Accepting request 710819 from server:dns

OBS-URL: https://build.opensuse.org/request/show/710819
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/unbound?expand=0&rev=38

libunbound-devel-mini.changes

@@ -1,3 +1,93 @@
+-------------------------------------------------------------------
+Mon Jun 17 17:21:10 UTC 2019 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.9.2
+
+Features
+- add type CAA to libpyunbound (accessing libunbound from python).
+- Fix #17: Add python module example from Jan Janak, that is a
+  plugin for the Unbound DNS resolver to resolve DNS records in
+  multicast DNS [RFC 6762] via Avahi.  The plugin communicates
+  with Avahi via DBus. The comment section at the beginning of
+  the file contains detailed documentation.
+- travis build file.
+- PR #16: XoT support, AXFR over TLS, turn it on with
+  master: <ip>#<authname> in unbound.conf.  This uses TLS to
+  download the AXFR (or IXFR).
+
+Bug Fixes
+- Fix for #4233: guard use of NDEBUG, so that it can be passed in
+  CFLAGS into configure.
+- Add log message, at verbosity 4, that says the query is encrypted
+  with TLS, if that is enabled for the query.
+- Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
+- Fix #4240: Fix whitespace cleanup in example.conf.
+- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
+  disables the tls session ticker key calls into the OpenSSL API.
+- Fix crash if tls-servic-pem not filled in when necessary.
+- Fix auth-zone NSEC3 response for empty nonterminals with exact
+  match nsec3 records.
+- Fix for out of bounds integers, thanks to OSTIF audit.  It is in
+  allocation debug code.
+- Fix for auth zone nsec3 ent fix for wildcard nodata.
+- Move goto label in answer_from_cache to the end of the function
+  where it is more visible.
+- Fix auth-zone NSEC3 response for wildcard nodata answers,
+  include the closest encloser in the answer.
+- Fix spelling error in log output for event method.
+- Fix to reinit event structure for accepted TCP (and TLS) sockets.
+- Fix to use event_assign with libevent for thread-safety.
+- verbose information about auth zone lookup process, also lookup
+  start, timeout and fail.
+- Fix to wipe ssl ticket keys from memory with explicit_bzero,
+  if available.
+- Fix that auth zone uses correct network type for sockets for
+  SOA serial probes.  This fixes that probes fail because earlier
+  probe addresses are unreachable.
+- Fix that auth zone fails over to next master for timeout in tcp.
+- Squelch SSL read and write connection reset by peer and broken pipe
+  messages.  Verbosity 2 and higher enables them.
+- Update python documentation for init_standard().
+- Typos.
+- Fix tls write event for read state change to re-call SSL_write and
+  not resume the TLS handshake.
+- Better braces in if statement in TCP fastopen code.
+- iana portlist updated.
+- Scrub RRs from answer section when reusing NXDOMAIN message for
+  subdomain answers.
+- For harden-below-nxdomain: do not consider a name to be non-exitent
+  when message contains a CNAME record.
+- Fix wrong query name in local zone redirect answers with a CNAME,
+  the copy of the local alias is in unpacked form.
+- contrib/fastrpz.patch updated for code changes, and with git diff.
+- Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64.
+- Fix #30: AddressSanitizer finding in lookup3.c.  This sets the
+  hash function to use a slower but better auditable code that does
+  not read beyond array boundaries.  This makes code better security
+  checkable, and is better for security.  It is fixed to be slower,
+  but not read outside of the array.
+- Fix edns-subnet locks, in error cases the lock was not unlocked.
+- Fix doxygen output error on readme markdown vignettes.
+- Squelch log messages from tcp send about connection reset by peer.
+  They can be enabled with verbosity at higher values for diagnosing
+  network connectivity issues.
+- Attempt to fix malformed tcp response.
+- Fix #31: swig 4.0 and python module.
+- Note that so-reuseport at extreme load is better turned off,
+  otherwise queries are not distributed evenly, on Linux 4.4.x.
+- Fix that spoolbuf is not used to store tcp pipelined response
+  between mesh send and callback end.
+- Fix double file close in tcp pipelined response code.
+- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
+- Fix to guard _OPENBSD_SOURCE from redefinition.
+- Fix that fixes the Fix that spoolbuf is not used to store tcp
+  pipelined response between mesh send and callback end, this fixes
+  error cases that did not use the correct spoolbuf.
+- Fix that fixes the Fix that spoolbuf is not used to store tcp
+  pipelined response between mesh send and callback end, this fixes
+  error cases that did not use the correct spoolbuf.
+- Fix another spoolbuf storage code point, in prefetch.
+
 -------------------------------------------------------------------
 Mon Mar 18 12:16:58 UTC 2019 - Michael Ströder <michael@stroeder.com>
 

libunbound-devel-mini.spec

@@ -24,7 +24,7 @@
 
 #
 Name:           libunbound-devel-mini
-Version:        1.9.1
+Version:        1.9.2
 Release:        0
 #
 #

unbound.changes

@@ -1,3 +1,93 @@
+-------------------------------------------------------------------
+Mon Jun 17 17:21:10 UTC 2019 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.9.2
+
+Features
+- add type CAA to libpyunbound (accessing libunbound from python).
+- Fix #17: Add python module example from Jan Janak, that is a
+  plugin for the Unbound DNS resolver to resolve DNS records in
+  multicast DNS [RFC 6762] via Avahi.  The plugin communicates
+  with Avahi via DBus. The comment section at the beginning of
+  the file contains detailed documentation.
+- travis build file.
+- PR #16: XoT support, AXFR over TLS, turn it on with
+  master: <ip>#<authname> in unbound.conf.  This uses TLS to
+  download the AXFR (or IXFR).
+
+Bug Fixes
+- Fix for #4233: guard use of NDEBUG, so that it can be passed in
+  CFLAGS into configure.
+- Add log message, at verbosity 4, that says the query is encrypted
+  with TLS, if that is enabled for the query.
+- Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
+- Fix #4240: Fix whitespace cleanup in example.conf.
+- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
+  disables the tls session ticker key calls into the OpenSSL API.
+- Fix crash if tls-servic-pem not filled in when necessary.
+- Fix auth-zone NSEC3 response for empty nonterminals with exact
+  match nsec3 records.
+- Fix for out of bounds integers, thanks to OSTIF audit.  It is in
+  allocation debug code.
+- Fix for auth zone nsec3 ent fix for wildcard nodata.
+- Move goto label in answer_from_cache to the end of the function
+  where it is more visible.
+- Fix auth-zone NSEC3 response for wildcard nodata answers,
+  include the closest encloser in the answer.
+- Fix spelling error in log output for event method.
+- Fix to reinit event structure for accepted TCP (and TLS) sockets.
+- Fix to use event_assign with libevent for thread-safety.
+- verbose information about auth zone lookup process, also lookup
+  start, timeout and fail.
+- Fix to wipe ssl ticket keys from memory with explicit_bzero,
+  if available.
+- Fix that auth zone uses correct network type for sockets for
+  SOA serial probes.  This fixes that probes fail because earlier
+  probe addresses are unreachable.
+- Fix that auth zone fails over to next master for timeout in tcp.
+- Squelch SSL read and write connection reset by peer and broken pipe
+  messages.  Verbosity 2 and higher enables them.
+- Update python documentation for init_standard().
+- Typos.
+- Fix tls write event for read state change to re-call SSL_write and
+  not resume the TLS handshake.
+- Better braces in if statement in TCP fastopen code.
+- iana portlist updated.
+- Scrub RRs from answer section when reusing NXDOMAIN message for
+  subdomain answers.
+- For harden-below-nxdomain: do not consider a name to be non-exitent
+  when message contains a CNAME record.
+- Fix wrong query name in local zone redirect answers with a CNAME,
+  the copy of the local alias is in unpacked form.
+- contrib/fastrpz.patch updated for code changes, and with git diff.
+- Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64.
+- Fix #30: AddressSanitizer finding in lookup3.c.  This sets the
+  hash function to use a slower but better auditable code that does
+  not read beyond array boundaries.  This makes code better security
+  checkable, and is better for security.  It is fixed to be slower,
+  but not read outside of the array.
+- Fix edns-subnet locks, in error cases the lock was not unlocked.
+- Fix doxygen output error on readme markdown vignettes.
+- Squelch log messages from tcp send about connection reset by peer.
+  They can be enabled with verbosity at higher values for diagnosing
+  network connectivity issues.
+- Attempt to fix malformed tcp response.
+- Fix #31: swig 4.0 and python module.
+- Note that so-reuseport at extreme load is better turned off,
+  otherwise queries are not distributed evenly, on Linux 4.4.x.
+- Fix that spoolbuf is not used to store tcp pipelined response
+  between mesh send and callback end.
+- Fix double file close in tcp pipelined response code.
+- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
+- Fix to guard _OPENBSD_SOURCE from redefinition.
+- Fix that fixes the Fix that spoolbuf is not used to store tcp
+  pipelined response between mesh send and callback end, this fixes
+  error cases that did not use the correct spoolbuf.
+- Fix that fixes the Fix that spoolbuf is not used to store tcp
+  pipelined response between mesh send and callback end, this fixes
+  error cases that did not use the correct spoolbuf.
+- Fix another spoolbuf storage code point, in prefetch.
+
 -------------------------------------------------------------------
 Sat Apr 13 18:51:31 UTC 2019 - Dirk Stoecker <opensuse@dstoecker.de>
 

unbound.spec

@@ -37,7 +37,7 @@
 %define piddir /run
 
 Name:           unbound
-Version:        1.9.1
+Version:        1.9.2
 Release:        0
 #
 #