From 32ad87ca807570718eaa325e3c6186fe5b3fedaa Mon Sep 17 00:00:00 2001 From: Eric Luehrsen Date: Sat, 15 Sep 2018 10:41:40 -0400 Subject: [PATCH] unbound: update to 1.8.0 - adjust a few UCI translations to coordinate with upstream defaults - remove OpenSSL < 1.1.0 API log error patch which is included upstream Signed-off-by: Eric Luehrsen --- net/unbound/Makefile | 6 +-- net/unbound/files/README.md | 3 +- net/unbound/files/unbound.sh | 42 +++++++++------- net/unbound/patches/200-openssl-log-err.patch | 48 ------------------- 4 files changed, 29 insertions(+), 70 deletions(-) delete mode 100644 net/unbound/patches/200-openssl-log-err.patch diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 3700c24d1..354cf59a7 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.7.3 -PKG_RELEASE:=6 +PKG_VERSION:=1.8.0 +PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE @@ -17,7 +17,7 @@ PKG_MAINTAINER:=Eric Luehrsen PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.unbound.net/downloads -PKG_HASH:=c11de115d928a6b48b2165e0214402a7a7da313cd479203a7ce7a8b62cba602d +PKG_HASH:=78f79d6d3b643fdcd74a14fc76542250da886c82f82bc55b51e189663d61b83f PKG_BUILD_PARALLEL:=1 PKG_FIXUP:=autoreconf diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md index 812d9a607..6576b2c85 100644 --- a/net/unbound/files/README.md +++ b/net/unbound/files/README.md @@ -273,8 +273,9 @@ config unbound option protocol 'mixed' Unbound can limit its protocol used for recursive queries. - ip4_only - limit issues if you do not have native IPv6 + ip4_only - old fashioned IPv4 upstream and downstream ip6_only - test environment only; could cauase problems + ip6_local - upstream IPv4 only and local network IPv4 and IPv6 ip6_prefer - both IPv4 and IPv6 but try IPv6 first mixed - both IPv4 and IPv6 default - Unbound built-in defaults diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh index 061331220..68b3c92b4 100644 --- a/net/unbound/files/unbound.sh +++ b/net/unbound/files/unbound.sh @@ -619,7 +619,6 @@ unbound_conf() { echo " port: $UB_N_RX_PORT" echo " outgoing-port-permit: 10240-65535" echo " interface: 0.0.0.0" - echo " interface: ::0" echo " outgoing-interface: 0.0.0.0" echo " do-ip4: yes" echo " do-ip6: no" @@ -632,7 +631,6 @@ unbound_conf() { echo " edns-buffer-size: $UB_N_EDNS_SIZE" echo " port: $UB_N_RX_PORT" echo " outgoing-port-permit: 10240-65535" - echo " interface: 0.0.0.0" echo " interface: ::0" echo " outgoing-interface: ::0" echo " do-ip4: no" @@ -641,6 +639,20 @@ unbound_conf() { } >> $UB_CORE_CONF ;; + ip6_local) + { + echo " edns-buffer-size: $UB_N_EDNS_SIZE" + echo " port: $UB_N_RX_PORT" + echo " outgoing-port-permit: 10240-65535" + echo " interface: 0.0.0.0" + echo " interface: ::0" + echo " outgoing-interface: 0.0.0.0" + echo " do-ip4: yes" + echo " do-ip6: yes" + echo + } >> $UB_CORE_CONF + ;; + ip6_prefer) { echo " edns-buffer-size: $UB_N_EDNS_SIZE" @@ -692,27 +704,15 @@ unbound_conf() { esac - { - # Other harding and options for an embedded router - echo " harden-short-bufsize: yes" - echo " harden-large-queries: yes" - echo " harden-glue: yes" - echo " harden-below-nxdomain: no" - echo " harden-referral-path: no" - echo " use-caps-for-id: no" - echo - } >> $UB_CORE_CONF - - case "$UB_D_RESOURCE" in # Tiny - Unbound's recommended cheap hardware config tiny) rt_mem=1 ; rt_conn=2 ; rt_buff=1 ;; # Small - Half RRCACHE and open ports small) rt_mem=8 ; rt_conn=10 ; rt_buff=2 ;; # Medium - Nearly default but with some added balancintg - medium) rt_mem=16 ; rt_conn=20 ; rt_buff=4 ;; + medium) rt_mem=16 ; rt_conn=15 ; rt_buff=4 ;; # Large - Double medium - large) rt_mem=32 ; rt_conn=40 ; rt_buff=4 ;; + large) rt_mem=32 ; rt_conn=20 ; rt_buff=4 ;; # Whatever unbound does *) rt_mem=0 ; rt_conn=0 ;; esac @@ -720,10 +720,16 @@ unbound_conf() { if [ "$rt_mem" -gt 0 ] ; then { + # Other harding and options for an embedded router + echo " harden-short-bufsize: yes" + echo " harden-large-queries: yes" + echo " harden-glue: yes" + echo " use-caps-for-id: no" + echo # Set memory sizing parameters echo " msg-buffer-size: $(($rt_buff*8192))" - echo " outgoing-range: $(($rt_conn*64))" - echo " num-queries-per-thread: $(($rt_conn*32))" + echo " outgoing-range: $(($rt_conn*32))" + echo " num-queries-per-thread: $(($rt_conn*16))" echo " outgoing-num-tcp: $(($rt_conn))" echo " incoming-num-tcp: $(($rt_conn))" echo " rrset-cache-size: $(($rt_mem*256))k" diff --git a/net/unbound/patches/200-openssl-log-err.patch b/net/unbound/patches/200-openssl-log-err.patch deleted file mode 100644 index b1ddd5daf..000000000 --- a/net/unbound/patches/200-openssl-log-err.patch +++ /dev/null @@ -1,48 +0,0 @@ -Index: daemon/remote.c -=================================================================== ---- a/daemon/remote.c -+++ b/daemon/remote.c -@@ -1950,6 +1950,11 @@ - return NULL; - } - } else { -+#ifndef HAVE_SSL_SET1_HOST -+ if(auth_name) -+ log_err("no name verification functionality in " -+ "ssl library, ignored name for %s", todo); -+#endif - /* add address */ - if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0, - auth_name)) { -Index: iterator/iter_fwd.c -=================================================================== ---- a/iterator/iter_fwd.c -+++ b/iterator/iter_fwd.c -@@ -239,6 +239,11 @@ - s->name, p->str); - return 0; - } -+#ifndef HAVE_SSL_SET1_HOST -+ if(tls_auth_name) -+ log_err("no name verification functionality in " -+ "ssl library, ignored name for %s", p->str); -+#endif - if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0, - tls_auth_name)) { - log_err("out of memory"); -Index: iterator/iter_hints.c -=================================================================== ---- a/iterator/iter_hints.c -+++ b/iterator/iter_hints.c -@@ -252,6 +252,11 @@ - s->name, p->str); - return 0; - } -+#ifndef HAVE_SSL_SET1_HOST -+ if(auth_name) -+ log_err("no name verification functionality in " -+ "ssl library, ignored name for %s", p->str); -+#endif - if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0, - auth_name)) { - log_err("out of memory");