From 3b2fab437b06b6e9578259e05bd5652d80ec9b725d0b305753b103deb0247cc3 Mon Sep 17 00:00:00 2001
From: Marguerite Su <i@marguerite.su>
Date: Sat, 22 Feb 2020 03:16:25 +0000
Subject: [PATCH] Accepting request 777757 from
 home:stroeder:branches:server:dns

Update to 1.10.0. Successfully tested on Tumbleweed x86_64.

OBS-URL: https://build.opensuse.org/request/show/777757
OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=123
---
 libunbound-devel-mini.changes | 110 ++++++++++++++++++++++++++++++++++
 libunbound-devel-mini.spec    |   2 +-
 unbound-1.10.0.tar.gz         |   3 +
 unbound-1.9.6.tar.gz          |   3 -
 unbound.changes               | 110 ++++++++++++++++++++++++++++++++++
 unbound.spec                  |   2 +-
 6 files changed, 225 insertions(+), 5 deletions(-)
 create mode 100644 unbound-1.10.0.tar.gz
 delete mode 100644 unbound-1.9.6.tar.gz

diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes
index f4659fa..37bfa59 100644
--- a/libunbound-devel-mini.changes
+++ b/libunbound-devel-mini.changes
@@ -1,3 +1,113 @@
+-------------------------------------------------------------------
+Thu Feb 20 21:40:10 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.10.0
+
+Features:
+- Merge RPZ support into master. Only QNAME and Response IP triggers are
+  supported.
+- Added serve-stale functionality as described in
+  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
+  to configure the behavior.
+- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
+- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
+  come with a configurable TTL value (`serve-expired-reply-ttl`).
+- Merge #135 from Florian Obser: Use passed in neg and key cache
+  if non-NULL.
+- Fix #153: Disable validation for DSA algorithms.  RFC 8624 compliance.
+- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
+  and Frzk.  Updates the unbound.service systemd file and adds a portable
+  systemd service file.
+- Merge PR#154; Allow use of libbsd functions with configure option
+  --with-libbsd. By Robert Edmonds and Steven Chamberlain.
+- Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai.
+- Merge PR#156 from Alexander Berkes; Added unbound-control
+  view_local_datas_remove command.
+
+Bug Fixes:
+- Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by
+  Florian Obser
+- Update mailing list URL.
+- Fix #140: Document slave not downloading new zonefile upon update.
+- Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD.
+  The dl_iterate_phdr() function introduced in newer versions raises
+  compilation errors on solaris 10.
+- Changes to compat/getentropy_solaris.c for,
+  ifdef stdint.h inclusion for older systems.  ifdef sha2.h inclusion
+  for older systems.
+- Fix 'make test' to work for --disable-sha1 configure option.
+- Fix out-of-bounds null-byte write in sldns_bget_token_par while
+  parsing type WKS, reported by Luis Merino from X41 D-Sec.
+- Updated sldns_bget_token_par fix for also space for the zero
+  delimiter after the character.  And update for more spare space.
+- Fix #138: stop binding pidfile inside chroot dir in systemd service
+  file.
+- Fix the relationship between serve-expired and prefetch options,
+  patch from Saksham Manchanda from Secure64.
+- Fix unreachable code in ssl set options code.
+- Removed the dnscrypt_queries and dnscrypt_queries_chacha tests,
+  because dnscrypt-proxy (2.0.36) does not support the test setup
+  any more, and also the config file format does not seem to have the
+  appropriate keys to recreate that setup.
+- Fix crash after reload where a stats lookup could reference old key
+  cache and neg cache structures.
+- Fix for memory leak when edns subnet config options are read when
+  compiled without edns subnet support.
+- Fix auth zone support for NSEC3 records without salt.
+- Merge PR#150 from Frzk: Systemd unit without chroot.  It add
+  contrib/unbound_nochroot.service.in, a systemd file for use with
+  chroot: "", see comments in the file, it uses systemd protections
+  instead.  It was superceded by #151, the unbound_portable.service
+  file.
+- Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes
+  to Libs/Requires for crypto library dependencies.
+- iana portlist updated.
+- Fix to silence the tls handshake errors for broken pipe and reset
+  by peer, unless verbosity is set to 2 or higher.
+- Merge PR#147; change rfc reference for reserved top level dns names.
+- Fix #157: undefined reference to `htobe64'.
+- Fix subnet tests for disabled DSA algorithm by default.
+- Update contrib/fastrpz.patch for clean diff with current code.
+- updated .gitignore for added contrib file.
+- Add build rule for ipset to Makefile
+- Add getentropy_freebsd.o to Makefile dependencies.
+- Fix memory leak in error condition remote.c
+- Fix double free in error condition view.c
+- Fix memory leak in do_auth_zone_transfer on success
+- Stop working on socket when socket() call returns an error.
+- Check malloc return values in TLS session ticket code
+- Fix fclose on error in TLS session ticket code.
+- Add assertion to please static analyzer
+- Fixed stats when replying with cached, cname-aliased records.
+- Added missing default values for redis cachedb backend.
+- Fix num_reply_addr counting in mesh and tcp drop due to size
+  after serve_stale commit.
+- Fix to create and destroy rpz_lock in auth_zones structure.
+- Fix to lock zone before adding rpz qname trigger.
+- Fix to lock and release once in mesh_serve_expired_lookup.
+- Fix to put braces around empty if body when threading is disabled.
+- Fix num_reply_states and num_detached_states counting with
+  serve_expired_callback.
+- Cleaner code in mesh_serve_expired_lookup.
+- Document in unbound.conf manpage that configuration clauses can be
+  repeated in the configuration file.
+- Document 'ub_result.was_ratelimited' in libunbound.
+- Fix use after free on log-identity after a reload; Fixes #163.
+- Fix with libnettle make test with dsa disabled.
+- Fix contrib/fastrpz.patch to apply cleanly.  Fix for serve-stale
+  fixes, but it does not compile, conflicts with new rpz code.
+- Fix to clean memory leak of respip_addr.lock when ip_tree deleted.
+- Fix compile warning when threads disabled.
+- Fix spelling in unbound.conf.5.in.
+- Stop unbound-checkconf from insisting that auth-zone and rpz
+  zonefiles have to exist.  They can not exist, and download later.
+- contrib/drop2rpz: perl script that converts the Spamhaus DROP-List
+  in RPZ-Format, contributed by Andreas Schulze.
+- Remove unused variable.
+- Add respip to supported module-config options in unbound-checkconf.
+- Updated contrib/unbound_smf23.tar.gz with Solaris SMF service for
+  Unbound from Yuri Voinov.
+
 -------------------------------------------------------------------
 Thu Dec 12 21:01:07 UTC 2019 - Michael Ströder <michael@stroeder.com>
 
diff --git a/libunbound-devel-mini.spec b/libunbound-devel-mini.spec
index d63aeae..6d5a20d 100644
--- a/libunbound-devel-mini.spec
+++ b/libunbound-devel-mini.spec
@@ -24,7 +24,7 @@
 
 #
 Name:           libunbound-devel-mini
-Version:        1.9.6
+Version:        1.10.0
 Release:        0
 #
 #
diff --git a/unbound-1.10.0.tar.gz b/unbound-1.10.0.tar.gz
new file mode 100644
index 0000000..a32d383
--- /dev/null
+++ b/unbound-1.10.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:152f486578242fe5c36e89995d0440b78d64c05123990aae16246b7f776ce955
+size 5727902
diff --git a/unbound-1.9.6.tar.gz b/unbound-1.9.6.tar.gz
deleted file mode 100644
index 60db66a..0000000
--- a/unbound-1.9.6.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1d98fc6ea99197a20b4a0e540e87022cf523085786e0fc26de6ebb2720f5aaf0
-size 5680145
diff --git a/unbound.changes b/unbound.changes
index 49f5994..a6297e2 100644
--- a/unbound.changes
+++ b/unbound.changes
@@ -1,3 +1,113 @@
+-------------------------------------------------------------------
+Thu Feb 20 21:40:10 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.10.0
+
+Features:
+- Merge RPZ support into master. Only QNAME and Response IP triggers are
+  supported.
+- Added serve-stale functionality as described in
+  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
+  to configure the behavior.
+- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
+- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
+  come with a configurable TTL value (`serve-expired-reply-ttl`).
+- Merge #135 from Florian Obser: Use passed in neg and key cache
+  if non-NULL.
+- Fix #153: Disable validation for DSA algorithms.  RFC 8624 compliance.
+- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
+  and Frzk.  Updates the unbound.service systemd file and adds a portable
+  systemd service file.
+- Merge PR#154; Allow use of libbsd functions with configure option
+  --with-libbsd. By Robert Edmonds and Steven Chamberlain.
+- Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai.
+- Merge PR#156 from Alexander Berkes; Added unbound-control
+  view_local_datas_remove command.
+
+Bug Fixes:
+- Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by
+  Florian Obser
+- Update mailing list URL.
+- Fix #140: Document slave not downloading new zonefile upon update.
+- Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD.
+  The dl_iterate_phdr() function introduced in newer versions raises
+  compilation errors on solaris 10.
+- Changes to compat/getentropy_solaris.c for,
+  ifdef stdint.h inclusion for older systems.  ifdef sha2.h inclusion
+  for older systems.
+- Fix 'make test' to work for --disable-sha1 configure option.
+- Fix out-of-bounds null-byte write in sldns_bget_token_par while
+  parsing type WKS, reported by Luis Merino from X41 D-Sec.
+- Updated sldns_bget_token_par fix for also space for the zero
+  delimiter after the character.  And update for more spare space.
+- Fix #138: stop binding pidfile inside chroot dir in systemd service
+  file.
+- Fix the relationship between serve-expired and prefetch options,
+  patch from Saksham Manchanda from Secure64.
+- Fix unreachable code in ssl set options code.
+- Removed the dnscrypt_queries and dnscrypt_queries_chacha tests,
+  because dnscrypt-proxy (2.0.36) does not support the test setup
+  any more, and also the config file format does not seem to have the
+  appropriate keys to recreate that setup.
+- Fix crash after reload where a stats lookup could reference old key
+  cache and neg cache structures.
+- Fix for memory leak when edns subnet config options are read when
+  compiled without edns subnet support.
+- Fix auth zone support for NSEC3 records without salt.
+- Merge PR#150 from Frzk: Systemd unit without chroot.  It add
+  contrib/unbound_nochroot.service.in, a systemd file for use with
+  chroot: "", see comments in the file, it uses systemd protections
+  instead.  It was superceded by #151, the unbound_portable.service
+  file.
+- Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes
+  to Libs/Requires for crypto library dependencies.
+- iana portlist updated.
+- Fix to silence the tls handshake errors for broken pipe and reset
+  by peer, unless verbosity is set to 2 or higher.
+- Merge PR#147; change rfc reference for reserved top level dns names.
+- Fix #157: undefined reference to `htobe64'.
+- Fix subnet tests for disabled DSA algorithm by default.
+- Update contrib/fastrpz.patch for clean diff with current code.
+- updated .gitignore for added contrib file.
+- Add build rule for ipset to Makefile
+- Add getentropy_freebsd.o to Makefile dependencies.
+- Fix memory leak in error condition remote.c
+- Fix double free in error condition view.c
+- Fix memory leak in do_auth_zone_transfer on success
+- Stop working on socket when socket() call returns an error.
+- Check malloc return values in TLS session ticket code
+- Fix fclose on error in TLS session ticket code.
+- Add assertion to please static analyzer
+- Fixed stats when replying with cached, cname-aliased records.
+- Added missing default values for redis cachedb backend.
+- Fix num_reply_addr counting in mesh and tcp drop due to size
+  after serve_stale commit.
+- Fix to create and destroy rpz_lock in auth_zones structure.
+- Fix to lock zone before adding rpz qname trigger.
+- Fix to lock and release once in mesh_serve_expired_lookup.
+- Fix to put braces around empty if body when threading is disabled.
+- Fix num_reply_states and num_detached_states counting with
+  serve_expired_callback.
+- Cleaner code in mesh_serve_expired_lookup.
+- Document in unbound.conf manpage that configuration clauses can be
+  repeated in the configuration file.
+- Document 'ub_result.was_ratelimited' in libunbound.
+- Fix use after free on log-identity after a reload; Fixes #163.
+- Fix with libnettle make test with dsa disabled.
+- Fix contrib/fastrpz.patch to apply cleanly.  Fix for serve-stale
+  fixes, but it does not compile, conflicts with new rpz code.
+- Fix to clean memory leak of respip_addr.lock when ip_tree deleted.
+- Fix compile warning when threads disabled.
+- Fix spelling in unbound.conf.5.in.
+- Stop unbound-checkconf from insisting that auth-zone and rpz
+  zonefiles have to exist.  They can not exist, and download later.
+- contrib/drop2rpz: perl script that converts the Spamhaus DROP-List
+  in RPZ-Format, contributed by Andreas Schulze.
+- Remove unused variable.
+- Add respip to supported module-config options in unbound-checkconf.
+- Updated contrib/unbound_smf23.tar.gz with Solaris SMF service for
+  Unbound from Yuri Voinov.
+
 -------------------------------------------------------------------
 Thu Dec 19 15:33:17 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/unbound.spec b/unbound.spec
index 5300841..65aa987 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -36,7 +36,7 @@
 %define piddir /run
 
 Name:           unbound
-Version:        1.9.6
+Version:        1.10.0
 Release:        0
 #
 #