Date: Mon, 11 Jun 2018 12:20:48 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 228889] [MAINTAINER] dns/unbound upgrade to 1.7.2 Message-ID: <bug-228889-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228889 Bug ID: 228889 Summary: [MAINTAINER] dns/unbound upgrade to 1.7.2 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #194164 maintainer-approval+ Flags: Created attachment 194164 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D194164&action= =3Dedit patch to upgrade This release fixes bugs in DNS-over-TLS for windows, and adds the option for windows users to use the CA certificates from the Windows cert stores, tls-win-cert: yes in unbound.conf. The code has been updated with a speed up that improves performance for large numbers of incoming TCP and TLS connections. There is an option to allow to ignore an unset RD bit for access control subnets and always allow recursion to the request. Windows unbound 1.7.2 download links, 64 and then 32bit: https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2.zip https://www.nlnetlabs.nl/downloads/unbound/unbound_setup_1.7.2.exe https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2-w32.zip https://www.nlnetlabs.nl/downloads/unbound/unbound_setup_1.7.2-w32.exe And .asc pgp signatures. Features: - Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand. - Qname minimisation default changed to yes. - Use accept4 to speed up incoming TCP (and TLS) connections, available on Linux, FreeBSD and OpenBSD. - tls-win-cert option that adds the system certificate store for authenticating DNS-over-TLS connections. It can be used instead of the tls-cert-bundle option, or with it to add certificates. - Patch from Syzdek: Add ability to ignore RD bit and treat all requests as if the RD bit is set. - Rename additional-tls-port to tls-additional-ports. The older name is accepted for backwards compatibility. Bug fixes: - Fix for crash in daemon_cleanup with dnstap during reload, from Saksham Manchanda. - Also that for dnscrypt. - Fix spelling error in man page and note defaults as no instead of off. - Fix that unbound-control reload frees the rrset keys and returns the memory pages to the system. - Fix fail to reject dead peers in forward-zone, with ssl-upstream. - Fix that configure --with-libhiredis also turns on cachedb. - Fix gcc 8 buffer warning in testcode. - Fix function type cast warning in libunbound context callback type. - Fix windows to not have sticky TLS events for TCP. - Fix read of DNS over TLS length and data in one read call. - Fix mesh state assertion failure due to callback removal. - Fix contrib/libunbound.pc for libssl libcrypto references, from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226914 - Fix that libunbound can do DNS-over-TLS, when configured. - Fix that windows unbound service can use DNS-over-TLS. - unbound-host initializes ssl (for potential DNS-over-TLS usage inside libunbound), when ssl upstream or a cert-bundle is configured. - For TCP and TLS connections that don't establish, perform address update in infra cache, so future selections can exclude them. - Fix that tcp sticky events are removed for closed fd on windows. - Fix close events for tcp only. - Fix windows tcp and tls spin on events. - Add routine from getdns to add windows cert store to the SSL_CTX. - in compat/arc4random call getentropy_urandom when getentropy fails with ENOSYS. - Fix that fallback for windows port. - Fix deadlock caused by incoming notify for auth-zone. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-228889-7788>