From nobody Tue Dec 14 21:08:28 2021 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3AC0F18DF294 for ; Tue, 14 Dec 2021 21:08:28 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JD9vv6q3Yz3jS1 for ; Tue, 14 Dec 2021 21:08:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CA97976FE for ; Tue, 14 Dec 2021 21:08:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 1BEL8Ro6039750 for ; Tue, 14 Dec 2021 21:08:27 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 1BEL8RmP039749 for ports-bugs@FreeBSD.org; Tue, 14 Dec 2021 21:08:27 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 260417] [PATCH] dns/unbound: update to 1.14.0 Date: Tue, 14 Dec 2021 21:08:28 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: DUPLICATE X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1639516108; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3VzkQh8+lnDz7lCMx/N1he5tyc/9aJkxZmTF3wGrB6w=; b=tp0+P6vBosV0YD0Dmp3ngaANaDQUnLyw+fW2d+7hrmsa0rvYy9OcH2Vr2b8o7zNAu1akX4 Vi1D3HFqbAZYKbRPp+LWvGHn97zVxvcvPCzaFFfpONBCSNvEitiJZx5WS1uwLKg5fiVSXZ +wheZUpFvIa1lb1Ri1GOV6B9F9QzdIC5pa+kG2vqk6XTsPd9QYH5OMPrz84KPPJWTMzK+A zQuk+NNkq7t8aevmQz/59IVlClc0dpKr3MhaLCs8V6kv4omw6RwbCCalSQKY5aRpKaRBWW u+AJBqajE1CzNVdafm7qUvA7tU9kB+/7gGB/4dox5uEb9w01NjKpg4uJP2bYsg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1639516108; a=rsa-sha256; cv=none; b=nVQ0uQxYFH9stmihkZiNLhJEt+ja2ixc1b0n2BYF4B5hunIjskP1V7zUV9XU5cE57B4UwE FDMuGvhp37gU55h3ASaSQYdrMdniEn2RwADLppgb2A3h2i5lEZ7cQsFgOlVYjx7s6VS6jd 8XSR2bAUjvFmOY8cKlgO9r4FApXDyAZJPNmV8GY6SLz+cO2FP8zIfAu48KJ4U0Xa2VqWgX vXq4OLelh6DVrsoIOzynxzkpFZtBcIi/yROhyBMyiLuyhP6Wb7Sm2dZdeoN+oTqkurYvXH trTAlcviiLXHc1zxoBFqgxzGd/S23zvjL26IaOL54FH/uKioxYBzQDNXqWTMyg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260417 --- Comment #3 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3D0d90eb78507a50feb81110aeca63e11= 8761f5a07 commit 0d90eb78507a50feb81110aeca63e118761f5a07 Author: Jaap Akkerhuis AuthorDate: 2021-12-14 21:00:58 +0000 Commit: Cy Schubert CommitDate: 2021-12-14 21:06:00 +0000 dns/unbound: Update to 1.14.0 Changelog: This release contains bug fixes and a full set of RPZ triggers and actions that are supported. This works with RPZ zones, configured with `rpz:`. It is possible to selectively enable use of TCP for stub zones and forward zones, without having enable it server wide, by enabling it with the `stub-tcp-upstream: yes` and `forward-tcp-upstream: yes` optio= ns. The added contrib/Dockerfile.tests from ziollek can be used to setup a Docker environment to run tests in. The documentation is in the doc/README.tests file. If openssl it installed with different versions, you can set the location as `--with-ssl=3D/usr/include/openssl11` and it then detects t= he use of the lib dir split off in /usr/lib64/openssl11 with regex. This is useful if to pass to configure if openssl is installed in such a manner. The option `outbound-msg-retry` can be used to select the number of retries when a non-positive response is received. It is best left at default, but when the upstream is known to not need retries, it can be lowered, because in that case the upstream is performing the retry for non-positive responses. The domain `home.arpa.` is set by default as blocked, as per RFC8375. If you want to use it, unblock it with a local-zone nodefault statement, or use another type of local-zone to override it with your choice. In the config it is possible to enter IPv6 scope-id values with interface names, instead of a number, for link-local addresses. Features - Merge #401: RPZ triggers. This add additional RPZ triggers, unbound supports a full set of rpz triggers, and this now includes nsdname, nsip and clientip triggers. Also actions are fully supported, and this now includes the tcp-only action. - Merge #519: Support for selective enabling tcp-upstream for stub/forward zones. - Merge PR #514, from ziollek: Docker environment for run tests. - Support using system-wide crypto policies. - Fix that --with-ssl can use "/usr/include/openssl11" to pass the location of a different openssl version. - Merged #41 from Moritz Schneider: made outbound-msg-retry configurable. - Implement RFC8375: Special-Use Domain 'home.arpa.'. - Merge PR #555 from fobser: Allow interface names as scope-id in IPv6 link-local addresses. Bug Fixes - Add test tool readzone to .gitignore. - Merge #521: Update mini_event.c. - Merge #523: fix: free() call more than once with the same pointer. - For #519: note stub-tcp-upstream and forward-tcp-upstream in the example configuration file. - For #519: yacc and lex. And fix python bindings, and test program unbound-dnstap-socket. - For #519: fix comments for doxygen. - Fix to print error from unbound-anchor for writing to the key file, also when not verbose. - For #514: generate configure. - Fix for #431: Squelch permission denied errors for udp connect, and udp send, they are visible at higher verbosity settings. - Fix zonemd verification of key that is not in DNS but in the zone and needs a chain of trust. - zonemd, fix order of bogus printout string manipulation. - Fix to support harden-algo-downgrade for ZONEMD dnssec checks. - Merge PR #528 from fobser: Make sldns_str2wire_svcparam_buf() static. - Fix #527: not sending quad9 cert to syslog (and may be more). - Fix sed script in ssldir split handling. - Fix #529: Fix: log_assert does nothing if UNBOUND_DEBUG is undefined. - Fix #531: Fix: passed to proc after free. - Fix #536: error: RPZ: name of record (drop.spamhaus.org.rpz.local.) to insert into RPZ. - Fix the stream wait stream_wait_count_lock and http2 buffer locks setup and desetup from race condition. - Fix RPZ locks. Do not unlock zones lock if requested and rpz find zone does not find the zone. Readlock the clientip that is found for ipbased triggers. Unlock the nsdname zone lock when done. Unlock zone and ip in rpz nsip and nsdname callback. Unlock authzone and localzone if clientip found in rpz worker call. - Fix compile warning in libunbound for listen desetup routine. - Fix asynclook unit test for setup of lockchecks before log. - Fix #533: Negative responses get cached even when setting cache-max-negative-ttl: 1 - Fix tcp fastopen failure when disabled, try normal connect instead. - Fix #538: Fix subnetcache statistics. - Small fixes for #41: changelog, conflicts resolved, processQueryResponse takes an iterator env argument like other functions in the iterator, no colon in string for set_option, and some whitespace style, to make it similar to the rest. - Fix for #41: change outbound retry to int to fix signed comparison warnings. - Fix root_anchor test to check with new icannbundle date. - Fix initialisation errors reported by gcc sanitizer. - Fix lock debug code for gcc sanitizer reports. - Fix more initialisation errors reported by gcc sanitizer. - Fix crosscompile on windows to work with openssl 3.0.0 the link with ws2_32 needs -l:libssp.a for __strcpy_chk. Also copy results from lib64 directory if needed. - For crosscompile on windows, detect 64bit stackprotector library. - Fix crosscompile shell syntax. - Fix crosscompile windows to use libssp when it exists. - For the windows compile script disable gost. - Fix that on windows, use BIO_set_callback_ex instead of deprecated BIO_set_callback. - Fix crosscompile script for the shared build flags. - Fix to add example.conf note for outbound-msg-retry. - Fix chaos replies to have truncation for short message lengths, or long reply strings. - Fix to protect custom regional create against small values. - Fix #552: Unbound assumes index.html exists on RPZ host. - Fix that forward-zone name is documented as the full name of the zone. It is not relative but a fully qualified domain name. - Fix analyzer review failure in rpz action override code to not crash on unlocking the local zone lock. - Fix to remove unused code from rpz resolve client and action function. - Merge #565: unbound.service.in: Disable ProtectKernelTunables again. - Fix for #558: fix loop in comm_point->tcp_free when a comm_point is reclaimed more than once during callbacks. - Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event. - Improve EDNS option handling, now also works for synthesised responses such as local-data and server.id CH TXT responses. - Merge PR #570 from rex4539: Fix typos. - Fix for #570: regen aclocal.m4, fix configure.ac for spelling. - Fix to make python module opt_list use opt_list_in. - Fix #574: unbound-checkconf reports fatal error if interface names are used as value for interfaces: - Fix #574: Review fixes for it. - Fix #576: [FR] UB_* error codes in unbound.h - Fix #574: Review fix for spelling. - Fix to remove git tracking and ci information from release tarballs. - iana portlist update. - Merge PR #511 from yan12125: Reduce unnecessary linking. - Merge PR #493 from Jaap: Fix generation of libunbound.pc. - Merge PR #562 from Willem: Reset keepalive per new tcp session. - Merge PR #522 from sibeream: memory management violations fixed. - Merge PR #530 from Shchelk: Fix: dereferencing a null pointer. - Fix #454: listen_dnsport.c:825: error: =E2=80=98IPV6_TCLASS=E2=80=99 = undeclared. - Fix #574: Review fixes for size allocation. - Fix doc/unbound.doxygen to remove obsolete tag warning. PR: 260360, 260417 Reported by: Jaap Akkerhuis Submitted by: Jaap Akkerhuis dns/unbound/Makefile | 2 +- dns/unbound/distinfo | 6 +++--- dns/unbound/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=