Path to this page:
Subject: CVS commit: [pkgsrc-2022Q2] pkgsrc/net/unbound
From: S.P.Zeidler
Date: 2022-08-27 17:50:45
Message id: 20220827155045.38548F9F3@cvs.NetBSD.org
Log Message:
Pullup ticket #6666 - requested by khorben
net/unbound: security update
Revisions pulled up:
- net/unbound/Makefile 1.93,1.92
- net/unbound/distinfo 1.71,1.70
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Mon Aug 1 12:38:46 UTC 2022
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update net/unbound to version 1.16.2.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
retransmit timeout.
Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest
cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.70 -r1.71 pkgsrc/net/unbound/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Mon Jul 11 15:02:05 UTC 2022
Modified Files:
pkgsrc/net/unbound: Makefile distinfo
Log Message:
Update net/unbound to version 1.16.1.
Pkgsrc changes:
* none, other than checksums.
Upstream changes:
Features
- Fix #704: [FR] Statistics counter for number of outgoing UDP queries
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
command.
Bug Fixes
- makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
- Fix for edns client subnet to respect not looking in its cache when
instructed to do so (e.g., prefetch).
- Merge PR #688: Rpz url notify issue.
- Note in the unbound.conf text that NOTIFY is allowed from the url:
addresses for auth and rpz zones.
- Remove unused LDNS function check for GOST Engine unloading.
- Fix for loading locally stored zones that have lines with blanks or
blanks and comments.
- Fix #663: use after free issue with edns options.
- Clarify -v flag manpage entry (#705)
- Fix test program dohclient close to use portability routine.
- Show the output of the exact .rpl run that failed with 'make test'.
- Fix for cached 0 TTL records to not trigger prefetching when
serve-expired-client-timeout is set.
- Add debug option to the mini_tdir.sh test code.
- Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
- Allow fallback to the parent side when MAX_TARGET_NX is reached.
This will also allow MAX_TARGET_NX more NXDOMAINs.
- iana portlist update.
- Fix detection of libz on windows compile with static option.
- Fix compile warning for windows compile.
- Merge PR #706: NXNS fallback.
- From #706: Cached NXDOMAIN does not increase the target nx
responses.
- From #706: Don't generate parent side queries if we already
have the lame records in cache.
- From #706: When a lame address is the best choice, don't try to
generate target queries when the missing targets are all lame.
- Merge PR #671 from Petr Men\u0161�k: Disable ED25519 and ED448 in FIPS
mode on openssl3.
- Merge PR #660 from Petr Men\u0161�k: Sha1 runtime insecure.
- For #660: formatting, less verbose logging, add EDE information.
- Fix for correct openssl error when adding windows CA certificates to
the openssl trust store.
- Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
- Reintroduce documentation and more EDE support for
val_sigcrypt.c::dnskeyset_verify_rrset_sig.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodr�guez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/net/unbound/distinfo
Files: