CVS commit: pkgsrc/net/unbound

["Havard Eidnes" <he%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   he
Date:           Fri Feb 11 09:28:16 UTC 2022

Modified Files:
        pkgsrc/net/unbound: Makefile distinfo
        pkgsrc/net/unbound/patches: patch-services_listen__dnsport.c

Log Message:
Apply fix from
https://github.com/NLnetLabs/unbound/commit/5f724da8c57c5a6bf1d589b6651daec2dc39a9d1
Paraphrased:
Fix plain DNS-over-TCP so that it doesn't try to use TLS when
TLS is also configured elsewhere.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.88 -r1.89 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.67 -r1.68 pkgsrc/net/unbound/distinfo
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/net/unbound/patches/patch-services_listen__dnsport.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/unbound/Makefile
diff -u pkgsrc/net/unbound/Makefile:1.88 pkgsrc/net/unbound/Makefile:1.89
--- pkgsrc/net/unbound/Makefile:1.88    Thu Feb 10 13:17:52 2022
+++ pkgsrc/net/unbound/Makefile Fri Feb 11 09:28:16 2022
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.88 2022/02/10 13:17:52 he Exp $
+# $NetBSD: Makefile,v 1.89 2022/02/11 09:28:16 he Exp $
 
 DISTNAME=      unbound-1.15.0
+PKGREVISION=   1
 CATEGORIES=    net
 MASTER_SITES=  https://nlnetlabs.nl/downloads/unbound/
 

Index: pkgsrc/net/unbound/distinfo
diff -u pkgsrc/net/unbound/distinfo:1.67 pkgsrc/net/unbound/distinfo:1.68
--- pkgsrc/net/unbound/distinfo:1.67    Thu Feb 10 13:17:53 2022
+++ pkgsrc/net/unbound/distinfo Fri Feb 11 09:28:16 2022
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.67 2022/02/10 13:17:53 he Exp $
+$NetBSD: distinfo,v 1.68 2022/02/11 09:28:16 he Exp $
 
 BLAKE2s (unbound-1.15.0.tar.gz) = 9faa1c09804bdbf9762ee66ef8a69891290b3421d5438c1962a3770361853a0f
 SHA512 (unbound-1.15.0.tar.gz) = c5dab305694c14f64e05080700bb52f6e6bf5b76f15e1fde34e35c932cb3ffed0de2c03b570cf4bfe18165cb10e82e67ee9b12c6583295380f88c2c03800cc1f
 Size (unbound-1.15.0.tar.gz) = 6163470 bytes
 SHA1 (patch-configure) = a949bdb26b37950c0301946af4521c9d0e984cf9
-SHA1 (patch-services_listen__dnsport.c) = 11c5b3af93f07da5e1375babea91725055baa08a
+SHA1 (patch-services_listen__dnsport.c) = 06c29e2785f0dfe3719523471a355ee6e2356226

Index: pkgsrc/net/unbound/patches/patch-services_listen__dnsport.c
diff -u pkgsrc/net/unbound/patches/patch-services_listen__dnsport.c:1.1 pkgsrc/net/unbound/patches/patch-services_listen__dnsport.c:1.2
--- pkgsrc/net/unbound/patches/patch-services_listen__dnsport.c:1.1     Fri Nov 13 17:05:40 2020
+++ pkgsrc/net/unbound/patches/patch-services_listen__dnsport.c Fri Feb 11 09:28:16 2022
@@ -1,14 +1,57 @@
-$NetBSD: patch-services_listen__dnsport.c,v 1.1 2020/11/13 17:05:40 jperkin Exp $
+$NetBSD: patch-services_listen__dnsport.c,v 1.2 2022/02/11 09:28:16 he Exp $
 
-Include limits.h for SSIZE_MAX.
+Apply fix from
+https://github.com/NLnetLabs/unbound/commit/5f724da8c57c5a6bf1d589b6651daec2dc39a9d1
+Paraphrased:
+Fix plain DNS-over-TCP so that it doesn't try to use TLS when
+TLS is also configured elsewhere.
 
---- services/listen_dnsport.c.orig     2020-10-08 06:24:21.000000000 +0000
+--- services/listen_dnsport.c.orig     2022-02-10 07:57:36.000000000 +0000
 +++ services/listen_dnsport.c
-@@ -62,6 +62,7 @@
- #include <netdb.h>
+@@ -1369,17 +1369,17 @@ listen_create(struct comm_base* base, st
+       while(ports) {
+               struct comm_point* cp = NULL;
+               if(ports->ftype == listen_type_udp ||
+-                 ports->ftype == listen_type_udp_dnscrypt)
++                 ports->ftype == listen_type_udp_dnscrypt) {
+                       cp = comm_point_create_udp(base, ports->fd,
+                               front->udp_buff, cb, cb_arg, ports->socket);
+-              else if(ports->ftype == listen_type_tcp ||
+-                              ports->ftype == listen_type_tcp_dnscrypt)
++              } else if(ports->ftype == listen_type_tcp ||
++                              ports->ftype == listen_type_tcp_dnscrypt) {
+                       cp = comm_point_create_tcp(base, ports->fd,
+                               tcp_accept_count, tcp_idle_timeout,
+                               harden_large_queries, 0, NULL,
+                               tcp_conn_limit, bufsize, front->udp_buff,
+                               ports->ftype, cb, cb_arg, ports->socket);
+-              else if(ports->ftype == listen_type_ssl ||
++              } else if(ports->ftype == listen_type_ssl ||
+                       ports->ftype == listen_type_http) {
+                       cp = comm_point_create_tcp(base, ports->fd,
+                               tcp_accept_count, tcp_idle_timeout,
+@@ -1410,15 +1410,22 @@ listen_create(struct comm_base* base, st
  #endif
- #include <fcntl.h>
-+#include <limits.h>
- 
- #ifdef HAVE_SYS_UN_H
- #include <sys/un.h>
+                       }
+               } else if(ports->ftype == listen_type_udpancil ||
+-                                ports->ftype == listen_type_udpancil_dnscrypt)
++                                ports->ftype == listen_type_udpancil_dnscrypt) {
+                       cp = comm_point_create_udp_ancil(base, ports->fd,
+                               front->udp_buff, cb, cb_arg, ports->socket);
++              }
+               if(!cp) {
+                       log_err("can't create commpoint");
+                       listen_delete(front);
+                       return NULL;
+               }
+-              if(http_notls && ports->ftype == listen_type_http)
++              if((http_notls && ports->ftype == listen_type_http) ||
++                  (ports->ftype == listen_type_tcp) ||
++                  (ports->ftype == listen_type_udp) ||
++                  (ports->ftype == listen_type_udpancil) ||
++                  (ports->ftype == listen_type_tcp_dnscrypt) ||
++                  (ports->ftype == listen_type_udp_dnscrypt) ||
++                  (ports->ftype == listen_type_udpancil_dnscrypt))
+                       cp->ssl = NULL;
+               else
+                       cp->ssl = sslctx;