Fedora 18 Update: unbound-1.4.20-3.fc18

Tue Jun 11 09:07:25 UTC 2013

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-9852
2013-06-02 01:18:25
--------------------------------------------------------------------------------

Name        : unbound
Product     : Fedora 18
Version     : 1.4.20
Release     : 3.fc18
URL         : http://www.nlnetlabs.nl/unbound/
Summary     : Validating, recursive, and caching DNS(SEC) resolver
Description :
Unbound is a validating, recursive, and caching DNS(SEC) resolver.

The C implementation of Unbound is developed and maintained by NLnet
Labs. It is based on ideas and algorithms taken from a java prototype
developed by Verisign labs, Nominet, Kirei and ep.net.

Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run
as a server, but are linked into an application) are easily possible.

--------------------------------------------------------------------------------
Update Information:

Enable round-robin, minimal responses and move root.key to /var/lib/unbound
Mostly a minor bugfix release by upstream, unbound-anchor made more selinux friendly, hardened build
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 31 2013 Paul Wouters <pwouters at redhat.com> - 1.4.20-3
- Enable round-robin (with noths() patch)
- Use /var/lib/unbound/root.key (more consistent with other distros)
- Enable minimal responses
* Tue Apr 16 2013 Paul Wouters <pwouters at redhat.com> - 1.4.20-1
- Updated to 1.4.20
- Build with full RELRO (not use -z,relro but with -z,relo,-z,now)
- Fixup man page for unbound-control-setup
- unbound.service should start before nss-lookup.target (rhbz#919955)
- Removed patch for rhbz#888759 merged in upstream
- Move root.anchor to /var/lib/unbound to make selinux policy easier for updating (rhbz#896599/rhbz#891008)
- Move cronjob for root.anchor from unbound to unbound-libs, require crontabs
- /etc/unbound (and all) should be owned by unbound-libs (rhbz#909691)
- Remove Obsolete/Provides for dnssec-conf which was last seen in f13
- Ensure any unbound-anchor failure in post is ignored
- Use install -p to prevent .rpmnew files that are identical to originals
* Tue Mar  5 2013 Adam Tkac <atkac redhat com> - 1.4.19-5
- build with full RELRO
- symlink unbound-control-setup.8 manpage to unbound-control.8
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.19-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Dec 12 2012 Paul Wouters <pwouters at redhat.com> - 1.4.19-3
- Updated to 1.4.19 - this integrates all existing patches
- Patch for unbound-anchor (rhbz#888759)
* Fri Nov  9 2012 Paul Wouters <pwouters at redhat.com> - 1.4.18-6
- Patch to ensure stube-zone's aren't lost when using dnssec-triggerd
- added unbound-munin.README file
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #919955 - unbound.service doesn't mark itself as providing nss-lookup.target
        https://bugzilla.redhat.com/show_bug.cgi?id=919955
  [ 2 ] Bug #888759 - unbound: unbound-anchor does not disable internal XML entity expansion
        https://bugzilla.redhat.com/show_bug.cgi?id=888759
  [ 3 ] Bug #896599 - SELinux is preventing /usr/sbin/unbound-anchor from 'remove_name' accesses on the directory root.anchor.9143-0.
        https://bugzilla.redhat.com/show_bug.cgi?id=896599
  [ 4 ] Bug #891008 - SELinux is preventing /usr/sbin/unbound from write access on the directory /etc/unbound.
        https://bugzilla.redhat.com/show_bug.cgi?id=891008
  [ 5 ] Bug #909691 - /etc/unbound should be owned by unbound-libs, not unbound
        https://bugzilla.redhat.com/show_bug.cgi?id=909691
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update unbound' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------