Name: | unbound |
---|---|
Version: | 1.16.2 |
Release: | 2.el8 |
Architecture: | x86_64 |
Group: | Unspecified |
Size: | 6183932 |
License: | BSD |
RPM: | unbound-1.16.2-2.el8.x86_64.rpm |
Source RPM: | unbound-1.16.2-2.el8.src.rpm |
Build Date: | Mon Oct 03 2022 |
Build Host: | build-ol8-x86_64.oracle.com |
Vendor: | Oracle America |
URL: | https://www.unbound.net/ |
Summary: | Validating, recursive, and caching DNS(SEC) resolver |
Description: | Unbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible. |
- Require openssl tool for unbound-keygen (#2018806)
- Update to 1.16.2 (#2027735)
- Restart keygen service before every unbound start (#1959468)
- Upgrade to 9.16.0 (#2027735) - Update to recent version with compatibility with RHEL8 (#2027735) - Ensure also source level compatibility with previous version
- Change file mode before owner when configuring remote control unix socket to avoid AVC denials - Resolves: rhbz#2038251
- Option --enable-linux-ip-local-port-range added to use system configured port range for libunbound on Linux - Resolves: rhbz#1830625
- Don't start unbound-anchor before unbound service if DISABLE_UNBOUND_ANCHOR environment variable equals to "yes" - Resolves: rhbz#1922448
- Fix SPEC file to not check md5 mtime and size of /var/lib/unbound/root.key - Resolves: rhbz#1714175 - Use system-wide crypto policy setting (PROFILE=SYSTEM) instead of custom setting - Resolves: rhbz#1842837 - Enable additional logging in unbound - Resolves: rhbz#1850460 - security hardening from x41 report - Resolves: rhbz#1859933 - symbolic link traversal when writing PID file - Resolves: rhbz#1899058
- Fix unbound-1.7.3-amplifying-an-incoming-query.patch patch - Resolves: rhbz#1839178 (CVE-2020-12662)
- Fix two previous patches and add missing patch lines to %prep - Fix amplifying an incoming query into a large number of queries directed to a target - Resolves: rhbz#1839178 (CVE-2020-12662)