From owner-freebsd-ports-bugs@freebsd.org Thu Oct 8 13:39:20 2020 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 288AC428C9A for ; Thu, 8 Oct 2020 13:39:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4C6XP40LWkz43SV for ; Thu, 8 Oct 2020 13:39:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 09DFE428C99; Thu, 8 Oct 2020 13:39:20 +0000 (UTC) Delivered-To: ports-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 09A0942885B for ; Thu, 8 Oct 2020 13:39:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C6XP36X7kz43NB for ; Thu, 8 Oct 2020 13:39:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BF6CE96D4 for ; Thu, 8 Oct 2020 13:39:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 098DdJ8L014702 for ; Thu, 8 Oct 2020 13:39:19 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 098DdJW6014701 for ports-bugs@FreeBSD.org; Thu, 8 Oct 2020 13:39:19 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 250199] dns/unbound: Update Unbound: to version 1.12.0 Date: Thu, 08 Oct 2020 13:39:19 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jaap@NLnetLabs.nl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Oct 2020 13:39:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D250199 Bug ID: 250199 Summary: dns/unbound: Update Unbound: to version 1.12.0 Product: Ports & Packages Version: Latest Hardware: Any URL: https://www.nlnetlabs.nl/projects/unbound/download/#un bound-1-12-0 OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #218609 maintainer-approval+ Flags: Created attachment 218609 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D218609&action= =3Dedit Patch to update This release contains the DNS Flag Day 2020 changes. This sets the default EDNS buffer size to 1232, that should reduce fragmentation. https://dnsflagday.net/2020/ There is inclusive language in the configuration. There is caps-exempt, ipsecmod-allow and primary server options for auth-zones. The older terms are accepted to keep configuration working. DNS-over-HTTPS is supported in this release. The DoH is enabled when Unbound is compiled with the nghttp2 library, with configure --with-libnghttp2. Then have an interface on the https port, that can be configured with the https-port option. Also have a cert and key available with the tls-service-key and tls-service-pem options. Further settings can be configured for the http-endpoint, http-max-streams, http-query-buffer-size, http-response-buffer-size and http-nodelay options. The max streams sets the maximum concurrent streams, the buffer size options the number of bytes in buffers, and the nodelay option can turn on TCP_NODELAY for DNS-over-HTTPS service. In the statistics the memory used is reported in mem.http.query_buffer and mem.http.response_buffer. The number of queries is reported in num.query.https, they are also included in the tcp and tls counts because https uses TLS and TCP. The DLV options and code to handle DLV lookups have been removed from the code base. The DLV repository is empty nowadays, it has been decommissioned. There is a new feature where it is possible to use interface names to bind to the IP addresses on that interface. It pulls in the addresses at the start of the server, if the addresses change, use the existing freebind and other socket options to register for addresses before they appear, or the interface-automatic option that copies them from queries to answers with ancillary data. There is a new option for the edns-tag draft specification. It can be enabled if you need the tentative implementation to add those tags to outgoing messages. Features - DNS Flag Day 2020: change edns-buffer-size default to 1232. - Merge PR #255: DNS-over-HTTPS support. - Use inclusive language in configuration - Merge PR #284 and Fix #246: Remove DLV entirely from Unbound. The DLV has been decommisioned and in unbound 1.5.4, in 2015, there was advise to stop using it. The current code base does not contain DLV code any more. The use of dlv options displays a warning. - Similar to NSD PR#113, implement that interface names can be used, eg. something like interface: eth0 is resolved at server start and uses the IP addresses for that named interface. - Merge PR #272: Add EDNS client tag functionality. - Add edns-client-tag-opcode option Bug Fixes - Merge PR #270 from cgzones: munin plugin: always exit 0 in autoconf - Merge PR #269, Fix python module len() implementations, by Torbj=C3=B6rn L=C3=B6nnemark - Merge PR #268, draft-ietf-dnsop-serve-stale-10 has become RFC 8767 on March 2020, by and0x000. - Fix doxygen comment for no ssl for tls session ticket key callback routine. - Fix mini_event.h on OpenBSD cannot find fd_set. - Improve error log message when inserting rpz RR. - Merge PR #280, Make tvOS & watchOS checks verify truthiness as well as definedness, by Felipe Gasper. - contrib/aaaa-filter-iterator.patch file renewed diff content to apply cleanly to the current coderepo for the current code version. - Fix #287: doc typo: "Additionaly". - Merge (modified) PR #277, use EVP_MAC_CTX_set_params if available, by V=C3=ADt=C4=9Bzslav =C4=8C=C3=AD=C5=BEek. - Create and init edns tags data for libunbound. - Fix stats double count issue (#289). - Fix that dnstap reconnects do not spam the log with the repeated attempts. Attempts on the timer are only logged on high verbosity, if they produce a connection failure error. - Fix to apply chroot to dnstap-socket-path, if chroot is enabled. - Change configure to use EVP_sha256 instead of HMAC_Update for openssl-3.0.0. - Update documentation in python example code. - Review fix interface, doxygen and assign null in case of error free. - Merge PR #293: Add missing prototype. Also refactor to use the new shorthand function to clean up the code. - Refactor to use sock_strerr shorthand function. - Fix #296: systemd nss-lookup.target is reached before unbound can successfully answer queries. Changed contrib/unbound.service.in. - Fix num.expired statistics output. - Remove x file mode on ipset/ipset.c and h files. - Spelling fix. - Introduce test for statistics. - Fix that prefer-ip4 and prefer-ip6 can be get and set with unbound-control, with libunbound and the unbound-checkconf option output function. - Merge PR #311 by luismerino: Dynlibmod leak. - Error message is logged for dynlibmod malloc failures. - iana portlist updated. - Fix #304: dnstap logging not recovering after dnstap process restarts - Fix edns-client-tags get_option typo - Fix #305: dnstap logging significantly affects unbound performance (regression in 1.11). - Fix #305: only wake up thread when threshold reached. - Fix to ifdef fptr wlist item for dnstap. - Fix memory leak of edns tags at libunbound context delete. - Fix double loopexit for unbound-dnstap-socket after sigterm. --=20 You are receiving this mail because: You are the assignee for the bug.=