Bug 220673 - dns/unbound: Update to 1.6.4
Summary: dns/unbound: Update to 1.6.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Danilo G. Baio
Depends on:
Reported: 2017-07-12 12:24 UTC by Jaap Akkerhuis
Modified: 2017-07-12 22:47 UTC (History)
1 user (show)

See Also:

patch to upgrade (1.16 KB, patch)
2017-07-12 12:30 UTC, Jaap Akkerhuis
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jaap Akkerhuis 2017-07-12 12:24:19 UTC

Comment 1 Jaap Akkerhuis 2017-07-12 12:30:25 UTC
Created attachment 184302 [details]
patch to upgrade
Comment 2 Jaap Akkerhuis 2017-07-12 12:32:39 UTC
- Implemented trust anchor signaling using key tag query.
- unbound-checkconf -o allows query of dnstap config variables.
  Also unbound-control get_option.  Also for dnscrypt.
- unbound.h exports the shm stats structures.  They use
  type long long and no ifdefs, and ub_ before the typenames.
- Implemented opportunistic IPsec support module (ipsecmod).
- Added redirect-bogus.patch to contrib directory.
- Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
- renumbering B-Root's IPv6 address to 2001:500:200::b.
- Fix #1276: [dnscrypt] add XChaCha20-Poly1305 cipher.
- Fix #1277: disable domain ratelimit by setting value to 0.
- Added fastrpz patch to contrib

Bug Fixes:
- Added ECS unit test (from Manu Bretelle).
- ECS documentation fix (from Manu Bretelle).
- Fix #1252: more indentation inconsistencies.
- Fix #1253: unused variable in edns-subnet/addrtree.c:getbit().
- Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
- iana portlist update
- Based on #1257: check parse limit before t increment in sldns RR
  string parse routine.
- Fix #1258: Windows 10 X64 unbound 1.6.2 service will not start.
  and fix that 64bit getting installed in C:\Program Files (x86).
- Fix #1259: "--disable-ecdsa" argument overwritten
  by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".
- iana portlist update
- Added test for leak of stub information.
- Fix sldns wire2str printout of RR type CAA tags.
- Fix sldns int16_data parse.
- Fix sldns parse and printout of TSIG RRs.
- sldns SMIMEA and AVC definitions, same as getdns definitions.
- Fix tcp-mss failure printout text.
- Set SO_REUSEADDR on outgoing tcp connections to fix the bind before
  connect limited tcp connections.  With the option tcp connections
  can share the same source port (for different destinations).
- Add 'c' to getopt() in testbound.
- Adjust servfail by iterator to not store in cache when serve-expired
  is enabled, to avoid overwriting useful information there.
- Fix queries for nameservers under a stub leaking to the internet.
- document trust-anchor-signaling in example config file.
- updated configure, dependencies and flex output.
- better module memory lookup, fix of unbound-control shm names for
  module memory printout of statistics.
- Fix type AVC sldns rrdef.
- Some whitespace fixup.
- Fix #1265: contrib/unbound.service contains hardcoded path.
- Fix #1265 to use /bin/kill.
- Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs,
  and compatibility with BoringSSL.
- Fix #1268: SIGSEGV after log_reopen.
- exec_prefix is by default equal to prefix.
- printout localzone for duplicate local-zone warnings.
- Fix assertion for low buffer size and big edns payload when worker
  overrides udpsize.
- Support for openssl EVP_DigestVerify.
- Fix #1269: inconsistent use of built-in local zones with views.
- Add defaults for new local-zone trees added to views using
- Fix #1273: cachedb.c doesn't compile with -Wextra.
- If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write.
- Also use global local-zones when there is a matching view that does
  not have any local-zone specified.
- Fix fastopen EPIPE fallthrough to perform connect.
- Fix #1274: automatically trim chroot path from dnscrypt key/cert paths
  (from Manu Bretelle).
- Fix #1275: cached data in cachedb is never used.
- Fix that unbound-control can set val_clean_additional and
- Add dnscrypt XChaCha20 tests.
- Detect chacha for dnscrypt at configure time.
- dnscrypt unit tests with chacha.
- Added domain name based ECS whitelist.
- Fix #1278: Incomplete wildcard proof.
- Fix #1279: Memory leak on reload when python module is enabled.
- Fix #1280: Unbound fails assert when response from authoritative
  contains malformed qname.  When 0x20 caps-for-id is enabled, when
  assertions are not enabled the malformed qname is handled correctly.
- More fixes in depth for buffer checks in 0x20 qname checks.
- Fix stub zone queries leaking to the internet for
  harden-referral-path ns checks.
- Fix query for refetch_glue of stub leaking to internet.
- Fix #1301: memory leak in respip and tests.
- Free callback in edns-subnetmod on exit and restart.
- Fix memory leak in sldns_buffer_new_frm_data.
- Fix memory leak in dnscrypt config read.
- Fix dnscrypt chacha cert support ifdefs.
- Fix dnscrypt chacha cert unit test escapes in grep.
- Fix to unlock view in view test.
- Fix warning in pythonmod under clang compiler.
- Fix lintian typo.
- Fix #1316: heap read buffer overflow in parse_edns_options.
Comment 3 Danilo G. Baio freebsd_committer 2017-07-12 14:26:24 UTC
You can set maintainer-approval to + on attachments for ports you are MAINTAINER of.
Thank you.
Comment 4 commit-hook freebsd_committer 2017-07-12 22:45:04 UTC
A commit references this bug:

Author: dbaio
Date: Wed Jul 12 22:44:54 UTC 2017
New revision: 445613
URL: https://svnweb.freebsd.org/changeset/ports/445613

  dns/unbound: Update to 1.6.4

  Changes:	http://www.unbound.net/pipermail/unbound-users/2017-June/004818.html

  PR:		220673
  Submitted by:	jaap@NLnetLabs.nl (maintainer)
  Approved by:	garga (mentor, implicit)

Comment 5 Danilo G. Baio freebsd_committer 2017-07-12 22:47:41 UTC
Committed, thanks.