pkgsrc.se | The NetBSD package collection

Subject: CVS commit: pkgsrc/net/unbound
From: Havard Eidnes
Date: 2019-03-12 13:13:08
Message id: 20190312121308.9F56FFB16@cvs.NetBSD.org
Log Message:
Update unbound to version 1.9.1

Upstream changes:

Features
- Add local-zone type inform_redirect, which logs like type inform,
  and redirects like type redirect.
- Perform canonical sort for 0x20 capsforid compare of replies,
  this sorts rrsets in the authority and additional section before
  comparison, so that out of order rrsets do not cause failure.
- Print query name with ip_ratelimit exceeded log lines.
  Spaces instead of tabs in that log message.
- Print query name and IP address when domain rate limit exceeded.

Bug Fixes
- Fix #4224: auth_xfr_notify.rpl test broken due to typo
- Fix locking for libunbound context setup with broken port config.
- Fix case in which query timeout can result in marking delegation
  as edns_lame_known.
- Set ub_ctx_set_tls call signature in ltrace config file for
  libunbound in contrib/libunbound.so.conf.
- improve documentation for tls-service-key and forward-first.
- #10: fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of
  conditional section, fixes systemd builds, from Enrico Scholz.
- #9: For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,
  still supports the set_id_callback previous API.  And for 1.1.0
  no locking callbacks are needed.
- #8: Fix OpenSSL without ENGINE support compilation.
- Wipe TLS session key data from memory on exit.
- Fix that log-replies prints the correct name for local-alias
  names, for names that have a CNAME in local-data configuration.
  It logs the original query name, not the target of the CNAME.
- Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2.
- Fix that qname minimisation does not skip a label when missing
  nameserver targets need to be fetched.
- Fix #4225: clients seem to erroneously receive no answer with
  DNS-over-TLS and qname-minimisation.
- Note default for module-config in man page.
- Fix #13: Remove left-over requirements on OpenSSL >= 1.1.0 for
  cert name matching, from man page.
- Fix capsforid canonical sort qsort callback.
- Fix pythonmod include and sockaddr_un ifdefs for compile on
  Windows, and for libunbound.
- Fix the error for unknown module in module-config is understandable,
  and explains it was not compiled in and where to see the list.
- In example.conf explain where to put cachedb module in module-config.
- In man page and example config explain that most modules have to
  be listed at the start of module-config.
- Fix #4227: pair event del and add for libevent for tcp_req_info.
- Fix #4229: Unbound man pages lack information, about access-control
  order and local zone tags, and elements in views.
- Fix #14: contrib/unbound.init: Fix wrong comparison judgment
  before copying.
- Fix for python module on Windows, fix fopen.
- Remove memory leak on pythonmod python2 script file init.
- Remove swig gcc8 python function cast warnings, they are ignored.
- Print correct module that failed when module-config is wrong.
Files:
Revision	Action	file
1.65	modify	pkgsrc/net/unbound/Makefile
1.50	modify	pkgsrc/net/unbound/distinfo