Hello community, here is the log from the commit of package unbound for openSUSE:Factory checked in at 2020-12-04 21:27:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/unbound (Old) and /work/SRC/openSUSE:Factory/.unbound.new.5913 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unbound" Fri Dec 4 21:27:40 2020 rev:48 rq:852894 version:1.13.0 Changes: -------- --- /work/SRC/openSUSE:Factory/unbound/libunbound-devel-mini.changes 2020-10-10 19:01:56.192411190 +0200 +++ /work/SRC/openSUSE:Factory/.unbound.new.5913/libunbound-devel-mini.changes 2020-12-04 21:27:42.578057817 +0100 @@ -1,0 +2,115 @@ +Thu Dec 3 11:26:17 UTC 2020 - Michael Ströder <[email protected]> + +- update to 1.13.0 + +Features +- Pass the comm_reply information to the inplace_cb_reply* functions + during the mesh state and update the documentation on that. +- Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. + This adds the option http-notls-downstream: yesno to change that, + and the dohclient test code has the -n option. +- Merge PR #228 : infra-keep-probing option to probe hosts that are + down. Add infra-keep-probing: yes option. Hosts that are down are + probed more frequently. + With the option turned on, it probes about every 120 seconds, + eventually after exponential backoff, and that keeps that way. If + traffic keeps up for the domain. It probes with one at a time, eg. + one query is allowed to probe, other queries within that 120 second + interval are turned away. +- Merge PR #313 from Ralph Dolmans: Replace edns-client-tag with + edns-client-string option. +- Merge PR #283 : Stream reuse. This implements upstream stream + reuse for performing several queries over the same TCP or TLS + channel. +- Fix to connect() to UDP destinations, default turned on, + this lowers vulnerability to ICMP side channels. + Option to toggle udp-connect, default is enabled. + +Bug Fixes +- Fix #319: potential memory leak on config failure, in rpz config. +- Fix dnstap socket and the chroot not applied properly to the dnstap + socket path. +- Fix warning in libnss compile, nss_buf2dsa is not used without DSA. +- Fix #323: unbound testsuite fails on mock build in systemd-nspawn + if systemd support is build. +- Fix for python reply callback to see mesh state reply_list member, + it only removes it briefly for the commpoint call so that it does + not drop it and attempt to modify the reply list during reply. +- Fix that if there are on reply callbacks, those are called per + reply and a new message created if that was modified by the call. +- Free up auth zone parse region after use for lookup of host +- Merge PR #326 from netblue30: DoH: implement content-length + header field. +- DoH content length, simplify code, remove declaration after + statement and fix cast warning. +- Fix that if there are reply callbacks for the given rcode, those + are called per reply and a new message created if that was modified + by the call. +- Fix that the out of order TCP processing does not limit the + number of outstanding queries over a connection. +- Fix python documentation warning on functions.rst inplace_cb_reply. +- Log ip address when http session recv fails, eg. due to tls fail. +- Fix to set the tcp handler event toggle flag back to default when + the handler structure is reused. +- Clean the fix for out of order TCP processing limits on number + of queries. It was tested to work. +- Fix that http settings have colon in set_option, for + http-endpoint, http-max-streams, http-query-buffer-size, + http-response-buffer-size, and http-nodelay. +- Fix memory leak of https port string when reading config. +- local-zone regional allocations outside of chunk +- Merge PR #324 from James Renken: Add modern X.509v3 extensions to + unbound-control TLS certificates. +- Fix for PR #324 to attach the x509v3 extensions to the client + certificate. +- Fix #327: net/if.h check fails on some darwin versions; contribution + by Joshua Root. +- Fix #320: potential memory corruption due to size miscomputation upton + custom region alloc init. +- Fix #333: Unbound Segmentation Fault w/ log_info Functions From + Python Mod. +- Fix that minimal-responses does not remove addresses from a priming + query response. +- In man page note that tls-cert-bundle is read before permission + drop and chroot. +- Fix #341: fixing a possible memory leak. +- Fix memory leak after fix for possible memory leak failure. +- Fix #343: Fail to build --with-libnghttp2 with error: 'SSIZE_MAX' + undeclared. +- Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere + with chown of pidfile. +- Fix #347: IP_DONTFRAG broken on Apple xcode 12.2. +- Fix #350: with the AF_NETLINK permission, to fix 1.12.0 error: + failed to list interfaces: getifaddrs: Address family not + supported by protocol. +- Merge #351 from dvzrv: Add AF_NETLINK to set of allowed socket + address families. +- iana portlist updated. +- Fix crash when TLS connection is closed prematurely, when + reuse tree comparison is not properly identical to insertion. +- Fix padding of struct regional for 32bit systems. +- with udp-connect ignore connection refused with UDP timeouts. +- Fix udp-connect on FreeBSD, do send calls on connected UDP socket. +- Better fix for reuse tree comparison for is-tls sockets. Where + the tree key identity is preserved after cleanup of the TLS state. +- Fix memory leak for edns client tag opcode config element. +- Attempt fix for libevent state in tcp reuse cases after a packet + is written. +- Fix readagain and writeagain callback functions for comm point + cleanup. +- Fix to omit UDP receive errors from log, if verbosity low. + These happen because of udp-connect. +- For #352: contrib/metrics.awk for Prometheus style metrics output. +- Fix that after failed read, the readagain cannot activate. +- Clear readagain upon decommission of pending tcp structure. +- Fix compile warning for type cast in http2_submit_dns_response. +- Fix when use free buffer to initialize rbtree for stream reuse. +- Fix compile warnings for windows. +- Fix compile warnings in rpz initialization. +- Fix contrib/metrics.awk for FreeBSD awk compatibility. +- Fix assertion failure on double callback when iterator loses + interest in query at head of line that then has the tcp stream + not kept for reuse. +- Fix stream reuse and tcp fast open. + +------------------------------------------------------------------- unbound.changes: same change Old: ---- unbound-1.12.0.tar.gz New: ---- unbound-1.13.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libunbound-devel-mini.spec ++++++ --- /var/tmp/diff_new_pack.b6XX2E/_old 2020-12-04 21:27:44.566060670 +0100 +++ /var/tmp/diff_new_pack.b6XX2E/_new 2020-12-04 21:27:44.566060670 +0100 @@ -24,7 +24,7 @@ # Name: libunbound-devel-mini -Version: 1.12.0 +Version: 1.13.0 Release: 0 # # ++++++ unbound.spec ++++++ --- /var/tmp/diff_new_pack.b6XX2E/_old 2020-12-04 21:27:44.598060715 +0100 +++ /var/tmp/diff_new_pack.b6XX2E/_new 2020-12-04 21:27:44.602060721 +0100 @@ -36,7 +36,7 @@ %define piddir /run Name: unbound -Version: 1.12.0 +Version: 1.13.0 Release: 0 # # ++++++ unbound-1.12.0.tar.gz -> unbound-1.13.0.tar.gz ++++++ ++++ 23163 lines of diff (skipped) _______________________________________________ openSUSE Commits mailing list -- [email protected] To unsubscribe, email [email protected] List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/[email protected]
