Subject: CVS commit: pkgsrc/net/unbound
From: Fredrik Pettai
Date: 2013-11-17 23:57:38
Message id: 20131117225738.C26E296@cvs.netbsd.org

Log Message:
Unbound 1.4.21

Features:

* Implement max-udp-size config option, default 4096 with fix#524 for
  nonEDNS0 queries.
* add unbound-control insecure_add and insecure_remove for the administration
  of negative trust anchors.
* install copy of unbound-control.8 man page for unbound-control-setup.
* code improve for minimal responses, small speed increase.
* max include of 100.000 files (depth and globbed at one time).
  This is to preserve system memory in bug cases, or endless cases.
* unbound.h header file has UNBOUND_VERSION_MAJOR define.
* get_option, set_option, unbound-checkconf -o and libunbound getoption() and
  setoption() support cache-min-ttl and cache-max-ttl. Also log-time-ascii,
  python-script, val-sig-skew-min and val-sig-skew-max. log-time-ascii takes
  effect immediately. The others are mostly useful for libunbound users.
* configure --disable-flto option.
* streamtcp man page.
* Make reverse zones easier by documenting the nodefault statements
  commented-out in the example config file.

Bug Fixes:

* committed libunbound version 4:1:2 for binary API updated in 1.4.20
* Fix for 2038, with time_t instead of uint32_t.
* Fix resolve of names that use a mix of public and private addresses.
* [bugzilla: 492 ] Fix endianness detection, revert to older lookup3.c
  detection and put new detect lines after previous tests, to avoid
  regressions but allow new detections to succeed.
  And add detection for machine/endian.h to it.
* Fix queries leaking up for stubs and forwards, if the configured
  nameservers all fail to answer.
* unbound-anchor review: BIO_write can return 0 successfully if it has
  successfully appended a zero length string.
* Fix so that for a configuration line of include: "*.conf" it is not an
  error if there are no files matching the glob pattern.
* own implementation of compat/snprintf.c.
* [bugzilla: 491 ] pick program name (0th argument) as syslog identity.
* Fixup snprintf return value usage, fixed libunbound_get_option.
* Robust checks on dname validity from rdata for dname compare.
* iana portlist update.
* Fix round-robin doesn't work with some Windows clients.
* [bugzilla: 500 ] use on non-initialised values on socket bind failures.
* [bugzilla: 499 ] use-after-free in out-of-memory handling code.
* Explain bogus and secure flags in libunbound more.
* Update acx_pthreads.m4 to ax_pthreads.4 (2013-03-29), and apply patch to it
  to not fail when -Werror is also specified, from the autoconf-archives.
* Fixup manpage syntax.
* Fix for const string literals in C++ for libunbound.
* Squelch sendto-permission denied errors when the network is not connected,
  to avoid spamming syslog.
* libunbound documentation on how to avoid openssl race conditions.
* [bugzilla: 512 ] NSS returned arrays out of setup function to be statics.
* [bugzilla: 516 ] dnssec lameness detection for answers that are improper.
* [bugzilla: 519 ] ub_ctx_delete may hang in some scenarios (libunbound).
* [bugzilla: 520 ] Errors found by static analysis

Files:
RevisionActionfile
1.28modifypkgsrc/net/unbound/Makefile
1.6modifypkgsrc/net/unbound/PLIST
1.22modifypkgsrc/net/unbound/distinfo