Date: Thu, 15 Dec 2016 14:54:27 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 215322] [Maintainer] dns/unbound update to 1.6.0 Message-ID: <bug-215322-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D215322 Bug ID: 215322 Summary: [Maintainer] dns/unbound update to 1.6.0 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #177987 maintainer-approval+ Flags: Created attachment 177987 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D177987&action= =3Dedit Path to update to 1.6.0 Unbound 1.6.0 has a number of features and bugfixes. More extensible EDNS support. Views and local-zone tags provide for more feature rich filtering options, with CNAME support. SSL configuration features to turn on dns over tls for particular parts of the namespace. Features - Added generic EDNS code for registering known EDNS option codes, bypassing the cache response stage and uniquifying mesh states. Four EDNS option lists were added to module_qstate (module_qstate.edns_opts_*) to store EDNS options from/to front/back side. - Added two flags to module_qstate (no_cache_lookup, no_cache_store) that control the modules' cache interactions. - Added code for registering inplace callback functions. The registered functions can be called just before replying with local data or Chaos, replying from cache, replying with SERVFAIL, replying with a resolved query, sending a query to a nameserver. The functions can inspect the available data and maybe change response/query related data (i.e. append EDNS options). - Updated Python module for the above. - Updated Python documentation. - Added views functionality. - Added qname-minimisation-strict config option. - Patch that resolves CNAMEs entered in local-data conf statements that point to data on the internet, from Jinmei Tatuya (Infoblox). - serve-expired config option: serve expired responses with TTL 0. - .gitattributes line for githubs code language display. - log-identity: config option to set sys log identity, patch from "Robin H. Johnson" (robbat2@gentoo.org). - Added stub-ssl-upstream and forward-ssl-upstream options. - Added local-zones and local-data bulk addition and removal functionality in unbound-control (local_zones, local_zones_remove, local_datas and local_datas_remove). - g.root-servers.net has AAAA address. Bug Fixes - Fix #836: unbound could echo back EDNS options in an error response. - Fix #838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX. - Fix #839: Memory grows unexpectedly with large RPZ files. - Fix #840: infinite loop in unbound_munin_ plugin on unowned lockfile. - Fix #841: big local-zone's make it consume large amounts of memory. - Fix dnstap relaying "random" messages instead of resolver/forwarder responses, from Nikolay Edigaryev. - Fix Nits for 1.5.10 reported by Dag-Erling Smorgrav. - Fix #1117: spelling errors, from Robert Edmonds. - iana portlist update. - fix memoryleak logfile when in debug mode. - Re-fix #839 from view commit overwrite. - Fixup const void cast warning. - Removed patch comments from acllist.c and msgencode.c - Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf, from Jinmei Tatuya (Infoblox). - Fix #1125: unbound could reuse an answer packet incorrectly for clients with different EDNS parameters, from Jinmei Tatuya. - Fix #1118: libunbound.pc sets strange Libs, Libs.private values. - Added Requires line to libunbound.pc - Fix #1130: whitespace in example.conf.in more consistent. - suppress compile warning in lex files. - init lzt variable, for older gcc compiler warnings. - fix --enable-dsa to work, instead of copying ecdsa enable. - Fix DNSSEC validation of query type ANY with DNAME answers. - Fixup query_info local_alias init. - Ported tests for local_cname unit test to testbound framework. - Fix #1134: unbound-control set_option -- val-override-date: \-1 works immediately to ignore datetime, or back to 0 to enable it again. The -- is to ignore the '-1' as an option flag. - Patch for server.num.zero_ttl stats for count of expired replies, from Pavel Odintsov. - Fix failure to build on arm64 with no sbrk. - Set OpenSSL security level to 0 when using aNULL ciphers. - configure detects ssl security level API function in the autoconf manner. Every function on its own, so that other libraries (eg. LibreSSL) can develop their API without hindrance. - Fix #1154: segfault when reading config with duplicate zones. - Note that for harden-below-nxdomain the nxdomain must be secure, this means nsec3 with optout is insufficient. - Fix #1155: test status code of unbound-control in 04-checkconf, not the status code from the tee command. - Fix #1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing Underneath" for the harden-below-nxdomain option. - patch from Dag-Erling Smorgrav that removes code that relies on sbrk(). - Make access-control-tag-data RDATA absolute. This makes the RDATA origin consistent between local-data and access-control-tag-data. - Fix NSEC ENT wildcard check. Matching wildcard does not have to be a subdomain of the NSEC owner. - QNAME minimisation uses QTYPE=3DA, therefore always check cache for this type in harden-below-nxdomain functionality. - Added unit test for QNAME minimisation + harden below nxdomain synergy. - Fix that with openssl 1.1 control-use-cert: no uses less cpu, by using no encryption over the unix socket. - hyphen as minus fix, by Andreas Schulze - Fix #1170: document that 'inform' local-zone uses local-data. - Fix #1173: differ local-zone type deny from unset tag_actions element. - Add DSA support for OpenSSL 1.1.0 - Fix remote control without cert for LibreSSL - Fix downcast warnings from visual studio in sldns code. Best regards, Wouter --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-215322-13>