From e5f5fd789cf9ebd2577262b15b46524552d727073297d9002a577439f4d64fb7 Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Mon, 8 Dec 2014 16:31:19 +0000
Subject: [PATCH] None

OBS-URL: https://build.opensuse.org/package/show/server:dns/unbound?expand=0&rev=15
---
 unbound-1.4.22.tar.gz |   3 -
 unbound-1.5.1.tar.gz  |   3 +
 unbound.changes       | 173 ++++++++++++++++++++++++++++++++++++++++++
 unbound.spec          |   5 +-
 4 files changed, 179 insertions(+), 5 deletions(-)
 delete mode 100644 unbound-1.4.22.tar.gz
 create mode 100644 unbound-1.5.1.tar.gz

diff --git a/unbound-1.4.22.tar.gz b/unbound-1.4.22.tar.gz
deleted file mode 100644
index 3b12533..0000000
--- a/unbound-1.4.22.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1caf5081b2190ecdb23fc4d998b7999e28640c941f53baff7aee03c092a7d29f
-size 4735801
diff --git a/unbound-1.5.1.tar.gz b/unbound-1.5.1.tar.gz
new file mode 100644
index 0000000..65d85a0
--- /dev/null
+++ b/unbound-1.5.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0ff82709fb2bd7ecbde8dbdcf60fa417d2b43379570a3d460193a76a169900ec
+size 4805176
diff --git a/unbound.changes b/unbound.changes
index 8870e89..995cfb5 100644
--- a/unbound.changes
+++ b/unbound.changes
@@ -1,3 +1,176 @@
+-------------------------------------------------------------------
+Mon Dec  8 16:12:23 UTC 2014 - mrueckert@suse.de
+
+- update to 1.5.1
+  Features
+  - Patch from Stephane Lapie for ASAHI Net that implements
+    aaaa-filter, added to contrib/aaaa-filter-iterator.patch.
+  Bug Fixes
+  - Fix that CD flag disables DNS64 processing, returning the
+    DNSSEC signed AAAA denial.
+  - Fix compat/getentropy_win.c check if CryptGenRandom works and
+    no immediate exit on windows.
+  - Fix crash on multiple thread random usage on systems without
+    arc4random.
+  - Fix log at high verbosity and memory allocation failure.
+  - Fix libunbound undefined symbol errors for main.
+  - Patch from Robert Edmonds to build pyunbound python module
+    differently. No versioninfo, with -shared and without $(LIBS).
+  - Patch from Robert Edmonds fixes hyphens in unbound-anchor man
+    page.
+  - Removed 'increased limit open files' log message that is
+    written to console. It is only written on verbosity 4 and
+    higher. This keeps system bootup console cleaner.
+  - Patch from James Raftery, always print stats for rcodes 0..5.
+  - [bugzilla: 627 ] Fix SSL_CTX_load_verify_locations return code
+    not properly checked.
+  - Fix makefile for build from noexec source tree.
+  - Add include to getentropy_linux.c, fixing debian build.
+  - [bugzilla: 632 ] Fix that unbound fails to build on AArch64,
+    protects getentropy compat code from calling sysctl if it is
+    has been removed.
+  - Fix CVE-2014-8602: denial of service by making resolver chase
+    endless series of delegations.
+- changes in 1.5.0
+  Features
+  - This release has DNS64, DNSTAP, better random numbers and
+    ub_ctx_add_ta_autr(), num.query.tcpout=value, flush_negative,
+    unblock-lan-zones conf.
+  - C.ROOT-SERVERS.NET has an IPv6 address, and we updated the root
+    hints (patch from Anand Buddhdev).
+  - Patch from Hannes Frederic Sowa for Linux 3.15 fragmentation
+    option for DNS fragmentation defense.
+  - unbound-control stats prints num.query.tcpout with number of
+    TCP outgoing queries made in the previous statistics interval.
+  - Patch from Jeremie Courreges-Anglas to use arc4random_uniform
+    if available on the OS, it gets entropy from the OS.
+  - Add unbound-control flush_negative that flushed nxdomains,
+    nodata, and errors from the cache. For dnssec-trigger and
+    NetworkManager, fixes cases where network changes have
+    localdata that was already negatively cached from the previous
+    network.
+  - Contrib windows scripts from Yuri Voinov added to src/contrib:
+    create_unbound_ad_servers.cmd: enters anti-ad server lists.
+    unbound_cache.cmd: saves and loads the cache. Also warmup.cmd
+    (and .sh): warm up the DNS cache with your MRU domains.
+  - Added unbound-control-setup.cmd from Yuri Voinov to the windows
+    unbound distribution set. It requires openssl installed in
+    %PATH%.
+  - Implement draft-ietf-dnsop-rfc6598-rfc6303-01.
+  - Feature, unblock-lan-zones: yesno that you can use to make
+    unbound perform 10.0.0.0/8 and other reverse lookups normally,
+    for use if unbound is running service for localhost on localhost.
+  - unbound-host -D enabled dnssec and reads root trust anchor from
+    the default root key file that was compiled in.
+  - Add AAAA for B root server to default root hints.
+  - unbound-control status reports if so-reuseport was successful.
+  - so-reuseport is available on BSDs(such as FreeBSD 10) and OS/X.
+  - arc4random in compat/ and getentropy, explicit_bzero, chacha
+    for dependencies, from OpenBSD. arc4_lock and sha512 in compat.
+    This makes arc4random available on all platforms, except when
+    compiled with LIBNSS (it uses libNSS crypto random).
+  - Patch from Dag-Erling Smorgrav that implements that: unbound
+    -dd does not fork in the background and also logs to stderr.
+  - DNS64 from Viagenie (BSD Licensed), written by Simon Perrault.
+    Initial commit of the patch from the FreeBSD base (with its
+    fixes). This adds a module (for module-config in unbound.conf)
+    dns64 that performs DNS64 processing, see README.DNS64.
+  - Patch add msg, rrset, infra and key cache sizes to stats
+    command from Maciej Soltysiak.
+  - DNSTAP support, with a patch from Farsight Security, written by
+    Robert Edmonds. The --enable-dnstap needs libfstrm and
+    protobuf-c. It is BSD licensed (see dnstap/dnstap.c). Also
+    --with-libfstrm and --with-protobuf-c configure options.
+  - type CDS and CDNSKEY types.
+  - Updated the TCP_BACLOG from 5 to 256, so that the tcp accept
+    queue is longer and more tcp connections can be handled.
+  - Add ub_ctx_add_ta_autr function to add a RFC5011 automatically
+    tracked trust anchor to libunbound.
+  Bug Fixes
+  - Fix print filename of encompassing config file on read failure.
+  - Patch from Stuart Henderson to build unbound-host man from
+    .1.in.
+  - [bugzilla: 569] Fix do_tcp is do-tcp in unbound.conf man page.
+  - [bugzilla: 572] Fix unit test failure for systems with
+    different /etc/ services.
+  - iana portlist updated.
+  - [bugzilla: 574] Fix make test fails on Ubuntu 14.04. Disabled
+    remote-control in testbound scripts.
+  - Documented that dump_requestlist only prints queries from
+    thread 0.
+  - [bugzilla: 567] Fix unbound lists if forward zone is secure or
+    insecure with +i annotation in output of list_forwards, also
+    for list_stubs (for NetworkManager integration). And remove ':'
+    from output of stub and forward lists, this is easier to parse.
+  - [bugzilla: 554] Fix use unsigned long to print 64bit statistics
+    counters on 64bit systems.
+  - [bugzilla: 558] Fix failed prefetch lookup does not remove
+    cached response but delays next prefetch (in lieu of caching a
+    SERVFAIL).
+  - [bugzilla: 545] Fix improved logging, the ip address of the
+    error is printed on the same log-line as the error.
+  - [bugzilla: 502] Fix explain that do-ip6 disable does not stop
+    AAAA lookups, but it stops the use of the ipv6 transport layer
+    for DNS traffic.
+  - Fix compile with libevent2 on FreeBSD.
+  - Change MAX_SENT_COUNT from 16 to 32 to resolve some cases easier.
+  - Fixup out-of-directory compile with unbound-control-setup.sh.in.
+  - Code cleanup patch from Dag-Erling Smorgrav, with compiler
+    issue fixes from FreeBSD's copy of Unbound, he notes: Generate
+    unbound-control-setup.sh at build time so it respects prefix
+    and sysconfdir from the configure script.  Also fix the umask
+    to match the comment, and the comment to match the umask. Add
+    const and static where needed. Use unions instead of playing
+    pointer poker. Move declarations that are needed in multiple
+    source files into a shared header. Move sldns_bgetc() from
+    parse.c to buffer.c where it belongs. Introduce a new header
+    file, worker.h, which declares the callbacks that all workers
+    must define. Remove those declarations from libworker.h.
+    Include the correct headers in the correct places. Fix a few
+    dummy callbacks that don't match their prototype. Fix some
+    casts. Hide the sbrk madness behind #ifdef HAVE_SBRK. Remove a
+    useless printf which breaks reproducible builds. Get rid of
+    CONFIGURE_{TARGET,DATE,BUILD_WITH} now that they're no longer
+    used. Add unbound-control-setup.sh to the list of generated
+    files. The prototype for libworker_event_done_cb() needs to be
+    moved from libunbound/libworker.h to libunbound/worker.h.
+  - Fix caps-for-id fallback, and added fallback attempt when
+    servers drop 0x20 perturbed queries.
+  - [bugzilla: 593] Fix segfault or crash upon rotating logfile.
+  - fake-rfc2553 patch (thanks Benjamin Baier).
+  - LibreSSL provides compat items, check for that in configure.
+  - [bugzilla: 596] Bail out of unbound-control list_local_zones
+    when ssl write fails.
+  - Fix endian.h include for OpenBSD.
+  - [bugzilla: 603] Fix unbound-checkconf -o option should skip
+    verification checks.
+  - Fixup doc/unbound.doxygen to remove obsolete 1.8.7 settings.
+  - Update unbound manpage with more explanation (from Florian Obser).
+  - Fix tcp timer waiting list removal code.
+  - patches to also build with Python 3.x (from Pavel Simerda).
+  - improve python configuration detection to build on Fedora 22.
+  - Fix swig and python examples for Python 3.x.
+  - Fix for mingw compile with openssl-1.0.1i.
+  - [bugzilla: 612] Fix create service with service.conf in present
+    directory and auto load it.
+  - [bugzilla: 613] Allow tab ws in var length last rdfs (in ldns
+    str2wire).
+  - [bugzilla: 614] Fix man page variable substitution bug.
+  - Whitespaces after $ORIGIN are not part of the origin dname
+    (ldns).
+  - $TTL's value starts at position 5 (ldns).
+  - Fix unbound-checkconf check for module config with dns64
+    module.
+  - Fix unbound capsforid fallback, it ignores TTLs in comparison.
+  - [bugzilla: 617] Fix in ldns in unbound, lowercase WKS services.
+  - Fix ctype invocation casts.
+  - Disabled use of SSLv3 in remote-control and ssl-upstream.
+  - Redefine internal minievent symbols to unique symbols that
+    helps linking on platforms where the linker leaks names across
+    modules.
+  - Fix bug where forward or stub addresses with same address but
+    different port number were not tried.
+
 -------------------------------------------------------------------
 Mon Nov 10 00:45:00 UTC 2014 - Led <ledest@gmail.com>
 
diff --git a/unbound.spec b/unbound.spec
index 44ccf98..fc52d00 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -47,7 +47,7 @@
 %endif
 
 Name:           unbound
-Version:        1.4.22
+Version:        1.5.1
 Release:        0
 #
 #
@@ -266,7 +266,8 @@ install -m 0640 -p %{SOURCE11} %{buildroot}%{_sysconfdir}/unbound/local.d/
 echo ".so man8/unbound-control.8" > %{buildroot}/%{_mandir}/man8/unbound-control-setup.8
 
 %check
-#make check
+# it currently fails in the ldns unit test. which is weird as both come from the same project
+make check ||:
 
 %clean
 %{__rm} -rf %{buildroot}