-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-aecc7c321e 2024-11-25 01:54:56.122783+00:00 -------------------------------------------------------------------------------- Name : unbound Product : Fedora 41 Version : 1.22.0 Release : 8.fc41 URL : https://nlnetlabs.nl/projects/unbound/ Summary : Validating, recursive, and caching DNS(SEC) resolver Description : Unbound is a validating, recursive, and caching DNS(SEC) resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modular components, so that also DNSSEC (secure DNS) validation and stub-resolvers (that do not run as a server, but are linked into an application) are easily possible. -------------------------------------------------------------------------------- Update Information: Update to 1.22 Upstream ChangeLog Add iter-scrub-ns, iter-scrub-cname and max-global-quota configuration options. DNS over QUIC is not yet enabled, missing ngtcp2 dependency Enabled SHA1 during build. Added custom openssl configuration that enables validation of SHA1 signatures. Used by unbound tests to pass with SHA1 enabled, when default crypto-policy does not allow it. Uncomment OPENSSL_CONF in /etc/sysconfig/unbound to activate it. Disabled automatic fetching of root zone copy. Provided two new separate files: unbound-as112-networks.conf -- includes helpers for working with local network resolver, providing also private domains and addresses resolution. Create symlink into /etc/unbound/conf.d/ to activate it. unbound-local-root.conf -- the same root zone copy as before, but need to be activated explicitly. Helps with saving queries forwarded to upstream resolvers, but may prevent simple forwarding to local private top level domains, like .home or .lan. More bug fixes -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 21 2024 Petr MenÅ¡Ãk <pemensik@xxxxxxxxxx> - 1.22.0-8 - Fix real regression detected by unbound-localhost test * Fri Nov 15 2024 Petr MenÅ¡Ãk <pemensik@xxxxxxxxxx> - 1.22.0-7 - Move defaults to separate configuration file * Fri Nov 15 2024 Petr MenÅ¡Ãk <pemensik@xxxxxxxxxx> - 1.22.0-6 - Move remote-control configuration to vendor directory * Fri Nov 15 2024 Petr MenÅ¡Ãk <pemensik@xxxxxxxxxx> - 1.22.0-5 - Deactivate automatic root zone fetching (rhbz#2322697) * Fri Nov 15 2024 Petr MenÅ¡Ãk <pemensik@xxxxxxxxxx> - 1.22.0-4 - Enable SHA1 during tests to pass build with enabled SHA1 (rhbz#2255591) * Fri Nov 15 2024 Petr MenÅ¡Ãk <pemensik@xxxxxxxxxx> - 1.22.0-3 - Make separate configuration * Tue Nov 5 2024 Yaakov Selkowitz <yselkowi@xxxxxxxxxx> - 1.22.0-2 - Disable redis in RHEL builds * Thu Oct 17 2024 Paul Wouters <paul.wouters@xxxxxxxx> - 1.22.0-1 - Update to 1.22.0 (rbhz#2319347) * Mon Oct 7 2024 Paul Wouters <paul.wouters@xxxxxxxx> - 1.21.1-2 - enable hiredis (using valkey) by default -------------------------------------------------------------------------------- References: [ 1 ] Bug #2255591 - DNSSEC validation failure with FUTURE crypto-policies with RSASHA1-NSEC3-SHA1 algorithm https://bugzilla.redhat.com/show_bug.cgi?id=2255591 [ 2 ] Bug #2319347 - unbound-1.22.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2319347 [ 3 ] Bug #2322697 - Make possible disabling retrieval of root zone without change of configuration file https://bugzilla.redhat.com/show_bug.cgi?id=2322697 [ 4 ] Bug #2325389 - Upgrading to Fedora 41 causes unbound to be downgraded https://bugzilla.redhat.com/show_bug.cgi?id=2325389 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-aecc7c321e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
-- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
