Subject: CVS commit: pkgsrc/net/unbound
From: Fredrik Pettai
Date: 2015-10-22 20:14:40
Message id: 20151022181440.EB38898@cvs.netbsd.org

Log Message:
Unbound 1.5.6
=============

Features:
* Default for ssl-port is port 853, the temporary port assignment for
  secure domain name system traffic. If you used to rely on the older default
  of port 443, you have to put a clause in unbound.conf for that. The new
  value is likely going to be the standardised port number for this traffic.
* ANY responses include DNAME records if present,
  as per Evan Hunt's remark in dnsop.

Bug Fixes:
* Fix segfault in the dns64 module in the formaterror error path.
* Fix manpage to suggest using SIGTERM to terminate the server.
* iana portlist update.

Unbound 1.5.5
=============

Features:
* Change default of harden-algo-downgrade to off.
  This is lenient for algorithm rollover.
* Added permit-small-holddown config to debug fast 5011 rollover.
* Allow certificate chain files to allow for intermediate certificates.
* Enable ECDHE for servers. Where available, use SSL_CTX_set_ecdh_auto()
  for TLS-wrapped server configurations to enable ECDHE. Otherwise,
  manually offer curve p256. Client connections should automatically
  use ECDHE when available.
* [bugzilla: 699 ] Feature --enable-pie option to that builds PIE binary.
* [bugzilla: 700 ] Feature --enable-relro-now option that enables full
  read-only relocation.
* [bugzilla: 702 ] New IPs for for h.root-servers.net.

Bug Fixes:
* [bugzilla: 681 ] Fix setting forwarders with unbound-control forward
  implicitly turns on forward-first.
* [bugzilla: 690 ] Fix that reload fails when so-reuseport is yes
  after changing num-threads.
* please afl-gcc (llvm) for uninitialised variable warning.
* Fix mktime in unbound-anchor not using UTC.
* Fix 5011 anchor update timer after reload.
* 5011 implementation does not insist on all algorithms,
  when harden-algo-downgrade is turned off.
* Document in the manual more text about configuring locally served zones.
* Document that local-zone nodefault matches exactly and transparent can
  be used to release a subzone.
* [bugzilla: 694 ] Fix that configure script does not detect LibreSSL 2.2.2
* Fix deadlock for local data add and zone add when unbound-control
  list_local_data printout is interrupted.
* [bugzilla: 697 ] Fix get PY_MAJOR_VERSION failure at configure for
  python 2.4 to 2.6.
* changed windows setup compression to be more transparent.
* Fix config globbed include chroot treatment, this fixes reload of globs.
* [bugzilla: 705 ] Fix ub_ctx_set_fwd() return value mishandled on windows.
* Fix minor error in unbound.conf.5.in.
* Fix unbound.conf(5) access-control description for precedence and default.
* Fix unbound-control flush that does not succeed in removing data.
* MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution failures.
* iana portlist update.

Files:
RevisionActionfile
1.39modifypkgsrc/net/unbound/Makefile
1.29modifypkgsrc/net/unbound/distinfo