From 1b7e9529ed57c72463de609458f2f471121b733835e1c9e1fe875c02d6895998 Mon Sep 17 00:00:00 2001 From: Marguerite Su Date: Tue, 18 Sep 2018 05:58:24 +0000 Subject: [PATCH] Accepting request 636218 from home:stroeder:branches:server:dns - update to 1.8.0: Number of bug fixes, a list of features added and some defaults changed. OBS-URL: https://build.opensuse.org/request/show/636218 OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=84 --- libunbound-devel-mini.changes | 153 ++++++++++++++++++++++++++++++++++ libunbound-devel-mini.spec | 4 +- unbound-1.7.3.tar.gz | 3 - unbound-1.8.0.tar.gz | 3 + unbound.changes | 153 ++++++++++++++++++++++++++++++++++ unbound.spec | 2 +- 6 files changed, 312 insertions(+), 6 deletions(-) delete mode 100644 unbound-1.7.3.tar.gz create mode 100644 unbound-1.8.0.tar.gz diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes index b55d248..ba8fd7a 100644 --- a/libunbound-devel-mini.changes +++ b/libunbound-devel-mini.changes @@ -1,3 +1,156 @@ +------------------------------------------------------------------- +Thu Sep 17 17:00:00 UTC 2018 - michael@stroeder.com + +- update to 1.8.0: + Number of bug fixes, a list of features added and some defaults changed. + +Features +- unbound-control auth_zone_reload _zone_ option rereads the zonefile. +- unbound-control auth_zone_transfer _zone_ option starts the probe + sequence for a master to transfer the zone from and transfers when + a new zone version is available. +- num.queries.tls counter for queries over TLS. +- log port number with err_addr logs. +- dns64-ignore-aaaa: config option to list domain names for which the + existing AAAA is ignored and dns64 processing is used on the A + record. +- Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass + if DNSSEC is not enabled. New option -R allows fallback from + resolv.conf to direct queries. +- Note RFC8162 support. SMIMEA record type can be read in by the + zone record parser. +- Patches from Jim Hague (Sinodun) for EDNS KeepAlive. +- Add config tcp-idle-timeout (default 30s). This applies to + client connections only; the timeout on TCP connections upstream + is unaffected. +- Add edns-tcp-keepalive and edns-tcp-keepalive timeout options + and implement option in client responses. +- Add delay parameter to streamtcp, -d secs. + To be used when testing idle timeout. +- Expose if a query (or a subquery) was ratelimited (not src IP + ratelimiting) to libunbound under 'ub_result.was_ratelimited'. + This also introduces a change to 'ub_event_callback_type' in + libunbound/unbound-event.h. +- Patch to implement tcp-connection-limit from Jim Hague (Sinodun). + This limits the number of simultaneous TCP client connections + from a nominated netblock. +- Fix #4142: unbound.service.in: improvements and fixes. + Add unit dependency ordering (based on systemd-resolved). + Add 'CAP_SYS_RESOURCE' to 'CapabilityBoundingSet' (fixes warnings + about missing privileges during startup). Add 'AF_INET6' to + 'RestrictAddressFamilies' (without it IPV6 can't work). From + Guido Shanahan. +- unbound-checkconf checks if modules exist and prints if they are + not compiled in the name of the wrong module. +- Patch for stub-no-cache and forward-no-cache options that disable + caching for the contents of that stub or forward, for when you + want immediate changes visible, from Bjoern A. Zeeb. +- Upgraded crosscompile script to include libunbound DLL in the + zipfile. +- Set libunbound to increase current, because the libunbound change + to the event callback function signature. That needs programs, + that use it, to recompile against the new header definition. +- log-servfail: yes prints log lines that say why queries are + returning SERVFAIL to clients. +- log-local-actions: yes option for unbound.conf that logs all the + local zone actions, a patch from Saksham Manchanda (Secure64). +- #4146: num.query.subnet and num.query.subnet_cache counters. +- #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This + gives access to reply information for the client's communication + point when the callback is called before the mesh state (modules). + Changes to C and Python's inplace_callback signatures were also + necessary. +- Set defaults to yes for a number of options to increase speed and + resilience of the server. The so-reuseport, harden-below-nxdomain, + and minimal-responses options are enabled by default. They used + to be disabled by default, waiting to make sure they worked. They + are enabled by default now, and can be disabled explicitly by + setting them to "no" in the unbound.conf config file. The reuseport + and minimal options increases speed of the server, and should be + otherwise harmless. The harden-below-nxdomain option works well + together with the recently default enabled qname minimisation, this + causes more fetches to use information from the cache. +- Added serve-expired-ttl and serve-expired-ttl-reset options. + +Bug Fixes +- Windows example service.conf edited with more windows specific + configuration. +- #4108: systemd reload hang fix. +- Fix usage printout for unbound-host, hostname has to be last + argument on BSDs and Windows. +- Partial fix for permission denied on IPv6 address on FreeBSD. +- Fix that auth-zone master reply with current SOA serial does not + stop scan of masters for an updated zone. +- Fix that auth-zone does not start the wait timer without checking + if the wait timer has already been started. +- #4109: Fix that package config depends on python unconditionally. +- Patch, do not export python from pkg-config, from Petr Menšík. +- Fix checking for libhiredis printout in configure output. +- Fix typo on man page in ip-address description. +- Update libunbound/python/examples/dnssec_test.py example code to + also set the 20326 trust anchor for the root in the example code. +- Better documentation for unblock-lan-zones and insecure-lan-zones + config statements. +- Fix permission denied printed for auth zone probe random port nrs. +- Fix documentation ambiguity for tls-win-cert in tls-upstream and + forward-tls-upstream docs. +- iana port update. +- Fix round robin for failed addresses with prefer-ip6: yes +- Note in documentation that the cert name match code needs + OpenSSL 1.1.0 or later to be enabled. +- Fix to improve systemd socket activation code file descriptor + assignment. +- Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more + easily changed to adjust default rtt assumptions. +- Fix #4127 unbound -h does not list -p help. +- Print error if SSL name verification configured but not available + in the ssl library. +- Fix that ratelimit and ip-ratelimit are applied after reload of + changed config file. +- Resize ratelimit and ip-ratelimit caches if changed on reload. +- Fix #4129 unbound-control error message with wrong cert permissions + is too cryptic. +- Fix #4130: print text describing -dd and unbound-checkconf on + config file read error at startup, the errors may have been moved + away by the startup process. +- Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared. +- Fix use-systemd readiness signalling, only when use-systemd is yes + and not in signal handler. +- Fix #4135: 64-bit Windows Installer Creates Entries Under The + Wrong Registry Key, reported by Brian White. +- Fix man page, say that chroot is enabled by default. +- Sort out test runs when the build directory isn't the project + root directory. +- Error if EDNS Keepalive received over UDP. +- Correct and expand manual page entries for keepalive and idle timeout. +- Implement progressive backoff of TCP idle/keepalive timeout. +- Fix 'make depend' to work when build dir is not project root. +- Fix #4139: Fix unbound-host leaks memory on ANY. +- Fix to remove systemd sockaddr function check, that is not + always present. Make socket activation more lenient. But not + different when socket activation is not used. +- Fix #4136: insufficiency from mismatch of FLEX capability between + released tarball and build host. Fix to unconditionally call + destroy in daemon.c. +- Make capsforid fallback QNAME minimisation aware. +- document --enable-subnet in doc/README. +- Fix #4144: dns64 module caches wrong (negative) information. +- Fix that printout of error for cycle targets is a verbosity 4 + printout and does not wrongly print it is a memory error. +- Fix segfault in auth-zone read and reorder of RRSIGs. +- Fix contrib/fastrpz.patch. +- Fix warning on compile without threads. +- print servfail info to log as error. +- added more servfail printout statements, to the iterator. +- Fix classification for QTYPE=CNAME queries when QNAME minimisation is + enabled. +- Fix only misc failure from log-servfail when val-log-level is not + enabled. +- Fix lintflags for lint on FreeBSD. +- Fix that a local-zone with a local-zone-type that is transparent + in a view with view-first, makes queries check for answers from the + local-zones defined outside of views. + ------------------------------------------------------------------- Thu Jun 21 09:19:02 UTC 2018 - michael@stroeder.com diff --git a/libunbound-devel-mini.spec b/libunbound-devel-mini.spec index d851685..a268721 100644 --- a/libunbound-devel-mini.spec +++ b/libunbound-devel-mini.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,7 +24,7 @@ # Name: libunbound-devel-mini -Version: 1.7.3 +Version: 1.8.0 Release: 0 # # diff --git a/unbound-1.7.3.tar.gz b/unbound-1.7.3.tar.gz deleted file mode 100644 index a612828..0000000 --- a/unbound-1.7.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c11de115d928a6b48b2165e0214402a7a7da313cd479203a7ce7a8b62cba602d -size 5570604 diff --git a/unbound-1.8.0.tar.gz b/unbound-1.8.0.tar.gz new file mode 100644 index 0000000..f673546 --- /dev/null +++ b/unbound-1.8.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:78f79d6d3b643fdcd74a14fc76542250da886c82f82bc55b51e189663d61b83f +size 5609213 diff --git a/unbound.changes b/unbound.changes index 1d9a24c..177ed18 100644 --- a/unbound.changes +++ b/unbound.changes @@ -1,3 +1,156 @@ +------------------------------------------------------------------- +Thu Sep 17 17:00:00 UTC 2018 - michael@stroeder.com + +- update to 1.8.0: + Number of bug fixes, a list of features added and some defaults changed. + +Features +- unbound-control auth_zone_reload _zone_ option rereads the zonefile. +- unbound-control auth_zone_transfer _zone_ option starts the probe + sequence for a master to transfer the zone from and transfers when + a new zone version is available. +- num.queries.tls counter for queries over TLS. +- log port number with err_addr logs. +- dns64-ignore-aaaa: config option to list domain names for which the + existing AAAA is ignored and dns64 processing is used on the A + record. +- Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass + if DNSSEC is not enabled. New option -R allows fallback from + resolv.conf to direct queries. +- Note RFC8162 support. SMIMEA record type can be read in by the + zone record parser. +- Patches from Jim Hague (Sinodun) for EDNS KeepAlive. +- Add config tcp-idle-timeout (default 30s). This applies to + client connections only; the timeout on TCP connections upstream + is unaffected. +- Add edns-tcp-keepalive and edns-tcp-keepalive timeout options + and implement option in client responses. +- Add delay parameter to streamtcp, -d secs. + To be used when testing idle timeout. +- Expose if a query (or a subquery) was ratelimited (not src IP + ratelimiting) to libunbound under 'ub_result.was_ratelimited'. + This also introduces a change to 'ub_event_callback_type' in + libunbound/unbound-event.h. +- Patch to implement tcp-connection-limit from Jim Hague (Sinodun). + This limits the number of simultaneous TCP client connections + from a nominated netblock. +- Fix #4142: unbound.service.in: improvements and fixes. + Add unit dependency ordering (based on systemd-resolved). + Add 'CAP_SYS_RESOURCE' to 'CapabilityBoundingSet' (fixes warnings + about missing privileges during startup). Add 'AF_INET6' to + 'RestrictAddressFamilies' (without it IPV6 can't work). From + Guido Shanahan. +- unbound-checkconf checks if modules exist and prints if they are + not compiled in the name of the wrong module. +- Patch for stub-no-cache and forward-no-cache options that disable + caching for the contents of that stub or forward, for when you + want immediate changes visible, from Bjoern A. Zeeb. +- Upgraded crosscompile script to include libunbound DLL in the + zipfile. +- Set libunbound to increase current, because the libunbound change + to the event callback function signature. That needs programs, + that use it, to recompile against the new header definition. +- log-servfail: yes prints log lines that say why queries are + returning SERVFAIL to clients. +- log-local-actions: yes option for unbound.conf that logs all the + local zone actions, a patch from Saksham Manchanda (Secure64). +- #4146: num.query.subnet and num.query.subnet_cache counters. +- #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This + gives access to reply information for the client's communication + point when the callback is called before the mesh state (modules). + Changes to C and Python's inplace_callback signatures were also + necessary. +- Set defaults to yes for a number of options to increase speed and + resilience of the server. The so-reuseport, harden-below-nxdomain, + and minimal-responses options are enabled by default. They used + to be disabled by default, waiting to make sure they worked. They + are enabled by default now, and can be disabled explicitly by + setting them to "no" in the unbound.conf config file. The reuseport + and minimal options increases speed of the server, and should be + otherwise harmless. The harden-below-nxdomain option works well + together with the recently default enabled qname minimisation, this + causes more fetches to use information from the cache. +- Added serve-expired-ttl and serve-expired-ttl-reset options. + +Bug Fixes +- Windows example service.conf edited with more windows specific + configuration. +- #4108: systemd reload hang fix. +- Fix usage printout for unbound-host, hostname has to be last + argument on BSDs and Windows. +- Partial fix for permission denied on IPv6 address on FreeBSD. +- Fix that auth-zone master reply with current SOA serial does not + stop scan of masters for an updated zone. +- Fix that auth-zone does not start the wait timer without checking + if the wait timer has already been started. +- #4109: Fix that package config depends on python unconditionally. +- Patch, do not export python from pkg-config, from Petr Menšík. +- Fix checking for libhiredis printout in configure output. +- Fix typo on man page in ip-address description. +- Update libunbound/python/examples/dnssec_test.py example code to + also set the 20326 trust anchor for the root in the example code. +- Better documentation for unblock-lan-zones and insecure-lan-zones + config statements. +- Fix permission denied printed for auth zone probe random port nrs. +- Fix documentation ambiguity for tls-win-cert in tls-upstream and + forward-tls-upstream docs. +- iana port update. +- Fix round robin for failed addresses with prefer-ip6: yes +- Note in documentation that the cert name match code needs + OpenSSL 1.1.0 or later to be enabled. +- Fix to improve systemd socket activation code file descriptor + assignment. +- Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more + easily changed to adjust default rtt assumptions. +- Fix #4127 unbound -h does not list -p help. +- Print error if SSL name verification configured but not available + in the ssl library. +- Fix that ratelimit and ip-ratelimit are applied after reload of + changed config file. +- Resize ratelimit and ip-ratelimit caches if changed on reload. +- Fix #4129 unbound-control error message with wrong cert permissions + is too cryptic. +- Fix #4130: print text describing -dd and unbound-checkconf on + config file read error at startup, the errors may have been moved + away by the startup process. +- Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared. +- Fix use-systemd readiness signalling, only when use-systemd is yes + and not in signal handler. +- Fix #4135: 64-bit Windows Installer Creates Entries Under The + Wrong Registry Key, reported by Brian White. +- Fix man page, say that chroot is enabled by default. +- Sort out test runs when the build directory isn't the project + root directory. +- Error if EDNS Keepalive received over UDP. +- Correct and expand manual page entries for keepalive and idle timeout. +- Implement progressive backoff of TCP idle/keepalive timeout. +- Fix 'make depend' to work when build dir is not project root. +- Fix #4139: Fix unbound-host leaks memory on ANY. +- Fix to remove systemd sockaddr function check, that is not + always present. Make socket activation more lenient. But not + different when socket activation is not used. +- Fix #4136: insufficiency from mismatch of FLEX capability between + released tarball and build host. Fix to unconditionally call + destroy in daemon.c. +- Make capsforid fallback QNAME minimisation aware. +- document --enable-subnet in doc/README. +- Fix #4144: dns64 module caches wrong (negative) information. +- Fix that printout of error for cycle targets is a verbosity 4 + printout and does not wrongly print it is a memory error. +- Fix segfault in auth-zone read and reorder of RRSIGs. +- Fix contrib/fastrpz.patch. +- Fix warning on compile without threads. +- print servfail info to log as error. +- added more servfail printout statements, to the iterator. +- Fix classification for QTYPE=CNAME queries when QNAME minimisation is + enabled. +- Fix only misc failure from log-servfail when val-log-level is not + enabled. +- Fix lintflags for lint on FreeBSD. +- Fix that a local-zone with a local-zone-type that is transparent + in a view with view-first, makes queries check for answers from the + local-zones defined outside of views. + ------------------------------------------------------------------- Thu Jun 21 09:19:02 UTC 2018 - michael@stroeder.com diff --git a/unbound.spec b/unbound.spec index 9c19aaf..f7a399e 100644 --- a/unbound.spec +++ b/unbound.spec @@ -58,7 +58,7 @@ %endif Name: unbound -Version: 1.7.3 +Version: 1.8.0 Release: 0 # #