From 600207e4843846e2af6e1eacb6801bbe87129bfdaaf07797fba5ec7cdecd9307 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Thu, 3 Dec 2020 11:53:51 +0000 Subject: [PATCH] Accepting request 852892 from home:stroeder:branches:server:dns update to 1.13.0 OBS-URL: https://build.opensuse.org/request/show/852892 OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=134 --- libunbound-devel-mini.changes | 115 ++++++++++++++++++++++++++++++++++ libunbound-devel-mini.spec | 2 +- unbound-1.12.0.tar.gz | 3 - unbound-1.13.0.tar.gz | 3 + unbound.changes | 115 ++++++++++++++++++++++++++++++++++ unbound.spec | 2 +- 6 files changed, 235 insertions(+), 5 deletions(-) delete mode 100644 unbound-1.12.0.tar.gz create mode 100644 unbound-1.13.0.tar.gz diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes index 772c895..584ccac 100644 --- a/libunbound-devel-mini.changes +++ b/libunbound-devel-mini.changes @@ -1,3 +1,118 @@ +------------------------------------------------------------------- +Thu Dec 3 11:26:17 UTC 2020 - Michael Ströder + +- update to 1.13.0 + +Features +- Pass the comm_reply information to the inplace_cb_reply* functions + during the mesh state and update the documentation on that. +- Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. + This adds the option http-notls-downstream: yesno to change that, + and the dohclient test code has the -n option. +- Merge PR #228 : infra-keep-probing option to probe hosts that are + down. Add infra-keep-probing: yes option. Hosts that are down are + probed more frequently. + With the option turned on, it probes about every 120 seconds, + eventually after exponential backoff, and that keeps that way. If + traffic keeps up for the domain. It probes with one at a time, eg. + one query is allowed to probe, other queries within that 120 second + interval are turned away. +- Merge PR #313 from Ralph Dolmans: Replace edns-client-tag with + edns-client-string option. +- Merge PR #283 : Stream reuse. This implements upstream stream + reuse for performing several queries over the same TCP or TLS + channel. +- Fix to connect() to UDP destinations, default turned on, + this lowers vulnerability to ICMP side channels. + Option to toggle udp-connect, default is enabled. + +Bug Fixes +- Fix #319: potential memory leak on config failure, in rpz config. +- Fix dnstap socket and the chroot not applied properly to the dnstap + socket path. +- Fix warning in libnss compile, nss_buf2dsa is not used without DSA. +- Fix #323: unbound testsuite fails on mock build in systemd-nspawn + if systemd support is build. +- Fix for python reply callback to see mesh state reply_list member, + it only removes it briefly for the commpoint call so that it does + not drop it and attempt to modify the reply list during reply. +- Fix that if there are on reply callbacks, those are called per + reply and a new message created if that was modified by the call. +- Free up auth zone parse region after use for lookup of host +- Merge PR #326 from netblue30: DoH: implement content-length + header field. +- DoH content length, simplify code, remove declaration after + statement and fix cast warning. +- Fix that if there are reply callbacks for the given rcode, those + are called per reply and a new message created if that was modified + by the call. +- Fix that the out of order TCP processing does not limit the + number of outstanding queries over a connection. +- Fix python documentation warning on functions.rst inplace_cb_reply. +- Log ip address when http session recv fails, eg. due to tls fail. +- Fix to set the tcp handler event toggle flag back to default when + the handler structure is reused. +- Clean the fix for out of order TCP processing limits on number + of queries. It was tested to work. +- Fix that http settings have colon in set_option, for + http-endpoint, http-max-streams, http-query-buffer-size, + http-response-buffer-size, and http-nodelay. +- Fix memory leak of https port string when reading config. +- local-zone regional allocations outside of chunk +- Merge PR #324 from James Renken: Add modern X.509v3 extensions to + unbound-control TLS certificates. +- Fix for PR #324 to attach the x509v3 extensions to the client + certificate. +- Fix #327: net/if.h check fails on some darwin versions; contribution + by Joshua Root. +- Fix #320: potential memory corruption due to size miscomputation upton + custom region alloc init. +- Fix #333: Unbound Segmentation Fault w/ log_info Functions From + Python Mod. +- Fix that minimal-responses does not remove addresses from a priming + query response. +- In man page note that tls-cert-bundle is read before permission + drop and chroot. +- Fix #341: fixing a possible memory leak. +- Fix memory leak after fix for possible memory leak failure. +- Fix #343: Fail to build --with-libnghttp2 with error: 'SSIZE_MAX' + undeclared. +- Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere + with chown of pidfile. +- Fix #347: IP_DONTFRAG broken on Apple xcode 12.2. +- Fix #350: with the AF_NETLINK permission, to fix 1.12.0 error: + failed to list interfaces: getifaddrs: Address family not + supported by protocol. +- Merge #351 from dvzrv: Add AF_NETLINK to set of allowed socket + address families. +- iana portlist updated. +- Fix crash when TLS connection is closed prematurely, when + reuse tree comparison is not properly identical to insertion. +- Fix padding of struct regional for 32bit systems. +- with udp-connect ignore connection refused with UDP timeouts. +- Fix udp-connect on FreeBSD, do send calls on connected UDP socket. +- Better fix for reuse tree comparison for is-tls sockets. Where + the tree key identity is preserved after cleanup of the TLS state. +- Fix memory leak for edns client tag opcode config element. +- Attempt fix for libevent state in tcp reuse cases after a packet + is written. +- Fix readagain and writeagain callback functions for comm point + cleanup. +- Fix to omit UDP receive errors from log, if verbosity low. + These happen because of udp-connect. +- For #352: contrib/metrics.awk for Prometheus style metrics output. +- Fix that after failed read, the readagain cannot activate. +- Clear readagain upon decommission of pending tcp structure. +- Fix compile warning for type cast in http2_submit_dns_response. +- Fix when use free buffer to initialize rbtree for stream reuse. +- Fix compile warnings for windows. +- Fix compile warnings in rpz initialization. +- Fix contrib/metrics.awk for FreeBSD awk compatibility. +- Fix assertion failure on double callback when iterator loses + interest in query at head of line that then has the tcp stream + not kept for reuse. +- Fix stream reuse and tcp fast open. + ------------------------------------------------------------------- Thu Oct 8 08:39:40 UTC 2020 - Michael Ströder diff --git a/libunbound-devel-mini.spec b/libunbound-devel-mini.spec index e7fc365..6f80fcb 100644 --- a/libunbound-devel-mini.spec +++ b/libunbound-devel-mini.spec @@ -24,7 +24,7 @@ # Name: libunbound-devel-mini -Version: 1.12.0 +Version: 1.13.0 Release: 0 # # diff --git a/unbound-1.12.0.tar.gz b/unbound-1.12.0.tar.gz deleted file mode 100644 index 84b50af..0000000 --- a/unbound-1.12.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5b9253a97812f24419bf2e6b3ad28c69287261cf8c8fa79e3e9f6d3bf7ef5835 -size 5918399 diff --git a/unbound-1.13.0.tar.gz b/unbound-1.13.0.tar.gz new file mode 100644 index 0000000..ce6c9c5 --- /dev/null +++ b/unbound-1.13.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a954043a95b0326ca4037e50dace1f3a207a0a19e9a4a22f4c6718fc623db2a1 +size 5950063 diff --git a/unbound.changes b/unbound.changes index 4b86c1f..2f7147d 100644 --- a/unbound.changes +++ b/unbound.changes @@ -1,3 +1,118 @@ +------------------------------------------------------------------- +Thu Dec 3 11:26:17 UTC 2020 - Michael Ströder + +- update to 1.13.0 + +Features +- Pass the comm_reply information to the inplace_cb_reply* functions + during the mesh state and update the documentation on that. +- Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. + This adds the option http-notls-downstream: yesno to change that, + and the dohclient test code has the -n option. +- Merge PR #228 : infra-keep-probing option to probe hosts that are + down. Add infra-keep-probing: yes option. Hosts that are down are + probed more frequently. + With the option turned on, it probes about every 120 seconds, + eventually after exponential backoff, and that keeps that way. If + traffic keeps up for the domain. It probes with one at a time, eg. + one query is allowed to probe, other queries within that 120 second + interval are turned away. +- Merge PR #313 from Ralph Dolmans: Replace edns-client-tag with + edns-client-string option. +- Merge PR #283 : Stream reuse. This implements upstream stream + reuse for performing several queries over the same TCP or TLS + channel. +- Fix to connect() to UDP destinations, default turned on, + this lowers vulnerability to ICMP side channels. + Option to toggle udp-connect, default is enabled. + +Bug Fixes +- Fix #319: potential memory leak on config failure, in rpz config. +- Fix dnstap socket and the chroot not applied properly to the dnstap + socket path. +- Fix warning in libnss compile, nss_buf2dsa is not used without DSA. +- Fix #323: unbound testsuite fails on mock build in systemd-nspawn + if systemd support is build. +- Fix for python reply callback to see mesh state reply_list member, + it only removes it briefly for the commpoint call so that it does + not drop it and attempt to modify the reply list during reply. +- Fix that if there are on reply callbacks, those are called per + reply and a new message created if that was modified by the call. +- Free up auth zone parse region after use for lookup of host +- Merge PR #326 from netblue30: DoH: implement content-length + header field. +- DoH content length, simplify code, remove declaration after + statement and fix cast warning. +- Fix that if there are reply callbacks for the given rcode, those + are called per reply and a new message created if that was modified + by the call. +- Fix that the out of order TCP processing does not limit the + number of outstanding queries over a connection. +- Fix python documentation warning on functions.rst inplace_cb_reply. +- Log ip address when http session recv fails, eg. due to tls fail. +- Fix to set the tcp handler event toggle flag back to default when + the handler structure is reused. +- Clean the fix for out of order TCP processing limits on number + of queries. It was tested to work. +- Fix that http settings have colon in set_option, for + http-endpoint, http-max-streams, http-query-buffer-size, + http-response-buffer-size, and http-nodelay. +- Fix memory leak of https port string when reading config. +- local-zone regional allocations outside of chunk +- Merge PR #324 from James Renken: Add modern X.509v3 extensions to + unbound-control TLS certificates. +- Fix for PR #324 to attach the x509v3 extensions to the client + certificate. +- Fix #327: net/if.h check fails on some darwin versions; contribution + by Joshua Root. +- Fix #320: potential memory corruption due to size miscomputation upton + custom region alloc init. +- Fix #333: Unbound Segmentation Fault w/ log_info Functions From + Python Mod. +- Fix that minimal-responses does not remove addresses from a priming + query response. +- In man page note that tls-cert-bundle is read before permission + drop and chroot. +- Fix #341: fixing a possible memory leak. +- Fix memory leak after fix for possible memory leak failure. +- Fix #343: Fail to build --with-libnghttp2 with error: 'SSIZE_MAX' + undeclared. +- Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere + with chown of pidfile. +- Fix #347: IP_DONTFRAG broken on Apple xcode 12.2. +- Fix #350: with the AF_NETLINK permission, to fix 1.12.0 error: + failed to list interfaces: getifaddrs: Address family not + supported by protocol. +- Merge #351 from dvzrv: Add AF_NETLINK to set of allowed socket + address families. +- iana portlist updated. +- Fix crash when TLS connection is closed prematurely, when + reuse tree comparison is not properly identical to insertion. +- Fix padding of struct regional for 32bit systems. +- with udp-connect ignore connection refused with UDP timeouts. +- Fix udp-connect on FreeBSD, do send calls on connected UDP socket. +- Better fix for reuse tree comparison for is-tls sockets. Where + the tree key identity is preserved after cleanup of the TLS state. +- Fix memory leak for edns client tag opcode config element. +- Attempt fix for libevent state in tcp reuse cases after a packet + is written. +- Fix readagain and writeagain callback functions for comm point + cleanup. +- Fix to omit UDP receive errors from log, if verbosity low. + These happen because of udp-connect. +- For #352: contrib/metrics.awk for Prometheus style metrics output. +- Fix that after failed read, the readagain cannot activate. +- Clear readagain upon decommission of pending tcp structure. +- Fix compile warning for type cast in http2_submit_dns_response. +- Fix when use free buffer to initialize rbtree for stream reuse. +- Fix compile warnings for windows. +- Fix compile warnings in rpz initialization. +- Fix contrib/metrics.awk for FreeBSD awk compatibility. +- Fix assertion failure on double callback when iterator loses + interest in query at head of line that then has the tcp stream + not kept for reuse. +- Fix stream reuse and tcp fast open. + ------------------------------------------------------------------- Thu Oct 8 08:39:40 UTC 2020 - Michael Ströder diff --git a/unbound.spec b/unbound.spec index 5c33233..823b645 100644 --- a/unbound.spec +++ b/unbound.spec @@ -36,7 +36,7 @@ %define piddir /run Name: unbound -Version: 1.12.0 +Version: 1.13.0 Release: 0 # #