206347 – dns/unbound update to 1.5.7 [PATCH]

Bug 206347 - dns/unbound update to 1.5.7 [PATCH]

Summary: dns/unbound update to 1.5.7 [PATCH]

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Sergey Matveychuk

URL:
Keywords:	patch

Depends on:
Blocks:

Reported:	2016-01-17 22:43 UTC by Jaap Akkerhuis
Modified:	2016-02-04 17:14 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (sem)

Attachments
patch to update (16.25 KB, patch) 2016-01-17 22:43 UTC, Jaap Akkerhuis	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jaap Akkerhuis 2016-01-17 22:43:19 UTC

Created attachment 165731 [details]
patch to update

Current unbound port is dated (version 1.5.5), current version is 1.5.7.

Some Upgrade Notes:

This release fixes a validation failure for nodata with wildcards and
emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
response for malformed EDNS queries. And it has Windows changes to
make unbound portable possible. For crypto in libunbound there is
libnettle support.

Qname minimisation is implemented. Use qname-minimisation: yes to
enable it. This version sends the full query name when an error is
found for intermediate names. It should therefore not fail for names
on nonconformant servers. It combines well with
harden-below-nxdomain: yes because those nxdomains are probed by the
qname minimisation, and that will both stop privacy sensitive traffic
and reduce nonsense traffic to authority servers. So consider
enabling both. In this implementation IPv6 reverse lookups add
several labels per increment, because otherwise those lookups would be
very slow. [ Reference
https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ]

More details at <http://unbound.net>

Comment 1 commit-hook freebsd_committer

2016-02-04 15:59:13 UTC

A commit references this bug:

Author: erwin
Date: Thu Feb  4 15:58:31 UTC 2016
New revision: 408047
URL: https://svnweb.freebsd.org/changeset/ports/408047

Log:
  - Update unbound to 1.5.7
  - Bump PORTREVISIOn on dependent ports

  Some Upgrade Notes:

  This release fixes a validation failure for nodata with wildcards and
  emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
  response for malformed EDNS queries. For crypto in libunbound there is
  libnettle support.

  Qname minimisation is implemented. Use qname-minimisation: yes to
  enable it. This version sends the full query name when an error is
  found for intermediate names. It should therefore not fail for names
  on nonconformant servers. It combines well with
  harden-below-nxdomain: yes because those nxdomains are probed by the
  qname minimisation, and that will both stop privacy sensitive traffic
  and reduce nonsense traffic to authority servers. So consider
  enabling both. In this implementation IPv6 reverse lookups add
  several labels per increment, because otherwise those lookups would be
  very slow. [ Reference
  https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ]

  More details at <http://unbound.net>

  PR:		206347
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
  Approved by:	maintainer timeout
  Sponsored by:	DK Hostmaster A/S

Changes:
  head/dns/autotrust/Makefile
  head/dns/getdns/Makefile
  head/dns/unbound/Makefile
  head/dns/unbound/distinfo
  head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch
  head/dns/unbound/pkg-plist
  head/mail/opendkim/Makefile
  head/security/gnutls/Makefile
  head/security/strongswan/Makefile

Comment 2 Erwin Lansing freebsd_committer

2016-02-04 17:14:17 UTC

Committed, thanks!