[Bug 210257] [PATCH] dns/unbound update to 1.5.9

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jun 13 15:46:52 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210257

            Bug ID: 210257
           Summary: [PATCH] dns/unbound update to 1.5.9
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: jaap at NLnetLabs.nl
                CC: erwin at FreeBSD.org
 Attachment #171392 maintainer-approval+
             Flags:
             Flags: maintainer-feedback+
          Keywords: patch

Created attachment 171392
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=171392&action=edit
Patch to update

Summary:
New IPv6 address for one of the root servers in the default root server
configuration.  And a number of bug fixes, for CD flags to forwarders,
for 0x20 compatibility, for qname-minimisation with DNSSEC.

Features:
    generic edns option parse and store code.
    Updated L root IPv6 address.
    User defined pluggable event API for libunbound
    ip_freebind: yesno option in unbound.conf sets IP_FREEBIND for binding to
an IP address while the interface or address is down.
    OpenSSL 1.1.0 portability, --disable-dsa configure option.
    disable-dnssec-lame-check config option from Charles Walker.

Bug Fixes:
    [bugzilla: 745 ]
    Fix unbound.py - idn2dname throws UnicodeError when idnname contains
trailing dot.
    configure tests for the weak attribute support by the compiler.
    [bugzilla: 747 ]
    Fix assert in outnet_serviced_query_stop.
    Updated configure and ltmain.sh.
    Fixup of compile fix for pluggable event API from P.Y. Adi Prasaja.
    Fixup backend2str for libev.
    Fix libev usage of dispatch return value.
    No side effects in tolower() call, in case it is a macro.
    Fix warnings in ifdef corner case, older or unknown libevent.
    Fix ip-transparent for ipv6 on FreeBSD, thanks to Nick Hibma.
    Fix ip-transparent for tcp on freebsd.
    [bugzilla: 746 ]
    Fix unbound sets CD bit on all forwards. If no trust anchors, it'll not set
CD bit when forwarding to another server. If a trust anchor, no CD bit on the
first attempt to a forwarder, but CD bit thereafter on repeated attempts to get
DNSSEC.
    Limit number of QNAME minimisation iterations.
    Validate QNAME minimised NXDOMAIN responses.
    If QNAME minimisation is enabled, do cache lookup for QTYPE NS in
harden-below-nxdomain.
    Fix compile of getentropy_linux for SLES11 servicepack 4.
    Fix dnstap-log-resolver-response-messages, from Nikolay Edigaryev.
    Fix test for openssl to use HMAC_Update for 1.1.0.
    ERR_remove_state deprecated since openssl 1.0.0.
    OPENSSL_config is deprecated, removing.
    Document permit-small-holddown for 5011 debug.
    [bugzilla: 749 ]
    Fix unbound-checkconf gets SIGSEGV when use against a malformatted conf
file.
    [bugzilla: 753 ]
    Fix document dump_requestlist is for first thread.
    Fix some malformed reponses to edns queries get fallback to nonedns.
    [bugzilla: 759 ]
    Fix 0x20 capsforid no longer checks type PTR, for compatibility with cisco
dns guard. This lowers false positives.
    Fix sldns with static checking fixes copied from getdns.
    Fix memory leak in out-of-memory conditions of local zone add.
    [bugzilla: 761 ]
    Fix DNSSEC LAME false positive resolving nic.club.
    [bugzilla: 766 ]
    Fix dns64 should synthesize results on timeout/errors.
    No QNAME minimisation fall-back for NXDOMAIN answers from DNSSEC signed
zones.
    [bugzilla: 767 ]
    Fix Reference to an expired Internet-Draft in harden-below-nxdomain
documentation.
    remove memory leak from lame-check patch.
    [bugzilla: 770 ]
    Fix Small subgroup attack on DH used in unix pipe on localhost if unbound
control uses a unix local named pipe.
    Document write permission to directory of trust anchor needed.
    [bugzilla: 768 ]
    Fix Unbound Service Sometimes Can Not Shutdown Completely, WER Report Shown
Up. Close handle before closing WSA.
    Fix time in case answer comes from cache in ub_resolve_event().
    Fix windows service to be created run with limited rights, as a network
service account, from Mario Turschmann.
    [bugzilla: 752 ]
    Fix retry resource temporarily unavailable on control pipe.
    iana ports fetched via https.
    iana portlist update.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list