Accepting request 988331 from home:stroeder:network

update to 1.16.1

OBS-URL: https://build.opensuse.org/request/show/988331
OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=149

libunbound-devel-mini.changes

@@ -1,3 +1,55 @@
+-------------------------------------------------------------------
+Mon Jul 11 10:03:06 UTC 2022 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.16.1
+  * Features
+    - Fix #704: [FR] Statistics counter for number of outgoing UDP queries
+      sent; introduces 'num.query.udpout' to the 'unbound-control stats'
+      command.
+  * Bug Fixes
+    - makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
+    - Fix for edns client subnet to respect not looking in its cache when
+      instructed to do so (e.g., prefetch).
+    - Merge PR #688: Rpz url notify issue.
+    - Note in the unbound.conf text that NOTIFY is allowed from the url:
+      addresses for auth and rpz zones.
+    - Remove unused LDNS function check for GOST Engine unloading.
+    - Fix for loading locally stored zones that have lines with blanks or
+      blanks and comments.
+    - Fix #663: use after free issue with edns options.
+    - Clarify -v flag manpage entry (#705)
+    - Fix test program dohclient close to use portability routine.
+    - Show the output of the exact .rpl run that failed with 'make test'.
+    - Fix for cached 0 TTL records to not trigger prefetching when
+      serve-expired-client-timeout is set.
+    - Add debug option to the mini_tdir.sh test code.
+    - Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
+    - Allow fallback to the parent side when MAX_TARGET_NX is reached.
+      This will also allow MAX_TARGET_NX more NXDOMAINs.
+    - iana portlist update.
+    - Fix detection of libz on windows compile with static option.
+    - Fix compile warning for windows compile.
+    - Merge PR #706: NXNS fallback.
+    - From #706: Cached NXDOMAIN does not increase the target nx
+      responses.
+    - From #706: Don't generate parent side queries if we already
+      have the lame records in cache.
+    - From #706: When a lame address is the best choice, don't try to
+      generate target queries when the missing targets are all lame.
+    - Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS
+      mode on openssl3.
+    - Merge PR #660 from Petr Menšík: Sha1 runtime insecure.
+    - For #660: formatting, less verbose logging, add EDE information.
+    - Fix for correct openssl error when adding windows CA certificates to
+      the openssl trust store.
+    - Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
+    - Reintroduce documentation and more EDE support for
+      val_sigcrypt.c::dnskeyset_verify_rrset_sig.
+    - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
+      one loop pass'.
+    - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
+      outbound tcp sockets. 
+
 -------------------------------------------------------------------
 Thu Jun  2 11:54:13 UTC 2022 - Michael Ströder <michael@stroeder.com>
 

libunbound-devel-mini.spec

@@ -22,7 +22,7 @@
 %bcond_without hardened_build
 #
 Name:           libunbound-devel-mini
-Version:        1.16.0
+Version:        1.16.1
 Release:        0
 Summary:        Just a devel package for build loops
 License:        BSD-3-Clause

unbound-1.16.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6701534c938eb019626601191edc6d012fc534c09d2418d5b92827db0cbe48a5
-size 6188349

unbound-1.16.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2fe4762abccd564a0738d5d502f57ead273e681e92d50d7fba32d11103174e9a
+size 6201745

unbound.changes

@@ -1,3 +1,55 @@
+-------------------------------------------------------------------
+Mon Jul 11 10:03:06 UTC 2022 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.16.1
+  * Features
+    - Fix #704: [FR] Statistics counter for number of outgoing UDP queries
+      sent; introduces 'num.query.udpout' to the 'unbound-control stats'
+      command.
+  * Bug Fixes
+    - makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
+    - Fix for edns client subnet to respect not looking in its cache when
+      instructed to do so (e.g., prefetch).
+    - Merge PR #688: Rpz url notify issue.
+    - Note in the unbound.conf text that NOTIFY is allowed from the url:
+      addresses for auth and rpz zones.
+    - Remove unused LDNS function check for GOST Engine unloading.
+    - Fix for loading locally stored zones that have lines with blanks or
+      blanks and comments.
+    - Fix #663: use after free issue with edns options.
+    - Clarify -v flag manpage entry (#705)
+    - Fix test program dohclient close to use portability routine.
+    - Show the output of the exact .rpl run that failed with 'make test'.
+    - Fix for cached 0 TTL records to not trigger prefetching when
+      serve-expired-client-timeout is set.
+    - Add debug option to the mini_tdir.sh test code.
+    - Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
+    - Allow fallback to the parent side when MAX_TARGET_NX is reached.
+      This will also allow MAX_TARGET_NX more NXDOMAINs.
+    - iana portlist update.
+    - Fix detection of libz on windows compile with static option.
+    - Fix compile warning for windows compile.
+    - Merge PR #706: NXNS fallback.
+    - From #706: Cached NXDOMAIN does not increase the target nx
+      responses.
+    - From #706: Don't generate parent side queries if we already
+      have the lame records in cache.
+    - From #706: When a lame address is the best choice, don't try to
+      generate target queries when the missing targets are all lame.
+    - Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS
+      mode on openssl3.
+    - Merge PR #660 from Petr Menšík: Sha1 runtime insecure.
+    - For #660: formatting, less verbose logging, add EDE information.
+    - Fix for correct openssl error when adding windows CA certificates to
+      the openssl trust store.
+    - Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
+    - Reintroduce documentation and more EDE support for
+      val_sigcrypt.c::dnskeyset_verify_rrset_sig.
+    - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
+      one loop pass'.
+    - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
+      outbound tcp sockets. 
+
 -------------------------------------------------------------------
 Thu Jun  2 11:54:13 UTC 2022 - Michael Ströder <michael@stroeder.com>
 

unbound.spec

@@ -33,7 +33,7 @@
 %define piddir /run
 
 Name:           unbound
-Version:        1.16.0
+Version:        1.16.1
 Release:        0
 BuildRequires:  flex
 BuildRequires:  ldns-devel >= %{ldns_version}