Fedora 20 Update: dnssec-trigger-0.12-13.fc20

Fri Sep 19 10:06:44 UTC 2014

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-9375
2014-08-15 01:47:38
--------------------------------------------------------------------------------

Name        : dnssec-trigger
Product     : Fedora 20
Version     : 0.12
Release     : 13.fc20
URL         : http://www.nlnetlabs.nl/downloads/dnssec-trigger/
Summary     : NetworkManager plugin to update/reconfigure DNSSEC resolving
Description :
dnssec-trigger reconfigures the local unbound DNS server. This unbound DNS
server performs DNSSEC validation, but dnssec-trigger will signal it to
use the DHCP obtained forwarders if possible, and fallback to doing its
own AUTH queries if that fails, and if that fails prompt the user via
dnssec-trigger-applet the option to go with insecure DNS only.

--------------------------------------------------------------------------------
Update Information:

Address of one of the fall-back servers changed.
New upstream version and a number of additional fixes. This update can be also viewed as the first snapshot of the DNSSEC functionality being prepared for Fedora 22. On the other hand, you should still treat dnssec-trigger as experimental software as some of the serious issues are not fixed by this update.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 11 2014 Tomas Hozza <thozza at redhat.com> - 0.12-13
- One Fedora fallback server changed IP address (#1125440)
* Mon Jun 30 2014 Pavel Šimerda <psimerda at redhat.com> - 0.12-12
- Resolves: #1112248 - require a version of NetworkManager with #1113122 fixed
* Tue Jun 24 2014 Pavel Šimerda <psimerda at redhat.com> - 0.12-11
- Resolves: #1112248 - serialize the script instances
* Tue Jun 24 2014 Pavel Šimerda <psimerda at redhat.com> - 0.12-10
- Resolves: #1112248 - fix a typo
* Tue Jun 24 2014 Pavel Šimerda <psimerda at redhat.com> - 0.12-9
- Resolves: #1112248 - fix systemd race condition
* Mon Jun 23 2014 Pavel Šimerda <psimerda at redhat.com> - 0.12-8
- Resolves: #1112248 - don't block on systemctl restart NetworkManager
* Mon Jun 23 2014 Pavel Šimerda <psimerda at redhat.com> - 0.12-7
- Resolves: #1112248, #1111143 - update dnssec-trigger-script and dnssec-triggerd.service
* Fri Jun 20 2014 Pavel Šimerda <psimerda at redhat.com> - 0.12-6
- Resolves: #1111143 - fix for python2
* Fri Jun 20 2014 Pavel Šimerda <psimerda at redhat.com> - 0.12-5
- Related: #842455 - remove a patch that is now redundant
* Fri Jun 20 2014 Pavel Šimerda <psimerda at redhat.com> - 0.12-4
- update dnssec-trigger-script to current development submitted upstream
* Wed Jun 18 2014 Pavel Šimerda <psimerda at redhat.com> - 0.12-3
- Resolves: #1105896 - the new script doesn't call dnssec-trigger-control submit
* Fri Jun  6 2014 Pavel Šimerda <psimerda at redhat.com> - 0.12-2
- fix various dnssec-trigger-script issues
* Fri May 23 2014 Tomas Hozza <thozza at redhat.com> - 0.12-1
- Update to 0.12 version
- Drop merged patches
- Drop downstream files (systemd, dispatcher scripts)
* Tue May 13 2014 Paul Wouters <pwouters at redhat.com> - 0.11-21
- Enable full hardening (includig PIE)
- Resolves: rhbz#1045689 dnssec-trigger creates long-time RSA key with inappropriate size
* Wed Feb 19 2014 Tomas Hozza <thozza at redhat.com> - 0.11-20
- Restart NM on dnssec-trigger shutdown (let NM handle the resolv.conf content)
- HN-hook: Handle situation when connection does not have a device
* Wed Jan 29 2014 Tomas Hozza <thozza at redhat.com> - 0.11-19
- Use new Python dispatcher script and ship /etc/dnssec.conf
* Tue Jan 28 2014 Tomas Hozza <thozza at redhat.com> - 0.11-18
- Use systemd macros instead of directly calling systemctl
- simplify the systemd unit file for generating keys
* Thu Nov 21 2013 Tomas Hozza <thozza at redhat.com> - 0.11-17
- Add script to backup and restore resolv.conf on dnssec-trigger start/stop
* Mon Nov 18 2013 Tomas Hozza <thozza at redhat.com> - 0.11-16
- Improve GUI dialogs texts
* Tue Nov 12 2013 Tomas Hozza <thozza at redhat.com> - 0.11-15
- Fix NM dispatcher script to work with NM >= 0.9.9.0 (#1029571)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1125440 - Update fedoraproject fallback server
        https://bugzilla.redhat.com/show_bug.cgi?id=1125440
  [ 2 ] Bug #842455 - dnssec-triggerd doesn't restore /etc/resolv.conf immutable attribute
        https://bugzilla.redhat.com/show_bug.cgi?id=842455
  [ 3 ] Bug #1067452 - connection zones lost when unbound is restarted
        https://bugzilla.redhat.com/show_bug.cgi?id=1067452
  [ 4 ] Bug #1067554 - split the pythonic NetworkManager dispatcher script into a minimal script and an updater
        https://bugzilla.redhat.com/show_bug.cgi?id=1067554
  [ 5 ] Bug #1070631 - NetworkManager dispatcher script doesn't respect nameserver list changes
        https://bugzilla.redhat.com/show_bug.cgi?id=1070631
  [ 6 ] Bug #1105896 - the new script doesn't call dnssec-trigger-control submit
        https://bugzilla.redhat.com/show_bug.cgi?id=1105896
  [ 7 ] Bug #1111143 - dnssec-trigger-script: offer a seamless upgrade from pre-0.12 (without unbound restart)
        https://bugzilla.redhat.com/show_bug.cgi?id=1111143
  [ 8 ] Bug #1089767 - Unbound caches missed entries.
        https://bugzilla.redhat.com/show_bug.cgi?id=1089767
  [ 9 ] Bug #1112248 - dnssec-trigger-script fails to configure unbound on dnssec-triggerd restart
        https://bugzilla.redhat.com/show_bug.cgi?id=1112248
  [ 10 ] Bug #1100794 - New dispatcher script does not work with python2
        https://bugzilla.redhat.com/show_bug.cgi?id=1100794
  [ 11 ] Bug #1100796 - New dispatcher script does not work with latest unbound
        https://bugzilla.redhat.com/show_bug.cgi?id=1100796
  [ 12 ] Bug #1089910 - Unbound cache across networks causes traffic leaking.
        https://bugzilla.redhat.com/show_bug.cgi?id=1089910
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update dnssec-trigger' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------