diff --git a/libunbound-devel-mini.changes b/libunbound-devel-mini.changes index 565ed2b..b9b699c 100644 --- a/libunbound-devel-mini.changes +++ b/libunbound-devel-mini.changes @@ -1,3 +1,68 @@ +------------------------------------------------------------------- +Thu Sep 7 08:03:33 UTC 2023 - Pedro Monreal + +- Update to 1.18.0: + * Features: + - Аdd a metric about the maximum number of collisions in lrushah. + - Set max-udp-size default to 1232. This is the same default value + as the default value for edns-buffer-size. It restricts client + edns buffer size choices, and makes unbound behave similar to + other DNS resolvers. + - Add harden-unknown-additional option. It removes unknown records + from the authority section and additional section. + - Added new static zone type block_a to suppress all A queries for + specific zones. + - [FR] Ability to use Redis unix sockets. + - [FR] Ability to set the Redis password. + - Features/dropqueuedpackets, with sock-queue-timeout option that + drops packets that have been in the socket queue for too long. + Added statistics num.queries_timed_out and query.queue_time_us.max + that track the socket queue timeouts. + - 'eqvinox' Lamparter: NAT64 support. + - [FR] Use kernel timestamps for dnstap. + - Add cachedb hit stat. Introduces 'num.query.cachedb' as a new + statistical counter. + - Add SVCB dohpath support. + - Add validation EDEs to queries where the CD bit is set. + - Add prefetch support for subnet cache entries. + - Add EDE (RFC8914) caching. + - Add support for EDE caching in cachedb and subnetcache. + - Downstream DNS Server Cookies a la RFC7873 and RFC9018. Create server + cookies for clients that send client cookies. This needs to be explicitly + turned on in the config file with: `answer-cookie: yes`. + * Bug Fixes + - Response change to NODATA for some ANY queries since 1.12. + - Fix not following cleared RD flags potentially enables + amplification DDoS attacks. + - Set default for harden-unknown-additional to no. So that it + does not hamper future protocol developments. + - Fix to ignore entirely empty responses, and try at another authority. + This turns completely empty responses, a type of noerror/nodata into + a servfail, but they do not conform to RFC2308, and the retry can fetch + improved content. + - Allow TTL refresh of expired error responses. + - Fix: Unexpected behavior with client-subnet-always-forward and serve-expired + - Fix unbound-dnstap-socket test program to reply the finish frame over + a TLS connection correctly. + - Fix: reserved identifier violation + - Fix: Unencrypted query is sent when forward-tls-upstream: yes is used + without tls-cert-bundle + - Extra consistency check to make sure that when TLS is requested, + either we set up a TLS connection or we return an error. + - Fix: NXDOMAIN instead of NOERROR rcode when asked for existing CNAME record. + - Fix: Bad interaction with 0 TTL records and serve-expired + - Fix RPZ IP responses with trigger rpz-drop on cache entries. + - Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR. + - Fix dereference of NULL variable warning in mesh_do_callback. + - Fix ip_ratelimit test to work with dig that enables DNS cookies. + - Fix for iter_dec_attempts that could cause a hang, part of capsforid + and qname minimisation, depending on the settings. + - Fix uninitialized memory passed in padding bytes of cmsg to sendmsg. + - Fix stat_values test to work with dig that enables DNS cookies. + - unbound.service: Main process exited, code=killed, status=11/SEGV. + Fixes cachedb configuration handling. + - Fix: processQueryResponse() THROWAWAY should be mindful of fail_reply. + ------------------------------------------------------------------- Thu May 4 13:57:54 UTC 2023 - Frederic Crozat diff --git a/libunbound-devel-mini.spec b/libunbound-devel-mini.spec index 006080b..95d83ea 100644 --- a/libunbound-devel-mini.spec +++ b/libunbound-devel-mini.spec @@ -22,7 +22,7 @@ %bcond_without hardened_build # Name: libunbound-devel-mini -Version: 1.17.1 +Version: 1.18.0 #!BcntSyncTag: unbound Release: 0 Summary: Just a devel package for build loops diff --git a/unbound-1.17.1.tar.gz b/unbound-1.17.1.tar.gz deleted file mode 100644 index 95dfed0..0000000 --- a/unbound-1.17.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ee4085cecce12584e600f3d814a28fa822dfaacec1f94c84bfd67f8a5571a5f4 -size 6244773 diff --git a/unbound-1.17.1.tar.gz.asc b/unbound-1.17.1.tar.gz.asc deleted file mode 100644 index 96b89b9..0000000 --- a/unbound-1.17.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEE7fqj8spObrBWga+On28cLX4EX40FAmO/wmUACgkQn28cLX4E -X40EBxAApOIAHQGYxRcnMWgqB+hN2YR+M/CcOz19UiQ/KrG8f+ji9mUfIUsUTQsa -Oat/TuWPqQ4gCXocX4Dc4+LE0bebHVJkg4TQniEIjYOWja/6uBOfav14GBfJsq+m -3A9IBdOGYTAR5mGfTs1cxJfWAbX3U+oroKwn5zPh+wCRR0CoY8sEumZu7Tzb4yUx -OPhlj1Qzz/NkSi+0RkwogJy2hHdXVvHYUtTDKheFye/GeGa+trRnu8mCKpuyw6N9 -dnQ7oXlCds8JW7YgaBf4qh1pH6VO18CTo7KG3yKiEeRb+HRRmr7KKQUOlefjcct+ -QKOFhSPnVYhfvaPYEQiqVQ92ae7/wBT6cQzOMXRbY+NQjr/QfeF3QWTMRFrz3kHn -ZccpvcsjOR3wRDGQkcaa8ta40soEkzD+XRPK4oxB9D/Z5FOVoR/WTX9DZVm7PJ5+ -SGHFBGOddICBWao1h01KCSyQ7nxNi1lLIRndj+AKtQAW/kO8hKh4YYKHAlI0dRQD -MLitcrQOU1pJha+hhb/87BihtXlevUVO45ctCLLooSCrVG8cca8p3jwvJoPPwdCp -1MBVZv8STPAO//4XoZkAtTcgnaUle/ro/1DFmAK/IhDyU4KP6l3uvcUvsk3Xpk1O -AzazgiqVuIYXQ98cTh0QzAGUuFAWNFqWSF2mj+poNv0RnL/J14U= -=xZw4 ------END PGP SIGNATURE----- diff --git a/unbound-1.18.0.tar.gz b/unbound-1.18.0.tar.gz new file mode 100644 index 0000000..4931ec0 --- /dev/null +++ b/unbound-1.18.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3da95490a85cff6420f26fae0b84a49f5112df1bf1b7fc34f8724f02082cb712 +size 6315297 diff --git a/unbound-1.18.0.tar.gz.asc b/unbound-1.18.0.tar.gz.asc new file mode 100644 index 0000000..68b8388 --- /dev/null +++ b/unbound-1.18.0.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE7fqj8spObrBWga+On28cLX4EX40FAmTu91gACgkQn28cLX4E +X40hGg//TtnNy+MiXJbt//5tEmW9NFFL6BEmD4B9WN+Mm7HFJpOaMiOobM/mWCmD +kRDrx7HGJ5tDwOxCdHytsWq73OvJuMtyV7uUzGe1QFDyU7OiIgM0ZgPA4zp+/PDh +3oZjNlLb1IlXwZE3VtgxR0IVjKeWgDrnB5Ir1iYk55Q1aWI5tdDDDmjT/m/5fjuh +FTaMuy6W/J3K/EW0IyjSy1GUPi14lSpmjXUhJdY3hqr+lZ9Z9eXyUyezS0S3c8i+ +c4t01ZC5NZ7RjNgGd9Hx/WDnf8V0KSrb1qk/QfgysVSKLneDzwAAGWrGnt/CN8LO +wPRou7u7vkZqbKNTTU6LZtWX6bmFRFZZDjgRwtPHH47SM8Sj4wqDyexW5dZYeepM +cNbIo+Jf4JOm+BhJqWFU/fLETi2HKSNGa8uaMn6sFxboFGw87JPeKoC0YZiXTw8B +5qWl+2elzScxckMFKdK91iI01mCVV5WoZUyPAl/Xrw5ecoK3v/2aAAuYee4KTQNh +tVvACJkIBE8rWGVXDa8ihPNi8HPd8NHthOKhFoMvidBgDui7eA/+4LlEt4qYi7Zd +TJQJ4Tz+2ibtw9pnHJDHbtupiIC4cCcUuBQPgdlribXacPGh7YeEO9QWCNX8duAM +cU3Y4wFCw1QV4PtuRy9E6d+V5Uc7oX5+OixtDvOXu6o/WFrwYqo= +=FPbs +-----END PGP SIGNATURE----- diff --git a/unbound.changes b/unbound.changes index e20ce8c..38606f2 100644 --- a/unbound.changes +++ b/unbound.changes @@ -1,3 +1,68 @@ +------------------------------------------------------------------- +Thu Sep 7 08:03:33 UTC 2023 - Pedro Monreal + +- Update to 1.18.0: + * Features: + - Аdd a metric about the maximum number of collisions in lrushah. + - Set max-udp-size default to 1232. This is the same default value + as the default value for edns-buffer-size. It restricts client + edns buffer size choices, and makes unbound behave similar to + other DNS resolvers. + - Add harden-unknown-additional option. It removes unknown records + from the authority section and additional section. + - Added new static zone type block_a to suppress all A queries for + specific zones. + - [FR] Ability to use Redis unix sockets. + - [FR] Ability to set the Redis password. + - Features/dropqueuedpackets, with sock-queue-timeout option that + drops packets that have been in the socket queue for too long. + Added statistics num.queries_timed_out and query.queue_time_us.max + that track the socket queue timeouts. + - 'eqvinox' Lamparter: NAT64 support. + - [FR] Use kernel timestamps for dnstap. + - Add cachedb hit stat. Introduces 'num.query.cachedb' as a new + statistical counter. + - Add SVCB dohpath support. + - Add validation EDEs to queries where the CD bit is set. + - Add prefetch support for subnet cache entries. + - Add EDE (RFC8914) caching. + - Add support for EDE caching in cachedb and subnetcache. + - Downstream DNS Server Cookies a la RFC7873 and RFC9018. Create server + cookies for clients that send client cookies. This needs to be explicitly + turned on in the config file with: `answer-cookie: yes`. + * Bug Fixes + - Response change to NODATA for some ANY queries since 1.12. + - Fix not following cleared RD flags potentially enables + amplification DDoS attacks. + - Set default for harden-unknown-additional to no. So that it + does not hamper future protocol developments. + - Fix to ignore entirely empty responses, and try at another authority. + This turns completely empty responses, a type of noerror/nodata into + a servfail, but they do not conform to RFC2308, and the retry can fetch + improved content. + - Allow TTL refresh of expired error responses. + - Fix: Unexpected behavior with client-subnet-always-forward and serve-expired + - Fix unbound-dnstap-socket test program to reply the finish frame over + a TLS connection correctly. + - Fix: reserved identifier violation + - Fix: Unencrypted query is sent when forward-tls-upstream: yes is used + without tls-cert-bundle + - Extra consistency check to make sure that when TLS is requested, + either we set up a TLS connection or we return an error. + - Fix: NXDOMAIN instead of NOERROR rcode when asked for existing CNAME record. + - Fix: Bad interaction with 0 TTL records and serve-expired + - Fix RPZ IP responses with trigger rpz-drop on cache entries. + - Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR. + - Fix dereference of NULL variable warning in mesh_do_callback. + - Fix ip_ratelimit test to work with dig that enables DNS cookies. + - Fix for iter_dec_attempts that could cause a hang, part of capsforid + and qname minimisation, depending on the settings. + - Fix uninitialized memory passed in padding bytes of cmsg to sendmsg. + - Fix stat_values test to work with dig that enables DNS cookies. + - unbound.service: Main process exited, code=killed, status=11/SEGV. + Fixes cachedb configuration handling. + - Fix: processQueryResponse() THROWAWAY should be mindful of fail_reply. + ------------------------------------------------------------------- Thu Aug 24 10:07:02 UTC 2023 - Marcus Rueckert diff --git a/unbound.spec b/unbound.spec index 8a5641f..80b982f 100644 --- a/unbound.spec +++ b/unbound.spec @@ -33,7 +33,7 @@ %define piddir /run Name: unbound -Version: 1.17.1 +Version: 1.18.0 Release: 0 BuildRequires: flex BuildRequires: ldns-devel >= %{ldns_version}