Hello community, here is the log from the commit of package unbound for openSUSE:Factory checked in at 2015-07-19 11:45:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/unbound (Old) and /work/SRC/openSUSE:Factory/.unbound.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unbound" Changes: -------- --- /work/SRC/openSUSE:Factory/unbound/unbound.changes 2015-06-06 09:54:19.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.unbound.new/unbound.changes 2015-07-19 11:45:49.000000000 +0200 @@ -1,0 +2,90 @@ +Thu Jul 9 10:16:32 UTC 2015 - [email protected] + +- update to 1.5.4 + +Features + - [bugzilla: 644 ] harden-algo-downgrade option, if turned off, + fixes the reported excessive validation failure when multiple + algorithms are present. If set to 'no', it allows the weakest + algorithm to validate the zone. + - stats reports tcp usage, of incoming-num-tcp buffers. + - contrib/unbound_smf22.tar.gz: Solaris SMF installation/removal + scripts. Contributed by Yuri Voinov. + - Add ip-transparent config option for bind to non-local addresses. + - Synthesize ANY responses from cache. Does not search exhaustively, + but MX,A,AAAA,SOA,NS also CNAME. + - unbound-control list_insecure command shows the negative trust + anchors currently configured, patch from Jelte Jansen. + - ratelimit feature, ratelimit: 1000, can be used to turn it on. It + ratelimits recursion effort per zone. For particular names you can + configure exceptions in unbound.conf. + - Ratelimit does not apply to prefetched queries, and + ratelimit-factor is default 10. Repeated normal queries get resolved + and with prefetch stay in the cache. + - unbound-control ratelimit_list lists high rate domains. + - caps-whitelist in unbound.conf allows whitelist of loadbalancers + that cannot work with caps-for-id or its fallback. + - RFC 7553 RR type URI support, is now enabled by default. + - cache-max-negative-ttl config option, default 3600. + - Add local-zone type inform_deny, that logs query and drops answer. + +Bug Fixes + - Unbound exits with a fatal error when the auto-trust-anchor-file + fails to be writable. This is seconds after startup. You can load a + readonly auto-trust-anchor-file with trust-anchor-file. The file has + to be writable to notice the trust anchor change, without it, a trust + anchor change will be unnoticed and the system will then become + inoperable. + - DLV is going to be decommissioned. Advice to stop using it, and + put text in the example configuration and man page to that effect. + - Patch from Brad Smith that syncs compat/getentropy_linux with + OpenBSD's version (2015-03-04). + - 0x20 fallback improved: servfail responses do not count as missing + comparisons (except if all responses are errors), inability to find + nameservers does not fail equality comparisons, many nameservers does + not try to compare more than max-sent-count, parse failures start 0x20 + fallback procedure. + - store caps_response with best response in case downgrade response + happens to be the last one. + - Document that incoming-num-tcp increase is good for large servers. + - Fix lintian warning in unbound-checkconf man page (from Andreas + Schulze). + - Updated default keylength in unbound-control-setup to 3k. + - Fixup compile on cygwin, more portable openssl thread id. + - Use reallocarray for integer overflow protection, patch submitted + by Loganaden Velvindron. + - Fixed to add integer overflow checks on allocation (defense in depth). + - Fix segfault on user not found at startup (from Maciej Soltysiak). + - [bugzilla: 657 ] Fix that libunbound(3) recommends deprecated + CRYPTO_set_id_callback. + - If unknown trust anchor algorithm, and libressl is used, error + message encourages upgrade of the libressl package. + - rename ldns subdirectory to sldns to avoid name collision. + - [bugzilla: 660 ] Fix interface-automatic broken in the presence of + asymmetric routing. + - Libunbound skips dos-line-endings from etc/hosts. + - Fix crash in dnstap: Do not try to log TCP responses after timeout. + - Fix that get_option for cache-sizes does not print double newline. + - [bugzilla: 663 ] Fix that ssl handshake fails when using unix + socket because dh size is too small. + - [bugzilla: 664 ] libunbound python3 related fixes (from Tomas + Hozza); Use print_function also for Python2. libunbound examples: + produce sorted output. libunbound-Python: libldns is not used anymore. + Fix issue with Python 3 mapping of FILE* using file_py3.i from ldns. + - Fix leaked dns64prefix configuration string. + - Removed contrib/unbound_unixsock.diff, because it has been + integrated, use control-interface: /path in unbound.conf. + - Change syntax of particular validator error to be easier for + machine parse, swap rrset and ip adres info so it looks like: + validation failure <www.example.nl. TXT IN>: signature crypto failed + from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN> + - Fix that unparseable error responses are ratelimited. + - SOA negative TTL is capped at minimumttl in its rdata section. + - [bugzilla: 674 ] Do not free pointers given by getenv. + - [bugzilla: 677 ] Fix CNAME corresponding to a DNAME was checked + incorrectly and was therefore always synthesized (thanks to Valentin + Dietrich). And fix DNAME responses from cache that failed internal + chain test. + - iana portlist update. + +------------------------------------------------------------------- Old: ---- unbound-1.5.3.tar.gz New: ---- unbound-1.5.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ unbound.spec ++++++ --- /var/tmp/diff_new_pack.z7CdYK/_old 2015-07-19 11:45:50.000000000 +0200 +++ /var/tmp/diff_new_pack.z7CdYK/_new 2015-07-19 11:45:50.000000000 +0200 @@ -47,7 +47,7 @@ %endif Name: unbound -Version: 1.5.3 +Version: 1.5.4 Release: 0 # # ++++++ unbound-1.5.3.tar.gz -> unbound-1.5.4.tar.gz ++++++ ++++ 34343 lines of diff (skipped)
