Bug 218872 - [MAINTAINER] dns/unbound: Upgrade to 1.6.2
Summary: [MAINTAINER] dns/unbound: Upgrade to 1.6.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Kurt Jaeger
: 217737 (view as bug list)
Depends on:
Reported: 2017-04-25 10:15 UTC by Jaap Akkerhuis
Modified: 2017-05-16 17:03 UTC (History)
2 users (show)

See Also:
jaap: maintainer-feedback+

Patch to upgrade (3.17 KB, patch)
2017-04-25 10:15 UTC, Jaap Akkerhuis
jaap: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jaap Akkerhuis 2017-04-25 10:15:26 UTC
Created attachment 182078 [details]
Patch to upgrade

This release has a couple of new features and a list of bug fixes.
trustanchor.unbound chaos query, response IP actions, stats from
shm, --disable-sha1, dnscrypt support, and edns client subnet support
merged in.

Best regards, Wouter

- Add trustanchor.unbound CH TXT that gets a response with a number
  of TXT RRs with a string like "example.com. 2345 1234" with
  the trust anchors and their keytags.
- Patch for view functionality for local-data-ptr from Björn Ketelaars.
- Response actions based on IP address from Jinmei Tatuya (Infoblox).
- Patch from Luiz Fernando Softov for Stats Shared Memory.
- unbound-control stats_shm command prints stats using shared memory,
  which uses less cpu.
- --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and
  DS records.  NSEC3 is not disabled.
- #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then
  enabled in the config file from Manu Bretelle.
- Merge EDNS Client subnet implementation from feature branch into main
  branch, using new EDNS processing framework.
- harden-algo-downgrade: no also makes unbound more lenient about
  digest algorithms in DS records.Bug fixes
- sldns has ED25519 and ED448 algorithm number and name for display.
- sldns updated for vfixed and buffer resize indication from getdns.
- iana portlist update
- Fix #1224: Fix that defaults should not fall back to "Program Files
  (x86) if Unbound is 64bit by default on windows.
- Fix doc/CNAME-basedRedirectionDesignNotes.pdf zone static to
- make depend, autoconf, doxygen and lint fixed up.
- include sys/time.h for new shm code on NetBSD.
- Fix #1227: Fix that Unbound control allows weak ciphersuits.
- Fix #1226: provide official 32bit binary for windows.
- For #1227: if we have sha256, set the cipher list to have no
  known vulns.
- Fix testpkts.c, check if DO bit is set, not only if there is an OPT
- Fix #1229: Systemd service sandboxing in contrib/unbound.service.
- Fix #1230: swig version 2.0.1 is required for pythonmod, with
  1.3.40 it crashes when running repeatly unbound-control reload.
- fix enum conversion warnings
- fake-sha1 test option; print warning if used.  To make unit tests.
- unbound-control list local zone and data commands listed in the
  help output.
- Fix #1234: shortening DNAME loop produces duplicate DNAME records
  in ANSWER section.
- testbound understands Deckard MATCH rcode question answer commands.
- Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead
  of YXDOMAIN + query loop, reported by Petr Spacek.
- Fix that SHM is not inited if not enabled.
- Fix that looped DNAMEs do not cause unbound to spend effort.
- trustanchor tags are sorted.  reusable routine to fetch taglist.
- Fix #1237 - Wrong resolving in chain, for norec queries that get
  SERVFAIL returned.
- make depend, autoconf, remove warnings about statement before var.
- lru_demote and lruhash_insert_or_retrieve functions for getdns.
- fixup for lruhash (whitespace and header file comment).
- dnscrypt tests.
- Fix doxygen for dnscrypt files.
- Fix #1238: segmentation fault when adding through the remote
  interface a per-view local zone to a view with no previous
  (configured) local zones.
- Fix #1229: Systemd service sandboxing, options in wrong sections.
- Fix #1239: configure fails to find python distutils if python
  prints warning.
- Fix to prevent non-referal query from being cached as referal when the
  no_cache_store flag was set.
- Remove (now unused) event2 include from dnscrypt code.
- Fix #1217: Add metrics to unbound-control interface showing
  crypted, cert request, plaintext and malformed queries (from
  Manu Bretelle).
- Do not add current time twice to TTL before ECS cache store.
- Do not touch rrset cache after ECS cache message generation.
- Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode.
- Fix #1244: document that use of chroot requires trust anchor file to
  be under chroot.
- Small fixup for documentation.
- Fix respip for braces when locks arent used.
- Fix pythonmod for cb changes.
- Generalise inplace callback (de)registration
- (de)register inplace callbacks for module id
- No unbound-control set_option for ECS options
- Deprecated client-subnet-opcode config option
- Introduced client-subnet-always-forward config option
- Changed max-client-subnet-ipv6 default to 56 (as in RFC)
- Removed extern ECS config options
- module_restart_next now calls clear on all following modules
- Also create ECS module qstate on module_event_pass event
- remove malloc from inplace_cb_register
- Unlock view in respip unit test
- Some whitespace fixup.
- Remove ECS option after REFUSED answer.
- Fix small memory leak in edns_opt_copy_alloc.
- Respip dereference after NULL check.
- Zero initialize addrtree allocation.
- Use correct identifier for SHM destroy.
- Display ECS module memory usage.
- Fix #1247: unbound does not shorten source prefix length when
  forwarding ECS.
- Properly check for allocation failure in local_data_find_tag_datas.
- Fix #1249: unbound doesn't return FORMERR to bogus ECS.
- Set SHM ECS memory usage to 0 when module not loaded.
- subnet mem value is available in shm, also when not enabled,
  to make the struct easier to memmap by other applications,
  independent of the configuration of unbound.
- Fix #1250: inconsistent indentation in services/listen_dnsport.c.
Comment 1 Kurt Jaeger freebsd_committer 2017-04-29 20:41:58 UTC
Can you check the patch ? it looks like it's a mixed patch for unbound ?
Comment 2 Kurt Jaeger freebsd_committer 2017-04-29 20:49:37 UTC
*** Bug 217737 has been marked as a duplicate of this bug. ***
Comment 3 Kurt Jaeger freebsd_committer 2017-04-29 21:00:02 UTC
Committed, thanks!
Comment 4 commit-hook freebsd_committer 2017-04-29 21:00:30 UTC
A commit references this bug:

Author: pi
Date: Sat Apr 29 20:59:34 UTC 2017
New revision: 439775
URL: https://svnweb.freebsd.org/changeset/ports/439775

  dns/unbound: update 1.6.1 -> 1.6.2

  PR:		218872
  Changes:	http://www.unbound.net/pipermail/unbound-users/2017-April/004762.html
  Submitted by:	jaap@NLnetLabs.nl (maintainer)

Comment 5 commit-hook freebsd_committer 2017-05-16 17:03:57 UTC
A commit references this bug:

Author: garga
Date: Tue May 16 17:03:00 UTC 2017
New revision: 441011
URL: https://svnweb.freebsd.org/changeset/ports/441011

  MFH: r439775 r440077

  dns/unbound: update 1.6.1 -> 1.6.2

  PR:		218872
  Changes:	http://www.unbound.net/pipermail/unbound-users/2017-April/004762.html
  Submitted by:	jaap@NLnetLabs.nl (maintainer)

  Correct typo in DNSCRYPT option description

  PR:	219052
  Submitted by: greenreaper@hotmail.com
  Reportee by:
  Approved by:	adamw (mentor, implicit)

  Approved by:	ports-secteam (miwi)

_U  branches/2017Q2/