summaryrefslogtreecommitdiff
path: root/net/unbound/Makefile
diff options
context:
space:
mode:
authorhe <he@pkgsrc.org>2019-02-05 09:44:57 +0000
committerhe <he@pkgsrc.org>2019-02-05 09:44:57 +0000
commit411430ca4177730a6f7451f0244a6442c8e2ff57 (patch)
tree9eb00da69c76495e989e25140a1e911dceafef9d /net/unbound/Makefile
parentd5a1c6cec87a29d83b820dec8458d2e8fec493be (diff)
downloadpkgsrc-411430ca4177730a6f7451f0244a6442c8e2ff57.tar.gz
Update unbound to version 1.9.0
Upstream changes: This release contains the DNS Flag Day changes for Unbound. See the reference here, https://dnsflagday.net/ . Or this presentation: https://indico.dns-oarc.net/event/29/contributions/662/attachments/634/1063/EDNS_Flag_Day_-_OARC29.pdf . The EDNS timeouts are not used to fallback to nonEDNS queries. Features - log-tag-queryreply: yes in unbound.conf tags the log-queries and log-replies in the log file for easier log filter maintenance. - ip-ratelimit-factor of 1 allows all traffic through, instead of the previous blocking everything. - Fix #4206: support openssl 1.0.2 for TLS hostname verification, alongside the 1.1.0 and later support that is already there. - Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews, the patch adds a program used for fuzzing. - streamtcp option -a send queries consecutively and prints answers as they arrive. - out-of-order processing for TCP and TLS. - Add stream-wait-size: 4m config option to limit the maximum memory used by waiting tcp and tls stream replies. This avoids a denial of service where these replies use up all of the memory. - unbound-control stats has mem.streamwait that counts TCP and TLS waiting result buffers. - Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites options for unbound.conf. - Patch for TLS session resumption from Manabu Sonoda, enable with tls-session-ticket-keys in unbound.conf. - ub_ctx_set_tls call for libunbound that enables DoT for the machines set with ub_ctx_set_fwd. Patch from Florian Obser. Bug Fixes - Fix that unbound-checkconf does not complains if the config file is not placed inside the chroot. - Refuse to start with no ports. - Remove clang analysis warnings. - Patch for typo in unbound.conf man page. - Fix icon, no ragged edges and nicer resolutions available, for eg. Win 7 and Windows 10 display. - cache-max-ttl also defines upperbound of initial TTL in response. - Fix config parser memory leaks. - Fix for FreeBSD port make with dnscrypt and dnstap enabled. - Fixup openssl 1.0.2 compile - Fix for crash in dns64 module if response is null. - On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN, and server tcp fastopen is enabled at compile time. - Document interaction between the tls-upstream option in the server section and forward-tls-upstream option in the forward-zone sections. - Fix syntax in comment of local alias processing. - Fix NSEC3 record that is returned in wildcard replies from auth-zone zones with NSEC3 and wildcards. - Log query name for looping module errors. - For caps-for-id fallback, use the whitelist to avoid timeout starting a fallback sequence for it. - increase mesh max activation count for capsforid long fetches. - Fix for #4219: secondaries not updated after serial change, unbound falls back to AXFR after IXFR gives several timeout failures. - Fix that auth zone after IXFR fallback tries the same master. - Fix for IXFR fallback to reset counter when IXFR does not timeout. - Newer aclocal and libtoolize used for generating configure scripts, aclocal 1.16.1 and libtoolize 2.4.6. - Fix unit test for python 3.7 new keyword 'async'. - clang analysis fixes, assert arc4random buffer in init, no check for already checked delegation pointer in iterator, in testcode check for NULL packet matches, in perf do not copy from NULL start list when growing capacity. Adjust host and file only when present in test header read to please checker. In testcode for unknown macro operand give zero result. Initialise the passed argv array in test code. In test code add EDNS data segment copy only when nonempty. - Patch from Florian Obser fixes some compiler warnings: include mini_event.h to have a prototype for mini_ev_cmp include edns.h to have a prototype for apply_edns_options sldns_wire2str_edns_keepalive_print is only called in the wire2str, module declare it static to get rid of compiler warning: no previous prototype for function infra_find_ip_ratedata() is only called in the infra module, declare it static to get rid of compiler warning: no previous prototype for function do not shadow local variable buf in authzone auth_chunks_delete and az_nsec3_findnode are only called in the authzone module, declare them static to get rid of compiler warning: no previous prototype for function... copy_rrset() is only called in the respip module, declare it static to get rid of compiler warning: no previous prototype for function 'copy_rrset' no need for another variable "r"; gets rid of compiler warning: declaration shadows a local variable in libunbound.c no need for another variable "ns"; gets rid of compiler warning: declaration shadows a local variable in iterator.c - Moved includes and make depend. - updated contrib/fastrpz.patch to cleanly diff. - remove compile warnings from libnettle compile. - output of newer lex 2.6.1 and bison 3.0.5. - Set build system for added call in the libunbound API. - List example config for root zone copy locally hosted with auth-zone as suggested from draft-ietf-dnsop-7706-bis-02. But with updated B root address. - Fixed spelling of tls-ciphers option in example.conf.
Diffstat (limited to 'net/unbound/Makefile')
-rw-r--r--net/unbound/Makefile6
1 files changed, 3 insertions, 3 deletions
diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index 2744f56338a..8bde28dbaa1 100644
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.62 2019/01/17 14:19:51 he Exp $
+# $NetBSD: Makefile,v 1.63 2019/02/05 09:44:57 he Exp $
-DISTNAME= unbound-1.8.3
-PKGREVISION= 1
+DISTNAME= unbound-1.9.0
+#PKGREVISION= 1
CATEGORIES= net
MASTER_SITES= http://www.nlnetlabs.nl/downloads/unbound/