Log message:
unbound: fix buildlink3

Log message:
Update unbound to version 1.10.1.

Pkgsrc changes:
 * None.

Upstream changes:

This release fixes CVE-2020-12662 and CVE-2020-12663.

Bug Fixes:
- CVE-2020-12662 Unbound can be tricked into amplifying an incoming
  query into a large number of queries directed to a target.
- CVE-2020-12663 Malformed answers from upstream name servers can be
  used to make Unbound unresponsive.

Log message:
net/unbound: remove no-op SUBST block

The previously affected files are generated via autoconf now, inserting
the correct placeholders.

Log message:
Update unbound to version 1.10.0. (This time on the main CVS branch...)

Pkgsrc changes:
 * Adjust line numbers in patch.

Upstream changes:

The 1.10.0 release has RPZ support and serve stale functionality
according to draft draft-ietf-dnsop-serve-stale-10.  And a number of
other, smaller, features, and bug fixes.

The DNS Response Policy Zones (RPZ) functionality makes it possible
to express DNS response policies in a DNS zone. These zones can
be loaded from file or transferred over DNS zone transfers or
HTTP. The RPZ functionality in Unbound is implemented as specified in
draft-vixie-dnsop-dns-rpz-00. Only the QNAME and Response IP Address
triggers are supported. The supported RPZ actions are: NXDOMAIN, NODATA,
PASSTHRU, DROP and Local Data.

Enabling the respip module using `module-config` is required to use
RPZ. Each RPZ zone can be configured using the `rpz` clause. RPZ clauses
are applied in order of configuration.  Unbound can get the data from
zone transfer, a zonefile or https url, and more options are documented
in the man page.  A minimal RPZ configuration that will transfer the
RPZ zone using AXFR and IXFR can look like:

server:
  module-config: "respip validator iterator"

rpz:
  name: "rpz.example.com" # name of the policy zone
  master: 192.0.2.0	  # address of the name server to transfer from

The serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10 is now supported in unbound.
This allows unbound to first try and resolve a domain name before
replying with expired data from cache.  This differs from unbound's
initial serve-expired behavior which attempts to reply with expired
entries from cache without waiting for the actual resolution to finish.
Both behaviors are available and can be configured with the various
serve-expired-* configuration options.  serve-expired-client-timeout is
the option that enables one or the other.

The DSA algorithms have been disabled by default, this is because of
RFC 8624.

There is a crash fix in the parse of text of type WKS, reported by
X41 D-Sec.

In addition, neg and key caches can be shared with multiple
libunbound contexts, a change that assists unwind.  The
contrib/unbound_portable.service provides a systemd start file for a
portable setup.  The configure --with-libbsd option allows the use
of the bsd compatibility library so that it can use the arc4random
from it.  The stats in contrib/unbound_munin_ have num.query.tls and
num.query.tls.resume added to them.  For unbound-control the command
view_local_datas_remove is added that removes data from a view.

Features:
- Merge RPZ support into master. Only QNAME and Response IP triggers are
  supported.
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Merge #135 from Florian Obser: Use passed in neg and key cache
  if non-NULL.
- Fix #153: Disable validation for DSA algorithms.  RFC 8624 compliance.
- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
  and Frzk.  Updates the unbound.service systemd file and adds a portable
  systemd service file.
- Merge PR#154; Allow use of libbsd functions with configure option
  --with-libbsd. By Robert Edmonds and Steven Chamberlain.
- Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai.
- Merge PR#156 from Alexander Berkes; Added unbound-control
  view_local_datas_remove command.

Bug Fixes:
- Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by
  Florian Obser
- Update mailing list URL.
- Fix #140: Document slave not downloading new zonefile upon update.
- Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD.
  The dl_iterate_phdr() function introduced in newer versions raises
  compilation errors on solaris 10.
- Changes to compat/getentropy_solaris.c for,
  ifdef stdint.h inclusion for older systems.  ifdef sha2.h inclusion
  for older systems.
- Fix 'make test' to work for --disable-sha1 configure option.
- Fix out-of-bounds null-byte write in sldns_bget_token_par while
  parsing type WKS, reported by Luis Merino from X41 D-Sec.
- Updated sldns_bget_token_par fix for also space for the zero
  delimiter after the character.  And update for more spare space.
- Fix #138: stop binding pidfile inside chroot dir in systemd service
  file.
- Fix the relationship between serve-expired and prefetch options,
  patch from Saksham Manchanda from Secure64.
- Fix unreachable code in ssl set options code.
- Removed the dnscrypt_queries and dnscrypt_queries_chacha tests,
  because dnscrypt-proxy (2.0.36) does not support the test setup
  any more, and also the config file format does not seem to have the
  appropriate keys to recreate that setup.
- Fix crash after reload where a stats lookup could reference old key
  cache and neg cache structures.
- Fix for memory leak when edns subnet config options are read when
  compiled without edns subnet support.
- Fix auth zone support for NSEC3 records without salt.
- Merge PR#150 from Frzk: Systemd unit without chroot.  It add
  contrib/unbound_nochroot.service.in, a systemd file for use with
  chroot: "", see comments in the file, it uses systemd protections
  instead.  It was superceded by #151, the unbound_portable.service
  file.
- Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes
  to Libs/Requires for crypto library dependencies.
- iana portlist updated.
- Fix to silence the tls handshake errors for broken pipe and reset
  by peer, unless verbosity is set to 2 or higher.
- Merge PR#147; change rfc reference for reserved top level dns names.
- Fix #157: undefined reference to `htobe64'.
- Fix subnet tests for disabled DSA algorithm by default.
- Update contrib/fastrpz.patch for clean diff with current code.
- updated .gitignore for added contrib file.
- Add build rule for ipset to Makefile
- Add getentropy_freebsd.o to Makefile dependencies.
- Fix memory leak in error condition remote.c
- Fix double free in error condition view.c
- Fix memory leak in do_auth_zone_transfer on success
- Stop working on socket when socket() call returns an error.
- Check malloc return values in TLS session ticket code
- Fix fclose on error in TLS session ticket code.
- Add assertion to please static analyzer
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
- Fix num_reply_addr counting in mesh and tcp drop due to size
  after serve_stale commit.
- Fix to create and destroy rpz_lock in auth_zones structure.
- Fix to lock zone before adding rpz qname trigger.
- Fix to lock and release once in mesh_serve_expired_lookup.
- Fix to put braces around empty if body when threading is disabled.
- Fix num_reply_states and num_detached_states counting with
  serve_expired_callback.
- Cleaner code in mesh_serve_expired_lookup.
- Document in unbound.conf manpage that configuration clauses can be
  repeated in the configuration file.
- Document 'ub_result.was_ratelimited' in libunbound.
- Fix use after free on log-identity after a reload; Fixes #163.
- Fix with libnettle make test with dsa disabled.
- Fix contrib/fastrpz.patch to apply cleanly.  Fix for serve-stale
  fixes, but it does not compile, conflicts with new rpz code.
- Fix to clean memory leak of respip_addr.lock when ip_tree deleted.
- Fix compile warning when threads disabled.

Log message:
*: Recursive revision bump for openssl 1.1.1.

Log message:
Update unbound to version 1.9.6

Pkgsrc changes:
 * Remove now integrated patch.

Upstream changes:

This release contains a number of security related fixes, contributed by
X41 D-Sec. They have conducted a security audit of Unbound, funded by
OSTIF. The previous CVEs fixed in 1.9.4 and 1.9.5 were the most
important ones, less important fixes and side findings for more robust
code have been included in this release, alongside a normal number of
bug fixes.

The sort order for included config snippets is now ascending by name, it
previously was reversed due to an oversight.  Most config snippets do
not depend on the order as they add a stub or forward zone or some
server: section config entries.

Features:
- The unbound.conf includes are sorted ascending, for include
  statements with a '*' from glob.
- drop-tld.diff in contrib/ : adds option drop-tld: yesno that drops 2 label
  queries, to stop random floods.  Apply with
  patch -p1 < contrib/drop-tld.diff and compile.
  From Saksham Manchanda (Secure64).  Please note that we think this
  will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
  lookups for downstream clients.
- Add new configure option `--enable-fully-static` to enable full static
  build if requested; in relation to #91.
- Add make distclean that removes everything configure produced,
  and make maintainer-clean that removes bison and flex output.
- unbound-fuzzers.tar.bz2 in contrib/ : three programs for fuzzing, that
  are 1:1 replacements for unbound-fuzzme.c that gets created after applying
  the contrib/unbound-fuzzme.patch.  They are contributed by
  Eric Sesterhenn from X41 D-Sec.

Bug Fixes:
- Fix that pkg-config is setup before --enable-systemd needs it.
- Fix contrib/fastrpz.patch asprintf return value checks.
- ipset module #28: log that an address is added, when verbosity high.
- ipset: refactor long routine into three smaller ones.
- updated Makefile dependencies.
- squelch DNS over TLS errors 'ssl handshake failed crypto error'
  on low verbosity, they show on verbosity 3 (query details), because
  there is a high volume and the operator cannot do anything for the
  remote failure.  Specifically filters the high volume errors.
- Fix #71: fix openssl error squelch commit compilation error.
- Fix #72: configure --with-syslog-facility=LOCAL0-7 with default
  LOG_DAEMON (as before) can set the syslog facility that the server
  uses to log messages.
- Use explicit bzero for wiping clear buffer of hash in cachedb,
  reported by Eric Sesterhenn from X41 D-Sec.
- Fix #78: Memory leak in outside_network.c.
- Merge pull request #76 from Maryse47: Improvements and fixes for
  systemd unbound.service.
- oss-fuzz badge on README.md.
- Fix fix for #78 to also free service callback struct.
- Fix for oss-fuzz build warning.
- Fix wrong response ttl for prepended short CNAME ttls, this would
  create a wrong zero_ttl response count with serve-expired enabled.
- Merge #80 from stasic: Improve wording in man page.
- Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW
  in unbound.service.
- Merge #81 from Maryse47: Consistently use /dev/urandom instead
  of /dev/random in scripts and docs.
- Merge #83 from Maryse47: contrib/unbound.service.in: do not fork
  into the background.
- Merge #85 for #84 from sam-lunt: Add kill capability to systemd
  service file to fix that systemctl reload fails.
- Merge #87 from hardfalcon: Fix contrib/unbound.service.in,
  Drop CAP_KILL, use + prefix for ExecReload= instead.
- Merge #90 from vcunat: fix build with nettle-3.5.
- Fix for CVE-2019-16866.  That fix is also in 1.9.4.
- Merge #86 from psquarejho: Added -b source address option to
  smallapp/unbound-anchor.c, from Lukas Wunner.
- Add doxygen comments to unbound-anchor source address code, in #86.
- Merge #97: manpage: Add missing word on unbound.conf,
  from Erethon.
- Fix #99: Memory leak in ub_ctx (event_base will never be freed).
- Fix #109: check number of arguments for stdin-pipes in
  unbound-control and fail if too many arguments.
- Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.
- iana portlist updated.
- contrib/fastrpz.patch updated to apply for current code.
- fixes for splint cleanliness, long vs int in SSL set_mode.
- In unbound-host use separate variable for get_option to please
  code checkers.
- update to bison output of 3.4.1 in code repository.
- Provide a prototype for compat malloc to remove compile warning.
- Portable grep usage for reuseport configure test.
- Check return type of HMAC_Init_ex for openssl 0.9.8.
- gitignore .source tempfile used for compatible make.
- Fix for CVE-2019-18934, shell execution in ipsecmod.  This fix is also
  in 1.9.5.
- Fix authzone printout buffer length check.
- Fixes to please lint checks.
- Fix Integer Overflow in Regional Allocator,
  reported by X41 D-Sec.
- Fix Unchecked NULL Pointer in dns64_inform_super()
  and ipsecmod_new(), reported by X41 D-Sec.
- Fix Out-of-bounds Read in rr_comment_dnskey(),
  reported by X41 D-Sec.
- Fix Integer Overflows in Size Calculations,
  reported by X41 D-Sec.
- Fix Integer Overflow to Buffer Overflow in
  sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
- Fix Out of Bounds Read in sldns_str2wire_dname(),
  reported by X41 D-Sec.
- Fix Out of Bounds Write in sldns_bget_token_par(),
  reported by X41 D-Sec.
- Fix Out of Bounds Read in rrinternal_get_owner(),
  reported by X41 D-Sec.
- Fix Race Condition in autr_tp_create(),
  reported by X41 D-Sec.
- Fix Shared Memory World Writeable,
  reported by X41 D-Sec.
- Adjust unbound-control to make stats_shm a read only operation.
- Fix Weak Entropy Used For Nettle,
  reported by X41 D-Sec.
- Fix Randomness Error not Handled Properly,
  reported by X41 D-Sec.
- Fix Out-of-Bounds Read in dname_valid(),
  reported by X41 D-Sec.
- Fix Config Injection in create_unbound_ad_servers.sh,
  reported by X41 D-Sec.
- Fix Local Memory Leak in cachedb_init(),
  reported by X41 D-Sec.
- Fix Integer Underflow in Regional Allocator,
  reported by X41 D-Sec.
- Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD.
- Synchronize compat/getentropy_win.c with version 1.5 from
  OpenBSD, no changes but makes the file, comments, identical.
- Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD.
- Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD.
- Changes to compat/getentropy files for,
  no link to openssl if using nettle, and hence config.h for
  HAVE_NETTLE variable.
  compat definition of MAP_ANON, for older systems.
  ifdef stdint.h inclusion for older systems.
  ifdef sha2.h inclusion for older systems.
- Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec.
- Fix compile with --enable-alloc-checks, reported by X41 D-Sec.
- Fix Terminating Quotes not Written, reported by X41 D-Sec.
- Fix Useless memset() in validator, reported by X41 D-Sec.
- Fix Unrequired Checks, reported by X41 D-Sec.
- Fix Enum Name not Used, reported by X41 D-Sec.
- Fix NULL Pointer Dereference via Control Port,
  reported by X41 D-Sec.
- Fix Bad Randomness in Seed, reported by X41 D-Sec.
- Fix python examples/calc.py for eval, reported by X41 D-Sec.
- Fix comments for doxygen in dns64.
- Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec.
- Fix compiler warnings.
- Merge pull request #122 from he32: In tcp_callback_writer(),
  don't disable time-out when changing to read.
- Merge pull request #124 from rmetrich: Changed log lock
  from 'quick' to 'basic' because this is an I/O lock.
- Fix text around serial arithmatic used for RRSIG times to refer
  to correct RFC number.
- Fix Assert Causing DoS in synth_cname(),
  reported by X41 D-Sec.
- Fix similar code in auth_zone synth cname to add the extra checks.
- Fix Assert Causing DoS in dname_pkt_copy(),
  reported by X41 D-Sec.
- Fix OOB Read in sldns_wire2str_dname_scan(),
  reported by X41 D-Sec.
- Fix Out of Bounds Write in sldns_str2wire_str_buf(),
  reported by X41 D-Sec.
- Fix Out of Bounds Write in sldns_b64_pton(),
  fixed by check in sldns_str2wire_int16_data_buf(),
  reported by X41 D-Sec.
- Fix Insufficient Handling of Compressed Names in dname_pkt_copy(),
  reported by X41 D-Sec.
- Fix Out of Bound Write Compressed Names in rdata_copy(),
  reported by X41 D-Sec.
- Fix Hang in sldns_wire2str_pkt_scan(),
  reported by X41 D-Sec.
  This further lowers the max to 256.
- Fix snprintf() supports the n-specifier,
  reported by X41 D-Sec.
- Fix Bad Indentation, in dnscrypt.c,
  reported by X41 D-Sec.
- Fix Client NONCE Generation used for Server NONCE,
  reported by X41 D-Sec.
- Fix compile error in dnscrypt.
- Fix _vfixed not Used, removed from sbuffer code,
  reported by X41 D-Sec.
- Fix Hardcoded Constant, reported by X41 D-Sec.
- make depend
- Fix lock type for memory purify log lock deletion.
- Fix testbound for alloccheck runs, memory purify and lock checks.
- update contrib/fastrpz.patch to apply more cleanly.
- Fix Make Test Fails when Configured With --enable-alloc-nonregional,
  reported by X41 D-Sec.
- Fix ipsecmod compile
- Fix Makefile.in for ipset module compile, from Adi Prasaja.

Log message:
Apply a fix from upstream:
  https://github.com/NLnetLabs/unbound/pull/122
which fixes
  https://github.com/NLnetLabs/unbound/issues/125

Briefly: TCP socket timeouts would effectively be disabled after
the exchange of the initial DNS query/response.

Bump PKGREVISION.

Log message:
Update unbound to version 1.9.5

Pkgsrc changes:
 * None.

Upstream changes:

Bug Fixes:
- Fix CVE-2019-18934.  A vulnerability might cause shell code execution
  with use of the "ipsecmod" feature under specific conditions.

Log message:
net: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.

Log message:
Update unbound to version 1.9.4

Pkgsrc changes:
 * None.

Upstream changes:

Bug Fixes:
- Fix CVE-2019-16866.  An error in parsing NOTIFY queries may cause
  unbound to continue processing malformed queries and may ultimately
  result in a pointer de-reference in un-initialized memory, causing
  a crash of unbound.