include $(TOPDIR)/rules.mk
PKG_NAME:=unbound
-PKG_VERSION:=1.8.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.8.1
+PKG_RELEASE:=1
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.unbound.net/downloads
-PKG_HASH:=78f79d6d3b643fdcd74a14fc76542250da886c82f82bc55b51e189663d61b83f
+PKG_HASH:=c362b3b9c35d1b8c1918da02cdd5528d729206c14c767add89ae95acae363c5d
PKG_BUILD_PARALLEL:=1
PKG_FIXUP:=autoreconf
+++ /dev/null
-Unbound (trunk):
-Fix that with harden-below-nxdomain and qname minisation enabled
-some iterator states for nonresponsive domains can get into a
-state where they waited for an empty list.
-Stop UDP to TCP failover after timeouts that causes the ping count
-to be reset by the TCP time measurement (that exists for TLS),
-because that causes the UDP part to not be measured as timeout.
-
-Index: iterator/iterator.c
-===================================================================
---- a/iterator/iterator.c
-+++ b/iterator/iterator.c
-@@ -2752,6 +2752,12 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
- verbose(VERB_ALGO,
- "could not validate NXDOMAIN "
- "response");
-+ outbound_list_clear(&iq->outlist);
-+ iq->num_current_queries = 0;
-+ fptr_ok(fptr_whitelist_modenv_detach_subs(
-+ qstate->env->detach_subs));
-+ (*qstate->env->detach_subs)(qstate);
-+ iq->num_target_queries = 0;
- }
- }
- return next_state(iq, QUERYTARGETS_STATE);
-Index: services/outside_network.c
-===================================================================
---- a/services/outside_network.c
-+++ b/services/outside_network.c
-@@ -1979,7 +1979,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
- return 0;
- }
- if(rto >= RTT_MAX_TIMEOUT) {
-- fallback_tcp = 1;
-+ /* fallback_tcp = 1; */
- /* UDP does not work, fallback to TCP below */
- } else {
- serviced_callbacks(sq, NETEVENT_TIMEOUT, c, rep);
+++ /dev/null
-Unbound (trunk):
-For DNS over TLS service, it sets the configured tls auth name.
-This is useful for hosts that apart from the DNS over TLS services
-also provide other (web) services. Add SSL cleanup for tcp timeout.
-
-Index: services/outside_network.c
-===================================================================
---- a/services/outside_network.c
-+++ b/services/outside_network.c
-@@ -377,6 +379,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
- if(!SSL_set1_host(pend->c->ssl, w->tls_auth_name)) {
- log_err("SSL_set1_host failed");
- pend->c->fd = s;
-+ SSL_free(pend->c->ssl);
-+ pend->c->ssl = NULL;
- comm_point_close(pend->c);
- return 0;
- }
-@@ -1264,6 +1268,13 @@ outnet_tcptimer(void* arg)
- } else {
- /* it was in use */
- struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting;
-+ if(pend->c->ssl) {
-+#ifdef HAVE_SSL
-+ SSL_shutdown(pend->c->ssl);
-+ SSL_free(pend->c->ssl);
-+ pend->c->ssl = NULL;
-+#endif
-+ }
- comm_point_close(pend->c);
- pend->query = NULL;
- pend->next_free = outnet->tcp_free;
projects / feed / packages.git / commitdiff