summaryrefslogtreecommitdiff
path: root/net/unbound
diff options
context:
space:
mode:
authorpettai <pettai@pkgsrc.org>2010-07-26 19:09:19 +0000
committerpettai <pettai@pkgsrc.org>2010-07-26 19:09:19 +0000
commita23975b5882edf9c694b2b6537bed767af0783d1 (patch)
treef8329fcfdf047859447a8b5514d17e73cc72edcf /net/unbound
parent1fae05974f3f37e6b7a40d27b95f727b2b128944 (diff)
downloadpkgsrc-a23975b5882edf9c694b2b6537bed767af0783d1.tar.gz
unbound-1.4.5:
Features: * unbound-control get_option domain-insecure shows config file items. * Autotrust anchor file can be initialized with a ZSK key as well (if the domain's DNSKEY set is signed with that ZSK). * Conforms to draft-ietf-dnsop-default-local-zones-13. Added default reverse lookup blocks for IPv4 test nets 100.51.198.in-addr.arpa, 113.0.203.in-addr.arpa and Orchid prefix 0.1.1.0.0.2.ip6.arpa. * Contribution from Migiel de Vos (Surfnet): nagios patch for unbound-host, in contrib/ (in the source tarball). Makes unbound-host suitable for monitoring dnssec(-chain) status. * GOST disabled-by-default, the algorithm number is allocated but the RFC is still has to pass AUTH48 at the IETF. Bug Fixes: * Fix validation failure for qtype ANY caused by a RRSIG parse failure. The validator error message was 'no signatures from ...'. * Squelch log message: sendto failed permission denied for 255.255.255.255, it is visible in VERB_DETAIL (verbosity 2). * Fix fetch from blacklisted dnssec lame servers as last resort. The server's IP address is then given in validator errors as well. * Fix local-zone type redirect that did not use the query name for the answer rrset. * Compile fix using Sun Studio 12 compiler on Solaris 5.9, use CPPFLAGS during configure process. * Fix if libev is installed on the base system (not libevent), detect it from the event.h header file and link with -lev. * Fix configlexer.lex gets config.h, and configyyrename.h added by make, no more double include. * More strict scrubber (Thanks to George Barwood for the idea): NS set must be pertinent to the query. * [bugzilla: 307 ] In 0x20 backoff fix fallback so the number of outstanding queries does not become -1 and block the request. Fixed handling of recursion-lame in combination with 0x20 fallback. Fix so RRsets are compared canonicalized and sorted if the immediate comparison fails, this makes the 0x20 option work around round-robin sites. * Fix retry sequence if prime hints are recursion-lame. * Fix so harden-referral-path does not result in failures due to max-depth. You can increase the max-depth by adding numbers (' 0') after the target-fetch-policy, this increases the depth to which is checked. * Fix detection of GOST support in ldns (reported by Chris Smith). * Fix for dnssec lameness detection to use the key cache. * infra cache entries that are expired are wiped clean. Previously it was possible to not expire host data (if accessed often). * Fix dnssec-missing detection that was turned off by server selection. * [bugzilla: 308 ] Fix spelling error in variable name in parser and lexer. * Fix various compiler warnings from the clang llvm compiler. * Fix comments in iter_utils:dp_is_useless. * EDNS timeout code will not fire if EDNS status already known. * EDNS failure not stored if EDNS status known to work. * Parent-child disagreement approach altered. Older fixes are removed in place of a more exhaustive search for misconfigured data available via the parent of a delegation. This is designed to be throttled by cache entries, with TTL from the parent if possible. Additionally the loop-counter is used. It also tests for NS RRset differences between parent and child. The fetch of misconfigured data should be more reliable and thorough. It should work reliably even with no or only partial data in cache. Data received from the child (as always) is deemed more authoritative than information received from the delegation parent. The search for misconfigured data is not performed normally. * Fix AD flag handling, it could in some cases mistakenly copy the AD flag from upstream servers. * Ignore Z flag in incoming messages too. * alloc_special_obtain out of memory is not a fatal error any more, enabling unbound to continue longer in out of memory conditions. * Parentside names are dispreferred but not said to be dnssec-lame. * Fix parentside and querytargets modulestate, for dump_requestlist. * unbound-control-setup makes keys -rw-r--- so not all users permitted. * libtoolize 2.2.6b, autoconf 2.65 applied to configure. * Fix compile warning if compiled without threads. * iana portlist updated. * included ldns tarball updated. * Fix bug where a long loop could be entered, now cycle detection has a loop-counter and maximum search amount.
Diffstat (limited to 'net/unbound')
-rw-r--r--net/unbound/Makefile4
-rw-r--r--net/unbound/distinfo10
-rw-r--r--net/unbound/patches/patch-ac16
3 files changed, 15 insertions, 15 deletions
diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index 8963dd71246..157b8f24764 100644
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.9 2010/05/06 09:38:24 pettai Exp $
+# $NetBSD: Makefile,v 1.10 2010/07/26 19:09:19 pettai Exp $
-DISTNAME= unbound-1.4.4
+DISTNAME= unbound-1.4.5
CATEGORIES= net
MASTER_SITES= http://www.unbound.net/downloads/
diff --git a/net/unbound/distinfo b/net/unbound/distinfo
index ceba7a7d798..286b4ae6cdc 100644
--- a/net/unbound/distinfo
+++ b/net/unbound/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.8 2010/05/06 09:38:24 pettai Exp $
+$NetBSD: distinfo,v 1.9 2010/07/26 19:09:19 pettai Exp $
-SHA1 (unbound-1.4.4.tar.gz) = 2cb4c34ece87e43c9acc8da85d2ea1c8ea1ffe66
-RMD160 (unbound-1.4.4.tar.gz) = 581ae8953d5624e0c2b59af94740c4d024882abe
-Size (unbound-1.4.4.tar.gz) = 4300711 bytes
-SHA1 (patch-ac) = 90f1bc56afecd6973b4ffee9ab66ae639b7863a4
+SHA1 (unbound-1.4.5.tar.gz) = c1f227b95448cdfd0006d6d00b3d4354500d7564
+RMD160 (unbound-1.4.5.tar.gz) = 908d80acf0dfe4592922988e5ca73bdbab8d26a9
+Size (unbound-1.4.5.tar.gz) = 4317925 bytes
+SHA1 (patch-ac) = f2294c6216b4f1ee1c1fe07a9949aea2bb8dc485
diff --git a/net/unbound/patches/patch-ac b/net/unbound/patches/patch-ac
index 5ed2b7ddea5..bd11b14c31d 100644
--- a/net/unbound/patches/patch-ac
+++ b/net/unbound/patches/patch-ac
@@ -1,8 +1,8 @@
-$NetBSD: patch-ac,v 1.5 2010/03/08 19:56:20 pettai Exp $
+$NetBSD: patch-ac,v 1.6 2010/07/26 19:09:19 pettai Exp $
---- Makefile.in.orig 2009-07-15 16:08:52 +0300
-+++ Makefile.in 2009-08-23 17:11:32 +0300
-@@ -91,12 +91,11 @@ UNITTEST_SRC=$(patsubst $(srcdir)/%,%, \
+--- Makefile.in.orig 2010-06-02 08:59:11.000000000 +0000
++++ Makefile.in
+@@ -101,12 +101,11 @@ UNITTEST_SRC=$(patsubst $(srcdir)/%,%, \
testcode/readhex.c testcode/ldns-testpkts.c smallapp/worker_cb.c \
$(COMMON_SRC)
UNITTEST_OBJ=$(addprefix $(BUILD),$(UNITTEST_SRC:.c=.lo)) $(COMPAT_OBJ)
@@ -17,10 +17,10 @@ $NetBSD: patch-ac,v 1.5 2010/03/08 19:56:20 pettai Exp $
+CONTROL_SRC=smallapp/unbound-control.c smallapp/worker_cb.c
CONTROL_OBJ=$(addprefix $(BUILD),$(CONTROL_SRC:.c=.lo)) $(COMPAT_OBJ)
HOST_SRC=smallapp/unbound-host.c
- HOST_OBJ=$(addprefix $(BUILD),$(HOST_SRC:.c=.lo)) $(COMPAT_OBJ)
-@@ -205,21 +204,21 @@
- $(INFO) Link $@
- $Q$(LINK_LIB) -export-symbols $(srcdir)/libunbound/ubsyms.def -o $@ $(sort $(LIBUNBOUND_OBJ)) -rpath $(libdir) $(LIBS)
+ HOST_OBJ=$(addprefix $(BUILD),$(HOST_SRC:.c=.lo)) $(filter-out $(BUILD)compat/ctime_r.lo, $(COMPAT_OBJ))
+@@ -213,21 +212,21 @@ libunbound.la: $(LIBUNBOUND_OBJ) $(ldnsl
+ $(INFO) Link $@
+ $Q$(LINK_LIB) -export-symbols $(srcdir)/libunbound/ubsyms.def -o $@ $(sort $(LIBUNBOUND_OBJ)) -rpath $(libdir) $(LIBS)
-unbound$(EXEEXT): $(DAEMON_OBJ) $(ldnslib)
+unbound$(EXEEXT): $(DAEMON_OBJ) $(ldnslib) libunbound.la