notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.
New feature planned: get notified when the package is available. Now is the time to contribute ideas/suggestions.
non port: dns/unbound/Makefile

Number of commits found: 178 (showing only 100 on this page)

1 | 2  »  

Wednesday, 14 Feb 2024
14:56 Cy Schubert (cy) search for other commits by this committer
dns/unbound: Update to 1.19.1

Release notes at
	https://www.nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

Security:	CVE-2023-50387, CVE-2023-50868
Approved by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
MFH:		2024Q1
commit hash: efa763f5ae59537388818334ecf1aa0954a67459 commit hash: efa763f5ae59537388818334ecf1aa0954a67459 commit hash: efa763f5ae59537388818334ecf1aa0954a67459 commit hash: efa763f5ae59537388818334ecf1aa0954a67459 efa763f
Sunday, 28 Jan 2024
22:14 Muhammad Moinur Rahman (bofh) search for other commits by this committer
dns/unbound: Moved man to share/man

Approved by:    portmgr (blanket)
commit hash: d23228feaaee0db21af599c55bc68974fe6d835c commit hash: d23228feaaee0db21af599c55bc68974fe6d835c commit hash: d23228feaaee0db21af599c55bc68974fe6d835c commit hash: d23228feaaee0db21af599c55bc68974fe6d835c d23228f
Monday, 13 Nov 2023
17:53 Fernando Apesteguía (fernape) search for other commits by this committer Author: Jaap Akkerhuis
dns/unbound: Update to 1.19.0

ChangeLog: https://nlnetlabs.nl/news/2023/Nov/08/unbound-1.19.0-released/

Features
* Fix #850: [FR] Ability to use specific database in Redis, with new
  redis-logical-db configuration option.
* Merge #944: Disable EDNS DO.  Disable the EDNS DO flag in upstream requests.
  This can be helpful for devices that cannot handle DNSSEC information. But it
  should not be enabled otherwise, because that would stop DNSSEC validation.
  The DNSSEC validation would not work for Unbound itself, and also not for
  downstream users. Default is no. The option is disable-edns-do: no
* Expose the script filename in the Python module environment 'mod_env' instead
  of the config_file structure which includes the linked list of scripts in a
  multi Python module setup; fixes #79.
* Expose the configured listening and outgoing interfaces, if any, as a list of
  strings in the Python 'config_file' class instead of the current Swig object
  proxy; fixes #79.
* Mailing list patches from Daniel Gröber for DNS64 fallback to plain AAAA when
  no A record exists for synthesis, and minor DNS64 code refactoring for better
  readability.
* Merge #951: Cachedb no store. The cachedb-no-store: yes option is used to stop
  cachedb from writing messages to the backend storage.  It reads messages when
  data is available from the backend. The default is no.

Bug Fixes
* Fix for version generation race condition that ignored changes.
* Fix #942: 1.18.0 libunbound DNS regression when built without
   OpenSSL.
* Fix for WKS call to getservbyname that creates allocation on exit in unit test
  by testing numbers first and testing from the services list later.
* Fix autoconf 2.69 warnings in configure.
* Fix #927: unbound 1.18.0 make test error. Fix make test without SHA1.
* Merge #931: Prevent warnings from -Wmissing-prototypes.
* Fix to scrub resource records of type A and AAAA that have an
   inappropriate size. They are removed from responses.
* Fix to move msgparse_rrset_remove_rr code to util/msgparse.c.
* Fix to add EDE text when RRs have been removed due to length.
* Fix to set ede match in unit test for rr length removal.
* Fix to print EDE text in readable form in output logs.
* Fix send of udp retries when ENOBUFS is returned. It stops looping
   and also waits for the condition to go away. Reported by Florian
   Obser.
* Fix authority zone answers for obscured DNAMEs and delegations.
* Merge #936: Check for c99 with autoconf versions prior to 2.70.
* Fix to remove two c99 notations.
* Fix rpz tcp-only action with rpz triggers nsdname and nsip.
* Fix misplaced comment.
* Merge #881: Generalise the proxy protocol code.
* Fix #946: Forwarder returns servfail on upstream response noerror no
   data.
* Fix edns subnet so that queries with a source prefix of zero cause
   the recursor send no edns subnet option to the upstream.
* Fix that printout of EDNS options shows the EDNS cookie option by
   name.
* Fix infinite loop when reading multiple lines of input on a broken
   remote control socket. Addesses #947 and #948.
* Fix #949: "could not create control compt".
* Fix that cachedb does not warn when serve-expired is disabled about
   use of serve-expired-reply-ttl and serve-expired-client-timeout.
* Fix for #949: Fix pythonmod/ubmodule-tst.py for Python 3.x.
* Better fix for infinite loop when reading multiple lines of input on
   a broken remote control socket, by treating a zero byte line the
   same as transmission end. Addesses #947 and #948.
* For multi Python module setups, clean previously parsed module
   functions in __main__'s dictionary, if any, so that only current
   module functions are registered.
* Fix #954: Inconsistent RPZ handling for A record returned along with
   CNAME.
* Fixes for the DNS64 patches.
* Update the dns64_lookup.rpl test for the DNS64 fallback patch.
* Merge #955 from buevsan: fix ipset wrong behavior.
* Update testdata/ipset.tdir test for ipset fix.
* Fix to print detailed errors when an SSL IO routine fails via
   SSL_get_error.
* Clearer configure text for missing protobuf-c development libraries.
* autoconf.
* Merge #930 from Stuart Henderson: add void to
   log_ident_revert_to_default declaration.
* Fix #941: dnscrypt doesn't work after upgrade to 1.18 with
   suggestion by dukeartem to also fix the udp_ancil with dnscrypt.
* Fix SSL compile failure for definition in log_crypto_err_io_code_arg.
* Fix SSL compile failure for other missing definitions in
   log_crypto_err_io_code_arg.
* Fix compilation without openssl, remove unused function warning.
* Mention flex and bison in README.md when building from repository
   source.

PR:		275012
Reported by:	jaap@NLnetLabs.nl (maintainer)
commit hash: bb5a92cd3a293f5c8a2d1dbdd085a7d04b7a243b commit hash: bb5a92cd3a293f5c8a2d1dbdd085a7d04b7a243b commit hash: bb5a92cd3a293f5c8a2d1dbdd085a7d04b7a243b commit hash: bb5a92cd3a293f5c8a2d1dbdd085a7d04b7a243b bb5a92c
Friday, 13 Oct 2023
13:21 Cy Schubert (cy) search for other commits by this committer
dns/unbound: Fix loop when ENOBUFS is returned

- Fix send of udp retries when ENOBUFS is returned. It stops looping
  and also waits for the condition to go away. Reported to upstream
  by Florian Obser.

PR:             274352, 274446
Approved by:	jaap@NLnetLabs.nl (maintainer)
MFH:		2023Q4
commit hash: 05c229e187e0dd8d812db2ebb10f74ca1c423efc commit hash: 05c229e187e0dd8d812db2ebb10f74ca1c423efc commit hash: 05c229e187e0dd8d812db2ebb10f74ca1c423efc commit hash: 05c229e187e0dd8d812db2ebb10f74ca1c423efc 05c229e
Saturday, 2 Sep 2023
15:29 Fernando Apesteguía (fernape) search for other commits by this committer Author: R. Christian McDonald
dns/unbound: update to 1.18.0

ChangeLog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-18-0

PR:		273456
Reported by:	rcm@rcm.sh
Approved by:	jaap@NLnetLabs.nl (maintainer)
commit hash: 036a47f6cb72d707d453f42e8062e11e0a6ca37a commit hash: 036a47f6cb72d707d453f42e8062e11e0a6ca37a commit hash: 036a47f6cb72d707d453f42e8062e11e0a6ca37a commit hash: 036a47f6cb72d707d453f42e8062e11e0a6ca37a 036a47f
Tuesday, 7 Feb 2023
15:23 Fernando Apesteguía (fernape) search for other commits by this committer Author: Jaap Akkerhuis
dns/unbound: fix build with AAAA option ON

PR:		269337
Reported by:	void@f-m.fm
MFH:		2023Q1 (build fix)
commit hash: 2272e34787c3e6839841c0e4ea919b569dbb5cfc commit hash: 2272e34787c3e6839841c0e4ea919b569dbb5cfc commit hash: 2272e34787c3e6839841c0e4ea919b569dbb5cfc commit hash: 2272e34787c3e6839841c0e4ea919b569dbb5cfc 2272e34
Wednesday, 18 Jan 2023
18:18 Adam Weinberger (adamw) search for other commits by this committer
dns/unbound: Clarify DYNLIB_DESC

The DYNLIB option doesn't change whether unbound itself is dynamically
or statically linked, it enables support for third-party shlibs.

Approved by:	maintainer
commit hash: 6731a78811c37cf3c4811d4b5fcc2dc6920f8bd7 commit hash: 6731a78811c37cf3c4811d4b5fcc2dc6920f8bd7 commit hash: 6731a78811c37cf3c4811d4b5fcc2dc6920f8bd7 commit hash: 6731a78811c37cf3c4811d4b5fcc2dc6920f8bd7 6731a78
Monday, 16 Jan 2023
12:44 Fernando Apesteguía (fernape) search for other commits by this committer
dns/unbound: add dynlib port option

PR:		268942
Reported by:	me@rcm.sh
Approved by:	jaap@NLnetLabs.nl (maintainer)
commit hash: 38e6e935efa67110ba6d2d1e322555f0afbb8383 commit hash: 38e6e935efa67110ba6d2d1e322555f0afbb8383 commit hash: 38e6e935efa67110ba6d2d1e322555f0afbb8383 commit hash: 38e6e935efa67110ba6d2d1e322555f0afbb8383 38e6e93
Friday, 13 Jan 2023
21:12 Brad Davis (brd) search for other commits by this committer
dns/unbound: Update to 1.17.1

The release notes can be found at:
https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-17-1

PR:		268913
Approved by:	jaap@NLnetLabs.nl (maintainer)
Sponsored by:	Rubicon Communications, LLC ("Netgate")
commit hash: 850f050401b8270c7b0bac947aa9adda50d78ae7 commit hash: 850f050401b8270c7b0bac947aa9adda50d78ae7 commit hash: 850f050401b8270c7b0bac947aa9adda50d78ae7 commit hash: 850f050401b8270c7b0bac947aa9adda50d78ae7 850f050
Sunday, 16 Oct 2022
17:37 Fernando Apesteguía (fernape) search for other commits by this committer Author: Jaap Akkerhuis
dns/unbound: Update to 1.17.0

ChangeLog: https://www.nlnetlabs.nl/news/2022/Oct/13/unbound-1.17.0-released/

Remove additional MASTER_SITES (certificate error)

PR:		267018
Reported by:	jaap@NLnetLabs.nl (maintainer)
Reviewed by:	diizzy@
commit hash: 7b0d6de05baabfbcd7a25fd0440ee3bf1f3bc23e commit hash: 7b0d6de05baabfbcd7a25fd0440ee3bf1f3bc23e commit hash: 7b0d6de05baabfbcd7a25fd0440ee3bf1f3bc23e commit hash: 7b0d6de05baabfbcd7a25fd0440ee3bf1f3bc23e 7b0d6de
Thursday, 29 Sep 2022
05:39 Fernando Apesteguía (fernape) search for other commits by this committer Author: Herbert J. Skuhra
dns/unbound: Update to 1.16.3

ChangeLog: https://nlnetlabs.nl/news/2022/Sep/21/unbound-1.16.3-released/

Fixes Non-Responsive Delegation Attack.

PR:		266654
Reported by:	herbert@gojira.at
Approved by:	jaap@NLnetLabs.nl (maintainer)
Security:	CVE-2022-3204
commit hash: 2efbd2b027c85ab8a3ec41de872affb7dc5963de commit hash: 2efbd2b027c85ab8a3ec41de872affb7dc5963de commit hash: 2efbd2b027c85ab8a3ec41de872affb7dc5963de commit hash: 2efbd2b027c85ab8a3ec41de872affb7dc5963de 2efbd2b
Wednesday, 7 Sep 2022
21:10 Stefan Eßer (se) search for other commits by this committer
Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.

There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.

The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.

Approved by:		portmgr (tcberner)
commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 b7f0544
Friday, 5 Aug 2022
18:58 Bernard Spil (brnrd) search for other commits by this committer
dns/unbound: Security update to 1.6.2

PR:		265645
Reported by:	Jaap Akkerhuis <jaap NLnetLabs nl> (maintainer)
Security:	bc43a578-14ec-11ed-856e-d4c9ef517024
MFH:		2022Q3
commit hash: 9ed08e850c5cebd7a68fc1562c255382366c8d3c commit hash: 9ed08e850c5cebd7a68fc1562c255382366c8d3c commit hash: 9ed08e850c5cebd7a68fc1562c255382366c8d3c commit hash: 9ed08e850c5cebd7a68fc1562c255382366c8d3c 9ed08e8
Wednesday, 20 Jul 2022
14:21 Tobias C. Berner (tcberner) search for other commits by this committer
dns: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Akinori MUSHA aka knu <knu@idaemons.org>
  *  Alex Samorukov <samm@freebsd.org>
  *  Alexey Dokuchaev <danfe@FreeBSD.org>
  *  Allan Jude <allanjude@freebsd.org>
  *  Amar Takhar <verm@drunkmonk.net>
  *  Anders Nordby <anders@fix.no>
  *  Andrew Greenwood <greenwood.andy@gmail.com>
  *  Anton Berezin <tobez@FreeBSD.org>
  *  Ashish SHUKLA <ashish@FreeBSD.org>
  *  Attila Nagy <bra@fsn.hu>
  *  Bas Kruit <baskruit@bsltwr.dhis.org>
  *  Bruce M. Simpson <bms@FreeBSD.org>
  *  Carlos J Puga Medina <cpm@fbsd.es>
  *  Chris St Denis (<chris@ctgameinfo.com>)
  *  Clement Laforet <clement@FreeBSD.org>
  *  Clement Laforet <sheepkiller@cultdeadsheep.org>
  *  Dan Langille <dvl@FreeBSD.org>
  *  Dan Pelleg <daniel+mdnsd@pelleg.org>
  *  Dan Smith <dan@algenta.com>
  *  David O'Brien (obrien@NUXI.com)
  *  Dean Hollister <dean@odyssey.apana.org.au>
  *  Dirk Froemberg <dirk@FreeBSD.org>
  *  Dmitry Pryadko <d.pryadko@rambler-co.ru>
  *  Dmitry Sivachenko <mitya@yandex-team.ru>
  *  Dominik Brettnacher <domi@saargate.de>
  *  Douglas Thrift <douglas@douglasthrift.net>
  *  Edwin Groothuis (edwin@mavetju.org)
  *  Edwin Groothuis <edwin@mavetju.org>
  *  Emanuel Haupt <ehaupt@FreeBSD.org>
  *  Emanuel Haupt <ehaupt@critical.ch>
  *  Eyal Soha <esoha@attbi.com>
  *  Filip Parag <filip@parag.rs>
  *  Filippo Natali <filippo.natali@gmail.com>
  *  Frank Behrens
  *  Gea-Suan Lin <gslin@gslin.org>
  *  Geoffroy Desvernay <dgeo@centrale-marseille.fr>
  *  George Reid <greid@ukug.uk.freebsd.org>
  *  Goran Mekić <meka@tilda.center>
  *  Hajimu UMEMOTO <ume@FreeBSD.org>
  *  Herve Quiroz <hq@FreeBSD.org>
  *  Hirohisa Yamaguchi <umq@ueo.co.jp>
  *  Hye-Shik Chang <perky@fallin.lv>
  *  Jaap Akkerhuis <jaap@NLnetLabs.nl>
  *  James FitzGibbon <jfitz@FreeBSD.org>
  *  Jase Thew <freebsd@beardz.net>
  *  Jimmy Bergman jimmy@sigint.se
  *  Jin-Shan Tseng <tjs@cdpa.nsysu.edu.tw>
  *  Joe Barbish
  *  Jov <amutu@amutu.com>
  *  Jui-Nan Lin <jnlin@freebsd.cs.nctu.edu.tw>
  *  Karl Dietz (Karl.Dietz@frankfurt.netsurf.de)
  *  Kirill Ponomarew <ponomarew@oberon.net>
  *  Koen Martens <gmc@sonologic.nl>
  *  Konstantin Saurbier <saurbier@math.uni-bielefeld.de>
  *  Kostya Lukin <lukin@okbmei.msk.su>
  *  Kris Kennaway <kris@FreeBSD.org>
  *  Kubilay Kocak <koobs@FreeBSD.org>
  *  Kurt Jaeger <fbsd-ports@opsec.eu>
  *  Leo Vandewoestijne <freebsd@dns-lab.com>
  *  Leo Vandewoestijne <freebsd@dns.company>
  *  MIHIRA Yoshiro <sanpei@jp.FreeBSD.org>
  *  Marcin Gondek <drixter@e-utp.net>
  *  Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org>
  *  Mark Felder <feld@FreeBSD.org>
  *  Mark Linimon <linimon@lonesome.com>
  *  Mark Pulford <mark@kyne.com.au>
  *  Martin Matuska <mm@FreeBSD.org>
  *  Martin Wilke <miwi@FreeBSD.org>
  *  Matthew Hunt <mph@pobox.com>
  *  Matthew Seaman
  *  Michael Cardell Widerkrantz <mc@hack.org>
  *  Moritz Warning <moritzwarning@web.de>
  *  Natacha Porte <natbsd@instinctive.eu>
  *  Neil Blakey-Milner
  *  Olivier Duchateau
  *  Paul Chvostek <paul@it.ca>
  *  Paul Dlug <paul@aps.org>
  *  Philippe Pepiot <phil@philpep.org>
  *  Piotr Kubaj <pkubaj@FreeBSD.org>
  *  Piotr Kubaj <pkubaj@anongoth.pl>
  *  Po-Chuan Hsieh <sunpoet@FreeBSD.org>
  *  Rafal Lesniak <fbsd@grid.einherjar.de>
  *  Roman Shterenzon <roman@xpert.com>
  *  Rong-En Fan <rafan@FreeBSD.org>
  *  Roy Marples <roy@marples.name>
  *  Ryan Steinmetz <rpsfa@rit.edu>
  *  Ryan Steinmetz <zi@FreeBSD.org>
  *  Sahil Tandon <sahil@tandon.net>
  *  Seamus Venasse <svenasse@polaris.ca>
  *  Sergei Kolobov <sergei@FreeBSD.org>
  *  Sergei Kolobov <sergei@kolobov.com>
  *  Sergey Matveychuk <sem@FreeBSD.org>
  *  Sergey Skvortsov <skv@protey.ru>
  *  Simon Dick <simond@irrelevant.org>
  *  Stefan Esser <se@FreeBSD.org>
  *  Steve Wills <swills@FreeBSD.org>
  *  Steve Wills <swills@freebsd.org>
  *  Steven Honson
  *  Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
  *  Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net>
  *  Timothy Beyer <beyert@cs.ucr.edu>
  *  Waitman Gobble <waitman@waitman.net>
  *  Wen Heping <wen@FreeBSD.org>
  *  Wen Heping <wenheping@gmail.com>
  *  Zane C, Bowers <vvelox@vvelox.net>
  *  adamw
  *  alexis
  *  andrew@ugh.net.au
  *  bkhl
  *  clsung
  *  clsung@dragon2.net
  *  dglo@ssec.wisc.edu
  *  dnscheckengine-port@academ.com (Stan Barber)
  *  fenner
  *  geniusj@ods.org
  *  ijliao
  *  ismail.yenigul@endersys.com.tr
  *  krion
  *  mark@foster.cc
  *  n@nectar.com
  *  roam@FreeBSD.org
  *  rodrigc@FreeBSD.org
  *  rpsfa@rit.edu
  *  sten@blinkenlights.nl

With hat:	portmgr
commit hash: 66ee090ccad0160bf913ee776daa9c3bfdab1868 commit hash: 66ee090ccad0160bf913ee776daa9c3bfdab1868 commit hash: 66ee090ccad0160bf913ee776daa9c3bfdab1868 commit hash: 66ee090ccad0160bf913ee776daa9c3bfdab1868 66ee090
Tuesday, 12 Jul 2022
17:47 Fernando Apesteguía (fernape) search for other commits by this committer Author: Jaap Akkerhuis
dns/unbound: Update to 1.16.1

ChangeLog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-1

PR:	265151
Reported by:	jaap@NLnetLabs.nl (maintainer)
MFH:	2022Q3 (bugfixes)
commit hash: 0046203e3a7db2ee7b37e63cd000cbf87f908d2c commit hash: 0046203e3a7db2ee7b37e63cd000cbf87f908d2c commit hash: 0046203e3a7db2ee7b37e63cd000cbf87f908d2c commit hash: 0046203e3a7db2ee7b37e63cd000cbf87f908d2c 0046203
Wednesday, 8 Jun 2022
10:33 Li-Wen Hsu (lwhsu) search for other commits by this committer Author: Jaap Akkerhuis
dns/unbound: Update to 1.16.0

This release has EDE support, for extended EDNS error reporting,
it fixes unsupported ZONEMD algorithms to load, and has more bug fixes.

The EDE errors can be turned on by `ede: yes`, it is default disabled.
Validation errors and other errors are then reported. If you also want
stale answers for expired responses to have an error code, the option
`ede-serve-expired: yes` can be used.

On request, the port now also has dnscrypt support default enabled.

PR:		264538
commit hash: 993f58d32eede8a1783ab0270b2cccf3db218d95 commit hash: 993f58d32eede8a1783ab0270b2cccf3db218d95 commit hash: 993f58d32eede8a1783ab0270b2cccf3db218d95 commit hash: 993f58d32eede8a1783ab0270b2cccf3db218d95 993f58d
Saturday, 26 Feb 2022
22:29 Kevin Bowling (kbowling) search for other commits by this committer Author: Jaap Akkerhuis
dns/unbound: Fix DoH compilation

PR:		262145
Reported by:	freebsd@rail.eu.org
Tested by:	freebsd@rail.eu.org
commit hash: ed63185054966d4432d27dfd5b8a6954450c31b1 commit hash: ed63185054966d4432d27dfd5b8a6954450c31b1 commit hash: ed63185054966d4432d27dfd5b8a6954450c31b1 commit hash: ed63185054966d4432d27dfd5b8a6954450c31b1 ed63185
Thursday, 17 Feb 2022
21:21 Dries Michiels (driesm) search for other commits by this committer Author: Jaap Akkerhuis
dns/unbound: Update to 1.15.0

[The Makefile of the port got cleaned up to make portfmt happy]

This release has bug fixes for crashes that happened on heavy network
usage. The default for the aggressive-nsec option has changed, it is now
enabled.

The ratelimit logic had to be reworked for the crash fixes. As a result,
there are new options to control the behaviour of ratelimiting.
The ratelimit-backoff and ip-ratelimit-backoff options can be used to
control how severe the backoff is when the ratelimit is exceeded.

The rpz-signal-nxdomain-ra option can be used to unset the RA flag, for
NXDOMAIN answers from RPZ. That is used by some clients to detect that
the domain is externally blocked. The RPZ option for-downstream can be
used like for auth zones, this allows the RPZ zone information to be
queried. That can be useful for monitoring scripts.

Features
- Fix #596: unset the RA bit when a query is blocked by an unbound
  RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
  signal that a domain is externally blocked to clients when it
  is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is
  authoritatively answered for, so the RPZ zone contents can be
  checked with DNS queries directed at the RPZ zone.
- Merge PR #616: Update ratelimit logic. It also introduces
  ratelimit-backoff and ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.

Bug Fixes
- Fix compile warning for if_nametoindex on windows 64bit.
- Merge PR #581 from fobser: Fix -Wmissing-prototypes and -Wshadow
  warnings in rpz.
- Fix validator debug output about DS support, print correct algorithm.
- Add code similar to fix for ldns for tab between strings, for
  consistency, the test case was not broken.
- Allow local-data for classes other than IN to inherit a configured
  local-zone's type if possible, instead of defaulting to type
  transparent as per the implicit rule.
- Fix to pick up other class local zone information before unlock.
- Add missing configure flags for optional features in the
  documentation.
- Fix Unbound capitalization in the documentation.
- Fix #591: Unbound-anchor manpage links to non-existent license file.
- contrib/aaaa-filter-iterator.patch file renewed diff content to
  apply cleanly to the current coderepo for the current code version.
- Fix to add test for rpz-signal-nxdomain-ra.
- Fix #596: only unset RA when NXDOMAIN is signalled.
- Fix that RPZ does not set RD flag on replies, it should be copied
  from the query.
- Fix for #596: fix that rpz return message is returned and not just
  the rcode from the iterator return path. This fixes signal unset RA
  after a CNAME.
- Fix unit tests for rpz now that the AA flag returns successfully from
  the iterator loop.
- Fix for #596: add unit test for nsdname trigger and signal unset RA.
- Fix for #596: add unit test for nsip trigger and signal unset RA.
- Fix #598: Fix unbound-checkconf fatal error: module conf
  'respip dns64 validator iterator' is not known to work.
- Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip
  triggered operation.
- Merge #600 from pemensik: Change file mode before changing file
  owner.
- Fix prematurely terminated TCP queries when a reply has the same ID.
- For #602: Allow the module-config "subnetcache validator cachedb
  iterator".
- Fix EDNS to upstream where the same option could be attached
  more than once.
- Add a region to serviced_query for allocations.
- For dnstap, do not wakeupnow right there. Instead zero the timer to
  force the wakeup callback asap.
- Fix #610: Undefine-shift in sldns_str2wire_hip_buf.
- Fix #588: Unbound 1.13.2 crashes due to p->pc is NULL in
  serviced_udp_callback.
- Merge PR #612: TCP race condition.
- Test for NSID in SERVFAIL response due to DNSSEC bogus.
- Fix #599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC
  document.
- Fix tls-* and ssl-* documented alternate syntax to also be available
  through remote-control and unbound-checkconf.
- Better cleanup on failed DoT/DoH listening socket creation.
- iana portlist update.
- Fix review comment for use-after-free when failing to send UDP out.
- Merge PR #603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA
  internals.
- Merge PR #532 from Shchelk: Fix: buffer overflow bug.
- Merge PR #617: Update stub/forward-host notation to accept port and
  tls-auth-name.
- Update stream_ssl.tdir test to also use the new forward-host
  notation.
- Fix header comment for doxygen for authextstrtoaddr.
- please clang analyzer for loop in test code.
- Fix docker splint test to use more portable uname.
- Update contrib/aaaa-filter-iterator.patch with diff for current
  software version.
- Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.

PR:	261888
commit hash: cfd10e7accaa70a2ca3b7f7954d0dd7aa10a66b9 commit hash: cfd10e7accaa70a2ca3b7f7954d0dd7aa10a66b9 commit hash: cfd10e7accaa70a2ca3b7f7954d0dd7aa10a66b9 commit hash: cfd10e7accaa70a2ca3b7f7954d0dd7aa10a66b9 cfd10e7
Tuesday, 14 Dec 2021
21:06 Cy Schubert (cy) search for other commits by this committer Author: Jaap Akkerhuis
dns/unbound: Update to 1.14.0

Changelog:

This release contains bug fixes and a full set of RPZ triggers and
actions that are supported. This works with RPZ zones, configured with
`rpz:`.

It is possible to selectively enable use of TCP for stub zones and
forward zones, without having enable it server wide, by enabling it
with the `stub-tcp-upstream: yes` and `forward-tcp-upstream: yes` options.

The added contrib/Dockerfile.tests from ziollek can be used to setup
a Docker environment to run tests in. The documentation is in the
doc/README.tests file.

If openssl it installed with different versions, you can set the
location as `--with-ssl=/usr/include/openssl11` and it then detects the
use of the lib dir split off in /usr/lib64/openssl11 with regex. This is
useful if to pass to configure if openssl is installed in such a manner.

The option `outbound-msg-retry` can be used to select the number of
retries when a non-positive response is received. It is best left at
default, but when the upstream is known to not need retries, it can be
lowered, because in that case the upstream is performing the retry for
non-positive responses.

The domain `home.arpa.` is set by default as blocked, as per RFC8375. If
you want to use it, unblock it with a local-zone nodefault statement, or
use another type of local-zone to override it with your choice.

In the config it is possible to enter IPv6 scope-id values with
interface names, instead of a number, for link-local addresses.

Features
- Merge #401: RPZ triggers. This add additional RPZ triggers,
  unbound supports a full set of rpz triggers, and this now
  includes nsdname, nsip and clientip triggers. Also actions
  are fully supported, and this now includes the tcp-only action.
- Merge #519: Support for selective enabling tcp-upstream for
  stub/forward zones.
- Merge PR #514, from ziollek: Docker environment for run tests.
- Support using system-wide crypto policies.
- Fix that --with-ssl can use "/usr/include/openssl11" to pass the
  location of a different openssl version.
- Merged #41 from Moritz Schneider: made outbound-msg-retry
  configurable.
- Implement RFC8375: Special-Use Domain 'home.arpa.'.
- Merge PR #555 from fobser: Allow interface names as scope-id in IPv6
  link-local addresses.

Bug Fixes
- Add test tool readzone to .gitignore.
- Merge #521: Update mini_event.c.
- Merge #523: fix: free() call more than once with the same pointer.
- For #519: note stub-tcp-upstream and forward-tcp-upstream in
  the example configuration file.
- For #519: yacc and lex. And fix python bindings, and test program
  unbound-dnstap-socket.
- For #519: fix comments for doxygen.
- Fix to print error from unbound-anchor for writing to the key
  file, also when not verbose.
- For #514: generate configure.
- Fix for #431: Squelch permission denied errors for udp connect,
  and udp send, they are visible at higher verbosity settings.
- Fix zonemd verification of key that is not in DNS but in the zone
  and needs a chain of trust.
- zonemd, fix order of bogus printout string manipulation.
- Fix to support harden-algo-downgrade for ZONEMD dnssec checks.
- Merge PR #528 from fobser: Make sldns_str2wire_svcparam_buf()
  static.
- Fix #527: not sending quad9 cert to syslog (and may be more).
- Fix sed script in ssldir split handling.
- Fix #529: Fix: log_assert does nothing if UNBOUND_DEBUG is
  undefined.
- Fix #531: Fix: passed to proc after free.
- Fix #536: error: RPZ: name of record (drop.spamhaus.org.rpz.local.)
  to insert into RPZ.
- Fix the stream wait stream_wait_count_lock and http2 buffer locks
  setup and desetup from race condition.
- Fix RPZ locks. Do not unlock zones lock if requested and rpz find
  zone does not find the zone. Readlock the clientip that is found
  for ipbased triggers. Unlock the nsdname zone lock when done.
  Unlock zone and ip in rpz nsip and nsdname callback. Unlock
  authzone and localzone if clientip found in rpz worker call.
- Fix compile warning in libunbound for listen desetup routine.
- Fix asynclook unit test for setup of lockchecks before log.
- Fix #533: Negative responses get cached even when setting
  cache-max-negative-ttl: 1
- Fix tcp fastopen failure when disabled, try normal connect instead.
- Fix #538: Fix subnetcache statistics.
- Small fixes for #41: changelog, conflicts resolved,
  processQueryResponse takes an iterator env argument like other
  functions in the iterator, no colon in string for set_option,
  and some whitespace style, to make it similar to the rest.
- Fix for #41: change outbound retry to int to fix signed comparison
  warnings.
- Fix root_anchor test to check with new icannbundle date.
- Fix initialisation errors reported by gcc sanitizer.
- Fix lock debug code for gcc sanitizer reports.
- Fix more initialisation errors reported by gcc sanitizer.
- Fix crosscompile on windows to work with openssl 3.0.0 the
  link with ws2_32 needs -l:libssp.a for __strcpy_chk.
  Also copy results from lib64 directory if needed.
- For crosscompile on windows, detect 64bit stackprotector library.
- Fix crosscompile shell syntax.
- Fix crosscompile windows to use libssp when it exists.
- For the windows compile script disable gost.
- Fix that on windows, use BIO_set_callback_ex instead of deprecated
  BIO_set_callback.
- Fix crosscompile script for the shared build flags.
- Fix to add example.conf note for outbound-msg-retry.
- Fix chaos replies to have truncation for short message lengths,
  or long reply strings.
- Fix to protect custom regional create against small values.
- Fix #552: Unbound assumes index.html exists on RPZ host.
- Fix that forward-zone name is documented as the full name of the
  zone. It is not relative but a fully qualified domain name.
- Fix analyzer review failure in rpz action override code to not
  crash on unlocking the local zone lock.
- Fix to remove unused code from rpz resolve client and action
  function.
- Merge #565: unbound.service.in: Disable ProtectKernelTunables again.
- Fix for #558: fix loop in comm_point->tcp_free when a comm_point is
  reclaimed more than once during callbacks.
- Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event.
- Improve EDNS option handling, now also works for synthesised
  responses such as local-data and server.id CH TXT responses.
- Merge PR #570 from rex4539: Fix typos.
- Fix for #570: regen aclocal.m4, fix configure.ac for spelling.
- Fix to make python module opt_list use opt_list_in.
- Fix #574: unbound-checkconf reports fatal error if interface names
  are used as value for interfaces:
- Fix #574: Review fixes for it.
- Fix #576: [FR] UB_* error codes in unbound.h
- Fix #574: Review fix for spelling.
- Fix to remove git tracking and ci information from release tarballs.
- iana portlist update.
- Merge PR #511 from yan12125: Reduce unnecessary linking.
- Merge PR #493 from Jaap: Fix generation of libunbound.pc.
- Merge PR #562 from Willem: Reset keepalive per new tcp session.
- Merge PR #522 from sibeream: memory management violations fixed.
- Merge PR #530 from Shchelk: Fix: dereferencing a null pointer.
- Fix #454: listen_dnsport.c:825: error: ‘IPV6_TCLASS’ undeclared.
- Fix #574: Review fixes for size allocation.
- Fix doc/unbound.doxygen to remove obsolete tag warning.

PR:		260360, 260417
Reported by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
commit hash: 0d90eb78507a50feb81110aeca63e118761f5a07 commit hash: 0d90eb78507a50feb81110aeca63e118761f5a07 commit hash: 0d90eb78507a50feb81110aeca63e118761f5a07 commit hash: 0d90eb78507a50feb81110aeca63e118761f5a07 0d90eb7
Monday, 16 Aug 2021
23:18 Renato Botelho (garga) search for other commits by this committer Author: Jaap Akkerhuis
dns/unbound: Update to 1.13.2

Added a new option DEP-RSA1024 to enable --with-deprecate-rsa-1024

Changelog:

- Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support.
  ZONEMD records are checked for zones loaded as auth-zone,
  with DNSSEC if available.  There is an added option
  zonemd-permissive-mode that makes it log but not fail wrong zones.
  With zonemd-reject-absence for an auth-zone the presence of a
  zonemd can be mandated for specific zones.
- Fix: Resolve interface names on control-interface too.
- Merge #470 from edevil: Allow configuration of persistent TCP
  connections.
- Fix #474: always_null and others inside view.
- Add that log-servfail prints an IP address and more information
  about one of the last failures for that query.
- Merge #478: Allow configuration of TCP timeout while waiting for
  response.
- Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024.
- Move the NSEC3 max iterations count in line with the 150 value
  used by BIND, Knot and PowerDNS. This sets the default value
  for it in the configuration to 150 for all key sizes.
- zonemd-check: yesno option, default no, enables the processing
  of ZONEMD records for that zone.
- Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable.
- Merge PR #491: Add SVCB and HTTPS types and handling according to
  draft-ietf-dnsop-svcb-https.
- Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.

PR:		257809
Sponsored by:	Rubicon Communications, LLC ("Netgate")
commit hash: 42ac7e7f9340538fe67de858198323991d326087 commit hash: 42ac7e7f9340538fe67de858198323991d326087 commit hash: 42ac7e7f9340538fe67de858198323991d326087 commit hash: 42ac7e7f9340538fe67de858198323991d326087 42ac7e7
Tuesday, 6 Apr 2021
14:31 Mathieu Arnold (mat) search for other commits by this committer
Remove # $FreeBSD$ from Makefiles.
commit hash: 305f148f482daf30dcf728039d03d019f88344eb commit hash: 305f148f482daf30dcf728039d03d019f88344eb commit hash: 305f148f482daf30dcf728039d03d019f88344eb commit hash: 305f148f482daf30dcf728039d03d019f88344eb 305f148
Tuesday, 9 Feb 2021
19:49 nc search for other commits by this committer
dns/unbound: Update to 1.13.1

Changes: https://nlnetlabs.nl/news/2021/Feb/09/unbound-1.13.1-released/

PR:		253376
Submitted by:	Jaap Akkerhuis <jaap AT NLnetLabs DOT nl> (maintainer)
Original commitRevision:564806 
Thursday, 17 Dec 2020
09:38 brnrd search for other commits by this committer
dns/unbound: SIGSEGV fix

PR:		251821
Submitted by:	delphij
Approved by:	Jaap Akkerhuis (maintainer)
Obtained from:	https://github.com/NLnetLabs/unbound/issues/376
MFH:		2020Q4
Original commitRevision:558269 
Saturday, 12 Dec 2020
16:54 brnrd search for other commits by this committer
dns/unbound: Security update to 1.13.0

 * Sort options and port_docs while here

PR:		251563
Submitted by:	Jaap Akkerhuis <jaap nlnetlabs nl> (maintainer)
Approved by:	maintainer (implicit)
MFH:		2020Q4
Security:	388ebb5b-3c95-11eb-929d-d4c9ef517024
Original commitRevision:557836 
Monday, 12 Oct 2020
15:33 garga search for other commits by this committer
dns/unbound: Update to 1.12.0

PR:		250199
Submitted by:	maintainer
Sponsored by:	Rubicon Communications, LLC (Netgate)
Original commitRevision:552135 
Friday, 21 Aug 2020
14:17 lwhsu search for other commits by this committer
dns/unbound: Update to 1.11.0

PR:		248808
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Original commitRevision:545599 
Friday, 10 Jul 2020
09:37 danfe search for other commits by this committer
Unbreak the build with FILTER_AAAA option.

PR:	246648
Original commitRevision:541850 
Wednesday, 17 Jun 2020
18:17 sunpoet search for other commits by this committer
Move devel/swig30 to devel/swig and update to 4.0.1

- Do not silence installation message
- Update dependent ports:
  - Fix build with swig 4.0.1
  - Update *_DEPENDS
  - Remove BINARY_ALIAS

Changes:	http://www.swig.org/news.php
PR:		246613
Exp-run by:	antoine
Original commitRevision:539491 
Tuesday, 19 May 2020
19:02 delphij search for other commits by this committer
dns/unbound: update to 1.10.1.

PR:		246569
Submitted by:	Jaap Akkerhuis (maintainer)
MFH:		2020Q2
Security:	CVE-2020-12662, CVE-2020-12663
Original commitRevision:535884 
Saturday, 22 Feb 2020
13:59 pi search for other commits by this committer
dns/unbound: update 1.9.6 -> 1.10.0

PR:		244244
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Relnotes:	https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244244#c0
Original commitRevision:526776 
Monday, 16 Dec 2019
09:44 joneum search for other commits by this committer
Update to 1.9.6

PR:		242603
Sponsored by:	Netzkommune GmbH
Original commitRevision:520238 
Saturday, 23 Nov 2019
12:54 joneum search for other commits by this committer
Update to 1.9.5

Changelog:
https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module

PR:		242075
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH:		2019Q4
Sponsored by:	Netzkommune GmbH
Original commitRevision:518229 
Thursday, 3 Oct 2019
19:28 sunpoet search for other commits by this committer
Update to 1.9.4

Changes:	https://github.com/NLnetLabs/unbound/blob/master/doc/Changelog
PR:		241033
Reported by:	C <cm@appliedprivacy.net>
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Security:	108a4be3-e612-11e9-9963-5f1753e0aca0
MFH:		2019Q4
Original commitRevision:513730 
Monday, 2 Sep 2019
16:31 swills search for other commits by this committer
dns/unbound: update to 1.9.3

Whil here, improve rc script

PR:		240163
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Original commitRevision:510824 
Friday, 2 Aug 2019
13:30 jbeich search for other commits by this committer
devel/libevent2: update to 2.1.11

Changes:	https://github.com/libevent/libevent/releases/tag/release-2.1.11-stable
ABI:		https://abi-laboratory.pro/tracker/timeline/libevent/
PR:		239599
Reported by:	GitHub (watch releases)
Approved by:	zeising (maintainer)
MFH:		2019Q3 (maybe security, partially restores 2.1.8 ABI)
Differential Revision:	https://reviews.freebsd.org/D21133
Original commitRevision:507877 
Wednesday, 19 Jun 2019
04:56 joneum search for other commits by this committer
Update to 1.9.2

PR:		238651
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by:	Netzkommune GmbH
Original commitRevision:504511 
Monday, 18 Mar 2019
11:35 swills search for other commits by this committer
dns/unbound: update to 1.9.1

PR:		236575
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Original commitRevision:496136 
Monday, 11 Feb 2019
13:58 garga search for other commits by this committer
dns/unbound: Import patch to fix hostname verification with OpenSSL 1.0.2

PR:		235571
Approved by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Obtained from:	https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4206#c5
		https://github.com/pfsense/FreeBSD-ports/commit/af2c493a0dfa99e2afc6e3f9236aad10021d6b39
Sponsored by:	Rubicon Communications, LLC (Netgate)
Original commitRevision:492694 
Tuesday, 5 Feb 2019
14:27 sunpoet search for other commits by this committer
Update to 1.9.0

Changes:	https://www.nlnetlabs.nl/svn/unbound/tags/release-1.9.0/doc/Changelog
PR:		235522
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Original commitRevision:492239 
Wednesday, 26 Dec 2018
22:20 swills search for other commits by this committer
dns/unbound: Update to 1.8.3

PR:		233933
Submitted by:	jaap@NLnetLabs.nl
Original commitRevision:488471 
Monday, 10 Dec 2018
16:20 swills search for other commits by this committer
dns/unbound: fix DNSTAP build failure

PR:		233891
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Reported by:	O. Hartmann <ohartmann@walstatt.org>
Original commitRevision:487181 
Sunday, 9 Dec 2018
01:06 swills search for other commits by this committer
dns/unbound: Update to 1.8.2

PR:		233796
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:487005 
Monday, 8 Oct 2018
17:29 swills search for other commits by this committer
dns/unbound upgrade to 1.8.1

PR:		232070
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:481552 
Monday, 1 Oct 2018
23:33 swills search for other commits by this committer
dns/unbound: remove unnecessary LIBEVENT_USES

PR:		231488
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:481078 
Thursday, 20 Sep 2018
14:42 swills search for other commits by this committer
dns/unbound: Fix configure in some cases

Fix configure by adding missing pkgconfig to uses

PR:		231488
Submitted by:	leres (solution, via email), mfechner (patch)
Reported by:	leres, mfechner
Approved by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:480177 
Tuesday, 18 Sep 2018
18:28 swills search for other commits by this committer
dns/unbound: Fix OPTIONS_DEFINE reference

Missed in previous commit

PR:		231283
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Pointyhat to:	swills
Original commitRevision:480058 
18:24 swills search for other commits by this committer
dns/unbound: update to 1.8.0

Bump PORTREVISION on consumers due to library major version change

PR:		231283
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:480056 
Thursday, 21 Jun 2018
21:12 sunpoet search for other commits by this committer
Update to 1.7.3

Changes:	https://www.nlnetlabs.nl/svn/unbound/tags/release-1.7.3/doc/Changelog
PR:		229202
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Original commitRevision:473002 
Thursday, 14 Jun 2018
23:22 swills search for other commits by this committer
dns/unbound: upgrade to 1.7.2

PR:		228889
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:472412 
Tuesday, 22 May 2018
16:42 brnrd search for other commits by this committer
dns/unbound: Bump portrevision

 - Follow-up of r470572

PR:		228390
Reported by:	adamw
MFH:		2018Q2
Original commitRevision:470626 
Thursday, 10 May 2018
14:50 miwi search for other commits by this committer
- Update to 2.5.9
- Update WWW

PR:	227949
Submitted by:	maintainer
Sponsored by:     iXsystems Inc.
Original commitRevision:469556 
Wednesday, 21 Mar 2018
17:00 pi search for other commits by this committer
dns/unbound: upgrade 1.6.8 -> 1.7.0

Features
- auth-zone provides a way to configure RFC7706 from unbound.conf,
  eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
  fallback-enabled: yes and masters or a zonefile with data.
- Aggressive use of NSEC implementation. Use cached NSEC records to
  generate NXDOMAIN, NODATA and positive wildcard answers.
- Accept tls-upstream in unbound.conf, the ssl-upstream keyword is
  also recognized and means the same.  Also for tls-port,
  tls-service-key, tls-service-pem, stub-tls-upstream and
  forward-tls-upstream.
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
  from Manu Bretelle.
  This option allows handling multiple cert/key pairs while only
  distributing some of them.
  In order to reliably match a client magic with a given key without
  strong assumption as to how those were generated, we need both key and
  cert. Likewise, in order to know which ES version should be used.
  On the other hand, when rotating a cert, it can be desirable to only
  serve the new cert but still be able to handle clients that are still
  using the old certs's public key.
  The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
  publish the cert as part of the DNS's provider_name's TXT answer.
- Update B root ipv4 address.
- make ip-transparent option work on OpenBSD.
- Fix #2801: Install libunbound.pc.
- ltrace.conf file for libunbound in contrib.
- Fix #3598: Fix swig build issue on rhel6 based system.
  configure --disable-swig-version-check stops the swig version check.

Bug Fixes
- Fix #1749: With harden-referral-path: performance drops, due to
  circular dependency in NS and DS lookups.
- [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert
  duplicates
- Better documentation for cache-max-negative-ttl.
- Fixed libunbound manual typo.
- Fix #1949: [dnscrypt] make provider name mismatch more obvious.
- Fix #2031: Double included headers
- Document that errno is left informative on libunbound config read
  fail.
- iana port update.
- Fix #1913: ub_ctx_config is under circumstances thread-safe.
- Fix #2362: TLS1.3/openssl-1.1.1 not working.
- Fix #2034 - Autoconf and -flto.
- Fix #2141 - for libsodium detect lack of entropy in chroot, print
  a message and exit.
- Fix #2492: Documentation libunbound.
- Fix #2882: Unbound behaviour changes (wrong) when domain-insecure is
  set for stub zone.  It no longer searches for DNSSEC information.
- Fix #3299 - forward CNAME daisy chain is not working
- Fix link failure on OmniOS.
- Check whether --with-libunbound-only is set when using --with-nettle
  or --with-nss.
- Fix qname-minimisation documentation (A QTYPE, not NS)
- Fix that DS queries with referral replies are answered straight
  away, without a repeat query picking the DS from cache.
  The correct reply should have been an answer, the reply is fixed
  by the scrubber to have the answer in the answer section.
- Fix that expiration date checks don't fail with clang -O2.
- Fix queries being leaked above stub when refetching glue.
- Copy query and correctly set flags on REFUSED answers when cache
  snooping is not allowed.
- make depend: code dependencies updated in Makefile.
- Fix #3397: Fix that cachedb could return a partial CNAME chain.
- Fix #3397: Fix that when the cache contains an unsigned DNAME in
  the middle of a cname chain, a result without the DNAME could
  be returned.
- Fix that unbound-checkconf -f flag works with auto-trust-anchor-file
  for startup scripts to get the full pathname(s) of anchor file(s).
- Print fatal errors about remote control setup before log init,
  so that it is printed to console.
- Use NSEC with longest ce to prove wildcard absence.
- Only use *.ce to prove wildcard absence, no longer names.
- Fix unfreed locks in log and arc4random at exit of unbound.
- Fix lock race condition in dns cache dname synthesis.
- Fix #3451: dnstap not building when you have a separate build dir.
  And removed protoc warning, set dnstap.proto syntax to proto2.
- Added tests with wildcard expanded NSEC records (CVE-2017-15105 test)
- Unit test for auth zone https url download.
- tls-cert-bundle option in unbound.conf enables TLS authentication.
- Fixes for clang static analyzer, the missing ; in
  edns-subnet/addrtree.c after the assert made clang analyzer
  produce a failure to analyze it.
- Fix #3505: Documentation for default local zones references
  wrong RFC.
- Fix #3494: local-zone noview can be used to break out of the view
  to the global local zone contents, for queries for that zone.
- Fix for more maintainable code in localzone.
- more robust cachedump rrset routine.
- Save wildcard RRset from answer with original owner for use in
  aggressive NSEC.
- Fixup contrib/fastrpz.patch so that it applies.
- Fix compile without threads, and remove unused variable.
- Fix compile with staticexe and python module.
- Fix nettle compile.
- Fix to check define of DSA for when openssl is without deprecated.
- iana port update.
- Fix #3582: Squelch address already in use log when reuseaddr option
  causes same port to be used twice for tcp connections.
- Reverted fix for #3512, this may not be the best way forward;
  although it could be changed at a later time, to stay similar to
  other implementations.
- Fix for windows compile.
- Fixed contrib/fastrpz.patch, even though this already applied
  cleanly for me, now also for others.
- patch to log creates keytag queries, from A. Schulze.
- patch suggested by Debian lintian: allow to -> allow one to, from
  A. Schulze.
- Attempt to remove warning about trailing whitespace.
- Added documentation for aggressive-nsec: yes.

PR:		226822
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:465195 
Tuesday, 27 Feb 2018
13:03 mat search for other commits by this committer
Switch some MASTER_SITES from http/ftp to https.

Also some cleanup of dead entries.

PR:		226203
Submitted by:	Sam H
Sponsored by:	Absolight
Original commitRevision:463123 
Monday, 19 Feb 2018
11:10 antoine search for other commits by this committer
Reduce dependency on the python2 metaport

PR:		225752
Submitted by:	Yasuhiro KIMURA
Original commitRevision:462307 
Wednesday, 31 Jan 2018
00:28 adamw search for other commits by this committer
Bump PORTREVISION after r459983
Original commitRevision:460451 
Friday, 19 Jan 2018
16:27 dbaio search for other commits by this committer
dns/unbound: Update to 1.6.8, Fixes security vulnerability

PR:		225313
Submitted by:	jaap@NLnetLabs.nl (maintainer)
MFH:		2018Q1
Security:	8d3bae09-fd28-11e7-95f2-005056925db4
Original commitRevision:459435 
Thursday, 26 Oct 2017
18:42 tijl search for other commits by this committer
After r452629 also bump ports that optionally depend on libsodium.

PR:		223192
Original commitRevision:452938 
Thursday, 12 Oct 2017
14:44 dbaio search for other commits by this committer
dns/unbound: Update to 1.6.7

Changes:	http://www.unbound.net/pipermail/unbound-users/2017-October/004972.html

PR:		222941
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:451881 
Friday, 22 Sep 2017
00:51 dbaio search for other commits by this committer
dns/unbound: Update to 1.6.6

Changes:	http://www.unbound.net/pipermail/unbound-users/2017-September/004936.html

PR:		222503
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:450314 
Monday, 21 Aug 2017
21:45 swills search for other commits by this committer
dns/unbound: Upgrade to 1.6.5

PR:		221692
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:448504 
Sunday, 23 Jul 2017
14:16 sunpoet search for other commits by this committer
Fix typo

Approved by:	portmgr (blanket)
Original commitRevision:446478 
14:03 eugen search for other commits by this committer
Base system contains unbound without libevent support enabled.
Enable libevent by default for the port dns/unbound for performance reasons.

PR:		220733
Submitted by:	Dmitry Luhtionov
Approved by:	jaap (maintainer), az (mentor)
Original commitRevision:446477 
Wednesday, 12 Jul 2017
22:44 dbaio search for other commits by this committer
dns/unbound: Update to 1.6.4

Changes:	http://www.unbound.net/pipermail/unbound-users/2017-June/004818.html

PR:		220673
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Approved by:	garga (mentor, implicit)
Original commitRevision:445613 
Tuesday, 13 Jun 2017
20:37 adamw search for other commits by this committer
Update unbound to 1.6.3.

This release fixes a spurious assertion failure when unbound receives a
malformed packet with 0x20 enabled.

Bug Fixes
- Fix #1280: Unbound fails assert when response from authoritative
  contains malformed qname. When 0x20 caps-for-id is enabled, when
  assertions are not enabled the malformed qname is handled correctly.

PR:		219958
Submitted by:	maintainer (jaap NLnetLabs nl)
Original commitRevision:443538 
Thursday, 4 May 2017
01:49 ler search for other commits by this committer
Correct typo in DNSCRYPT option description

PR:	219052
Submitted by: greenreaper@hotmail.com
Reportee by:
Approved by:	adamw (mentor, implicit)
Original commitRevision:440077 
Saturday, 29 Apr 2017
20:59 pi search for other commits by this committer
dns/unbound: update 1.6.1 -> 1.6.2

PR:		218872
Changes:	http://www.unbound.net/pipermail/unbound-users/2017-April/004762.html
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:439775 
Wednesday, 8 Mar 2017
01:48 wen search for other commits by this committer
- Update to 1.6.1

PR:		217614
Submitted by:	jaap@NLnetLabs.nl(maintainer)
Original commitRevision:435651 
Friday, 3 Mar 2017
04:12 miwi search for other commits by this committer
- Chase ldns shlip bump

PR:		217495
Original commitRevision:435306 
Monday, 20 Feb 2017
02:57 jbeich search for other commits by this committer
devel/libevent2: drop historical suffix after r362796

PR:		216777
Approved by:	mm (maintainer)
Original commitRevision:434427 
Saturday, 4 Feb 2017
07:56 jbeich search for other commits by this committer
devel/libevent2: update to 2.1.8 and cleanup

- DEFAULT_VERSIONS += ssl=openssl-devel is now supported
- devel/py-event and devel/p5-Event-Lib are marked BROKEN

Changes:	https://github.com/libevent/libevent/raw/release-2.1.8-stable/whatsnew-2.1.txt
Changes:	https://github.com/libevent/libevent/raw/release-2.1.8-stable/ChangeLog
PR:		216527
Exp-run by:	antoine
Approved by:	mm (maintainer)
Original commitRevision:433286 
Wednesday, 11 Jan 2017
10:08 amdmi3 search for other commits by this committer
- Remove always-true/false conditions after FreeBSD 9, 10.1, 10.2 EOL

Approved by:	portmgr blanket
Original commitRevision:431169 
Saturday, 17 Dec 2016
13:20 sunpoet search for other commits by this committer
- Update to 1.6.0
- Do not silence installation message
- While I'm here:
  - Move LIB_DEPENDS upwards
  - Use = instead of += for CONFIGURE_ARGS and USES
  - Convert to options helper
  - Use TEST_TARGET

Changes:	https://unbound.nlnetlabs.nl/pipermail/unbound-users/2016-December/004587.html
PR:		215322
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Original commitRevision:428760 
Thursday, 10 Nov 2016
01:21 linimon search for other commits by this committer
Mark as broken on aarch64: fails to link with sbrk.

While here, pet portlint and remove stale ia64 lines.

Approved by:	portmgr (tier-2 blanket)
Original commitRevision:425823 
Sunday, 2 Oct 2016
10:30 pawel search for other commits by this committer
Update to version 1.5.10

In this release there is a fix for long downtime after connectivity
loss, which was a longstanding unsolved issue.  Features for tcp, TCP
Fast Open and timeout pressure to close connections when the tcp
connections are getting full.  Option to use ipv6 /64 for extra entropy.

Features
- Create a pkg-config file for libunbound in contrib.
- TCP Fast open patch from Sara Dickinson.
- Finegrained localzone control with define-tag, access-control-tag,
  access-control-tag-action, access-control-tag-data, local-zone-tag, and
  local-zone-override. And added types always_transparent, always_refuse,
  always_nxdomain with that.
- If more than half of tcp connections are in use, a shorter timeout
  is used (200 msec, vs 2 minutes) to pressure tcp for new connects.
- [bugzilla: 787 ] Fix #787: outgoing-interface netblock/64 ipv6
  option to use linux freebind to use 64bits of entropy for every query
  with random local part.
- For #787: prefer-ip6 option for unbound.conf prefers to send
  upstream queries to ipv6 servers.
- Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e.
- keep debug symbols in windows build.

PR:		213043
Submitted by:	maintainer
Original commitRevision:423108 
Wednesday, 24 Aug 2016
15:11 mat search for other commits by this committer
Do not auto-enable unbound munin plugins when installing unbound.

PR:		211999
Submitted by:	maintainer
Reported by:	wollman
Sponsored by:	Absolight
Original commitRevision:420799 
Saturday, 18 Jun 2016
21:53 rm search for other commits by this committer
dns/unbound: update to 1.5.9

PR:		210257
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:417091 
Friday, 1 Apr 2016
14:00 mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.

With hat:	portmgr
Sponsored by:	Absolight
Original commitRevision:412346 
Tuesday, 15 Mar 2016
06:19 ohauer search for other commits by this committer
- Update unbound to version 1.5.8

- add OPTION for DNSTAP logging support
- rename OPTION s/MUNIN/MUNIN_PLUGIN/ so it is consistent with nsd
- use OPTIONS_SUB
- use ${opt}_target
- use @sample macro for unbound.conf
- sort pkg-plist

Features
- ip-transparent option for FreeBSD with IP_BINDANY socket option.
- insecure-lan-zones: yesno config option, patch from Dag-Erling Smorgrav.
- RR Type CSYNC support RFC 7477, in debug printout and config input.
- RR Type OPENPGPKEY support (draft-ietf-dane-openpgpkey-07).
- [bugzilla: 731 ] tcp-mss, outgoing-tcp-mss options for unbound.conf, patch
  from Daisuke Higashi.
- Support RFC7686: handle ".onion" Special-Use Domain. It is blocked by
  default, andcan be unblocked with "nodefault" localzone config.
- ub_ctx_set_stub() function for libunbound to config stub zones.

The release fixes line endings in the unbound-control-setup script, and
a potential gost-hash validation failure and handles the ".onion" domain
to avoid privacy leakage.

PR:		207948
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:411142 
Thursday, 11 Feb 2016
14:40 az search for other commits by this committer
assign port to the new maintainer (jaap@NLnetLabs.nl)

Submitted by:	sem@FreeBSD.org (maintainer) via private email
Original commitRevision:408686 
Thursday, 4 Feb 2016
15:58 erwin search for other commits by this committer
- Update unbound to 1.5.7
- Bump PORTREVISIOn on dependent ports

Some Upgrade Notes:

This release fixes a validation failure for nodata with wildcards and
emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
response for malformed EDNS queries. For crypto in libunbound there is
libnettle support.

Qname minimisation is implemented. Use qname-minimisation: yes to
enable it. This version sends the full query name when an error is
found for intermediate names. It should therefore not fail for names
on nonconformant servers. It combines well with
harden-below-nxdomain: yes because those nxdomains are probed by the
qname minimisation, and that will both stop privacy sensitive traffic
and reduce nonsense traffic to authority servers. So consider
enabling both. In this implementation IPv6 reverse lookups add
several labels per increment, because otherwise those lookups would be
very slow. [ Reference
https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ]

More details at <http://unbound.net>

PR:		206347
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
Approved by:	maintainer timeout
Sponsored by:	DK Hostmaster A/S
Original commitRevision:408047 
Sunday, 11 Oct 2015
12:58 sem search for other commits by this committer
- Update to 1.5.5
Original commitRevision:399086 
Wednesday, 19 Aug 2015
15:49 sem search for other commits by this committer
- Fix LibreSSL issue (from upstream)
- Add autoreconf to USES
- Satisfy portlint -AC
- Add regress-test target
- Back FILTER_AAAA option

PR:		202407
Submitted by:	brnrd
Original commitRevision:394796 
Monday, 17 Aug 2015
19:31 sem search for other commits by this committer
- Update to 1.5.4
- Disable FILTER_AAAA option. The patch is obsolated.

PR:		202385
Submitted by:	edwin
Original commitRevision:394528 
Sunday, 2 Aug 2015
15:03 tijl search for other commits by this committer
By default libtool replaces -export-symbols <file> with -retain-symbols-file
<file> on ELF systems, but this doesn't really do what -export-symbols is
meant to do.  On GNU ELF systems it converts <file> to a simple version
script first and then uses -version-script instead of -retain-symbols-file.
Let USES=libtool patch libtool scripts to do this on all systems with GNU
ld(1).

Bump PORTREVISION on all ports where the build log contains -export-symbols.

audio/calf: This port builds a module that now exports only one function,
but it also builds a number of executables that link to this module and
expect to see other functions.  Because it's already a bit dodgy to link to
a module (libtool warns about this) let the module continue to export only
one function and instead build an ordinary library from the same source that
the executables can link to.  Fix a number of other issues in the same
Makefile.am and clean up the port Makefile.

japanese/scim-honoka: Tries to hide all symbols that start with an
underscore, but because this library is written in C++ all symbols start
with _Z so it ends up hiding everything.  Just don't hide anything at all
like the textproc/scim configure script does.

multimedia/schroedinger: Apply an upstream patch.

textproc/scim-input-pad: Same as japanese/scim-honoka.

PR:		201922
Approved by:	portmgr (antoine)
Exp-run by:	antoine
Original commitRevision:393429 
Wednesday, 13 May 2015
04:55 amdmi3 search for other commits by this committer
- Add CPE info
- Fix LICENSE
- Fix WWW:

Approved by:	portmgr blanket
Original commitRevision:386199 
Monday, 16 Mar 2015
15:36 sem search for other commits by this committer
- Forgotten option description

Submitted by:	darksoul@darkbsd.org
Original commitRevision:381412 
15:33 sem search for other commits by this committer
- Fix option name
- Hide patch output
Original commitRevision:381411 
15:26 sem search for other commits by this committer
- fix cut&paste problem
Original commitRevision:381410 
14:47 sem search for other commits by this committer
- Option to apply contrib/aaaa-filter-iterator.patch

PR:		198581
Submitted by:	darksoul@darkbsd.org
Original commitRevision:381404 
Thursday, 12 Mar 2015
14:47 sem search for other commits by this committer
- Update to 1.5.3

PR:		198538
Submitted by:	garga
Original commitRevision:381096 
Thursday, 19 Feb 2015
17:55 sem search for other commits by this committer
- Update to 1.5.2
Original commitRevision:379354 
Wednesday, 10 Dec 2014
13:44 sem search for other commits by this committer
- Do not remove /var/run/unbound for smooth upgrading.

PR:		195846
Submitted by:	roberto
Original commitRevision:374456 
Tuesday, 9 Dec 2014
17:11 sem search for other commits by this committer
- Fix build with python
- Fix plist

PR:		195803
Original commitRevision:374408 
02:18 sem search for other commits by this committer
- Upgrade to 1.5.1. It fixes CVE-2014-8602.
- Mark python support as broken: does not build.

PR:		195814, 195803
Submitted by:	Kenji Rikitake, Jeroen
Original commitRevision:374343 
Saturday, 6 Dec 2014
01:12 sem search for other commits by this committer
- Remove redundant build,run options for python dependency

Submitted by:	Ruslan Makhmatkhanov
Original commitRevision:374084 
Friday, 5 Dec 2014
19:00 sem search for other commits by this committer
- Fix python dependency

PR:		194447
Submitted by:	Andrew Berg <aberg010@my.hennepintech.edu>
Original commitRevision:374078 
18:52 sem search for other commits by this committer
- Update to 1.5.0
- Removed FreeBSD 10 check for libevent, because of upstream fixes (as stated in
changelog)
- Converted files/patch-Makefile.in to sed patch, which is position independent

PR:		195674
Submitted by:	lightside@gmx.com
Original commitRevision:374077 
Monday, 1 Dec 2014
15:05 feld search for other commits by this committer
Remove BROKEN for LIBEVENT and 10.0+ and replace with an appropriate
warning in the pkg-message

PR:		191532
Original commitRevision:373710 
Thursday, 23 Oct 2014
19:54 marino search for other commits by this committer
dns/unbound: check OPSYS with OSVERION (check broke DragonFly)
Original commitRevision:371404 
Sunday, 19 Oct 2014
15:43 mva search for other commits by this committer
- Convert ports from dns/, editors/ and emulators/ to new
  USES=python

Approved by:	portmgr (implicit)
Original commitRevision:371188 

Number of commits found: 178 (showing only 100 on this page)

1 | 2  »