[ol7_u9_base] unbound-libs-1.6.6-5.el7_8.aarch64

Name:	unbound-libs
Version:	1.6.6
Release:	5.el7_8
Architecture:	aarch64
Group:	Applications/System
Size:	1141690
License:	BSD
RPM:	unbound-libs-1.6.6-5.el7_8.aarch64.rpm
Source RPM:	unbound-1.6.6-5.el7_8.src.rpm
Build Date:	Mon Jun 22 2020
Build Host:	ca-buildarm04.us.oracle.com
Vendor:	Oracle America
URL:	https://unbound.net/
Summary:	Libraries used by the unbound server and client applications
Description:	Contains libraries used by the unbound server and client applications

Changelog (Show File list) (Show related packages)

Thu Jun 11 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.6.6-5

- Fix incomplete amplifying-an-incoming-query patch
- Resolves: rhbz#1846424

Sun May 31 2020 Anna Khaitovich <akhaitov@redhat.com> - 1.6.6-4

- Fix amplifying an incoming query into a large number of queries directed to a target
- Resolves: rhbz#1839172 (CVE-2020-12662), rhbz#1840258 (CVE-2020-12663)

Tue Dec 03 2019 Petr Menšík <pemensik@redhat.com> - 1.6.6-3
```
- Lower CPU usage on slow log I/O (#1775706)
```

Thu Jul 25 2019 Martin Osvald <mosvald@redhat.com> - 1.6.6-2

- Do not search for DNSSEC info when domain-insecure is set
  for stub zone (#1678550)
- Remove KSK-2010 from configuration files - it has been revoked (#1665503)

Wed Oct 11 2017 Petr Menšík <pemensik@redhat.com> - 1.6.6-1

- Rebase to 1.6.6
- Enable RFC 8145 Trust Anchor Signaling to help the root zone get keytag statistics
- Enable ipsecmod support

Sun Sep 17 2017 Petr Menšík <pemensik@redhat.com> - 1.6.3-3
```
- Update project website and ICANN key
```
Wed Aug 30 2017 Petr Menšík <pemensik@redhat.com> - 1.6.3-2
```
- Install unbound-event.h
```
Fri Aug 18 2017 Petr Menšík <pemensik@redhat.com> - 1.6.3-1
```
- Rebase to 1.6.3
```
Fri Jun 02 2017 Petr Menšík <pemensik@redhat.com> - 1.4.20-34
```
- Make merge of updated database more safe
```
Wed May 24 2017 Petr Menšík <pemensik@redhat.com> - 1.4.20-33
```
- Update also built-in digest in unbound-anchor
```

Wed May 24 2017 Petr Menšík <pemensik@redhat.com> - 1.4.20-32

- Update trust anchors (#1452636)
- Update managed keys from trigger

Mon Mar 27 2017 Tomas Hozza <thozza@redhat.com> - 1.4.20-31
```
- Run internal test suite during build (#1383722)
```

Thu Feb 02 2017 Tomas Hozza <thozza@redhat.com> - 1.4.20-30

- Added cache-max-negative-ttl option to the default configuration file (#1382383)

Tue Oct 11 2016 Tomas Hozza <thozza@redhat.com> - 1.4.20-29
```
- Added cache-max-negative-ttl option (#1382383)
```
Fri May 20 2016 Pavel Šimerda <psimerda@redhat.com> - 1.4.20-28
```
- Related: #1245250 - depend on the right ldns version
```
Thu May 19 2016 Pavel Šimerda <psimerda@redhat.com> - 1.4.20-27
```
- Resolves: #1245250 - enable ecdsa
```

Tue Sep 22 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-26

- Added Conficts on redhat-release packages without unbound-anchor.timer in presets (Related #1215645)

Tue Sep 15 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-25

- Resolve ordering loop with nss-lookup.target and ntpdate (#1259806)

Wed Aug 19 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-24
```
- Fix CVE-2014-8602 (#1253961)
```

Tue May 26 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-23

- Removed usage of DLV from the default configuration (#1223339)

Wed May 13 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-22

- unbound.service now Wants unbound-anchor.timer (Related: #1180267)

Tue May 12 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-21

- Fix dependencies and minor scriptlet issues due to systemd timer unit (Related: #1180267)

Mon Apr 27 2015 Tomas Hozza <thozza@redhat.com> - 1.4.20-20

- Install tmpfiles configuration into /usr/lib/tmpfiles.d (#1180995)
- Fix root key management to comply to RFC5011 (#1180267)

Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.4.20-19
```
- Mass rebuild 2014-01-24
```
Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.4.20-18
```
- Mass rebuild 2013-12-27
```
Wed Sep 04 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-17
```
- Don't build unbound-munin package (#1002874)
```
Mon Aug 26 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-16
```
- Fix errors found by static analysis of source
```
Mon Jul 22 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-15
```
- provide man page for unbound-streamtcp
```

Wed Jul 03 2013 Tomas Hozza <thozza@redhat.com> - 1.4.20-14

- remove missing unbound-rootkey.service from post/preun/postun sections
- don't hardcode hardening flags, let hardened build macro handles it

Sat Jun 01 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-13
```
- Run unbound-anchor as user unbound in unbound.service
```

Tue May 28 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-12

- Enable round-robin (with noths() patch)
- Change cron and systemd service to use root.key, not root.anchor

Sat May 25 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-10

- Use /var/lib/unbound/root.key (more consistent with other distros)
- Enable minimal responses

Mon Apr 22 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-8
```
- Refix
```
Fri Apr 19 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-7
```
- Fix runuser call in post.
```

Tue Apr 16 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-6

- /var/lib/unbound should be owned by unbound. group write is not enough

Fri Apr 12 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-5

- Fix cron job syntax (rhbz#951725)
- Use install -p to prevent .rpmnew files that are identical to originals

Mon Apr 08 2013 Paul Wouters <pwouters@redhat.com> - 1.4.20-4

- Updated to 1.4.20
- Build with full RELRO (not use -z,relro but with -z,relo,-z,now)
- Fixup man page for unbound-control-setup
- unbound.service should start before nss-lookup.target (rhbz#919955)
- Removed patch for rhbz#888759 merged in upstream
- Move root.anchor to /var/lib/unbound to make selinux policy easier for updating (rhbz#896599/rhbz#891008)
- Move cronjob for root.anchor from unbound to unbound-libs, require crontabs
- /etc/unbound (and all) should be owned by unbound-libs (rhbz#909691)
- Remove Obsolete/Provides for dnssec-conf which was last seen in f13
- Ensure any unbound-anchor failure in post is ignored

Tue Mar 05 2013 Adam Tkac <atkac redhat com> - 1.4.19-5

- build with full RELRO
- symlink unbound-control-setup.8 manpage to unbound-control.8

Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.19-4
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
```

Wed Dec 12 2012 Paul Wouters <pwouters@redhat.com> - 1.4.19-3

- Updated to 1.4.19 - this integrates all existing patches
- Patch for unbound-anchor (rhbz#888759)

Fri Nov 09 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-6

- Patch to ensure stube-zone's aren't lost when using dnssec-triggerd
- added unbound-munin.README file

Wed Sep 26 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-5

- Patch to allow wildcards in include: statements
- Add directories /etc/unbound/keys.d,conf.d,local.d with
  example entries
- Added /etc/unbound/root.anchor, maintained by unbound-anchor
  which is installed as monthly cron and PreExec in systemd config
  (root.key is unused, but left installed in case people depend on it)
- Native systemd (simple) and /etc/sysconfig/unbound support
- Run unbound-checkconf in PreExec
- Moved trust anchor related files to unbound-libs, as they can
  be used without the daemon.
- sub packages now depends on base package of same arch
- Build munin package as noarch
- unbound-anchor moved to unbound-libs package. It is needed
  to update the root.anchor key file.

Tue Sep 04 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-3
```
- Fix openssl thread locking bug under high query load
```

Thu Aug 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-2

- Use new systemd-rpm macros (rhbz#850351)
- Clean up old obsoleted dnssec-conf from < fedora 15

Fri Aug 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.18-1

- Updated to 1.4.18 (FIPS related fixes mostly)
- Removed patches that were merged in upstream
- Added comment to root.key

Mon Jul 23 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-5

- Fix for unbound crasher (upstream bug #452)
- Support libunbound functions in man pages and place in -devel

Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.17-4
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
```
Tue Jul 03 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-3
```
- unbound FIPS patches for MD5,randomness (rhbz#835106)
```
Fri Jun 15 2012 Adam Tkac <atkac redhat com> - 1.4.17-2
```
- don't build unbound-munin on RHEL
```

Thu May 24 2012 Paul Wouters <pwouters@redhat.com> - 1.4.17-1

- Updated to 1.4.17 (which mostly brings in patches we already
  applied from svn trunk)

Wed Feb 29 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-3

- Since the daemon links to the libs staticly, add Requires:
  (this is rhbz#745288)
- Package up streamtcp as unbound-streamtcp (for monitoring)

Mon Feb 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.16-2

- Don't ghost the directory (rhbz#788805)
- Patch for unbound to support unbound-control forward_zone
  (needed for openswan in XAUTH mode)

Thu Feb 02 2012 Paul Wouters <paul@nohats.ca> - 1.4.16-1

- Upgraded to 1.4.16, which was relesed due to the soname
  and some DNSSEC validation failures

Wed Feb 01 2012 Paul Wouters <paul@nohats.ca> - 1.4.15-2

- Patch for SONAME version (libtool's -version-number vs -version-info)

Fri Jan 27 2012 Paul Wouters <pwouters@redhat.com> - 1.4.15-1

- Upgraded to 1.4.15
- Updated unbound.conf to show how to configure listening on tls443

Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.14-2
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
```

Mon Dec 19 2011 Paul Wouters <paul@cypherpunks.ca> - 1.4.14-1

- Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659
- SSL-wrapped query support for dnssec-trigger
- EDNS handling changes
- Removed integrated EDNS patches
- Disabled use-caps-for-id, GoDaddy domains now break on it
- Enabled new harden-below-nxdomain

Thu Sep 15 2011 Paul Wouters <paul@xelerance.com> - 1.4.13-1

- Upgraded to 1.4.13
- Removed merged in pythonmod patch
- Added EDNS1480 patch to fix unbound on broken EDNS/UDP networks
- Fix python to go into sitearch instead of sitelib

Wed Sep 14 2011 Tom Callaway <spot@fedoraproject.org> - 1.4.12-4
```
- convert to systemd, tmpfiles.d
```
Mon Aug 08 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-3
```
- Added pythonmod docs and examples
```

Mon Aug 08 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-2

- Fix for python module load in the server (Tom Hendrikx)
- No longer enable --enable-debug as it causes degraded  performance
  under load.

Mon Jul 18 2011 Paul Wouters <paul@xelerance.com> - 1.4.12-1
```
- Updated to 1.4.12
```

Sun Jul 03 2011 Paul Wouters <paul@xelerance.com> - 1.4.11-1

- Updated to 1.4.11
- removed integrated CVE patch
- updated stock unbound.conf for new options introduced

Mon Jun 06 2011 Paul Wouters <paul@xelerance.com> - 1.4.10-1
```
- Added ghost for /var/run/unbound (bz#656710)
```
Mon Jun 06 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-3
```
- rebuilt
```
Wed May 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-2
```
- Applied patch for CVE-2011-1922 DoS vulnerability
```
Sun Mar 27 2011 Paul Wouters <paul@xelerance.com> - 1.4.9-1
```
- Updated to 1.4.9
```
Sat Feb 12 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-2
```
- rebuilt
```

Tue Jan 25 2011 Paul Wouters <paul@xelerance.com> - 1.4.8-1

- Updated to 1.4.8
- Enable root key for DNSSEC
- Fix unbound-munin to use proper file (could cause excessive logging)
- Build unbound-python per default
- Disable gost as Fedora/EPEL does not allow ECC and has mangled openssl

Tue Oct 26 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-4
```
- Revert last build - it was on the wrong branch
```

Tue Oct 26 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-3

- Disable do-ipv6 per default - causes severe degradation on non-ipv6 machines
  (see comments in inbound.conf)

Tue Jun 15 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-2
```
- Bump release - forgot to upload the new tar ball.
```
Tue Jun 15 2010 Paul Wouters <paul@xelerance.com> - 1.4.5-1
```
- Upgraded to 1.4.5
```
Mon May 31 2010 Paul Wouters <paul@xelerance.com> - 1.4.4-2
```
- Added accidentally omitted svn patches to cvs
```

Mon May 31 2010 Paul Wouters <paul@xelerance.com> - 1.4.4-1

- Upgraded to 1.4.4 with svn patches
- Obsolete dnssec-conf to ensure it is de-installed

Thu Mar 11 2010 Paul Wouters <paul@xelerance.com> - 1.4.3-1
```
- Update to 1.4.3 that fixes 64bit crasher
```

Tue Mar 09 2010 Paul Wouters <paul@xelerance.com> - 1.4.2-1

- Updated to 1.4.2 
- Updated unbound.conf with new options
- Enabled pre-fetching DNSKEY records (DNSSEC speedup)
- Enabled re-fetching popular records before they expire
- Enabled logging of DNSSEC validation errors

Mon Mar 01 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-5

- Overriding -D_GNU_SOURCE is no longer needed. This fixes DSO issues
  with pthreads

Wed Feb 24 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-3

- Change make/configure lines to attempt to fix -lphtread linking issue

Thu Feb 18 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-2

- Removed dependancy for dnssec-conf
- Added ISC DLV key (formerly in dnssec-conf)
- Fixup old DLV locations in unbound.conf file via %post
- Fix parent child disagreement handling and no-ipv6 present [svn r1953]

Tue Jan 05 2010 Paul Wouters <paul@xelerance.com> - 1.4.1-1
```
- Updated to 1.4.1
- Changed %define to %global
```
Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-2
```
- Bump version
```

Thu Oct 08 2009 Paul Wouters <paul@xelerance.com> - 1.3.4-1

- Upgraded to 1.3.4. Security fix with validating NSEC3 records

Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.3.3-2
```
- rebuilt with new openssl
```
Mon Aug 17 2009 Paul Wouters <paul@xelerance.com> - 1.3.3-1
```
- Updated to 1.3.3
```
Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.0-3
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
```

Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-2

- Added missing glob patch to cvs
- Place python macros within the %with_python check

Sat Jun 20 2009 Paul Wouters <paul@xelerance.com> - 1.3.0-1

- Updated to 1.3.0
- Added unbound-python sub package. disabled for now
- Patch from svn to fix DLV lookups
- Patches from svn to detect wrong truncated response from BIND 9.6.1 with
  minimal-responses)
- Added Default-Start and Default-Stop to unbound.init
- Re-enabled --enable-sha2
- Re-enabled glob.patch

Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-7
```
- unbound-iterator.patch was not commited
```

Wed May 20 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-6

- Fix for https://bugzilla.redhat.com/show_bug.cgi?id=499793

Tue Mar 17 2009 Paul Wouters <paul@xelerance.com> - 1.2.1-5

- Use --nocheck to avoid giving an error on missing unbound-remote certs/keys

Tue Mar 10 2009 Adam Tkac <atkac redhat com> - 1.2.1-4

- enable DNSSEC only if it is enabled in sysconfig/dnssec

Mon Mar 09 2009 Adam Tkac <atkac redhat com> - 1.2.1-3

- add DNSSEC support to initscript and enabled it per default
- add requires dnssec-conf

Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-2
```
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
```
Tue Feb 10 2009 Paul Wouters <paul@xelerance.com - 1.2.1-1
```
- updated to 1.2.1
```
Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.0-2
```
- rebuild with new openssl
```

Wed Jan 14 2009 Paul Wouters <paul@xelerance.com - 1.2.0-1

- Updated to 1.2.0
- Added dependancy on minimum SSL for CVE-2008-5077
- Added dependancy on bc for unbound-munin
- Added minimum requirement of libevent 1.4.5. Crashes with older versions
  (note: libevent is stale in EL-4 and not in EL-5, needs fixing there)
- Removed dependancy on selinux-policy (will get used when available)
- Enable options as per draft-wijngaards-dnsext-resolver-side-mitigation-00.txt
- Enable unwanted-reply-threshold to mitigate against a Kaminsky attack
- Enable val-clean-additional to drop addition unsigned data from signed
  response.
- Removed patches (got merged into upstream)

Mon Jan 05 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-7

- Modified scandir patch to silently fail when wildcard matches nothing
- Patch to allow unbound-checkconf to find empty wildcard matches

Mon Jan 05 2009 Paul Wouters <paul@xelerance.com> - 1.1.1-6

- Added scandir patch for trusted-keys-file: option, which
  is used to load multiple dnssec keys in bind file format

Mon Dec 08 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-4

- Added Requires: for selinux-policy >= 3.5.13-33 for proper SElinux rules.

Mon Dec 01 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-3

- We did not own the /etc/unbound directory (#474020)
- Fixed cvs anomalies

Fri Nov 28 2008 Adam Tkac <atkac redhat com> - 1.1.1-2

- removed all obsolete chroot related stuff
- label control certs after generation correctly

Thu Nov 20 2008 Paul Wouters <paul@xelerance.com> - 1.1.1-1

- Updated to unbound 1.1.1 which fixes a crasher and
  addresses nlnetlabs bug #219

Wed Nov 19 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-3

- Remove the chroot, obsoleted by SElinux
- Add additional munin plugin links supported by unbound plugin
- Move configuration directory from /var/lib/unbound to /etc/unbound
- Modified unbound.init and unbound.conf to account for chroot changes
- Updated unbound.conf with new available options
- Enabled dns-0x20 protection per default

Wed Nov 19 2008 Adam Tkac <atkac redhat com> - 1.1.0-2

- unbound-1.1.0-log_open.patch
  - make sure log is opened before chroot call
  - tracked as http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=219
- removed /dev/log and /var/run/unbound and /etc/resolv.conf from
  chroot, not needed
- don't mount files in chroot, it causes problems during updates
- fixed typo in default config file

Fri Nov 14 2008 Paul Wouters <paul@xelerance.com> - 1.1.0-1

- Updated to version 1.1.0
- Updated unbound.conf's statistics options and remote-control
  to work properly for munin
- Added unbound-munin package
- Generate unbound remote-control  key/certs on first startup
- Required ldns is now 1.4.0

Wed Oct 22 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-5

- Only call ldconfig in -libs package
- Move configure into build section
- devel subpackage should only depend on libs subpackage

Tue Oct 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-4

- Fix CFLAGS getting lost in build
- Don't enable interface-automatic:yes because that
  causes unbound to listen on 0.0.0.0 instead of 127.0.0.1

Sun Oct 19 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-3
```
- Split off unbound-libs, make build verbose
```
Thu Oct 09 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-2
```
- FSB compliance, chroot fixes, initscript fixes
```
Thu Sep 11 2008 Paul Wouters <paul@xelerance.com> - 1.0.2-1
```
- Upgraded to 1.0.2
```
Wed Jul 16 2008 Paul Wouters <paul@xelerance.com> - 1.0.1-1
```
- upgraded to new release
```
Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-2
```
- Build against ldns-1.3.0
```

Wed May 21 2008 Paul Wouters <paul@xelerance.com> - 1.0.0-1

- Split of -devel package, fixed dependancies, make rpmlint happy

Fri Apr 25 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.12

- Using parts from ports collection entry by Jaap Akkerhuis.
- Using Fedoraproject wiki guidelines.

Wed Apr 23 2008 Wouter Wijngaards <wouter@nlnetlabs.nl> - 0.11
```
- Initial version.
```