unbound-vl.spec 23 KB

  1. %bcond_with systemd
  2. %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0}
  3. %global with_munin 0
  4. %{?!enable_gost: %global enable_gost 1}
  5. # not ready yet
  6. %{?!with_python: %global with_python 0}
  7. %define _sharedstatedir /var/lib
  8. Summary: Validating, recursive, and caching DNS(SEC) resolver
  9. Name: unbound
  10. Version: 1.13.2
  11. Release: 2%{?_dist_release}%{?with_systemd:.systemd}
  12. Group: servers
  13. Distribution: Vine Linux
  14. Vendor: Project Vine
  15. Packager: iwaim, daisuke
  16. License: BSD
  17. Url: http://www.unbound.net/
  18. Source: https://nlnetlabs.nl/downloads/unbound/%{name}-%{version}.tar.gz
  19. Source1: unbound.init
  20. Source3: unbound.munin
  21. Source4: dlv.isc.org.key
  22. Source5: root.key
  23. Source6: root.anchor
  24. Source7: icannbundle.pem
  25. Source8: unbound.cron
  26. Source9: example.com.key
  27. Source10: example.com.conf
  28. Source11: block-example.com.conf
  29. Source100: unbound.service
  30. Source101: unbound-keygen.service
  31. Source102: unbound-anchor.service
  32. Source103: unbound-anchor.timer
  33. Source104: tmpfiles-unbound.conf
  34. Source105: unbound.sysconfig
  35. BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
  36. BuildRequires: flex
  37. BuildRequires: libevent-devel
  38. BuildRequires: expat-devel
  39. %if %{with_python}
  40. BuildRequires: python3-devel python3-rpm-macros swig
  41. %endif
  42. %if %{enable_gost}
  43. BuildRequires: openssl-devel >= 1.0.0
  44. %else
  45. BuildRequires: openssl-devel
  46. %endif
  47. BuildRequires: libnghttp2-devel
  48. # Required for SVN versions
  49. #BuildRequires: bison
  50. %if %{with systemd}
  51. %global piddir /run/%{name}
  52. BuildRequires: systemd
  53. %{?systemd_requires}
  54. %else
  55. %global piddir %{_localstatedir}/run/%{name}
  56. Requires(post): chkconfig
  57. Requires(preun): chkconfig
  58. Requires(preun): initscripts
  59. Requires(postun): initscripts
  60. %endif
  61. Requires(pre): shadow-utils
  62. %description
  63. Unbound is a validating, recursive, and caching DNS(SEC) resolver.
  64. The C implementation of Unbound is developed and maintained by NLnet
  65. Labs. It is based on ideas and algorithms taken from a java prototype
  66. developed by Verisign labs, Nominet, Kirei and ep.net.
  67. Unbound is designed as a set of modular components, so that also
  68. DNSSEC (secure DNS) validation and stub-resolvers (that do not run
  69. as a server, but are linked into an application) are easily possible.
  70. %if %{with_munin}
  71. %package munin
  72. Summary: Plugin for the munin / munin-node monitoring package
  73. Summary(ja): munin/munin-node モニタリングパッケージ用のプラグイン
  74. Group: servers
  75. Requires: munin-node
  76. Requires: %{name} = %{version}-%{release}, bc
  77. %description munin
  78. Plugin for the munin / munin-node monitoring package
  79. %endif
  80. %package devel
  81. Summary: Development package that includes the unbound header files
  82. Group: programming
  83. Requires: %{name}-libs = %{version}-%{release}, openssl-devel
  84. %description devel
  85. The devel package contains the unbound library and the include files
  86. %package libs
  87. Summary: Libraries used by the unbound server and client applications
  88. Group: system
  89. Requires(post): /sbin/ldconfig
  90. Requires(postun): /sbin/ldconfig
  91. Requires: openssl >= 0.9.8g-12
  92. %description libs
  93. Contains libraries used by the unbound server and client applications
  94. %if %{with_python}
  95. %package python
  96. Summary: Python modules and extensions for unbound
  97. Group: programming
  98. Requires: %{name}-libs = %{version}-%{release}
  99. %description python
  100. Python modules and extensions for unbound
  101. %endif
  102. %package -n compat32-%{name}-libs
  103. Summary: Libraries used by the unbound server and client applications
  104. Group: system,legacy
  105. Requires: %{name}-libs = %{version}-%{release}
  106. Requires(post): /sbin/ldconfig
  107. Requires(postun): /sbin/ldconfig
  108. Requires: openssl >= 0.9.8g-12
  109. %description -n compat32-%{name}-libs
  110. Contains libraries used by the unbound server and client applications
  111. %debug_package
  112. %prep
  113. %setup -q
  114. %build
  115. %configure --with-libevent --with-pthreads --with-ssl \
  116. --disable-rpath --enable-debug --disable-static \
  117. --enable-relro-now --enable-pie \
  118. --enable-subnet --enable-ipsecmod \
  119. --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \
  120. --with-pidfile=%{piddir}/%{name}.pid \
  121. %if %{with_python}
  122. --with-pythonmodule --with-pyunbound \
  123. %endif
  124. %if !%{enable_gost}
  125. --disable-gost \
  126. %endif
  127. --enable-sha2 \
  128. --disable-sha1 \
  129. --with-libnghttp2 \
  130. --with-rootkey-file=%{_sharedstatedir}/unbound/root.key
  131. %{__make} %{?_smp_mflags}
  132. %install
  133. rm -rf %{buildroot}
  134. %{__make} DESTDIR=%{buildroot} install
  135. install -d 0755 %{buildroot}%{_initrddir}
  136. %if %{with systemd}
  137. install -d -m 0755 %{buildroot}%{_unitdir} %{buildroot}%{_sysconfdir}/sysconfig
  138. install -p -m 0644 %{SOURCE100} %{buildroot}%{_unitdir}/unbound.service
  139. install -p -m 0644 %{SOURCE101} %{buildroot}%{_unitdir}/unbound-keygen.service
  140. install -p -m 0644 %{SOURCE103} %{buildroot}%{_unitdir}/unbound-anchor.timer
  141. install -p -m 0644 %{SOURCE102} %{buildroot}%{_unitdir}/unbound-anchor.service
  142. install -p -m 0644 %{SOURCE105} %{buildroot}%{_sysconfdir}/sysconfig/unbound
  143. # Install tmpfiles.d config
  144. install -d -m 0755 %{buildroot}%{_tmpfilesdir} %{buildroot}%{_sharedstatedir}/unbound
  145. install -m 0644 %{SOURCE104} %{buildroot}%{_tmpfilesdir}/unbound.conf
  146. %else
  147. install -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/unbound
  148. install -d 0755 %{buildroot}%{_sysconfdir}/cron.d
  149. install -p -m 0644 %{SOURCE8} %{buildroot}%{_sysconfdir}/cron.d/unbound-anchor
  150. %endif
  151. install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/unbound
  152. echo "include: %{_sysconfdir}/unbound/conf.d/*.conf" >> %{buildroot}%{_sysconfdir}/unbound/unbound.conf
  153. %if %{with_munin}
  154. # Install munin plugin and its softlinks
  155. install -d 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d
  156. install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/munin/plugin-conf.d/unbound
  157. install -d 0755 %{buildroot}%{_datadir}/munin/plugins/
  158. install -m 0755 contrib/unbound_munin_ %{buildroot}%{_datadir}/munin/plugins/unbound
  159. for plugin in unbound_munin_hits unbound_munin_queue \
  160. unbound_munin_memory unbound_munin_by_type \
  161. unbound_munin_by_class unbound_munin_by_opcode \
  162. unbound_munin_by_rcode unbound_munin_by_flags \
  163. unbound_munin_histogram; do
  164. ln -s unbound %{buildroot}%{_datadir}/munin/plugins/$plugin
  165. done
  166. %endif
  167. # install root and DLV key
  168. install -m 0644 %{SOURCE4} %{SOURCE5} %{buildroot}%{_sysconfdir}/unbound/
  169. install -d -m 0755 %{buildroot}%{_sharedstatedir}/unbound
  170. install -m 0644 %{SOURCE6} %{buildroot}%{_sharedstatedir}/unbound/root.key
  171. # remove static library from install (fedora packaging guidelines)
  172. rm -rf %{buildroot}%{_libdir}/*.la
  173. %if %{with_python}
  174. rm -rf %{buildroot}%{python_sitelib}/*/*.la
  175. %endif
  176. mkdir -p %{buildroot}%{_localstatedir}/run/unbound
  177. # Install directories for easier config file drop in
  178. install -d -m 0755 %{buildroot}%{_sysconfdir}/unbound/{keys.d,local.d,conf.d}
  179. install -p %{SOURCE9} %{buildroot}%{_sysconfdir}/unbound/keys.d/
  180. install -p %{SOURCE10} %{buildroot}%{_sysconfdir}/unbound/conf.d/
  181. install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/unbound/local.d/
  182. %clean
  183. rm -rf ${RPM_BUILD_ROOT}
  184. %files
  185. %defattr(-,root,root,-)
  186. %license doc/LICENSE
  187. %doc doc/README doc/CREDITS doc/FEATURES
  188. %if %{with systemd}
  189. %attr(0644,root,root) %{_tmpfilesdir}/unbound.conf
  190. %{_unitdir}/%{name}.service
  191. %{_unitdir}/%{name}-keygen.service
  192. %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
  193. %else
  194. %attr(0755,root,root) %{_initrddir}/%{name}
  195. %endif
  196. %attr(0755,root,root) %dir %{_sysconfdir}/%{name}
  197. %attr(0755,unbound,unbound) %dir %{_localstatedir}/run/%{name}
  198. %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf
  199. %dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/keys.d
  200. %attr(0664,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/keys.d/*.key
  201. %dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/conf.d
  202. %attr(0664,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/conf.d/*.conf
  203. %dir %attr(0755,root,unbound) %{_sysconfdir}/%{name}/local.d
  204. %attr(0664,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/local.d/*.conf
  205. %{_sbindir}/*
  206. %exclude %{_sbindir}/unbound-anchor
  207. %{_mandir}/*/*
  208. %if %{with_python}
  209. %files python
  210. %{python3_sitelib}/*
  211. %endif
  212. %if %{with_munin}
  213. %files munin
  214. %defattr(-,root,root,-)
  215. %config(noreplace) %{_sysconfdir}/munin/plugin-conf.d/unbound
  216. %{_datadir}/munin/plugins/unbound*
  217. %endif
  218. %files devel
  219. %defattr(-,root,root,-)
  220. %{_libdir}/libunbound.so
  221. %{_includedir}/unbound.h
  222. %{_libdir}/pkgconfig/libunbound.pc
  223. %doc README
  224. %files libs
  225. %defattr(-,root,root,-)
  226. %license doc/LICENSE
  227. %doc doc/README
  228. %{_sbindir}/unbound-anchor
  229. %{_libdir}/libunbound.so.*
  230. %{_sysconfdir}/%{name}/icannbundle.pem
  231. %dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
  232. %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/dlv.isc.org.key
  233. %attr(0644,unbound,unbound) %config(noreplace) %{_sharedstatedir}/%{name}/root.key
  234. %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/%{name}/root.key
  235. %if %{with systemd}
  236. %{_unitdir}/unbound-anchor.timer
  237. %{_unitdir}/unbound-anchor.service
  238. %else
  239. %attr(0644,root,root) %{_sysconfdir}/cron.d/unbound-anchor
  240. %endif
  241. %if %{build_compat32}
  242. %files -n compat32-%{name}-libs
  243. %defattr(-,root,root,-)
  244. %{_libdir}/libunbound.so.*
  245. %endif
  246. %pre libs
  247. getent group unbound >/dev/null || groupadd -r unbound
  248. getent passwd unbound >/dev/null || \
  249. useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
  250. -c "Unbound DNS resolver" unbound
  251. exit 0
  252. %post libs
  253. /sbin/runuser --command="%{_sbindir}/unbound-anchor -a %{_sharedstatedir}/unbound/root.key -c %{_sysconfdir}/unbound/icannbundle.pem" --shell /bin/sh unbound ||:
  254. %if %{with systemd}
  255. %systemd_post unbound-anchor.timer
  256. # start the timer only if installing the package to prevent starting it, if it was stopped on purpose
  257. if [ "$1" -eq 1 ]; then
  258. # the Unit is in presets, but would be started after reboot
  259. /bin/systemctl start unbound-anchor.timer >/dev/null 2>&1 || :
  260. fi
  261. %endif
  262. %if %{with systemd}
  263. %preun libs
  264. %systemd_preun unbound-anchor.timer
  265. %endif
  266. %postun libs
  267. %if %{with systemd}
  268. %systemd_postun_with_restart unbound-anchor.timer
  269. %endif
  270. %post
  271. %if %{with systemd}
  272. %systemd_post unbound.service
  273. %systemd_post unbound-keygen.service
  274. %else
  275. /sbin/chkconfig --add %{name}
  276. %endif
  277. # dnssec-conf used to contain our DLV key, but now we include it via unbound
  278. # If unbound had previously been configured with dnssec-configure, we need
  279. # to migrate the location of the DLV key file (to keep DLV enabled, and because
  280. # unbound won't start with a bad location for a DLV key file.
  281. sed -i "s:/etc/pki/dnssec-keys[/]*dlv:/etc/unbound:" %{_sysconfdir}/unbound/unbound.conf
  282. %preun
  283. %if %{with systemd}
  284. %systemd_preun unbound.service
  285. %systemd_preun unbound-keygen.service
  286. %else
  287. if [ "$1" -eq 0 -o -x /bin/systemctl ]; then
  288. /sbin/service %{name} stop >/dev/null 2>&1
  289. /sbin/chkconfig --del %{name}
  290. fi
  291. %endif
  292. %postun
  293. %if %{with systemd}
  294. %systemd_postun_with_restart unbound.service
  295. %systemd_postun unbound-keygen.service
  296. %else
  297. if [ "$1" -ge "1" -a ! -x /bin/systemctl ]; then
  298. /sbin/service %{name} condrestart >/dev/null 2>&1 || :
  299. fi
  300. %endif
  301. %changelog
  302. * Tue Oct 05 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.13.2-2
  303. - rebuilt with openssl-3.0.0.
  304. * Thu Aug 12 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.13.2-1
  305. - updated to 1.13.2.
  306. - dropped ldconfig scriptlets.
  307. * Wed Feb 10 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.13.1-1
  308. - updated to 1.13.1.
  309. * Thu Dec 03 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.13.0-1
  310. - updated to 1.13.0.
  311. * Thu Oct 08 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.12.0-1
  312. - updated to 1.12.0.
  313. * Mon Jul 27 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.11.0-1
  314. - updated to 1.11.1.
  315. * Tue May 19 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.10.1-1
  316. - updated to 1.10.1.
  317. * Tue Apr 14 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.10.0-2
  318. - rebuilt with libevent-2.1.11.
  319. * Sat Apr 11 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.10.0-1
  320. - updated to 1.10.0.
  321. - added systemd support (disabled as default).
  322. - disabled munin.
  323. * Mon Dec 16 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.9.6-1
  324. - updated to 1.9.6.
  325. * Fri Oct 11 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.9.4-1
  326. - updated to 1.9.4.
  327. * Tue Aug 27 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.9.3-1
  328. - updated to 1.9.3.
  329. * Sat Aug 24 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.9.2-1
  330. - updated to 1.9.2.
  331. * Fri Nov 09 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.8.1-2
  332. - added a subpackage 'compat32-unbound-libs'.
  333. * Sun Nov 04 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.8.1-1
  334. - updated to 1.8.1.
  335. - rebuilt with openssl-1.1.1 and libevent-2.1.8.
  336. - updated root.key and root.anchor.
  337. * Thu Oct 4 2018 IWAI, Masaharu <iwaim.sub@gmail.com> 1.8.0-1
  338. - update to 1.8.0
  339. - drop mesh patch (Patch0): upstream fixed
  340. * Thu May 24 2018 IWAI, Masaharu <iwaim.sub@gmail.com> 1.7.1-3
  341. - Fix mesh state assertion failure due to callback removal. (Patch0)
  342. * Sun May 6 2018 IWAI, Masaharu <iwaim.sub@gmail.com> 1.7.1-2
  343. - enable ECDSA support
  344. - enable GOST support
  345. * Sat May 5 2018 IWAI, Masaharu <iwaim.sub@gmail.com> 1.7.1-1
  346. - update to 1.7.1
  347. - add pkgconfig file in devel sub package
  348. * Thu Jan 04 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.6.7-1
  349. - updated to 1.6.7.
  350. * Mon Jul 31 2017 Daisuke SUZUKI <daisuke@vinelinux.org> 1.6.4-1
  351. - update to 1.6.4
  352. * Sat Jun 24 2017 IWAI, Masaharu <iwaim.sub@gmail.com> 1.6.3-1
  353. - update to 1.6.3
  354. * Mon Jun 05 2017 IWAI, Masaharu <iwaim.sub@gmail.com> 1.6.2-1
  355. - update to 1.6.2
  356. - disables SHA1 support
  357. * Sat Feb 25 2017 IWAI, Masaharu <iwaim.sub@gmail.com> 1.6.1-1
  358. - update to 1.6.1
  359. * Mon Jan 30 2017 IWAI, Masaharu <iwaim.sub@gmail.com> 1.6.0-2
  360. - fix Requires and BuildRequres
  361. - drop ldns
  362. * Thu Dec 29 2016 IWAI, Masaharu <iwaim.sub@gmail.com> 1.6.0-1
  363. - update to 1.6.0
  364. * Thu Jun 16 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.5.9-1
  365. - new upstream release.
  366. * Mon Mar 14 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.5.8-1
  367. - new upstream release.
  368. * Thu Dec 10 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.5.7-1
  369. - new upstream release.
  370. * Tue Nov 3 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.5.6-1
  371. - new upstream release.
  372. * Sun Mar 22 2015 IWAI, Masaharu <iwaim.sub@gmail.com> 1.5.3-1
  373. - update to 1.5.3
  374. * Tue Dec 09 2014 Daisuke SUZUKI <daisuke@vinelinux.org> 1.5.1-1
  375. - update to 1.5.1
  376. * Tue Jun 17 2014 IWAI, Masaharu <iwaim.sub@gmail.com> 1.4.22-3
  377. - move create user script to libs subpackage
  378. * Wed Jun 11 2014 IWAI, Masaharu <iwaim.sub@gmail.com> 1.4.22-2
  379. - add {B,C}.ROOT-SERVERS.NET. IPv6 address
  380. * Wed Apr 16 2014 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.22-1
  381. - update to 1.4.22
  382. - move root.key to /var/lib/unbound
  383. - add icannbundle.pem from http://data.iana.org/root-anchors/icannbundle.pem
  384. - add unbound.cron
  385. - move keys and unbound-anchor to libs subpackage
  386. * Mon Oct 07 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.21-1
  387. - new upstream release
  388. * Tue Mar 26 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.20-1
  389. - new upstream release
  390. * Thu Dec 13 2012 IWAI, Masaharu <iwai@alib.jp> 1.4.19-1
  391. - new upstream release
  392. - drop glob patch (Patch1): upstream merged
  393. * Wed Dec 5 2012 IWAI, Masaharu <iwai@alib.jp> 1.4.18-1
  394. - new upstream release
  395. * Sun May 27 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.17-1
  396. - update to 1.4.17
  397. - add root.key for DNSSEC
  398. - enable munin subpackage by default
  399. - buildrequire ldns-devel >= 1.6.13
  400. * Wed Feb 29 2012 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.4.14-2
  401. - rebuild with python-2.7.2
  402. * Wed Dec 21 2011 IWAI, Masaharu <iwai@alib.jp> 1.4.14-1
  403. - new upstream release
  404. * Sat Sep 3 2011 IWAI, Masaharu <iwai@alib.jp> 1.4.12-1
  405. - new upstream release
  406. * Tue May 31 2011 IWAI, Masaharu <iwai@alib.jp> 1.4.10-1
  407. - new upstream releas
  408. * Wed Mar 30 2011 IWAI, Masaharu <iwai@alib.jp> 1.4.9-1
  409. - new upstream release
  410. * Wed Feb 23 2011 IWAI, Masaharu <iwai@alib.jp> 1.4.8-1
  411. - new upstream release
  412. * Thu Feb 10 2011 Toshiharu Kudoh <toshi.kd2@gmail.com> 1.4.7-2
  413. - rebuilt with libevent-2.0.10
  414. * Sun Nov 14 2010 IWAI, Masaharu <iwai@alib.jp> 1.4.7-1
  415. - new upstream release
  416. - add enable_gost flag: default disable
  417. - add BuildRequires: expat-devel
  418. * Thu Sep 2 2010 IWAI, Masaharu <iwai@alib.jp> 1.4.6-1
  419. - new upstream release
  420. * Fri Jul 23 2010 IWAI, Masaharu <iwai@alib.jp> 1.4.5-1
  421. - new upstream release
  422. * Wed May 5 2010 IWAI, Masaharu <iwai@alib.jp> 1.4.4-1
  423. - initial build for Vine Linux: based Fedora 1.4.3-1.fc14
  424. - update to 1.4.4
  425. - build without munin
  426. * Thu Mar 11 2010 Paul Wouters <paul@xelerance.com> - 1.4.3-1
  427. - Update to 1.4.3 that fixes 64bit crasher
  428. * Tue Mar 09 2010 Paul Wouters <paul@xelerance.com> - 1.4.2-1
  429. - Updated to 1.4.2
  430. - Updated unbound.conf with new options
  431. - Enabled pre-fetching DNSKEY records (DNSSEC speedup)
  432. - Enabled re-fetching popular records before they expire
  433. - Enabled logging of DNSSEC validation errors
  434. * Mon Mar 01 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-5
  435. - Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues
  436. with pthreads
  437. * Wed Feb 24 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-3
  438. - Change make/configure lines to attempt to fix -lphtread linking issue
  439. * Thu Feb 18 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-2
  440. - Removed dependancy for dnssec-conf
  441. - Added ISC DLV key (formerly in dnssec-conf)
  442. - Fixup old DLV locations in unbound.conf file via %%post
  443. - Fix parent child disagreement handling and no-ipv6 present [svn r1953]
  444. * Tue Jan 05 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-1
  445. - Updated to 1.4.1
  446. - Changed %%define to %%global
  447. * Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-2
  448. - Bump version
  449. * Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-1
  450. - Upgraded to 1.3.4. Security fix with validating NSEC3 records
  451. * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.3.3-2
  452. - rebuilt with new openssl
  453. * Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 1.3.3-1
  454. - Updated to 1.3.3
  455. * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.0-3
  456. - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
  457. * Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-2
  458. - Added missing glob patch to cvs
  459. - Place python macros within the %%with_python check
  460. * Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-1
  461. - Updated to 1.3.0
  462. - Added unbound-python sub package. disabled for now
  463. - Patch from svn to fix DLV lookups
  464. - Patches from svn to detect wrong truncated response from BIND 9.6.1 with
  465. minimal-responses)
  466. - Added Default-Start and Default-Stop to unbound.init
  467. - Re-enabled --enable-sha2
  468. - Re-enabled glob.patch
  469. * Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-7
  470. - unbound-iterator.patch was not commited
  471. * Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-6
  472. - Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793
  473. * Tue Mar 17 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-5
  474. - Use --nocheck to avoid giving an error on missing unbound-remote certs/keys
  475. * Tue Mar 10 2009 Adam Tkac <atkac redhat com> - 1.2.1-4
  476. - enable DNSSEC only if it is enabled in sysconfig/dnssec
  477. * Mon Mar 09 2009 Adam Tkac <atkac redhat com> - 1.2.1-3
  478. - add DNSSEC support to initscript and enabled it per default
  479. - add requires dnssec-conf
  480. * Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-2
  481. - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
  482. * Tue Feb 10 2009 Paul Wouters <paul@xelerance.com - 1.2.1-1
  483. - updated to 1.2.1
  484. * Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.0-2
  485. - rebuild with new openssl
  486. * Wed Jan 14 2009 Paul Wouters <paul@xelerance.com - 1.2.0-1
  487. - Updated to 1.2.0
  488. - Added dependancy on minimum SSL for CVE-2008-5077
  489. - Added dependancy on bc for unbound-munin
  490. - Added minimum requirement of libevent 1.4.5. Crashes with older versions
  491. (note: libevent is stale in EL-4 and not in EL-5, needs fixing there)
  492. - Removed dependancy on selinux-policy (will get used when available)
  493. - Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt
  494. - Enable unwanted-reply-threshold to mitigate against a Kaminsky attack
  495. - Enable val-clean-additional to drop addition unsigned data from signed
  496. response.
  497. - Removed patches (got merged into upstream)
  498. * Mon Jan 5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-7
  499. - Modified scandir patch to silently fail when wildcard matches nothing
  500. - Patch to allow unbound-checkconf to find empty wildcard matches
  501. * Mon Jan 5 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-6
  502. - Added scandir patch for trusted-keys-file: option, which
  503. is used to load multiple dnssec keys in bind file format
  504. * Mon Dec 8 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-4
  505. - Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules.
  506. * Mon Dec 1 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-3
  507. - We did not own the /etc/unbound directory (#474020)
  508. - Fixed cvs anomalies
  509. * Fri Nov 28 2008 Adam Tkac <atkac redhat com> - 1.1.1-2
  510. - removed all obsolete chroot related stuff
  511. - label control certs after generation correctly
  512. * Thu Nov 20 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-1
  513. - Updated to unbound 1.1.1 which fixes a crasher and
  514. addresses nlnetlabs bug #219
  515. * Wed Nov 19 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-3
  516. - Remove the chroot, obsoleted by SElinux
  517. - Add additional munin plugin links supported by unbound plugin
  518. - Move configuration directory from /var/lib/unbound to /etc/unbound
  519. - Modified unbound.init and unbound.conf to account for chroot changes
  520. - Updated unbound.conf with new available options
  521. - Enabled dns-0x20 protection per default
  522. * Wed Nov 19 2008 Adam Tkac <atkac redhat com> - 1.1.0-2
  523. - unbound-1.1.0-log_open.patch
  524. - make sure log is opened before chroot call
  525. - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219
  526. - removed /dev/log and /var/run/unbound and /etc/resolv.conf from
  527. chroot, not needed
  528. - don't mount files in chroot, it causes problems during updates
  529. - fixed typo in default config file
  530. * Fri Nov 14 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-1
  531. - Updated to version 1.1.0
  532. - Updated unbound.conf's statistics options and remote-control
  533. to work properly for munin
  534. - Added unbound-munin package
  535. - Generate unbound remote-control key/certs on first startup
  536. - Required ldns is now 1.4.0
  537. * Wed Oct 22 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-5
  538. - Only call ldconfig in -libs package
  539. - Move configure into build section
  540. - devel subpackage should only depend on libs subpackage
  541. * Tue Oct 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-4
  542. - Fix CFLAGS getting lost in build
  543. - Don't enable interface-automatic:yes because that
  544. causes unbound to listen on instead of
  545. * Sun Oct 19 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-3
  546. - Split off unbound-libs, make build verbose
  547. * Thu Oct 9 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-2
  548. - FSB compliance, chroot fixes, initscript fixes
  549. * Thu Sep 11 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-1
  550. - Upgraded to 1.0.2
  551. * Wed Jul 16 2008 Paul Wouters <paul@xelerance.com> - 1.0.1-1
  552. - upgraded to new release
  553. * Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-2
  554. - Build against ldns-1.3.0
  555. * Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-1
  556. - Split of -devel package, fixed dependancies, make rpmlint happy
  557. * Fri Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12
  558. - Using parts from ports collection entry by Jaap Akkerhuis.
  559. - Using Fedoraproject wiki guidelines.
  560. * Wed Apr 23 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.11
  561. - Initial version.