213043 – [MAINTAINER] dns/unbound update to 1.5.10

Bug 213043 - [MAINTAINER] dns/unbound update to 1.5.10

Summary: [MAINTAINER] dns/unbound update to 1.5.10

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Pawel Pekala

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-09-28 12:24 UTC by Jaap Akkerhuis
Modified:	2016-10-02 10:31 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
patch to update (1.18 KB, patch) 2016-09-28 12:24 UTC, Jaap Akkerhuis	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jaap Akkerhuis 2016-09-28 12:24:34 UTC

Created attachment 175225 [details]
patch to update

In this release there is a fix for long downtime after connectivity
loss, which was a longstanding unsolved issue.  Features for tcp, TCP
Fast Open and timeout pressure to close connections when the tcp
connections are getting full.  Option to use ipv6 /64 for extra entropy.


Features
- Create a pkg-config file for libunbound in contrib.
- TCP Fast open patch from Sara Dickinson.
- Finegrained localzone control with define-tag, access-control-tag,
  access-control-tag-action, access-control-tag-data, local-zone-tag, and
  local-zone-override. And added types always_transparent, always_refuse,
  always_nxdomain with that.
- If more than half of tcp connections are in use, a shorter timeout
  is used (200 msec, vs 2 minutes) to pressure tcp for new connects.
- [bugzilla: 787 ] Fix #787: outgoing-interface netblock/64 ipv6
  option to use linux freebind to use 64bits of entropy for every query
  with random local part.
- For #787: prefer-ip6 option for unbound.conf prefers to send
  upstream queries to ipv6 servers.
- Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e.
- keep debug symbols in windows build.

Bug Fixes
- [bugzilla: 778 ] Fix unbound 1.5.9: -h segfault (null deref).
- Fix unbound-anchor.exe file location defaults to Program Files with (x86) appended.
- Fix to not ignore return value of chown() in daemon startup.
- Better help text from -h (from Ray Griffith).
- [bugzilla: 773 ] Fix Non-standard Python location build failure with pyunbound.
- Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures.
- Revert fix for NetworkService account on windows due to breakage it causes.
- Fix that windows install will not overwrite existing service.conf
  file (and ignore gui config choices if it exists).
- And delete service.conf.shipped on uninstall.
- In unbound.conf directory: dir immediately changes to that
  directory, so that include: file below that is relative to that
  directory. With chroot, make the directory an absolute path inside chroot
- do not delete service.conf on windows uninstall.
- document directory immediate fix and allow EXECUTABLE syntax in it
  on windows.
- Fix directory: fix for unbound-checkconf, it restores cwd.
- Use QTYPE=A for QNAME minimisation.
- Keep track of number of time-outs when performing QNAME
  minimisation. Stop minimising when number of time-outs for a QNAME/QTYPE
  pair is more than three.
- [bugzilla: 775 ] Fix unbound-host and unbound-anchor crash on
  windows, ignore null delete for wsaevent.
- Fix spelling in freebind option man page text.
- Fix windows link of ssl with crypt32.
- [bugzilla: 779 ] Fix Union casting is non-portable.
- [bugzilla: 780 ] Fix MAP_ANON not defined in HP-UX 11.31.
- [bugzilla: 781 ] Fix prealloc() is an HP-UX system library call.
- Decrease dp attempts at each QNAME minimisation iteration
- [bugzilla: 784 ] Fix Build configure assumess that having getpwnam
  means there is endpwent function available.
- Updated repository with newer flex and bison output.
- Fix static compile on windows missing gdi32.
- Fix dynamic link of anchor-update.exe on windows.
- Fix detect of mingw for MXE package build.
- Fixes for 64bit windows compile.
- [bugzilla: 788 ] Fix for nettle 3.0: Failed to build with Nettle > 3.0
  and --with-libunbound-only --with-nettle.
- Fixed unbound.doxygen for 1.8.11.
- [bugzilla: 798 ] Fix Client-side TCP fast open fails (Linux).
- [bugzilla: 801 ] Fix missing error condition handling in daemon_create_workers().
- [bugzilla: 802 ] Fix workaround for function parameters that are "unused" without log_assert.
- [bugzilla: 803 ] Fix confusing (and incorrect) code comment in daemon_cleanup().
- [bugzilla: 806 ] Fix wrong comment removed.
- use sendmsg instead of sendto for TFO.
- [bugzilla: 807 ] Fix workaround for possible some "unused" function
  parameters in test code, from Jinmei Tatuya.
- Note that OPENPGPKEY type is RFC 7929.
- [bugzilla: 804 ] Fix #804: unbound stops responding after outage.
  Fixes queries that attempt to wait for an empty list of subqueries.
- Fix for #804: lower num_target_queries for iterator also for failed lookups.
- [bugzilla: 820 ] Fix set sldns_str2wire_rr_buf() dual meaning len
  parameter in each iteration in find_tag_datas().
- [bugzilla: 777 ] Fix OpenSSL 1.1.0 compatibility, patch from Sebastian A. Siewior.
- RFC 7958 is now out, updated docs for unbound-anchor.
- Fix for compile without warnings with openssl 1.1.0.
- [bugzilla: 826 ] Fix refuse_non_local could result in a broken response.
- iana portlist update.
- Fix compile with openssl 1.1.0 with api=1.1.0.
- [bugzilla: 829 ] Fix doc of sldns_wire2str_rdata_buf() return value
  has an off-by-one typo, from Jinmei Tatuya (Infoblox).
- Fix incomplete prototypes reported by Dag-Erling Smørgrav.
- [bugzilla: 828 ] Fix missing type in access-control-tag-action
  redirect results in NXDOMAIN.
- Take configured minimum TTL into consideration when reducing TTL to
  original TTL from RRSIG.
- [bugzilla: 831 ] Fix workaround for spurious fread_chk warning
  against petal.c
- Silenced flex-generated sign-unsigned warning print with gcc
  diagnostic pragma.
- Fix for new splint on FreeBSD. Fix cast for sockaddr_un.sun_len.
- fix potential memory leak in daemon/remote.c and nullpointer
  dereference in validator/autotrust.
- [bugzilla: 883 ] Fix error for duplicate local zone entry.
- [bugzilla: 835 ] Fix --disable-dsa with nettle verify.

Comment 1 commit-hook freebsd_committer

2016-10-02 10:31:27 UTC

A commit references this bug:

Author: pawel
Date: Sun Oct  2 10:30:40 UTC 2016
New revision: 423108
URL: https://svnweb.freebsd.org/changeset/ports/423108

Log:
  Update to version 1.5.10

  In this release there is a fix for long downtime after connectivity
  loss, which was a longstanding unsolved issue.  Features for tcp, TCP
  Fast Open and timeout pressure to close connections when the tcp
  connections are getting full.  Option to use ipv6 /64 for extra entropy.

  Features
  - Create a pkg-config file for libunbound in contrib.
  - TCP Fast open patch from Sara Dickinson.
  - Finegrained localzone control with define-tag, access-control-tag,
    access-control-tag-action, access-control-tag-data, local-zone-tag, and
    local-zone-override. And added types always_transparent, always_refuse,
    always_nxdomain with that.
  - If more than half of tcp connections are in use, a shorter timeout
    is used (200 msec, vs 2 minutes) to pressure tcp for new connects.
  - [bugzilla: 787 ] Fix #787: outgoing-interface netblock/64 ipv6
    option to use linux freebind to use 64bits of entropy for every query
    with random local part.
  - For #787: prefer-ip6 option for unbound.conf prefers to send
    upstream queries to ipv6 servers.
  - Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e.
  - keep debug symbols in windows build.

  PR:		213043
  Submitted by:	maintainer

Changes:
  head/dns/unbound/Makefile
  head/dns/unbound/distinfo
  head/dns/unbound/pkg-plist