Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package unbound for openSUSE:Factory checked
in at 2024-03-09 20:54:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/unbound (Old)
and /work/SRC/openSUSE:Factory/.unbound.new.1770 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unbound"
Sat Mar 9 20:54:05 2024 rev:65 rq:1156332 version:1.19.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/unbound/libunbound-devel-mini.changes
2024-03-01 23:34:53.571912732 +0100
+++ /work/SRC/openSUSE:Factory/.unbound.new.1770/libunbound-devel-mini.changes
2024-03-09 20:54:53.699051036 +0100
@@ -1,0 +2,9 @@
+Fri Mar 8 10:15:41 UTC 2024 - Jorik Cronenberg <jorik.cronenb...@suse.com>
+
+- Update to 1.19.2:
+ * Bug Fixes:
+ - Fix CVE-2024-1931, Denial of service when trimming EDE text
+ on positive replies.
+ [bsc#1221164]
+
+-------------------------------------------------------------------
@@ -8,0 +18,7 @@
+
+-------------------------------------------------------------------
+Tue Feb 6 13:27:06 UTC 2024 - Stefan Seyfried <seife+...@b1-systems.com>
+
+- as we use --disable-explicit-port-randomisation, also disable
+ outgoing-port-permit and outgoing-port-avoid in config file to
+ suppress the related unbound-checkconf warnings on every start
--- /work/SRC/openSUSE:Factory/unbound/unbound.changes 2024-03-01
23:34:56.788029041 +0100
+++ /work/SRC/openSUSE:Factory/.unbound.new.1770/unbound.changes
2024-03-09 20:54:53.867057186 +0100
@@ -1,0 +2,9 @@
+Fri Mar 8 10:12:30 UTC 2024 - Jorik Cronenberg <jorik.cronenb...@suse.com>
+
+- Update to 1.19.2:
+ * Bug Fixes:
+ - Fix CVE-2024-1931, Denial of service when trimming EDE text
+ on positive replies.
+ [bsc#1221164]
+
+-------------------------------------------------------------------
@@ -8,0 +18,12 @@
+
+-------------------------------------------------------------------
+Tue Feb 6 13:27:06 UTC 2024 - Stefan Seyfried <seife+...@b1-systems.com>
+
+- as we use --disable-explicit-port-randomisation, also disable
+ outgoing-port-permit and outgoing-port-avoid in config file to
+ suppress the related unbound-checkconf warnings on every start
+
+-------------------------------------------------------------------
+Tue Jan 23 09:32:21 UTC 2024 - Jakob Lorenz <onlyja...@mailbox.org>
+
+- Use prefixes instead of sudo in unbound.service (boo#1215628)
Old:
----
unbound-1.19.1.tar.gz
unbound-1.19.1.tar.gz.asc
New:
----
unbound-1.19.2.tar.gz
unbound-1.19.2.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libunbound-devel-mini.spec ++++++
--- /var/tmp/diff_new_pack.kR09EI/_old 2024-03-09 20:54:54.903095110 +0100
+++ /var/tmp/diff_new_pack.kR09EI/_new 2024-03-09 20:54:54.907095256 +0100
@@ -22,7 +22,7 @@
%bcond_without hardened_build
#
Name: libunbound-devel-mini
-Version: 1.19.1
+Version: 1.19.2
#!BcntSyncTag: unbound
Release: 0
Summary: Just a devel package for build loops
++++++ unbound.spec ++++++
--- /var/tmp/diff_new_pack.kR09EI/_old 2024-03-09 20:54:54.947096720 +0100
+++ /var/tmp/diff_new_pack.kR09EI/_new 2024-03-09 20:54:54.951096866 +0100
@@ -33,7 +33,7 @@
%define piddir /run
Name: unbound
-Version: 1.19.1
+Version: 1.19.2
Release: 0
BuildRequires: flex
BuildRequires: ldns-devel >= %{ldns_version}
@@ -174,6 +174,7 @@
%build
%sysusers_generate_pre %{SOURCE19} anchor unbound.conf
+
export CFLAGS="%{optflags}"
export CXXFLAGS="%{optflags}"
++++++ unbound-1.19.1.tar.gz -> unbound-1.19.2.tar.gz ++++++
/work/SRC/openSUSE:Factory/unbound/unbound-1.19.1.tar.gz
/work/SRC/openSUSE:Factory/.unbound.new.1770/unbound-1.19.2.tar.gz differ: char
28, line 1
++++++ unbound.conf ++++++
--- /var/tmp/diff_new_pack.kR09EI/_old 2024-03-09 20:54:55.155104334 +0100
+++ /var/tmp/diff_new_pack.kR09EI/_new 2024-03-09 20:54:55.159104481 +0100
@@ -70,19 +70,6 @@
# port range that can be open simultaneously.
# outgoing-range: 4096
- # permit unbound to use this port number or port range for
- # making outgoing queries, using an outgoing interface.
- # Only ephemeral ports are allowed by SElinux
- outgoing-port-permit: 32768-65535
-
- # deny unbound the use this of port number or port range for
- # making outgoing queries, using an outgoing interface.
- # Use this to make sure unbound does not grab a UDP port that some
- # other server on this computer needs. The default is to avoid
- # IANA-assigned port numbers.
- # Our SElinux policy does not allow non-ephemeral ports to be used
- outgoing-port-avoid: 0-32767
-
# number of outgoing simultaneous tcp buffers to hold per thread.
# outgoing-num-tcp: 10
++++++ unbound.service ++++++
--- /var/tmp/diff_new_pack.kR09EI/_old 2024-03-09 20:54:55.199105945 +0100
+++ /var/tmp/diff_new_pack.kR09EI/_new 2024-03-09 20:54:55.203106091 +0100
@@ -9,11 +9,13 @@
[Service]
Type=simple
+User=unbound
+Group=unbound
EnvironmentFile=-/etc/sysconfig/unbound
#ExecStartPre=/sbin/runuser --shell /bin/sh -c "/usr/sbin/unbound-anchor -a
/var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem" unbound
-ExecStartPre=/usr/bin/sudo -u unbound /usr/sbin/unbound-anchor -a
/var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem
+ExecStartPre=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c
/etc/unbound/icannbundle.pem
ExecStartPre=/usr/sbin/unbound-checkconf
-ExecStart=/usr/sbin/unbound -d $UNBOUND_OPTIONS
+ExecStart=!/usr/sbin/unbound -d $UNBOUND_OPTIONS
[Install]
WantedBy=multi-user.target
