diff --git a/unbound-1.5.4.tar.gz b/unbound-1.5.4.tar.gz deleted file mode 100644 index 89c2ec2..0000000 --- a/unbound-1.5.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a1e1c1a578cf8447cb51f6033714035736a0f04444854a983123c094cc6fb137 -size 4844273 diff --git a/unbound-1.5.5.tar.gz b/unbound-1.5.5.tar.gz new file mode 100644 index 0000000..2d6ada5 --- /dev/null +++ b/unbound-1.5.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f3bd7d3bc9519e8717abdc35c26cb2d84c3c3a3e2cd657604307e6860b37da5e +size 4849969 diff --git a/unbound.changes b/unbound.changes index b4469ea..cc7cc36 100644 --- a/unbound.changes +++ b/unbound.changes @@ -1,3 +1,70 @@ +------------------------------------------------------------------- +Sat Oct 10 09:31:40 UTC 2015 - michael@stroeder.com + +- ignore absence of the systemd-tmpfiles command + +------------------------------------------------------------------- +Tue Oct 6 14:21:00 UTC 2015 - mrueckert@suse.de + +- update to 1.5.5 + Features + - Change default of harden-algo-downgrade to off. This is lenient + for algorithm rollover. + - Added permit-small-holddown config to debug fast 5011 rollover. + - Allow certificate chain files to allow for intermediate + certificates. (thanks Daniel Kahn Gillmor) + - Enable ECDHE for servers. Where available, use + SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations + to enable ECDHE. Otherwise, manually offer curve p256. Client + connections should automatically use ECDHE when available. + (thanks Daniel Kahn Gillmor) + - Feature --enable-pie option to that builds PIE binary. + [bugzilla: 699 ] + - Feature --enable-relro-now option that enables full read-only + relocation. [bugzilla: 700 ] + - New IPs for for h.root-servers.net. [bugzilla: 702 ] + Bug Fixes + - Fix setting forwarders with unbound-control forward implicitly + turns on forward-first. [bugzilla: 681 ] + - Fix that reload fails when so-reuseport is yes after changing + num-threads. [bugzilla: 690 ] + - please afl-gcc (llvm) for uninitialised variable warning. + - Fix mktime in unbound-anchor not using UTC. + - Fix 5011 anchor update timer after reload. + - 5011 implementation does not insist on all algorithms, when + harden-algo-downgrade is turned off. + - Document in the manual more text about configuring locally + served zones. + - Document that local-zone nodefault matches exactly and + transparent can be used to release a subzone. + - Fix that configure script does not detect LibreSSL 2.2.2 + [bugzilla: 694 ] + - Fix deadlock for local data add and zone add when + unbound-control list_local_data printout is interrupted. + - Fix get PY_MAJOR_VERSION failure at configure for python 2.4 to + 2.6. [bugzilla: 697 ] + - changed windows setup compression to be more transparent. + - Fix config globbed include chroot treatment, this fixes reload + of globs (patch from Dag-Erling Smørgrav). + - Fix ub_ctx_set_fwd() return value mishandled on windows. + [bugzilla: 705 ] + - Fix minor error in unbound.conf.5.in. + - Fix unbound.conf(5) access-control description for precedence + and default. + - Fix unbound-control flush that does not succeed in removing + data. + - MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution + failures. + - iana portlist update. +- remove manual hacks for relro,now and pie and replace them with + official configure options. + +------------------------------------------------------------------- +Fri Sep 4 13:37:38 UTC 2015 - mrueckert@suse.de + +- enable event api +- enable dnstap support + ------------------------------------------------------------------- Thu Jul 9 10:16:32 UTC 2015 - michael@stroeder.com diff --git a/unbound.spec b/unbound.spec index 220e41f..5fc705f 100644 --- a/unbound.spec +++ b/unbound.spec @@ -20,6 +20,12 @@ %bcond_without munin %bcond_without hardened_build +%if 0%{?suse_version} > 1320 +%bcond_without dnstap +%else +%bcond_with dnstap +%endif + %if 0%{?suse_version} >= 1230 %bcond_without systemd %else @@ -47,7 +53,7 @@ %endif Name: unbound -Version: 1.5.4 +Version: 1.5.5 Release: 0 # # @@ -58,8 +64,12 @@ BuildRequires: libevent-devel BuildRequires: libexpat-devel BuildRequires: openssl-devel BuildRequires: python-devel +%if %{with dnstap} +BuildRequires: protobuf-c >= 1.0.0 +BuildRequires: libprotobuf-c-devel >= 1.0.0 +BuildRequires: libfstrm-devel +%endif %if %{with python} -BuildRequires: python-devel BuildRequires: swig %endif PreReq: pwdutils @@ -174,9 +184,8 @@ This package holds the Python modules and extensions for unbound. %setup %build -export LDFLAGS="-Wl,-z,relro,-z,now -pie" -export CFLAGS="%{optflags} -fPIE -pie" -export CXXFLAGS="%{optflags} -fPIE -pie" +export CFLAGS="%{optflags}" +export CXXFLAGS="%{optflags}" %configure \ --disable-rpath \ --with-libevent \ @@ -186,6 +195,12 @@ export CXXFLAGS="%{optflags} -fPIE -pie" --enable-sha2 \ --enable-gost \ --enable-ecdsa \ + --enable-event-api \ + --enable-pie \ + --enable-relro-now \ +%if %{with dnstap} + --enable-dnstap \ +%endif --with-conf-file=%{_sysconfdir}/%{name}/unbound.conf \ --with-pidfile=%{piddir}%{name}/%{name}.pid \ %if %{with python} @@ -284,7 +299,7 @@ make check ||: %post %fillup_only %{name} %if %{with systemd} -systemd-tmpfiles --create %{_tmpfilesdir}/unbound.conf +systemd-tmpfiles --create %{_tmpfilesdir}/unbound.conf || : %service_add_post unbound-keygen.service unbound.service %endif @@ -368,6 +383,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/unbound.conf %files devel %defattr(-,root,root,-) %{_includedir}/unbound.h +%{_includedir}/unbound-event.h %{_libdir}/libunbound.so %{_mandir}/man3/libunbound.3* %{_mandir}/man3/ub_*.3*