From nobody Fri Nov 10 13:46:29 2023 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SRg8k3blvz50s4R for ; Fri, 10 Nov 2023 13:46:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SRg8k0m5Mz4VCb for ; Fri, 10 Nov 2023 13:46:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1699623990; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7FAVNF4Cn51bhMfqVWCe64ks981qkIzDhUOazhZTZ8A=; b=YSJ7vY7VMMPqMSQQmg4ddT0/InK3jAV0sANVSKlgXuo6CrRqhWHgY/tq6DyM14ocxjX3iw NVXDhb/TL4KkdOHRr7DjSvXAAvDleUVibRdPiGtE7k54nNMjJzCCf/eUY8MtpypWlmav+9 YUMHS+Nq56c/JGwrDR8isYGfOmLymF1qrSr82m/3jxlCuQG58pTsvmRi9EV3vt4AWe+oBn ZXW1wr/J+6QExnHLr1w//TZezmZQMXvfiKLyZG3wZcWemU2ftsTHrFAXrHFBEo3iRYEsMn p+Gku/IgNr88L6R5UgUDn8dlo/WIuJG4YwOTy1xilO3CIdTdZQ/Y9G5pZ0N58A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1699623990; a=rsa-sha256; cv=none; b=eh4cqsgmJOcz9ht6nqQwPR6N9V/ekQdxtvhyp4pBGfmLSYJoXXrNou+vZonfM44x9V2PJG TLP472tFj7cs780zKL+mCdB4hh0HFsPemhYAbA+Ld1EU6W9PFv9c9s3GKeHjBC0DyAVSZT amkETau2CKAV+qGcg+5NKYVtIC1Dvsqd0tIOAroORkxbnuKnItIJwQSWueVOxggF+m+2W6 xsilrr/98iZK3LuWekupG7qoS0lZzH+SJVn2/Y/mz7dIHS0+8+hDBKVEt9cK6UyJt4qyPv KufS3Mu7mZagnDBCq60kxasSIfb5gGb9Uupfc5kKaN7k7BxSUIUbE0DFujoM+A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SRg8j6qrrz10qB for ; Fri, 10 Nov 2023 13:46:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3AADkTVw035896 for ; Fri, 10 Nov 2023 13:46:29 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3AADkTgc035894 for ports-bugs@FreeBSD.org; Fri, 10 Nov 2023 13:46:29 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 275012] dns/unbound: Update to 1.19.0 Date: Fri, 10 Nov 2023 13:46:29 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jaap@NLnetLabs.nl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275012 Bug ID: 275012 Summary: dns/unbound: Update to 1.19.0 Product: Ports & Packages Version: Latest Hardware: Any URL: https://nlnetlabs.nl/news/2023/Nov/08/unbound-1.19.0-r eleased/ OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #246234 maintainer-approval+ Flags: Created attachment 246234 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D246234&action= =3Dedit patch to update This release fixes a number of bugs, and adds some smaller features. The redis-logical-db option and cachedb-no-store option can be used for cachedb configuration. The disable-edns-do option can be used for working around broken network parts. For DNS64 there is fallback to plain AAAA when no A record exists. There is a bug fix that when the UDP interface keeps returning that sending is not possible, unbound does not loop endlessly and waits for the condition to go away. Resource records of type A and AAAA that are an inappropriate length are removed from responses. This hardens against bad content. Features - Fix #850: [FR] Ability to use specific database in Redis, with new redis-logical-db configuration option. - Merge #944: Disable EDNS DO. Disable the EDNS DO flag in upstream requests. This can be helpful for devices that cannot handle DNSSEC information. But it should not be enabled otherwise, because that would stop DNSSEC validation. The DNSSEC validation would not work for Unbound itself, and also not for downstream users. Default is no. The option is disable-edns-do: no - Expose the script filename in the Python module environment 'mod_env' instead of the config_file structure which includes the linked list of scripts in a multi Python module setup; fixes #79. - Expose the configured listening and outgoing interfaces, if any, as a list of strings in the Python 'config_file' class instead of the current Swig object proxy; fixes #79. - Mailing list patches from Daniel Gr=C3=B6ber for DNS64 fallback to plain AAAA when no A record exists for synthesis, and minor DNS64 code refactoring for better readability. - Merge #951: Cachedb no store. The cachedb-no-store: yes option is used to stop cachedb from writing messages to the backend storage. It reads messages when data is available from the backend. The default is no. Bug Fixes - Fix for version generation race condition that ignored changes. - Fix #942: 1.18.0 libunbound DNS regression when built without OpenSSL. - Fix for WKS call to getservbyname that creates allocation on exit in unit test by testing numbers first and testing from the services list later. - Fix autoconf 2.69 warnings in configure. - Fix #927: unbound 1.18.0 make test error. Fix make test without SHA1. - Merge #931: Prevent warnings from -Wmissing-prototypes. - Fix to scrub resource records of type A and AAAA that have an inappropriate size. They are removed from responses. - Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. - Fix to add EDE text when RRs have been removed due to length. - Fix to set ede match in unit test for rr length removal. - Fix to print EDE text in readable form in output logs. - Fix send of udp retries when ENOBUFS is returned. It stops looping and also waits for the condition to go away. Reported by Florian Obser. - Fix authority zone answers for obscured DNAMEs and delegations. - Merge #936: Check for c99 with autoconf versions prior to 2.70. - Fix to remove two c99 notations. - Fix rpz tcp-only action with rpz triggers nsdname and nsip. - Fix misplaced comment. - Merge #881: Generalise the proxy protocol code. - Fix #946: Forwarder returns servfail on upstream response noerror no data. - Fix edns subnet so that queries with a source prefix of zero cause the recursor send no edns subnet option to the upstream. - Fix that printout of EDNS options shows the EDNS cookie option by name. - Fix infinite loop when reading multiple lines of input on a broken remote control socket. Addesses #947 and #948. - Fix #949: "could not create control compt". - Fix that cachedb does not warn when serve-expired is disabled about use of serve-expired-reply-ttl and serve-expired-client-timeout. - Fix for #949: Fix pythonmod/ubmodule-tst.py for Python 3.x. - Better fix for infinite loop when reading multiple lines of input on a broken remote control socket, by treating a zero byte line the same as transmission end. Addesses #947 and #948. - For multi Python module setups, clean previously parsed module functions in __main__'s dictionary, if any, so that only current module functions are registered. - Fix #954: Inconsistent RPZ handling for A record returned along with CNAME. - Fixes for the DNS64 patches. - Update the dns64_lookup.rpl test for the DNS64 fallback patch. - Merge #955 from buevsan: fix ipset wrong behavior. - Update testdata/ipset.tdir test for ipset fix. - Fix to print detailed errors when an SSL IO routine fails via SSL_get_error. - Clearer configure text for missing protobuf-c development libraries. - autoconf. - Merge #930 from Stuart Henderson: add void to log_ident_revert_to_default declaration. - Fix #941: dnscrypt doesn't work after upgrade to 1.18 with suggestion by dukeartem to also fix the udp_ancil with dnscrypt. - Fix SSL compile failure for definition in log_crypto_err_io_code_arg. - Fix SSL compile failure for other missing definitions in log_crypto_err_io_code_arg. - Fix compilation without openssl, remove unused function warning. - Mention flex and bison in README.md when building from repository source. --=20 You are receiving this mail because: You are the assignee for the bug.=