Subject: CVS commit: pkgsrc/net/unbound
From: Fredrik Pettai
Date: 2012-06-08 23:52:00
Message id: 20120608215200.68104175DD@cvs.netbsd.org

Log Message:
Unbound 1.4.17

Features:

* unbound-control forward_add, forward_remove, stub_add, stub_remove can modify \ 
stubs and forwards for running unbound they can also add and remove \ 
domain-insecure for the zone. This is to support reconfiguration of a DNSSEC \ 
validator on a computer that changes networks and has to enable new network \ 
config for the new location.
* new approach to NS fetches for DS lookup that works with cornercases, and is \ 
more robust and considers forwarders.
* contrib/validation-reporter follows rotated log file
* Applied patch for rrset-roundrobin and minimal-responses features (new \ 
options, enable in unbound.conf to use).
* ECDSA support (RFC 6605) by default. Use --disable-ecdsa for older openssl.
* Patch for access to full DNS packet data in unbound python module
* forward-first option. Tries without forward if a query fails. Also stub-first \ 
option that is similar.

Bug Fixes:

* Fix possible uninitialised variable in windows pipe implementation.
* Fix alignment problem in util/random on sparc64/freebsd.
* Fix for accept spinning reported by OpenBSD.
* Fix validation of nodata for DS query in NSEC zones
* [bugzilla: 444 ] Fix that setusercontext was called too late
* [bugzilla: 443 ] Fix --with-chroot-dir not honoured by configure.
* [bugzilla: 442 ] Fix that Makefile depends on pythonmod headers even using \ 
--without-pythonmodule.
* Fix to locate nameservers for DS lookup with NS fetches.
* Applied line-buffer patch from Augie Schwer to validation.reporter.sh.
* flush_infra cleans timeouted servers from the cache too.
* Fix from code review, if EINPROGRESS not defined chain if statement differently.
* [bugzilla: 434 ] Fix windows port to check registry for config file location \ 
for unbound-control.exe, and unbound-checkconf.exe.
* Fix to squelch 'network unreachable' errors from tcp connect in logs, high \ 
verbosity will show them.
* Fix prefetch and sticky NS ghost domain. It picks nameservers that 'would be \ 
valid in the future', and if this makes the NS timeout, it updates that NS by \ 
asking delegation from the parent again. If child NS has longer TTL, that TTL \ 
does not get refreshed from the lookup to the child nameserver.
* RT#2955 Fix for cygwin compilation.
* Slightly smaller critical region in one case in infra cache.
* Fix timeouts to keep track of query type, A, AAAA and other, if another has \ 
caused timeout blacklist, different type can still probe.
unit test fix for nomem_cnametopos.rpl race condition.
* fix memory leak in errorcase for DSA signatures.
* workaround for openssl 0.9.8 ecdsa sha2 and evp problem.
* fix for windows, rename() is not posix compliant on windows.
* iana portlist updated

Files:
RevisionActionfile
1.21modifypkgsrc/net/unbound/Makefile
1.18modifypkgsrc/net/unbound/distinfo