diff options
author | he <he@pkgsrc.org> | 2018-05-07 07:13:28 +0000 |
---|---|---|
committer | he <he@pkgsrc.org> | 2018-05-07 07:13:28 +0000 |
commit | efd492f48a7b4a0b785a29560de33f37498c7443 (patch) | |
tree | 8732c3a2874cc0e75304798985c7e13d85c7e5b7 /net/unbound | |
parent | b6dde332cfc78b604b62140fc098bd7e129540a2 (diff) | |
download | pkgsrc-efd492f48a7b4a0b785a29560de33f37498c7443.tar.gz |
Upgrade unbound to version 1.7.1.
Upstream changes:
Features
- Add --with-libhiredis, unbound support for a new cachedb
backend that uses a Redis server as the storage. This
implementation depends on the hiredis client library
(https://redislabs.com/lp/hiredis/).
And unbound should be built with both --enable-cachedb and
--with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
should exist). Patch from Jinmei Tatuya (Infoblox).
- Create additional tls service interfaces by opening them on other
portnumbers and listing the portnumbers as additional-tls-port: nr.
- ED448 support.
- num.query.authzone.up and num.query.authzone.down statistics counters.
- Accept both option names with and without colon for get_option
and set_option.
- low-rtt and low-rtt-pct in unbound.conf enable the server selection
of fast servers for some percentage of the time.
- num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN
statistics counters.
- allow-notify: config statement for auth-zones.
- Can set tls authentication with forward-addr: IP#tls.auth.name
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".
such as forward-addr: 9.9.9.9@853#dns.quad9.net or
1.1.1.1@853#cloudflare-dns.com
- list_auth_zones unbound-control command.
- Added root-key-sentinel support
Bug Fixes
- Fix #3727: Protocol name is TLS, options have been renamed but
documentation is not consistent.
- Check IXFR start serial.
- Fix typo in documentation.
- Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually
flushed with serve-expired on.
- Fix #3817: core dump happens in libunbound delete, when queued
servfail hits deleted message queue.
- corrected a minor typo in the changelog.
- move htobe64/be64toh portability code to cachedb.c.
- iana port update.
- Do not use cached NSEC records to generate negative answers for
domains under DNSSEC Negative Trust Anchors.
- Fix unbound-control get_option aggressive-nsec
- Check "result" in dup_all(), by Florian Obser.
- Fix #4043: make test fails due to v6 presentation issue in macOS.
- Fix unable to resolve after new WLAN connection, due to auth-zone
failing with a forwarder set. Now, auth-zone is only used for
answers (not referrals) when a forwarder is set.
- Combine write of tcp length and tcp query for dns over tls.
- nitpick fixes in example.conf.
- Fix above stub queries for type NS and useless delegation point.
- Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3
tls_choose_sigalg routine does not allow the ciphers for the pipe,
so use TLSv1.2.
- Fix that flush_zone sets prefetch ttl expired, so that with
serve-expired enabled it'll start prefetching those entries.
- Fix downstream auth zone, only fallback when auth zone fails to
answer and fallback is enabled.
- Fix for max include depth for authzones.
- Fix memory free on fail for $INCLUDE in authzone.
- Fix that an internal error to look up the wrong rr type for
auth zone gets stopped, before trying to send there.
- Fix auth zone target lookup iterator.
- Fix auth-zone retry timer to be on schedule with retry timeout,
with backoff. Also time a refresh at the zone expiry.
- Fix #658: unbound using TLS in a forwarding configuration does not
verify the server's certificate (RFC 8310 support).
- For addr with #authname and no @port notation, the default is 853.
- man page documentation for dns-over-tls forward-addr '#' notation.
- removed free from failed parse case.
- Fix #4091: Fix that reload of auth-zone does not merge the zonefile
with the previous contents.
- Delete auth zone when removed from config.
- makedist uses bz2 for expat code, instead of tar.gz.
- Fix #4092: libunbound: use-caps-for-id lacks colon in
config_set_option.
- auth zone http download stores exact copy of downloaded file,
including comments in the file.
- Fix sldns parse failure for CDS alternate delete syntax empty hex.
- Attempt for auth zone fix; add of callback in mesh gets from
callback does not skip callback of result.
- Fix cname classification with qname minimisation enabled.
- Fix contrib/fastrpz.patch for this release.
- Fix auth https for libev.
- Fix memory leak when caching wildcard records for aggressive NSEC use
- Fix for crash in daemon_cleanup with dnstap during reload,
from Saksham Manchanda.
- Also that for dnscrypt.
Diffstat (limited to 'net/unbound')
-rw-r--r-- | net/unbound/Makefile | 4 | ||||
-rw-r--r-- | net/unbound/distinfo | 12 | ||||
-rw-r--r-- | net/unbound/patches/patch-configure | 4 |
3 files changed, 10 insertions, 10 deletions
diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 3ce6c7b67fd..693974270ac 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.54 2018/03/15 10:22:49 he Exp $ +# $NetBSD: Makefile,v 1.55 2018/05/07 07:13:28 he Exp $ -DISTNAME= unbound-1.7.0 +DISTNAME= unbound-1.7.1 CATEGORIES= net MASTER_SITES= http://www.unbound.net/downloads/ diff --git a/net/unbound/distinfo b/net/unbound/distinfo index d0232727fb4..2749aec879c 100644 --- a/net/unbound/distinfo +++ b/net/unbound/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.40 2018/03/15 10:22:49 he Exp $ +$NetBSD: distinfo,v 1.41 2018/05/07 07:13:28 he Exp $ -SHA1 (unbound-1.7.0.tar.gz) = d90b09315c75ad2843b868785b3d12a2c4f27b28 -RMD160 (unbound-1.7.0.tar.gz) = abc59d2b8b52bab5784fe56ccb8b7ed10e8830fe -SHA512 (unbound-1.7.0.tar.gz) = 49b07643da2a89d8ceedce1295f550f74a76f4f11c2df54df55e9c42f03bad1b133789c7b36fb3c4f37d6b331ac302ecfd1249e8ebaaa4333beda8fa250b61d9 -Size (unbound-1.7.0.tar.gz) = 5538228 bytes -SHA1 (patch-configure) = 30874b8337e4ef0e436bb52f4af92a43b810f7bb +SHA1 (unbound-1.7.1.tar.gz) = b853b746fa1f89ecce160850ab163ef78f67eea5 +RMD160 (unbound-1.7.1.tar.gz) = fd9ee1d94d475a84997d16e2e939c661d297fa6b +SHA512 (unbound-1.7.1.tar.gz) = 99a68abf1f60f6ea80cf2973906df44da9c577d8cac969824af1ce9ca385a2e84dd684937480da87cb73c7dc41ad5c00b0013ec74103eadb8fd7dc6f98a89255 +Size (unbound-1.7.1.tar.gz) = 5565938 bytes +SHA1 (patch-configure) = 769ad52b9ab93bc8e48d2ffe8fef5b4b61070eba diff --git a/net/unbound/patches/patch-configure b/net/unbound/patches/patch-configure index cc381b7a22f..9c4d4ebbbc7 100644 --- a/net/unbound/patches/patch-configure +++ b/net/unbound/patches/patch-configure @@ -1,11 +1,11 @@ -$NetBSD: patch-configure,v 1.1 2017/07/09 08:09:41 adam Exp $ +$NetBSD: patch-configure,v 1.2 2018/05/07 07:13:28 he Exp $ Pretend expat.h is found: it is guaranteed by PkgSrc, but on Darwin it might be buried inside an SDK; we don't want the SDK path being exposed in CFLAGS. --- configure.orig 2017-07-09 07:41:42.000000000 +0000 +++ configure -@@ -18563,7 +18563,7 @@ fi +@@ -18815,7 +18815,7 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5 $as_echo_n "checking for libexpat... " >&6; } |