From 67567e453626322cc3a93204abe177bd11c8950d Mon Sep 17 00:00:00 2001 From: Michael Hanselmann Date: Mon, 14 Dec 2015 23:13:26 +0100 Subject: [PATCH] [Unbound] Update to 1.5.7 Bump unbound to version 1.5.7 released on December 10, 2015. Signed-off-by: Michael Hanselmann --- net/unbound/Makefile | 4 ++-- net/unbound/patches/001-conf.patch | 38 +++++++++++++++--------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/net/unbound/Makefile b/net/unbound/Makefile index ae346b1bd..baf1c5740 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.5.6 +PKG_VERSION:=1.5.7 PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause @@ -17,7 +17,7 @@ PKG_MAINTAINER:=Michael Hanselmann PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.unbound.net/downloads -PKG_MD5SUM:=691a34abd8e9257dd65b70f28326c1f0 +PKG_MD5SUM:=a1253cbbb339dbca03404dcc58365d71 PKG_BUILD_DEPENDS:=libexpat PKG_BUILD_PARALLEL:=1 diff --git a/net/unbound/patches/001-conf.patch b/net/unbound/patches/001-conf.patch index a795532c0..eab0df375 100644 --- a/net/unbound/patches/001-conf.patch +++ b/net/unbound/patches/001-conf.patch @@ -1,5 +1,5 @@ diff --git a/doc/example.conf.in b/doc/example.conf.in -index 60ed5c8..abd85f9 100644 +index ff90e3b..5c20fdf 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -38,6 +38,8 @@ server: @@ -10,7 +10,7 @@ index 60ed5c8..abd85f9 100644 + interface: ::0 # enable this feature to copy the source address of queries to reply. - # Socket options are not supported on all platforms. experimental. + # Socket options are not supported on all platforms. experimental. @@ -57,6 +59,7 @@ server: # port range that can be open simultaneously. About double the # num-queries-per-thread, or, use as many as the OS will allow you. @@ -31,14 +31,14 @@ index 60ed5c8..abd85f9 100644 # buffer size for UDP port 53 incoming (SO_RCVBUF socket option). # 0 is system default. Use 4m to catch query spikes for busy servers. -@@ -99,18 +104,22 @@ server: +@@ -103,18 +108,22 @@ server: # buffer size for handling DNS data. No messages larger than this # size can be sent or received, by UDP or TCP. In bytes. # msg-buffer-size: 65552 + msg-buffer-size: 8192 # the amount of memory to use for the message cache. - # plain value in bytes or you can append k, m or G. default is "4Mb". + # plain value in bytes or you can append k, m or G. default is "4Mb". # msg-cache-size: 4m + msg-cache-size: 100k @@ -54,9 +54,9 @@ index 60ed5c8..abd85f9 100644 # if very busy, 50% queries run to completion, 50% get timeout in msec # jostle-timeout: 200 -@@ -121,11 +130,13 @@ server: +@@ -125,11 +134,13 @@ server: # the amount of memory to use for the RRset cache. - # plain value in bytes or you can append k, m or G. default is "4Mb". + # plain value in bytes or you can append k, m or G. default is "4Mb". # rrset-cache-size: 4m + rrset-cache-size: 100k @@ -68,7 +68,7 @@ index 60ed5c8..abd85f9 100644 # the time to live (TTL) value lower bound, in seconds. Default 0. # If more than an hour could easily give trouble due to stale data. -@@ -146,9 +157,11 @@ server: +@@ -153,9 +164,11 @@ server: # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. # infra-cache-slabs: 4 @@ -80,7 +80,7 @@ index 60ed5c8..abd85f9 100644 # Enable IPv4, "yes" or "no". # do-ip4: yes -@@ -181,6 +194,8 @@ server: +@@ -188,6 +201,8 @@ server: # access-control: ::0/0 refuse # access-control: ::1 allow # access-control: ::ffff:127.0.0.1 allow @@ -89,34 +89,34 @@ index 60ed5c8..abd85f9 100644 # if given, a chroot(2) is done to the given directory. # i.e. you can chroot to the working directory, for example, -@@ -211,6 +226,7 @@ server: +@@ -218,6 +233,7 @@ server: # and the given username is assumed. Default is user "unbound". # If you give "" no privileges are dropped. # username: "@UNBOUND_USERNAME@" + username: "" - # the working directory. The relative files in this config are + # the working directory. The relative files in this config are # relative to this directory. If you give "" the working directory -@@ -233,10 +249,12 @@ server: +@@ -240,10 +256,12 @@ server: # the pid file. Can be an absolute path outside of chroot/work dir. # pidfile: "@UNBOUND_PIDFILE@" + pidfile: "/var/run/unbound.pid" # file to read root hints from. - # get one from ftp://FTP.INTERNIC.NET/domain/named.cache + # get one from https://www.internic.net/domain/named.cache # root-hints: "" + root-hints: "/etc/unbound/named.cache" # enable to not answer id.server and hostname.bind queries. # hide-identity: no -@@ -259,12 +277,15 @@ server: +@@ -266,12 +284,15 @@ server: # positive value: fetch that many targets opportunistically. # Enclose the list of numbers between quotes (""). # target-fetch-policy: "3 2 1 0 0" + target-fetch-policy: "2 1 0 0 0 0" - # Harden against very small EDNS buffer sizes. + # Harden against very small EDNS buffer sizes. # harden-short-bufsize: no + harden-short-bufsize: yes @@ -124,9 +124,9 @@ index 60ed5c8..abd85f9 100644 # harden-large-queries: no + harden-large-queries: yes - # Harden against out of zone rrsets, to avoid spoofing attempts. + # Harden against out of zone rrsets, to avoid spoofing attempts. # harden-glue: yes -@@ -345,7 +366,7 @@ server: +@@ -367,7 +388,7 @@ server: # you start unbound (i.e. in the system boot scripts). And enable: # Please note usage of unbound-anchor root anchor is at your own risk # and under the terms of our LICENSE (see that file in the source). @@ -135,9 +135,9 @@ index 60ed5c8..abd85f9 100644 # File with DLV trusted keys. Same format as trust-anchor-file. # There can be only one DLV configured, it is trusted from root down. -@@ -431,15 +452,18 @@ server: +@@ -456,15 +477,18 @@ server: # the amount of memory to use for the key cache. - # plain value in bytes or you can append k, m or G. default is "4Mb". + # plain value in bytes or you can append k, m or G. default is "4Mb". # key-cache-size: 4m + key-cache-size: 100k @@ -148,7 +148,7 @@ index 60ed5c8..abd85f9 100644 + key-cache-slabs: 1 # the amount of memory to use for the negative cache (used for DLV). - # plain value in bytes or you can append k, m or G. default is "1Mb". + # plain value in bytes or you can append k, m or G. default is "1Mb". # neg-cache-size: 1m + neg-cache-size: 10k