From 95f380e349fd697fd7746417fef8488cbbce4547 Mon Sep 17 00:00:00 2001 From: pettai Date: Tue, 20 Dec 2011 14:02:02 +0000 Subject: Unbound 1.4.14: Features: * Makefile changed for BSD make compatibility. * dns over ssl support as a client, ssl-upstream yes turns it on. It performs an SSL transaction for every DNS query. * dns over ssl support as a server, ssl-service-pem and ssl-service-key files can be given and then TCP queries are serviced wrapped in SSL. * lame-ttl and lame-size options no longer exist, it is integrated with the host info. They are ignored (with verbose warning) if encountered to keep the config file backwards compatible. * TCP-upstream calculates tcp-ping so server selection works if there are alternatives. * Unbound probes at EDNS1480 if there an EDNS0 timeout. Bug Fixes: * Fix for VU#209659 CVE-2011-4528: Unbound denial of service vulnerabilities from nonstandard redirection and denial of existence http://www.unbound.net/downloads/CVE-2011-4528.txt * Fix for tcp-upstream and ssl-upstream for if a laptop sleeps, causes SERVFAILs. Also fixed for UDP (but less likely). * Fix quartile time estimate, it was too low. * Fix double free in unbound-host. * fix -flto detection on Lion for llvm-gcc. * [bugzilla: 416 ] Infra cache stores information about ping and lameness per IP, zone. * [bugzilla: 415 ] Fix resolve of partners.extranet.microsoft.com with a fix for the server selection for choosing out of a (particular) list of bad choices. * Fix make_new_space function so that the incoming query is not overwritten if a jostled out query causes a waiting query to be resumed that then fails and sends an error message. * fix unbound-anchor for broken strptime on OSX lion, detected in configure. * Detect if GOST really works, openssl1.0 on OSX fails. * Implement ipv6%interface notation for scope_id usage. * better documentation for inform_super. * Fix for out-of-memory condition in libunbound. * Fix --enable-allsymbols, it depended on link specifics of the target platform, or fptr_wlist assertion failures could occur. * updated contrib/unbound_munin_ to family=auto so that it works with munin-node-configure automatically. * Fix classification of NS set in answer section, where there is a parent-child server, and the answer has the AA flag for dir.slb.com. * [bugzilla: 408 ] accept patch from Steve Snyder that comments out unused functions in lookup3.c. * fix various compiler warnings. * max sent count. EDNS1480 only for rtt < 5000. No promiscuous fetch if sentcount > 3, stop query if sentcount > 16. Count is reset when referral or CNAME happens. This makes unbound better at managing large NS sets, they are explored when there is continued interest (in the form of queries). * remove uninit warning from cachedump code. * Fix parse error on negative SOA RRSIGs if badly ordered in the packet. * fix infra cache comparison. * Fix to constrain signer_name to be a parent of the lookupname. * robust checks for next-closer NSEC3s. * iana portlist updated. (Ok'ed by wiz@) --- net/unbound/Makefile | 4 ++-- net/unbound/distinfo | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'net/unbound') diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 79ca77da4e2..da9b6b1f715 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.18 2011/09/17 22:46:50 pettai Exp $ +# $NetBSD: Makefile,v 1.19 2011/12/20 14:02:02 pettai Exp $ -DISTNAME= unbound-1.4.13 +DISTNAME= unbound-1.4.14 CATEGORIES= net MASTER_SITES= http://www.unbound.net/downloads/ diff --git a/net/unbound/distinfo b/net/unbound/distinfo index 75bbf342510..24e18c10c3c 100644 --- a/net/unbound/distinfo +++ b/net/unbound/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.15 2011/09/17 22:46:50 pettai Exp $ +$NetBSD: distinfo,v 1.16 2011/12/20 14:02:02 pettai Exp $ -SHA1 (unbound-1.4.13.tar.gz) = 834ccfd1cb41a44f53b33f8338a8f9cc68febaf7 -RMD160 (unbound-1.4.13.tar.gz) = f55623935e3772056a4ef10ff03cbb8805b30f1a -Size (unbound-1.4.13.tar.gz) = 3511677 bytes +SHA1 (unbound-1.4.14.tar.gz) = 1435029abe63d0106213acb9f173b885183cf1d7 +RMD160 (unbound-1.4.14.tar.gz) = 136aff9812eebace73c26b608f6411bd048215cc +Size (unbound-1.4.14.tar.gz) = 3546634 bytes -- cgit v1.2.3