unbound: update to 1.8.1
authorEric Luehrsen <ericluehrsen@gmail.com>
Tue, 9 Oct 2018 00:20:28 +0000 (20:20 -0400)
committerEric Luehrsen <ericluehrsen@gmail.com>
Wed, 10 Oct 2018 02:23:03 +0000 (22:23 -0400)
bug fixes for memory leaks
bug fixes for DNS over TLS

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
net/unbound/Makefile
net/unbound/patches/210-query-state-leak.patch [deleted file]
net/unbound/patches/211-tls-timeout-leak.patch [deleted file]

index 6624695e4d9a5170d4430a01a9a433289281ade4..eaa9051463426c617bb407757ea3f2d7e6bdf65d 100644 (file)
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
-PKG_VERSION:=1.8.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.8.1
+PKG_RELEASE:=1
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
@@ -17,7 +17,7 @@ PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.unbound.net/downloads
-PKG_HASH:=78f79d6d3b643fdcd74a14fc76542250da886c82f82bc55b51e189663d61b83f
+PKG_HASH:=c362b3b9c35d1b8c1918da02cdd5528d729206c14c767add89ae95acae363c5d
 
 PKG_BUILD_PARALLEL:=1
 PKG_FIXUP:=autoreconf
diff --git a/net/unbound/patches/210-query-state-leak.patch b/net/unbound/patches/210-query-state-leak.patch
deleted file mode 100644 (file)
index f8a6d25..0000000
+++ /dev/null
@@ -1,38 +0,0 @@
-Unbound (trunk):
-Fix that with harden-below-nxdomain and qname minisation enabled
-some iterator states for nonresponsive domains can get into a
-state where they waited for an empty list.
-Stop UDP to TCP failover after timeouts that causes the ping count
-to be reset by the TCP time measurement (that exists for TLS),
-because that causes the UDP part to not be measured as timeout.
-
-Index: iterator/iterator.c
-===================================================================
---- a/iterator/iterator.c
-+++ b/iterator/iterator.c
-@@ -2752,6 +2752,12 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
-                                               verbose(VERB_ALGO,
-                                               "could not validate NXDOMAIN "
-                                               "response");
-+                                      outbound_list_clear(&iq->outlist);
-+                                      iq->num_current_queries = 0;
-+                                      fptr_ok(fptr_whitelist_modenv_detach_subs(
-+                                              qstate->env->detach_subs));
-+                                      (*qstate->env->detach_subs)(qstate);
-+                                      iq->num_target_queries = 0;
-                               }
-                       }
-                       return next_state(iq, QUERYTARGETS_STATE);
-Index: services/outside_network.c
-===================================================================
---- a/services/outside_network.c
-+++ b/services/outside_network.c
-@@ -1979,7 +1979,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
-                       return 0;
-               }
-               if(rto >= RTT_MAX_TIMEOUT) {
--                      fallback_tcp = 1;
-+                      /* fallback_tcp = 1; */
-                       /* UDP does not work, fallback to TCP below */
-               } else {
-                       serviced_callbacks(sq, NETEVENT_TIMEOUT, c, rep);
diff --git a/net/unbound/patches/211-tls-timeout-leak.patch b/net/unbound/patches/211-tls-timeout-leak.patch
deleted file mode 100644 (file)
index 7dfc2a8..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-Unbound (trunk):
-For DNS over TLS service, it sets the configured tls auth name.
-This is useful for hosts that apart from the DNS over TLS services
-also provide other (web) services. Add SSL cleanup for tcp timeout.
-
-Index: services/outside_network.c
-===================================================================
---- a/services/outside_network.c
-+++ b/services/outside_network.c
-@@ -377,6 +379,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
-                         if(!SSL_set1_host(pend->c->ssl, w->tls_auth_name)) {
-                                 log_err("SSL_set1_host failed");
-                               pend->c->fd = s;
-+                              SSL_free(pend->c->ssl);
-+                              pend->c->ssl = NULL;
-                               comm_point_close(pend->c);
-                               return 0;
-                       }
-@@ -1264,6 +1268,13 @@ outnet_tcptimer(void* arg)
-       } else {
-               /* it was in use */
-               struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting;
-+              if(pend->c->ssl) {
-+#ifdef HAVE_SSL
-+                      SSL_shutdown(pend->c->ssl);
-+                      SSL_free(pend->c->ssl);
-+                      pend->c->ssl = NULL;
-+#endif
-+              }
-               comm_point_close(pend->c);
-               pend->query = NULL;
-               pend->next_free = outnet->tcp_free;