Browse Source

unbound: update to 1.8.0

- adjust a few UCI translations to coordinate with upstream defaults
- remove OpenSSL < 1.1.0 API log error patch which is included upstream

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
lilik-openwrt-22.03
Eric Luehrsen 6 years ago
parent
commit
32ad87ca80
4 changed files with 29 additions and 70 deletions
  1. +3
    -3
      net/unbound/Makefile
  2. +2
    -1
      net/unbound/files/README.md
  3. +24
    -18
      net/unbound/files/unbound.sh
  4. +0
    -48
      net/unbound/patches/200-openssl-log-err.patch

+ 3
- 3
net/unbound/Makefile View File

@ -8,8 +8,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=unbound
PKG_VERSION:=1.7.3
PKG_RELEASE:=6
PKG_VERSION:=1.8.0
PKG_RELEASE:=1
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
@ -17,7 +17,7 @@ PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.unbound.net/downloads
PKG_HASH:=c11de115d928a6b48b2165e0214402a7a7da313cd479203a7ce7a8b62cba602d
PKG_HASH:=78f79d6d3b643fdcd74a14fc76542250da886c82f82bc55b51e189663d61b83f
PKG_BUILD_PARALLEL:=1
PKG_FIXUP:=autoreconf


+ 2
- 1
net/unbound/files/README.md View File

@ -273,8 +273,9 @@ config unbound
option protocol 'mixed'
Unbound can limit its protocol used for recursive queries.
ip4_only - limit issues if you do not have native IPv6
ip4_only - old fashioned IPv4 upstream and downstream
ip6_only - test environment only; could cauase problems
ip6_local - upstream IPv4 only and local network IPv4 and IPv6
ip6_prefer - both IPv4 and IPv6 but try IPv6 first
mixed - both IPv4 and IPv6
default - Unbound built-in defaults


+ 24
- 18
net/unbound/files/unbound.sh View File

@ -619,7 +619,6 @@ unbound_conf() {
echo " port: $UB_N_RX_PORT"
echo " outgoing-port-permit: 10240-65535"
echo " interface: 0.0.0.0"
echo " interface: ::0"
echo " outgoing-interface: 0.0.0.0"
echo " do-ip4: yes"
echo " do-ip6: no"
@ -632,7 +631,6 @@ unbound_conf() {
echo " edns-buffer-size: $UB_N_EDNS_SIZE"
echo " port: $UB_N_RX_PORT"
echo " outgoing-port-permit: 10240-65535"
echo " interface: 0.0.0.0"
echo " interface: ::0"
echo " outgoing-interface: ::0"
echo " do-ip4: no"
@ -641,6 +639,20 @@ unbound_conf() {
} >> $UB_CORE_CONF
;;
ip6_local)
{
echo " edns-buffer-size: $UB_N_EDNS_SIZE"
echo " port: $UB_N_RX_PORT"
echo " outgoing-port-permit: 10240-65535"
echo " interface: 0.0.0.0"
echo " interface: ::0"
echo " outgoing-interface: 0.0.0.0"
echo " do-ip4: yes"
echo " do-ip6: yes"
echo
} >> $UB_CORE_CONF
;;
ip6_prefer)
{
echo " edns-buffer-size: $UB_N_EDNS_SIZE"
@ -692,27 +704,15 @@ unbound_conf() {
esac
{
# Other harding and options for an embedded router
echo " harden-short-bufsize: yes"
echo " harden-large-queries: yes"
echo " harden-glue: yes"
echo " harden-below-nxdomain: no"
echo " harden-referral-path: no"
echo " use-caps-for-id: no"
echo
} >> $UB_CORE_CONF
case "$UB_D_RESOURCE" in
# Tiny - Unbound's recommended cheap hardware config
tiny) rt_mem=1 ; rt_conn=2 ; rt_buff=1 ;;
# Small - Half RRCACHE and open ports
small) rt_mem=8 ; rt_conn=10 ; rt_buff=2 ;;
# Medium - Nearly default but with some added balancintg
medium) rt_mem=16 ; rt_conn=20 ; rt_buff=4 ;;
medium) rt_mem=16 ; rt_conn=15 ; rt_buff=4 ;;
# Large - Double medium
large) rt_mem=32 ; rt_conn=40 ; rt_buff=4 ;;
large) rt_mem=32 ; rt_conn=20 ; rt_buff=4 ;;
# Whatever unbound does
*) rt_mem=0 ; rt_conn=0 ;;
esac
@ -720,10 +720,16 @@ unbound_conf() {
if [ "$rt_mem" -gt 0 ] ; then
{
# Other harding and options for an embedded router
echo " harden-short-bufsize: yes"
echo " harden-large-queries: yes"
echo " harden-glue: yes"
echo " use-caps-for-id: no"
echo
# Set memory sizing parameters
echo " msg-buffer-size: $(($rt_buff*8192))"
echo " outgoing-range: $(($rt_conn*64))"
echo " num-queries-per-thread: $(($rt_conn*32))"
echo " outgoing-range: $(($rt_conn*32))"
echo " num-queries-per-thread: $(($rt_conn*16))"
echo " outgoing-num-tcp: $(($rt_conn))"
echo " incoming-num-tcp: $(($rt_conn))"
echo " rrset-cache-size: $(($rt_mem*256))k"


+ 0
- 48
net/unbound/patches/200-openssl-log-err.patch View File

@ -1,48 +0,0 @@
Index: daemon/remote.c
===================================================================
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -1950,6 +1950,11 @@
return NULL;
}
} else {
+#ifndef HAVE_SSL_SET1_HOST
+ if(auth_name)
+ log_err("no name verification functionality in "
+ "ssl library, ignored name for %s", todo);
+#endif
/* add address */
if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
auth_name)) {
Index: iterator/iter_fwd.c
===================================================================
--- a/iterator/iter_fwd.c
+++ b/iterator/iter_fwd.c
@@ -239,6 +239,11 @@
s->name, p->str);
return 0;
}
+#ifndef HAVE_SSL_SET1_HOST
+ if(tls_auth_name)
+ log_err("no name verification functionality in "
+ "ssl library, ignored name for %s", p->str);
+#endif
if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
tls_auth_name)) {
log_err("out of memory");
Index: iterator/iter_hints.c
===================================================================
--- a/iterator/iter_hints.c
+++ b/iterator/iter_hints.c
@@ -252,6 +252,11 @@
s->name, p->str);
return 0;
}
+#ifndef HAVE_SSL_SET1_HOST
+ if(auth_name)
+ log_err("no name verification functionality in "
+ "ssl library, ignored name for %s", p->str);
+#endif
if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
auth_name)) {
log_err("out of memory");

Loading…
Cancel
Save