./net/unbound, DNS resolver and recursive server

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2022Q2, Version: 1.16.2, Package name: unbound-1.16.2, Maintainer: pettai

Unbound is an implementation of a DNS resolver. It provides a library
similiar to libresolv that can be used for synchronous and asynchronous
DNS lookups. It also provides a caching-only (recursive) DNS server.

Unbound has full support for IPv6 and DNSSEC validation,
DNS-over-TLS and DNS-over-HTTPS.



Package options: doh

Master sites:

Filesize: 6058.884 KB

Version history: (Expand)

CVS history: (Expand)


   2022-08-27 17:50:45 by S.P.Zeidler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #6666 - requested by khorben
net/unbound: security update

Revisions pulled up:
- net/unbound/Makefile                                          1.93,1.92
- net/unbound/distinfo                                          1.71,1.70

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   he
   Date:           Mon Aug  1 12:38:46 UTC 2022

   Modified Files:
           pkgsrc/net/unbound: Makefile distinfo

   Log message:
   Update net/unbound to version 1.16.2.

   Pkgsrc changes:
    * none, other than checksums.

   Upstream changes:

   Features
   - Merge #718: Introduce infra-cache-max-rtt option to config max
     retransmit timeout.

   Bug Fixes
   - Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
   - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
     one loop pass'.
   - Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
     outbound tcp sockets.
   - Fix verbose EDE error printout.
   - Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
   - For windows crosscompile, fix setting the IPV6_MTU socket option
     equivalent (IPV6_USER_MTU); allows cross compiling with latest
     cross-compiler versions.
   - Merge PR 714: Avoid treat normal hosts as unresponsive servers.
     And fixup the lock code.
   - iana portlist update.
   - Update documentation for 'outbound-msg-retry:'.
   - Tests for ghost domain fixes.

   To generate a diff of this commit:
   cvs rdiff -u -r1.92 -r1.93 pkgsrc/net/unbound/Makefile
   cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/unbound/distinfo

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   he
   Date:           Mon Jul 11 15:02:05 UTC 2022

   Modified Files:
           pkgsrc/net/unbound: Makefile distinfo

   Log message:
   Update net/unbound to version 1.16.1.

   Pkgsrc changes:
    * none, other than checksums.

   Upstream changes:

   Features
   - Fix #704: [FR] Statistics counter for number of outgoing UDP queries
     sent; introduces 'num.query.udpout' to the 'unbound-control stats'
     command.

   Bug Fixes
   - makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
   - Fix for edns client subnet to respect not looking in its cache when
     instructed to do so (e.g., prefetch).
   - Merge PR #688: Rpz url notify issue.
   - Note in the unbound.conf text that NOTIFY is allowed from the url:
     addresses for auth and rpz zones.
   - Remove unused LDNS function check for GOST Engine unloading.
   - Fix for loading locally stored zones that have lines with blanks or
     blanks and comments.
   - Fix #663: use after free issue with edns options.
   - Clarify -v flag manpage entry (#705)
   - Fix test program dohclient close to use portability routine.
   - Show the output of the exact .rpl run that failed with 'make test'.
   - Fix for cached 0 TTL records to not trigger prefetching when
     serve-expired-client-timeout is set.
   - Add debug option to the mini_tdir.sh test code.
   - Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
   - Allow fallback to the parent side when MAX_TARGET_NX is reached.
     This will also allow MAX_TARGET_NX more NXDOMAINs.
   - iana portlist update.
   - Fix detection of libz on windows compile with static option.
   - Fix compile warning for windows compile.
   - Merge PR #706: NXNS fallback.
   - From #706: Cached NXDOMAIN does not increase the target nx
     responses.
   - From #706: Don't generate parent side queries if we already
     have the lame records in cache.
   - From #706: When a lame address is the best choice, don't try to
     generate target queries when the missing targets are all lame.
   - Merge PR #671 from Petr Men\u0161�k: Disable ED25519 and ED448 in FIPS
     mode on openssl3.
   - Merge PR #660 from Petr Men\u0161�k: Sha1 runtime insecure.
   - For #660: formatting, less verbose logging, add EDE information.
   - Fix for correct openssl error when adding windows CA certificates to
     the openssl trust store.
   - Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
   - Reintroduce documentation and more EDE support for
     val_sigcrypt.c::dnskeyset_verify_rrset_sig.
   - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
     one loop pass'.
   - Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
     outbound tcp sockets.

   To generate a diff of this commit:
   cvs rdiff -u -r1.91 -r1.92 pkgsrc/net/unbound/Makefile
   cvs rdiff -u -r1.69 -r1.70 pkgsrc/net/unbound/distinfo