From patchwork Mon Jul 11 19:12:14 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Matthias Fischer <matthias.fischer@ipfire.org>
X-Patchwork-Id: 5745
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4LhYRV4NKpz3wvS
	for <patchwork@web04.haj.ipfire.org>; Mon, 11 Jul 2022 19:12:22 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4LhYRT4cj3z5bc;
	Mon, 11 Jul 2022 19:12:21 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4LhYRT3vKlz2yTT;
	Mon, 11 Jul 2022 19:12:21 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4LhYRS0MZ5z2xHF
 for <development@lists.ipfire.org>; Mon, 11 Jul 2022 19:12:20 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4LhYRR33cnz5bb
 for <development@lists.ipfire.org>; Mon, 11 Jul 2022 19:12:19 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1657566739;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=894d3vu9H6/43hQ7d+vpKib9E9jTkeD+uu6V5NDP2Lo=;
 b=aqpPBrtzgKcj0AlDHPf7yHQ6R6sxTm2lqjj1lGTDzBcQzTI369mXzKQ90WRsYF0u+CaES6
 xCL0lSl2YH2kSpBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1657566739;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=894d3vu9H6/43hQ7d+vpKib9E9jTkeD+uu6V5NDP2Lo=;
 b=gZ2bObU+ORLkI/X9t1rwLceT+UCQl7V7iNU0ThfR9PKVz0soqXgSb3F3E9bSYi9IHhML/1
 XiLmcUl07J0v5tKikn6pByllJp/LbzgSongLoNzN38nSUXLRawcpiJkBlEQ45WwWWP8gyj
 xDjBFBdpaiyMpA+Kjna45ZO6r3vyqlIcr6+XG0G16PG8s71foWRh5UHZCjzv5L1d1cR39y
 0f9QEmQgD8CdVWYJMMNyLGpd802W4YZaCL/5WUklzFNXrIOcFseoPImP4PM2D/gogD2UBy
 eiHcjKBqtLn4STy6uN2RydZz8Cl2f7qAZDS1ioXBoO5lTEwmq4houSEW8lFoTQ==
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] unbound: Update to 1.16.1
Date: Mon, 11 Jul 2022 21:12:14 +0200
Message-Id: <20220711191214.3601106-1-matthias.fischer@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-1

"Features

    Fix #704: [FR] Statistics counter for number of outgoing UDP queries
    sent; introduces 'num.query.udpout' to the 'unbound-control stats'
    command.

Bug Fixes

    makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
    Fix for edns client subnet to respect not looking in its cache when
    instructed to do so (e.g., prefetch).
    Merge PR #688: Rpz url notify issue.
    Note in the unbound.conf text that NOTIFY is allowed from the 'url:'
    addresses for auth and rpz zones.
    Remove unused LDNS function check for GOST Engine unloading.
    Fix for loading locally stored zones that have lines with blanks or
    blanks and comments.
    Fix #663: use after free issue with edns options.
    Clarify -v flag manpage entry (#705)
    Fix test program dohclient close to use portability routine.
    Show the output of the exact .rpl run that failed with 'make test'.
    Fix for cached 0 TTL records to not trigger prefetching when
    serve-expired-client-timeout is set.
    Add debug option to the mini_tdir.sh test code.
    Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
    Allow fallback to the parent side when MAX_TARGET_NX is reached. This
    will also allow MAX_TARGET_NX more NXDOMAINs.
    iana portlist update.
    Fix detection of libz on windows compile with static option.
    Fix compile warning for windows compile.
    Merge PR #706: NXNS fallback.
    From #706: Cached NXDOMAIN does not increase the target nx responses.
    From #706: Don't generate parent side queries if we already have the
    lame records in cache.
    From #706: When a lame address is the best choice, don't try to
    generate target queries when the missing targets are all lame.
    Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS mode
    on openssl3.
    Merge PR #660 from Petr Menšík: Sha1 runtime insecure.
    For #660: formatting, less verbose logging, add EDE information.
    Fix for correct openssl error when adding windows CA certificates to
    the openssl trust store.
    Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
    Reintroduce documentation and more EDE support for
    val_sigcrypt.c::dnskeyset_verify_rrset_sig.
    Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
    one loop pass'.
    Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
    outbound tcp sockets."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/rootfiles/common/unbound | 2 +-
 lfs/unbound                     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
index cb9145516..20fe72a57 100644
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
 #usr/lib/libunbound.la
 #usr/lib/libunbound.so
 usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.1.16
+usr/lib/libunbound.so.8.1.17
 #usr/lib/pkgconfig/libunbound.pc
 usr/sbin/unbound
 usr/sbin/unbound-anchor
diff --git a/lfs/unbound b/lfs/unbound
index 938d3b46e..539ea5005 100644
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.16.0
+VER        = 1.16.1
 
 THISAPP    = unbound-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 62d002e66a24d60a973c620855d9d33e2833f78bf45d9176081646683fe6f371564a40fb637e4b276c556e3b46eb57ff49ee6a7300e9a9e24cb09f4b8dd31695
+$(DL_FILE)_BLAKE2 = 722e2d88f66f35459b71cd339f451bf803c836827f9f74540c4ae500b7f682f0e8c89bda34915fb8df289cc524486fab2a04018717e1ae7ad62006be68af1cad
 
 install : $(TARGET)