Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package unbound for openSUSE:Factory checked
in at 2023-09-07 21:12:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/unbound (Old)
and /work/SRC/openSUSE:Factory/.unbound.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unbound"
Thu Sep 7 21:12:20 2023 rev:62 rq:1109502 version:1.18.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/unbound/libunbound-devel-mini.changes
2023-08-30 10:21:02.589346898 +0200
+++ /work/SRC/openSUSE:Factory/.unbound.new.1766/libunbound-devel-mini.changes
2023-09-07 21:12:41.809210520 +0200
@@ -1,0 +2,65 @@
+Thu Sep 7 08:03:33 UTC 2023 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 1.18.0:
+ * Features:
+ - Ðdd a metric about the maximum number of collisions in lrushah.
+ - Set max-udp-size default to 1232. This is the same default value
+ as the default value for edns-buffer-size. It restricts client
+ edns buffer size choices, and makes unbound behave similar to
+ other DNS resolvers.
+ - Add harden-unknown-additional option. It removes unknown records
+ from the authority section and additional section.
+ - Added new static zone type block_a to suppress all A queries for
+ specific zones.
+ - [FR] Ability to use Redis unix sockets.
+ - [FR] Ability to set the Redis password.
+ - Features/dropqueuedpackets, with sock-queue-timeout option that
+ drops packets that have been in the socket queue for too long.
+ Added statistics num.queries_timed_out and query.queue_time_us.max
+ that track the socket queue timeouts.
+ - 'eqvinox' Lamparter: NAT64 support.
+ - [FR] Use kernel timestamps for dnstap.
+ - Add cachedb hit stat. Introduces 'num.query.cachedb' as a new
+ statistical counter.
+ - Add SVCB dohpath support.
+ - Add validation EDEs to queries where the CD bit is set.
+ - Add prefetch support for subnet cache entries.
+ - Add EDE (RFC8914) caching.
+ - Add support for EDE caching in cachedb and subnetcache.
+ - Downstream DNS Server Cookies a la RFC7873 and RFC9018. Create server
+ cookies for clients that send client cookies. This needs to be explicitly
+ turned on in the config file with: `answer-cookie: yes`.
+ * Bug Fixes
+ - Response change to NODATA for some ANY queries since 1.12.
+ - Fix not following cleared RD flags potentially enables
+ amplification DDoS attacks.
+ - Set default for harden-unknown-additional to no. So that it
+ does not hamper future protocol developments.
+ - Fix to ignore entirely empty responses, and try at another authority.
+ This turns completely empty responses, a type of noerror/nodata into
+ a servfail, but they do not conform to RFC2308, and the retry can fetch
+ improved content.
+ - Allow TTL refresh of expired error responses.
+ - Fix: Unexpected behavior with client-subnet-always-forward and
serve-expired
+ - Fix unbound-dnstap-socket test program to reply the finish frame over
+ a TLS connection correctly.
+ - Fix: reserved identifier violation
+ - Fix: Unencrypted query is sent when forward-tls-upstream: yes is used
+ without tls-cert-bundle
+ - Extra consistency check to make sure that when TLS is requested,
+ either we set up a TLS connection or we return an error.
+ - Fix: NXDOMAIN instead of NOERROR rcode when asked for existing CNAME
record.
+ - Fix: Bad interaction with 0 TTL records and serve-expired
+ - Fix RPZ IP responses with trigger rpz-drop on cache entries.
+ - Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR.
+ - Fix dereference of NULL variable warning in mesh_do_callback.
+ - Fix ip_ratelimit test to work with dig that enables DNS cookies.
+ - Fix for iter_dec_attempts that could cause a hang, part of capsforid
+ and qname minimisation, depending on the settings.
+ - Fix uninitialized memory passed in padding bytes of cmsg to sendmsg.
+ - Fix stat_values test to work with dig that enables DNS cookies.
+ - unbound.service: Main process exited, code=killed, status=11/SEGV.
+ Fixes cachedb configuration handling.
+ - Fix: processQueryResponse() THROWAWAY should be mindful of fail_reply.
+
+-------------------------------------------------------------------
unbound.changes: same change
Old:
----
unbound-1.17.1.tar.gz
unbound-1.17.1.tar.gz.asc
New:
----
unbound-1.18.0.tar.gz
unbound-1.18.0.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libunbound-devel-mini.spec ++++++
--- /var/tmp/diff_new_pack.ScKYUD/_old 2023-09-07 21:12:44.933322200 +0200
+++ /var/tmp/diff_new_pack.ScKYUD/_new 2023-09-07 21:12:44.937322343 +0200
@@ -22,7 +22,7 @@
%bcond_without hardened_build
#
Name: libunbound-devel-mini
-Version: 1.17.1
+Version: 1.18.0
#!BcntSyncTag: unbound
Release: 0
Summary: Just a devel package for build loops
++++++ unbound.spec ++++++
--- /var/tmp/diff_new_pack.ScKYUD/_old 2023-09-07 21:12:44.973323630 +0200
+++ /var/tmp/diff_new_pack.ScKYUD/_new 2023-09-07 21:12:44.977323773 +0200
@@ -33,7 +33,7 @@
%define piddir /run
Name: unbound
-Version: 1.17.1
+Version: 1.18.0
Release: 0
BuildRequires: flex
BuildRequires: ldns-devel >= %{ldns_version}
++++++ unbound-1.17.1.tar.gz -> unbound-1.18.0.tar.gz ++++++
/work/SRC/openSUSE:Factory/unbound/unbound-1.17.1.tar.gz
/work/SRC/openSUSE:Factory/.unbound.new.1766/unbound-1.18.0.tar.gz differ: char
18, line 1
