diff options
| author | spz <spz@pkgsrc.org> | 2022-08-27 15:50:45 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2022-08-27 15:50:45 +0000 |
| commit | d0813f748a8b13589fe74ff70ffb7c6adfe370fc (patch) | |
| tree | 69aa9e3841a6a547295ed4e03785cb4c1ed954a6 | |
| parent | 101e8244438233fcf835a25696db800c46173259 (diff) | |
| download | pkgsrc-d0813f748a8b13589fe74ff70ffb7c6adfe370fc.tar.gz | |
Pullup ticket #6666 - requested by khorben
net/unbound: security update
Revisions pulled up:
- net/unbound/Makefile 1.93,1.92
- net/unbound/distinfo 1.71,1.70
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Mon Aug 1 12:38:46 UTC 2022
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update net/unbound to version 1.16.2.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
retransmit timeout.
Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest
cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/unbound/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Mon Jul 11 15:02:05 UTC 2022
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update net/unbound to version 1.16.1.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Fix #704: [FR] Statistics counter for number of outgoing UDP queries
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
command.
Bug Fixes
- makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
- Fix for edns client subnet to respect not looking in its cache when
instructed to do so (e.g., prefetch).
- Merge PR #688: Rpz url notify issue.
- Note in the unbound.conf text that NOTIFY is allowed from the url:
addresses for auth and rpz zones.
- Remove unused LDNS function check for GOST Engine unloading.
- Fix for loading locally stored zones that have lines with blanks or
blanks and comments.
- Fix #663: use after free issue with edns options.
- Clarify -v flag manpage entry (#705)
- Fix test program dohclient close to use portability routine.
- Show the output of the exact .rpl run that failed with 'make test'.
- Fix for cached 0 TTL records to not trigger prefetching when
serve-expired-client-timeout is set.
- Add debug option to the mini_tdir.sh test code.
- Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
- Allow fallback to the parent side when MAX_TARGET_NX is reached.
This will also allow MAX_TARGET_NX more NXDOMAINs.
- iana portlist update.
- Fix detection of libz on windows compile with static option.
- Fix compile warning for windows compile.
- Merge PR #706: NXNS fallback.
- From #706: Cached NXDOMAIN does not increase the target nx
responses.
- From #706: Don't generate parent side queries if we already
have the lame records in cache.
- From #706: When a lame address is the best choice, don't try to
generate target queries when the missing targets are all lame.
- Merge PR #671 from Petr Men\u0161�k: Disable ED25519 and ED448 in FIPS
mode on openssl3.
- Merge PR #660 from Petr Men\u0161�k: Sha1 runtime insecure.
- For #660: formatting, less verbose logging, add EDE information.
- Fix for correct openssl error when adding windows CA certificates to
the openssl trust store.
- Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
- Reintroduce documentation and more EDE support for
val_sigcrypt.c::dnskeyset_verify_rrset_sig.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/net/unbound/distinfo
| -rw-r--r-- | net/unbound/Makefile | 4 | ||||
| -rw-r--r-- | net/unbound/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 78f816f16c7..b2f6ff7e8b1 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.91 2022/06/02 13:02:38 he Exp $ +# $NetBSD: Makefile,v 1.91.2.1 2022/08/27 15:50:45 spz Exp $ -DISTNAME= unbound-1.16.0 +DISTNAME= unbound-1.16.2 CATEGORIES= net MASTER_SITES= https://nlnetlabs.nl/downloads/unbound/ diff --git a/net/unbound/distinfo b/net/unbound/distinfo index fcb8551e38c..462eff90f9d 100644 --- a/net/unbound/distinfo +++ b/net/unbound/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.69 2022/06/02 13:02:38 he Exp $ +$NetBSD: distinfo,v 1.69.2.1 2022/08/27 15:50:45 spz Exp $ -BLAKE2s (unbound-1.16.0.tar.gz) = 9ab57da5c00f0d18a4c0d14dc10692f4976d5eca7a8d3c183b901f66b7aed909 -SHA512 (unbound-1.16.0.tar.gz) = 134679c0baad6738541295fcfbf8cc701c647b5d5cd00f87e50394bc7b5b74b7326ed2fc42f3282cae8094b4980c1e580d7b748b7151642c9060c449b644715f -Size (unbound-1.16.0.tar.gz) = 6188349 bytes +BLAKE2s (unbound-1.16.2.tar.gz) = 31ce353b16be4330598b918ca3596f2e5c9c85ca190f69b9c3aaeb5cf18c7602 +SHA512 (unbound-1.16.2.tar.gz) = 0ea65ea63265be677441bd2a28df12098ec5e86c3372240c2874f9bd13752b8b818da81ae6076cf02cbeba3d36e397698a4c2b50570be1a6a8e47f57a0251572 +Size (unbound-1.16.2.tar.gz) = 6204297 bytes SHA1 (patch-configure) = a949bdb26b37950c0301946af4521c9d0e984cf9 |