Accepting request 446470 from home:stroeder:branches:server:dns

update to 1.6.0

OBS-URL: https://build.opensuse.org/request/show/446470
OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=45

unbound-1.5.10.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a39b8b4fcca2a2b35a2daa53fe35150cc3f09038dc9acede09c912fc248a9486
-size 4941299

unbound-1.6.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b7db874e6debda742fee8869d722e5a17faf1086e93c911b8564532aeeffab7
+size 5063253

unbound.changes

@@ -1,3 +1,99 @@
+-------------------------------------------------------------------
+Thu Dec 15 16:28:44 UTC 2016 - michael@stroeder.com
+
+- update to 1.6.0
+
+Features
+  * Added generic EDNS code for registering known EDNS option codes,
+    bypassing the cache response stage and uniquifying mesh states. Four
+    EDNS option lists were added to module_qstate
+    (module_qstate.edns_opts_*) to store EDNS options from/to front/back side.
+  * Added two flags to module_qstate (no_cache_lookup, no_cache_store)
+    that control the modules' cache interactions.
+  * Added code for registering inplace callback functions. The registered
+    functions can be called just before replying with local data or Chaos,
+    replying from cache, replying with SERVFAIL, replying with a resolved
+    query, sending a query to a nameserver. The functions can inspect the
+    available data and maybe change response/query related data (i.e. append
+    EDNS options).
+  * Updated Python module for the above.
+  * Updated Python documentation.
+  * Added views functionality.
+  * Added qname-minimisation-strict config option.
+  * Patch that resolves CNAMEs entered in local-data conf statements that
+    point to data on the internet, from Jinmei Tatuya (Infoblox).
+  * serve-expired config option: serve expired responses with TTL 0.
+  * .gitattributes line for githubs code language display.
+  * log-identity: config option to set sys log identity, patch from "Robin
+    H. Johnson" (robbat2@gentoo.org).
+  * Added stub-ssl-upstream and forward-ssl-upstream options.
+  * Added local-zones and local-data bulk addition and removal
+    functionality in unbound-control (local_zones, local_zones_remove,
+    local_datas and local_datas_remove).
+  * g.root-servers.net has AAAA address.
+
+  Bug Fixes
+  * Fix #836: unbound could echo back EDNS options in an error response.
+  * Fix #838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX.
+  * Fix #839: Memory grows unexpectedly with large RPZ files.
+  * Fix #840: infinite loop in unbound_munin_ plugin on unowned lockfile.
+  * Fix #841: big local-zone's make it consume large amounts of memory.
+  * Fix dnstap relaying "random" messages instead of resolver/forwarder
+    responses, from Nikolay Edigaryev.
+  * Fix Nits for 1.5.10 reported by Dag-Erling Smorgrav.
+  * Fix #1117: spelling errors, from Robert Edmonds.
+  * iana portlist update.
+  * fix memoryleak logfile when in debug mode.
+  * Re-fix #839 from view commit overwrite.
+  * Fixup const void cast warning.
+  * Removed patch comments from acllist.c and msgencode.c
+  * Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf, from
+    Jinmei Tatuya (Infoblox).
+  * Fix #1125: unbound could reuse an answer packet incorrectly for
+    clients with different EDNS parameters, from Jinmei Tatuya.
+  * Fix #1118: libunbound.pc sets strange Libs, Libs.private values.
+  * Added Requires line to libunbound.pc
+  * Fix #1130: whitespace in example.conf.in more consistent.
+  * suppress compile warning in lex files.
+  * init lzt variable, for older gcc compiler warnings.
+  * fix --enable-dsa to work, instead of copying ecdsa enable.
+  * Fix DNSSEC validation of query type ANY with DNAME answers.
+  * Fixup query_info local_alias init.
+  * Ported tests for local_cname unit test to testbound framework.
+  * Fix #1134: unbound-control set_option -- val-override-date: -1 works
+    immediately to ignore datetime, or back to 0 to enable it again. The --
+    is to ignore the '-1' as an option flag.
+  * Patch for server.num.zero_ttl stats for count of expired replies, from
+    Pavel Odintsov.
+  * Fix failure to build on arm64 with no sbrk.
+  * Set OpenSSL security level to 0 when using aNULL ciphers.
+  * configure detects ssl security level API function in the autoconf
+    manner. Every function on its own, so that other libraries (eg.
+    LibreSSL) can develop their API without hindrance.
+  * Fix #1154: segfault when reading config with duplicate zones.
+  * Note that for harden-below-nxdomain the nxdomain must be secure, this
+    means nsec3 with optout is insufficient.
+  * Fix #1155: test status code of unbound-control in 04-checkconf, not
+    the status code from the tee command.
+  * Fix #1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing
+    Underneath" for the harden-below-nxdomain option.
+  * patch from Dag-Erling Smorgrav that removes code that relies on sbrk().
+  * Make access-control-tag-data RDATA absolute. This makes the RDATA
+    origin consistent between local-data and access-control-tag-data.
+  * Fix NSEC ENT wildcard check. Matching wildcard does not have to be a
+    subdomain of the NSEC owner.
+  * QNAME minimisation uses QTYPE=A, therefore always check cache for this
+    type in harden-below-nxdomain functionality.
+  * Added unit test for QNAME minimisation + harden below nxdomain synergy.
+  * Fix that with openssl 1.1 control-use-cert: no uses less cpu, by using
+    no encryption over the unix socket.
+  * hyphen as minus fix, by Andreas Schulze
+  * Fix #1170: document that 'inform' local-zone uses local-data.
+  * Fix #1173: differ local-zone type deny from unset tag_actions element.
+  * Add DSA support for OpenSSL 1.1.0
+  * Fix remote control without cert for LibreSSL
+  * Fix downcast warnings from visual studio in sldns code.
+
 -------------------------------------------------------------------
 Tue Sep 27 12:41:57 UTC 2016 - michael@stroeder.com
 

unbound.spec

@@ -53,7 +53,7 @@
 %endif
 
 Name:           unbound
-Version:        1.5.10
+Version:        1.6.0
 Release:        0
 #
 #