pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/net/unbound
Module Name: pkgsrc
Committed By: adam
Date: Fri Aug 27 07:55:36 UTC 2021
Modified Files:
pkgsrc/net/unbound: Makefile PLIST buildlink3.mk distinfo options.mk
Log Message:
unbound: updated to 1.13.2
1.13.2
Features
Merge 317: ZONEMD Zone Verification, with RFC 8976 support. ZONEMD records are checked for zones loaded as auth-zone, with DNSSEC if available. There is an added option zonemd-permissive-mode that
makes it log but not fail wrong zones. With zonemd-reject-absence for an auth-zone the presence of a zonemd can be mandated for specific zones.
Fix: Resolve interface names on control-interface too.
Merge 470 from edevil: Allow configuration of persistent TCP connections.
Fix 474: always_null and others inside view.
Add that log-servfail prints an IP address and more information about one of the last failures for that query.
Merge 478: Allow configuration of TCP timeout while waiting for response.
Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024.
Move the NSEC3 max iterations count in line with the 150 value used by BIND, Knot and PowerDNS. This sets the default value for it in the configuration to 150 for all key sizes.
zonemd-check: yesno option, default no, enables the processing of ZONEMD records for that zone.
Merge 486 by fobster: Make VAL_MAX_RESTART_COUNT configurable.
Merge 491: Add SVCB and HTTPS types and handling according to draft-ietf-dnsop-svcb-https.
Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.
Bug Fixes
Fix for Python 3.9, no longer use deprecated functions of PyEval_CallObject (now PyObject_Call), PyEval_InitThreads (now none), PyParser_SimpleParseFile (now Py_CompileString).
Merge 420 from dyunwei: DOH not responsing with "http2_query_read_done failure" logged.
Fix 422: IPv6 fallback issues when IPv6 is not properly enabled/configured.
Fix to make tests work with support indicators set for iterator.
Fix build on Python 3.10.
Fix doxygen and pydoc warnings.
Fix 429: rpz: url: with https: broken (regression in 1.13.1).
rpz skip nsec3param records, and nicer log for unsupported actions.
Fix 431: Squelch permission denied errors for tcp connect and udp connect from the logs, unless at high verbosity.
Fix for zonemd, that nxdomain for the chain of trust is allowed for island zones, it is treated as an insecure zone for verification.
Fix for zonemd, that domain-insecure zones work without dnssec.
Fix for zonemd, do not reject insecure result from trust anchor validation step in dnssec chain of trust.
On startup of unbound it checks if rlimits on memory size look sufficient for the configured cache size, and logs warning if not.
Fix function documentation.
Fix unit test for added ulimit checks.
spelling fix in header.
Fix 384: (1) A minor request to improve the log (2) A minor bug in one log message.
ipsecmod: Better logging for detecting a cycle when attaching the A/AAAA subquery.
Merge 367 : DNSTAP log local address. With code from 365 and fixes 368 : dnstap does not log the DNS message ID for FORWARDER_QUERY.
Fix to allow rpz with wildcard that applies to all TLDs at once.
Fix for 367: rc_ports don't have ub_sock; skip cleaning up.
Fix spurious errors about "Could not generate request: out of memory". The mesh detect cycle routine no longer wrongly stops the check when the calling mesh state is unique.
Workaround for 439: prevent loops in the reuse rbtree.
Debug output for 411 and 439: printout internal error and details.
Fix parse of LOC RR type for decimetres.
Fix 441: Minimal NSEC range not accepted for top level domains.
Fix for 447: squelch connection refused tcp connection failures from the log, unless verbosity is high.
Merge 449 from orbea: build: Add missing linker flags.
Comment out nonworking OSX and IOS travis tests, vm fails to start.
Fix compile error in listen_dnsport on Android.
Fix memory leak reported by asan in rpz SOA record query name.
Fix unused-function warning when compiling with --enable-dnscrypt.
Fix for 367: fix memory leak when cannot bind to listening port.
Reformat pythonmod/pythonmod_utils.{c,h}.
Travis enable all tests again. Clang analyzer only a couple times, when there is a difference. homebrew updates disabled, so it does not hang. removed trailing slashes from configure paths. Moved iOS
tests to allow-failure.
travis, analyzer disabled on test without debug, that does not run anway. Turn off failing tests except one. Update iOS test to xcode image 12.2.
Fix deprecation test to work for iOS TVOS and WatchOS, it uses CFLAGS and CPPFLAGS and also checks if the item is unavailable.
Travis, fix script to fail when tasks fail.
Travis, fix warning in ubsan compile.
Fix configure Targetconfiditionals.h header check, to use compile.
Fix that cachedb does not produce empty object files when disabled.
Fix 429: Also fix end of transfer for http download of auth zones.
Disable the use of stack-protector for cross compiled 32-bit windows builds; relates to 444.
Fix stack-protector change to not override other CFLAGS options.
Clean makedist.sh.
Merge 460 from orbea: build: Link with the libtool archive.
Fix to stop IPv6 PMTU discovery.
Fix for 411: Depth protect for crash on deleted element timeout.
rebuild configure to set EXTRALINK to libunbound.la for 460.
Fix permission denied sendto log, squelch the log messages unless high verbosity is set.
Fix (increase) verbosity level for iterator error log in processQueryTargets().
Fix that nxdomain synthesis does not happen above the stub or forward definition.
Fix documentation comment for files previously residing in checkconf/.
Remove unused functions worker_handle_reply and libworker_handle_reply.
Merge 466 from FGasper: Support OpenSSLs that lack SSL_get0_alpn_selected.
Fix 468: OpenSSL 1.0.1 can no longer build Unbound.
Further fix for 468: detect SSL_CTX_set_alpn_protos for build with OpenSSL 1.0.1.
Fix that testcode dohclient has OpenSSL initialisation calls.
Fix compiler warning for signed/unsigned comparison for max_reuse_tcp_queries.
Fix 481: Fix comment in configuration file.
Fix to squelch tcp socket bind failures when the interface is gone.
Rerun flex and bison.
Fix for 367: only attempt to get the interface for queries that are no longer on the tcp_waiting_list.
Add more logging for out-of-memory cases.
Fix 485: Unbound occasionally reports broken stats.
Remove case fallthrough from deprecate-rsa-1024 code.
Merge 487: ifdef RLIMIT_AS in recently added check.
Fix that auth-zone zonefiles use last TTL if no TTL is specified.
Fix 489: Compile using MSYS2 MinGW 64-bit.
Fix for 411, 439, 469: Reset the DNS message ID when moving queries between TCP streams.
Refactor for uniform way to produce random DNS message IDs.
Test code has -q option for quiet output.
Fix 492: module-config respip missing in unbound.conf.5.in man page. Merges 494 from he32.
For 492: Fix font highlighting for the man page on emacs.
Merge 496 from banburybill: Use build system endianness if available, otherwise try to work it out.
Fix test for zonemd-check option.
Merge 448 from shoeper: Update unbound-control.8.in, fix rpz_disable typo.
Fix 425: Document auth-zone supports communication with DNS primary on nondefault port.
Fix unused variable warning when compiling with --enable-dnstap.
Generated lexer and parser for 486; updated example.conf.
Fix 413 (based on patch by k-ronny): unbound: does not compile on macOS 11.1-x86_64 host.
Use host_os instead of target_os in configure for Darwin8 build.
Fix 500: SPEC file in version 1.13.1 references version 1.4; unable to build RPM from source.
Fix contrib/unbound.spec, fixed url and comment.
Fix configure nonblocking test and onmingw test to use host.
Merge 440 by kimheino: Various fixes to contrib/unbound_munin_ file.
Fix a number of warnings reported by the gcc analyzer.
Fix 495: Documentation or implementation of "verbosity" option.
Fix 503: DNS over HTTPS response truncated.
Fix warnings reported by the gcc analyzer.
Add analyzer and port compile github workflow.
Fix up permissions on rpl data file in tests.
Fix testbound newline treatment in moment_read and tempfile write.
Fix configure grep for reuseport default for failure.
Fix compat ctime_r return value
Fix configure does not require pkg-config if not needed.
Fix unit test in the ctime_r calls for autotrust and in testbound.
Fix auth zone download on windows to unlink before rename.
Fix 506: Python Module Seems to Leak Memory if it Experiences an Unhandled Exception.
Fix Wunused-result compile warnings.
Fix compiler warnings for 491.
Fix clang-analysis warnings for testcode/readzone.c.
Merge 510 from ndptech: Don't call a function which hasn't been defined.
Fix for 510: in depth, use ifdefs for windows api event calls.
Fix spelling in doc/unbound.doxygen comment.
Fix spelling in localzone.h comment.
Fix unbound-control local_data and local_datas to print detailed syntax errors.
review fix to remove duplicate error printout.
Insert header into testcode/readzone.c, it was missing.
Fix from lint for ignored return value.
Fix for older parsers for function call in serve expired get cached.
Fix that ldns_zone_new_frm_fp_l counts the line number for an empty line after a comment.
Merge 512: unbound.service.in: upgrade hardening to latest standards.
Fix readzone unknown type print for memory resize.
Merge 513: Stream reuse, attempt to fix 411, 439, 469. This introduces a couple of fixes for the stream reuse functionality that could result in broken internal structures.
Fix 515: Compilation against openssl 3.0.0 beta2 is failing to build unbound.
For 515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and SSL_get_peer_certificate.
Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
Prepare for OpenSSL 3.0.0 provider API usage, move the sldns keyraw functions to produce EVP_PKEY results.
Move RSA and DSA to use OpenSSL 3.0.0 API.
Move ECDSA functions to use OpenSSL 3.0.0 API.
iana portlist update.
Fix verbose printout failure in tcp reuse unit test.
Merge 517 from dyunwei: 420 breaks the mesh reply list function that need to reuse the dns answer.
Annotate assertion into error printout; we think it may be an error, but the situation looks harmless.
Fix sign comparison warning on FreeBSD.
Listen to read or write events after the SSL handshake. Sticky events on windows would stick on read when write was needed.
Merge 415 from sibeream: Use /proc/sys/net/ipv4/ip_local_port_range to determine available outgoing ports. (New --enable-linux-ip-local-port-range configuration option)
Bump MAX_RESTART_COUNT to 11 from 8; in relation to 438. This allows longer CNAME chains in Unbound.
In unit test use openssl set security level to allow keys in test.
Fix static analysis warnings about localzone locks that are unused.
Fix missing locks in zonemd unit test.
Fix readzone compile under debug config.
Fix out of sourcedir run of zonemd unit tests.
Fix libnettle zonemd unit test.
Fix unit test zonemd_reload for use in run_vm.
Fix 520: Unbound 1.13.2rc1 fails to build python module.
To generate a diff of this commit:
cvs rdiff -u -r1.82 -r1.83 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/unbound/PLIST
cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/unbound/buildlink3.mk
cvs rdiff -u -r1.62 -r1.63 pkgsrc/net/unbound/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/net/unbound/options.mk
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/net/unbound/Makefile
diff -u pkgsrc/net/unbound/Makefile:1.82 pkgsrc/net/unbound/Makefile:1.83
--- pkgsrc/net/unbound/Makefile:1.82 Wed Apr 21 13:24:14 2021
+++ pkgsrc/net/unbound/Makefile Fri Aug 27 07:55:36 2021
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.82 2021/04/21 13:24:14 adam Exp $
+# $NetBSD: Makefile,v 1.83 2021/08/27 07:55:36 adam Exp $
-DISTNAME= unbound-1.13.1
-PKGREVISION= 1
+DISTNAME= unbound-1.13.2
CATEGORIES= net
-MASTER_SITES= http://www.nlnetlabs.nl/downloads/unbound/
+MASTER_SITES= https://nlnetlabs.nl/downloads/unbound/
MAINTAINER= pettai%NetBSD.org@localhost
-HOMEPAGE= http://www.unbound.net/
+HOMEPAGE= https://nlnetlabs.nl/projects/unbound/
COMMENT= DNS resolver and recursive server
LICENSE= modified-bsd
Index: pkgsrc/net/unbound/PLIST
diff -u pkgsrc/net/unbound/PLIST:1.9 pkgsrc/net/unbound/PLIST:1.10
--- pkgsrc/net/unbound/PLIST:1.9 Wed Jun 12 09:21:42 2019
+++ pkgsrc/net/unbound/PLIST Fri Aug 27 07:55:36 2021
@@ -1,6 +1,6 @@
-@comment $NetBSD: PLIST,v 1.9 2019/06/12 09:21:42 pettai Exp $
-include/unbound.h
+@comment $NetBSD: PLIST,v 1.10 2021/08/27 07:55:36 adam Exp $
include/unbound-event.h
+include/unbound.h
lib/libunbound.la
lib/pkgconfig/libunbound.pc
man/man1/unbound-host.1
Index: pkgsrc/net/unbound/buildlink3.mk
diff -u pkgsrc/net/unbound/buildlink3.mk:1.5 pkgsrc/net/unbound/buildlink3.mk:1.6
--- pkgsrc/net/unbound/buildlink3.mk:1.5 Wed Apr 21 13:24:14 2021
+++ pkgsrc/net/unbound/buildlink3.mk Fri Aug 27 07:55:36 2021
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.5 2021/04/21 13:24:14 adam Exp $
+# $NetBSD: buildlink3.mk,v 1.6 2021/08/27 07:55:36 adam Exp $
BUILDLINK_TREE+= unbound
@@ -6,7 +6,7 @@ BUILDLINK_TREE+= unbound
UNBOUND_BUILDLINK3_MK:=
BUILDLINK_API_DEPENDS.unbound+= unbound>=1.6.0
-BUILDLINK_ABI_DEPENDS.unbound?= unbound>=1.13.1nb1
+BUILDLINK_ABI_DEPENDS.unbound+= unbound>=1.13.1nb1
BUILDLINK_PKGSRCDIR.unbound?= ../../net/unbound
.include "../../devel/libevent/buildlink3.mk"
Index: pkgsrc/net/unbound/distinfo
diff -u pkgsrc/net/unbound/distinfo:1.62 pkgsrc/net/unbound/distinfo:1.63
--- pkgsrc/net/unbound/distinfo:1.62 Tue Feb 9 08:32:17 2021
+++ pkgsrc/net/unbound/distinfo Fri Aug 27 07:55:36 2021
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.62 2021/02/09 08:32:17 he Exp $
+$NetBSD: distinfo,v 1.63 2021/08/27 07:55:36 adam Exp $
-SHA1 (unbound-1.13.1.tar.gz) = 561522b06943f6d1c33bd78132db1f7020fc4fd1
-RMD160 (unbound-1.13.1.tar.gz) = b6877d52a1de3407b59a004716736e1847f555a1
-SHA512 (unbound-1.13.1.tar.gz) = f4d26dca28dbcc33a5e65a55147fa01077c331292e88b6a87798cb6c3d4edb0515015d131fd893c92b74d22d9998a640f0adce404e6192d61ebe69a6a599287c
-Size (unbound-1.13.1.tar.gz) = 5976957 bytes
+SHA1 (unbound-1.13.2.tar.gz) = b10eb3c6ac294a568001be993e7826d8cb2d857a
+RMD160 (unbound-1.13.2.tar.gz) = c0a9500bfc9d4952c88be44d999d5372a37e7764
+SHA512 (unbound-1.13.2.tar.gz) = 1e89441446e7a25c6a49bded645f8b348c1758c3be54e3a986041cb1f00c45d152fd469dc52666fb820574db9d51b16f1627dc8afcb9519508d4833ca358191a
+Size (unbound-1.13.2.tar.gz) = 6127915 bytes
SHA1 (patch-configure) = a949bdb26b37950c0301946af4521c9d0e984cf9
SHA1 (patch-services_listen__dnsport.c) = 11c5b3af93f07da5e1375babea91725055baa08a
Index: pkgsrc/net/unbound/options.mk
diff -u pkgsrc/net/unbound/options.mk:1.4 pkgsrc/net/unbound/options.mk:1.5
--- pkgsrc/net/unbound/options.mk:1.4 Thu Oct 8 07:30:39 2020
+++ pkgsrc/net/unbound/options.mk Fri Aug 27 07:55:36 2021
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.4 2020/10/08 07:30:39 he Exp $
+# $NetBSD: options.mk,v 1.5 2021/08/27 07:55:36 adam Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.unbound
PKG_SUPPORTED_OPTIONS+= dnstap doh
@@ -16,5 +16,5 @@ CONFIGURE_ARGS+= --enable-dnstap
# DNS-over-HTTPS
.if !empty(PKG_OPTIONS:Mdoh)
.include "../../www/nghttp2/buildlink3.mk"
-CONFIGURE_ARGS+= --with-libnghttp2
+CONFIGURE_ARGS+= --with-libnghttp2=${BUILDLINK_PREFIX.nghttp2}
.endif
Home |
Main Index |
Thread Index |
Old Index