Wed Jul 27 04:11:25 2011 UTC ()
1.4.12:

Bug Fixes:

* removed ldns-src tarball inside the unbound tarball.
* [bugzilla: 395 ]
  fix that id bits of other query may leak out under conditions
* fix replyaddr count wrong after jostled queries, which leads to eventual starvation where the daemon has no replyaddrs left to use.
* fix that the listening socket is not closed when too many remote control connections are made at the same time.
* version number in example config file.
* fix that --enable-static-exe does not complain about it unknown.
* iana portlist updated

1.4.11:

Features:

* log-queries: yesno option, default is no, prints querylog.
* ignore-cd-flag: yesno to provide dnssec to legacy servers.
* Use -flto compiler flag for link time optimization, if supported.
* unbound-control has version number in the header, and uses port number registered with IANA, 8953.

Bug Fixes:

* Fix Makefile for U in environment, since wrong U is more common than deansification necessity.
* defense in depth against the assertion failure bug fixed in 1.4.10, an error is printed to log instead of an assertion failure.
* [bugzilla: 386 ]
  --enable-allsymbols option links all binaries to libunbound and reduces install size significantly.
* Fix TTL of SOA so negative TTL is separately cached from normal TTL.
* configure created with newer autoconf 2.66.
* [bugzilla: 378 ]
  Fix that configure checks for ldns_get_random presence.
* queries with CD flag set cause DNSSEC validation, but the answer is not withheld if it is bogus. Thus, unbound will retry if it is bad and curb the TTL if it is bad, thus protecting the cache for use by downstream validators.
* val-override-date: -1 ignores dates entirely, for NTP usage.
* harden-below-nxdomain: changed so that it activates when the cached nxdomain is dnssec secure. This avoids backwards incompatibility because those old servers do not have dnssec.
* statistics-interval prints the number of jostled queries to log.
* IPv6 service address for d.root-servers.net (2001:500:2D::D).
* updated ldns tarball to 1.6.10rc2 snapshot
* iana portlist updated.


(pettai)
diff -r1.15 -r1.16 pkgsrc/net/unbound/Makefile
diff -r1.13 -r1.14 pkgsrc/net/unbound/distinfo
diff -r1.7 -r0 pkgsrc/net/unbound/patches/patch-ac
cvs diff -r1.15 -r1.16 pkgsrc/net/unbound/Makefile (expand / switch to context diff)
--- pkgsrc/net/unbound/Makefile 2011/06/19 16:15:57 1.15
+++ pkgsrc/net/unbound/Makefile 2011/07/27 04:11:25 1.16
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.15 2011/06/19 16:15:57 pettai Exp $
+# $NetBSD: Makefile,v 1.16 2011/07/27 04:11:25 pettai Exp $
 
-DISTNAME=	unbound-1.4.10
+DISTNAME=	unbound-1.4.12
 CATEGORIES=	net
 MASTER_SITES=	http://www.unbound.net/downloads/
 
@@ -21,7 +21,50 @@
 CONFIGURE_ARGS+=	--with-libexpat=${BUILDLINK_PREFIX.expat}
 CONFIGURE_ARGS+=	--with-pidfile=${VARBASE}/run/unbound.pid
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFBASE}
+CONFIGURE_ARGS+=	--enable-allsymbols
 
+# Add the same logic as for ldns, so sha2/gost is configured automatically
+.include "../../security/openssl/buildlink3.mk"
+
+PLIST_VARS+=            sha2 gost
+.if defined(USE_BUILTIN.openssl) && !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
+PLIST_VARS.gost!=       \
+        if ${PKG_ADMIN} pmatch 'openssl>=1.0.0' ${BUILTIN_PKG.openssl:Q}; then \
+                ${ECHO} "yes";                                          \
+        else                                                            \
+                ${ECHO} "no";                                           \
+        fi
+PLIST_VARS.sha2!=       \
+        if ${PKG_ADMIN} pmatch 'openssl>=0.9.8' ${BUILTIN_PKG.openssl:Q}; then \
+                ${ECHO} "yes";                                          \
+        else                                                            \
+                ${ECHO} "no";                                           \
+        fi
+.else
+PLIST_VARS.gost!=       \
+        if ${PKG_INFO} -qe 'openssl>=1.0.0'; then                       \
+                ${ECHO} yes;                                            \
+        else                                                            \
+                ${ECHO} no;                                             \
+        fi
+PLIST_VARS.sha2!=       \
+        if ${PKG_INFO} -qe 'openssl>=0.9.8'; then                       \
+                ${ECHO} yes;                                            \
+        else                                                            \
+                ${ECHO} no;                                             \
+        fi
+.endif
+.if ${PLIST_VARS.gost} == "yes"
+CONFIGURE_ARGS+=        --enable-gost
+.else
+CONFIGURE_ARGS+=        --disable-gost
+.endif
+.if ${PLIST_VARS.sha2} == "yes"
+CONFIGURE_ARGS+=        --enable-sha2
+.else
+CONFIGURE_ARGS+=        --disable-sha2
+.endif
+
 SUBST_CLASSES+=		paths
 SUBST_STAGE.paths=	post-configure
 SUBST_MESSAGE.paths=	Fixing path names
@@ -48,5 +91,4 @@
 
 .include "../../textproc/expat/buildlink3.mk"
 .include "../../net/ldns/buildlink3.mk"
-.include "../../security/openssl/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
cvs diff -r1.13 -r1.14 pkgsrc/net/unbound/distinfo (expand / switch to context diff)
--- pkgsrc/net/unbound/distinfo 2011/06/19 16:15:57 1.13
+++ pkgsrc/net/unbound/distinfo 2011/07/27 04:11:25 1.14
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.13 2011/06/19 16:15:57 pettai Exp $
+$NetBSD: distinfo,v 1.14 2011/07/27 04:11:25 pettai Exp $
 
-SHA1 (unbound-1.4.10.tar.gz) = ac9ab61a51e147ade69ca8b043fee2ed76336a62
+SHA1 (unbound-1.4.12.tar.gz) = c46c05d1fa2402a59c10f51864fd4c62d10a472f
-RMD160 (unbound-1.4.10.tar.gz) = 7102613a43e566d542ca6b571094a8fef3b901e0
+RMD160 (unbound-1.4.12.tar.gz) = 2e3a35f1e72046c9701cd3f51a8a2f58881a03d3
-Size (unbound-1.4.10.tar.gz) = 4476504 bytes
+Size (unbound-1.4.12.tar.gz) = 3506466 bytes
-SHA1 (patch-ac) = 2ad1a444a425e8583c1212faa4479f0d65061bff
File Deleted: pkgsrc/net/unbound/patches/Attic/patch-ac