Upgrade unbound to version 1.7.1.

Upstream changes:

Features
- Add --with-libhiredis, unbound support for a new cachedb
  backend that uses a Redis server as the storage.  This
  implementation depends on the hiredis client library
  (https://redislabs.com/lp/hiredis/).
  And unbound should be built with both --enable-cachedb and
  --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
  should exist).  Patch from Jinmei Tatuya (Infoblox).
- Create additional tls service interfaces by opening them on other
  portnumbers and listing the portnumbers as additional-tls-port: nr.
- ED448 support.
- num.query.authzone.up and num.query.authzone.down statistics counters.
- Accept both option names with and without colon for get_option
  and set_option.
- low-rtt and low-rtt-pct in unbound.conf enable the server selection
  of fast servers for some percentage of the time.
- num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN
  statistics counters.
- allow-notify: config statement for auth-zones.
- Can set tls authentication with forward-addr: IP#tls.auth.name
  And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".
  such as forward-addr: 9.9.9.9@853#dns.quad9.net or
  1.1.1.1@853#cloudflare-dns.com
- list_auth_zones unbound-control command.
- Added root-key-sentinel support

Bug Fixes
- Fix #3727: Protocol name is TLS, options have been renamed but
  documentation is not consistent.
- Check IXFR start serial.
- Fix typo in documentation.
- Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually
  flushed with serve-expired on.
- Fix #3817: core dump happens in libunbound delete, when queued
  servfail hits deleted message queue.
- corrected a minor typo in the changelog.
- move htobe64/be64toh portability code to cachedb.c.
- iana port update.
- Do not use cached NSEC records to generate negative answers for
  domains under DNSSEC Negative Trust Anchors.
- Fix unbound-control get_option aggressive-nsec
- Check "result" in dup_all(), by Florian Obser.
- Fix #4043: make test fails due to v6 presentation issue in macOS.
- Fix unable to resolve after new WLAN connection, due to auth-zone
  failing with a forwarder set.  Now, auth-zone is only used for
  answers (not referrals) when a forwarder is set.
- Combine write of tcp length and tcp query for dns over tls.
- nitpick fixes in example.conf.
- Fix above stub queries for type NS and useless delegation point.
- Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3
  tls_choose_sigalg routine does not allow the ciphers for the pipe,
  so use TLSv1.2.
- Fix that flush_zone sets prefetch ttl expired, so that with
  serve-expired enabled it'll start prefetching those entries.
- Fix downstream auth zone, only fallback when auth zone fails to
  answer and fallback is enabled.
- Fix for max include depth for authzones.
- Fix memory free on fail for $INCLUDE in authzone.
- Fix that an internal error to look up the wrong rr type for
  auth zone gets stopped, before trying to send there.
- Fix auth zone target lookup iterator.
- Fix auth-zone retry timer to be on schedule with retry timeout,
  with backoff.  Also time a refresh at the zone expiry.
- Fix #658: unbound using TLS in a forwarding configuration does not
  verify the server's certificate (RFC 8310 support).
- For addr with #authname and no @port notation, the default is 853.
- man page documentation for dns-over-tls forward-addr '#' notation.
- removed free from failed parse case.
- Fix #4091: Fix that reload of auth-zone does not merge the zonefile
  with the previous contents.
- Delete auth zone when removed from config.
- makedist uses bz2 for expat code, instead of tar.gz.
- Fix #4092: libunbound: use-caps-for-id lacks colon in
  config_set_option.
- auth zone http download stores exact copy of downloaded file,
  including comments in the file.
- Fix sldns parse failure for CDS alternate delete syntax empty hex.
- Attempt for auth zone fix; add of callback in mesh gets from
  callback does not skip callback of result.
- Fix cname classification with qname minimisation enabled.
- Fix contrib/fastrpz.patch for this release.
- Fix auth https for libev.
- Fix memory leak when caching wildcard records for aggressive NSEC use
- Fix for crash in daemon_cleanup with dnstap during reload,
  from Saksham Manchanda.
- Also that for dnscrypt.

3 files changed, 10 insertions, 10 deletions

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index 3ce6c7b67fd..693974270ac 100644
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.54 2018/03/15 10:22:49 he Exp $
+# $NetBSD: Makefile,v 1.55 2018/05/07 07:13:28 he Exp $
 
-DISTNAME=	unbound-1.7.0
+DISTNAME=	unbound-1.7.1
 CATEGORIES=	net
 MASTER_SITES=	http://www.unbound.net/downloads/
 
diff --git a/net/unbound/distinfo b/net/unbound/distinfo
index d0232727fb4..2749aec879c 100644
--- a/net/unbound/distinfo
+++ b/net/unbound/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.40 2018/03/15 10:22:49 he Exp $
+$NetBSD: distinfo,v 1.41 2018/05/07 07:13:28 he Exp $
 
-SHA1 (unbound-1.7.0.tar.gz) = d90b09315c75ad2843b868785b3d12a2c4f27b28
-RMD160 (unbound-1.7.0.tar.gz) = abc59d2b8b52bab5784fe56ccb8b7ed10e8830fe
-SHA512 (unbound-1.7.0.tar.gz) = 49b07643da2a89d8ceedce1295f550f74a76f4f11c2df54df55e9c42f03bad1b133789c7b36fb3c4f37d6b331ac302ecfd1249e8ebaaa4333beda8fa250b61d9
-Size (unbound-1.7.0.tar.gz) = 5538228 bytes
-SHA1 (patch-configure) = 30874b8337e4ef0e436bb52f4af92a43b810f7bb
+SHA1 (unbound-1.7.1.tar.gz) = b853b746fa1f89ecce160850ab163ef78f67eea5
+RMD160 (unbound-1.7.1.tar.gz) = fd9ee1d94d475a84997d16e2e939c661d297fa6b
+SHA512 (unbound-1.7.1.tar.gz) = 99a68abf1f60f6ea80cf2973906df44da9c577d8cac969824af1ce9ca385a2e84dd684937480da87cb73c7dc41ad5c00b0013ec74103eadb8fd7dc6f98a89255
+Size (unbound-1.7.1.tar.gz) = 5565938 bytes
+SHA1 (patch-configure) = 769ad52b9ab93bc8e48d2ffe8fef5b4b61070eba
diff --git a/net/unbound/patches/patch-configure b/net/unbound/patches/patch-configure
index cc381b7a22f..9c4d4ebbbc7 100644
--- a/net/unbound/patches/patch-configure
+++ b/net/unbound/patches/patch-configure
@@ -1,11 +1,11 @@
-$NetBSD: patch-configure,v 1.1 2017/07/09 08:09:41 adam Exp $
+$NetBSD: patch-configure,v 1.2 2018/05/07 07:13:28 he Exp $
 
 Pretend expat.h is found: it is guaranteed by PkgSrc, but on Darwin it might
 be buried inside an SDK; we don't want the SDK path being exposed in CFLAGS.
 
 --- configure.orig	2017-07-09 07:41:42.000000000 +0000
 +++ configure
-@@ -18563,7 +18563,7 @@ fi
+@@ -18815,7 +18815,7 @@ fi
  
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5
  $as_echo_n "checking for libexpat... " >&6; }