Update unbound to version 1.9.2

Upstream changes:

Features
- add type CAA to libpyunbound (accessing libunbound from python).
- Fix #17: Add python module example from Jan Janak, that is a
  plugin for the Unbound DNS resolver to resolve DNS records in
  multicast DNS [RFC 6762] via Avahi.  The plugin communicates
  with Avahi via DBus. The comment section at the beginning of
  the file contains detailed documentation.
- travis build file.
- PR #16: XoT support, AXFR over TLS, turn it on with
  master: <ip>#<authname> in unbound.conf.  This uses TLS to
  download the AXFR (or IXFR).

Bug Fixes
- Fix for #4233: guard use of NDEBUG, so that it can be passed in
  CFLAGS into configure.
- Add log message, at verbosity 4, that says the query is encrypted
  with TLS, if that is enabled for the query.
- Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
- Fix #4240: Fix whitespace cleanup in example.conf.
- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
  disables the tls session ticker key calls into the OpenSSL API.
- Fix crash if tls-servic-pem not filled in when necessary.
- Fix auth-zone NSEC3 response for empty nonterminals with exact
  match nsec3 records.
- Fix for out of bounds integers, thanks to OSTIF audit.  It is in
  allocation debug code.
- Fix for auth zone nsec3 ent fix for wildcard nodata.
- Move goto label in answer_from_cache to the end of the function
  where it is more visible.
- Fix auth-zone NSEC3 response for wildcard nodata answers,
  include the closest encloser in the answer.
- Fix spelling error in log output for event method.
- Fix to reinit event structure for accepted TCP (and TLS) sockets.
- Fix to use event_assign with libevent for thread-safety.
- verbose information about auth zone lookup process, also lookup
  start, timeout and fail.
- Fix to wipe ssl ticket keys from memory with explicit_bzero,
  if available.
- Fix that auth zone uses correct network type for sockets for
  SOA serial probes.  This fixes that probes fail because earlier
  probe addresses are unreachable.
- Fix that auth zone fails over to next master for timeout in tcp.
- Squelch SSL read and write connection reset by peer and broken pipe
  messages.  Verbosity 2 and higher enables them.
- Update python documentation for init_standard().
- Typos.
- Fix tls write event for read state change to re-call SSL_write and
  not resume the TLS handshake.
- Better braces in if statement in TCP fastopen code.
- iana portlist updated.
- Scrub RRs from answer section when reusing NXDOMAIN message for
  subdomain answers.
- For harden-below-nxdomain: do not consider a name to be non-exitent
  when message contains a CNAME record.
- Fix wrong query name in local zone redirect answers with a CNAME,
  the copy of the local alias is in unpacked form.
- contrib/fastrpz.patch updated for code changes, and with git diff.
- Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64.
- Fix #30: AddressSanitizer finding in lookup3.c.  This sets the
  hash function to use a slower but better auditable code that does
  not read beyond array boundaries.  This makes code better security
  checkable, and is better for security.  It is fixed to be slower,
  but not read outside of the array.
- Fix edns-subnet locks, in error cases the lock was not unlocked.
- Fix doxygen output error on readme markdown vignettes.
- Squelch log messages from tcp send about connection reset by peer.
  They can be enabled with verbosity at higher values for diagnosing
  network connectivity issues.
- Attempt to fix malformed tcp response.
- Fix #31: swig 4.0 and python module.
- Note that so-reuseport at extreme load is better turned off,
  otherwise queries are not distributed evenly, on Linux 4.4.x.
- Fix that spoolbuf is not used to store tcp pipelined response
  between mesh send and callback end.
- Fix double file close in tcp pipelined response code.
- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
- Fix to guard _OPENBSD_SOURCE from redefinition.
- Fix that fixes the Fix that spoolbuf is not used to store tcp
  pipelined response between mesh send and callback end, this fixes
  error cases that did not use the correct spoolbuf.
- Fix that fixes the Fix that spoolbuf is not used to store tcp
  pipelined response between mesh send and callback end, this fixes
  error cases that did not use the correct spoolbuf.
- Fix another spoolbuf storage code point, in prefetch.
This commit is contained in:
he 2019-06-17 09:49:08 +00:00
parent 7e52457462
commit da9d6a3eba
2 changed files with 7 additions and 8 deletions

View file

@ -1,7 +1,6 @@
# $NetBSD: Makefile,v 1.67 2019/06/12 10:04:05 wiz Exp $
# $NetBSD: Makefile,v 1.68 2019/06/17 09:49:08 he Exp $
DISTNAME= unbound-1.9.1
PKGREVISION= 1
DISTNAME= unbound-1.9.2
CATEGORIES= net
MASTER_SITES= http://www.nlnetlabs.nl/downloads/unbound/

View file

@ -1,7 +1,7 @@
$NetBSD: distinfo,v 1.50 2019/03/12 12:13:08 he Exp $
$NetBSD: distinfo,v 1.51 2019/06/17 09:49:08 he Exp $
SHA1 (unbound-1.9.1.tar.gz) = 89ed8e97cdcdd957e676eba0f8fa5e5f987b2f1f
RMD160 (unbound-1.9.1.tar.gz) = a3bfefff28c59442ce10ff636e1f401cb51f85b1
SHA512 (unbound-1.9.1.tar.gz) = 5dfac7ce3892f73109fdfe0f81863643b1f4c10cee2d4e2d1a28132f1b9ea4d4f89242e4e6348fdadf998f1c75d53577cbf4f719e98faa1342fc3c5de2e8903d
Size (unbound-1.9.1.tar.gz) = 5665254 bytes
SHA1 (unbound-1.9.2.tar.gz) = 9a7ac3163df57a26b1cfb89844993d95fabee359
RMD160 (unbound-1.9.2.tar.gz) = 63411e761d70b5ce7c5e939dceebd8e7d4818c94
SHA512 (unbound-1.9.2.tar.gz) = 118f0e53ee2d5cfb53ce1f792ca680cc01b5825bf81575e36bd3b24f3bdbe14e6631401bf1bf85eb2ac2a3fa0ee2ee3eb6a28b245d06d48d9975ce4cc260f764
Size (unbound-1.9.2.tar.gz) = 5676395 bytes
SHA1 (patch-configure) = eabd0c478e92ebe37adf143849389e0e792dc77f