From owner-freebsd-ports-bugs@freebsd.org Wed Dec 5 09:37:39 2018 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A1952130C6E4 for ; Wed, 5 Dec 2018 09:37:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 38E108C7F8 for ; Wed, 5 Dec 2018 09:37:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id EA6B8130C6E1; Wed, 5 Dec 2018 09:37:38 +0000 (UTC) Delivered-To: ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C7E1D130C6E0 for ; Wed, 5 Dec 2018 09:37:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6407E8C7F4 for ; Wed, 5 Dec 2018 09:37:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 76776B7B3 for ; Wed, 5 Dec 2018 09:37:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id wB59bbdH052582 for ; Wed, 5 Dec 2018 09:37:37 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id wB59bbDS052581 for ports-bugs@FreeBSD.org; Wed, 5 Dec 2018 09:37:37 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 233796] [MAINTAINER] dns/unbound upgrade to 1.8.2 Date: Wed, 05 Dec 2018 09:37:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jaap@NLnetLabs.nl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Rspamd-Queue-Id: 38E108C7F8 X-Spamd-Result: default: False [0.37 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.53)[-0.533,0]; NEURAL_SPAM_LONG(0.03)[0.034,0]; ASN(0.00)[asn:10310, ipnet:2001:1900:2254::/48, country:US]; NEURAL_SPAM_SHORT(0.87)[0.867,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Dec 2018 09:37:40 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233796 Bug ID: 233796 Summary: [MAINTAINER] dns/unbound upgrade to 1.8.2 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Created attachment 199844 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D199844&action= =3Dedit Patch to upgrade The option so-reuseport is by default disabled on FreeBSD, but it has support to work on FreeBSD 12 with the REUSEPORT_LB variant, if enabled in unbound.conf. The python code in unbound supports python 3.6, but also python 2.7 works. The python module prints the python exceptions to the log, so that compatibility problems are more easy to troubleshoot. Fast server selection options are added that select from the fastest servers in the available set, with fast-server-num and fast-server-permil this can be turned on. When enabled the fastest servers are selected, instead of a random server. Randomness is good for poisoning prevention, but fast selection can result in faster roundtrips. The nameserver records in large returned negative responses are scrubbed out of the packet to avoid fragmentation based DNS cache poisoning, from a report from T.Suzuki. Main Changes The automated test set now has static code analysis of the source code, this is performed with the clang analyzer. There is a new option to deny ANY packets, with deny-any: yes in unbound.conf. The option unknown-server-time-limit can be used for cases behind a slow uplink to avoid multiple timeouts on every query to attain the necessary long timeout length for that uplink. Features - Add fast-server-permil and fast-server-num options. - Deprecate low-rtt and low-rtt-permil options. - Change fast-server-num default to 3. - Fix #4154: make ECS_MAX_TREESIZE configurable, with the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options. - Fix #4190: Please create a "ANY" deny option, adds the option deny-any: yes in unbound.conf. This responds with an empty message to queries of type ANY. - Fix #4126: RTT_band too low on VSAT links with 600+ms latency, adds the option unknown-server-time-limit to unbound.conf that can be increased to avoid the problem. - Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options. - Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes option in unbound.conf. - Add unbound-control view_local_datas command, like local_datas. Bug Fixes - dnscrypt.c removed sizeof to get array bounds. - Fix testlock code to set noreturn on error routine. - Remove unused variable from contrib fastrpz/rpz.c and remove unused diagnostic pragmas that themselves generate warnings - clang analyze test is used only when assertions are enabled. - Squelch EADDRNOTAVAIL errors when the interface goes away, this omits 'can't assign requested address' errors unless verbosity is set to a high value. - Set default for so-reuseport to no for FreeBSD. It is enabled by default for Linux and DragonFlyBSD. The setting can be configured in unbound.conf to override the default. - iana port update. - Squelch log of failed to tcp initiate after TCP Fastopen failure. - Fix #4192: unbound-control-setup generates keys not readable by group. - check that the dnstap socket file can be opened and exists, print error if not. - Add markdel function to ECS slabhash. - Limit ECS scope returned to client to the scope used for caching. - Fix #4191: NXDOMAIN vs SERVFAIL during dns64 PTR query. - Fix #4141: More randomness to rrset-roundrobin. - Fix #4132: Openness/closeness of RANGE intervals in rpl files. - remade makefile dependencies. - Fix #4152: Logs shows wrong time when using log-time-ascii: yes. - Scrub NS records from NXDOMAIN responses to stop fragmentation poisoning of the cache. - Scrub NS records from NODATA responses as well. - Add patch from Jan Vcelak for pythonmod, add sockaddr_storage getters, add support for query callbacks, allow raw address access via comm_reply and update API documentation. - Removed compile warnings in pythonmod sockaddr routines. - With ./configure --with-pyunbound --with-pythonmodule PYTHON_VERSION=3D3D3.6 or with 2.7 unbound can compile and unit tests succeed for the python module. - pythonmod logs the python error and traceback on failure. - ignore debug python module for test in doxygen output. - review fixes for python module. - Fix #4209: Crash in libunbound when called from getdns. - auth zone zonefiles can be in a chroot, the chroot directory components are removed before use. - Fix that empty zonefile means the zonefile is not set and not used. - Fix to not set GLOB_NOSORT so the unbound.conf include: files are sorted and in a predictable order. - Fix #4193: Fix that prefetch failure does not overwrite valid cache entry with SERVFAIL. - Fix DNS64 to not store intermediate results in cache, this avoids other threads from picking up the wrong data. The module restores the previous no_cache_store setting when the the module is finished. - Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work. - New and better fix for Fix #4193: Fix that prefetch failure does not overwrite valid cache entry with SERVFAIL. - auth-zone give SERVFAIL when expired, fallback activates when expired, and this is documented in the man page. - stat count SERVFAIL downstream auth-zone queries for expired zones. - Put new logos into windows installer. - Fix windows compile for new rrset roundrobin fix. - Update contrib fastrpz patch for latest release. - Fix chroot auth-zone fix to remove chroot prefix. - windows icon updated. --=20 You are receiving this mail because: You are the assignee for the bug.=