| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
PR: 246648
Notes:
svn path=/head/; revision=541850
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Do not silence installation message
- Update dependent ports:
- Fix build with swig 4.0.1
- Update *_DEPENDS
- Remove BINARY_ALIAS
Changes: http://www.swig.org/news.php
PR: 246613
Exp-run by: antoine
Notes:
svn path=/head/; revision=539491
|
|
|
|
|
|
|
|
|
|
| |
PR: 246569
Submitted by: Jaap Akkerhuis (maintainer)
MFH: 2020Q2
Security: CVE-2020-12662, CVE-2020-12663
Notes:
svn path=/head/; revision=535884
|
|
|
|
|
|
|
|
|
| |
PR: 244244
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Relnotes: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244244#c0
Notes:
svn path=/head/; revision=526776
|
|
|
|
|
|
|
|
| |
PR: 242603
Sponsored by: Netzkommune GmbH
Notes:
svn path=/head/; revision=520238
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
PR: 242075
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH: 2019Q4
Sponsored by: Netzkommune GmbH
Notes:
svn path=/head/; revision=518229
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes: https://github.com/NLnetLabs/unbound/blob/master/doc/Changelog
PR: 241033
Reported by: C <cm@appliedprivacy.net>
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Security: 108a4be3-e612-11e9-9963-5f1753e0aca0
MFH: 2019Q4
Notes:
svn path=/head/; revision=513730
|
|
|
|
|
|
|
|
|
|
| |
Whil here, improve rc script
PR: 240163
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Notes:
svn path=/head/; revision=510824
|
|
|
|
| |
Notes:
svn path=/head/; revision=508835
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes: https://github.com/libevent/libevent/releases/tag/release-2.1.11-stable
ABI: https://abi-laboratory.pro/tracker/timeline/libevent/
PR: 239599
Reported by: GitHub (watch releases)
Approved by: zeising (maintainer)
MFH: 2019Q3 (maybe security, partially restores 2.1.8 ABI)
Differential Revision: https://reviews.freebsd.org/D21133
Notes:
svn path=/head/; revision=507877
|
|
|
|
|
|
|
|
|
| |
PR: 238651
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by: Netzkommune GmbH
Notes:
svn path=/head/; revision=504511
|
|
|
|
|
|
|
|
| |
PR: 236575
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Notes:
svn path=/head/; revision=496136
|
|
|
|
|
|
|
|
|
|
|
| |
PR: 235571
Approved by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Obtained from: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4206#c5
https://github.com/pfsense/FreeBSD-ports/commit/af2c493a0dfa99e2afc6e3f9236aad10021d6b39
Sponsored by: Rubicon Communications, LLC (Netgate)
Notes:
svn path=/head/; revision=492694
|
|
|
|
|
|
|
|
|
| |
Changes: https://www.nlnetlabs.nl/svn/unbound/tags/release-1.9.0/doc/Changelog
PR: 235522
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Notes:
svn path=/head/; revision=492239
|
|
|
|
|
|
|
|
| |
PR: 233933
Submitted by: jaap@NLnetLabs.nl
Notes:
svn path=/head/; revision=488471
|
|
|
|
|
|
|
|
|
| |
PR: 233891
Submitted by: jaap@NLnetLabs.nl (maintainer)
Reported by: O. Hartmann <ohartmann@walstatt.org>
Notes:
svn path=/head/; revision=487181
|
|
|
|
|
|
|
|
| |
PR: 233796
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=487005
|
|
|
|
|
|
|
|
| |
PR: 232070
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=481552
|
|
|
|
|
|
|
|
| |
PR: 231488
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=481078
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix configure by adding missing pkgconfig to uses
PR: 231488
Submitted by: leres (solution, via email), mfechner (patch)
Reported by: leres, mfechner
Approved by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=480177
|
|
|
|
|
|
|
|
|
|
|
| |
Missed in previous commit
PR: 231283
Submitted by: jaap@NLnetLabs.nl (maintainer)
Pointyhat to: swills
Notes:
svn path=/head/; revision=480058
|
|
|
|
|
|
|
|
|
|
| |
Bump PORTREVISION on consumers due to library major version change
PR: 231283
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=480056
|
|
|
|
|
|
|
|
|
| |
Changes: https://www.nlnetlabs.nl/svn/unbound/tags/release-1.7.3/doc/Changelog
PR: 229202
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Notes:
svn path=/head/; revision=473002
|
|
|
|
|
|
|
|
| |
PR: 228889
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=472412
|
|
|
|
|
|
|
|
|
|
|
| |
- Follow-up of r470572
PR: 228390
Reported by: adamw
MFH: 2018Q2
Notes:
svn path=/head/; revision=470626
|
|
|
|
|
|
|
|
|
|
| |
PR: 228390
Approved by: maintainer <jaap NLnetLabs nl>
MFH: 2018Q2
Notes:
svn path=/head/; revision=470572
|
|
|
|
|
|
|
|
|
|
|
| |
- Update WWW
PR: 227949
Submitted by: maintainer
Sponsored by: iXsystems Inc.
Notes:
svn path=/head/; revision=469556
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Features
- auth-zone provides a way to configure RFC7706 from unbound.conf,
eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
fallback-enabled: yes and masters or a zonefile with data.
- Aggressive use of NSEC implementation. Use cached NSEC records to
generate NXDOMAIN, NODATA and positive wildcard answers.
- Accept tls-upstream in unbound.conf, the ssl-upstream keyword is
also recognized and means the same. Also for tls-port,
tls-service-key, tls-service-pem, stub-tls-upstream and
forward-tls-upstream.
- [dnscrypt] introduce dnscrypt-provider-cert-rotated option,
from Manu Bretelle.
This option allows handling multiple cert/key pairs while only
distributing some of them.
In order to reliably match a client magic with a given key without
strong assumption as to how those were generated, we need both key and
cert. Likewise, in order to know which ES version should be used.
On the other hand, when rotating a cert, it can be desirable to only
serve the new cert but still be able to handle clients that are still
using the old certs's public key.
The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not
publish the cert as part of the DNS's provider_name's TXT answer.
- Update B root ipv4 address.
- make ip-transparent option work on OpenBSD.
- Fix #2801: Install libunbound.pc.
- ltrace.conf file for libunbound in contrib.
- Fix #3598: Fix swig build issue on rhel6 based system.
configure --disable-swig-version-check stops the swig version check.
Bug Fixes
- Fix #1749: With harden-referral-path: performance drops, due to
circular dependency in NS and DS lookups.
- [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert
duplicates
- Better documentation for cache-max-negative-ttl.
- Fixed libunbound manual typo.
- Fix #1949: [dnscrypt] make provider name mismatch more obvious.
- Fix #2031: Double included headers
- Document that errno is left informative on libunbound config read
fail.
- iana port update.
- Fix #1913: ub_ctx_config is under circumstances thread-safe.
- Fix #2362: TLS1.3/openssl-1.1.1 not working.
- Fix #2034 - Autoconf and -flto.
- Fix #2141 - for libsodium detect lack of entropy in chroot, print
a message and exit.
- Fix #2492: Documentation libunbound.
- Fix #2882: Unbound behaviour changes (wrong) when domain-insecure is
set for stub zone. It no longer searches for DNSSEC information.
- Fix #3299 - forward CNAME daisy chain is not working
- Fix link failure on OmniOS.
- Check whether --with-libunbound-only is set when using --with-nettle
or --with-nss.
- Fix qname-minimisation documentation (A QTYPE, not NS)
- Fix that DS queries with referral replies are answered straight
away, without a repeat query picking the DS from cache.
The correct reply should have been an answer, the reply is fixed
by the scrubber to have the answer in the answer section.
- Fix that expiration date checks don't fail with clang -O2.
- Fix queries being leaked above stub when refetching glue.
- Copy query and correctly set flags on REFUSED answers when cache
snooping is not allowed.
- make depend: code dependencies updated in Makefile.
- Fix #3397: Fix that cachedb could return a partial CNAME chain.
- Fix #3397: Fix that when the cache contains an unsigned DNAME in
the middle of a cname chain, a result without the DNAME could
be returned.
- Fix that unbound-checkconf -f flag works with auto-trust-anchor-file
for startup scripts to get the full pathname(s) of anchor file(s).
- Print fatal errors about remote control setup before log init,
so that it is printed to console.
- Use NSEC with longest ce to prove wildcard absence.
- Only use *.ce to prove wildcard absence, no longer names.
- Fix unfreed locks in log and arc4random at exit of unbound.
- Fix lock race condition in dns cache dname synthesis.
- Fix #3451: dnstap not building when you have a separate build dir.
And removed protoc warning, set dnstap.proto syntax to proto2.
- Added tests with wildcard expanded NSEC records (CVE-2017-15105 test)
- Unit test for auth zone https url download.
- tls-cert-bundle option in unbound.conf enables TLS authentication.
- Fixes for clang static analyzer, the missing ; in
edns-subnet/addrtree.c after the assert made clang analyzer
produce a failure to analyze it.
- Fix #3505: Documentation for default local zones references
wrong RFC.
- Fix #3494: local-zone noview can be used to break out of the view
to the global local zone contents, for queries for that zone.
- Fix for more maintainable code in localzone.
- more robust cachedump rrset routine.
- Save wildcard RRset from answer with original owner for use in
aggressive NSEC.
- Fixup contrib/fastrpz.patch so that it applies.
- Fix compile without threads, and remove unused variable.
- Fix compile with staticexe and python module.
- Fix nettle compile.
- Fix to check define of DSA for when openssl is without deprecated.
- iana port update.
- Fix #3582: Squelch address already in use log when reuseaddr option
causes same port to be used twice for tcp connections.
- Reverted fix for #3512, this may not be the best way forward;
although it could be changed at a later time, to stay similar to
other implementations.
- Fix for windows compile.
- Fixed contrib/fastrpz.patch, even though this already applied
cleanly for me, now also for others.
- patch to log creates keytag queries, from A. Schulze.
- patch suggested by Debian lintian: allow to -> allow one to, from
A. Schulze.
- Attempt to remove warning about trailing whitespace.
- Added documentation for aggressive-nsec: yes.
PR: 226822
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=465195
|
|
|
|
|
|
|
|
|
|
|
| |
Also some cleanup of dead entries.
PR: 226203
Submitted by: Sam H
Sponsored by: Absolight
Notes:
svn path=/head/; revision=463123
|
|
|
|
|
|
|
|
| |
PR: 225752
Submitted by: Yasuhiro KIMURA
Notes:
svn path=/head/; revision=462307
|
|
|
|
| |
Notes:
svn path=/head/; revision=460451
|
|
|
|
|
|
|
|
|
|
|
| |
- Adds new option unbound_config
PR: 225360
Submitted by: jaap@NLnetLabs.nl
Approved by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=459983
|
|
|
|
|
|
|
|
|
|
| |
PR: 225313
Submitted by: jaap@NLnetLabs.nl (maintainer)
MFH: 2018Q1
Security: 8d3bae09-fd28-11e7-95f2-005056925db4
Notes:
svn path=/head/; revision=459435
|
|
|
|
|
|
|
| |
PR: 223192
Notes:
svn path=/head/; revision=452938
|
|
|
|
|
|
|
|
|
|
| |
Changes: http://www.unbound.net/pipermail/unbound-users/2017-October/004972.html
PR: 222941
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=451881
|
|
|
|
|
|
|
|
|
|
| |
Changes: http://www.unbound.net/pipermail/unbound-users/2017-September/004936.html
PR: 222503
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=450314
|
|
|
|
|
|
|
|
| |
PR: 221692
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=448504
|
|
|
|
|
|
|
| |
Approved by: portmgr (blanket)
Notes:
svn path=/head/; revision=446478
|
|
|
|
|
|
|
|
|
|
|
| |
Enable libevent by default for the port dns/unbound for performance reasons.
PR: 220733
Submitted by: Dmitry Luhtionov
Approved by: jaap (maintainer), az (mentor)
Notes:
svn path=/head/; revision=446477
|
|
|
|
|
|
|
|
|
|
|
| |
Changes: http://www.unbound.net/pipermail/unbound-users/2017-June/004818.html
PR: 220673
Submitted by: jaap@NLnetLabs.nl (maintainer)
Approved by: garga (mentor, implicit)
Notes:
svn path=/head/; revision=445613
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This release fixes a spurious assertion failure when unbound receives a
malformed packet with 0x20 enabled.
Bug Fixes
- Fix #1280: Unbound fails assert when response from authoritative
contains malformed qname. When 0x20 caps-for-id is enabled, when
assertions are not enabled the malformed qname is handled correctly.
PR: 219958
Submitted by: maintainer (jaap NLnetLabs nl)
Notes:
svn path=/head/; revision=443538
|
|
|
|
|
|
|
|
|
|
| |
PR: 219052
Submitted by: greenreaper@hotmail.com
Reportee by:
Approved by: adamw (mentor, implicit)
Notes:
svn path=/head/; revision=440077
|
|
|
|
|
|
|
|
|
| |
PR: 218872
Changes: http://www.unbound.net/pipermail/unbound-users/2017-April/004762.html
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=439775
|
|
|
|
|
|
|
|
| |
PR: 217614
Submitted by: jaap@NLnetLabs.nl(maintainer)
Notes:
svn path=/head/; revision=435651
|
|
|
|
|
|
|
| |
PR: 217495
Notes:
svn path=/head/; revision=435306
|
|
|
|
|
|
|
|
| |
PR: 216777
Approved by: mm (maintainer)
Notes:
svn path=/head/; revision=434427
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- DEFAULT_VERSIONS += ssl=openssl-devel is now supported
- devel/py-event and devel/p5-Event-Lib are marked BROKEN
Changes: https://github.com/libevent/libevent/raw/release-2.1.8-stable/whatsnew-2.1.txt
Changes: https://github.com/libevent/libevent/raw/release-2.1.8-stable/ChangeLog
PR: 216527
Exp-run by: antoine
Approved by: mm (maintainer)
Notes:
svn path=/head/; revision=433286
|
|
|
|
|
|
|
| |
Approved by: portmgr blanket
Notes:
svn path=/head/; revision=431169
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Do not silence installation message
- While I'm here:
- Move LIB_DEPENDS upwards
- Use = instead of += for CONFIGURE_ARGS and USES
- Convert to options helper
- Use TEST_TARGET
Changes: https://unbound.nlnetlabs.nl/pipermail/unbound-users/2016-December/004587.html
PR: 215322
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Notes:
svn path=/head/; revision=428760
|
|
|
|
|
|
|
|
|
| |
While here, pet portlint and remove stale ia64 lines.
Approved by: portmgr (tier-2 blanket)
Notes:
svn path=/head/; revision=425823
|