Bug 206347

Summary: dns/unbound update to 1.5.7 [PATCH]
Product: Ports & Packages Reporter: Jaap Akkerhuis <jaap>
Component: Individual Port(s)Assignee: Sergey Matveychuk <sem>
Status: Closed FIXED    
Severity: Affects Many People CC: erwin
Priority: --- Keywords: patch
Version: LatestFlags: bugzilla: maintainer-feedback? (sem)
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch to update none

Description Jaap Akkerhuis 2016-01-17 22:43:19 UTC 
Created attachment 165731 [details]
patch to update

Current unbound port is dated (version 1.5.5), current version is 1.5.7.

Some Upgrade Notes:

This release fixes a validation failure for nodata with wildcards and
emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
response for malformed EDNS queries. And it has Windows changes to
make unbound portable possible. For crypto in libunbound there is
libnettle support.

Qname minimisation is implemented. Use qname-minimisation: yes to
enable it. This version sends the full query name when an error is
found for intermediate names. It should therefore not fail for names
on nonconformant servers. It combines well with
harden-below-nxdomain: yes because those nxdomains are probed by the
qname minimisation, and that will both stop privacy sensitive traffic
and reduce nonsense traffic to authority servers. So consider
enabling both. In this implementation IPv6 reverse lookups add
several labels per increment, because otherwise those lookups would be
very slow. [ Reference
https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ]

More details at <http://unbound.net>
Comment 1 commit-hook freebsd_committer freebsd_triage 2016-02-04 15:59:13 UTC 
A commit references this bug:

Author: erwin
Date: Thu Feb  4 15:58:31 UTC 2016
New revision: 408047
URL: https://svnweb.freebsd.org/changeset/ports/408047

Log:
  - Update unbound to 1.5.7
  - Bump PORTREVISIOn on dependent ports

  Some Upgrade Notes:

  This release fixes a validation failure for nodata with wildcards and
  emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
  response for malformed EDNS queries. For crypto in libunbound there is
  libnettle support.

  Qname minimisation is implemented. Use qname-minimisation: yes to
  enable it. This version sends the full query name when an error is
  found for intermediate names. It should therefore not fail for names
  on nonconformant servers. It combines well with
  harden-below-nxdomain: yes because those nxdomains are probed by the
  qname minimisation, and that will both stop privacy sensitive traffic
  and reduce nonsense traffic to authority servers. So consider
  enabling both. In this implementation IPv6 reverse lookups add
  several labels per increment, because otherwise those lookups would be
  very slow. [ Reference
  https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ]

  More details at <http://unbound.net>

  PR:		206347
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
  Approved by:	maintainer timeout
  Sponsored by:	DK Hostmaster A/S

Changes:
  head/dns/autotrust/Makefile
  head/dns/getdns/Makefile
  head/dns/unbound/Makefile
  head/dns/unbound/distinfo
  head/dns/unbound/files/patch-contrib-aaaa-filter-iterator.patch
  head/dns/unbound/pkg-plist
  head/mail/opendkim/Makefile
  head/security/gnutls/Makefile
  head/security/strongswan/Makefile
Comment 2 Erwin Lansing freebsd_committer freebsd_triage 2016-02-04 17:14:17 UTC 
Committed, thanks!