From 050def245d59680bb930885efdc696f7588e5aa89f38929bbb24c47bacac2786 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Thu, 23 Feb 2023 10:39:45 +0000 Subject: [PATCH 1/2] Accepting request 1045741 from home:wfrisch:branches:server:dns - Tighten permissions (boo#1173619) - Add missing dependency: unbound-control-setup needs /usr/bin/openssl. OBS-URL: https://build.opensuse.org/request/show/1045741 OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=158 --- libunbound-devel-mini.changes | 6 ++++++ unbound.changes | 6 ++++++ unbound.spec | 8 +++++--- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes index 95b7b8c..7119b5b 100644 --- a/libunbound-devel-mini.changes +++ b/libunbound-devel-mini.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Dec 29 18:12:29 UTC 2022 - Wolfgang Frisch + +- Tighten permissions (boo#1173619) +- Add missing dependency: unbound-control-setup needs /usr/bin/openssl. + ------------------------------------------------------------------- Thu Oct 13 17:08:56 UTC 2022 - Michael Ströder diff --git a/unbound.changes b/unbound.changes index d0faad1..bbaccb7 100644 --- a/unbound.changes +++ b/unbound.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Dec 29 18:10:37 UTC 2022 - Wolfgang Frisch + +- Tighten permissions (boo#1173619) +- Add missing dependency: unbound-control-setup needs /usr/bin/openssl. + ------------------------------------------------------------------- Thu Oct 13 17:08:56 UTC 2022 - Michael Ströder diff --git a/unbound.spec b/unbound.spec index df91007..5575bb5 100644 --- a/unbound.spec +++ b/unbound.spec @@ -57,6 +57,8 @@ BuildRequires: pkgconfig(libnghttp2) Requires: ldns >= %{ldns_version} # until we figured something else out for the unbound-anchor part in the systemd unit file Requires: sudo +# unbound-control-setup depends on /usr/bin/openssl +Requires: openssl %if %{with systemd} BuildRequires: pkgconfig(libsystemd) %{?systemd_requires} @@ -351,11 +353,11 @@ systemd-tmpfiles --create %{_tmpfilesdir}/unbound.conf || : %attr(0755,unbound,unbound) %ghost %dir %{piddir}/%{name} %attr(0640,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/unbound.conf %dir %attr(-,root,unbound) %{_sysconfdir}/%{name}/keys.d -%attr(0660,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/keys.d/*.key +%attr(0640,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/keys.d/*.key %dir %attr(-,root,unbound) %{_sysconfdir}/%{name}/conf.d -%attr(0660,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/conf.d/*.conf +%attr(0640,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/conf.d/*.conf %dir %attr(-,root,unbound) %{_sysconfdir}/%{name}/local.d -%attr(0660,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/local.d/*.conf +%attr(0640,root,unbound) %config(noreplace) %{_sysconfdir}/%{name}/local.d/*.conf %{_sbindir}/unbound %{_sbindir}/unbound-checkconf %{_sbindir}/unbound-host From 1a0d18b0becfaac5ac776e17b719f254225f2c4038247a7b5956e2d688cda04a Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Thu, 23 Feb 2023 10:40:06 +0000 Subject: [PATCH 2/2] Accepting request 1067340 from home:pmonrealgonzalez:branches:server:dns - Update to 1.17.1: * Features: - Expose 'statistics-inhibit-zero' as a configuration option; the default value retains Unbound's behavior. - Expose 'max-sent-count' as a configuration option; the default value retains Unbound's behavior. - Merge #461 from Christian Allred: Add max-query-restarts option. Exposes an internal configuration but the default value retains Unbound's behavior. - Merge #569 from JINMEI Tatuya: add keep-cache option to 'unbound-control reload' to keep caches. * Bug Fixes: - Merge #768 from fobser: Arithmetic on a pointer to void is a GNU extension. - In unit test, print python script name list correctly. - testcode/dohclient sets log identity to its name. - Clarify the use of MAX_SENT_COUNT in the iterator code. - Fix that cachedb does not store failures in the external cache. - Merge #767 from jonathangray: consistently use IPv4/IPv6 in unbound.conf.5. - Fix to ignore tcp events for closed comm points. - Fix to make sure to not read again after a tcp comm point is closed. - Fix #775: libunbound: subprocess reap causes parent process reap to hang. - iana portlist update. - Complementary fix for distutils.sysconfig deprecation in Python 3.10 to commit 62c5039ab9da42713e006e840b7578e01d66e7f2. - Fix #779: [doc] Missing documention in ub_resolve_event() for callback parameter was_ratelimited. OBS-URL: https://build.opensuse.org/request/show/1067340 OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=159 --- libunbound-devel-mini.changes | 52 ++++++++++++++++++++++++++++++++ libunbound-devel-mini.spec | 6 ++-- unbound-1.17.0.tar.gz | 3 -- unbound-1.17.1.tar.gz | 3 ++ unbound-1.17.1.tar.gz.asc | 16 ++++++++++ unbound.changes | 52 ++++++++++++++++++++++++++++++++ unbound.keyring | 57 +++++++++++++++++++++++++++++++++++ unbound.spec | 6 ++-- 8 files changed, 188 insertions(+), 7 deletions(-) delete mode 100644 unbound-1.17.0.tar.gz create mode 100644 unbound-1.17.1.tar.gz create mode 100644 unbound-1.17.1.tar.gz.asc create mode 100644 unbound.keyring diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes index 7119b5b..4c87afa 100644 --- a/libunbound-devel-mini.changes +++ b/libunbound-devel-mini.changes @@ -1,3 +1,55 @@ +------------------------------------------------------------------- +Thu Feb 23 09:15:48 UTC 2023 - Pedro Monreal + +- Update to 1.17.1: + * Features: + - Expose 'statistics-inhibit-zero' as a configuration option; + the default value retains Unbound's behavior. + - Expose 'max-sent-count' as a configuration option; the default + value retains Unbound's behavior. + - Merge #461 from Christian Allred: Add max-query-restarts option. + Exposes an internal configuration but the default value retains + Unbound's behavior. + - Merge #569 from JINMEI Tatuya: add keep-cache option to + 'unbound-control reload' to keep caches. + * Bug Fixes: + - Merge #768 from fobser: Arithmetic on a pointer to void is a + GNU extension. + - In unit test, print python script name list correctly. + - testcode/dohclient sets log identity to its name. + - Clarify the use of MAX_SENT_COUNT in the iterator code. + - Fix that cachedb does not store failures in the external cache. + - Merge #767 from jonathangray: consistently use IPv4/IPv6 in + unbound.conf.5. + - Fix to ignore tcp events for closed comm points. + - Fix to make sure to not read again after a tcp comm point is + closed. + - Fix #775: libunbound: subprocess reap causes parent process + reap to hang. + - iana portlist update. + - Complementary fix for distutils.sysconfig deprecation in + Python 3.10 to commit 62c5039ab9da42713e006e840b7578e01d66e7f2. + - Fix #779: [doc] Missing documention in ub_resolve_event() for + callback parameter was_ratelimited. + - Ignore expired error responses. + - Merge #720 from jonathangray: fix use after free when + WSACreateEvent() fails. + - Fix for the ignore of tcp events for closed comm points, + preserve the use after free protection features. + - Fix #782: Segmentation fault in stats.c:404. + - Add SVCB and HTTPS to the types removed by 'unbound-control flush'. + - Clear documentation for interactivity between the subnet module + and the serve-expired and prefetch configuration options. + - Fix #773: When used with systemd-networkd, unbound does not start + until systemd-networkd-wait-online.service times out. + - Merge #808: Wrap Makefile script's directory variables in quotes. + - Fix to wrap Makefile scripts directory in quotes for uninstall. + - Fix windows compile for libunbound subprocess reap comm point closes. + - Update github workflows to use checkout v3. + - Fix wildcard in hyperlocal zone service degradation, reported + by Sergey Kacheev. + * Add signature and keyring files + ------------------------------------------------------------------- Thu Dec 29 18:12:29 UTC 2022 - Wolfgang Frisch diff --git a/libunbound-devel-mini.spec b/libunbound-devel-mini.spec index e5f039d..350c22b 100644 --- a/libunbound-devel-mini.spec +++ b/libunbound-devel-mini.spec @@ -1,7 +1,7 @@ # # spec file for package libunbound-devel-mini # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %bcond_without hardened_build # Name: libunbound-devel-mini -Version: 1.17.0 +Version: 1.17.1 Release: 0 Summary: Just a devel package for build loops License: BSD-3-Clause @@ -30,6 +30,8 @@ Group: Productivity/Networking/DNS/Servers # URL: https://www.unbound.net/ Source: https://www.unbound.net/downloads/unbound-%{version}.tar.gz +Source100: https://www.unbound.net/downloads/unbound-%{version}.tar.gz.asc +Source101: unbound.keyring Source1: libunbound-devel-mini-rpmlintrc Source5: root.key Source6: dlv.isc.org.key diff --git a/unbound-1.17.0.tar.gz b/unbound-1.17.0.tar.gz deleted file mode 100644 index 6289f43..0000000 --- a/unbound-1.17.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dcbc95d7891d9f910c66e4edc9f1f2fde4dea2eec18e3af9f75aed44a02f1341 -size 6235060 diff --git a/unbound-1.17.1.tar.gz b/unbound-1.17.1.tar.gz new file mode 100644 index 0000000..95dfed0 --- /dev/null +++ b/unbound-1.17.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ee4085cecce12584e600f3d814a28fa822dfaacec1f94c84bfd67f8a5571a5f4 +size 6244773 diff --git a/unbound-1.17.1.tar.gz.asc b/unbound-1.17.1.tar.gz.asc new file mode 100644 index 0000000..96b89b9 --- /dev/null +++ b/unbound-1.17.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE7fqj8spObrBWga+On28cLX4EX40FAmO/wmUACgkQn28cLX4E +X40EBxAApOIAHQGYxRcnMWgqB+hN2YR+M/CcOz19UiQ/KrG8f+ji9mUfIUsUTQsa +Oat/TuWPqQ4gCXocX4Dc4+LE0bebHVJkg4TQniEIjYOWja/6uBOfav14GBfJsq+m +3A9IBdOGYTAR5mGfTs1cxJfWAbX3U+oroKwn5zPh+wCRR0CoY8sEumZu7Tzb4yUx +OPhlj1Qzz/NkSi+0RkwogJy2hHdXVvHYUtTDKheFye/GeGa+trRnu8mCKpuyw6N9 +dnQ7oXlCds8JW7YgaBf4qh1pH6VO18CTo7KG3yKiEeRb+HRRmr7KKQUOlefjcct+ +QKOFhSPnVYhfvaPYEQiqVQ92ae7/wBT6cQzOMXRbY+NQjr/QfeF3QWTMRFrz3kHn +ZccpvcsjOR3wRDGQkcaa8ta40soEkzD+XRPK4oxB9D/Z5FOVoR/WTX9DZVm7PJ5+ +SGHFBGOddICBWao1h01KCSyQ7nxNi1lLIRndj+AKtQAW/kO8hKh4YYKHAlI0dRQD +MLitcrQOU1pJha+hhb/87BihtXlevUVO45ctCLLooSCrVG8cca8p3jwvJoPPwdCp +1MBVZv8STPAO//4XoZkAtTcgnaUle/ro/1DFmAK/IhDyU4KP6l3uvcUvsk3Xpk1O +AzazgiqVuIYXQ98cTh0QzAGUuFAWNFqWSF2mj+poNv0RnL/J14U= +=xZw4 +-----END PGP SIGNATURE----- diff --git a/unbound.changes b/unbound.changes index bbaccb7..8bedaf7 100644 --- a/unbound.changes +++ b/unbound.changes @@ -1,3 +1,55 @@ +------------------------------------------------------------------- +Thu Feb 23 09:15:48 UTC 2023 - Pedro Monreal + +- Update to 1.17.1: + * Features: + - Expose 'statistics-inhibit-zero' as a configuration option; + the default value retains Unbound's behavior. + - Expose 'max-sent-count' as a configuration option; the default + value retains Unbound's behavior. + - Merge #461 from Christian Allred: Add max-query-restarts option. + Exposes an internal configuration but the default value retains + Unbound's behavior. + - Merge #569 from JINMEI Tatuya: add keep-cache option to + 'unbound-control reload' to keep caches. + * Bug Fixes: + - Merge #768 from fobser: Arithmetic on a pointer to void is a + GNU extension. + - In unit test, print python script name list correctly. + - testcode/dohclient sets log identity to its name. + - Clarify the use of MAX_SENT_COUNT in the iterator code. + - Fix that cachedb does not store failures in the external cache. + - Merge #767 from jonathangray: consistently use IPv4/IPv6 in + unbound.conf.5. + - Fix to ignore tcp events for closed comm points. + - Fix to make sure to not read again after a tcp comm point is + closed. + - Fix #775: libunbound: subprocess reap causes parent process + reap to hang. + - iana portlist update. + - Complementary fix for distutils.sysconfig deprecation in + Python 3.10 to commit 62c5039ab9da42713e006e840b7578e01d66e7f2. + - Fix #779: [doc] Missing documention in ub_resolve_event() for + callback parameter was_ratelimited. + - Ignore expired error responses. + - Merge #720 from jonathangray: fix use after free when + WSACreateEvent() fails. + - Fix for the ignore of tcp events for closed comm points, + preserve the use after free protection features. + - Fix #782: Segmentation fault in stats.c:404. + - Add SVCB and HTTPS to the types removed by 'unbound-control flush'. + - Clear documentation for interactivity between the subnet module + and the serve-expired and prefetch configuration options. + - Fix #773: When used with systemd-networkd, unbound does not start + until systemd-networkd-wait-online.service times out. + - Merge #808: Wrap Makefile script's directory variables in quotes. + - Fix to wrap Makefile scripts directory in quotes for uninstall. + - Fix windows compile for libunbound subprocess reap comm point closes. + - Update github workflows to use checkout v3. + - Fix wildcard in hyperlocal zone service degradation, reported + by Sergey Kacheev. + * Add signature and keyring files + ------------------------------------------------------------------- Thu Dec 29 18:10:37 UTC 2022 - Wolfgang Frisch diff --git a/unbound.keyring b/unbound.keyring new file mode 100644 index 0000000..44e7c95 --- /dev/null +++ b/unbound.keyring @@ -0,0 +1,57 @@ +pub rsa4096 2011-04-21 [SCA] [expires: 2024-12-07] + EDFAA3F2CA4E6EB05681AF8E9F6F1C2D7E045F8D +uid W.C.A. Wijngaards +sub rsa4096 2011-04-21 [E] [expires: 2024-12-07] + +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE2v/RwBEACyQpJlpCeSZBV1QUH7jNEp5xGdo6OnX2h9XoZ4ZPsb+u6OT+xE +SH45ncnISUh8rPCygbeWOoPR/yOBzh+lYoGxQ5iUHtwRrhHq04sQe/qFpXDO2xs6 +1pTcPU2PnH7Rsr2qp6fZLPHuXLolD7NJfaSib8sVeMM0/ecyl/L2bBg9NpaGDX0x +TQh95M8o6AFo6UKWApBpgsvEZr2aH/B8b9KnCWFhfJyheEM7DamksdZNsKxXQyq3 +l/ROfdsMLZGF8vPbYV/v11G4keyaLpn8AbBpybIiw9SYDwf2ENk3+e1NFfMaiiyE +qn9+aaLTKCY87TMUuoN3s3jWOOy5tHXzf6DbKhub4Awsby3DH5YpPhi4N2vj2pAX +Vpl5+m78cH29JLzT+HAoyZ4tq1r3m0P5QogNqYwqxkKWYOjDilNDBiKiDdgtrLYG +x+ABovKG/FvToJoaCL4AFaVCzWmL2uHkSgyBN0FPHatCB1UeEkcQit6T8E2NQqmF +WjUMXSWHHajSMG95+L5PdLHz/Ku0o3Csvlt2pkElYZmzJBfnOM9JevdsmKr/ruJC +/DCZAn5w2S/9ZF5qfo2F9HUKIwE/dChR29HcN8V4nqZs9oCvEMfFhHmrfwDc5hed +hvb6mAkvSFFtKIrygLIVeWRj3FE9sGp6sr4VwOLYTFRNk7mAsWD1rZApeQARAQAB +tCdXLkMuQS4gV2lqbmdhYXJkcyA8d291dGVyQG5sbmV0bGFicy5ubD6JAlUEEwEI +AD8CGyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE7fqj8spObrBWga+On28c +LX4EX40FAl3uCXUFCRmkDdkACgkQn28cLX4EX40PIBAAnvuPWg0B0bmXQxytVQiS +s4W/jL33SI75fHkMZY6RvVM+WNewceEln7ixwnhpYdZuiDgFnluIOlqMJtXnNT5F +Wu/U3a5Cm9DMXy0mreog24rlYw8ctm1qJFtP3D8yfxaFg7RAtB/VEwDG+UBgQ2VG +y7sF+2Y7zJAIR9ef4TvRo+ER6B9USRiQC0bWc47c7Cai+d5FvxFefVdU+/TaHMsd +NfIsOdCZ9NpiPMGCWfR2XOQuw/iufb3Ki0WYJKyazm8NLBL92BTgWKf9Q3ph9pxz +zAUijJjeUQHK99oLlI3eARFn9kOwKPkJ4XYtetVtGCgluCQJjqEOG0NMHxPUOWlC +BoVBedi/mnPB8u3QcmghMQgP1k6kEP4lT8m5qSUIRaJ1rf35qcWxNsCk4UhDh0zu +u3uXtyX1G9LzSrLMmaI2qOIdTBeZ72jzSqMm1sCp6TTNDkXMpfmqICsFuxNeUxFN +ExOf/4ALBcEQ3Ap0hCp5LIDNN9tZte0Q3yWwmoyL+Owxw2BN8r4UWYwiQmsNBqMN +bA0Vo3ThaZiIsQ+f78ebscqkhz7hgLF5RL5fmd0XXOW0O6QFru1DaUd4ZyT34PCi +9sajhe+VShvfzYyxPNMo/MHVaAnw774s6wbTl5xyOPYAjAnzamxiG+clYZk3XqO5 +Yvk3vYZSdg6x57oxiZRXvqe5Ag0ETa/9HAEQAKbwynlS4kmsxEnU2PSrElrKqAd/ +KbzrLtuTOPbRI3OU7WOS8CjXJKpHkZSfNzvHRRu1AVbhsCymn/+jkf6XtuLqWdu3 +jjllu7F70Db+Wl5TmHxfpoyIVCDao6uKSg5jtXPSe4eXfmrjlX83IH6LYNwVQmip ++ernI4kCdOfblDH4Fk71ZYm56Ce3XmXILfL+1XCyvY7/j/ECR0yMg8yXfiY3Y7h1 +6gvwN+0+RvWfOMfMGK0GOpmZjiGGjI8CCnYBXjfpy5OYXpwEVM+DExVFuI/YR6bs +gBaJg0Pd/8JB2fSBAoU8XWZ377Hf/2eOb33F/XUDPrbkfFwmE4VbEnCNU58EeOoY +uTZH5h6Nx1ccAfP6MCfhWQ7EzQWyXewFctu15OC+YS3uwcCw7RTMjqeJToqQjO// +5rRQfZk86pzsIkksk0ZcBlASZM0BVkGtGem32MAOvstXZ9fR+dfRluPYq7Zftvlv +FuDfKC64iIz76q0DsmhCxXEX1ehXy4tPRz4R1W3ozqiBGzrX7jdPpo66xgMKK7X0 +wY38PNDflvdAU77WuCtksox3CU5A2HoXzqP+SDKRrQ7DoL7Amw2hUZzSbmLUqkJr +1pNSiDyMOgpHSbWWt/qt2AOw+6LzlR9TgUyjXQY3Pl+FvC+UfTAspl1r4Ij/udkr +9VSHGZrJwga8CuPdABEBAAGJAjwEGAEIACYCGwwWIQTt+qPyyk5usFaBr46fbxwt +fgRfjQUCXe4JfQUJGaQN4QAKCRCfbxwtfgRfjdNAD/4lXxF4xEkKfcJ+pt7nJwWf +ynp0hWcmJC6GITK7nLN2lKQrLNxUUk5tByrDuznQUm4tRvF29ty4YhqhO7t2EGhR +c7m064hACwpN8Z+Cg6B6Umb7+raHrjkScBUg0ZswNeuajj9QUmQ2NQwDpJCL/KJq +bs3TLnx6gMLiwaYEq43YRbYyhZqGVfDxJLX4Bv2pUGz9GptLLp/Wckvf1o+k8Oa/ +Ik5Ji0ec1IWVhZWGvTMYCLmuezCUUasQIZsemvkVqNQrvNya009uLsXfQrjzF8Xd +ecMh4gFx6usQFAxo9RlwGV10aGZJVUllT9iFHfkk2A+eanfeA65lpGJb2Vq5kXCw +xAEgGQuklahS27xAuTILQeYnNVF6nT+zVGTNon7UbUHNdNCJdotpRBYbmHelwwPx +/Fjmqn0psb/7XRtjSxFtEFeBLqbPt10doG2D8Ty3LacQHUcNcD0cAe7sqUf173qw +9mPP0LjpmI5d7pkA6TrAFi2zhEbhsJD2kY5En4/YmvanPU1lBuzUCGeMmLFOx9l+ +wZnmUfEYuMjLG10YH+KssSo1Mgx6TbKngJKGZahnA3RXdoZgx7+sLi1Jcbv0h4o3 +AXdV3kwe0H6FwkbarO0G0pC5bb2ttEDls3HBNZ7yyTA4qzFec/1EL3viTReQ9L5X +CCZWA03V7BL/Sge+YQ/vVA== +=Sy7Z +-----END PGP PUBLIC KEY BLOCK----- diff --git a/unbound.spec b/unbound.spec index 5575bb5..8a5641f 100644 --- a/unbound.spec +++ b/unbound.spec @@ -1,7 +1,7 @@ # # spec file for package unbound # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,7 +33,7 @@ %define piddir /run Name: unbound -Version: 1.17.0 +Version: 1.17.1 Release: 0 BuildRequires: flex BuildRequires: ldns-devel >= %{ldns_version} @@ -65,6 +65,8 @@ BuildRequires: pkgconfig(libsystemd) %endif URL: https://www.unbound.net/ Source: https://www.unbound.net/downloads/unbound-%{version}.tar.gz +Source100: https://www.unbound.net/downloads/unbound-%{version}.tar.gz.asc +Source101: unbound.keyring Source1: unbound.service Source2: unbound.conf Source3: unbound.munin