Hello community, here is the log from the commit of package unbound for openSUSE:Factory checked in at 2018-05-08 13:31:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/unbound (Old) and /work/SRC/openSUSE:Factory/.unbound.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unbound" Tue May 8 13:31:57 2018 rev:24 rq:604021 version:1.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/unbound/libunbound-devel-mini.changes 2018-04-24 15:30:26.452058441 +0200 +++ /work/SRC/openSUSE:Factory/.unbound.new/libunbound-devel-mini.changes 2018-05-08 13:31:59.713125472 +0200 @@ -1,0 +2,92 @@ +Thu May 3 16:38:07 UTC 2018 - [email protected] + +- update to 1.7.1 + +Features +- Add --with-libhiredis, unbound support for a new cachedb + backend that uses a Redis server as the storage. This + implementation depends on the hiredis client library + (https://redislabs.com/lp/hiredis/). + And unbound should be built with both --enable-cachedb and + --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h + should exist). Patch from Jinmei Tatuya (Infoblox). +- Create additional tls service interfaces by opening them on other + portnumbers and listing the portnumbers as additional-tls-port: nr. +- ED448 support. +- num.query.authzone.up and num.query.authzone.down statistics counters. +- Accept both option names with and without colon for get_option + and set_option. +- low-rtt and low-rtt-pct in unbound.conf enable the server selection + of fast servers for some percentage of the time. +- num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN + statistics counters. +- allow-notify: config statement for auth-zones. +- Can set tls authentication with forward-addr: IP#tls.auth.name + And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem". + such as forward-addr: 9.9.9.9@853#dns.quad9.net or + 1.1.1.1@853#cloudflare-dns.com +- list_auth_zones unbound-control command. +- Added root-key-sentinel support + +Bug Fixes +- Fix #3727: Protocol name is TLS, options have been renamed but + documentation is not consistent. +- Check IXFR start serial. +- Fix typo in documentation. +- Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually + flushed with serve-expired on. +- Fix #3817: core dump happens in libunbound delete, when queued + servfail hits deleted message queue. +- corrected a minor typo in the changelog. +- move htobe64/be64toh portability code to cachedb.c. +- iana port update. +- Do not use cached NSEC records to generate negative answers for + domains under DNSSEC Negative Trust Anchors. +- Fix unbound-control get_option aggressive-nsec +- Check "result" in dup_all(), by Florian Obser. +- Fix #4043: make test fails due to v6 presentation issue in macOS. +- Fix unable to resolve after new WLAN connection, due to auth-zone + failing with a forwarder set. Now, auth-zone is only used for + answers (not referrals) when a forwarder is set. +- Combine write of tcp length and tcp query for dns over tls. +- nitpick fixes in example.conf. +- Fix above stub queries for type NS and useless delegation point. +- Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3 + tls_choose_sigalg routine does not allow the ciphers for the pipe, + so use TLSv1.2. +- Fix that flush_zone sets prefetch ttl expired, so that with + serve-expired enabled it'll start prefetching those entries. +- Fix downstream auth zone, only fallback when auth zone fails to + answer and fallback is enabled. +- Fix for max include depth for authzones. +- Fix memory free on fail for $INCLUDE in authzone. +- Fix that an internal error to look up the wrong rr type for + auth zone gets stopped, before trying to send there. +- Fix auth zone target lookup iterator. +- Fix auth-zone retry timer to be on schedule with retry timeout, + with backoff. Also time a refresh at the zone expiry. +- Fix #658: unbound using TLS in a forwarding configuration does not + verify the server's certificate (RFC 8310 support). +- For addr with #authname and no @port notation, the default is 853. +- man page documentation for dns-over-tls forward-addr '#' notation. +- removed free from failed parse case. +- Fix #4091: Fix that reload of auth-zone does not merge the zonefile + with the previous contents. +- Delete auth zone when removed from config. +- makedist uses bz2 for expat code, instead of tar.gz. +- Fix #4092: libunbound: use-caps-for-id lacks colon in + config_set_option. +- auth zone http download stores exact copy of downloaded file, + including comments in the file. +- Fix sldns parse failure for CDS alternate delete syntax empty hex. +- Attempt for auth zone fix; add of callback in mesh gets from + callback does not skip callback of result. +- Fix cname classification with qname minimisation enabled. +- Fix contrib/fastrpz.patch for this release. +- Fix auth https for libev. +- Fix memory leak when caching wildcard records for aggressive NSEC use +- Fix for crash in daemon_cleanup with dnstap during reload, + from Saksham Manchanda. +- Also that for dnscrypt. + +------------------------------------------------------------------- unbound.changes: same change Old: ---- unbound-1.7.0.tar.gz New: ---- unbound-1.7.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libunbound-devel-mini.spec ++++++ --- /var/tmp/diff_new_pack.ka804g/_old 2018-05-08 13:32:00.729088815 +0200 +++ /var/tmp/diff_new_pack.ka804g/_new 2018-05-08 13:32:00.733088671 +0200 @@ -24,7 +24,7 @@ # Name: libunbound-devel-mini -Version: 1.7.0 +Version: 1.7.1 Release: 0 # # ++++++ unbound.spec ++++++ --- /var/tmp/diff_new_pack.ka804g/_old 2018-05-08 13:32:00.773087228 +0200 +++ /var/tmp/diff_new_pack.ka804g/_new 2018-05-08 13:32:00.777087083 +0200 @@ -58,7 +58,7 @@ %endif Name: unbound -Version: 1.7.0 +Version: 1.7.1 Release: 0 # # ++++++ unbound-1.7.0.tar.gz -> unbound-1.7.1.tar.gz ++++++ ++++ 17680 lines of diff (skipped)
