---
- branch: MAIN
  date: Mon May  7 07:13:28 UTC 2018
  files:
  - new: '1.55'
    old: '1.54'
    path: pkgsrc/net/unbound/Makefile
    pathrev: pkgsrc/net/unbound/Makefile@1.55
    type: modified
  - new: '1.41'
    old: '1.40'
    path: pkgsrc/net/unbound/distinfo
    pathrev: pkgsrc/net/unbound/distinfo@1.41
    type: modified
  - new: '1.2'
    old: '1.1'
    path: pkgsrc/net/unbound/patches/patch-configure
    pathrev: pkgsrc/net/unbound/patches/patch-configure@1.2
    type: modified
  id: 20180507T071328Z.887affa1656ae786c47fa049f61277578c5a2799
  log: |
    Upgrade unbound to version 1.7.1.

    Upstream changes:

    Features
    - Add --with-libhiredis, unbound support for a new cachedb
      backend that uses a Redis server as the storage.  This
      implementation depends on the hiredis client library
      (https://redislabs.com/lp/hiredis/).
      And unbound should be built with both --enable-cachedb and
      --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
      should exist).  Patch from Jinmei Tatuya (Infoblox).
    - Create additional tls service interfaces by opening them on other
      portnumbers and listing the portnumbers as additional-tls-port: nr.
    - ED448 support.
    - num.query.authzone.up and num.query.authzone.down statistics counters.
    - Accept both option names with and without colon for get_option
      and set_option.
    - low-rtt and low-rtt-pct in unbound.conf enable the server selection
      of fast servers for some percentage of the time.
    - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN
      statistics counters.
    - allow-notify: config statement for auth-zones.
    - Can set tls authentication with forward-addr: IP#tls.auth.name
      And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".
      such as forward-addr: 9.9.9.9@853#dns.quad9.net or
      1.1.1.1@853#cloudflare-dns.com
    - list_auth_zones unbound-control command.
    - Added root-key-sentinel support

    Bug Fixes
    - Fix #3727: Protocol name is TLS, options have been renamed but
      documentation is not consistent.
    - Check IXFR start serial.
    - Fix typo in documentation.
    - Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually
      flushed with serve-expired on.
    - Fix #3817: core dump happens in libunbound delete, when queued
      servfail hits deleted message queue.
    - corrected a minor typo in the changelog.
    - move htobe64/be64toh portability code to cachedb.c.
    - iana port update.
    - Do not use cached NSEC records to generate negative answers for
      domains under DNSSEC Negative Trust Anchors.
    - Fix unbound-control get_option aggressive-nsec
    - Check "result" in dup_all(), by Florian Obser.
    - Fix #4043: make test fails due to v6 presentation issue in macOS.
    - Fix unable to resolve after new WLAN connection, due to auth-zone
      failing with a forwarder set.  Now, auth-zone is only used for
      answers (not referrals) when a forwarder is set.
    - Combine write of tcp length and tcp query for dns over tls.
    - nitpick fixes in example.conf.
    - Fix above stub queries for type NS and useless delegation point.
    - Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3
      tls_choose_sigalg routine does not allow the ciphers for the pipe,
      so use TLSv1.2.
    - Fix that flush_zone sets prefetch ttl expired, so that with
      serve-expired enabled it'll start prefetching those entries.
    - Fix downstream auth zone, only fallback when auth zone fails to
      answer and fallback is enabled.
    - Fix for max include depth for authzones.
    - Fix memory free on fail for $INCLUDE in authzone.
    - Fix that an internal error to look up the wrong rr type for
      auth zone gets stopped, before trying to send there.
    - Fix auth zone target lookup iterator.
    - Fix auth-zone retry timer to be on schedule with retry timeout,
      with backoff.  Also time a refresh at the zone expiry.
    - Fix #658: unbound using TLS in a forwarding configuration does not
      verify the server's certificate (RFC 8310 support).
    - For addr with #authname and no @port notation, the default is 853.
    - man page documentation for dns-over-tls forward-addr '#' notation.
    - removed free from failed parse case.
    - Fix #4091: Fix that reload of auth-zone does not merge the zonefile
      with the previous contents.
    - Delete auth zone when removed from config.
    - makedist uses bz2 for expat code, instead of tar.gz.
    - Fix #4092: libunbound: use-caps-for-id lacks colon in
      config_set_option.
    - auth zone http download stores exact copy of downloaded file,
      including comments in the file.
    - Fix sldns parse failure for CDS alternate delete syntax empty hex.
    - Attempt for auth zone fix; add of callback in mesh gets from
      callback does not skip callback of result.
    - Fix cname classification with qname minimisation enabled.
    - Fix contrib/fastrpz.patch for this release.
    - Fix auth https for libev.
    - Fix memory leak when caching wildcard records for aggressive NSEC use
    - Fix for crash in daemon_cleanup with dnstap during reload,
      from Saksham Manchanda.
    - Also that for dnscrypt.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/net/unbound'
  unixtime: '1525677208'
  user: he