- update to 1.5.5

- remove manual hacks for relro,now and pie and replace them with
  official configure options.

OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=24

unbound-1.5.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a1e1c1a578cf8447cb51f6033714035736a0f04444854a983123c094cc6fb137
-size 4844273

unbound-1.5.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f3bd7d3bc9519e8717abdc35c26cb2d84c3c3a3e2cd657604307e6860b37da5e
+size 4849969

unbound.changes

@@ -1,3 +1,59 @@
+-------------------------------------------------------------------
+Tue Oct  6 14:21:00 UTC 2015 - mrueckert@suse.de
+
+- update to 1.5.5
+  Features
+  - Change default of harden-algo-downgrade to off. This is lenient
+    for algorithm rollover.
+  - Added permit-small-holddown config to debug fast 5011 rollover.
+  - Allow certificate chain files to allow for intermediate
+    certificates. (thanks Daniel Kahn Gillmor)
+  - Enable ECDHE for servers. Where available, use
+    SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations
+    to enable ECDHE. Otherwise, manually offer curve p256. Client
+    connections should automatically use ECDHE when available.
+    (thanks Daniel Kahn Gillmor)
+  - Feature --enable-pie option to that builds PIE binary.
+    [bugzilla: 699 ]
+  - Feature --enable-relro-now option that enables full read-only
+    relocation.  [bugzilla: 700 ]
+  - New IPs for for h.root-servers.net.  [bugzilla: 702 ]
+  Bug Fixes
+  - Fix setting forwarders with unbound-control forward implicitly
+    turns on forward-first.  [bugzilla: 681 ]
+  - Fix that reload fails when so-reuseport is yes after changing
+    num-threads.  [bugzilla: 690 ]
+  - please afl-gcc (llvm) for uninitialised variable warning.
+  - Fix mktime in unbound-anchor not using UTC.
+  - Fix 5011 anchor update timer after reload.
+  - 5011 implementation does not insist on all algorithms, when
+    harden-algo-downgrade is turned off.
+  - Document in the manual more text about configuring locally
+    served zones.
+  - Document that local-zone nodefault matches exactly and
+    transparent can be used to release a subzone.
+  - Fix that configure script does not detect LibreSSL 2.2.2
+    [bugzilla: 694 ]
+  - Fix deadlock for local data add and zone add when
+    unbound-control list_local_data printout is interrupted.
+  - Fix get PY_MAJOR_VERSION failure at configure for python 2.4 to
+    2.6.  [bugzilla: 697 ]
+  - changed windows setup compression to be more transparent.
+  - Fix config globbed include chroot treatment, this fixes reload
+    of globs (patch from Dag-Erling Smørgrav).
+  - Fix ub_ctx_set_fwd() return value mishandled on windows.
+    [bugzilla: 705 ]
+  - Fix minor error in unbound.conf.5.in.
+  - Fix unbound.conf(5) access-control description for precedence
+    and default.
+  - Fix unbound-control flush that does not succeed in removing
+    data.
+  - MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution
+    failures.
+  - iana portlist update.
+- remove manual hacks for relro,now and pie and replace them with
+  official configure options.
+
 -------------------------------------------------------------------
 Fri Sep  4 13:37:38 UTC 2015 - mrueckert@suse.de
 

unbound.spec

@@ -53,7 +53,7 @@
 %endif
 
 Name:           unbound
-Version:        1.5.4
+Version:        1.5.5
 Release:        0
 #
 #
@@ -184,9 +184,8 @@ This package holds the Python modules and extensions for unbound.
 %setup
 
 %build
-export LDFLAGS="-Wl,-z,relro,-z,now -pie"
+export CFLAGS="%{optflags}"
-export CFLAGS="%{optflags} -fPIE -pie"
+export CXXFLAGS="%{optflags}"
-export CXXFLAGS="%{optflags} -fPIE -pie"
 %configure \
   --disable-rpath \
   --with-libevent \
@@ -197,6 +196,8 @@ export CXXFLAGS="%{optflags} -fPIE -pie"
   --enable-gost \
   --enable-ecdsa \
   --enable-event-api \
+  --enable-pie \
+  --enable-relro-now \
 %if %{with dnstap}
   --enable-dnstap \
 %endif