccdc - Update to 1.5.1 for CVE-2014-8602
- Removed unbound-aarch64.patch which was merged upstream
2014-12-08 23:34:41 -05:00
Tomas Hozza
72771a7943 update to 1.5.1rc1
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-28 18:35:08 +01:00
Peter Robinson
fb8c9b5d1d fix build on aarch64 2014-11-28 13:39:55 +00:00
Tomas Hozza
3249758581 Fix race condition in arc4random (#1166878)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-26 14:20:31 +01:00
Tomas Hozza
6cdcf55a00 update to 1.5.0
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-11-19 17:41:10 +01:00
Pavel Šimerda
748fd03a49 Resolves: #1115489 - build with python 3.x for fedora >= 22 2014-09-24 14:41:54 +02:00
Pavel Šimerda
bba137d935 Revert "new version 1.4.22"
This reverts commit e92ef1f2e1.
2014-09-19 11:02:43 +02:00
Pavel Šimerda
e92ef1f2e1 new version 1.4.22 2014-09-18 16:06:33 +02:00
Kevin Fenzi
0f1dab65a6 Rebuild for rpm bug 1131960 2014-08-21 11:54:02 -06:00
Peter Robinson
1b0f647092 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-18 06:53:47 +00:00
Dennis Gilmore
60ed64b6d1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 21:44:54 -05:00
Paul Wouters
1b364a79c9 * Thu May 01 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-2
- Added flushcache patch (SVN commit 3125)
2014-05-01 10:12:56 -04:00
Paul Wouters
5f65c3ce7c Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound
Conflicts:
	unbound.spec
2014-03-13 21:48:56 -04:00
Paul Wouters
035078ba01 * Thu Mar 13 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-1
- Updated to 1.4.22
- No longer requires the ldns library
2014-03-13 21:44:08 -04:00
Tomas Hozza
79ada299ec Fix segfault on adding insecure forward zone when using only iterator (#1054192)
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2014-01-16 19:57:06 +01:00
Tomas Hozza
1321c082e2 run test suite during the build
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-10-21 11:58:51 +02:00
Paul Wouters
24ebb22384 unbound.conf: also add outgoing-port-avoid: 0-32767 to ensure we
don't hit the SElinux restrictions of ephemeral ports
2013-09-19 10:25:20 -04:00
Paul Wouters
90b7fa1c7e * Thu Sep 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.21-1
- Updated to 1.4.21,
- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)
- Removed patched merged in by upstream
- Enable statistics-cumulative for munin-plugin
- Updated unbound.conf
2013-09-19 10:21:30 -04:00
Paul Wouters
720e14aefa fix old date 2013-09-19 10:01:10 -04:00
Tomas Hozza
46f5a8d1d5 Fix errors found by static analysis of source
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-08-26 15:50:38 +02:00
Paul Wouters
97c849787b Merge branch 'master' of ssh://pkgs.fedoraproject.org/unbound
Conflicts:
	unbound.spec
2013-08-12 11:56:28 -04:00
Paul Wouters
cfcdefa766 * Mon Aug 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-16
- Change unbound.conf to only use ephemeral ports (32768-65535)
2013-08-12 11:55:20 -04:00
Dennis Gilmore
98184a59cc - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-04 00:32:18 -05:00
Tomas Hozza
308ffc60bc provide man page for unbound-streamtcp
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-22 09:33:13 +02:00
Paul Wouters
5bca060465 * Mon Jul 08 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-15
- Re-introduce hardening flags for full relro and pie
- Fixes compilation failure for python module
2013-07-08 15:53:04 -04:00
Paul Wouters
0f4cecfaa6 Revert "don't hardcode hardening flags, let hardened build macro handles it"
This reverts commit f577e323b0.

The reason is two-fold. It causes the unbound daemon to have less security
(no full relro, no PIE) and it failed to compile for me at all on f19,
failing with:

	checking consistency of all components of python development environment... no
2013-07-08 15:48:24 -04:00
Tomas Hozza
f577e323b0 don't hardcode hardening flags, let hardened build macro handles it
Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-03 15:25:13 +02:00
Tomas Hozza
b3131e6051 remove missing unbound-rootkey.service from post/preun/postun sections
Also remove initscript from repo, since it is not needed any more.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
2013-07-03 15:22:48 +02:00
Paul Wouters
113e33794a * Sat Jun 01 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-13
- Run unbound-anchor as user unbound in unbound.service
2013-05-31 23:53:15 -04:00
Paul Wouters
6fff6fa4e6 *bump evr 2013-05-28 18:14:20 -04:00
Paul Wouters
3f230f2522 * fixup unbound.conf and the service file to use root.key, not root.anchor 2013-05-28 18:06:00 -04:00