Changelog |
* Mon Feb 09 2015 Paul Wouters <pwouters@redhat.com> - 1.5.1-1
- Updated to 1.5.1 for CVE-2014-8602 (rhbz#1172067)
- Enable ECDSA (but not GOST)
- ldns is no longer a used by unbound
- Pull in getauxval test for older libc
* Thu Sep 04 2014 Paul Wouters <pwouters@redhat.com> - 1.4.22-1
- Updated to 1.4.22
- Ensure scriptlets return 0 (rhbz#1049227)
* Thu Sep 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.21-1
- Updated to 1.4.21,
- Enabled new max-udp-size: 3072 (so ANY isc.org won't fit)
- Removed patch merged in by upstream
- Enable statistics-cumulative for munin-plugin
- Updated unbound.conf
* Fri Apr 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-2
- Fix for the runuser command in post (rhbz#953337)
- Enable round-robin in unbound.conf (and patch for ntohs)
- Enable minimum-response in unbound.conf
- Switch unbound.conf to use /var/lib/unbound/root.anchor
* Tue Apr 16 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-1
- Updated to 1.4.20
- Build with full RELRO / pie
- link unbound-control-setup.8 manpage to unbound-control.8 (Adam)
- Allow for non-default config location in init script (Ville)
- Use install -p to prevent .rpmnew files that are identical to originals
- Move root.anchor to /var/lib/unbound to make selinux policy easier for
updating (rhbz#896599/rhbz#891008)
- Move cronjob for root.anchor from unbound to unbound-libs, require crontabs
- /etc/unbound (and all) should be owned by unbound-libs (rhbz#909691)
- Ensure any unbound-anchor failure in post is ignored
* Fri Dec 21 2012 Paul Wouters <pwouters@redhat.com> - 1.4.19-1
- Updated to 1.4.19 - this integrates all existing patches
- Patch for unbound-anchor (rhbz#888759)
* Wed Nov 14 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-5
- Patch to allow wildcards in include: statements
- Patch to ensure stub-zone's aren't lost when reconfiguring forwarder
* Sat Nov 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-4
- Patch to allow wildcards in include: statements
- Add directories /etc/unbound/keys.d,conf.d,local.d with
example entries
- Added /etc/unbound/root.anchor, maintained by unbound-anchor
which is installed as monthly cron and called by initscript
(root.key is unused, but left installed in case people depend on it)
- /etc/sysconfig/unbound support
- Run unbound-checkconf in initscript
- Moved trust anchor related files to unbound-libs, as they can
be used without the daemon.
- unbound-anchor moved to unbound-libs package. It is needed
to update the root.anchor key file.
* Thu Sep 06 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-3
- Fix openssl thread locking bug under high query load
* Thu Aug 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-2
- Updated unbound.conf with comments for added options
- Workaround for rhbz#489278
* Thu Aug 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-1
- Updated to 1.4.18
- Removed merged in patch
- Added comment in root.key
- Add proper links to man pages
- Split man pages in proper unbound/unbound-devel package
- Added --disable-ecdsa since it requires ECC which is not available
* Wed Feb 29 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-2
- Since the daemon links to the libs staticly, add Requires:
(this is rhbz#745288)
- Package up streamtcp as unbound-streamtcp (for monitoring)
- Patch r2634 applied to squelch tcp errors per default
* Sat Feb 04 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-1
- Upgraded to 1.4.16, which was relesed due to the soname bug in 1.4.15
- Updated unbound.conf to show how to configure listening on tls443
- Fixes some NSEC3 related DNSSEC validation errors
* Mon Dec 19 2011 Paul Wouters <paul@cypherpunks.ca> - 1.4.14-1
- Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659
- SSL-wrapped query support for dnssec-trigger
- EDNS handling changes
- Removed integrated EDNS patches
- Disabled use-caps-for-id, GoDaddy domains now break on it
- Enabled new harden-below-nxdomain
* Thu Sep 15 2011 Paul Wouters <paul@xelerance.com> - 1.4.13-1
- Upgraded to 1.4.13
- Added root key for DNSSEC
- Removed merged in pythonmod patch
- Added EDNS1480 patch to fix unbound on broken EDNS/UDP networks
- Enabled python module
- No longer enable --enable-debug as it causes degraded performance
under load.
- Updated stock unbound.conf for new options introduced
- Added ghost for /var/run/unbound (bz#656710)
* Wed May 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.4-3
- Applied patch for CVE-2011-1922 DoS vulnerability
* Mon May 31 2010 Paul Wouters <paul@xelerance.com> - 1.4.4-1
- Upgraded to 1.4.4 with svn patches
- Obsolete dnssec-conf to ensure it is de-installed
* Fri Apr 02 2010 Paul Wouters <paul@xelerance.com> - 1.4.3-2
- Updated unbound.conf with new options
- Enabled pre-fetching DNSKEY records (DNSSEC speedup)
- Enabled re-fetching popular records before they expire
- Enabled logging of DNSSEC validation errors
* Fri Apr 02 2010 Paul Wouters <paul@xelerance.com> - 1.4.3-1
- Upgrade to 1.4.3
- Added swig dependancy for python module
- Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues
with pthreads
* Thu Feb 18 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-2
- Removed dependancy for dnssec-conf
- Added ISC DLV key (formerly in dnssec-conf)
- Fixup old DLV locations in unbound.conf file via %post
- Fix parent child disagreement handling and no-ipv6 present [svn r1953]
* Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-2
- Security update to 1.3.4 fixes NSEC3 processing
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.3.3-2
- rebuilt with new openssl
* Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 1.3.3-1
- Updated to 1.3.3
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-2
- Added missing glob patch to cvs
- Place python macros within the %with_python check
* Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-1
- Updated to 1.3.0
- Added unbound-python sub package. disabled for now
- Patch from svn to fix DLV lookups
- Patches from svn to detect wrong truncated response from BIND 9.6.1 with
minimal-responses)
- Added Default-Start and Default-Stop to unbound.init
- Re-enabled --enable-sha2
- Re-enabled glob.patch
* Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-7
- unbound-iterator.patch was not commited
* Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-6
- Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793
* Tue Mar 17 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-5
- Use --nocheck to avoid giving an error on missing unbound-remote certs/keys
* Tue Mar 10 2009 Adam Tkac <atkac redhat com> - 1.2.1-4
- enable DNSSEC only if it is enabled in sysconfig/dnssec
* Mon Mar 09 2009 Adam Tkac <atkac redhat com> - 1.2.1-3
- add DNSSEC support to initscript and enabled it per default
- add requires dnssec-conf
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Tue Feb 10 2009 Paul Wouters <paul@xelerance.com - 1.2.1-1
- updated to 1.2.1
* Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.0-2
- rebuild with new openssl
* Wed Jan 14 2009 Paul Wouters <paul@xelerance.com - 1.2.0-1
- Updated to 1.2.0
- Added dependancy on minimum SSL for CVE-2008-5077
- Added dependancy on bc for unbound-munin
- Added minimum requirement of libevent 1.4.5. Crashes with older versions
(note: libevent is stale in EL-4 and not in EL-5, needs fixing there)
- Removed dependancy on selinux-policy (will get used when available)
- Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt
- Enable unwanted-reply-threshold to mitigate against a Kaminsky attack
- Enable val-clean-additional to drop addition unsigned data from signed
response.
- Removed patches (got merged into upstream)
* Mon Jan 05 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-7
- Modified scandir patch to silently fail when wildcard matches nothing
- Patch to allow unbound-checkconf to find empty wildcard matches
* Mon Jan 05 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-6
- Added scandir patch for trusted-keys-file: option, which
is used to load multiple dnssec keys in bind file format
* Mon Dec 08 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-4
- Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules.
* Mon Dec 01 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-3
- We did not own the /etc/unbound directory (#474020)
- Fixed cvs anomalies
* Fri Nov 28 2008 Adam Tkac <atkac redhat com> - 1.1.1-2
- removed all obsolete chroot related stuff
- label control certs after generation correctly
* Thu Nov 20 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-1
- Updated to unbound 1.1.1 which fixes a crasher and
addresses nlnetlabs bug #219
* Wed Nov 19 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-3
- Remove the chroot, obsoleted by SElinux
- Add additional munin plugin links supported by unbound plugin
- Move configuration directory from /var/lib/unbound to /etc/unbound
- Modified unbound.init and unbound.conf to account for chroot changes
- Updated unbound.conf with new available options
- Enabled dns-0x20 protection per default
* Wed Nov 19 2008 Adam Tkac <atkac redhat com> - 1.1.0-2
- unbound-1.1.0-log_open.patch
- make sure log is opened before chroot call
- tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219
- removed /dev/log and /var/run/unbound and /etc/resolv.conf from
chroot, not needed
- don't mount files in chroot, it causes problems during updates
- fixed typo in default config file
* Fri Nov 14 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-1
- Updated to version 1.1.0
- Updated unbound.conf's statistics options and remote-control
to work properly for munin
- Added unbound-munin package
- Generate unbound remote-control key/certs on first startup
- Required ldns is now 1.4.0
* Wed Oct 22 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-5
- Only call ldconfig in -libs package
- Move configure into build section
- devel subpackage should only depend on libs subpackage
* Tue Oct 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-4
- Fix CFLAGS getting lost in build
- Don't enable interface-automatic:yes because that
causes unbound to listen on 0.0.0.0 instead of 127.0.0.1
* Sun Oct 19 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-3
- Split off unbound-libs, make build verbose
* Thu Oct 09 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-2
- FSB compliance, chroot fixes, initscript fixes
* Thu Sep 11 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-1
- Upgraded to 1.0.2
* Wed Jul 16 2008 Paul Wouters <paul@xelerance.com> - 1.0.1-1
- upgraded to new release
* Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-2
- Build against ldns-1.3.0
* Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-1
- Split of -devel package, fixed dependancies, make rpmlint happy
* Fri Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12
- Using parts from ports collection entry by Jaap Akkerhuis.
- Using Fedoraproject wiki guidelines.
* Wed Apr 23 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.11
- Initial version.
|