From nobody Thu Oct 13 14:12:55 2022 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MpBLb3LCBz4g3QS for ; Thu, 13 Oct 2022 14:12:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MpBLb0G7Qz3LlX for ; Thu, 13 Oct 2022 14:12:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MpBLZ6R9qzRZZ for ; Thu, 13 Oct 2022 14:12:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 29DECsXe018330 for ; Thu, 13 Oct 2022 14:12:54 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 29DECs9j018329 for ports-bugs@FreeBSD.org; Thu, 13 Oct 2022 14:12:54 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 267018] dns/unbound: Update to 1.17.0 Date: Thu, 13 Oct 2022 14:12:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jaap@NLnetLabs.nl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform bug_file_loc op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665670375; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rvP7Q2WnmLrJEO3J2ChH3fvhzOCTwEgNcVmf/mse/NI=; b=bjb4SIbATCdeVRNaNbjs8YddrIxIm9xNz2DMjAiMFn7Kn0STDeKScpP4zdimCzcoqbjlCe PmFNtC11X1XWA6lrpKTdXqEp8HcvI3VaDGhStXwGkVQccV6h7qbpqDNIwE7sv6CZBdKS3Z OZwreMmA/YTUvt8Iz/R7uVXE1r2KBCmlnUlmwmPaNz/WCDzh5Hb2VQyQ4n3bFMsvRlyQAl ryQs9EWDF1LhRywru8EdGgBxHQ9kn0heOrNjfhvwIQVTuUvGzSpr/hDU/MI5NYQW9Rt4cp 8Fk50jUhKNS6bxzK2tD45VtUgxb9pQQz1+jnwzOlrgj+eAy8peovbk+0q/zMNg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1665670375; a=rsa-sha256; cv=none; b=iedq3/MT3ZJ/OINGamHwKW8nkl50bIZdBF+7Ha29kpvwEBj6W5bsgTT8bdXHNbFLsaRwu8 Ds/TKEjmW33vQtvn+U2OBNW5/Wl24yf1nDXxSBa2sgZUpqAeJ2o8t0jpYVLm+0DrLpu8Nj TyXIHB/trx2XzG87ka096tbuoYAtUMBq3CD/ApRHtcO5idU51mTEa6JQXWa82fON09ADrm D1gXOGyk4cKUEKI5KYDpt43A1k1yTHwZjiD9pXs05qyF1JcqvIbTvItDEbtQ4FD9caXlmB KYCOkjsyWwvGmkL2J8jLDXoBVdLQFoOc3qZbWiAXTKgF2VUCSQ9siQ1wYKzT2A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D267018 Bug ID: 267018 Summary: dns/unbound: Update to 1.17.0 Product: Ports & Packages Version: Latest Hardware: Any URL: https://www.nlnetlabs.nl/news/2022/Oct/13/unbound-1.17 .0-released/ OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: jaap@NLnetLabs.nl Attachment #237264 maintainer-approval+ Flags: Created attachment 237264 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D237264&action= =3Dedit patch to update This release has new interface acl configuration options. These allow access-control actions, per interface. Also tags, and views can be configured per interface, queries over the interface are answered with these tags and views. It is configured with the options `interface-action`, `interface-tag`, `interface-tag-action`, `interface-tag-data` and `interface-view`. If there is also an access-control setting for the query, this overrides the interface settings for that query. The PROXYv2 protocol is supported. It can be configured with the `proxy-protocol-port: portno` option. It is used to convey the IP addresses of clients that connect via a proxy to Unbound. There are also fixes for a number of bugs. In some cases a blocking wait on a socket could happen, and this has been fixed. If the upstream sends a TC flag, erroneously, the reply is ignored and retried. When under load, with the new NRDelegation fixes from the previous release, there are mitigations to continue target discovery. There is also a fix for possible loops in the tcp reuse code. The release version differs from the RC1, there is a bugfix for the proxy protocol for tcp read when no proxied addresses are provided. Features - Merge #753: ACL per interface. (New interface-* configuration options). - Merge #760: PROXYv2 downstream support. (New proxy-protocol-port configuration option). Bug Fixes - Fix #728: alloc_reg_obtain() core dump. Stop double alloc_reg_release when serviced_create fails. - Fix edns subnet so that scope 0 answers only match sourcemask 0 queries for answers from cache if from a query with sourcemask 0. - Fix unittest for edns subnet change. - Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due to unsupported IPV6_USER_MTU socket option being set. - Fix ratelimit inconsistency, for ip-ratelimits the value is the amount allowed, like for ratelimits. - Fix #734 [FR] enable unbound-checkconf to detect more (basic) errors. - Fix to log accept error ENFILE and EMFILE errno, but slowly, once per 10 seconds. Also log accept failures when no slow down is used. - Fix to avoid process wide fcntl calls mixed with nonblocking operations after a blocked write. - Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive operations, so that instruction reordering does not cause mistakenly blocking socket operations. - Fix to wait for blocked write on UDP sockets, with a timeout if it takes too long the packet is dropped. - Fix for wait for udp send to stop when packet is successfully sent. - Fix #741: systemd socket activation fails on IPv6. - Fix to update config tests to fix checking if nonblocking sockets work on OpenBSD. - Slow down log frequency of write wait failures. - Fix to set out of file descriptor warning to operational verbosity. - Fix to log a verbose message at operational notice level if a thread is not responding, to stats requests. It is logged with thread identifiers. - Remove include that was there for debug purposes. - Fix to check pthread_t size after pthread has been detected. - Convert tdir tests to use the new skip_test functionality. - Remove unused testcode/mini_tpkg.sh file. - Better output for skipped tdir tests. - Fix doxygen warning in respip.h. - Fix to remove erroneous TC flag from TCP upstream. - Fix test tdir skip report printout. - Fix windows compile, the identifier interface is defined in headers. - Fix to close errno block in comm_point_tcp_handle_read outside of ifdef. - Fix static analysis report to remove dead code from the rpz_callback_from_iterator_module function. - Fix to clean up after the acl_interface unit test. - Merge #764: Leniency for target discovery when under load (for NRDelegation changes). - Use DEBUG_TDIR from environment in mini_tdir.sh for debugging. - Fix string comparison in mini_tdir.sh. - Make ede.tdir test more predictable by using static data. - Fix checkconf test for dnscrypt and proxy port. - Fix dnscrypt compile for proxy protocol code changes. - Fix to stop responses with TC flag from resulting in partial responses. It retries to fetch the data elsewhere, or fails the query and in depth fix removes the TC flag from the cached item. - Fix proxy length debug output printout typecasts. - Fix to stop possible loops in the tcp reuse code (write_wait list and tcp_wait list). Based on analysis and patch from Prad Seniappan and Karthik Umashankar. - Fix PROXYv2 header read for TCP connections when no proxied addresses are provided. --=20 You are receiving this mail because: You are the assignee for the bug.=