head 1.5; access; symbols pkgsrc-2023Q4:1.5.0.20 pkgsrc-2023Q4-base:1.5 pkgsrc-2023Q3:1.5.0.18 pkgsrc-2023Q3-base:1.5 pkgsrc-2023Q2:1.5.0.16 pkgsrc-2023Q2-base:1.5 pkgsrc-2023Q1:1.5.0.14 pkgsrc-2023Q1-base:1.5 pkgsrc-2022Q4:1.5.0.12 pkgsrc-2022Q4-base:1.5 pkgsrc-2022Q3:1.5.0.10 pkgsrc-2022Q3-base:1.5 pkgsrc-2022Q2:1.5.0.8 pkgsrc-2022Q2-base:1.5 pkgsrc-2022Q1:1.5.0.6 pkgsrc-2022Q1-base:1.5 pkgsrc-2021Q4:1.5.0.4 pkgsrc-2021Q4-base:1.5 pkgsrc-2021Q3:1.5.0.2 pkgsrc-2021Q3-base:1.5 pkgsrc-2021Q2:1.4.0.6 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.4.0.4 pkgsrc-2021Q1-base:1.4 pkgsrc-2020Q4:1.4.0.2 pkgsrc-2020Q4-base:1.4 pkgsrc-2020Q3:1.3.0.14 pkgsrc-2020Q3-base:1.3 pkgsrc-2020Q2:1.3.0.12 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.3.0.8 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.10 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.6 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.3.0.4 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.2 pkgsrc-2019Q1-base:1.3 pkgsrc-2017Q2:1.1.0.50 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.48 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.46 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.44 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.42 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.40 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.38 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.36 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.34 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.32 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.30 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.28 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.26 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.24 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.22 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.20 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.18 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.16 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.14 pkgsrc-2012Q4-base:1.1 pkgsrc-2012Q3:1.1.0.12 pkgsrc-2012Q3-base:1.1 pkgsrc-2012Q2:1.1.0.10 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.8 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.6 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.4 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.2 pkgsrc-2011Q2-base:1.1; locks; strict; comment @# @; 1.5 date 2021.08.27.07.55.36; author adam; state Exp; branches; next 1.4; commitid i1aoIxOBIGTecA6D; 1.4 date 2020.10.08.07.30.39; author he; state Exp; branches; next 1.3; commitid jcxb98PqsEe8s4rC; 1.3 date 2019.01.17.14.19.51; author he; state Exp; branches; next 1.2; commitid pzWpB3ldvMQ4Y88B; 1.2 date 2017.07.09.08.09.41; author adam; state dead; branches; next 1.1; commitid a1GGQ2u6JrstOwYz; 1.1 date 2011.04.20.10.44.46; author pettai; state Exp; branches; next ; desc @@ 1.5 log @unbound: updated to 1.13.2 1.13.2 Features Merge 317: ZONEMD Zone Verification, with RFC 8976 support. ZONEMD records are checked for zones loaded as auth-zone, with DNSSEC if available. There is an added option zonemd-permissive-mode that makes it log but not fail wrong zones. With zonemd-reject-absence for an auth-zone the presence of a zonemd can be mandated for specific zones. Fix: Resolve interface names on control-interface too. Merge 470 from edevil: Allow configuration of persistent TCP connections. Fix 474: always_null and others inside view. Add that log-servfail prints an IP address and more information about one of the last failures for that query. Merge 478: Allow configuration of TCP timeout while waiting for response. Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024. Move the NSEC3 max iterations count in line with the 150 value used by BIND, Knot and PowerDNS. This sets the default value for it in the configuration to 150 for all key sizes. zonemd-check: yesno option, default no, enables the processing of ZONEMD records for that zone. Merge 486 by fobster: Make VAL_MAX_RESTART_COUNT configurable. Merge 491: Add SVCB and HTTPS types and handling according to draft-ietf-dnsop-svcb-https. Introduce 'http-user-agent:' and 'hide-http-user-agent:' options. Bug Fixes Fix for Python 3.9, no longer use deprecated functions of PyEval_CallObject (now PyObject_Call), PyEval_InitThreads (now none), PyParser_SimpleParseFile (now Py_CompileString). Merge 420 from dyunwei: DOH not responsing with "http2_query_read_done failure" logged. Fix 422: IPv6 fallback issues when IPv6 is not properly enabled/configured. Fix to make tests work with support indicators set for iterator. Fix build on Python 3.10. Fix doxygen and pydoc warnings. Fix 429: rpz: url: with https: broken (regression in 1.13.1). rpz skip nsec3param records, and nicer log for unsupported actions. Fix 431: Squelch permission denied errors for tcp connect and udp connect from the logs, unless at high verbosity. Fix for zonemd, that nxdomain for the chain of trust is allowed for island zones, it is treated as an insecure zone for verification. Fix for zonemd, that domain-insecure zones work without dnssec. Fix for zonemd, do not reject insecure result from trust anchor validation step in dnssec chain of trust. On startup of unbound it checks if rlimits on memory size look sufficient for the configured cache size, and logs warning if not. Fix function documentation. Fix unit test for added ulimit checks. spelling fix in header. Fix 384: (1) A minor request to improve the log (2) A minor bug in one log message. ipsecmod: Better logging for detecting a cycle when attaching the A/AAAA subquery. Merge 367 : DNSTAP log local address. With code from 365 and fixes 368 : dnstap does not log the DNS message ID for FORWARDER_QUERY. Fix to allow rpz with wildcard that applies to all TLDs at once. Fix for 367: rc_ports don't have ub_sock; skip cleaning up. Fix spurious errors about "Could not generate request: out of memory". The mesh detect cycle routine no longer wrongly stops the check when the calling mesh state is unique. Workaround for 439: prevent loops in the reuse rbtree. Debug output for 411 and 439: printout internal error and details. Fix parse of LOC RR type for decimetres. Fix 441: Minimal NSEC range not accepted for top level domains. Fix for 447: squelch connection refused tcp connection failures from the log, unless verbosity is high. Merge 449 from orbea: build: Add missing linker flags. Comment out nonworking OSX and IOS travis tests, vm fails to start. Fix compile error in listen_dnsport on Android. Fix memory leak reported by asan in rpz SOA record query name. Fix unused-function warning when compiling with --enable-dnscrypt. Fix for 367: fix memory leak when cannot bind to listening port. Reformat pythonmod/pythonmod_utils.{c,h}. Travis enable all tests again. Clang analyzer only a couple times, when there is a difference. homebrew updates disabled, so it does not hang. removed trailing slashes from configure paths. Moved iOS tests to allow-failure. travis, analyzer disabled on test without debug, that does not run anway. Turn off failing tests except one. Update iOS test to xcode image 12.2. Fix deprecation test to work for iOS TVOS and WatchOS, it uses CFLAGS and CPPFLAGS and also checks if the item is unavailable. Travis, fix script to fail when tasks fail. Travis, fix warning in ubsan compile. Fix configure Targetconfiditionals.h header check, to use compile. Fix that cachedb does not produce empty object files when disabled. Fix 429: Also fix end of transfer for http download of auth zones. Disable the use of stack-protector for cross compiled 32-bit windows builds; relates to 444. Fix stack-protector change to not override other CFLAGS options. Clean makedist.sh. Merge 460 from orbea: build: Link with the libtool archive. Fix to stop IPv6 PMTU discovery. Fix for 411: Depth protect for crash on deleted element timeout. rebuild configure to set EXTRALINK to libunbound.la for 460. Fix permission denied sendto log, squelch the log messages unless high verbosity is set. Fix (increase) verbosity level for iterator error log in processQueryTargets(). Fix that nxdomain synthesis does not happen above the stub or forward definition. Fix documentation comment for files previously residing in checkconf/. Remove unused functions worker_handle_reply and libworker_handle_reply. Merge 466 from FGasper: Support OpenSSLs that lack SSL_get0_alpn_selected. Fix 468: OpenSSL 1.0.1 can no longer build Unbound. Further fix for 468: detect SSL_CTX_set_alpn_protos for build with OpenSSL 1.0.1. Fix that testcode dohclient has OpenSSL initialisation calls. Fix compiler warning for signed/unsigned comparison for max_reuse_tcp_queries. Fix 481: Fix comment in configuration file. Fix to squelch tcp socket bind failures when the interface is gone. Rerun flex and bison. Fix for 367: only attempt to get the interface for queries that are no longer on the tcp_waiting_list. Add more logging for out-of-memory cases. Fix 485: Unbound occasionally reports broken stats. Remove case fallthrough from deprecate-rsa-1024 code. Merge 487: ifdef RLIMIT_AS in recently added check. Fix that auth-zone zonefiles use last TTL if no TTL is specified. Fix 489: Compile using MSYS2 MinGW 64-bit. Fix for 411, 439, 469: Reset the DNS message ID when moving queries between TCP streams. Refactor for uniform way to produce random DNS message IDs. Test code has -q option for quiet output. Fix 492: module-config respip missing in unbound.conf.5.in man page. Merges 494 from he32. For 492: Fix font highlighting for the man page on emacs. Merge 496 from banburybill: Use build system endianness if available, otherwise try to work it out. Fix test for zonemd-check option. Merge 448 from shoeper: Update unbound-control.8.in, fix rpz_disable typo. Fix 425: Document auth-zone supports communication with DNS primary on nondefault port. Fix unused variable warning when compiling with --enable-dnstap. Generated lexer and parser for 486; updated example.conf. Fix 413 (based on patch by k-ronny): unbound: does not compile on macOS 11.1-x86_64 host. Use host_os instead of target_os in configure for Darwin8 build. Fix 500: SPEC file in version 1.13.1 references version 1.4; unable to build RPM from source. Fix contrib/unbound.spec, fixed url and comment. Fix configure nonblocking test and onmingw test to use host. Merge 440 by kimheino: Various fixes to contrib/unbound_munin_ file. Fix a number of warnings reported by the gcc analyzer. Fix 495: Documentation or implementation of "verbosity" option. Fix 503: DNS over HTTPS response truncated. Fix warnings reported by the gcc analyzer. Add analyzer and port compile github workflow. Fix up permissions on rpl data file in tests. Fix testbound newline treatment in moment_read and tempfile write. Fix configure grep for reuseport default for failure. Fix compat ctime_r return value Fix configure does not require pkg-config if not needed. Fix unit test in the ctime_r calls for autotrust and in testbound. Fix auth zone download on windows to unlink before rename. Fix 506: Python Module Seems to Leak Memory if it Experiences an Unhandled Exception. Fix Wunused-result compile warnings. Fix compiler warnings for 491. Fix clang-analysis warnings for testcode/readzone.c. Merge 510 from ndptech: Don't call a function which hasn't been defined. Fix for 510: in depth, use ifdefs for windows api event calls. Fix spelling in doc/unbound.doxygen comment. Fix spelling in localzone.h comment. Fix unbound-control local_data and local_datas to print detailed syntax errors. review fix to remove duplicate error printout. Insert header into testcode/readzone.c, it was missing. Fix from lint for ignored return value. Fix for older parsers for function call in serve expired get cached. Fix that ldns_zone_new_frm_fp_l counts the line number for an empty line after a comment. Merge 512: unbound.service.in: upgrade hardening to latest standards. Fix readzone unknown type print for memory resize. Merge 513: Stream reuse, attempt to fix 411, 439, 469. This introduces a couple of fixes for the stream reuse functionality that could result in broken internal structures. Fix 515: Compilation against openssl 3.0.0 beta2 is failing to build unbound. For 515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and SSL_get_peer_certificate. Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check. Prepare for OpenSSL 3.0.0 provider API usage, move the sldns keyraw functions to produce EVP_PKEY results. Move RSA and DSA to use OpenSSL 3.0.0 API. Move ECDSA functions to use OpenSSL 3.0.0 API. iana portlist update. Fix verbose printout failure in tcp reuse unit test. Merge 517 from dyunwei: 420 breaks the mesh reply list function that need to reuse the dns answer. Annotate assertion into error printout; we think it may be an error, but the situation looks harmless. Fix sign comparison warning on FreeBSD. Listen to read or write events after the SSL handshake. Sticky events on windows would stick on read when write was needed. Merge 415 from sibeream: Use /proc/sys/net/ipv4/ip_local_port_range to determine available outgoing ports. (New --enable-linux-ip-local-port-range configuration option) Bump MAX_RESTART_COUNT to 11 from 8; in relation to 438. This allows longer CNAME chains in Unbound. In unit test use openssl set security level to allow keys in test. Fix static analysis warnings about localzone locks that are unused. Fix missing locks in zonemd unit test. Fix readzone compile under debug config. Fix out of sourcedir run of zonemd unit tests. Fix libnettle zonemd unit test. Fix unit test zonemd_reload for use in run_vm. Fix 520: Unbound 1.13.2rc1 fails to build python module. @ text @# $NetBSD: options.mk,v 1.4 2020/10/08 07:30:39 he Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.unbound PKG_SUPPORTED_OPTIONS+= dnstap doh PKG_SUGGESTED_OPTIONS+= doh .include "../../mk/bsd.options.mk" .if !empty(PKG_OPTIONS:Mdnstap) CONFIGURE_ARGS+= --enable-dnstap .include "../../net/fstrm/buildlink3.mk" .include "../../devel/protobuf/buildlink3.mk" .include "../../devel/protobuf-c/buildlink3.mk" .endif # DNS-over-HTTPS .if !empty(PKG_OPTIONS:Mdoh) .include "../../www/nghttp2/buildlink3.mk" CONFIGURE_ARGS+= --with-libnghttp2=${BUILDLINK_PREFIX.nghttp2} .endif @ 1.4 log @Update net/unbound to version 1.12.0. Pkgsrc changes: * Add option for doh (DNS-over-HTTPS), default enabled. Upstream changes: This release contains the DNS Flag Day 2020 changes. This sets the default EDNS buffer size to 1232, that should reduce fragmentation. https://dnsflagday.net/2020/ There is inclusive language in the configuration. There is caps-exempt, ipsecmod-allow and primary server options for auth-zones. The older terms are accepted to keep configuration working. DNS-over-HTTPS is supported in this release. The DoH is enabled when Unbound is compiled with the nghttp2 library, with configure --with-libnghttp2. Then have an interface on the https port, that can be configured with the https-port option. Also have a cert and key available with the tls-service-key and tls-service-pem options. Further settings can be configured for the http-endpoint, http-max-streams, http-query-buffer-size, http-response-buffer-size and http-nodelay options. The max streams sets the maximum concurrent streams, the buffer size options the number of bytes in buffers, and the nodelay option can turn on TCP_NODELAY for DNS-over-HTTPS service. In the statistics the memory used is reported in mem.http.query_buffer and mem.http.response_buffer. The number of queries is reported in num.query.https, they are also included in the tcp and tls counts because https uses TLS and TCP. The DLV options and code to handle DLV lookups have been removed from the code base. The DLV repository is empty nowadays, it has been decommissioned. There is a new feature where it is possible to use interface names to bind to the IP addresses on that interface. It pulls in the addresses at the start of the server, if the addresses change, use the existing freebind and other socket options to register for addresses before they appear, or the interface-automatic option that copies them from queries to answers with ancillary data. There is a new option for the edns-tag draft specification. It can be enabled if you need the tentative implementation to add those tags to outgoing messages. Features - DNS Flag Day 2020: change edns-buffer-size default to 1232. - Merge PR #255: DNS-over-HTTPS support. - Use inclusive language in configuration - Merge PR #284 and Fix #246: Remove DLV entirely from Unbound. The DLV has been decommisioned and in unbound 1.5.4, in 2015, there was advise to stop using it. The current code base does not contain DLV code any more. The use of dlv options displays a warning. - Similar to NSD PR#113, implement that interface names can be used, eg. something like interface: eth0 is resolved at server start and uses the IP addresses for that named interface. - Merge PR #272: Add EDNS client tag functionality. - Add edns-client-tag-opcode option Bug Fixes - Merge PR #270 from cgzones: munin plugin: always exit 0 in autoconf - Merge PR #269, Fix python module len() implementations, by Torbjörn Lönnemark - Merge PR #268, draft-ietf-dnsop-serve-stale-10 has become RFC 8767 on March 2020, by and0x000. - Fix doxygen comment for no ssl for tls session ticket key callback routine. - Fix mini_event.h on OpenBSD cannot find fd_set. - Improve error log message when inserting rpz RR. - Merge PR #280, Make tvOS & watchOS checks verify truthiness as well as definedness, by Felipe Gasper. - contrib/aaaa-filter-iterator.patch file renewed diff content to apply cleanly to the current coderepo for the current code version. - Fix #287: doc typo: "Additionaly". - Merge (modified) PR #277, use EVP_MAC_CTX_set_params if available, by Vít#zslav #í#ek. - Create and init edns tags data for libunbound. - Fix stats double count issue (#289). - Fix that dnstap reconnects do not spam the log with the repeated attempts. Attempts on the timer are only logged on high verbosity, if they produce a connection failure error. - Fix to apply chroot to dnstap-socket-path, if chroot is enabled. - Change configure to use EVP_sha256 instead of HMAC_Update for openssl-3.0.0. - Update documentation in python example code. - Review fix interface, doxygen and assign null in case of error free. - Merge PR #293: Add missing prototype. Also refactor to use the new shorthand function to clean up the code. - Refactor to use sock_strerr shorthand function. - Fix #296: systemd nss-lookup.target is reached before unbound can successfully answer queries. Changed contrib/unbound.service.in. - Fix num.expired statistics output. - Remove x file mode on ipset/ipset.c and h files. - Spelling fix. - Introduce test for statistics. - Fix that prefer-ip4 and prefer-ip6 can be get and set with unbound-control, with libunbound and the unbound-checkconf option output function. - Merge PR #311 by luismerino: Dynlibmod leak. - Error message is logged for dynlibmod malloc failures. - iana portlist updated. - Fix #304: dnstap logging not recovering after dnstap process restarts - Fix edns-client-tags get_option typo - Fix #305: dnstap logging significantly affects unbound performance (regression in 1.11). - Fix #305: only wake up thread when threshold reached. - Fix to ifdef fptr wlist item for dnstap. - Fix memory leak of edns tags at libunbound context delete. - Fix double loopexit for unbound-dnstap-socket after sigterm. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.3 2019/01/17 14:19:51 he Exp $ d19 1 a19 1 CONFIGURE_ARGS+= --with-libnghttp2 @ 1.3 log @Let unbound grow a "dnstap" option. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD$ d4 2 a5 2 PKG_SUPPORTED_OPTIONS+= dnstap # PKG_SUGGESTED_OPTIONS+= d15 6 @ 1.2 log @Changes 1.6.4: Features: * Implemented trust anchor signaling using key tag query. * unbound-checkconf -o allows query of dnstap config variables. Also unbound-control get_option. Also for dnscrypt. * unbound.h exports the shm stats structures. They use type long long and no ifdefs, and ub_ before the typenames. * Implemented opportunistic IPsec support module (ipsecmod). * Added redirect-bogus.patch to contrib directory. * Support for the ED25519 algorithm with openssl (from openssl 1.1.1). * renumbering B-Root's IPv6 address to 2001:500:200::b. * Fix 1276: [dnscrypt] add XChaCha20-Poly1305 cipher. * Fix 1277: disable domain ratelimit by setting value to 0. * Added fastrpz patch to contrib Bug Fixes: * Added ECS unit test (from Manu Bretelle). * ECS documentation fix (from Manu Bretelle). * Fix 1252: more indentation inconsistencies. * Fix 1253: unused variable in edns-subnet/addrtree.c:getbit(). * Fix 1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle). * iana portlist update * Based on 1257: check parse limit before t increment in sldns RR string parse routine. * Fix 1258: Windows 10 X64 unbound 1.6.2 service will not start. and fix that 64bit getting installed in C:\Program Files (x86). * Fix 1259: "--disable-ecdsa" argument overwritten by "ifdef SHA256_DIGEST_LENGTH@@daemon/remote.c". * iana portlist update * Added test for leak of stub information. * Fix sldns wire2str printout of RR type CAA tags. * Fix sldns int16_data parse. * Fix sldns parse and printout of TSIG RRs. * sldns SMIMEA and AVC definitions, same as getdns definitions. * Fix tcp-mss failure printout text. * Set SO_REUSEADDR on outgoing tcp connections to fix the bind before connect limited tcp connections. With the option tcp connections can share the same source port (for different destinations). * Add 'c' to getopt() in testbound. * Adjust servfail by iterator to not store in cache when serve-expired is enabled, to avoid overwriting useful information there. * Fix queries for nameservers under a stub leaking to the internet. * document trust-anchor-signaling in example config file. * updated configure, dependencies and flex output. * better module memory lookup, fix of unbound-control shm names for module memory printout of statistics. * Fix type AVC sldns rrdef. * Some whitespace fixup. * Fix 1265: contrib/unbound.service contains hardcoded path. * Fix 1265 to use /bin/kill. * Fix 1267: Libunbound validator/val_secalgo.c uses obsolete APIs, and compatibility with BoringSSL. * Fix 1268: SIGSEGV after log_reopen. * exec_prefix is by default equal to prefix. * printout localzone for duplicate local-zone warnings. * Fix assertion for low buffer size and big edns payload when worker overrides udpsize. * Support for openssl EVP_DigestVerify. * Fix 1269: inconsistent use of built-in local zones with views. * Add defaults for new local-zone trees added to views using unbound-control. * Fix 1273: cachedb.c doesn't compile with -Wextra. * If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write. * Also use global local-zones when there is a matching view that does not have any local-zone specified. * Fix fastopen EPIPE fallthrough to perform connect. * Fix 1274: automatically trim chroot path from dnscrypt key/cert paths (from Manu Bretelle). * Fix 1275: cached data in cachedb is never used. * Fix that unbound-control can set val_clean_additional and val_permissive_mode. * Add dnscrypt XChaCha20 tests. * Detect chacha for dnscrypt at configure time. * dnscrypt unit tests with chacha. * Added domain name based ECS whitelist. * Fix 1278: Incomplete wildcard proof. * Fix 1279: Memory leak on reload when python module is enabled. * Fix 1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly. * More fixes in depth for buffer checks in 0x20 qname checks. * Fix stub zone queries leaking to the internet for harden-referral-path ns checks. * Fix query for refetch_glue of stub leaking to internet. * Fix 1301: memory leak in respip and tests. * Free callback in edns-subnetmod on exit and restart. * Fix memory leak in sldns_buffer_new_frm_data. * Fix memory leak in dnscrypt config read. * Fix dnscrypt chacha cert support ifdefs. * Fix dnscrypt chacha cert unit test escapes in grep. * Fix to unlock view in view test. * Fix warning in pythonmod under clang compiler. * Fix lintian typo. * Fix 1316: heap read buffer overflow in parse_edns_options. @ text @d1 1 a1 1 # $NetBSD: options.mk,v 1.1 2011/04/20 10:44:46 pettai Exp $ d3 3 a5 3 PKG_OPTIONS_VAR= PKG_OPTIONS.unbound PKG_SUPPORTED_OPTIONS= libevent PKG_SUGGESTED_OPTIONS= libevent d9 5 a13 6 ### ### libevent ### .if !empty(PKG_OPTIONS:Mlibevent) CONFIGURE_ARGS+= --with-libevent=${BUILDLINK_PREFIX.libevent} .include "../../devel/libevent/buildlink3.mk" @ 1.1 log @1.4.9: Bug Fixes: * Added explicit note on unbound-anchor usage: Please note usage of unbound-anchor root anchor is at your own risk and under the terms of our LICENSE (see that file in the source). * Fix remove private address does not throw away entire response. [bugzilla: 361 ] * Fix, time.elapsed variable not reset with stats_noreset. * Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout. * give config parse error for multiple names on a stub or forward zone. * updated ldns tarball to 1.6.9(snapshot). * iana portlist updated. @ text @d1 1 a1 1 # $NetBSD$ @