Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package unbound for openSUSE:Factory checked in at 2023-09-07 21:12:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/unbound (Old) and /work/SRC/openSUSE:Factory/.unbound.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unbound" Thu Sep 7 21:12:20 2023 rev:62 rq:1109502 version:1.18.0 Changes: -------- --- /work/SRC/openSUSE:Factory/unbound/libunbound-devel-mini.changes 2023-08-30 10:21:02.589346898 +0200 +++ /work/SRC/openSUSE:Factory/.unbound.new.1766/libunbound-devel-mini.changes 2023-09-07 21:12:41.809210520 +0200 @@ -1,0 +2,65 @@ +Thu Sep 7 08:03:33 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- Update to 1.18.0: + * Features: + - Ðdd a metric about the maximum number of collisions in lrushah. + - Set max-udp-size default to 1232. This is the same default value + as the default value for edns-buffer-size. It restricts client + edns buffer size choices, and makes unbound behave similar to + other DNS resolvers. + - Add harden-unknown-additional option. It removes unknown records + from the authority section and additional section. + - Added new static zone type block_a to suppress all A queries for + specific zones. + - [FR] Ability to use Redis unix sockets. + - [FR] Ability to set the Redis password. + - Features/dropqueuedpackets, with sock-queue-timeout option that + drops packets that have been in the socket queue for too long. + Added statistics num.queries_timed_out and query.queue_time_us.max + that track the socket queue timeouts. + - 'eqvinox' Lamparter: NAT64 support. + - [FR] Use kernel timestamps for dnstap. + - Add cachedb hit stat. Introduces 'num.query.cachedb' as a new + statistical counter. + - Add SVCB dohpath support. + - Add validation EDEs to queries where the CD bit is set. + - Add prefetch support for subnet cache entries. + - Add EDE (RFC8914) caching. + - Add support for EDE caching in cachedb and subnetcache. + - Downstream DNS Server Cookies a la RFC7873 and RFC9018. Create server + cookies for clients that send client cookies. This needs to be explicitly + turned on in the config file with: `answer-cookie: yes`. + * Bug Fixes + - Response change to NODATA for some ANY queries since 1.12. + - Fix not following cleared RD flags potentially enables + amplification DDoS attacks. + - Set default for harden-unknown-additional to no. So that it + does not hamper future protocol developments. + - Fix to ignore entirely empty responses, and try at another authority. + This turns completely empty responses, a type of noerror/nodata into + a servfail, but they do not conform to RFC2308, and the retry can fetch + improved content. + - Allow TTL refresh of expired error responses. + - Fix: Unexpected behavior with client-subnet-always-forward and serve-expired + - Fix unbound-dnstap-socket test program to reply the finish frame over + a TLS connection correctly. + - Fix: reserved identifier violation + - Fix: Unencrypted query is sent when forward-tls-upstream: yes is used + without tls-cert-bundle + - Extra consistency check to make sure that when TLS is requested, + either we set up a TLS connection or we return an error. + - Fix: NXDOMAIN instead of NOERROR rcode when asked for existing CNAME record. + - Fix: Bad interaction with 0 TTL records and serve-expired + - Fix RPZ IP responses with trigger rpz-drop on cache entries. + - Fix RPZ removal of client-ip, nsip, nsdname triggers from IXFR. + - Fix dereference of NULL variable warning in mesh_do_callback. + - Fix ip_ratelimit test to work with dig that enables DNS cookies. + - Fix for iter_dec_attempts that could cause a hang, part of capsforid + and qname minimisation, depending on the settings. + - Fix uninitialized memory passed in padding bytes of cmsg to sendmsg. + - Fix stat_values test to work with dig that enables DNS cookies. + - unbound.service: Main process exited, code=killed, status=11/SEGV. + Fixes cachedb configuration handling. + - Fix: processQueryResponse() THROWAWAY should be mindful of fail_reply. + +------------------------------------------------------------------- unbound.changes: same change Old: ---- unbound-1.17.1.tar.gz unbound-1.17.1.tar.gz.asc New: ---- unbound-1.18.0.tar.gz unbound-1.18.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libunbound-devel-mini.spec ++++++ --- /var/tmp/diff_new_pack.ScKYUD/_old 2023-09-07 21:12:44.933322200 +0200 +++ /var/tmp/diff_new_pack.ScKYUD/_new 2023-09-07 21:12:44.937322343 +0200 @@ -22,7 +22,7 @@ %bcond_without hardened_build # Name: libunbound-devel-mini -Version: 1.17.1 +Version: 1.18.0 #!BcntSyncTag: unbound Release: 0 Summary: Just a devel package for build loops ++++++ unbound.spec ++++++ --- /var/tmp/diff_new_pack.ScKYUD/_old 2023-09-07 21:12:44.973323630 +0200 +++ /var/tmp/diff_new_pack.ScKYUD/_new 2023-09-07 21:12:44.977323773 +0200 @@ -33,7 +33,7 @@ %define piddir /run Name: unbound -Version: 1.17.1 +Version: 1.18.0 Release: 0 BuildRequires: flex BuildRequires: ldns-devel >= %{ldns_version} ++++++ unbound-1.17.1.tar.gz -> unbound-1.18.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/unbound/unbound-1.17.1.tar.gz /work/SRC/openSUSE:Factory/.unbound.new.1766/unbound-1.18.0.tar.gz differ: char 18, line 1