From 5d8389d6946883bb526127855c793745a1a218327df3eb8706924cfe2c395be3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Str=C3=B6der?= <michael@stroeder.com>
Date: Tue, 27 Jun 2017 11:52:45 +0000
Subject: [PATCH] Accepting request 506459 from
 home:stroeder:branches:server:dns

update to upstream release 1.6.4

OBS-URL: https://build.opensuse.org/request/show/506459
OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=58
---
 libunbound-devel-mini.changes | 99 +++++++++++++++++++++++++++++++++++
 libunbound-devel-mini.spec    |  2 +-
 unbound-1.6.3.tar.gz          |  3 --
 unbound-1.6.4.tar.gz          |  3 ++
 unbound.changes               | 99 +++++++++++++++++++++++++++++++++++
 unbound.spec                  |  2 +-
 6 files changed, 203 insertions(+), 5 deletions(-)
 delete mode 100644 unbound-1.6.3.tar.gz
 create mode 100644 unbound-1.6.4.tar.gz

diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes
index c7b8d09..d4dc620 100644
--- a/libunbound-devel-mini.changes
+++ b/libunbound-devel-mini.changes
@@ -1,3 +1,102 @@
+-------------------------------------------------------------------
+Tue Jun 27 11:13:31 UTC 2017 - michael@stroeder.com
+
+- update to 1.6.4
+
+Features:
+- Implemented trust anchor signaling using key tag query.
+- unbound-checkconf -o allows query of dnstap config variables.
+  Also unbound-control get_option.  Also for dnscrypt.
+- unbound.h exports the shm stats structures.  They use
+  type long long and no ifdefs, and ub_ before the typenames.
+- Implemented opportunistic IPsec support module (ipsecmod).
+- Added redirect-bogus.patch to contrib directory.
+- Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
+- renumbering B-Root's IPv6 address to 2001:500:200::b.
+- Fix #1276: [dnscrypt] add XChaCha20-Poly1305 cipher.
+- Fix #1277: disable domain ratelimit by setting value to 0.
+- Added fastrpz patch to contrib
+
+Bug Fixes:
+- Added ECS unit test (from Manu Bretelle).
+- ECS documentation fix (from Manu Bretelle).
+- Fix #1252: more indentation inconsistencies.
+- Fix #1253: unused variable in edns-subnet/addrtree.c:getbit().
+- Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
+- iana portlist update
+- Based on #1257: check parse limit before t increment in sldns RR
+  string parse routine.
+- Fix #1258: Windows 10 X64 unbound 1.6.2 service will not start.
+  and fix that 64bit getting installed in C:\Program Files (x86).
+- Fix #1259: "--disable-ecdsa" argument overwritten
+  by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".
+- iana portlist update
+- Added test for leak of stub information.
+- Fix sldns wire2str printout of RR type CAA tags.
+- Fix sldns int16_data parse.
+- Fix sldns parse and printout of TSIG RRs.
+- sldns SMIMEA and AVC definitions, same as getdns definitions.
+- Fix tcp-mss failure printout text.
+- Set SO_REUSEADDR on outgoing tcp connections to fix the bind before
+  connect limited tcp connections.  With the option tcp connections
+  can share the same source port (for different destinations).
+- Add 'c' to getopt() in testbound.
+- Adjust servfail by iterator to not store in cache when serve-expired
+  is enabled, to avoid overwriting useful information there.
+- Fix queries for nameservers under a stub leaking to the internet.
+- document trust-anchor-signaling in example config file.
+- updated configure, dependencies and flex output.
+- better module memory lookup, fix of unbound-control shm names for
+  module memory printout of statistics.
+- Fix type AVC sldns rrdef.
+- Some whitespace fixup.
+- Fix #1265: contrib/unbound.service contains hardcoded path.
+- Fix #1265 to use /bin/kill.
+- Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs,
+  and compatibility with BoringSSL.
+- Fix #1268: SIGSEGV after log_reopen.
+- exec_prefix is by default equal to prefix.
+- printout localzone for duplicate local-zone warnings.
+- Fix assertion for low buffer size and big edns payload when worker
+  overrides udpsize.
+- Support for openssl EVP_DigestVerify.
+- Fix #1269: inconsistent use of built-in local zones with views.
+- Add defaults for new local-zone trees added to views using
+  unbound-control.
+- Fix #1273: cachedb.c doesn't compile with -Wextra.
+- If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write.
+- Also use global local-zones when there is a matching view that does
+  not have any local-zone specified.
+- Fix fastopen EPIPE fallthrough to perform connect.
+- Fix #1274: automatically trim chroot path from dnscrypt key/cert paths
+  (from Manu Bretelle).
+- Fix #1275: cached data in cachedb is never used.
+- Fix that unbound-control can set val_clean_additional and
+  val_permissive_mode.
+- Add dnscrypt XChaCha20 tests.
+- Detect chacha for dnscrypt at configure time.
+- dnscrypt unit tests with chacha.
+- Added domain name based ECS whitelist.
+- Fix #1278: Incomplete wildcard proof.
+- Fix #1279: Memory leak on reload when python module is enabled.
+- Fix #1280: Unbound fails assert when response from authoritative
+  contains malformed qname.  When 0x20 caps-for-id is enabled, when
+  assertions are not enabled the malformed qname is handled correctly.
+- More fixes in depth for buffer checks in 0x20 qname checks.
+- Fix stub zone queries leaking to the internet for
+  harden-referral-path ns checks.
+- Fix query for refetch_glue of stub leaking to internet.
+- Fix #1301: memory leak in respip and tests.
+- Free callback in edns-subnetmod on exit and restart.
+- Fix memory leak in sldns_buffer_new_frm_data.
+- Fix memory leak in dnscrypt config read.
+- Fix dnscrypt chacha cert support ifdefs.
+- Fix dnscrypt chacha cert unit test escapes in grep.
+- Fix to unlock view in view test.
+- Fix warning in pythonmod under clang compiler.
+- Fix lintian typo.
+- Fix #1316: heap read buffer overflow in parse_edns_options.
+
 -------------------------------------------------------------------
 Wed Jun 14 10:22:38 UTC 2017 - michael@stroeder.com
 
diff --git a/libunbound-devel-mini.spec b/libunbound-devel-mini.spec
index f8e88b1..8be5429 100644
--- a/libunbound-devel-mini.spec
+++ b/libunbound-devel-mini.spec
@@ -24,7 +24,7 @@
 
 #
 Name:           libunbound-devel-mini
-Version:        1.6.3
+Version:        1.6.4
 Release:        0
 #
 #
diff --git a/unbound-1.6.3.tar.gz b/unbound-1.6.3.tar.gz
deleted file mode 100644
index 86ff09e..0000000
--- a/unbound-1.6.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4c7e655c1d0d2d133fdeb81bc1ab3aa5c155700f66c9f5fb53fa6a5c3ea9845f
-size 5381240
diff --git a/unbound-1.6.4.tar.gz b/unbound-1.6.4.tar.gz
new file mode 100644
index 0000000..da0a4a1
--- /dev/null
+++ b/unbound-1.6.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:df0a88816ec31ccb8284c9eb132e1166fbf6d9cde71fbc4b8cd08a91ee777fed
+size 5477897
diff --git a/unbound.changes b/unbound.changes
index c7b8d09..d4dc620 100644
--- a/unbound.changes
+++ b/unbound.changes
@@ -1,3 +1,102 @@
+-------------------------------------------------------------------
+Tue Jun 27 11:13:31 UTC 2017 - michael@stroeder.com
+
+- update to 1.6.4
+
+Features:
+- Implemented trust anchor signaling using key tag query.
+- unbound-checkconf -o allows query of dnstap config variables.
+  Also unbound-control get_option.  Also for dnscrypt.
+- unbound.h exports the shm stats structures.  They use
+  type long long and no ifdefs, and ub_ before the typenames.
+- Implemented opportunistic IPsec support module (ipsecmod).
+- Added redirect-bogus.patch to contrib directory.
+- Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
+- renumbering B-Root's IPv6 address to 2001:500:200::b.
+- Fix #1276: [dnscrypt] add XChaCha20-Poly1305 cipher.
+- Fix #1277: disable domain ratelimit by setting value to 0.
+- Added fastrpz patch to contrib
+
+Bug Fixes:
+- Added ECS unit test (from Manu Bretelle).
+- ECS documentation fix (from Manu Bretelle).
+- Fix #1252: more indentation inconsistencies.
+- Fix #1253: unused variable in edns-subnet/addrtree.c:getbit().
+- Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
+- iana portlist update
+- Based on #1257: check parse limit before t increment in sldns RR
+  string parse routine.
+- Fix #1258: Windows 10 X64 unbound 1.6.2 service will not start.
+  and fix that 64bit getting installed in C:\Program Files (x86).
+- Fix #1259: "--disable-ecdsa" argument overwritten
+  by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".
+- iana portlist update
+- Added test for leak of stub information.
+- Fix sldns wire2str printout of RR type CAA tags.
+- Fix sldns int16_data parse.
+- Fix sldns parse and printout of TSIG RRs.
+- sldns SMIMEA and AVC definitions, same as getdns definitions.
+- Fix tcp-mss failure printout text.
+- Set SO_REUSEADDR on outgoing tcp connections to fix the bind before
+  connect limited tcp connections.  With the option tcp connections
+  can share the same source port (for different destinations).
+- Add 'c' to getopt() in testbound.
+- Adjust servfail by iterator to not store in cache when serve-expired
+  is enabled, to avoid overwriting useful information there.
+- Fix queries for nameservers under a stub leaking to the internet.
+- document trust-anchor-signaling in example config file.
+- updated configure, dependencies and flex output.
+- better module memory lookup, fix of unbound-control shm names for
+  module memory printout of statistics.
+- Fix type AVC sldns rrdef.
+- Some whitespace fixup.
+- Fix #1265: contrib/unbound.service contains hardcoded path.
+- Fix #1265 to use /bin/kill.
+- Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs,
+  and compatibility with BoringSSL.
+- Fix #1268: SIGSEGV after log_reopen.
+- exec_prefix is by default equal to prefix.
+- printout localzone for duplicate local-zone warnings.
+- Fix assertion for low buffer size and big edns payload when worker
+  overrides udpsize.
+- Support for openssl EVP_DigestVerify.
+- Fix #1269: inconsistent use of built-in local zones with views.
+- Add defaults for new local-zone trees added to views using
+  unbound-control.
+- Fix #1273: cachedb.c doesn't compile with -Wextra.
+- If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write.
+- Also use global local-zones when there is a matching view that does
+  not have any local-zone specified.
+- Fix fastopen EPIPE fallthrough to perform connect.
+- Fix #1274: automatically trim chroot path from dnscrypt key/cert paths
+  (from Manu Bretelle).
+- Fix #1275: cached data in cachedb is never used.
+- Fix that unbound-control can set val_clean_additional and
+  val_permissive_mode.
+- Add dnscrypt XChaCha20 tests.
+- Detect chacha for dnscrypt at configure time.
+- dnscrypt unit tests with chacha.
+- Added domain name based ECS whitelist.
+- Fix #1278: Incomplete wildcard proof.
+- Fix #1279: Memory leak on reload when python module is enabled.
+- Fix #1280: Unbound fails assert when response from authoritative
+  contains malformed qname.  When 0x20 caps-for-id is enabled, when
+  assertions are not enabled the malformed qname is handled correctly.
+- More fixes in depth for buffer checks in 0x20 qname checks.
+- Fix stub zone queries leaking to the internet for
+  harden-referral-path ns checks.
+- Fix query for refetch_glue of stub leaking to internet.
+- Fix #1301: memory leak in respip and tests.
+- Free callback in edns-subnetmod on exit and restart.
+- Fix memory leak in sldns_buffer_new_frm_data.
+- Fix memory leak in dnscrypt config read.
+- Fix dnscrypt chacha cert support ifdefs.
+- Fix dnscrypt chacha cert unit test escapes in grep.
+- Fix to unlock view in view test.
+- Fix warning in pythonmod under clang compiler.
+- Fix lintian typo.
+- Fix #1316: heap read buffer overflow in parse_edns_options.
+
 -------------------------------------------------------------------
 Wed Jun 14 10:22:38 UTC 2017 - michael@stroeder.com
 
diff --git a/unbound.spec b/unbound.spec
index 11a785e..8eb886e 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -53,7 +53,7 @@
 %endif
 
 Name:           unbound
-Version:        1.6.3
+Version:        1.6.4
 Release:        0
 #
 #