[pkgsrc/trunk]: pkgsrc/net/unbound Unbound 1.6.0

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/net/unbound Unbound 1.6.0
From: pettai <pettai%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 06:26:55 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/52eb502ae06c
branches:  trunk
changeset: 356244:52eb502ae06c
user:      pettai <pettai%pkgsrc.org@localhost>
date:      Fri Dec 23 19:25:45 2016 +0000

description:
Unbound 1.6.0
=============

Features:
---------
- Added generic EDNS code for registering known EDNS option codes,
  bypassing the cache response stage and uniquifying mesh states. Four
  EDNS option lists were added to module_qstate
  (module_qstate.edns_opts_*) to store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store)
  that control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.
- Added views functionality.
- Added qname-minimisation-strict config option.
- Patch that resolves CNAMEs entered in local-data conf statements that
  point to data on the internet.
- serve-expired config option: serve expired responses with TTL 0.
- .gitattributes line for githubs code language display.
- log-identity: config option to set sys log identity.
- Added stub-ssl-upstream and forward-ssl-upstream options.
- Added local-zones and local-data bulk addition and removal
  functionality in unbound-control (local_zones, local_zones_remove,
  local_datas and local_datas_remove).
- g.root-servers.net has AAAA address.

Bug Fixes:
----------
- Fix #836: unbound could echo back EDNS options in an error response.
- Fix #838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX.
- Fix #839: Memory grows unexpectedly with large RPZ files.
- Fix #840: infinite loop in unbound_munin_ plugin on unowned lockfile.
- Fix #841: big local-zone's make it consume large amounts of memory.
- Fix dnstap relaying "random" messages instead of resolver/forwarder
  responses.
- Fix Nits for 1.5.10.
- Fix #1117: spelling errors, from Robert Edmonds.
- iana portlist update.
- fix memoryleak logfile when in debug mode.
- Re-fix #839 from view commit overwrite.
- Fixup const void cast warning.
- Removed patch comments from acllist.c and msgencode.c
- Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf
- Fix #1125: unbound could reuse an answer packet incorrectly for
  clients with different EDNS parameters.
- Fix #1118: libunbound.pc sets strange Libs, Libs.private values.
- Added Requires line to libunbound.pc
- Fix #1130: whitespace in example.conf.in more consistent.
- suppress compile warning in lex files.
- init lzt variable, for older gcc compiler warnings.
- fix --enable-dsa to work, instead of copying ecdsa enable.
- Fix DNSSEC validation of query type ANY with DNAME answers.
- Fixup query_info local_alias init.
- Ported tests for local_cname unit test to testbound framework.
- Fix #1134: unbound-control set_option -- val-override-date: -1 works
  immediately to ignore datetime, or back to 0 to enable it again. The --
  is to ignore the '-1' as an option flag.
- Patch for server.num.zero_ttl stats for count of expired replies.
- Fix failure to build on arm64 with no sbrk.
- Set OpenSSL security level to 0 when using aNULL ciphers.
- configure detects ssl security level API function in the autoconf
  manner. Every function on its own, so that other libraries (eg.
  LibreSSL) can develop their API without hindrance.
- Fix #1154: segfault when reading config with duplicate zones.
- Note that for harden-below-nxdomain the nxdomain must be secure, this
  means nsec3 with optout is insufficient.
- Fix #1155: test status code of unbound-control in 04-checkconf, not
  the status code from the tee command.
- Fix #1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing
  Underneath" for the harden-below-nxdomain option.
- patch from Dag-Erling Smorgrav that removes code that relies on sbrk().
- Make access-control-tag-data RDATA absolute. This makes the RDATA
  origin consistent between local-data and access-control-tag-data.
- Fix NSEC ENT wildcard check. Matching wildcard does not have to be a
  subdomain of the NSEC owner.
- QNAME minimisation uses QTYPE=A, therefore always check cache for this
  type in harden-below-nxdomain functionality.
- Added unit test for QNAME minimisation + harden below nxdomain synergy.
- Fix that with openssl 1.1 control-use-cert: no uses less cpu, by using
  no encryption over the unix socket.
- hyphen as minus fix.
- Fix #1170: document that 'inform' local-zone uses local-data.
- Fix #1173: differ local-zone type deny from unset tag_actions element.
- Add DSA support for OpenSSL 1.1.0
- Fix remote control without cert for LibreSSL
- Fix downcast warnings from visual studio in sldns code

diffstat:

 net/unbound/Makefile |   4 ++--
 net/unbound/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r 8be1b1e71d62 -r 52eb502ae06c net/unbound/Makefile
--- a/net/unbound/Makefile      Fri Dec 23 19:12:56 2016 +0000
+++ b/net/unbound/Makefile      Fri Dec 23 19:25:45 2016 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.47 2016/10/05 20:28:01 pettai Exp $
+# $NetBSD: Makefile,v 1.48 2016/12/23 19:25:45 pettai Exp $
 
-DISTNAME=      unbound-1.5.10
+DISTNAME=      unbound-1.6.0
 CATEGORIES=    net
 MASTER_SITES=  http://www.unbound.net/downloads/
 
diff -r 8be1b1e71d62 -r 52eb502ae06c net/unbound/distinfo
--- a/net/unbound/distinfo      Fri Dec 23 19:12:56 2016 +0000
+++ b/net/unbound/distinfo      Fri Dec 23 19:25:45 2016 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.33 2016/10/05 20:28:01 pettai Exp $
+$NetBSD: distinfo,v 1.34 2016/12/23 19:25:45 pettai Exp $
 
-SHA1 (unbound-1.5.10.tar.gz) = 6102849c400db3a4195b1f16df8f312568a6ec57
-RMD160 (unbound-1.5.10.tar.gz) = 0907f1501acc5ce943a038f671ef0e7d358b0695
-SHA512 (unbound-1.5.10.tar.gz) = 1c413886a12d4b626e03e076da6b9ccbcc8fd4769649fef8895eca74199bc22aec33c026e777524e8fe0327045a194f79b52282fe40674a9fb15cac58c4493f6
-Size (unbound-1.5.10.tar.gz) = 4941299 bytes
+SHA1 (unbound-1.6.0.tar.gz) = 9b7606b016b447dc837efc108cee94f3fecf4ede
+RMD160 (unbound-1.6.0.tar.gz) = 07380cf33d5bb352f1b6fb19bb6411b3bdeb6011
+SHA512 (unbound-1.6.0.tar.gz) = c92adee98ef759d033ac39784796e936e292f0671a42ad455411b82a9ba552744e4a0de432ee4ac05609dc0b429b70d5ce8169c20d3d65f4acf5afc5e02822ac
+Size (unbound-1.6.0.tar.gz) = 5063253 bytes
Prev by Date: [pkgsrc/trunk]: pkgsrc/doc Updated net/unbound to 1.6.0
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated net/rancid to 3.6.1
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated net/unbound to 1.6.0
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated net/rancid to 3.6.1
Indexes:
Home | Main Index | Thread Index | Old Index