Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 69DB563BAE5
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Mon, 26 Jul 2010 19:09:22 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 0)
	id CE72C63B104; Mon, 26 Jul 2010 19:09:21 +0000 (UTC)
Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd])
	by mail.netbsd.org (Postfix) with ESMTP id 1CF0363B101
	for <pkgsrc-changes@NetBSD.org>; Mon, 26 Jul 2010 19:09:20 +0000 (UTC)
Received: by cvs.netbsd.org (Postfix, from userid 500)
	id 09725175DD; Mon, 26 Jul 2010 19:09:20 +0000 (UTC)
MIME-Version: 1.0
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Date: Mon, 26 Jul 2010 19:09:19 +0000
From: Fredrik Pettai <pettai@netbsd.org>
Subject: CVS commit: pkgsrc/net/unbound
To: pkgsrc-changes@NetBSD.org
Reply-To: pettai@netbsd.org
X-Mailer: log_accum
Message-Id: <20100726190920.09725175DD@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: list

Module Name:	pkgsrc
Committed By:	pettai
Date:		Mon Jul 26 19:09:19 UTC 2010

Modified Files:
	pkgsrc/net/unbound: Makefile distinfo
	pkgsrc/net/unbound/patches: patch-ac

Log Message:
unbound-1.4.5:

Features:
* unbound-control get_option domain-insecure shows config file items.
* Autotrust anchor file can be initialized with a ZSK key as well
  (if the domain's DNSKEY set is signed with that ZSK).
* Conforms to draft-ietf-dnsop-default-local-zones-13. Added default
  reverse lookup blocks for IPv4 test nets 100.51.198.in-addr.arpa,
  113.0.203.in-addr.arpa and Orchid prefix 0.1.1.0.0.2.ip6.arpa.
* Contribution from Migiel de Vos (Surfnet): nagios patch for unbound-host,
  in contrib/ (in the source tarball). Makes unbound-host suitable for
  monitoring dnssec(-chain) status.
* GOST disabled-by-default, the algorithm number is allocated but the RFC
  is still has to pass AUTH48 at the IETF.

Bug Fixes:
* Fix validation failure for qtype ANY caused by a RRSIG parse failure.
  The validator error message was 'no signatures from ...'.
* Squelch log message: sendto failed permission denied for 255.255.255.255,
  it is visible in VERB_DETAIL (verbosity 2).
* Fix fetch from blacklisted dnssec lame servers as last resort.
  The server's IP address is then given in validator errors as well.
* Fix local-zone type redirect that did not use the query name for the
  answer rrset.
* Compile fix using Sun Studio 12 compiler on Solaris 5.9, use CPPFLAGS
  during configure process.
* Fix if libev is installed on the base system (not libevent),
  detect it from the event.h header file and link with -lev.
* Fix configlexer.lex gets config.h, and configyyrename.h added by make,
  no more double include.
* More strict scrubber (Thanks to George Barwood for the idea):
  NS set must be pertinent to the query.
* [bugzilla: 307 ] In 0x20 backoff fix fallback so the number of outstanding
  queries does not become -1 and block the request. Fixed handling of
  recursion-lame in combination with 0x20 fallback. Fix so RRsets are
  compared canonicalized and sorted if the immediate comparison fails,
  this makes the 0x20 option work around round-robin sites.
* Fix retry sequence if prime hints are recursion-lame.
* Fix so harden-referral-path does not result in failures due to max-depth.
  You can increase the max-depth by adding numbers (' 0') after the
  target-fetch-policy, this increases the depth to which is checked.
* Fix detection of GOST support in ldns (reported by Chris Smith).
* Fix for dnssec lameness detection to use the key cache.
* infra cache entries that are expired are wiped clean.
  Previously it was possible to not expire host data (if accessed often).
* Fix dnssec-missing detection that was turned off by server selection.
* [bugzilla: 308 ] Fix spelling error in variable name in parser and lexer.
* Fix various compiler warnings from the clang llvm compiler.
* Fix comments in iter_utils:dp_is_useless.
* EDNS timeout code will not fire if EDNS status already known.
* EDNS failure not stored if EDNS status known to work.
* Parent-child disagreement approach altered. Older fixes are removed in
  place of a more exhaustive search for misconfigured data available via
  the parent of a delegation. This is designed to be throttled by cache
  entries, with TTL from the parent if possible. Additionally the
  loop-counter is used. It also tests for NS RRset differences between
  parent and child. The fetch of misconfigured data should be more
  reliable and thorough. It should work reliably even with no or only
  partial data in cache. Data received from the child (as always) is
  deemed more authoritative than information received from the delegation
  parent. The search for misconfigured data is not performed normally.
* Fix AD flag handling, it could in some cases mistakenly copy the AD flag
  from upstream servers.
* Ignore Z flag in incoming messages too.
* alloc_special_obtain out of memory is not a fatal error any more,
  enabling unbound to continue longer in out of memory conditions.
* Parentside names are dispreferred but not said to be dnssec-lame.
* Fix parentside and querytargets modulestate, for dump_requestlist.
* unbound-control-setup makes keys -rw-r--- so not all users permitted.
* libtoolize 2.2.6b, autoconf 2.65 applied to configure.
* Fix compile warning if compiled without threads.
* iana portlist updated.
* included ldns tarball updated.
* Fix bug where a long loop could be entered, now cycle detection has
  a loop-counter and maximum search amount.


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/net/unbound/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/unbound/patches/patch-ac

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.