Bug 229202 - [MAINTAINER] dns/unbound upgrade to 1.7.3
Summary: [MAINTAINER] dns/unbound upgrade to 1.7.3
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Sunpoet Po-Chuan Hsieh
Depends on:
Reported: 2018-06-21 13:00 UTC by Jaap Akkerhuis
Modified: 2018-06-21 21:13 UTC (History)
0 users

See Also:

patch to upgrade (1.21 KB, patch)
2018-06-21 13:00 UTC, Jaap Akkerhuis
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jaap Akkerhuis 2018-06-21 13:00:07 UTC
Created attachment 194453 [details]
patch to upgrade

This release fixes a bug in qname minimisation, from 1.7.1, that double
counts CNAMEs and this causes resolution failures because the maximum
CNAME count is hit.  This caught attention because since 1.7.2 qname
minimisation is enabled by default.

For a local name unix pipe unbound-control setup, with the pathname of
the socket configured in control-interface, Unbound now uses an
unencrypted connection.  Permissions can be configured by setting them
on the directory the file is in, unbound creates the file with
permissions that allow members of the group of the user that is
configured unbound.conf access.  This fix is also part of NSD nsd-control.
Compared to the 1.7.3rc2 there are a couple of Windows unbound-control
related fixes in 1.7.3.
- #4102 for NSD, but for Unbound.  Named unix pipes do not use
  certificate and key files, access can be restricted with file and
  directory permissions.  The option control-use-cert is no longer
  used, and ignored if found in unbound.conf.
- Rename tls-additional-ports to tls-additional-port, because every
  line adds one port.
Bug Fixes
- Don't count CNAME response types received during qname minimisation
  as query restart.
- #4100: Fix stub reprime when it becomes useless.
- Fix crash if ratelimit taken into use with unbound-control
  instead of with unbound.conf.
- Patch to fix openwrt for mac os build darwin detection in configure.
- #4103: Fix that auth-zone does not insist on SOA record first in
  file for url downloads.
- Fix that first control-interface determines if TLS is used.  Warn
  when IP address interfaces are used without TLS.
- Fix that control-use-cert: no works for to disable certs.
- Fix unbound-checkconf for control-use-cert.
- Fix for unbound-control on Windows and set TCP socket parameters
  more closely.
- Fix windows unbound-control no cert bad file descriptor error.
Comment 1 Sunpoet Po-Chuan Hsieh freebsd_committer 2018-06-21 21:12:16 UTC
Committed. Thanks!
Comment 2 commit-hook freebsd_committer 2018-06-21 21:13:05 UTC
A commit references this bug:

Author: sunpoet
Date: Thu Jun 21 21:12:11 UTC 2018
New revision: 473002
URL: https://svnweb.freebsd.org/changeset/ports/473002

  Update to 1.7.3

  Changes:	https://www.nlnetlabs.nl/svn/unbound/tags/release-1.7.3/doc/Changelog
  PR:		229202
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)