Bug 240163

Summary: dns/unbound: Update to 1.9.3
Product: Ports & Packages Reporter: Jaap Akkerhuis <jaap>
Component: Individual Port(s)Assignee: Steve Wills <swills>
Status: Closed FIXED    
Severity: Affects Some People Keywords: needs-qa
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Bug Depends on:    
Bug Blocks: 238893    
Description Flags
Patch to update jaap: maintainer-approval+

Description Jaap Akkerhuis 2019-08-28 10:10:49 UTC
Created attachment 206966 [details]
Patch to update

Port specific changes:

        The rc script now supports multiple instances of unbound
        and network views (setfib)

From upstream:

This release has a number of bug fixes.  Added is the ipset module, that
helps add ip-addresses that are looked up in a domain to a firewall
ip-address filter.  Also, the python module has restart next, per-query
data and multiple instance support.  The unbound -V option has been
added and it prints the build config.

- PR #28: IPSet module, by Kevin Chou.  Created a module to support
  the ipset that could add the domain's ip to a list easily.
  Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md.
- Merge PR #6: Python module: support multiple instances
- Merge PR #5: Python module: define constant MODULE_RESTART_NEXT
- Merge PR #4: Python module: assign something useful to the
  per-query data store 'qdata'
- Introduce `-V` option to print the version number and build options.
  Previously reported build options like linked libs and linked modules
  are now moved from `-h` to `-V` as well for consistency.
- PACKAGE_BUGREPORT now also includes link to GitHub issues.

Bug Fixes:
- Fix #39: In libunbound, leftover logfile is close()d unpredictably.
- Fix for #24: Fix abort due to scan of auth zone masters using old
  address from previous scan.
- Fix to omit RRSIGs from addition to the ipset.
- Fix to make unbound-control with ipset, remove unused variable,
  use unsigned type because of comparison, and assign null instead
  of compare with it.  Remade lex and yacc output.
- make depend
- Added documentation to the ipset files (for doxygen output).
- Fix python dict reference and double free in config.
- Fix memleak in unit test, reported from the clang 8.0 static analyzer.
- For #45, check that and ::1 are not used in unbound.conf
  when do-not-query-localhost is turned on, or at default on,
  unbound-checkconf prints a warning if it is found in forward-addr or
  stub-addr statements.
- Fix for possible assertion failure when answering respip CNAME from
- Fix in respip addrtree selection. Absence of addr_tree_init_parents()
  call made it impossible to go up the tree when the matching netmask is
  too specific.
- Fix #48: Unbound returns additional records on NODATA response,
  if minimal-responses is enabled, also the additional for negative
  responses is removed.
- Fix #49: Set no renegotiation on the SSL context to stop client
  session renegotiation.
- Fix question section mismatch in local zone redirect.
- Add verbose log message when auth zone file is written, at level 4.
- Add hex print of trust anchor pointer to trust anchor file temp
  name to make it unique, for libunbound created multiple contexts.
- For #52 #53, second context does not close logfile override.
- Fix #52 #53, fix for example fail program.
- Fix to return after failed auth zone http chunk write.
- Fix to remove unused test for task_probe existance.
- Fix to timeval_add for remaining second in microseconds.
- Check repinfo in worker_handle_request, if null, drop it.
- Generate configlexer with newer flex.
- Fix warning for unused variable for compilation without systemd.
- Fix #59, when compiled with systemd support check that we can properly
  communicate with systemd through the `NOTIFY_SOCKET`.
- iana portlist updated.
- Fix autotrust temp file uniqueness windows compile.
- avoid warning about upcast on 32bit systems for autotrust.
- escape commandline contents for -V.
- Fix character buffer size in ub_ctx_hosts.
- Option -V prints if TCP fastopen is available.
- Fix unittest valgrind false positive uninitialised value report,
  where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0
  issues an uninitialised value for the token buffer at the str2wire.c
  rrinternal_get_owner() strcmp with the '@' value.  Rewritten to use
  straight character comparisons removes the false positive.  Also
  valgrinds --expensive-definedness-checks=yes can stop this false
- Please doxygen's parser for "@" occurrence in doxygen comment.
- Fixup contrib/fastrpz.patch
- Remove warning about unknown cast-function-type warning pragma.
- Document limitation of pidfile removal outside of chroot directory.
- Fix log_dns_msg to log irrespective of minimal responses config.
- Fix that pkg-config is setup before --enable-systemd needs it.
Comment 1 commit-hook freebsd_committer 2019-09-02 16:31:12 UTC
A commit references this bug:

Author: swills
Date: Mon Sep  2 16:31:03 UTC 2019
New revision: 510824
URL: https://svnweb.freebsd.org/changeset/ports/510824

  dns/unbound: update to 1.9.3

  Whil here, improve rc script

  PR:		240163
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

Comment 2 Steve Wills freebsd_committer 2019-09-02 16:32:41 UTC
Committed, thanks!