diff options
author | he <he@pkgsrc.org> | 2022-02-11 09:28:16 +0000 |
---|---|---|
committer | he <he@pkgsrc.org> | 2022-02-11 09:28:16 +0000 |
commit | 0e5f8a172efbc33f4ce4ec4c1d0e37e4ab5ecc88 (patch) | |
tree | 406b1101248750a2157932746effcc684cccda43 /net | |
parent | 3d8578fe8e6c2ff21430d57ee08cdd9e2d7b2a37 (diff) | |
download | pkgsrc-0e5f8a172efbc33f4ce4ec4c1d0e37e4ab5ecc88.tar.gz |
Apply fix from
https://github.com/NLnetLabs/unbound/commit/5f724da8c57c5a6bf1d589b6651daec2dc39a9d1
Paraphrased:
Fix plain DNS-over-TCP so that it doesn't try to use TLS when
TLS is also configured elsewhere.
Bump PKGREVISION.
Diffstat (limited to 'net')
-rw-r--r-- | net/unbound/Makefile | 3 | ||||
-rw-r--r-- | net/unbound/distinfo | 4 | ||||
-rw-r--r-- | net/unbound/patches/patch-services_listen__dnsport.c | 63 |
3 files changed, 57 insertions, 13 deletions
diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 5ba59050b39..b5c3bd4260a 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.88 2022/02/10 13:17:52 he Exp $ +# $NetBSD: Makefile,v 1.89 2022/02/11 09:28:16 he Exp $ DISTNAME= unbound-1.15.0 +PKGREVISION= 1 CATEGORIES= net MASTER_SITES= https://nlnetlabs.nl/downloads/unbound/ diff --git a/net/unbound/distinfo b/net/unbound/distinfo index 8929d5e4ab3..55b9c574285 100644 --- a/net/unbound/distinfo +++ b/net/unbound/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.67 2022/02/10 13:17:53 he Exp $ +$NetBSD: distinfo,v 1.68 2022/02/11 09:28:16 he Exp $ BLAKE2s (unbound-1.15.0.tar.gz) = 9faa1c09804bdbf9762ee66ef8a69891290b3421d5438c1962a3770361853a0f SHA512 (unbound-1.15.0.tar.gz) = c5dab305694c14f64e05080700bb52f6e6bf5b76f15e1fde34e35c932cb3ffed0de2c03b570cf4bfe18165cb10e82e67ee9b12c6583295380f88c2c03800cc1f Size (unbound-1.15.0.tar.gz) = 6163470 bytes SHA1 (patch-configure) = a949bdb26b37950c0301946af4521c9d0e984cf9 -SHA1 (patch-services_listen__dnsport.c) = 11c5b3af93f07da5e1375babea91725055baa08a +SHA1 (patch-services_listen__dnsport.c) = 06c29e2785f0dfe3719523471a355ee6e2356226 diff --git a/net/unbound/patches/patch-services_listen__dnsport.c b/net/unbound/patches/patch-services_listen__dnsport.c index 486f1eb2aa9..cf5e081da12 100644 --- a/net/unbound/patches/patch-services_listen__dnsport.c +++ b/net/unbound/patches/patch-services_listen__dnsport.c @@ -1,14 +1,57 @@ -$NetBSD: patch-services_listen__dnsport.c,v 1.1 2020/11/13 17:05:40 jperkin Exp $ +$NetBSD: patch-services_listen__dnsport.c,v 1.2 2022/02/11 09:28:16 he Exp $ -Include limits.h for SSIZE_MAX. +Apply fix from +https://github.com/NLnetLabs/unbound/commit/5f724da8c57c5a6bf1d589b6651daec2dc39a9d1 +Paraphrased: +Fix plain DNS-over-TCP so that it doesn't try to use TLS when +TLS is also configured elsewhere. ---- services/listen_dnsport.c.orig 2020-10-08 06:24:21.000000000 +0000 +--- services/listen_dnsport.c.orig 2022-02-10 07:57:36.000000000 +0000 +++ services/listen_dnsport.c -@@ -62,6 +62,7 @@ - #include <netdb.h> +@@ -1369,17 +1369,17 @@ listen_create(struct comm_base* base, st + while(ports) { + struct comm_point* cp = NULL; + if(ports->ftype == listen_type_udp || +- ports->ftype == listen_type_udp_dnscrypt) ++ ports->ftype == listen_type_udp_dnscrypt) { + cp = comm_point_create_udp(base, ports->fd, + front->udp_buff, cb, cb_arg, ports->socket); +- else if(ports->ftype == listen_type_tcp || +- ports->ftype == listen_type_tcp_dnscrypt) ++ } else if(ports->ftype == listen_type_tcp || ++ ports->ftype == listen_type_tcp_dnscrypt) { + cp = comm_point_create_tcp(base, ports->fd, + tcp_accept_count, tcp_idle_timeout, + harden_large_queries, 0, NULL, + tcp_conn_limit, bufsize, front->udp_buff, + ports->ftype, cb, cb_arg, ports->socket); +- else if(ports->ftype == listen_type_ssl || ++ } else if(ports->ftype == listen_type_ssl || + ports->ftype == listen_type_http) { + cp = comm_point_create_tcp(base, ports->fd, + tcp_accept_count, tcp_idle_timeout, +@@ -1410,15 +1410,22 @@ listen_create(struct comm_base* base, st #endif - #include <fcntl.h> -+#include <limits.h> - - #ifdef HAVE_SYS_UN_H - #include <sys/un.h> + } + } else if(ports->ftype == listen_type_udpancil || +- ports->ftype == listen_type_udpancil_dnscrypt) ++ ports->ftype == listen_type_udpancil_dnscrypt) { + cp = comm_point_create_udp_ancil(base, ports->fd, + front->udp_buff, cb, cb_arg, ports->socket); ++ } + if(!cp) { + log_err("can't create commpoint"); + listen_delete(front); + return NULL; + } +- if(http_notls && ports->ftype == listen_type_http) ++ if((http_notls && ports->ftype == listen_type_http) || ++ (ports->ftype == listen_type_tcp) || ++ (ports->ftype == listen_type_udp) || ++ (ports->ftype == listen_type_udpancil) || ++ (ports->ftype == listen_type_tcp_dnscrypt) || ++ (ports->ftype == listen_type_udp_dnscrypt) || ++ (ports->ftype == listen_type_udpancil_dnscrypt)) + cp->ssl = NULL; + else + cp->ssl = sslctx; |