From 3fa38777169620ba039ff106469026a9b4b9e963 Mon Sep 17 00:00:00 2001 From: pettai Date: Sat, 17 Sep 2011 22:46:50 +0000 Subject: Unbound 1.4.13: Features: * Note that Unbound implements RFC6303 (since version 1.4.7). tcp-upstream yes/no option (works with set_option) for tunnels. * The format of answers to the qtype ANY with a CNAME have changed, so that there can be proper validated DNSSEC answers for them. This is for queries with qtype ANY where the domain name has a CNAME. Now an answer is returned, where before it resulted in SERVFAIL due to validation failure. When DNSSEC validation is disabled, the contents of the response have changed: the CNAME is not followed, and the correct contents of the RRsets at the initial name are included (where previously only partial contents of the initial names could have been included but the CNAME was followed). The qtype ANY is a query for debug where the resolver is to fill in relevant data that happens to be at hand from the cache. Bug Fixes: * Fix validation of qtype ANY responses with CNAMEs. Unbound responds with the RR types that are available at the name for qtype ANY and validates those RR types. It does not test for completeness (i.e. with NSEC or NSEC3 query), and it does not follow the CNAME or DNAME to another name (with even more data for the already large response) * Documented the options that work with control set_option command. * Fix that internally, CNAMEs with NXDOMAIN have that as rcode. * Fix validation of . DS query. * Fix wildcard expansion no-data reply under an optout NSEC3 zone is validated as insecure. * Fix python site-packages path to /usr/lib64. * fix memory and fd leak after out-of-memory condition. * contrib. patch fixes load of python modules. * contrib. patch that fixes a memory leak in the unbound python module, in string conversions. * Fix num-threads 0 does not segfault. * Fix autoconf 2.68 warnings * iana portlist updated --- net/unbound/Makefile | 5 ++--- net/unbound/distinfo | 8 ++++---- 2 files changed, 6 insertions(+), 7 deletions(-) (limited to 'net/unbound') diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 3591b26701f..79ca77da4e2 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.17 2011/08/20 08:12:41 obache Exp $ +# $NetBSD: Makefile,v 1.18 2011/09/17 22:46:50 pettai Exp $ -DISTNAME= unbound-1.4.12 -PKGREVISION= 1 +DISTNAME= unbound-1.4.13 CATEGORIES= net MASTER_SITES= http://www.unbound.net/downloads/ diff --git a/net/unbound/distinfo b/net/unbound/distinfo index 77b6f3f13f3..75bbf342510 100644 --- a/net/unbound/distinfo +++ b/net/unbound/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.14 2011/07/27 04:11:25 pettai Exp $ +$NetBSD: distinfo,v 1.15 2011/09/17 22:46:50 pettai Exp $ -SHA1 (unbound-1.4.12.tar.gz) = c46c05d1fa2402a59c10f51864fd4c62d10a472f -RMD160 (unbound-1.4.12.tar.gz) = 2e3a35f1e72046c9701cd3f51a8a2f58881a03d3 -Size (unbound-1.4.12.tar.gz) = 3506466 bytes +SHA1 (unbound-1.4.13.tar.gz) = 834ccfd1cb41a44f53b33f8338a8f9cc68febaf7 +RMD160 (unbound-1.4.13.tar.gz) = f55623935e3772056a4ef10ff03cbb8805b30f1a +Size (unbound-1.4.13.tar.gz) = 3511677 bytes -- cgit v1.2.3