Apply fix from

5f724da8c5
Paraphrased:
Fix plain DNS-over-TCP so that it doesn't try to use TLS when
TLS is also configured elsewhere.

Bump PKGREVISION.

net/unbound/Makefile

@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.88 2022/02/10 13:17:52 he Exp $
+# $NetBSD: Makefile,v 1.89 2022/02/11 09:28:16 he Exp $
 
 DISTNAME=	unbound-1.15.0
+PKGREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	https://nlnetlabs.nl/downloads/unbound/
 

net/unbound/distinfo

@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.67 2022/02/10 13:17:53 he Exp $
+$NetBSD: distinfo,v 1.68 2022/02/11 09:28:16 he Exp $
 
 BLAKE2s (unbound-1.15.0.tar.gz) = 9faa1c09804bdbf9762ee66ef8a69891290b3421d5438c1962a3770361853a0f
 SHA512 (unbound-1.15.0.tar.gz) = c5dab305694c14f64e05080700bb52f6e6bf5b76f15e1fde34e35c932cb3ffed0de2c03b570cf4bfe18165cb10e82e67ee9b12c6583295380f88c2c03800cc1f
 Size (unbound-1.15.0.tar.gz) = 6163470 bytes
 SHA1 (patch-configure) = a949bdb26b37950c0301946af4521c9d0e984cf9
-SHA1 (patch-services_listen__dnsport.c) = 11c5b3af93f07da5e1375babea91725055baa08a
+SHA1 (patch-services_listen__dnsport.c) = 06c29e2785f0dfe3719523471a355ee6e2356226

net/unbound/patches/patch-services_listen__dnsport.c

@@ -1,14 +1,57 @@
-$NetBSD: patch-services_listen__dnsport.c,v 1.1 2020/11/13 17:05:40 jperkin Exp $
+$NetBSD: patch-services_listen__dnsport.c,v 1.2 2022/02/11 09:28:16 he Exp $
 
-Include limits.h for SSIZE_MAX.
+Apply fix from
+https://github.com/NLnetLabs/unbound/commit/5f724da8c57c5a6bf1d589b6651daec2dc39a9d1
+Paraphrased:
+Fix plain DNS-over-TCP so that it doesn't try to use TLS when
+TLS is also configured elsewhere.
 
---- services/listen_dnsport.c.orig	2020-10-08 06:24:21.000000000 +0000
+--- services/listen_dnsport.c.orig	2022-02-10 07:57:36.000000000 +0000
 +++ services/listen_dnsport.c
-@@ -62,6 +62,7 @@
+@@ -1369,17 +1369,17 @@ listen_create(struct comm_base* base, st
- #include <netdb.h>
+ 	while(ports) {
+ 		struct comm_point* cp = NULL;
+ 		if(ports->ftype == listen_type_udp ||
+-		   ports->ftype == listen_type_udp_dnscrypt)
++		   ports->ftype == listen_type_udp_dnscrypt) {
+ 			cp = comm_point_create_udp(base, ports->fd,
+ 				front->udp_buff, cb, cb_arg, ports->socket);
+-		else if(ports->ftype == listen_type_tcp ||
+-				ports->ftype == listen_type_tcp_dnscrypt)
++		} else if(ports->ftype == listen_type_tcp ||
++				ports->ftype == listen_type_tcp_dnscrypt) {
+ 			cp = comm_point_create_tcp(base, ports->fd,
+ 				tcp_accept_count, tcp_idle_timeout,
+ 				harden_large_queries, 0, NULL,
+ 				tcp_conn_limit, bufsize, front->udp_buff,
+ 				ports->ftype, cb, cb_arg, ports->socket);
+-		else if(ports->ftype == listen_type_ssl ||
++		} else if(ports->ftype == listen_type_ssl ||
+ 			ports->ftype == listen_type_http) {
+ 			cp = comm_point_create_tcp(base, ports->fd,
+ 				tcp_accept_count, tcp_idle_timeout,
+@@ -1410,15 +1410,22 @@ listen_create(struct comm_base* base, st
  #endif
- #include <fcntl.h>
+ 			}
-+#include <limits.h>
+ 		} else if(ports->ftype == listen_type_udpancil ||
- 
+-				  ports->ftype == listen_type_udpancil_dnscrypt)
- #ifdef HAVE_SYS_UN_H
++				  ports->ftype == listen_type_udpancil_dnscrypt) {
- #include <sys/un.h>
+ 			cp = comm_point_create_udp_ancil(base, ports->fd,
+ 				front->udp_buff, cb, cb_arg, ports->socket);
++		}
+ 		if(!cp) {
+ 			log_err("can't create commpoint");
+ 			listen_delete(front);
+ 			return NULL;
+ 		}
+-		if(http_notls && ports->ftype == listen_type_http)
++		if((http_notls && ports->ftype == listen_type_http) ||
++		    (ports->ftype == listen_type_tcp) ||
++		    (ports->ftype == listen_type_udp) ||
++		    (ports->ftype == listen_type_udpancil) ||
++		    (ports->ftype == listen_type_tcp_dnscrypt) ||
++		    (ports->ftype == listen_type_udp_dnscrypt) ||
++		    (ports->ftype == listen_type_udpancil_dnscrypt))
+ 			cp->ssl = NULL;
+ 		else
+ 			cp->ssl = sslctx;