|
|
|
|
Changelog for unbound-libs-1.4.20-29.el6_10.1.i686.rpm :
Tue Jun 9 14:00:00 2020 Anna Khaitovich - 1.4.20-29.1 - Fix segfault in unbound-1.4.20-amplifying-an-incoming-query.patch - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663)
Wed Jun 3 14:00:00 2020 Anna Khaitovich - 1.4.20-28.1 - Fix unbound-1.4.20-amplifying-an-incoming-query.patch patch so it won\'t produce compiler warnings - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663)
Sun May 31 14:00:00 2020 Anna Khaitovich - 1.4.20-27.1 - Fix amplifying an incoming query into a large number of queries directed to a target - Resolves: rhbz#1839171 (CVE-2020-12662), rhbz#1840257 (CVE-2020-12663)
Tue Dec 18 13:00:00 2018 Martin Osvald - 1.4.20-26.1 - Resolves: #1655929 - Unbound crashed when running \"unbound-control log_reopen\"
Tue Jun 13 14:00:00 2017 Petr Menšík - 1.4.20-26 - Fix periodic updates of root.key
Fri Jun 2 14:00:00 2017 Petr Menšík - 1.4.20-25 - Fix typo in post script
Wed May 24 14:00:00 2017 Petr Menšík - 1.4.20-24 - Update trust anchors (#1452638) - Update managed keys from trigger
Thu Jan 7 13:00:00 2016 Tomas Hozza - 1.4.20-23.3 - Fixed 2 errors found by Static analysis of code (#1296229)
Fri Dec 11 13:00:00 2015 Tomas Hozza - 1.4.20-23.2 - bumping release to rebuild the package for Base RHEL (#1284964)
Thu Aug 13 14:00:00 2015 Tomas Hozza - 1.4.20-23.1 - port the rhel-7 package version to rhel-6 - add fix for CVE-2014-8602
Tue May 26 14:00:00 2015 Tomas Hozza - 1.4.20-23 - Removed usage of DLV from the default configuration (#1223339)
Wed May 13 14:00:00 2015 Tomas Hozza - 1.4.20-22 - unbound.service now Wants unbound-anchor.timer (Related: #1180267)
Tue May 12 14:00:00 2015 Tomas Hozza - 1.4.20-21 - Fix dependencies and minor scriptlet issues due to systemd timer unit (Related: #1180267)
Mon Apr 27 14:00:00 2015 Tomas Hozza - 1.4.20-20 - Install tmpfiles configuration into /usr/lib/tmpfiles.d (#1180995) - Fix root key management to comply to RFC5011 (#1180267)
Fri Jan 24 13:00:00 2014 Daniel Mach - 1.4.20-19 - Mass rebuild 2014-01-24
Fri Dec 27 13:00:00 2013 Daniel Mach - 1.4.20-18 - Mass rebuild 2013-12-27
Wed Sep 4 14:00:00 2013 Tomas Hozza - 1.4.20-17 - Don\'t build unbound-munin package (#1002874)
Mon Aug 26 14:00:00 2013 Tomas Hozza - 1.4.20-16 - Fix errors found by static analysis of source
Mon Jul 22 14:00:00 2013 Tomas Hozza - 1.4.20-15 - provide man page for unbound-streamtcp
Wed Jul 3 14:00:00 2013 Tomas Hozza - 1.4.20-14 - remove missing unbound-rootkey.service from post/preun/postun sections - don\'t hardcode hardening flags, let hardened build macro handles it
Sat Jun 1 14:00:00 2013 Paul Wouters - 1.4.20-13 - Run unbound-anchor as user unbound in unbound.service
Tue May 28 14:00:00 2013 Paul Wouters - 1.4.20-12 - Enable round-robin (with noths() patch) - Change cron and systemd service to use root.key, not root.anchor
Sat May 25 14:00:00 2013 Paul Wouters - 1.4.20-10 - Use /var/lib/unbound/root.key (more consistent with other distros) - Enable minimal responses
Mon Apr 22 14:00:00 2013 Paul Wouters - 1.4.20-8 - Refix
Fri Apr 19 14:00:00 2013 Paul Wouters - 1.4.20-7 - Fix runuser call in post.
Tue Apr 16 14:00:00 2013 Paul Wouters - 1.4.20-6 - /var/lib/unbound should be owned by unbound. group write is not enough
Fri Apr 12 14:00:00 2013 Paul Wouters - 1.4.20-5 - Fix cron job syntax (rhbz#951725) - Use install -p to prevent .rpmnew files that are identical to originals
Mon Apr 8 14:00:00 2013 Paul Wouters - 1.4.20-4 - Updated to 1.4.20 - Build with full RELRO (not use -z,relro but with -z,relo,-z,now) - Fixup man page for unbound-control-setup - unbound.service should start before nss-lookup.target (rhbz#919955) - Removed patch for rhbz#888759 merged in upstream - Move root.anchor to /var/lib/unbound to make selinux policy easier for updating (rhbz#896599/rhbz#891008) - Move cronjob for root.anchor from unbound to unbound-libs, require crontabs - /etc/unbound (and all) should be owned by unbound-libs (rhbz#909691) - Remove Obsolete/Provides for dnssec-conf which was last seen in f13 - Ensure any unbound-anchor failure in post is ignored
Tue Mar 5 13:00:00 2013 Adam Tkac - 1.4.19-5 - build with full RELRO - symlink unbound-control-setup.8 manpage to unbound-control.8
Fri Feb 15 13:00:00 2013 Fedora Release Engineering - 1.4.19-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
Wed Dec 12 13:00:00 2012 Paul Wouters - 1.4.19-3 - Updated to 1.4.19 - this integrates all existing patches - Patch for unbound-anchor (rhbz#888759)
Fri Nov 9 13:00:00 2012 Paul Wouters - 1.4.18-6 - Patch to ensure stube-zone\'s aren\'t lost when using dnssec-triggerd - added unbound-munin.README file
Wed Sep 26 14:00:00 2012 Paul Wouters - 1.4.18-5 - Patch to allow wildcards in include: statements - Add directories /etc/unbound/keys.d,conf.d,local.d with example entries - Added /etc/unbound/root.anchor, maintained by unbound-anchor which is installed as monthly cron and PreExec in systemd config (root.key is unused, but left installed in case people depend on it) - Native systemd (simple) and /etc/sysconfig/unbound support - Run unbound-checkconf in PreExec - Moved trust anchor related files to unbound-libs, as they can be used without the daemon. - sub packages now depends on base package of same arch - Build munin package as noarch - unbound-anchor moved to unbound-libs package. It is needed to update the root.anchor key file.
Tue Sep 4 14:00:00 2012 Paul Wouters - 1.4.18-3 - Fix openssl thread locking bug under high query load
Thu Aug 23 14:00:00 2012 Paul Wouters - 1.4.18-2 - Use new systemd-rpm macros (rhbz#850351) - Clean up old obsoleted dnssec-conf from < fedora 15
Fri Aug 3 14:00:00 2012 Paul Wouters - 1.4.18-1 - Updated to 1.4.18 (FIPS related fixes mostly) - Removed patches that were merged in upstream - Added comment to root.key
Mon Jul 23 14:00:00 2012 Paul Wouters - 1.4.17-5 - Fix for unbound crasher (upstream bug #452) - Support libunbound functions in man pages and place in -devel
Sun Jul 22 14:00:00 2012 Fedora Release Engineering - 1.4.17-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
Tue Jul 3 14:00:00 2012 Paul Wouters - 1.4.17-3 - unbound FIPS patches for MD5,randomness (rhbz#835106)
Fri Jun 15 14:00:00 2012 Adam Tkac - 1.4.17-2 - don\'t build unbound-munin on RHEL
Thu May 24 14:00:00 2012 Paul Wouters - 1.4.17-1 - Updated to 1.4.17 (which mostly brings in patches we already applied from svn trunk)
Wed Feb 29 13:00:00 2012 Paul Wouters - 1.4.16-3 - Since the daemon links to the libs staticly, add Requires: (this is rhbz#745288) - Package up streamtcp as unbound-streamtcp (for monitoring)
Mon Feb 27 13:00:00 2012 Paul Wouters - 1.4.16-2 - Don\'t ghost the directory (rhbz#788805) - Patch for unbound to support unbound-control forward_zone (needed for openswan in XAUTH mode)
Thu Feb 2 13:00:00 2012 Paul Wouters - 1.4.16-1 - Upgraded to 1.4.16, which was relesed due to the soname and some DNSSEC validation failures
Wed Feb 1 13:00:00 2012 Paul Wouters - 1.4.15-2 - Patch for SONAME version (libtool\'s -version-number vs -version-info)
Fri Jan 27 13:00:00 2012 Paul Wouters - 1.4.15-1 - Upgraded to 1.4.15 - Updated unbound.conf to show how to configure listening on tls443
Sat Jan 14 13:00:00 2012 Fedora Release Engineering - 1.4.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
Mon Dec 19 13:00:00 2011 Paul Wouters - 1.4.14-1 - Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659 - SSL-wrapped query support for dnssec-trigger - EDNS handling changes - Removed integrated EDNS patches - Disabled use-caps-for-id, GoDaddy domains now break on it - Enabled new harden-below-nxdomain
Thu Sep 15 14:00:00 2011 Paul Wouters - 1.4.13-1 - Upgraded to 1.4.13 - Removed merged in pythonmod patch - Added EDNS1480 patch to fix unbound on broken EDNS/UDP networks - Fix python to go into sitearch instead of sitelib
Wed Sep 14 14:00:00 2011 Tom Callaway - 1.4.12-4 - convert to systemd, tmpfiles.d
Mon Aug 8 14:00:00 2011 Paul Wouters - 1.4.12-3 - Added pythonmod docs and examples
Mon Aug 8 14:00:00 2011 Paul Wouters - 1.4.12-2 - Fix for python module load in the server (Tom Hendrikx) - No longer enable --enable-debug as it causes degraded performance under load.
Mon Jul 18 14:00:00 2011 Paul Wouters - 1.4.12-1 - Updated to 1.4.12
Sun Jul 3 14:00:00 2011 Paul Wouters - 1.4.11-1 - Updated to 1.4.11 - removed integrated CVE patch - updated stock unbound.conf for new options introduced
Mon Jun 6 14:00:00 2011 Paul Wouters - 1.4.10-1 - Added ghost for /var/run/unbound (bz#656710)
Mon Jun 6 14:00:00 2011 Paul Wouters - 1.4.9-3 - rebuilt
Wed May 25 14:00:00 2011 Paul Wouters - 1.4.9-2 - Applied patch for CVE-2011-1922 DoS vulnerability
Sun Mar 27 14:00:00 2011 Paul Wouters - 1.4.9-1 - Updated to 1.4.9
Sat Feb 12 13:00:00 2011 Paul Wouters - 1.4.8-2 - rebuilt
Tue Jan 25 13:00:00 2011 Paul Wouters - 1.4.8-1 - Updated to 1.4.8 - Enable root key for DNSSEC - Fix unbound-munin to use proper file (could cause excessive logging) - Build unbound-python per default - Disable gost as Fedora/EPEL does not allow ECC and has mangled openssl
Tue Oct 26 14:00:00 2010 Paul Wouters - 1.4.5-4 - Revert last build - it was on the wrong branch
Tue Oct 26 14:00:00 2010 Paul Wouters - 1.4.5-3 - Disable do-ipv6 per default - causes severe degradation on non-ipv6 machines (see comments in inbound.conf)
Tue Jun 15 14:00:00 2010 Paul Wouters - 1.4.5-2 - Bump release - forgot to upload the new tar ball.
Tue Jun 15 14:00:00 2010 Paul Wouters - 1.4.5-1 - Upgraded to 1.4.5
Mon May 31 14:00:00 2010 Paul Wouters - 1.4.4-2 - Added accidentally omitted svn patches to cvs
Mon May 31 14:00:00 2010 Paul Wouters - 1.4.4-1 - Upgraded to 1.4.4 with svn patches - Obsolete dnssec-conf to ensure it is de-installed
Thu Mar 11 13:00:00 2010 Paul Wouters - 1.4.3-1 - Update to 1.4.3 that fixes 64bit crasher
Tue Mar 9 13:00:00 2010 Paul Wouters - 1.4.2-1 - Updated to 1.4.2 - Updated unbound.conf with new options - Enabled pre-fetching DNSKEY records (DNSSEC speedup) - Enabled re-fetching popular records before they expire - Enabled logging of DNSSEC validation errors
Mon Mar 1 13:00:00 2010 Paul Wouters - 1.4.1-5 - Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues with pthreads
Wed Feb 24 13:00:00 2010 Paul Wouters - 1.4.1-3 - Change make/configure lines to attempt to fix -lphtread linking issue
Thu Feb 18 13:00:00 2010 Paul Wouters - 1.4.1-2 - Removed dependancy for dnssec-conf - Added ISC DLV key (formerly in dnssec-conf) - Fixup old DLV locations in unbound.conf file via %post - Fix parent child disagreement handling and no-ipv6 present [svn r1953]
Tue Jan 5 13:00:00 2010 Paul Wouters - 1.4.1-1 - Updated to 1.4.1 - Changed %define to %global
Thu Oct 8 14:00:00 2009 Paul Wouters - 1.3.4-2 - Bump version
Thu Oct 8 14:00:00 2009 Paul Wouters - 1.3.4-1 - Upgraded to 1.3.4. Security fix with validating NSEC3 records
Fri Aug 21 14:00:00 2009 Tomas Mraz - 1.3.3-2 - rebuilt with new openssl
Mon Aug 17 14:00:00 2009 Paul Wouters - 1.3.3-1 - Updated to 1.3.3
Sun Jul 26 14:00:00 2009 Fedora Release Engineering - 1.3.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
Sat Jun 20 14:00:00 2009 Paul Wouters - 1.3.0-2 - Added missing glob patch to cvs - Place python macros within the %with_python check
Sat Jun 20 14:00:00 2009 Paul Wouters - 1.3.0-1 - Updated to 1.3.0 - Added unbound-python sub package. disabled for now - Patch from svn to fix DLV lookups - Patches from svn to detect wrong truncated response from BIND 9.6.1 with minimal-responses) - Added Default-Start and Default-Stop to unbound.init - Re-enabled --enable-sha2 - Re-enabled glob.patch
Wed May 20 14:00:00 2009 Paul Wouters - 1.2.1-7 - unbound-iterator.patch was not commited
Wed May 20 14:00:00 2009 Paul Wouters - 1.2.1-6 - Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793
Tue Mar 17 13:00:00 2009 Paul Wouters - 1.2.1-5 - Use --nocheck to avoid giving an error on missing unbound-remote certs/keys
Tue Mar 10 13:00:00 2009 Adam Tkac - 1.2.1-4 - enable DNSSEC only if it is enabled in sysconfig/dnssec
Mon Mar 9 13:00:00 2009 Adam Tkac - 1.2.1-3 - add DNSSEC support to initscript and enabled it per default - add requires dnssec-conf
Wed Feb 25 13:00:00 2009 Fedora Release Engineering - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
Tue Feb 10 13:00:00 2009 Paul Wouters - updated to 1.2.1
Sun Jan 18 13:00:00 2009 Tomas Mraz - 1.2.0-2 - rebuild with new openssl
Wed Jan 14 13:00:00 2009 Paul Wouters - Updated to 1.2.0 - Added dependancy on minimum SSL for CVE-2008-5077 - Added dependancy on bc for unbound-munin - Added minimum requirement of libevent 1.4.5. Crashes with older versions (note: libevent is stale in EL-4 and not in EL-5, needs fixing there) - Removed dependancy on selinux-policy (will get used when available) - Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt - Enable unwanted-reply-threshold to mitigate against a Kaminsky attack - Enable val-clean-additional to drop addition unsigned data from signed response. - Removed patches (got merged into upstream)
Mon Jan 5 13:00:00 2009 Paul Wouters - 1.1.1-7 - Modified scandir patch to silently fail when wildcard matches nothing - Patch to allow unbound-checkconf to find empty wildcard matches
Mon Jan 5 13:00:00 2009 Paul Wouters - 1.1.1-6 - Added scandir patch for trusted-keys-file: option, which is used to load multiple dnssec keys in bind file format
Mon Dec 8 13:00:00 2008 Paul Wouters - 1.1.1-4 - Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules.
Mon Dec 1 13:00:00 2008 Paul Wouters - 1.1.1-3 - We did not own the /etc/unbound directory (#474020) - Fixed cvs anomalies
Fri Nov 28 13:00:00 2008 Adam Tkac - 1.1.1-2 - removed all obsolete chroot related stuff - label control certs after generation correctly
Thu Nov 20 13:00:00 2008 Paul Wouters - 1.1.1-1 - Updated to unbound 1.1.1 which fixes a crasher and addresses nlnetlabs bug #219
Wed Nov 19 13:00:00 2008 Paul Wouters - 1.1.0-3 - Remove the chroot, obsoleted by SElinux - Add additional munin plugin links supported by unbound plugin - Move configuration directory from /var/lib/unbound to /etc/unbound - Modified unbound.init and unbound.conf to account for chroot changes - Updated unbound.conf with new available options - Enabled dns-0x20 protection per default
Wed Nov 19 13:00:00 2008 Adam Tkac - 1.1.0-2 - unbound-1.1.0-log_open.patch - make sure log is opened before chroot call - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219 - removed /dev/log and /var/run/unbound and /etc/resolv.conf from chroot, not needed - don\'t mount files in chroot, it causes problems during updates - fixed typo in default config file
Fri Nov 14 13:00:00 2008 Paul Wouters - 1.1.0-1 - Updated to version 1.1.0 - Updated unbound.conf\'s statistics options and remote-control to work properly for munin - Added unbound-munin package - Generate unbound remote-control key/certs on first startup - Required ldns is now 1.4.0
Wed Oct 22 14:00:00 2008 Paul Wouters - 1.0.2-5 - Only call ldconfig in -libs package - Move configure into build section - devel subpackage should only depend on libs subpackage
Tue Oct 21 14:00:00 2008 Paul Wouters - 1.0.2-4 - Fix CFLAGS getting lost in build - Don\'t enable interface-automatic:yes because that causes unbound to listen on 0.0.0.0 instead of 127.0.0.1
Sun Oct 19 14:00:00 2008 Paul Wouters - 1.0.2-3 - Split off unbound-libs, make build verbose
Thu Oct 9 14:00:00 2008 Paul Wouters - 1.0.2-2 - FSB compliance, chroot fixes, initscript fixes
Thu Sep 11 14:00:00 2008 Paul Wouters - 1.0.2-1 - Upgraded to 1.0.2
Wed Jul 16 14:00:00 2008 Paul Wouters - 1.0.1-1 - upgraded to new release
Wed May 21 14:00:00 2008 Paul Wouters - 1.0.0-2 - Build against ldns-1.3.0
Wed May 21 14:00:00 2008 Paul Wouters - 1.0.0-1 - Split of -devel package, fixed dependancies, make rpmlint happy
Fri Apr 25 14:00:00 2008 Wouter Wijngaards - 0.12 - Using parts from ports collection entry by Jaap Akkerhuis. - Using Fedoraproject wiki guidelines.
Wed Apr 23 14:00:00 2008 Wouter Wijngaards - 0.11 - Initial version.
|
|
|