[unbound/f17] * Tue Jul 17 2012 Paul Wouters <pwouters at redhat.com> - 1.4.17-1 - unbound FIPS patches for MD5, rando
Paul Wouters
pwouters at fedoraproject.org
Wed Jul 18 02:42:48 UTC 2012
commit 940de4d5c2ba42749afe23479133c990f2a3eabc
Author: Paul Wouters <paul at libreswan.org>
Date: Tue Jul 17 22:42:14 2012 -0400
* Tue Jul 17 2012 Paul Wouters <pwouters at redhat.com> - 1.4.17-1
- unbound FIPS patches for MD5,randomness (rhbz#835106)
- don't build unbound-munin on RHEL
- Updated to 1.4.17 (which mostly brings in patches we already
applied from svn trunk)
.gitignore | 1 +
sources | 3 +--
unbound.conf | 9 +++++++++
unbound.spec | 29 +++++++++++++++++++++++------
4 files changed, 34 insertions(+), 8 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 50d7d52..9b0760b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,4 @@ unbound-1.4.5.tar.gz
/unbound-1.4.14.tar.gz
/unbound-1.4.15.tar.gz
/unbound-1.4.16.tar.gz
+/unbound-1.4.17.tar.gz
diff --git a/sources b/sources
index 4f0f9b3..afbebfb 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-99173a6548e0e2ec9bfac7a5d025f79e unbound-1.4.15.tar.gz
-5158d03d2ab0a8e60925c7a9b9903631 unbound-1.4.16.tar.gz
+812d49064a78c92765970a1364736da7 unbound-1.4.17.tar.gz
diff --git a/unbound.conf b/unbound.conf
index a91ec99..52a48fc 100644
--- a/unbound.conf
+++ b/unbound.conf
@@ -322,6 +322,13 @@ server:
# if yes, perform key lookups adjacent to normal lookups.
prefetch-key: yes
+ # if yes, Unbound rotates RRSet order in response.
+ # rrset-roundrobin: no
+
+ # if yes, Unbound doesn't insert authority/additional sections
+ # into response messages when those sections are not required.
+ # minimal-responses: no
+
# module configuration of the server. A string with identifiers
# separated by spaces. "iterator" or "validator iterator"
# module-config: "validator iterator"
@@ -523,10 +530,12 @@ remote-control:
# 'example.org' go to the given list of servers. These servers have to handle
# recursion to other nameservers. List zero or more nameservers by hostname
# or by ipaddress. Use an entry with name "." to forward all queries.
+# If you enable forward-first, it attempts without the forward if it fails.
# forward-zone:
# name: "example.com"
# forward-addr: 192.0.2.68
# forward-addr: 192.0.2.73 at 5355 # forward to port 5355.
+# forward-first: no
# forward-zone:
# name: "example.org"
# forward-host: fwd.example.com
diff --git a/unbound.spec b/unbound.spec
index 3883afc..fb029d6 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -5,10 +5,16 @@
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
%endif
+%if 0%{?rhel}
+%{!?munin:%define munin 0}
+%else
+%{!?munin:%define munin 1}
+%endif
+
Summary: Validating, recursive, and caching DNS(SEC) resolver
Name: unbound
-Version: 1.4.16
-Release: 2%{?dist}
+Version: 1.4.17
+Release: 1%{?dist}
License: BSD
Url: http://www.nlnetlabs.nl/unbound/
Source: http://www.unbound.net/downloads/%{name}-%{version}.tar.gz
@@ -21,8 +27,7 @@ Source6: dlv.isc.org.key
Source7: unbound-keygen.service
Source8: tmpfiles-unbound.conf
Patch1: unbound-1.2-glob.patch
-Patch2: unbound-trunk.patch
-
+Patch2: unbound-1.4.17-fips.patch
Group: System Environment/Daemons
BuildRequires: flex, openssl-devel , ldns-devel >= 1.5.0,
BuildRequires: libevent-devel expat-devel
@@ -54,6 +59,7 @@ Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run
as a server, but are linked into an application) are easily possible.
+%if %{munin}
%package munin
Summary: Plugin for the munin / munin-node monitoring package
Group: System Environment/Daemons
@@ -62,6 +68,7 @@ Requires: %{name} = %{version}-%{release}, bc
%description munin
Plugin for the munin / munin-node monitoring package
+%endif
%package devel
Summary: Development package that includes the unbound header files
@@ -104,7 +111,7 @@ Python modules and extensions for unbound
%if %{with_python}
--with-pythonmodule --with-pyunbound \
%endif
- --enable-sha2 --disable-gost
+ --enable-sha2 --disable-gost --disable-ecdsa
%{__make} %{?_smp_mflags}
%install
@@ -113,6 +120,7 @@ install -d 0755 %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/unbound.service
install -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/unbound-keygen.service
install -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound
+%if %{munin}
# Install munin plugin and its softlinks
install -d 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d
install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/munin/plugin-conf.d/unbound
@@ -120,7 +128,8 @@ install -d 0755 %{buildroot}%{_datadir}/munin/plugins/
install -m 0755 %{SOURCE4} %{buildroot}%{_datadir}/munin/plugins/unbound
for plugin in unbound_munin_hits unbound_munin_queue unbound_munin_memory unbound_munin_by_type unbound_munin_by_class unbound_munin_by_opcode unbound_munin_by_rcode unbound_munin_by_flags unbound_munin_histogram; do
ln -s unbound %{buildroot}%{_datadir}/munin/plugins/$plugin
-done
+done
+%endif
# Install tmpfiles.d config
mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/
@@ -157,9 +166,11 @@ mkdir -p %{buildroot}%{_localstatedir}/run/unbound
%doc pythonmod/examples/*
%endif
+%if %{munin}
%files munin
%config(noreplace) %{_sysconfdir}/munin/plugin-conf.d/unbound
%{_datadir}/munin/plugins/unbound*
+%endif
%files devel
%{_libdir}/libunbound.so
@@ -221,6 +232,12 @@ fi
/bin/systemctl try-restart unbound-keygen.service >/dev/null 2>&1 || :
%changelog
+* Tue Jul 17 2012 Paul Wouters <pwouters at redhat.com> - 1.4.17-1
+- unbound FIPS patches for MD5,randomness (rhbz#835106)
+- don't build unbound-munin on RHEL
+- Updated to 1.4.17 (which mostly brings in patches we already
+ applied from svn trunk)
+
* Mon Feb 27 2012 Paul Wouters <pwouters at redhat.com> - 1.4.16-2
- Don't ghost the directory (rhbz#788805)
- Patch for unbound to support unbound-control forward_zone
More information about the scm-commits
mailing list