From f98637980293d0b6c1e7ed672e6d6fc813d839cd Mon Sep 17 00:00:00 2001 From: Jan Pavlinec Date: Tue, 5 Feb 2019 17:26:42 +0100 Subject: [PATCH] unbound: update to version 1.9.0 Changes: -remove old dns64 patch -refresh openssl deprecated patch -add DoT error log patch https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4206 Signed-off-by: Jan Pavlinec --- net/unbound/Makefile | 6 +-- net/unbound/patches/101-dns64-crash.patch | 23 ----------- .../patches/200-openssl-deprecated.patch | 25 +++--------- net/unbound/patches/300-fix-ssl-err-log.patch | 39 +++++++++++++++++++ 4 files changed, 47 insertions(+), 46 deletions(-) delete mode 100644 net/unbound/patches/101-dns64-crash.patch create mode 100644 net/unbound/patches/300-fix-ssl-err-log.patch diff --git a/net/unbound/Makefile b/net/unbound/Makefile index ad629cf1a..d21551d71 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound -PKG_VERSION:=1.8.3 -PKG_RELEASE:=2 +PKG_VERSION:=1.9.0 +PKG_RELEASE:=1 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE @@ -17,7 +17,7 @@ PKG_MAINTAINER:=Eric Luehrsen PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.unbound.net/downloads -PKG_HASH:=2b692b8311edfad41e7d0380aac34576060d4176add81dc5db419c79b2a4cecc +PKG_HASH:=415af94b8392bc6b2c52e44ac8f17935cc6ddf2cc81edfb47c5be4ad205ab917 PKG_BUILD_PARALLEL:=1 PKG_FIXUP:=autoreconf diff --git a/net/unbound/patches/101-dns64-crash.patch b/net/unbound/patches/101-dns64-crash.patch deleted file mode 100644 index e27f07205..000000000 --- a/net/unbound/patches/101-dns64-crash.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 023411f97505c8c7e375112ad853b6a40ef848a6 Mon Sep 17 00:00:00 2001 -From: Wouter Wijngaards -Date: Wed, 12 Dec 2018 16:03:05 +0000 -Subject: [PATCH] - Fix for crash in dns64 module if response is null. - -git-svn-id: file:///svn/unbound/trunk@5025 be551aaa-1e26-0410-a405-d3ace91eadb9 ---- - dns64/dns64.c | 1 + - doc/Changelog | 3 +++ - 2 files changed, 4 insertions(+) - -diff --git a/dns64/dns64.c b/dns64/dns64.c -index 77e68900..f2834da2 100644 ---- a/dns64/dns64.c -+++ b/dns64/dns64.c -@@ -628,6 +628,7 @@ handle_event_moddone(struct module_qstate* qstate, int id) - - /* Store the response in cache. */ - if ( (!iq || !iq->started_no_cache_store) && -+ qstate->return_msg && qstate->return_msg->rep && - !dns_cache_store(qstate->env, &qstate->qinfo, qstate->return_msg->rep, - 0, 0, 0, NULL, qstate->query_flags)) - log_err("out of memory"); diff --git a/net/unbound/patches/200-openssl-deprecated.patch b/net/unbound/patches/200-openssl-deprecated.patch index 6eaa082fa..7fa1ea86b 100644 --- a/net/unbound/patches/200-openssl-deprecated.patch +++ b/net/unbound/patches/200-openssl-deprecated.patch @@ -1,23 +1,8 @@ -Index: daemon/daemon.c -=================================================================== ---- a/daemon/daemon.c -+++ b/daemon/daemon.c -@@ -769,7 +769,7 @@ daemon_delete(struct daemon* daemon) - # endif - # ifdef HAVE_OPENSSL_CONFIG - EVP_cleanup(); --# if OPENSSL_VERSION_NUMBER < 0x10100000 -+# if (OPENSSL_VERSION_NUMBER < 0x10100000) || !defined(OPENSSL_NO_ENGINE) - ENGINE_cleanup(); - # endif - CONF_modules_free(); -Index: util/net_help.c -=================================================================== --- a/util/net_help.c +++ b/util/net_help.c -@@ -1006,10 +1006,10 @@ void* outgoing_ssl_fd(void* sslctx, int fd) +@@ -1049,10 +1049,10 @@ void* outgoing_ssl_fd(void* sslctx, int static lock_basic_type *ub_openssl_locks = NULL; - + /** callback that gets thread id for openssl */ -static unsigned long -ub_crypto_id_cb(void) @@ -27,9 +12,9 @@ Index: util/net_help.c - return (unsigned long)log_thread_get(); + CRYPTO_THREADID_set_numeric(id, (unsigned long)log_thread_get()); } - + static void -@@ -1035,7 +1035,7 @@ int ub_openssl_lock_init(void) +@@ -1078,7 +1078,7 @@ int ub_openssl_lock_init(void) for(i=0; iname, p->str); + return 0; + } +-#ifndef HAVE_SSL_SET1_HOST ++#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) + if(tls_auth_name) + log_err("no name verification functionality in " + "ssl library, ignored name for %s", p->str); +Index: iterator/iter_hints.c +=================================================================== +--- a/iterator/iter_hints.c (revision 5105) ++++ b/iterator/iter_hints.c (working copy) +@@ -252,7 +252,7 @@ + s->name, p->str); + return 0; + } +-#ifndef HAVE_SSL_SET1_HOST ++#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST) + if(auth_name) + log_err("no name verification functionality in " + "ssl library, ignored name for %s", p->str);