Upgrade unbound to version 1.7.1.

Upstream changes: Features - Add --with-libhiredis, unbound support for a new cachedb backend that uses a Redis server as the storage. This implementation depends on the hiredis client library (https://redislabs.com/lp/hiredis/). And unbound should be built with both --enable-cachedb and --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h should exist). Patch from Jinmei Tatuya (Infoblox). - Create additional tls service interfaces by opening them on other portnumbers and listing the portnumbers as additional-tls-port: nr. - ED448 support. - num.query.authzone.up and num.query.authzone.down statistics counters. - Accept both option names with and without colon for get_option and set_option. - low-rtt and low-rtt-pct in unbound.conf enable the server selection of fast servers for some percentage of the time. - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN statistics counters. - allow-notify: config statement for auth-zones. - Can set tls authentication with forward-addr: IP#tls.auth.name And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem". such as forward-addr: 9.9.9.9@853#dns.quad9.net or 1.1.1.1@853#cloudflare-dns.com - list_auth_zones unbound-control command. - Added root-key-sentinel support Bug Fixes - Fix #3727: Protocol name is TLS, options have been renamed but documentation is not consistent. - Check IXFR start serial. - Fix typo in documentation. - Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually flushed with serve-expired on. - Fix #3817: core dump happens in libunbound delete, when queued servfail hits deleted message queue. - corrected a minor typo in the changelog. - move htobe64/be64toh portability code to cachedb.c. - iana port update. - Do not use cached NSEC records to generate negative answers for domains under DNSSEC Negative Trust Anchors. - Fix unbound-control get_option aggressive-nsec - Check "result" in dup_all(), by Florian Obser. - Fix #4043: make test fails due to v6 presentation issue in macOS. - Fix unable to resolve after new WLAN connection, due to auth-zone failing with a forwarder set. Now, auth-zone is only used for answers (not referrals) when a forwarder is set. - Combine write of tcp length and tcp query for dns over tls. - nitpick fixes in example.conf. - Fix above stub queries for type NS and useless delegation point. - Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3 tls_choose_sigalg routine does not allow the ciphers for the pipe, so use TLSv1.2. - Fix that flush_zone sets prefetch ttl expired, so that with serve-expired enabled it'll start prefetching those entries. - Fix downstream auth zone, only fallback when auth zone fails to answer and fallback is enabled. - Fix for max include depth for authzones. - Fix memory free on fail for $INCLUDE in authzone. - Fix that an internal error to look up the wrong rr type for auth zone gets stopped, before trying to send there. - Fix auth zone target lookup iterator. - Fix auth-zone retry timer to be on schedule with retry timeout, with backoff. Also time a refresh at the zone expiry. - Fix #658: unbound using TLS in a forwarding configuration does not verify the server's certificate (RFC 8310 support). - For addr with #authname and no @port notation, the default is 853. - man page documentation for dns-over-tls forward-addr '#' notation. - removed free from failed parse case. - Fix #4091: Fix that reload of auth-zone does not merge the zonefile with the previous contents. - Delete auth zone when removed from config. - makedist uses bz2 for expat code, instead of tar.gz. - Fix #4092: libunbound: use-caps-for-id lacks colon in config_set_option. - auth zone http download stores exact copy of downloaded file, including comments in the file. - Fix sldns parse failure for CDS alternate delete syntax empty hex. - Attempt for auth zone fix; add of callback in mesh gets from callback does not skip callback of result. - Fix cname classification with qname minimisation enabled. - Fix contrib/fastrpz.patch for this release. - Fix auth https for libev. - Fix memory leak when caching wildcard records for aggressive NSEC use - Fix for crash in daemon_cleanup with dnstap during reload, from Saksham Manchanda. - Also that for dnscrypt.
author: he <he@pkgsrc.org> 2018-05-07 07:13:28 +0000
committer: he <he@pkgsrc.org> 2018-05-07 07:13:28 +0000
commit: efd492f48a7b4a0b785a29560de33f37498c7443 (patch)
tree: 8732c3a2874cc0e75304798985c7e13d85c7e5b7 /net/unbound/Makefile
parent: b6dde332cfc78b604b62140fc098bd7e129540a2 (diff)
download: pkgsrc-efd492f48a7b4a0b785a29560de33f37498c7443.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index 3ce6c7b67fd..693974270ac 100644
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.54 2018/03/15 10:22:49 he Exp $
+# $NetBSD: Makefile,v 1.55 2018/05/07 07:13:28 he Exp $
 
-DISTNAME=	unbound-1.7.0
+DISTNAME=	unbound-1.7.1
 CATEGORIES=	net
 MASTER_SITES=	http://www.unbound.net/downloads/
author	he <he@pkgsrc.org>	2018-05-07 07:13:28 +0000
committer	he <he@pkgsrc.org>	2018-05-07 07:13:28 +0000
commit	efd492f48a7b4a0b785a29560de33f37498c7443 (patch)
tree	8732c3a2874cc0e75304798985c7e13d85c7e5b7 /net/unbound/Makefile
parent	b6dde332cfc78b604b62140fc098bd7e129540a2 (diff)
download	pkgsrc-efd492f48a7b4a0b785a29560de33f37498c7443.tar.gz