Upgrade unbound to version 1.7.1.
Upstream changes: Features - Add --with-libhiredis, unbound support for a new cachedb backend that uses a Redis server as the storage. This implementation depends on the hiredis client library (https://redislabs.com/lp/hiredis/). And unbound should be built with both --enable-cachedb and --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h should exist). Patch from Jinmei Tatuya (Infoblox). - Create additional tls service interfaces by opening them on other portnumbers and listing the portnumbers as additional-tls-port: nr. - ED448 support. - num.query.authzone.up and num.query.authzone.down statistics counters. - Accept both option names with and without colon for get_option and set_option. - low-rtt and low-rtt-pct in unbound.conf enable the server selection of fast servers for some percentage of the time. - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN statistics counters. - allow-notify: config statement for auth-zones. - Can set tls authentication with forward-addr: IP#tls.auth.name And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem". such as forward-addr: 9.9.9.9@853#dns.quad9.net or 1.1.1.1@853#cloudflare-dns.com - list_auth_zones unbound-control command. - Added root-key-sentinel support Bug Fixes - Fix #3727: Protocol name is TLS, options have been renamed but documentation is not consistent. - Check IXFR start serial. - Fix typo in documentation. - Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually flushed with serve-expired on. - Fix #3817: core dump happens in libunbound delete, when queued servfail hits deleted message queue. - corrected a minor typo in the changelog. - move htobe64/be64toh portability code to cachedb.c. - iana port update. - Do not use cached NSEC records to generate negative answers for domains under DNSSEC Negative Trust Anchors. - Fix unbound-control get_option aggressive-nsec - Check "result" in dup_all(), by Florian Obser. - Fix #4043: make test fails due to v6 presentation issue in macOS. - Fix unable to resolve after new WLAN connection, due to auth-zone failing with a forwarder set. Now, auth-zone is only used for answers (not referrals) when a forwarder is set. - Combine write of tcp length and tcp query for dns over tls. - nitpick fixes in example.conf. - Fix above stub queries for type NS and useless delegation point. - Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3 tls_choose_sigalg routine does not allow the ciphers for the pipe, so use TLSv1.2. - Fix that flush_zone sets prefetch ttl expired, so that with serve-expired enabled it'll start prefetching those entries. - Fix downstream auth zone, only fallback when auth zone fails to answer and fallback is enabled. - Fix for max include depth for authzones. - Fix memory free on fail for $INCLUDE in authzone. - Fix that an internal error to look up the wrong rr type for auth zone gets stopped, before trying to send there. - Fix auth zone target lookup iterator. - Fix auth-zone retry timer to be on schedule with retry timeout, with backoff. Also time a refresh at the zone expiry. - Fix #658: unbound using TLS in a forwarding configuration does not verify the server's certificate (RFC 8310 support). - For addr with #authname and no @port notation, the default is 853. - man page documentation for dns-over-tls forward-addr '#' notation. - removed free from failed parse case. - Fix #4091: Fix that reload of auth-zone does not merge the zonefile with the previous contents. - Delete auth zone when removed from config. - makedist uses bz2 for expat code, instead of tar.gz. - Fix #4092: libunbound: use-caps-for-id lacks colon in config_set_option. - auth zone http download stores exact copy of downloaded file, including comments in the file. - Fix sldns parse failure for CDS alternate delete syntax empty hex. - Attempt for auth zone fix; add of callback in mesh gets from callback does not skip callback of result. - Fix cname classification with qname minimisation enabled. - Fix contrib/fastrpz.patch for this release. - Fix auth https for libev. - Fix memory leak when caching wildcard records for aggressive NSEC use - Fix for crash in daemon_cleanup with dnstap during reload, from Saksham Manchanda. - Also that for dnscrypt.
This commit is contained in:
parent
6d33b598d6
commit
a9c810f6cc
3 changed files with 10 additions and 10 deletions
|
@ -1,6 +1,6 @@
|
|||
# $NetBSD: Makefile,v 1.54 2018/03/15 10:22:49 he Exp $
|
||||
# $NetBSD: Makefile,v 1.55 2018/05/07 07:13:28 he Exp $
|
||||
|
||||
DISTNAME= unbound-1.7.0
|
||||
DISTNAME= unbound-1.7.1
|
||||
CATEGORIES= net
|
||||
MASTER_SITES= http://www.unbound.net/downloads/
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
$NetBSD: distinfo,v 1.40 2018/03/15 10:22:49 he Exp $
|
||||
$NetBSD: distinfo,v 1.41 2018/05/07 07:13:28 he Exp $
|
||||
|
||||
SHA1 (unbound-1.7.0.tar.gz) = d90b09315c75ad2843b868785b3d12a2c4f27b28
|
||||
RMD160 (unbound-1.7.0.tar.gz) = abc59d2b8b52bab5784fe56ccb8b7ed10e8830fe
|
||||
SHA512 (unbound-1.7.0.tar.gz) = 49b07643da2a89d8ceedce1295f550f74a76f4f11c2df54df55e9c42f03bad1b133789c7b36fb3c4f37d6b331ac302ecfd1249e8ebaaa4333beda8fa250b61d9
|
||||
Size (unbound-1.7.0.tar.gz) = 5538228 bytes
|
||||
SHA1 (patch-configure) = 30874b8337e4ef0e436bb52f4af92a43b810f7bb
|
||||
SHA1 (unbound-1.7.1.tar.gz) = b853b746fa1f89ecce160850ab163ef78f67eea5
|
||||
RMD160 (unbound-1.7.1.tar.gz) = fd9ee1d94d475a84997d16e2e939c661d297fa6b
|
||||
SHA512 (unbound-1.7.1.tar.gz) = 99a68abf1f60f6ea80cf2973906df44da9c577d8cac969824af1ce9ca385a2e84dd684937480da87cb73c7dc41ad5c00b0013ec74103eadb8fd7dc6f98a89255
|
||||
Size (unbound-1.7.1.tar.gz) = 5565938 bytes
|
||||
SHA1 (patch-configure) = 769ad52b9ab93bc8e48d2ffe8fef5b4b61070eba
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
$NetBSD: patch-configure,v 1.1 2017/07/09 08:09:41 adam Exp $
|
||||
$NetBSD: patch-configure,v 1.2 2018/05/07 07:13:28 he Exp $
|
||||
|
||||
Pretend expat.h is found: it is guaranteed by PkgSrc, but on Darwin it might
|
||||
be buried inside an SDK; we don't want the SDK path being exposed in CFLAGS.
|
||||
|
||||
--- configure.orig 2017-07-09 07:41:42.000000000 +0000
|
||||
+++ configure
|
||||
@@ -18563,7 +18563,7 @@ fi
|
||||
@@ -18815,7 +18815,7 @@ fi
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5
|
||||
$as_echo_n "checking for libexpat... " >&6; }
|
||||
|
|
Loading…
Reference in a new issue