From c7307c622217442a5ec44bc1ef486f66542c1faee4d1d788f91c38921548ea8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Thu, 9 Dec 2021 12:01:58 +0000 Subject: [PATCH] Accepting request 937761 from home:stroeder:network update to 1.14.0 OBS-URL: https://build.opensuse.org/request/show/937761 OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=143 --- libunbound-devel-mini.changes | 118 ++++++++++++++++++++++++++++++++++ libunbound-devel-mini.spec | 2 +- unbound-1.13.2.tar.gz | 3 - unbound-1.14.0.tar.gz | 3 + unbound.changes | 118 ++++++++++++++++++++++++++++++++++ unbound.spec | 2 +- 6 files changed, 241 insertions(+), 5 deletions(-) delete mode 100644 unbound-1.13.2.tar.gz create mode 100644 unbound-1.14.0.tar.gz diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes index 66da0ae..ea8c036 100644 --- a/libunbound-devel-mini.changes +++ b/libunbound-devel-mini.changes @@ -1,3 +1,121 @@ +------------------------------------------------------------------- +Thu Dec 9 11:14:33 UTC 2021 - Michael Ströder + +- update to 1.14.0 + +Features +- Merge #401: RPZ triggers. This add additional RPZ triggers, + unbound supports a full set of rpz triggers, and this now + includes nsdname, nsip and clientip triggers. Also actions + are fully supported, and this now includes the tcp-only action. +- Merge #519: Support for selective enabling tcp-upstream for + stub/forward zones. +- Merge PR #514, from ziollek: Docker environment for run tests. +- Support using system-wide crypto policies. +- Fix that --with-ssl can use "/usr/include/openssl11" to pass the + location of a different openssl version. +- Merged #41 from Moritz Schneider: made outbound-msg-retry + configurable. +- Implement RFC8375: Special-Use Domain 'home.arpa.'. +- Merge PR #555 from fobser: Allow interface names as scope-id in IPv6 + link-local addresses. + +Bug Fixes +- Add test tool readzone to .gitignore. +- Merge #521: Update mini_event.c. +- Merge #523: fix: free() call more than once with the same pointer. +- For #519: note stub-tcp-upstream and forward-tcp-upstream in + the example configuration file. +- For #519: yacc and lex. And fix python bindings, and test program + unbound-dnstap-socket. +- For #519: fix comments for doxygen. +- Fix to print error from unbound-anchor for writing to the key + file, also when not verbose. +- For #514: generate configure. +- Fix for #431: Squelch permission denied errors for udp connect, + and udp send, they are visible at higher verbosity settings. +- Fix zonemd verification of key that is not in DNS but in the zone + and needs a chain of trust. +- zonemd, fix order of bogus printout string manipulation. +- Fix to support harden-algo-downgrade for ZONEMD dnssec checks. +- Merge PR #528 from fobser: Make sldns_str2wire_svcparam_buf() + static. +- Fix #527: not sending quad9 cert to syslog (and may be more). +- Fix sed script in ssldir split handling. +- Fix #529: Fix: log_assert does nothing if UNBOUND_DEBUG is + undefined. +- Fix #531: Fix: passed to proc after free. +- Fix #536: error: RPZ: name of record (drop.spamhaus.org.rpz.local.) + to insert into RPZ. +- Fix the stream wait stream_wait_count_lock and http2 buffer locks + setup and desetup from race condition. +- Fix RPZ locks. Do not unlock zones lock if requested and rpz find + zone does not find the zone. Readlock the clientip that is found + for ipbased triggers. Unlock the nsdname zone lock when done. + Unlock zone and ip in rpz nsip and nsdname callback. Unlock + authzone and localzone if clientip found in rpz worker call. +- Fix compile warning in libunbound for listen desetup routine. +- Fix asynclook unit test for setup of lockchecks before log. +- Fix #533: Negative responses get cached even when setting + cache-max-negative-ttl: 1 +- Fix tcp fastopen failure when disabled, try normal connect instead. +- Fix #538: Fix subnetcache statistics. +- Small fixes for #41: changelog, conflicts resolved, + processQueryResponse takes an iterator env argument like other + functions in the iterator, no colon in string for set_option, + and some whitespace style, to make it similar to the rest. +- Fix for #41: change outbound retry to int to fix signed comparison + warnings. +- Fix root_anchor test to check with new icannbundle date. +- Fix initialisation errors reported by gcc sanitizer. +- Fix lock debug code for gcc sanitizer reports. +- Fix more initialisation errors reported by gcc sanitizer. +- Fix crosscompile on windows to work with openssl 3.0.0 the + link with ws2_32 needs -l:libssp.a for __strcpy_chk. + Also copy results from lib64 directory if needed. +- For crosscompile on windows, detect 64bit stackprotector library. +- Fix crosscompile shell syntax. +- Fix crosscompile windows to use libssp when it exists. +- For the windows compile script disable gost. +- Fix that on windows, use BIO_set_callback_ex instead of deprecated + BIO_set_callback. +- Fix crosscompile script for the shared build flags. +- Fix to add example.conf note for outbound-msg-retry. +- Fix chaos replies to have truncation for short message lengths, + or long reply strings. +- Fix to protect custom regional create against small values. +- Fix #552: Unbound assumes index.html exists on RPZ host. +- Fix that forward-zone name is documented as the full name of the + zone. It is not relative but a fully qualified domain name. +- Fix analyzer review failure in rpz action override code to not + crash on unlocking the local zone lock. +- Fix to remove unused code from rpz resolve client and action + function. +- Merge #565: unbound.service.in: Disable ProtectKernelTunables again. +- Fix for #558: fix loop in comm_point->tcp_free when a comm_point is + reclaimed more than once during callbacks. +- Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event. +- Improve EDNS option handling, now also works for synthesised + responses such as local-data and server.id CH TXT responses. +- Merge PR #570 from rex4539: Fix typos. +- Fix for #570: regen aclocal.m4, fix configure.ac for spelling. +- Fix to make python module opt_list use opt_list_in. +- Fix #574: unbound-checkconf reports fatal error if interface names + are used as value for interfaces: +- Fix #574: Review fixes for it. +- Fix #576: [FR] UB_* error codes in unbound.h +- Fix #574: Review fix for spelling. +- Fix to remove git tracking and ci information from release tarballs. +- iana portlist update. +- Merge PR #511 from yan12125: Reduce unnecessary linking. +- Merge PR #493 from Jaap: Fix generation of libunbound.pc. +- Merge PR #562 from Willem: Reset keepalive per new tcp session. +- Merge PR #522 from sibeream: memory management violations fixed. +- Merge PR #530 from Shchelk: Fix: dereferencing a null pointer. +- Fix #454: listen_dnsport.c:825: error: ‘IPV6_TCLASS’ undeclared. +- Fix #574: Review fixes for size allocation. +- Fix doc/unbound.doxygen to remove obsolete tag warning. + ------------------------------------------------------------------- Sat Oct 16 10:34:52 UTC 2021 - Togan Muftuoglu diff --git a/libunbound-devel-mini.spec b/libunbound-devel-mini.spec index 70b69bc..c780c86 100644 --- a/libunbound-devel-mini.spec +++ b/libunbound-devel-mini.spec @@ -24,7 +24,7 @@ # Name: libunbound-devel-mini -Version: 1.13.2 +Version: 1.14.0 Release: 0 # # diff --git a/unbound-1.13.2.tar.gz b/unbound-1.13.2.tar.gz deleted file mode 100644 index 55f2086..0000000 --- a/unbound-1.13.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0a13b547f3b92a026b5ebd0423f54c991e5718037fd9f72445817f6a040e1a83 -size 6127915 diff --git a/unbound-1.14.0.tar.gz b/unbound-1.14.0.tar.gz new file mode 100644 index 0000000..3e438d1 --- /dev/null +++ b/unbound-1.14.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6ef91cbf02d5299eab39328c0857393de7b4885a2fe7233ddfe3c124ff5a89c8 +size 6152326 diff --git a/unbound.changes b/unbound.changes index aa04556..42fc1eb 100644 --- a/unbound.changes +++ b/unbound.changes @@ -1,3 +1,121 @@ +------------------------------------------------------------------- +Thu Dec 9 11:14:33 UTC 2021 - Michael Ströder + +- update to 1.14.0 + +Features +- Merge #401: RPZ triggers. This add additional RPZ triggers, + unbound supports a full set of rpz triggers, and this now + includes nsdname, nsip and clientip triggers. Also actions + are fully supported, and this now includes the tcp-only action. +- Merge #519: Support for selective enabling tcp-upstream for + stub/forward zones. +- Merge PR #514, from ziollek: Docker environment for run tests. +- Support using system-wide crypto policies. +- Fix that --with-ssl can use "/usr/include/openssl11" to pass the + location of a different openssl version. +- Merged #41 from Moritz Schneider: made outbound-msg-retry + configurable. +- Implement RFC8375: Special-Use Domain 'home.arpa.'. +- Merge PR #555 from fobser: Allow interface names as scope-id in IPv6 + link-local addresses. + +Bug Fixes +- Add test tool readzone to .gitignore. +- Merge #521: Update mini_event.c. +- Merge #523: fix: free() call more than once with the same pointer. +- For #519: note stub-tcp-upstream and forward-tcp-upstream in + the example configuration file. +- For #519: yacc and lex. And fix python bindings, and test program + unbound-dnstap-socket. +- For #519: fix comments for doxygen. +- Fix to print error from unbound-anchor for writing to the key + file, also when not verbose. +- For #514: generate configure. +- Fix for #431: Squelch permission denied errors for udp connect, + and udp send, they are visible at higher verbosity settings. +- Fix zonemd verification of key that is not in DNS but in the zone + and needs a chain of trust. +- zonemd, fix order of bogus printout string manipulation. +- Fix to support harden-algo-downgrade for ZONEMD dnssec checks. +- Merge PR #528 from fobser: Make sldns_str2wire_svcparam_buf() + static. +- Fix #527: not sending quad9 cert to syslog (and may be more). +- Fix sed script in ssldir split handling. +- Fix #529: Fix: log_assert does nothing if UNBOUND_DEBUG is + undefined. +- Fix #531: Fix: passed to proc after free. +- Fix #536: error: RPZ: name of record (drop.spamhaus.org.rpz.local.) + to insert into RPZ. +- Fix the stream wait stream_wait_count_lock and http2 buffer locks + setup and desetup from race condition. +- Fix RPZ locks. Do not unlock zones lock if requested and rpz find + zone does not find the zone. Readlock the clientip that is found + for ipbased triggers. Unlock the nsdname zone lock when done. + Unlock zone and ip in rpz nsip and nsdname callback. Unlock + authzone and localzone if clientip found in rpz worker call. +- Fix compile warning in libunbound for listen desetup routine. +- Fix asynclook unit test for setup of lockchecks before log. +- Fix #533: Negative responses get cached even when setting + cache-max-negative-ttl: 1 +- Fix tcp fastopen failure when disabled, try normal connect instead. +- Fix #538: Fix subnetcache statistics. +- Small fixes for #41: changelog, conflicts resolved, + processQueryResponse takes an iterator env argument like other + functions in the iterator, no colon in string for set_option, + and some whitespace style, to make it similar to the rest. +- Fix for #41: change outbound retry to int to fix signed comparison + warnings. +- Fix root_anchor test to check with new icannbundle date. +- Fix initialisation errors reported by gcc sanitizer. +- Fix lock debug code for gcc sanitizer reports. +- Fix more initialisation errors reported by gcc sanitizer. +- Fix crosscompile on windows to work with openssl 3.0.0 the + link with ws2_32 needs -l:libssp.a for __strcpy_chk. + Also copy results from lib64 directory if needed. +- For crosscompile on windows, detect 64bit stackprotector library. +- Fix crosscompile shell syntax. +- Fix crosscompile windows to use libssp when it exists. +- For the windows compile script disable gost. +- Fix that on windows, use BIO_set_callback_ex instead of deprecated + BIO_set_callback. +- Fix crosscompile script for the shared build flags. +- Fix to add example.conf note for outbound-msg-retry. +- Fix chaos replies to have truncation for short message lengths, + or long reply strings. +- Fix to protect custom regional create against small values. +- Fix #552: Unbound assumes index.html exists on RPZ host. +- Fix that forward-zone name is documented as the full name of the + zone. It is not relative but a fully qualified domain name. +- Fix analyzer review failure in rpz action override code to not + crash on unlocking the local zone lock. +- Fix to remove unused code from rpz resolve client and action + function. +- Merge #565: unbound.service.in: Disable ProtectKernelTunables again. +- Fix for #558: fix loop in comm_point->tcp_free when a comm_point is + reclaimed more than once during callbacks. +- Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event. +- Improve EDNS option handling, now also works for synthesised + responses such as local-data and server.id CH TXT responses. +- Merge PR #570 from rex4539: Fix typos. +- Fix for #570: regen aclocal.m4, fix configure.ac for spelling. +- Fix to make python module opt_list use opt_list_in. +- Fix #574: unbound-checkconf reports fatal error if interface names + are used as value for interfaces: +- Fix #574: Review fixes for it. +- Fix #576: [FR] UB_* error codes in unbound.h +- Fix #574: Review fix for spelling. +- Fix to remove git tracking and ci information from release tarballs. +- iana portlist update. +- Merge PR #511 from yan12125: Reduce unnecessary linking. +- Merge PR #493 from Jaap: Fix generation of libunbound.pc. +- Merge PR #562 from Willem: Reset keepalive per new tcp session. +- Merge PR #522 from sibeream: memory management violations fixed. +- Merge PR #530 from Shchelk: Fix: dereferencing a null pointer. +- Fix #454: listen_dnsport.c:825: error: ‘IPV6_TCLASS’ undeclared. +- Fix #574: Review fixes for size allocation. +- Fix doc/unbound.doxygen to remove obsolete tag warning. + ------------------------------------------------------------------- Sat Oct 16 10:35:18 UTC 2021 - Togan Muftuoglu diff --git a/unbound.spec b/unbound.spec index 9edc4c8..359e5fe 100644 --- a/unbound.spec +++ b/unbound.spec @@ -36,7 +36,7 @@ %define piddir /run Name: unbound -Version: 1.13.2 +Version: 1.14.0 Release: 0 # #