Message ID | 20221014190935.3584603-1-matthias.fischer@ipfire.org |
---|---|
State | Accepted |
Commit | 609007e54b85fafd14b35c3adfd9acb8a36b9b4d |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Mpwtd68Ykz3wfJ for <patchwork@web04.haj.ipfire.org>; Fri, 14 Oct 2022 19:09:45 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Mpwtb4fjxzlQ; Fri, 14 Oct 2022 19:09:43 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Mpwtb2rq0z2yRr; Fri, 14 Oct 2022 19:09:43 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4MpwtY3XzWz2xZr for <development@lists.ipfire.org>; Fri, 14 Oct 2022 19:09:41 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4MpwtX5bGyzYm for <development@lists.ipfire.org>; Fri, 14 Oct 2022 19:09:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1665774580; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=UnsgWr9XNCqGvnYJczWaEKOTHDmIU01RNXzJkz/AaUE=; b=kFBjajaem3QaJD2fnb0YIl6BWLyZHg5Hgjy/kfuhSOWwf9RpEM4U0MTzHPhhjFb4mlZ0Ja pFdHpyb2YsFhxmldyu5iWbC6kwRKlu5qt7Vk1k1j/vwb9mKm99gXhRkP/nFn9nvY+ZqbyT lyGGcmmxsd9kNTqsT3NwEDvXT0hmdkw7OQVCcJTyaDmipUsY8222sTKEfSGR3jANDcnt4r eUSeHDvnq9ViD9OUdD8L3wD5+uUOAHxJdW6HlPO7h7zHECZZv9G7QlsiAqbJGx+uSEicLR IoSY5XOokNt+8NjBNEo9IeQZ8eQdZkpc/EMheWdni2w7nsqOM1FMB9EQmeogYw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1665774580; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=UnsgWr9XNCqGvnYJczWaEKOTHDmIU01RNXzJkz/AaUE=; b=PEjPed28knEG7BU33z8NJe5mMUfitbdACVkCNjNycDG7CFz5LYpfwcWfak8rXh0SMlhsht lDDP0eanbFLRn/AA== From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] unbound: Update to 1.17.0 Date: Fri, 14 Oct 2022 21:09:35 +0200 Message-Id: <20221014190935.3584603-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
unbound: Update to 1.17.0
|
|
Commit Message
Matthias Fischer
Oct. 14, 2022, 7:09 p.m. UTC
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-0
"Features
Merge #753: ACL per interface. (New interface-* configuration options).
Merge #760: PROXYv2 downstream support. (New proxy-protocol-port configuration option).
Bug Fixes
Fix #728: alloc_reg_obtain() core dump. Stop double alloc_reg_release
when serviced_create fails.
Fix edns subnet so that scope 0 answers only match sourcemask 0 queries
for answers from cache if from a query with sourcemask 0.
Fix unittest for edns subnet change.
Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due to
unsupported IPV6_USER_MTU socket option being set.
Fix ratelimit inconsistency, for ip-ratelimits the value is the amount
allowed, like for ratelimits.
Fix #734 [FR] enable unbound-checkconf to detect more (basic) errors.
Fix to log accept error ENFILE and EMFILE errno, but slowly, once per
10 seconds. Also log accept failures when no slow down is used.
Fix to avoid process wide fcntl calls mixed with nonblocking operations
after a blocked write.
Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive
operations, so that instruction reordering does not cause mistakenly
blocking socket operations.
Fix to wait for blocked write on UDP sockets, with a timeout if it
takes too long the packet is dropped.
Fix for wait for udp send to stop when packet is successfully sent.
Fix #741: systemd socket activation fails on IPv6.
Fix to update config tests to fix checking if nonblocking sockets work
on OpenBSD.
Slow down log frequency of write wait failures.
Fix to set out of file descriptor warning to operational verbosity.
Fix to log a verbose message at operational notice level if a thread is
not responding, to stats requests. It is logged with thread
identifiers.
Remove include that was there for debug purposes.
Fix to check pthread_t size after pthread has been detected.
Convert tdir tests to use the new skip_test functionality.
Remove unused testcode/mini_tpkg.sh file.
Better output for skipped tdir tests.
Fix doxygen warning in respip.h.
Fix to remove erroneous TC flag from TCP upstream.
Fix test tdir skip report printout.
Fix windows compile, the identifier interface is defined in headers.
Fix to close errno block in comm_point_tcp_handle_read outside of ifdef.
Fix static analysis report to remove dead code from the
rpz_callback_from_iterator_module function.
Fix to clean up after the acl_interface unit test.
Merge #764: Leniency for target discovery when under load (for
NRDelegation changes).
Use DEBUG_TDIR from environment in mini_tdir.sh for debugging.
Fix string comparison in mini_tdir.sh.
Make ede.tdir test more predictable by using static data.
Fix checkconf test for dnscrypt and proxy port.
Fix dnscrypt compile for proxy protocol code changes.
Fix to stop responses with TC flag from resulting in partial responses.
It retries to fetch the data elsewhere, or fails the query and in depth
fix removes the TC flag from the cached item.
Fix proxy length debug output printout typecasts.
Fix to stop possible loops in the tcp reuse code (write_wait list and
tcp_wait list). Based on analysis and patch from Prad Seniappan and
Karthik Umashankar.
Fix PROXYv2 header read for TCP connections when no proxied addresses
are provided."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
config/rootfiles/common/unbound | 2 +-
lfs/unbound | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
Comments
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> > On 14 Oct 2022, at 20:09, Matthias Fischer <matthias.fischer@ipfire.org> wrote: > > For details see: > https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-0 > > "Features > > Merge #753: ACL per interface. (New interface-* configuration options). > > Merge #760: PROXYv2 downstream support. (New proxy-protocol-port configuration option). > > Bug Fixes > > Fix #728: alloc_reg_obtain() core dump. Stop double alloc_reg_release > when serviced_create fails. > Fix edns subnet so that scope 0 answers only match sourcemask 0 queries > for answers from cache if from a query with sourcemask 0. > Fix unittest for edns subnet change. > Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due to > unsupported IPV6_USER_MTU socket option being set. > Fix ratelimit inconsistency, for ip-ratelimits the value is the amount > allowed, like for ratelimits. > Fix #734 [FR] enable unbound-checkconf to detect more (basic) errors. > Fix to log accept error ENFILE and EMFILE errno, but slowly, once per > 10 seconds. Also log accept failures when no slow down is used. > Fix to avoid process wide fcntl calls mixed with nonblocking operations > after a blocked write. > Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive > operations, so that instruction reordering does not cause mistakenly > blocking socket operations. > Fix to wait for blocked write on UDP sockets, with a timeout if it > takes too long the packet is dropped. > Fix for wait for udp send to stop when packet is successfully sent. > Fix #741: systemd socket activation fails on IPv6. > Fix to update config tests to fix checking if nonblocking sockets work > on OpenBSD. > Slow down log frequency of write wait failures. > Fix to set out of file descriptor warning to operational verbosity. > Fix to log a verbose message at operational notice level if a thread is > not responding, to stats requests. It is logged with thread > identifiers. > Remove include that was there for debug purposes. > Fix to check pthread_t size after pthread has been detected. > Convert tdir tests to use the new skip_test functionality. > Remove unused testcode/mini_tpkg.sh file. > Better output for skipped tdir tests. > Fix doxygen warning in respip.h. > Fix to remove erroneous TC flag from TCP upstream. > Fix test tdir skip report printout. > Fix windows compile, the identifier interface is defined in headers. > Fix to close errno block in comm_point_tcp_handle_read outside of ifdef. > Fix static analysis report to remove dead code from the > rpz_callback_from_iterator_module function. > Fix to clean up after the acl_interface unit test. > Merge #764: Leniency for target discovery when under load (for > NRDelegation changes). > Use DEBUG_TDIR from environment in mini_tdir.sh for debugging. > Fix string comparison in mini_tdir.sh. > Make ede.tdir test more predictable by using static data. > Fix checkconf test for dnscrypt and proxy port. > Fix dnscrypt compile for proxy protocol code changes. > Fix to stop responses with TC flag from resulting in partial responses. > It retries to fetch the data elsewhere, or fails the query and in depth > fix removes the TC flag from the cached item. > Fix proxy length debug output printout typecasts. > Fix to stop possible loops in the tcp reuse code (write_wait list and > tcp_wait list). Based on analysis and patch from Prad Seniappan and > Karthik Umashankar. > Fix PROXYv2 header read for TCP connections when no proxied addresses > are provided." > > Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> > --- > config/rootfiles/common/unbound | 2 +- > lfs/unbound | 4 ++-- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound > index 7af787f29..26ce13c3f 100644 > --- a/config/rootfiles/common/unbound > +++ b/config/rootfiles/common/unbound > @@ -11,7 +11,7 @@ etc/unbound/unbound.conf > #usr/lib/libunbound.la > #usr/lib/libunbound.so > usr/lib/libunbound.so.8 > -usr/lib/libunbound.so.8.1.19 > +usr/lib/libunbound.so.8.1.20 > #usr/lib/pkgconfig/libunbound.pc > usr/sbin/unbound > usr/sbin/unbound-anchor > diff --git a/lfs/unbound b/lfs/unbound > index 636fe8bf9..3852c2e6a 100644 > --- a/lfs/unbound > +++ b/lfs/unbound > @@ -24,7 +24,7 @@ > > include Config > > -VER = 1.16.3 > +VER = 1.17.0 > > THISAPP = unbound-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = b97deade78ab903363e06ff9d71b9895c754378ec276bb17556de62c48a88af5fbabd26f97fb47313d1e631fe75dee245aa38fbf42a865ac3e764882a1124a51 > +$(DL_FILE)_BLAKE2 = 611c1b96ff84e6dd8f7a592135cc17f416cd810d0f35d27c8cedd56af069badd8dca112cc5927a1fe50ec3335c377b6bd6fc4e1a6d63a332a90d676e3c23dcef > > install : $(TARGET) > > -- > 2.34.1 >
diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 7af787f29..26ce13c3f 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.1.19 +usr/lib/libunbound.so.8.1.20 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/lfs/unbound b/lfs/unbound index 636fe8bf9..3852c2e6a 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -24,7 +24,7 @@ include Config -VER = 1.16.3 +VER = 1.17.0 THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = b97deade78ab903363e06ff9d71b9895c754378ec276bb17556de62c48a88af5fbabd26f97fb47313d1e631fe75dee245aa38fbf42a865ac3e764882a1124a51 +$(DL_FILE)_BLAKE2 = 611c1b96ff84e6dd8f7a592135cc17f416cd810d0f35d27c8cedd56af069badd8dca112cc5927a1fe50ec3335c377b6bd6fc4e1a6d63a332a90d676e3c23dcef install : $(TARGET)