Date: Thu, 21 Jun 2018 13:00:07 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 229202] [MAINTAINER] dns/unbound upgrade to 1.7.3 Message-ID: <bug-229202-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229202 Bug ID: 229202 Summary: [MAINTAINER] dns/unbound upgrade to 1.7.3 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Created attachment 194453 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D194453&action= =3Dedit patch to upgrade This release fixes a bug in qname minimisation, from 1.7.1, that double counts CNAMEs and this causes resolution failures because the maximum CNAME count is hit. This caught attention because since 1.7.2 qname minimisation is enabled by default. For a local name unix pipe unbound-control setup, with the pathname of the socket configured in control-interface, Unbound now uses an unencrypted connection. Permissions can be configured by setting them on the directory the file is in, unbound creates the file with permissions that allow members of the group of the user that is configured unbound.conf access. This fix is also part of NSD nsd-control. Compared to the 1.7.3rc2 there are a couple of Windows unbound-control related fixes in 1.7.3. Features - #4102 for NSD, but for Unbound. Named unix pipes do not use certificate and key files, access can be restricted with file and directory permissions. The option control-use-cert is no longer used, and ignored if found in unbound.conf. - Rename tls-additional-ports to tls-additional-port, because every line adds one port. Bug Fixes - Don't count CNAME response types received during qname minimisation as query restart. - #4100: Fix stub reprime when it becomes useless. - Fix crash if ratelimit taken into use with unbound-control instead of with unbound.conf. - Patch to fix openwrt for mac os build darwin detection in configure. - #4103: Fix that auth-zone does not insist on SOA record first in file for url downloads. - Fix that first control-interface determines if TLS is used. Warn when IP address interfaces are used without TLS. - Fix that control-use-cert: no works for 127.0.0.1 to disable certs. - Fix unbound-checkconf for control-use-cert. - Fix for unbound-control on Windows and set TCP socket parameters more closely. - Fix windows unbound-control no cert bad file descriptor error. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-229202-7788>