pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/unbound Update unbound to version 1.16.0.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a6d9a622fca2
branches:  trunk
changeset: 380267:a6d9a622fca2
user:      he <he%pkgsrc.org@localhost>
date:      Thu Jun 02 13:02:38 2022 +0000

description:
Update unbound to version 1.16.0.

Pkgsrc changes:
 * Remove patch now integrated upstream
 * Updated checksums

Upstream changes:

This release has EDE support, for extended EDNS error reporting,
it fixes unsupported ZONEMD algorithms to load, and has more bug fixes.

The EDE errors can be turned on by `ede: yes`, it is default disabled.
Validation errors and other errors are then reported. If you also want
stale answers for expired responses to have an error code, the option
`ede-serve-expired: yes` can be used.

Features
- Merge PR #604: Add basic support for EDE (RFC8914).

Bug Fixes
- Fix #412: cache invalidation issue with CNAME+A.
- Fix that TCP interface does not use TLS when TLS is also configured.
- Fix #624: Unable to stop Unbound in Windows console (does not
  respond to CTRL+C command).
- Fix #618: enabling interface-automatic disables DNS-over-TLS.
  Adds the option to list interface-automatic-ports.
- Remove debug info from #618 fix.
- Fix #628: A rpz-passthru action is not ending RPZ zone processing.
- Fix for #628: fix rpz-passthru for qname trigger by localzone type.
- Fix that address not available is squelched from the logs for
  udp connect failures. It is visible on verbosity 4 and more.
- Merge #631 from mollyim: Replace OpenSSL's ERR_PACK with
  ERR_GET_REASON.
- Fix to detect that no IPv6 support means that IPv6 addresses are
  useless for delegation point lookups.
- update Makefile dependencies.
- Fix check interface existence for support detection in remote lookup.
- Fix #633: Document unix domain socket support for unbound-control.
- Fix for #633: updated fix with new text.
- Fix edns client subnet to add the option based on the option list,
  so that it is not state dependent, after the state fix of #605 for
  double EDNS options.
- Fix for edns client subnet option add fix in removal code, from review.
- Fix #630: Unify the RPZ log messages.
- Merge #623 from rex4539: Fix typos.
- Fix pythonmod for change in iter_dp_is_useless function prototype.
- Fix compile warnings for printf ll format on mingw compile.
- Merge PR #632 from scottrw93: Match cnames in ipset.
- Various fixes for #632: variable initialisation, convert the qinfo
  to str once, accept trailing dot in the local-zone ipset option.
- Fix #637: Integer Overflow in sldns_str2period function.
- Fix for #637: fix integer overflow checks in sldns_str2period.
- Fix configure for python to use sysutils, because distutils is
  deprecated. It uses sysutils when available, distutils otherwise.
- Merge #644: Make `install-lib` make target install the pkg-config
  file.
- Fix to ensure uniform handling of spaces and tabs when parsing RRs.
- Fix to describe auth-zone and other configuration at the local-zone
  configuration option, to allow for more broadly view of the options.
- Merge PR #648 from eaglegai: fix -q doesn't work when use with
  'unbound-control stats_shm'.
- Fix #651: [FR] Better logging for refused queries.
- Fix spelling error in comment in sldns_str2wire_svcparam_key_lookup.
- Fix zonemd check to allow unsupported algorithms to load.
  If there are only unsupported algorithms, or unsupported schemes,
  and no failed or successful other ZONEMD records, or malformed
  or bad ZONEMD records, the unsupported records allow the zone load.
- Fix zonemd unsupported algo check.
- Fix zonemd unsupported algo check reason to not copy to next record,
  and check for success for debug printout.
- Fix zonemd unsupported algo check to print unsupported reason before
  zeroing it.
- Fix zonemd unsupported algo check to set reason to NULL before the
  check routine, but after malformed checks, to get the correct NULL
  output when the digest matches.
- Fix #670: SERVFAIL problems with unbound 1.15.0 running on
  OpenBSD 7.1.
- Fix Python build in non-source directory; based on patch by
  Michael Tokarev.
- Fix #673: DNS over TLS: error: SSL_handshake syscall: No route to
  host.
- Merge #677: Allow using system certificates not only on Windows,
  from pemensik.
- For #677: Added tls-system-cert to config parser and documentation.
- Fix #417: prefetch and ECS causing cache corruption when used
  together.
- Fix #678: [FR] modify behaviour of unbound-control rpz_enable zone,
  by updating unbound-control's documentation.
- Fix typos in config_set_option for the 'num-threads' and
  'ede-serve-expired' options.
- Fix to silence test for ede error output to the console from the
  test setup script.
- Fix ede test to not use default pidfile, and use local interface.
- Fix some lint type warnings.
- Fix #684: [FTBS] configure script error with libmnl on openSUSE 15.3
  (and possibly other distributions)

diffstat:

 net/unbound/Makefile                                 |   5 +-
 net/unbound/distinfo                                 |   9 +-
 net/unbound/patches/patch-services_listen__dnsport.c |  57 --------------------
 3 files changed, 6 insertions(+), 65 deletions(-)

diffs (89 lines):

diff -r d5b395016875 -r a6d9a622fca2 net/unbound/Makefile
--- a/net/unbound/Makefile      Thu Jun 02 12:49:19 2022 +0000
+++ b/net/unbound/Makefile      Thu Jun 02 13:02:38 2022 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.90 2022/04/03 18:50:20 adam Exp $
+# $NetBSD: Makefile,v 1.91 2022/06/02 13:02:38 he Exp $
 
-DISTNAME=      unbound-1.15.0
-PKGREVISION=   2
+DISTNAME=      unbound-1.16.0
 CATEGORIES=    net
 MASTER_SITES=  https://nlnetlabs.nl/downloads/unbound/
 
diff -r d5b395016875 -r a6d9a622fca2 net/unbound/distinfo
--- a/net/unbound/distinfo      Thu Jun 02 12:49:19 2022 +0000
+++ b/net/unbound/distinfo      Thu Jun 02 13:02:38 2022 +0000
@@ -1,7 +1,6 @@
-$NetBSD: distinfo,v 1.68 2022/02/11 09:28:16 he Exp $
+$NetBSD: distinfo,v 1.69 2022/06/02 13:02:38 he Exp $
 
-BLAKE2s (unbound-1.15.0.tar.gz) = 9faa1c09804bdbf9762ee66ef8a69891290b3421d5438c1962a3770361853a0f
-SHA512 (unbound-1.15.0.tar.gz) = c5dab305694c14f64e05080700bb52f6e6bf5b76f15e1fde34e35c932cb3ffed0de2c03b570cf4bfe18165cb10e82e67ee9b12c6583295380f88c2c03800cc1f
-Size (unbound-1.15.0.tar.gz) = 6163470 bytes
+BLAKE2s (unbound-1.16.0.tar.gz) = 9ab57da5c00f0d18a4c0d14dc10692f4976d5eca7a8d3c183b901f66b7aed909
+SHA512 (unbound-1.16.0.tar.gz) = 134679c0baad6738541295fcfbf8cc701c647b5d5cd00f87e50394bc7b5b74b7326ed2fc42f3282cae8094b4980c1e580d7b748b7151642c9060c449b644715f
+Size (unbound-1.16.0.tar.gz) = 6188349 bytes
 SHA1 (patch-configure) = a949bdb26b37950c0301946af4521c9d0e984cf9
-SHA1 (patch-services_listen__dnsport.c) = 06c29e2785f0dfe3719523471a355ee6e2356226
diff -r d5b395016875 -r a6d9a622fca2 net/unbound/patches/patch-services_listen__dnsport.c
--- a/net/unbound/patches/patch-services_listen__dnsport.c      Thu Jun 02 12:49:19 2022 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,57 +0,0 @@
-$NetBSD: patch-services_listen__dnsport.c,v 1.2 2022/02/11 09:28:16 he Exp $
-
-Apply fix from
-https://github.com/NLnetLabs/unbound/commit/5f724da8c57c5a6bf1d589b6651daec2dc39a9d1
-Paraphrased:
-Fix plain DNS-over-TCP so that it doesn't try to use TLS when
-TLS is also configured elsewhere.
-
---- services/listen_dnsport.c.orig     2022-02-10 07:57:36.000000000 +0000
-+++ services/listen_dnsport.c
-@@ -1369,17 +1369,17 @@ listen_create(struct comm_base* base, st
-       while(ports) {
-               struct comm_point* cp = NULL;
-               if(ports->ftype == listen_type_udp ||
--                 ports->ftype == listen_type_udp_dnscrypt)
-+                 ports->ftype == listen_type_udp_dnscrypt) {
-                       cp = comm_point_create_udp(base, ports->fd,
-                               front->udp_buff, cb, cb_arg, ports->socket);
--              else if(ports->ftype == listen_type_tcp ||
--                              ports->ftype == listen_type_tcp_dnscrypt)
-+              } else if(ports->ftype == listen_type_tcp ||
-+                              ports->ftype == listen_type_tcp_dnscrypt) {
-                       cp = comm_point_create_tcp(base, ports->fd,
-                               tcp_accept_count, tcp_idle_timeout,
-                               harden_large_queries, 0, NULL,
-                               tcp_conn_limit, bufsize, front->udp_buff,
-                               ports->ftype, cb, cb_arg, ports->socket);
--              else if(ports->ftype == listen_type_ssl ||
-+              } else if(ports->ftype == listen_type_ssl ||
-                       ports->ftype == listen_type_http) {
-                       cp = comm_point_create_tcp(base, ports->fd,
-                               tcp_accept_count, tcp_idle_timeout,
-@@ -1410,15 +1410,22 @@ listen_create(struct comm_base* base, st
- #endif
-                       }
-               } else if(ports->ftype == listen_type_udpancil ||
--                                ports->ftype == listen_type_udpancil_dnscrypt)
-+                                ports->ftype == listen_type_udpancil_dnscrypt) {
-                       cp = comm_point_create_udp_ancil(base, ports->fd,
-                               front->udp_buff, cb, cb_arg, ports->socket);
-+              }
-               if(!cp) {
-                       log_err("can't create commpoint");
-                       listen_delete(front);
-                       return NULL;
-               }
--              if(http_notls && ports->ftype == listen_type_http)
-+              if((http_notls && ports->ftype == listen_type_http) ||
-+                  (ports->ftype == listen_type_tcp) ||
-+                  (ports->ftype == listen_type_udp) ||
-+                  (ports->ftype == listen_type_udpancil) ||
-+                  (ports->ftype == listen_type_tcp_dnscrypt) ||
-+                  (ports->ftype == listen_type_udp_dnscrypt) ||
-+                  (ports->ftype == listen_type_udpancil_dnscrypt))
-                       cp->ssl = NULL;
-               else
-                       cp->ssl = sslctx;



Home | Main Index | Thread Index | Old Index