Accepting request 1159844 from server:dns

Update to 1.19.3

OBS-URL: https://build.opensuse.org/request/show/1159844
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/unbound?expand=0&rev=66

libunbound-devel-mini.changes

@@ -1,3 +1,83 @@
+-------------------------------------------------------------------
+Wed Mar 20 13:09:17 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to 1.19.3:
+  * Features:
+    - Merge PR #973: Use the origin (DNAME) TTL for synthesized
+      CNAMEs as per RFC 6672.
+  * Bug Fixes
+    - Fix unit test parse of origin syntax.
+    - Use 127.0.0.1 explicitly in tests to avoid delays and errors
+      on newer systems.
+    - Fix #964: config.h.in~ backup file in release tar balls.
+    - Merge #968: Replace the obsolescent fgrep with grep -F in
+      tests.
+    - Merge #971: fix 'WARNING: Message has 41 extra bytes at end'.
+    - Fix #969: [FR] distinguish Do53, DoT and DoH in the logs.
+    - Fix dnstap that assertion failed on logging other than UDP
+      and TCP traffic. It lists it as TCP traffic.
+    - Fix to sync the tests script file common.sh.
+    - iana portlist update.
+    - Updated IPv4 and IPv6 address for b.root-servers.net in root
+      hints.
+    - Update test script file common.sh.
+    - Fix tests to use new common.sh functions, wait_logfile and
+      kill_from_pidfile.
+    - Fix #974: doc: default number of outgoing ports without
+      libevent.
+    - Merge #975: Fixed some syntax errors in rpl files.
+    - Fix root_zonemd unit test, it checks that the root ZONEMD
+      verifies, now that the root has a valid ZONEMD.
+    - Update example.conf with cookie options.
+    - Merge #980: DoH: reject non-h2 early. To fix #979: Improve
+      errors for non-HTTP/2 DoH clients.
+    - Merge #985: Add DoH and DoT to dnstap message.
+    - Fix #983: Sha1 runtime insecure change was incomplete.
+    - Remove unneeded newlines and improve indentation in remote
+      control code.
+    - Merge #987: skip edns frag retry if advertised udp payload
+      size is not smaller.
+    - Fix unit test for #987 change in udp1xxx retry packet send.
+    - Merge #988: Fix NLnetLabs#981: dump_cache truncates large
+      records.
+    - Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows.
+    - Fix to link with libssp for libcrypto and getaddrinfo check
+      for only header. Also update crosscompile to remove ssp for
+      32bit.
+    - Merge #993: Update b.root-servers.net also in example config
+      file.
+    - Update workflow for ports to use newer openssl on windows
+      compile.
+    - Fix warning for windres on resource files due to
+      redefinition.
+    - Fix for #997: Print details for SSL certificate failure.
+    - Update error printout for duplicate trust anchors to include
+      the trust anchor name (relates to #920).
+    - Update message TTL when using cached RRSETs. It could result
+      in non-expired messages with expired RRSETs (non-usable
+      messages by Unbound).
+    - Merge #999: Search for protobuf-c with pkg-config.
+    - Fix #1006: Can't find protobuf-c package since #999.
+    - Fix documentation for access-control in the unbound.conf man
+      page.
+    - Merge #1010: Mention REFUSED has the TC bit set with
+      unmatched allow_cookie acl in the manpage. It also fixes the
+      code to match the documentation about clients with a valid
+      cookie that bypass the ratelimit regardless of the
+      allow_cookie acl.
+    - Document the suspend argument for process_ds_response().
+    - Move github workflows to use checkoutv4.
+    - Fix edns subnet replies for scope zero answers to not get
+      stored in the global cache, and in cachedb, when the upstream
+      replies without an EDNS record.
+    - Fix for #1022: Fix ede prohibited in access control refused
+      answers.
+    - Fix unbound-control-setup.cmd to use 3072 bits so that
+      certificates are long enough for newer OpenSSL versions.
+    - Fix TTL of synthesized CNAME when a DNAME is used from cache.
+    - Fix unbound-control-setup.cmd to have CA v3 basicConstraints,
+      like unbound-control-setup.sh has.
+
 -------------------------------------------------------------------
 Fri Mar  8 10:15:41 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
 

libunbound-devel-mini.spec

@@ -22,7 +22,7 @@
 %bcond_without hardened_build
 #
 Name:           libunbound-devel-mini
-Version:        1.19.2
+Version:        1.19.3
 #!BcntSyncTag: unbound
 Release:        0
 Summary:        Just a devel package for build loops

unbound-1.19.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cc560d345734226c1b39e71a769797e7fdde2265cbb77ebce542704bba489e55
-size 6340281

unbound-1.19.2.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE7fqj8spObrBWga+On28cLX4EX40FAmXpd8QACgkQn28cLX4E
-X42QJg//ebCixy+Ccth8Kh3o7f3ADZH3SP78aHhMVsQ2P+X/y5vWMrUUuaCnn4Kp
-PVMgI+BGB/imZ9SBrhhGOgjL6/AVFTHWqGBQrCqEholC2mLoxu6pUVRCa6WMkB2M
-z+xHVnacRd6tQ2Am6i+9pGXmu4Ztpz3tQK+GuMuwHoiR5Gy/QAoanjZaGRgtCpVs
-sqxDZUjWL2/jQedDjAqNYhZITYrxFXa6pxPnDpmRoX2sRD0Uc0XFT9Rvx8mnaLzO
-9eeDLfF6zcq70A4I0jrpG9ro7RJ7k71/7FcuTdfvbhlOsP9cRINspNcx9hfAkfV3
-qYCBgR1Nvx8rSRSJp4xCoBSzVLMMNDKfWQw+/APqhWQ/yIm5xfjFv+vvksY7PQjd
-H89JS3YAkUTtgDI/vNb+gnBX2ma4c9AYjiuK9raoL85h2rv0MXIcaC5cCR8DQOIg
-h9poHosfpvLyKNDDc/epYYQ1IfRX4oydH4rXhT8STapahsbDPtt0HlXsD0icCfFC
-YHbLpZ1qXhjSqR+/gSvTDJ8WiB389LbSPTlkMY6Euv/Im3UdHDFMJgnwD9eQ4i0V
-fa+6Bh35gxPz50UKwOkcLYUs+bEX3QzQK8/hYzxkJi5VoQH1ZlmEEk5eZEMv0ASj
-0/zHQAlWyicNK5Y+0OkVdw14r3x/794K2DRJcF2iW9ZS2Q7YP2s=
-=mNud
------END PGP SIGNATURE-----

unbound-1.19.3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3ae322be7dc2f831603e4b0391435533ad5861c2322e34a76006a9fb65eb56b9
+size 6338685

unbound-1.19.3.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEE7fqj8spObrBWga+On28cLX4EX40FAmXysfMACgkQn28cLX4E
+X43UFA//SBjFacBm6r+CiHpUfegwu4I5NE9bde71TSPhGJnz7KBb7bLZxZozHxs+
+z1f0mYlnTg395gu8+JY0iU5HGwkRdaF4DJJz2++39PYtZMg+FG3Jqtz8IPW1JjfY
+frAVMDMQhWslnm8UfOR4mLxkXWk6EOOBek8ibN6bvLbuY8KNQM5G4fpATJ9aYUMi
+3TWOzuMpAz0yk6oIr1KaKPSgEdlzFQadGOMPOpdg1AYM9DftQMFiiCuhpKnkilm6
+IIwFg4IXszYpgaR6UieMMOrs1ppu+F/E1LBiSTRGo6ia28LQC7V+aXfHZQnqXQpl
+MOrnCTf9qCBy3cWi9KGJd22o2Ir7mkZ59908TfBVlqfmenSkLBv1pTtaJGANbtnJ
+B4cKRG/YMtEO4OWrDJtni1nwm/V066Yv1kzPBVE6XkjrjdZu0tjJYgE2Jzsnnvbv
+Q/XPxJFqIBIB3OsBnEKwSv+NudlOXzQoJMbQUWU8Noh55nY/hbULqSNbO/kR2PCh
+j3DsAgd8nI3BjljKc4Td7Iz9+tZE77cfwGD01UmgloA3BpWD767LriiDXkea5jy4
+mos62pqXD8Ndam9APUr6ugL3KUOXBR6bU2EPG3U9Dm3Qbky8jpwp9lTrR+0M13Dq
+whIt28Kc/h+W0wjI5wAJiTTfeitFeEoR0qtaZJpMZSGsuO/nLFQ=
+=Vz2k
+-----END PGP SIGNATURE-----

unbound.changes

@@ -1,3 +1,83 @@
+-------------------------------------------------------------------
+Wed Mar 20 13:09:17 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
+
+- Update to 1.19.3:
+  * Features:
+    - Merge PR #973: Use the origin (DNAME) TTL for synthesized
+      CNAMEs as per RFC 6672.
+  * Bug Fixes
+    - Fix unit test parse of origin syntax.
+    - Use 127.0.0.1 explicitly in tests to avoid delays and errors
+      on newer systems.
+    - Fix #964: config.h.in~ backup file in release tar balls.
+    - Merge #968: Replace the obsolescent fgrep with grep -F in
+      tests.
+    - Merge #971: fix 'WARNING: Message has 41 extra bytes at end'.
+    - Fix #969: [FR] distinguish Do53, DoT and DoH in the logs.
+    - Fix dnstap that assertion failed on logging other than UDP
+      and TCP traffic. It lists it as TCP traffic.
+    - Fix to sync the tests script file common.sh.
+    - iana portlist update.
+    - Updated IPv4 and IPv6 address for b.root-servers.net in root
+      hints.
+    - Update test script file common.sh.
+    - Fix tests to use new common.sh functions, wait_logfile and
+      kill_from_pidfile.
+    - Fix #974: doc: default number of outgoing ports without
+      libevent.
+    - Merge #975: Fixed some syntax errors in rpl files.
+    - Fix root_zonemd unit test, it checks that the root ZONEMD
+      verifies, now that the root has a valid ZONEMD.
+    - Update example.conf with cookie options.
+    - Merge #980: DoH: reject non-h2 early. To fix #979: Improve
+      errors for non-HTTP/2 DoH clients.
+    - Merge #985: Add DoH and DoT to dnstap message.
+    - Fix #983: Sha1 runtime insecure change was incomplete.
+    - Remove unneeded newlines and improve indentation in remote
+      control code.
+    - Merge #987: skip edns frag retry if advertised udp payload
+      size is not smaller.
+    - Fix unit test for #987 change in udp1xxx retry packet send.
+    - Merge #988: Fix NLnetLabs#981: dump_cache truncates large
+      records.
+    - Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows.
+    - Fix to link with libssp for libcrypto and getaddrinfo check
+      for only header. Also update crosscompile to remove ssp for
+      32bit.
+    - Merge #993: Update b.root-servers.net also in example config
+      file.
+    - Update workflow for ports to use newer openssl on windows
+      compile.
+    - Fix warning for windres on resource files due to
+      redefinition.
+    - Fix for #997: Print details for SSL certificate failure.
+    - Update error printout for duplicate trust anchors to include
+      the trust anchor name (relates to #920).
+    - Update message TTL when using cached RRSETs. It could result
+      in non-expired messages with expired RRSETs (non-usable
+      messages by Unbound).
+    - Merge #999: Search for protobuf-c with pkg-config.
+    - Fix #1006: Can't find protobuf-c package since #999.
+    - Fix documentation for access-control in the unbound.conf man
+      page.
+    - Merge #1010: Mention REFUSED has the TC bit set with
+      unmatched allow_cookie acl in the manpage. It also fixes the
+      code to match the documentation about clients with a valid
+      cookie that bypass the ratelimit regardless of the
+      allow_cookie acl.
+    - Document the suspend argument for process_ds_response().
+    - Move github workflows to use checkoutv4.
+    - Fix edns subnet replies for scope zero answers to not get
+      stored in the global cache, and in cachedb, when the upstream
+      replies without an EDNS record.
+    - Fix for #1022: Fix ede prohibited in access control refused
+      answers.
+    - Fix unbound-control-setup.cmd to use 3072 bits so that
+      certificates are long enough for newer OpenSSL versions.
+    - Fix TTL of synthesized CNAME when a DNAME is used from cache.
+    - Fix unbound-control-setup.cmd to have CA v3 basicConstraints,
+      like unbound-control-setup.sh has.
+
 -------------------------------------------------------------------
 Fri Mar  8 10:12:30 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
 

unbound.spec

@@ -33,7 +33,7 @@
 %define piddir /run
 
 Name:           unbound
-Version:        1.19.2
+Version:        1.19.3
 Release:        0
 BuildRequires:  flex
 BuildRequires:  ldns-devel >= %{ldns_version}