Accepting request 937761 from home:stroeder:network

update to 1.14.0

OBS-URL: https://build.opensuse.org/request/show/937761
OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=143

libunbound-devel-mini.changes

@@ -1,3 +1,121 @@
+-------------------------------------------------------------------
+Thu Dec  9 11:14:33 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.14.0
+
+Features
+- Merge #401: RPZ triggers. This add additional RPZ triggers,
+  unbound supports a full set of rpz triggers, and this now
+  includes nsdname, nsip and clientip triggers. Also actions
+  are fully supported, and this now includes the tcp-only action.
+- Merge #519: Support for selective enabling tcp-upstream for
+  stub/forward zones.
+- Merge PR #514, from ziollek: Docker environment for run tests.
+- Support using system-wide crypto policies.
+- Fix that --with-ssl can use "/usr/include/openssl11" to pass the
+  location of a different openssl version.
+- Merged #41 from Moritz Schneider: made outbound-msg-retry
+  configurable.
+- Implement RFC8375: Special-Use Domain 'home.arpa.'.
+- Merge PR #555 from fobser: Allow interface names as scope-id in IPv6
+  link-local addresses.
+
+Bug Fixes
+- Add test tool readzone to .gitignore.
+- Merge #521: Update mini_event.c.
+- Merge #523: fix: free() call more than once with the same pointer.
+- For #519: note stub-tcp-upstream and forward-tcp-upstream in
+  the example configuration file.
+- For #519: yacc and lex. And fix python bindings, and test program
+  unbound-dnstap-socket.
+- For #519: fix comments for doxygen.
+- Fix to print error from unbound-anchor for writing to the key
+  file, also when not verbose.
+- For #514: generate configure.
+- Fix for #431: Squelch permission denied errors for udp connect,
+  and udp send, they are visible at higher verbosity settings.
+- Fix zonemd verification of key that is not in DNS but in the zone
+  and needs a chain of trust.
+- zonemd, fix order of bogus printout string manipulation.
+- Fix to support harden-algo-downgrade for ZONEMD dnssec checks.
+- Merge PR #528 from fobser: Make sldns_str2wire_svcparam_buf()
+  static.
+- Fix #527: not sending quad9 cert to syslog (and may be more).
+- Fix sed script in ssldir split handling.
+- Fix #529: Fix: log_assert does nothing if UNBOUND_DEBUG is
+  undefined.
+- Fix #531: Fix: passed to proc after free.
+- Fix #536: error: RPZ: name of record (drop.spamhaus.org.rpz.local.)
+  to insert into RPZ.
+- Fix the stream wait stream_wait_count_lock and http2 buffer locks
+  setup and desetup from race condition.
+- Fix RPZ locks. Do not unlock zones lock if requested and rpz find
+  zone does not find the zone. Readlock the clientip that is found
+  for ipbased triggers. Unlock the nsdname zone lock when done.
+  Unlock zone and ip in rpz nsip and nsdname callback. Unlock
+  authzone and localzone if clientip found in rpz worker call.
+- Fix compile warning in libunbound for listen desetup routine.
+- Fix asynclook unit test for setup of lockchecks before log.
+- Fix #533: Negative responses get cached even when setting
+  cache-max-negative-ttl: 1
+- Fix tcp fastopen failure when disabled, try normal connect instead.
+- Fix #538: Fix subnetcache statistics.
+- Small fixes for #41: changelog, conflicts resolved,
+  processQueryResponse takes an iterator env argument like other
+  functions in the iterator, no colon in string for set_option,
+  and some whitespace style, to make it similar to the rest.
+- Fix for #41: change outbound retry to int to fix signed comparison
+  warnings.
+- Fix root_anchor test to check with new icannbundle date.
+- Fix initialisation errors reported by gcc sanitizer.
+- Fix lock debug code for gcc sanitizer reports.
+- Fix more initialisation errors reported by gcc sanitizer.
+- Fix crosscompile on windows to work with openssl 3.0.0 the
+  link with ws2_32 needs -l:libssp.a for __strcpy_chk.
+  Also copy results from lib64 directory if needed.
+- For crosscompile on windows, detect 64bit stackprotector library.
+- Fix crosscompile shell syntax.
+- Fix crosscompile windows to use libssp when it exists.
+- For the windows compile script disable gost.
+- Fix that on windows, use BIO_set_callback_ex instead of deprecated
+  BIO_set_callback.
+- Fix crosscompile script for the shared build flags.
+- Fix to add example.conf note for outbound-msg-retry.
+- Fix chaos replies to have truncation for short message lengths,
+  or long reply strings.
+- Fix to protect custom regional create against small values.
+- Fix #552: Unbound assumes index.html exists on RPZ host.
+- Fix that forward-zone name is documented as the full name of the
+  zone. It is not relative but a fully qualified domain name.
+- Fix analyzer review failure in rpz action override code to not
+  crash on unlocking the local zone lock.
+- Fix to remove unused code from rpz resolve client and action
+  function.
+- Merge #565: unbound.service.in: Disable ProtectKernelTunables again.
+- Fix for #558: fix loop in comm_point->tcp_free when a comm_point is
+  reclaimed more than once during callbacks.
+- Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event.
+- Improve EDNS option handling, now also works for synthesised
+  responses such as local-data and server.id CH TXT responses.
+- Merge PR #570 from rex4539: Fix typos.
+- Fix for #570: regen aclocal.m4, fix configure.ac for spelling.
+- Fix to make python module opt_list use opt_list_in.
+- Fix #574: unbound-checkconf reports fatal error if interface names
+  are used as value for interfaces:
+- Fix #574: Review fixes for it.
+- Fix #576: [FR] UB_* error codes in unbound.h
+- Fix #574: Review fix for spelling.
+- Fix to remove git tracking and ci information from release tarballs.
+- iana portlist update.
+- Merge PR #511 from yan12125: Reduce unnecessary linking.
+- Merge PR #493 from Jaap: Fix generation of libunbound.pc.
+- Merge PR #562 from Willem: Reset keepalive per new tcp session.
+- Merge PR #522 from sibeream: memory management violations fixed.
+- Merge PR #530 from Shchelk: Fix: dereferencing a null pointer.
+- Fix #454: listen_dnsport.c:825: error: ‘IPV6_TCLASS’ undeclared.
+- Fix #574: Review fixes for size allocation.
+- Fix doc/unbound.doxygen to remove obsolete tag warning.
+
 -------------------------------------------------------------------
 Sat Oct 16 10:34:52 UTC 2021 - Togan Muftuoglu <toganm@opensuse.org>
 

libunbound-devel-mini.spec

@@ -24,7 +24,7 @@
 
 #
 Name:           libunbound-devel-mini
-Version:        1.13.2
+Version:        1.14.0
 Release:        0
 #
 #

unbound-1.13.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0a13b547f3b92a026b5ebd0423f54c991e5718037fd9f72445817f6a040e1a83
-size 6127915

unbound-1.14.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6ef91cbf02d5299eab39328c0857393de7b4885a2fe7233ddfe3c124ff5a89c8
+size 6152326

unbound.changes

@@ -1,3 +1,121 @@
+-------------------------------------------------------------------
+Thu Dec  9 11:14:33 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.14.0
+
+Features
+- Merge #401: RPZ triggers. This add additional RPZ triggers,
+  unbound supports a full set of rpz triggers, and this now
+  includes nsdname, nsip and clientip triggers. Also actions
+  are fully supported, and this now includes the tcp-only action.
+- Merge #519: Support for selective enabling tcp-upstream for
+  stub/forward zones.
+- Merge PR #514, from ziollek: Docker environment for run tests.
+- Support using system-wide crypto policies.
+- Fix that --with-ssl can use "/usr/include/openssl11" to pass the
+  location of a different openssl version.
+- Merged #41 from Moritz Schneider: made outbound-msg-retry
+  configurable.
+- Implement RFC8375: Special-Use Domain 'home.arpa.'.
+- Merge PR #555 from fobser: Allow interface names as scope-id in IPv6
+  link-local addresses.
+
+Bug Fixes
+- Add test tool readzone to .gitignore.
+- Merge #521: Update mini_event.c.
+- Merge #523: fix: free() call more than once with the same pointer.
+- For #519: note stub-tcp-upstream and forward-tcp-upstream in
+  the example configuration file.
+- For #519: yacc and lex. And fix python bindings, and test program
+  unbound-dnstap-socket.
+- For #519: fix comments for doxygen.
+- Fix to print error from unbound-anchor for writing to the key
+  file, also when not verbose.
+- For #514: generate configure.
+- Fix for #431: Squelch permission denied errors for udp connect,
+  and udp send, they are visible at higher verbosity settings.
+- Fix zonemd verification of key that is not in DNS but in the zone
+  and needs a chain of trust.
+- zonemd, fix order of bogus printout string manipulation.
+- Fix to support harden-algo-downgrade for ZONEMD dnssec checks.
+- Merge PR #528 from fobser: Make sldns_str2wire_svcparam_buf()
+  static.
+- Fix #527: not sending quad9 cert to syslog (and may be more).
+- Fix sed script in ssldir split handling.
+- Fix #529: Fix: log_assert does nothing if UNBOUND_DEBUG is
+  undefined.
+- Fix #531: Fix: passed to proc after free.
+- Fix #536: error: RPZ: name of record (drop.spamhaus.org.rpz.local.)
+  to insert into RPZ.
+- Fix the stream wait stream_wait_count_lock and http2 buffer locks
+  setup and desetup from race condition.
+- Fix RPZ locks. Do not unlock zones lock if requested and rpz find
+  zone does not find the zone. Readlock the clientip that is found
+  for ipbased triggers. Unlock the nsdname zone lock when done.
+  Unlock zone and ip in rpz nsip and nsdname callback. Unlock
+  authzone and localzone if clientip found in rpz worker call.
+- Fix compile warning in libunbound for listen desetup routine.
+- Fix asynclook unit test for setup of lockchecks before log.
+- Fix #533: Negative responses get cached even when setting
+  cache-max-negative-ttl: 1
+- Fix tcp fastopen failure when disabled, try normal connect instead.
+- Fix #538: Fix subnetcache statistics.
+- Small fixes for #41: changelog, conflicts resolved,
+  processQueryResponse takes an iterator env argument like other
+  functions in the iterator, no colon in string for set_option,
+  and some whitespace style, to make it similar to the rest.
+- Fix for #41: change outbound retry to int to fix signed comparison
+  warnings.
+- Fix root_anchor test to check with new icannbundle date.
+- Fix initialisation errors reported by gcc sanitizer.
+- Fix lock debug code for gcc sanitizer reports.
+- Fix more initialisation errors reported by gcc sanitizer.
+- Fix crosscompile on windows to work with openssl 3.0.0 the
+  link with ws2_32 needs -l:libssp.a for __strcpy_chk.
+  Also copy results from lib64 directory if needed.
+- For crosscompile on windows, detect 64bit stackprotector library.
+- Fix crosscompile shell syntax.
+- Fix crosscompile windows to use libssp when it exists.
+- For the windows compile script disable gost.
+- Fix that on windows, use BIO_set_callback_ex instead of deprecated
+  BIO_set_callback.
+- Fix crosscompile script for the shared build flags.
+- Fix to add example.conf note for outbound-msg-retry.
+- Fix chaos replies to have truncation for short message lengths,
+  or long reply strings.
+- Fix to protect custom regional create against small values.
+- Fix #552: Unbound assumes index.html exists on RPZ host.
+- Fix that forward-zone name is documented as the full name of the
+  zone. It is not relative but a fully qualified domain name.
+- Fix analyzer review failure in rpz action override code to not
+  crash on unlocking the local zone lock.
+- Fix to remove unused code from rpz resolve client and action
+  function.
+- Merge #565: unbound.service.in: Disable ProtectKernelTunables again.
+- Fix for #558: fix loop in comm_point->tcp_free when a comm_point is
+  reclaimed more than once during callbacks.
+- Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event.
+- Improve EDNS option handling, now also works for synthesised
+  responses such as local-data and server.id CH TXT responses.
+- Merge PR #570 from rex4539: Fix typos.
+- Fix for #570: regen aclocal.m4, fix configure.ac for spelling.
+- Fix to make python module opt_list use opt_list_in.
+- Fix #574: unbound-checkconf reports fatal error if interface names
+  are used as value for interfaces:
+- Fix #574: Review fixes for it.
+- Fix #576: [FR] UB_* error codes in unbound.h
+- Fix #574: Review fix for spelling.
+- Fix to remove git tracking and ci information from release tarballs.
+- iana portlist update.
+- Merge PR #511 from yan12125: Reduce unnecessary linking.
+- Merge PR #493 from Jaap: Fix generation of libunbound.pc.
+- Merge PR #562 from Willem: Reset keepalive per new tcp session.
+- Merge PR #522 from sibeream: memory management violations fixed.
+- Merge PR #530 from Shchelk: Fix: dereferencing a null pointer.
+- Fix #454: listen_dnsport.c:825: error: ‘IPV6_TCLASS’ undeclared.
+- Fix #574: Review fixes for size allocation.
+- Fix doc/unbound.doxygen to remove obsolete tag warning.
+
 -------------------------------------------------------------------
 Sat Oct 16 10:35:18 UTC 2021 - Togan Muftuoglu <toganm@opensuse.org>
 

unbound.spec

@@ -36,7 +36,7 @@
 %define piddir /run
 
 Name:           unbound
-Version:        1.13.2
+Version:        1.14.0
 Release:        0
 #
 #