Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package unbound for openSUSE:Factory checked in at 2021-08-16 10:09:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/unbound (Old) and /work/SRC/openSUSE:Factory/.unbound.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unbound" Mon Aug 16 10:09:02 2021 rev:51 rq:911865 version:1.13.2 Changes: -------- --- /work/SRC/openSUSE:Factory/unbound/libunbound-devel-mini.changes 2021-06-05 23:31:48.800467309 +0200 +++ /work/SRC/openSUSE:Factory/.unbound.new.1899/libunbound-devel-mini.changes 2021-08-16 10:13:58.242926855 +0200 @@ -1,0 +2,222 @@ +Thu Aug 12 18:02:18 UTC 2021 - Michael Str??der <[email protected]> + +- update to 1.13.2 + +Features +- Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support. + ZONEMD records are checked for zones loaded as auth-zone, + with DNSSEC if available. There is an added option + zonemd-permissive-mode that makes it log but not fail wrong zones. + With zonemd-reject-absence for an auth-zone the presence of a + zonemd can be mandated for specific zones. +- Fix: Resolve interface names on control-interface too. +- Merge #470 from edevil: Allow configuration of persistent TCP + connections. +- Fix #474: always_null and others inside view. +- Add that log-servfail prints an IP address and more information + about one of the last failures for that query. +- Merge #478: Allow configuration of TCP timeout while waiting for + response. +- Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024. +- Move the NSEC3 max iterations count in line with the 150 value + used by BIND, Knot and PowerDNS. This sets the default value + for it in the configuration to 150 for all key sizes. +- zonemd-check: yesno option, default no, enables the processing + of ZONEMD records for that zone. +- Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable. +- Merge PR #491: Add SVCB and HTTPS types and handling according to + draft-ietf-dnsop-svcb-https. +- Introduce 'http-user-agent:' and 'hide-http-user-agent:' options. + +Bug Fixes +- Fix for Python 3.9, no longer use deprecated functions of + PyEval_CallObject (now PyObject_Call), PyEval_InitThreads (now + none), PyParser_SimpleParseFile (now Py_CompileString). +- Merge PR #420 from dyunwei: DOH not responsing with + "http2_query_read_done failure" logged. +- Fix #422: IPv6 fallback issues when IPv6 is not properly + enabled/configured. +- Fix to make tests work with support indicators set for iterator. +- Fix build on Python 3.10. +- Fix doxygen and pydoc warnings. +- Fix #429: rpz: url: with https: broken (regression in 1.13.1). +- rpz skip nsec3param records, and nicer log for unsupported actions. +- Fix #431: Squelch permission denied errors for tcp connect + and udp connect from the logs, unless at high verbosity. +- Fix for zonemd, that nxdomain for the chain of trust is allowed + for island zones, it is treated as an insecure zone for verification. +- Fix for zonemd, that domain-insecure zones work without dnssec. +- Fix for zonemd, do not reject insecure result from trust anchor + validation step in dnssec chain of trust. +- On startup of unbound it checks if rlimits on memory size look + sufficient for the configured cache size, and logs warning if not. +- Fix function documentation. +- Fix unit test for added ulimit checks. +- spelling fix in header. +- Fix #384: (1) A minor request to improve the log (2) A minor bug in one + log message. +- ipsecmod: Better logging for detecting a cycle when attaching the + A/AAAA subquery. +- Merge PR #367 : DNSTAP log local address. With code from PR #365 + and fixes #368 : dnstap does not log the DNS message ID for + FORWARDER_QUERY. +- Fix to allow rpz with wildcard that applies to all TLDs at once. +- Fix for #367: rc_ports don't have ub_sock; skip cleaning up. +- Fix spurious errors about "Could not generate request: out of + memory". The mesh detect cycle routine no longer wrongly stops + the check when the calling mesh state is unique. +- Workaround for #439: prevent loops in the reuse rbtree. +- Debug output for #411 and #439: printout internal error and details. +- Fix parse of LOC RR type for decimetres. +- Fix #441: Minimal NSEC range not accepted for top level domains. +- Fix for #447: squelch connection refused tcp connection failures + from the log, unless verbosity is high. +- Merge #449 from orbea: build: Add missing linker flags. +- Comment out nonworking OSX and IOS travis tests, vm fails to start. +- Fix compile error in listen_dnsport on Android. +- Fix memory leak reported by asan in rpz SOA record query name. +- Fix unused-function warning when compiling with --enable-dnscrypt. +- Fix for #367: fix memory leak when cannot bind to listening port. +- Reformat pythonmod/pythonmod_utils.{c,h}. +- Travis enable all tests again. Clang analyzer only a couple times, + when there is a difference. homebrew updates disabled, so it does + not hang. removed trailing slashes from configure paths. Moved iOS + tests to allow-failure. +- travis, analyzer disabled on test without debug, that does not + run anway. Turn off failing tests except one. Update iOS test + to xcode image 12.2. +- Fix deprecation test to work for iOS TVOS and WatchOS, it uses + CFLAGS and CPPFLAGS and also checks if the item is unavailable. +- Travis, fix script to fail when tasks fail. +- Travis, fix warning in ubsan compile. +- Fix configure Targetconfiditionals.h header check, to use compile. +- Fix that cachedb does not produce empty object files when disabled. +- Fix #429: Also fix end of transfer for http download of auth zones. +- Disable the use of stack-protector for cross compiled 32-bit windows + builds; relates to #444. +- Fix stack-protector change to not override other CFLAGS options. +- Clean makedist.sh. +- Merge #460 from orbea: build: Link with the libtool archive. +- Fix to stop IPv6 PMTU discovery. +- Fix for #411: Depth protect for crash on deleted element timeout. +- rebuild configure to set EXTRALINK to libunbound.la for #460. +- Fix permission denied sendto log, squelch the log messages + unless high verbosity is set. +- Fix (increase) verbosity level for iterator error log in + processQueryTargets(). +- Fix that nxdomain synthesis does not happen above the stub or + forward definition. +- Fix documentation comment for files previously residing in checkconf/. +- Remove unused functions worker_handle_reply and libworker_handle_reply. +- Merge #466 from FGasper: Support OpenSSLs that lack + SSL_get0_alpn_selected. +- Fix #468: OpenSSL 1.0.1 can no longer build Unbound. +- Further fix for #468: detect SSL_CTX_set_alpn_protos for build with + OpenSSL 1.0.1. +- Fix that testcode dohclient has OpenSSL initialisation calls. +- Fix compiler warning for signed/unsigned comparison for + max_reuse_tcp_queries. +- Fix #481: Fix comment in configuration file. +- Fix to squelch tcp socket bind failures when the interface is gone. +- Rerun flex and bison. +- Fix for #367: only attempt to get the interface for queries that are no + longer on the tcp_waiting_list. +- Add more logging for out-of-memory cases. +- Fix #485: Unbound occasionally reports broken stats. +- Remove case fallthrough from deprecate-rsa-1024 code. +- Merge PR #487: ifdef RLIMIT_AS in recently added check. +- Fix that auth-zone zonefiles use last TTL if no TTL is specified. +- Fix #489: Compile using MSYS2 MinGW 64-bit. +- Fix for #411, #439, #469: Reset the DNS message ID when moving queries + between TCP streams. +- Refactor for uniform way to produce random DNS message IDs. +- Test code has -q option for quiet output. +- Fix #492: module-config respip missing in unbound.conf.5.in man + page. Merges #494 from he32. +- For #492: Fix font highlighting for the man page on emacs. +- Merge #496 from banburybill: Use build system endianness if + available, otherwise try to work it out. +- Fix test for zonemd-check option. +- Merge #448 from shoeper: Update unbound-control.8.in, fix + rpz_disable typo. +- Fix #425: Document auth-zone supports communication with DNS + primary on nondefault port. +- Fix unused variable warning when compiling with --enable-dnstap. +- Generated lexer and parser for #486; updated example.conf. +- Fix #413 (based on patch by k-ronny): unbound: does not compile + on macOS 11.1-x86_64 host. +- Use host_os instead of target_os in configure for Darwin8 build. +- Fix #500: SPEC file in version 1.13.1 references version 1.4; + unable to build RPM from source. +- Fix contrib/unbound.spec, fixed url and comment. +- Fix configure nonblocking test and onmingw test to use host. +- Merge #440 by kimheino: Various fixes to contrib/unbound_munin_ file. +- Fix a number of warnings reported by the gcc analyzer. +- Fix #495: Documentation or implementation of "verbosity" option. +- Fix #503: DNS over HTTPS response truncated. +- Fix warnings reported by the gcc analyzer. +- Add analyzer and port compile github workflow. +- Fix up permissions on rpl data file in tests. +- Fix testbound newline treatment in moment_read and tempfile write. +- Fix configure grep for reuseport default for failure. +- Fix compat ctime_r return value +- Fix configure does not require pkg-config if not needed. +- Fix unit test in the ctime_r calls for autotrust and in testbound. +- Fix auth zone download on windows to unlink before rename. +- Fix #506: Python Module Seems to Leak Memory if it Experiences an + Unhandled Exception. +- Fix Wunused-result compile warnings. +- Fix compiler warnings for #491. +- Fix clang-analysis warnings for testcode/readzone.c. +- Merge #510 from ndptech: Don't call a function which hasn't been + defined. +- Fix for #510: in depth, use ifdefs for windows api event calls. +- Fix spelling in doc/unbound.doxygen comment. +- Fix spelling in localzone.h comment. +- Fix unbound-control local_data and local_datas to print detailed + syntax errors. +- review fix to remove duplicate error printout. +- Insert header into testcode/readzone.c, it was missing. +- Fix from lint for ignored return value. +- Fix for older parsers for function call in serve expired get cached. +- Fix that ldns_zone_new_frm_fp_l counts the line number for an empty + line after a comment. +- Merge #512: unbound.service.in: upgrade hardening to latest + standards. +- Fix readzone unknown type print for memory resize. +- Merge #513: Stream reuse, attempt to fix #411, #439, #469. This + introduces a couple of fixes for the stream reuse functionality + that could result in broken internal structures. +- Fix #515: Compilation against openssl 3.0.0 beta2 is failing to + build unbound. +- For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and + SSL_get_peer_certificate. +- Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check. +- Prepare for OpenSSL 3.0.0 provider API usage, move the sldns + keyraw functions to produce EVP_PKEY results. +- Move RSA and DSA to use OpenSSL 3.0.0 API. ++++ 25 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/unbound/libunbound-devel-mini.changes ++++ and /work/SRC/openSUSE:Factory/.unbound.new.1899/libunbound-devel-mini.changes --- /work/SRC/openSUSE:Factory/unbound/unbound.changes 2021-06-05 23:31:49.064467768 +0200 +++ /work/SRC/openSUSE:Factory/.unbound.new.1899/unbound.changes 2021-08-16 10:13:58.370926691 +0200 @@ -1,0 +2,222 @@ +Thu Aug 12 18:02:18 UTC 2021 - Michael Str??der <[email protected]> + +- update to 1.13.2 + +Features +- Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support. + ZONEMD records are checked for zones loaded as auth-zone, + with DNSSEC if available. There is an added option + zonemd-permissive-mode that makes it log but not fail wrong zones. + With zonemd-reject-absence for an auth-zone the presence of a + zonemd can be mandated for specific zones. +- Fix: Resolve interface names on control-interface too. +- Merge #470 from edevil: Allow configuration of persistent TCP + connections. +- Fix #474: always_null and others inside view. +- Add that log-servfail prints an IP address and more information + about one of the last failures for that query. +- Merge #478: Allow configuration of TCP timeout while waiting for + response. +- Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024. +- Move the NSEC3 max iterations count in line with the 150 value + used by BIND, Knot and PowerDNS. This sets the default value + for it in the configuration to 150 for all key sizes. +- zonemd-check: yesno option, default no, enables the processing + of ZONEMD records for that zone. +- Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable. +- Merge PR #491: Add SVCB and HTTPS types and handling according to + draft-ietf-dnsop-svcb-https. +- Introduce 'http-user-agent:' and 'hide-http-user-agent:' options. + +Bug Fixes +- Fix for Python 3.9, no longer use deprecated functions of + PyEval_CallObject (now PyObject_Call), PyEval_InitThreads (now + none), PyParser_SimpleParseFile (now Py_CompileString). +- Merge PR #420 from dyunwei: DOH not responsing with + "http2_query_read_done failure" logged. +- Fix #422: IPv6 fallback issues when IPv6 is not properly + enabled/configured. +- Fix to make tests work with support indicators set for iterator. +- Fix build on Python 3.10. +- Fix doxygen and pydoc warnings. +- Fix #429: rpz: url: with https: broken (regression in 1.13.1). +- rpz skip nsec3param records, and nicer log for unsupported actions. +- Fix #431: Squelch permission denied errors for tcp connect + and udp connect from the logs, unless at high verbosity. +- Fix for zonemd, that nxdomain for the chain of trust is allowed + for island zones, it is treated as an insecure zone for verification. +- Fix for zonemd, that domain-insecure zones work without dnssec. +- Fix for zonemd, do not reject insecure result from trust anchor + validation step in dnssec chain of trust. +- On startup of unbound it checks if rlimits on memory size look + sufficient for the configured cache size, and logs warning if not. +- Fix function documentation. +- Fix unit test for added ulimit checks. +- spelling fix in header. +- Fix #384: (1) A minor request to improve the log (2) A minor bug in one + log message. +- ipsecmod: Better logging for detecting a cycle when attaching the + A/AAAA subquery. +- Merge PR #367 : DNSTAP log local address. With code from PR #365 + and fixes #368 : dnstap does not log the DNS message ID for + FORWARDER_QUERY. +- Fix to allow rpz with wildcard that applies to all TLDs at once. +- Fix for #367: rc_ports don't have ub_sock; skip cleaning up. +- Fix spurious errors about "Could not generate request: out of + memory". The mesh detect cycle routine no longer wrongly stops + the check when the calling mesh state is unique. +- Workaround for #439: prevent loops in the reuse rbtree. +- Debug output for #411 and #439: printout internal error and details. +- Fix parse of LOC RR type for decimetres. +- Fix #441: Minimal NSEC range not accepted for top level domains. +- Fix for #447: squelch connection refused tcp connection failures + from the log, unless verbosity is high. +- Merge #449 from orbea: build: Add missing linker flags. +- Comment out nonworking OSX and IOS travis tests, vm fails to start. +- Fix compile error in listen_dnsport on Android. +- Fix memory leak reported by asan in rpz SOA record query name. +- Fix unused-function warning when compiling with --enable-dnscrypt. +- Fix for #367: fix memory leak when cannot bind to listening port. +- Reformat pythonmod/pythonmod_utils.{c,h}. +- Travis enable all tests again. Clang analyzer only a couple times, + when there is a difference. homebrew updates disabled, so it does + not hang. removed trailing slashes from configure paths. Moved iOS + tests to allow-failure. +- travis, analyzer disabled on test without debug, that does not + run anway. Turn off failing tests except one. Update iOS test + to xcode image 12.2. +- Fix deprecation test to work for iOS TVOS and WatchOS, it uses + CFLAGS and CPPFLAGS and also checks if the item is unavailable. +- Travis, fix script to fail when tasks fail. +- Travis, fix warning in ubsan compile. +- Fix configure Targetconfiditionals.h header check, to use compile. +- Fix that cachedb does not produce empty object files when disabled. +- Fix #429: Also fix end of transfer for http download of auth zones. +- Disable the use of stack-protector for cross compiled 32-bit windows + builds; relates to #444. +- Fix stack-protector change to not override other CFLAGS options. +- Clean makedist.sh. +- Merge #460 from orbea: build: Link with the libtool archive. +- Fix to stop IPv6 PMTU discovery. +- Fix for #411: Depth protect for crash on deleted element timeout. +- rebuild configure to set EXTRALINK to libunbound.la for #460. +- Fix permission denied sendto log, squelch the log messages + unless high verbosity is set. +- Fix (increase) verbosity level for iterator error log in + processQueryTargets(). +- Fix that nxdomain synthesis does not happen above the stub or + forward definition. +- Fix documentation comment for files previously residing in checkconf/. +- Remove unused functions worker_handle_reply and libworker_handle_reply. +- Merge #466 from FGasper: Support OpenSSLs that lack + SSL_get0_alpn_selected. +- Fix #468: OpenSSL 1.0.1 can no longer build Unbound. +- Further fix for #468: detect SSL_CTX_set_alpn_protos for build with + OpenSSL 1.0.1. +- Fix that testcode dohclient has OpenSSL initialisation calls. +- Fix compiler warning for signed/unsigned comparison for + max_reuse_tcp_queries. +- Fix #481: Fix comment in configuration file. +- Fix to squelch tcp socket bind failures when the interface is gone. +- Rerun flex and bison. +- Fix for #367: only attempt to get the interface for queries that are no + longer on the tcp_waiting_list. +- Add more logging for out-of-memory cases. +- Fix #485: Unbound occasionally reports broken stats. +- Remove case fallthrough from deprecate-rsa-1024 code. +- Merge PR #487: ifdef RLIMIT_AS in recently added check. +- Fix that auth-zone zonefiles use last TTL if no TTL is specified. +- Fix #489: Compile using MSYS2 MinGW 64-bit. +- Fix for #411, #439, #469: Reset the DNS message ID when moving queries + between TCP streams. +- Refactor for uniform way to produce random DNS message IDs. +- Test code has -q option for quiet output. +- Fix #492: module-config respip missing in unbound.conf.5.in man + page. Merges #494 from he32. +- For #492: Fix font highlighting for the man page on emacs. +- Merge #496 from banburybill: Use build system endianness if + available, otherwise try to work it out. +- Fix test for zonemd-check option. +- Merge #448 from shoeper: Update unbound-control.8.in, fix + rpz_disable typo. +- Fix #425: Document auth-zone supports communication with DNS + primary on nondefault port. +- Fix unused variable warning when compiling with --enable-dnstap. +- Generated lexer and parser for #486; updated example.conf. +- Fix #413 (based on patch by k-ronny): unbound: does not compile + on macOS 11.1-x86_64 host. +- Use host_os instead of target_os in configure for Darwin8 build. +- Fix #500: SPEC file in version 1.13.1 references version 1.4; + unable to build RPM from source. +- Fix contrib/unbound.spec, fixed url and comment. +- Fix configure nonblocking test and onmingw test to use host. +- Merge #440 by kimheino: Various fixes to contrib/unbound_munin_ file. +- Fix a number of warnings reported by the gcc analyzer. +- Fix #495: Documentation or implementation of "verbosity" option. +- Fix #503: DNS over HTTPS response truncated. +- Fix warnings reported by the gcc analyzer. +- Add analyzer and port compile github workflow. +- Fix up permissions on rpl data file in tests. +- Fix testbound newline treatment in moment_read and tempfile write. +- Fix configure grep for reuseport default for failure. +- Fix compat ctime_r return value +- Fix configure does not require pkg-config if not needed. +- Fix unit test in the ctime_r calls for autotrust and in testbound. +- Fix auth zone download on windows to unlink before rename. +- Fix #506: Python Module Seems to Leak Memory if it Experiences an + Unhandled Exception. +- Fix Wunused-result compile warnings. +- Fix compiler warnings for #491. +- Fix clang-analysis warnings for testcode/readzone.c. +- Merge #510 from ndptech: Don't call a function which hasn't been + defined. +- Fix for #510: in depth, use ifdefs for windows api event calls. +- Fix spelling in doc/unbound.doxygen comment. +- Fix spelling in localzone.h comment. +- Fix unbound-control local_data and local_datas to print detailed + syntax errors. +- review fix to remove duplicate error printout. +- Insert header into testcode/readzone.c, it was missing. +- Fix from lint for ignored return value. +- Fix for older parsers for function call in serve expired get cached. +- Fix that ldns_zone_new_frm_fp_l counts the line number for an empty + line after a comment. +- Merge #512: unbound.service.in: upgrade hardening to latest + standards. +- Fix readzone unknown type print for memory resize. +- Merge #513: Stream reuse, attempt to fix #411, #439, #469. This + introduces a couple of fixes for the stream reuse functionality + that could result in broken internal structures. +- Fix #515: Compilation against openssl 3.0.0 beta2 is failing to + build unbound. +- For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and + SSL_get_peer_certificate. +- Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check. +- Prepare for OpenSSL 3.0.0 provider API usage, move the sldns + keyraw functions to produce EVP_PKEY results. +- Move RSA and DSA to use OpenSSL 3.0.0 API. ++++ 25 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/unbound/unbound.changes ++++ and /work/SRC/openSUSE:Factory/.unbound.new.1899/unbound.changes Old: ---- unbound-1.13.1.tar.gz New: ---- unbound-1.13.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libunbound-devel-mini.spec ++++++ --- /var/tmp/diff_new_pack.AqNqBP/_old 2021-08-16 10:13:59.030925849 +0200 +++ /var/tmp/diff_new_pack.AqNqBP/_new 2021-08-16 10:13:59.034925844 +0200 @@ -24,7 +24,7 @@ # Name: libunbound-devel-mini -Version: 1.13.1 +Version: 1.13.2 Release: 0 # # ++++++ unbound.spec ++++++ --- /var/tmp/diff_new_pack.AqNqBP/_old 2021-08-16 10:13:59.074925793 +0200 +++ /var/tmp/diff_new_pack.AqNqBP/_new 2021-08-16 10:13:59.078925788 +0200 @@ -36,7 +36,7 @@ %define piddir /run Name: unbound -Version: 1.13.1 +Version: 1.13.2 Release: 0 # # ++++++ unbound-1.13.1.tar.gz -> unbound-1.13.2.tar.gz ++++++ ++++ 41275 lines of diff (skipped)
