Sat, 16 Oct 2021 07:01:26 CEST | login

Information for build unbound-1.4.20-26.el7

ID625
Package Nameunbound
Version1.4.20
Release26.el7
Epoch
SummaryValidating, recursive, and caching DNS(SEC) resolver
DescriptionUnbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible.
Built bykojiadmin
State complete
Volume DEFAULT
StartedWed, 30 Jan 2019 20:42:00 CET
CompletedWed, 30 Jan 2019 20:42:00 CET
Tags
built-by-centos
centos-7.2
v7.6-base
v7.99-base
RPMs
src
unbound-1.4.20-26.el7.src.rpm (info) (download)
x86_64
unbound-1.4.20-26.el7.x86_64.rpm (info) (download)
unbound-devel-1.4.20-26.el7.x86_64.rpm (info) (download)
unbound-libs-1.4.20-26.el7.x86_64.rpm (info) (download)
unbound-python-1.4.20-26.el7.x86_64.rpm (info) (download)
Changelog * Tue Sep 22 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-26 - Added Conficts on redhat-release packages without unbound-anchor.timer in presets (Related #1215645) * Tue Sep 15 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-25 - Resolve ordering loop with nss-lookup.target and ntpdate (#1259806) * Wed Aug 19 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-24 - Fix CVE-2014-8602 (#1253961) * Tue May 26 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-23 - Removed usage of DLV from the default configuration (#1223339) * Wed May 13 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-22 - unbound.service now Wants unbound-anchor.timer (Related: #1180267) * Tue May 12 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-21 - Fix dependencies and minor scriptlet issues due to systemd timer unit (Related: #1180267) * Mon Apr 27 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-20 - Install tmpfiles configuration into /usr/lib/tmpfiles.d (#1180995) - Fix root key management to comply to RFC5011 (#1180267) * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.4.20-19 - Mass rebuild 2014-01-24 * Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.4.20-18 - Mass rebuild 2013-12-27 * Wed Sep 04 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-17 - Don't build unbound-munin package (#1002874) * Mon Aug 26 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-16 - Fix errors found by static analysis of source * Mon Jul 22 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-15 - provide man page for unbound-streamtcp * Wed Jul 03 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-14 - remove missing unbound-rootkey.service from post/preun/postun sections - don't hardcode hardening flags, let hardened build macro handles it * Sat Jun 01 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-13 - Run unbound-anchor as user unbound in unbound.service * Tue May 28 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-12 - Enable round-robin (with noths() patch) - Change cron and systemd service to use root.key, not root.anchor * Sat May 25 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-10 - Use /var/lib/unbound/root.key (more consistent with other distros) - Enable minimal responses * Mon Apr 22 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-8 - Refix * Fri Apr 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-7 - Fix runuser call in post. * Tue Apr 16 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-6 - /var/lib/unbound should be owned by unbound. group write is not enough * Fri Apr 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-5 - Fix cron job syntax (rhbz#951725) - Use install -p to prevent .rpmnew files that are identical to originals * Mon Apr 08 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-4 - Updated to 1.4.20 - Build with full RELRO (not use -z,relro but with -z,relo,-z,now) - Fixup man page for unbound-control-setup - unbound.service should start before nss-lookup.target (rhbz#919955) - Removed patch for rhbz#888759 merged in upstream - Move root.anchor to /var/lib/unbound to make selinux policy easier for updating (rhbz#896599/rhbz#891008) - Move cronjob for root.anchor from unbound to unbound-libs, require crontabs - /etc/unbound (and all) should be owned by unbound-libs (rhbz#909691) - Remove Obsolete/Provides for dnssec-conf which was last seen in f13 - Ensure any unbound-anchor failure in post is ignored * Tue Mar 05 2013 Adam Tkac <atkac redhat com> - 1.4.19-5 - build with full RELRO - symlink unbound-control-setup.8 manpage to unbound-control.8 * Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.19-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Dec 12 2012 Paul Wouters <pwouters@redhat.com> - 1.4.19-3 - Updated to 1.4.19 - this integrates all existing patches - Patch for unbound-anchor (rhbz#888759) * Fri Nov 09 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-6 - Patch to ensure stube-zone's aren't lost when using dnssec-triggerd - added unbound-munin.README file * Wed Sep 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-5 - Patch to allow wildcards in include: statements - Add directories /etc/unbound/keys.d,conf.d,local.d with example entries - Added /etc/unbound/root.anchor, maintained by unbound-anchor which is installed as monthly cron and PreExec in systemd config (root.key is unused, but left installed in case people depend on it) - Native systemd (simple) and /etc/sysconfig/unbound support - Run unbound-checkconf in PreExec - Moved trust anchor related files to unbound-libs, as they can be used without the daemon. - sub packages now depends on base package of same arch - Build munin package as noarch - unbound-anchor moved to unbound-libs package. It is needed to update the root.anchor key file. * Tue Sep 04 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-3 - Fix openssl thread locking bug under high query load * Thu Aug 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-2 - Use new systemd-rpm macros (rhbz#850351) - Clean up old obsoleted dnssec-conf from < fedora 15 * Fri Aug 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-1 - Updated to 1.4.18 (FIPS related fixes mostly) - Removed patches that were merged in upstream - Added comment to root.key * Mon Jul 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-5 - Fix for unbound crasher (upstream bug #452) - Support libunbound functions in man pages and place in -devel * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.17-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Tue Jul 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-3 - unbound FIPS patches for MD5,randomness (rhbz#835106) * Fri Jun 15 2012 Adam Tkac <atkac redhat com> - 1.4.17-2 - don't build unbound-munin on RHEL * Thu May 24 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-1 - Updated to 1.4.17 (which mostly brings in patches we already applied from svn trunk) * Wed Feb 29 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-3 - Since the daemon links to the libs staticly, add Requires: (this is rhbz#745288) - Package up streamtcp as unbound-streamtcp (for monitoring) * Mon Feb 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-2 - Don't ghost the directory (rhbz#788805) - Patch for unbound to support unbound-control forward_zone (needed for openswan in XAUTH mode) * Thu Feb 02 2012 Paul Wouters <paul@nohats.ca> - 1.4.16-1 - Upgraded to 1.4.16, which was relesed due to the soname and some DNSSEC validation failures * Wed Feb 01 2012 Paul Wouters <paul@nohats.ca> - 1.4.15-2 - Patch for SONAME version (libtool's -version-number vs -version-info) * Fri Jan 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.15-1 - Upgraded to 1.4.15 - Updated unbound.conf to show how to configure listening on tls443 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.14-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Dec 19 2011 Paul Wouters <paul@cypherpunks.ca> - 1.4.14-1 - Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659 - SSL-wrapped query support for dnssec-trigger - EDNS handling changes - Removed integrated EDNS patches - Disabled use-caps-for-id, GoDaddy domains now break on it - Enabled new harden-below-nxdomain * Thu Sep 15 2011 Paul Wouters <paul@xelerance.com> - 1.4.13-1 - Upgraded to 1.4.13 - Removed merged in pythonmod patch - Added EDNS1480 patch to fix unbound on broken EDNS/UDP networks - Fix python to go into sitearch instead of sitelib * Wed Sep 14 2011 Tom Callaway <spot@fedoraproject.org> - 1.4.12-4 - convert to systemd, tmpfiles.d * Mon Aug 08 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-3 - Added pythonmod docs and examples * Mon Aug 08 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-2 - Fix for python module load in the server (Tom Hendrikx) - No longer enable --enable-debug as it causes degraded performance under load. * Mon Jul 18 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-1 - Updated to 1.4.12 * Sun Jul 03 2011 Paul Wouters <paul@xelerance.com> - 1.4.11-1 - Updated to 1.4.11 - removed integrated CVE patch - updated stock unbound.conf for new options introduced * Mon Jun 06 2011 Paul Wouters <paul@xelerance.com> - 1.4.10-1 - Added ghost for /var/run/unbound (bz#656710) * Mon Jun 06 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-3 - rebuilt * Wed May 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-2 - Applied patch for CVE-2011-1922 DoS vulnerability * Sun Mar 27 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-1 - Updated to 1.4.9 * Sat Feb 12 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-2 - rebuilt * Tue Jan 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-1 - Updated to 1.4.8 - Enable root key for DNSSEC - Fix unbound-munin to use proper file (could cause excessive logging) - Build unbound-python per default - Disable gost as Fedora/EPEL does not allow ECC and has mangled openssl * Tue Oct 26 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-4 - Revert last build - it was on the wrong branch * Tue Oct 26 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-3 - Disable do-ipv6 per default - causes severe degradation on non-ipv6 machines (see comments in inbound.conf) * Tue Jun 15 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-2 - Bump release - forgot to upload the new tar ball. * Tue Jun 15 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-1 - Upgraded to 1.4.5 * Mon May 31 2010 Paul Wouters <paul@xelerance.com> - 1.4.4-2 - Added accidentally omitted svn patches to cvs * Mon May 31 2010 Paul Wouters <paul@xelerance.com> - 1.4.4-1 - Upgraded to 1.4.4 with svn patches - Obsolete dnssec-conf to ensure it is de-installed * Thu Mar 11 2010 Paul Wouters <paul@xelerance.com> - 1.4.3-1 - Update to 1.4.3 that fixes 64bit crasher * Tue Mar 09 2010 Paul Wouters <paul@xelerance.com> - 1.4.2-1 - Updated to 1.4.2 - Updated unbound.conf with new options - Enabled pre-fetching DNSKEY records (DNSSEC speedup) - Enabled re-fetching popular records before they expire - Enabled logging of DNSSEC validation errors * Mon Mar 01 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-5 - Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues with pthreads * Wed Feb 24 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-3 - Change make/configure lines to attempt to fix -lphtread linking issue * Thu Feb 18 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-2 - Removed dependancy for dnssec-conf - Added ISC DLV key (formerly in dnssec-conf) - Fixup old DLV locations in unbound.conf file via %post - Fix parent child disagreement handling and no-ipv6 present [svn r1953] * Tue Jan 05 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-1 - Updated to 1.4.1 - Changed %define to %global * Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-2 - Bump version * Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-1 - Upgraded to 1.3.4. Security fix with validating NSEC3 records * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.3.3-2 - rebuilt with new openssl * Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 1.3.3-1 - Updated to 1.3.3 * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-2 - Added missing glob patch to cvs - Place python macros within the %with_python check * Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-1 - Updated to 1.3.0 - Added unbound-python sub package. disabled for now - Patch from svn to fix DLV lookups - Patches from svn to detect wrong truncated response from BIND 9.6.1 with minimal-responses) - Added Default-Start and Default-Stop to unbound.init - Re-enabled --enable-sha2 - Re-enabled glob.patch * Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-7 - unbound-iterator.patch was not commited * Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-6 - Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793 * Tue Mar 17 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-5 - Use --nocheck to avoid giving an error on missing unbound-remote certs/keys * Tue Mar 10 2009 Adam Tkac <atkac redhat com> - 1.2.1-4 - enable DNSSEC only if it is enabled in sysconfig/dnssec * Mon Mar 09 2009 Adam Tkac <atkac redhat com> - 1.2.1-3 - add DNSSEC support to initscript and enabled it per default - add requires dnssec-conf * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Tue Feb 10 2009 Paul Wouters <paul@xelerance.com - 1.2.1-1 - updated to 1.2.1 * Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.0-2 - rebuild with new openssl * Wed Jan 14 2009 Paul Wouters <paul@xelerance.com - 1.2.0-1 - Updated to 1.2.0 - Added dependancy on minimum SSL for CVE-2008-5077 - Added dependancy on bc for unbound-munin - Added minimum requirement of libevent 1.4.5. Crashes with older versions (note: libevent is stale in EL-4 and not in EL-5, needs fixing there) - Removed dependancy on selinux-policy (will get used when available) - Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt - Enable unwanted-reply-threshold to mitigate against a Kaminsky attack - Enable val-clean-additional to drop addition unsigned data from signed response. - Removed patches (got merged into upstream) * Mon Jan 05 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-7 - Modified scandir patch to silently fail when wildcard matches nothing - Patch to allow unbound-checkconf to find empty wildcard matches * Mon Jan 05 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-6 - Added scandir patch for trusted-keys-file: option, which is used to load multiple dnssec keys in bind file format * Mon Dec 08 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-4 - Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules. * Mon Dec 01 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-3 - We did not own the /etc/unbound directory (#474020) - Fixed cvs anomalies * Fri Nov 28 2008 Adam Tkac <atkac redhat com> - 1.1.1-2 - removed all obsolete chroot related stuff - label control certs after generation correctly * Thu Nov 20 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-1 - Updated to unbound 1.1.1 which fixes a crasher and addresses nlnetlabs bug #219 * Wed Nov 19 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-3 - Remove the chroot, obsoleted by SElinux - Add additional munin plugin links supported by unbound plugin - Move configuration directory from /var/lib/unbound to /etc/unbound - Modified unbound.init and unbound.conf to account for chroot changes - Updated unbound.conf with new available options - Enabled dns-0x20 protection per default * Wed Nov 19 2008 Adam Tkac <atkac redhat com> - 1.1.0-2 - unbound-1.1.0-log_open.patch - make sure log is opened before chroot call - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219 - removed /dev/log and /var/run/unbound and /etc/resolv.conf from chroot, not needed - don't mount files in chroot, it causes problems during updates - fixed typo in default config file * Fri Nov 14 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-1 - Updated to version 1.1.0 - Updated unbound.conf's statistics options and remote-control to work properly for munin - Added unbound-munin package - Generate unbound remote-control key/certs on first startup - Required ldns is now 1.4.0 * Wed Oct 22 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-5 - Only call ldconfig in -libs package - Move configure into build section - devel subpackage should only depend on libs subpackage * Tue Oct 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-4 - Fix CFLAGS getting lost in build - Don't enable interface-automatic:yes because that causes unbound to listen on 0.0.0.0 instead of 127.0.0.1 * Sun Oct 19 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-3 - Split off unbound-libs, make build verbose * Thu Oct 09 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-2 - FSB compliance, chroot fixes, initscript fixes * Thu Sep 11 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-1 - Upgraded to 1.0.2 * Wed Jul 16 2008 Paul Wouters <paul@xelerance.com> - 1.0.1-1 - upgraded to new release * Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-2 - Build against ldns-1.3.0 * Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-1 - Split of -devel package, fixed dependancies, make rpmlint happy * Fri Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12 - Using parts from ports collection entry by Jaap Akkerhuis. - Using Fedoraproject wiki guidelines. * Wed Apr 23 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.11 - Initial version.