Petr Menšík
f52cac55d8
Ensure only unbound group members can make changes
...
unbound-control should allow only privileged users from unbound group to
modify running instance.
; Resolves: CVE-2024-1488
Resolves: RHEL-25501
2024-04-18 17:13:10 +02:00
Tomas Korbar
74bca6df28
Fix KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387
...
Fix Preparing an NSEC3 closest encloser proof can exhaust CPU resources CVE-2023-50868
; Resolves: CVE-2023-50868 CVE-2023-50387
Resolves: RHEL-25671 RHEL-25643
2024-04-18 17:12:43 +02:00
Petr Menšík
ec526e1830
Fix NRDelegation attack leading to uncontrolled resource consumption
...
Resolves: CVE-2022-3204
2022-10-11 18:37:00 +02:00
Petr Menšík
86e7d10031
Require openssl tool for unbound-keygen
...
Resolves: rhbz#2116802
2022-08-09 13:03:05 +02:00
Petr Menšík
865df6a4ea
Update to 0.16.2
...
Resolves: rhbz#2087120 CVE-2022-30698
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-2
2022-08-09 13:03:05 +02:00
Petr Menšík
53ceffb423
Disable ED25519 and ED448 in FIPS mode
...
Those algorithms are not accepted by current FIPS mode. Disable them in
that mode, because they are not allowed. Might change once they are
added.
Resolves: rhbz#2079548
2022-07-08 20:05:09 +02:00
Petr Menšík
d10d20851e
Do not keep keygen running, check certs each time
...
Rely on condition of unbound-keygen service. If it does stop after
generating them, then it will recreate also after restart later. That
might be the case if someone removes these certificates.
(cherry picked from commit 9cab78fef5
)
Resolves: rhbz#2094336
2022-06-15 21:47:57 +02:00
Petr Menšík
b3c3c181b7
Update to 1.16.0
...
Adds basic support for EDE (RFC 8914).
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-0
(cherry picked from commit 2c00b91a49
)
Resolves: rhbz#2087120
2022-06-15 21:47:57 +02:00
Petr Menšík
2dae08f7e8
Update icann bundle, fix spec errors
...
rpmlint detects several errors, fix some detected issues.
(cherry picked from commit e00e1b55bb
)
Related: rhbz#2087120
2022-06-15 21:41:14 +02:00
Petr Menšík
5e9b07ef98
Import few changes to configuration
...
(cherry picked from commit c469ecef15
)
Resolves: rhbz#2087120
2022-06-15 21:41:14 +02:00
Petr Menšík
c5810ec4d9
Update to 1.15.0
...
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-15-0
- Fix #596 : unset the RA bit when a query is blocked by an unbound RPZ nxdomain reply.
The option rpz-signal-nxdomain-ra allows to signal that a domain is externally
blocked to clients when it is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is authoritatively answered
for, so the RPZ zone contents can be checked with DNS queries directed at the RPZ zone.
- Merge PR #616 : Update ratelimit logic. It also introduces ratelimit-backoff and
ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.
(cherry picked from commit 84e89add4a
)
Resolves: rhbz#2087120
2022-06-15 21:41:07 +02:00
Paul Wouters
faddb7371b
- Resolves: rhbz#1992985 unbound-1.13.2 is available
...
- Use system-wide crypto policies
(cherry picked from commit 0ce96eb790
)
Resolves: rhbz#2087120
2022-06-15 21:40:55 +02:00
Petr Menšík
40564c63f1
Export unbound-devel to CRB repository
...
Just make build and request moving to CRB.
Resolves: rhbz#2056116
2022-05-02 12:49:00 +02:00
Petr Menšík
68c0b5ca67
Stop creating wrong devel manual pages
...
Devel manual pages install correct manual pages with 3.gz suffix. But
there are also additional links just with .gz suffix. They are created
only in spec file. I think they were needed before unbound contained
proper installation of manuals for development. It is missing .3 suffix.
But it is not necessary anymore, because such recipe already exists in
upstream Makefile.in.
Resolves: rhbz#2071943
2022-04-26 17:48:18 +02:00
Petr Menšík
00a583016d
Disable altogether SHA-1 support
...
Crypto policy DEFAULT and FIPS would never pass on any name signed by
RSASHA1 or under such zone. Make all those signatures insecure
regardless on policy. It would make it insecure even in cases where it
were not mandatory, but would not fail with SERVFAIL in any
crypto-policy setting.
Resolves: rhbz#2070495
2022-03-31 15:00:40 +02:00
Artem Egorenkov
7f41dcdd3a
Fixed error in the patch
...
Resolves: rhbz#1977401
2022-02-11 16:17:18 +01:00
Artem Egorenkov
8f06fba292
regional_alloc() failure handled
...
Resolves: rhbz#1977401
2022-02-10 13:46:19 +01:00
Artem Egorenkov
0cf2f91dfc
RESOURCE_LEAK fixed
...
Resolves: rhbz#1977400
2022-02-10 13:06:56 +01:00
Artem Egorenkov
25418ea245
Don't use delted OpenSSL macroses
...
Resolves: rhbz#1991005
2021-08-10 16:04:56 +02:00
Mohan Boddu
075aa2307f
Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
...
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-10 01:11:40 +00:00
Mohan Boddu
04bdb829f4
Rebuilt for RHEL 9 BETA for openssl 3.0
...
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-06-16 03:41:18 +00:00
Artem Egorenkov
8662668ac0
Changelog date fixed
...
Rebuild for new gating.yaml
Resolves: rhbz#1951923
2021-06-08 16:25:41 +02:00
Artem Egorenkov
16eb7c7510
gating.yaml added
2021-05-31 15:50:22 +02:00
Artem Egorenkov
a3d2774739
Option --enable-linux-ip-local-port-range added to use system configured port range for libunbound on Linux
...
Resolves: rhbz#1952814
2021-04-26 13:40:42 +02:00
Artem Egorenkov
ed7d536b9a
version bump
...
Resolves: rhbz#1951923
2021-04-21 15:20:11 +02:00
Artem Egorenkov
a0b3ac07c7
DISABLE_UNBOUND_ANCHOR == "yes" disable unbound-anchor on unbound.service startup
...
Resolves: rhbz#1951923
2021-04-21 15:12:12 +02:00
Mohan Boddu
1a6da12416
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
...
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 06:00:52 +00:00
DistroBaker
218baa837d
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/unbound.git#cf0e47e9b70b8c471b740bc51ede0a1ee2bfa0a6
2021-02-11 16:57:05 +00:00
DistroBaker
fe0201bcb3
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/unbound.git#4bc5d3058200e4f213d460ef1a520d1970ccd110
2021-02-04 21:40:37 +00:00
DistroBaker
5906c5f0ec
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/unbound.git#b29f943a4c335573eadbb8511cc76b34bd450b18
2020-12-11 12:02:37 +01:00
DistroBaker
087959bbbc
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/unbound.git#b29f943a4c335573eadbb8511cc76b34bd450b18
2020-12-10 01:48:09 +01:00
Troy Dawson
0ddc5a48dd
RHEL 9.0.0 Alpha bootstrap
...
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/unbound#9bf72f2b9791186ed8cf9807178e945819d4f589
2020-10-15 13:12:18 -07:00
Release Configuration Management
95c5b29b92
New branch setup
2020-10-09 05:09:58 +00:00