Accepting request 992035 from home:stroeder:network

Update to 1.16.2 which fixes the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.

OBS-URL: https://build.opensuse.org/request/show/992035
OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=151

libunbound-devel-mini.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Mon Aug  1 13:05:10 UTC 2022 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.16.2
+  * Features
+    - Merge #718: Introduce infra-cache-max-rtt option to config max
+      retransmit timeout.
+  * Bug Fixes
+    - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
+    - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
+      one loop pass'.
+    - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
+      outbound tcp sockets.
+    - Fix verbose EDE error printout.
+    - Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
+    - For windows crosscompile, fix setting the IPV6_MTU socket option
+      equivalent (IPV6_USER_MTU); allows cross compiling with latest
+      cross-compiler versions.
+    - Merge PR 714: Avoid treat normal hosts as unresponsive servers.
+      And fixup the lock code.
+    - iana portlist update.
+    - Update documentation for 'outbound-msg-retry:'.
+    - Tests for ghost domain fixes.
+
 -------------------------------------------------------------------
 Mon Jul 11 10:03:06 UTC 2022 - Michael Ströder <michael@stroeder.com>
 

libunbound-devel-mini.spec

@@ -22,7 +22,7 @@
 %bcond_without hardened_build
 #
 Name:           libunbound-devel-mini
-Version:        1.16.1
+Version:        1.16.2
 Release:        0
 Summary:        Just a devel package for build loops
 License:        BSD-3-Clause

unbound-1.16.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2fe4762abccd564a0738d5d502f57ead273e681e92d50d7fba32d11103174e9a
-size 6201745

unbound-1.16.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2e32f283820c24c51ca1dd8afecfdb747c7385a137abe865c99db4b257403581
+size 6204297

unbound.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Mon Aug  1 13:05:10 UTC 2022 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.16.2
+  * Features
+    - Merge #718: Introduce infra-cache-max-rtt option to config max
+      retransmit timeout.
+  * Bug Fixes
+    - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
+    - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
+      one loop pass'.
+    - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
+      outbound tcp sockets.
+    - Fix verbose EDE error printout.
+    - Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
+    - For windows crosscompile, fix setting the IPV6_MTU socket option
+      equivalent (IPV6_USER_MTU); allows cross compiling with latest
+      cross-compiler versions.
+    - Merge PR 714: Avoid treat normal hosts as unresponsive servers.
+      And fixup the lock code.
+    - iana portlist update.
+    - Update documentation for 'outbound-msg-retry:'.
+    - Tests for ghost domain fixes.
+
 -------------------------------------------------------------------
 Mon Jul 11 10:03:06 UTC 2022 - Michael Ströder <michael@stroeder.com>
 

unbound.spec

@@ -33,7 +33,7 @@
 %define piddir /run
 
 Name:           unbound
-Version:        1.16.1
+Version:        1.16.2
 Release:        0
 BuildRequires:  flex
 BuildRequires:  ldns-devel >= %{ldns_version}