pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/unbound Upgrade unbound to version 1.7.1.
details: https://anonhg.NetBSD.org/pkgsrc/rev/145ccc33638a
branches: trunk
changeset: 379886:145ccc33638a
user: he <he%pkgsrc.org@localhost>
date: Mon May 07 07:13:28 2018 +0000
description:
Upgrade unbound to version 1.7.1.
Upstream changes:
Features
- Add --with-libhiredis, unbound support for a new cachedb
backend that uses a Redis server as the storage. This
implementation depends on the hiredis client library
(https://redislabs.com/lp/hiredis/).
And unbound should be built with both --enable-cachedb and
--with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
should exist). Patch from Jinmei Tatuya (Infoblox).
- Create additional tls service interfaces by opening them on other
portnumbers and listing the portnumbers as additional-tls-port: nr.
- ED448 support.
- num.query.authzone.up and num.query.authzone.down statistics counters.
- Accept both option names with and without colon for get_option
and set_option.
- low-rtt and low-rtt-pct in unbound.conf enable the server selection
of fast servers for some percentage of the time.
- num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN
statistics counters.
- allow-notify: config statement for auth-zones.
- Can set tls authentication with forward-addr: IP#tls.auth.name
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".
such as forward-addr: 9.9.9.9@853#dns.quad9.net or
1.1.1.1@853#cloudflare-dns.com
- list_auth_zones unbound-control command.
- Added root-key-sentinel support
Bug Fixes
- Fix #3727: Protocol name is TLS, options have been renamed but
documentation is not consistent.
- Check IXFR start serial.
- Fix typo in documentation.
- Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually
flushed with serve-expired on.
- Fix #3817: core dump happens in libunbound delete, when queued
servfail hits deleted message queue.
- corrected a minor typo in the changelog.
- move htobe64/be64toh portability code to cachedb.c.
- iana port update.
- Do not use cached NSEC records to generate negative answers for
domains under DNSSEC Negative Trust Anchors.
- Fix unbound-control get_option aggressive-nsec
- Check "result" in dup_all(), by Florian Obser.
- Fix #4043: make test fails due to v6 presentation issue in macOS.
- Fix unable to resolve after new WLAN connection, due to auth-zone
failing with a forwarder set. Now, auth-zone is only used for
answers (not referrals) when a forwarder is set.
- Combine write of tcp length and tcp query for dns over tls.
- nitpick fixes in example.conf.
- Fix above stub queries for type NS and useless delegation point.
- Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3
tls_choose_sigalg routine does not allow the ciphers for the pipe,
so use TLSv1.2.
- Fix that flush_zone sets prefetch ttl expired, so that with
serve-expired enabled it'll start prefetching those entries.
- Fix downstream auth zone, only fallback when auth zone fails to
answer and fallback is enabled.
- Fix for max include depth for authzones.
- Fix memory free on fail for $INCLUDE in authzone.
- Fix that an internal error to look up the wrong rr type for
auth zone gets stopped, before trying to send there.
- Fix auth zone target lookup iterator.
- Fix auth-zone retry timer to be on schedule with retry timeout,
with backoff. Also time a refresh at the zone expiry.
- Fix #658: unbound using TLS in a forwarding configuration does not
verify the server's certificate (RFC 8310 support).
- For addr with #authname and no @port notation, the default is 853.
- man page documentation for dns-over-tls forward-addr '#' notation.
- removed free from failed parse case.
- Fix #4091: Fix that reload of auth-zone does not merge the zonefile
with the previous contents.
- Delete auth zone when removed from config.
- makedist uses bz2 for expat code, instead of tar.gz.
- Fix #4092: libunbound: use-caps-for-id lacks colon in
config_set_option.
- auth zone http download stores exact copy of downloaded file,
including comments in the file.
- Fix sldns parse failure for CDS alternate delete syntax empty hex.
- Attempt for auth zone fix; add of callback in mesh gets from
callback does not skip callback of result.
- Fix cname classification with qname minimisation enabled.
- Fix contrib/fastrpz.patch for this release.
- Fix auth https for libev.
- Fix memory leak when caching wildcard records for aggressive NSEC use
- Fix for crash in daemon_cleanup with dnstap during reload,
from Saksham Manchanda.
- Also that for dnscrypt.
diffstat:
net/unbound/Makefile | 4 ++--
net/unbound/distinfo | 12 ++++++------
net/unbound/patches/patch-configure | 4 ++--
3 files changed, 10 insertions(+), 10 deletions(-)
diffs (46 lines):
diff -r fdaadeb268ac -r 145ccc33638a net/unbound/Makefile
--- a/net/unbound/Makefile Mon May 07 07:01:47 2018 +0000
+++ b/net/unbound/Makefile Mon May 07 07:13:28 2018 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.54 2018/03/15 10:22:49 he Exp $
+# $NetBSD: Makefile,v 1.55 2018/05/07 07:13:28 he Exp $
-DISTNAME= unbound-1.7.0
+DISTNAME= unbound-1.7.1
CATEGORIES= net
MASTER_SITES= http://www.unbound.net/downloads/
diff -r fdaadeb268ac -r 145ccc33638a net/unbound/distinfo
--- a/net/unbound/distinfo Mon May 07 07:01:47 2018 +0000
+++ b/net/unbound/distinfo Mon May 07 07:13:28 2018 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.40 2018/03/15 10:22:49 he Exp $
+$NetBSD: distinfo,v 1.41 2018/05/07 07:13:28 he Exp $
-SHA1 (unbound-1.7.0.tar.gz) = d90b09315c75ad2843b868785b3d12a2c4f27b28
-RMD160 (unbound-1.7.0.tar.gz) = abc59d2b8b52bab5784fe56ccb8b7ed10e8830fe
-SHA512 (unbound-1.7.0.tar.gz) = 49b07643da2a89d8ceedce1295f550f74a76f4f11c2df54df55e9c42f03bad1b133789c7b36fb3c4f37d6b331ac302ecfd1249e8ebaaa4333beda8fa250b61d9
-Size (unbound-1.7.0.tar.gz) = 5538228 bytes
-SHA1 (patch-configure) = 30874b8337e4ef0e436bb52f4af92a43b810f7bb
+SHA1 (unbound-1.7.1.tar.gz) = b853b746fa1f89ecce160850ab163ef78f67eea5
+RMD160 (unbound-1.7.1.tar.gz) = fd9ee1d94d475a84997d16e2e939c661d297fa6b
+SHA512 (unbound-1.7.1.tar.gz) = 99a68abf1f60f6ea80cf2973906df44da9c577d8cac969824af1ce9ca385a2e84dd684937480da87cb73c7dc41ad5c00b0013ec74103eadb8fd7dc6f98a89255
+Size (unbound-1.7.1.tar.gz) = 5565938 bytes
+SHA1 (patch-configure) = 769ad52b9ab93bc8e48d2ffe8fef5b4b61070eba
diff -r fdaadeb268ac -r 145ccc33638a net/unbound/patches/patch-configure
--- a/net/unbound/patches/patch-configure Mon May 07 07:01:47 2018 +0000
+++ b/net/unbound/patches/patch-configure Mon May 07 07:13:28 2018 +0000
@@ -1,11 +1,11 @@
-$NetBSD: patch-configure,v 1.1 2017/07/09 08:09:41 adam Exp $
+$NetBSD: patch-configure,v 1.2 2018/05/07 07:13:28 he Exp $
Pretend expat.h is found: it is guaranteed by PkgSrc, but on Darwin it might
be buried inside an SDK; we don't want the SDK path being exposed in CFLAGS.
--- configure.orig 2017-07-09 07:41:42.000000000 +0000
+++ configure
-@@ -18563,7 +18563,7 @@ fi
+@@ -18815,7 +18815,7 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5
$as_echo_n "checking for libexpat... " >&6; }
Home |
Main Index |
Thread Index |
Old Index