unbound: update to version 1.9.0

Changes:
-remove old dns64 patch
-refresh openssl deprecated patch
-add DoT error log patch https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4206

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index ad629cf1a8235ba9a2f05ea6f55463f588dd81a6..d21551d7168331b0f0053950305ae87c62f7abbd 100644 (file)
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
-PKG_VERSION:=1.8.3
-PKG_RELEASE:=2
+PKG_VERSION:=1.9.0
+PKG_RELEASE:=1
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
@@ -17,7 +17,7 @@ PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.unbound.net/downloads
-PKG_HASH:=2b692b8311edfad41e7d0380aac34576060d4176add81dc5db419c79b2a4cecc
+PKG_HASH:=415af94b8392bc6b2c52e44ac8f17935cc6ddf2cc81edfb47c5be4ad205ab917
 
 PKG_BUILD_PARALLEL:=1
 PKG_FIXUP:=autoreconf

diff --git a/net/unbound/patches/101-dns64-crash.patch b/net/unbound/patches/101-dns64-crash.patch
deleted file mode 100644 (file)
index e27f072..0000000
--- a/net/unbound/patches/101-dns64-crash.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 023411f97505c8c7e375112ad853b6a40ef848a6 Mon Sep 17 00:00:00 2001
-From: Wouter Wijngaards <wouter@nlnetlabs.nl>
-Date: Wed, 12 Dec 2018 16:03:05 +0000
-Subject: [PATCH] - Fix for crash in dns64 module if response is null.
-
-git-svn-id: file:///svn/unbound/trunk@5025 be551aaa-1e26-0410-a405-d3ace91eadb9
----
- dns64/dns64.c | 1 +
- doc/Changelog | 3 +++
- 2 files changed, 4 insertions(+)
-
-diff --git a/dns64/dns64.c b/dns64/dns64.c
-index 77e68900..f2834da2 100644
---- a/dns64/dns64.c
-+++ b/dns64/dns64.c
-@@ -628,6 +628,7 @@ handle_event_moddone(struct module_qstate* qstate, int id)
- 
-       /* Store the response in cache. */
-       if ( (!iq || !iq->started_no_cache_store) &&
-+              qstate->return_msg && qstate->return_msg->rep &&
-               !dns_cache_store(qstate->env, &qstate->qinfo, qstate->return_msg->rep,
-               0, 0, 0, NULL, qstate->query_flags))
-               log_err("out of memory");

diff --git a/net/unbound/patches/200-openssl-deprecated.patch b/net/unbound/patches/200-openssl-deprecated.patch
index 6eaa082fafb1a11fb5a1e8a9fc7218deeaef0ea4..7fa1ea86b4f3593ede3d6f8337e9ebc7262d12d5 100644 (file)
--- a/net/unbound/patches/200-openssl-deprecated.patch
+++ b/net/unbound/patches/200-openssl-deprecated.patch
@@ -1,23 +1,8 @@
-Index: daemon/daemon.c
-===================================================================
---- a/daemon/daemon.c
-+++ b/daemon/daemon.c
-@@ -769,7 +769,7 @@ daemon_delete(struct daemon* daemon)
- #  endif
- #  ifdef HAVE_OPENSSL_CONFIG
-       EVP_cleanup();
--#  if OPENSSL_VERSION_NUMBER < 0x10100000
-+#  if (OPENSSL_VERSION_NUMBER < 0x10100000) || !defined(OPENSSL_NO_ENGINE)
-       ENGINE_cleanup();
- #  endif
-       CONF_modules_free();
-Index: util/net_help.c
-===================================================================
 --- a/util/net_help.c
 +++ b/util/net_help.c
-@@ -1006,10 +1006,10 @@ void* outgoing_ssl_fd(void* sslctx, int fd)
+@@ -1049,10 +1049,10 @@ void* outgoing_ssl_fd(void* sslctx, int
  static lock_basic_type *ub_openssl_locks = NULL;
- 
+
  /** callback that gets thread id for openssl */
 -static unsigned long
 -ub_crypto_id_cb(void)
@@ -27,9 +12,9 @@ Index: util/net_help.c
 -      return (unsigned long)log_thread_get();
 +      CRYPTO_THREADID_set_numeric(id, (unsigned long)log_thread_get());
  }
- 
+
  static void
-@@ -1035,7 +1035,7 @@ int ub_openssl_lock_init(void)
+@@ -1078,7 +1078,7 @@ int ub_openssl_lock_init(void)
        for(i=0; i<CRYPTO_num_locks(); i++) {
                lock_basic_init(&ub_openssl_locks[i]);
        }
@@ -38,7 +23,7 @@ Index: util/net_help.c
        CRYPTO_set_locking_callback(&ub_crypto_lock_cb);
  #endif /* OPENSSL_THREADS */
        return 1;
-@@ -1047,7 +1047,7 @@ void ub_openssl_lock_delete(void)
+@@ -1090,7 +1090,7 @@ void ub_openssl_lock_delete(void)
        int i;
        if(!ub_openssl_locks)
                return;

diff --git a/net/unbound/patches/300-fix-ssl-err-log.patch b/net/unbound/patches/300-fix-ssl-err-log.patch
new file mode 100644 (file)
index 0000000..f2f0add
--- /dev/null
+++ b/net/unbound/patches/300-fix-ssl-err-log.patch
@@ -0,0 +1,39 @@
+Index: daemon/remote.c
+===================================================================
+--- a/daemon/remote.c  (revision 5105)
++++ b/daemon/remote.c  (working copy)
+@@ -1987,7 +1987,7 @@
+                               return NULL;
+                       }
+               } else {
+-#ifndef HAVE_SSL_SET1_HOST
++#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
+                       if(auth_name)
+                         log_err("no name verification functionality in "
+                               "ssl library, ignored name for %s", todo);
+Index: iterator/iter_fwd.c
+===================================================================
+--- a/iterator/iter_fwd.c      (revision 5105)
++++ b/iterator/iter_fwd.c      (working copy)
+@@ -239,7 +239,7 @@
+                               s->name, p->str);
+                       return 0;
+               }
+-#ifndef HAVE_SSL_SET1_HOST
++#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
+               if(tls_auth_name)
+                       log_err("no name verification functionality in "
+                               "ssl library, ignored name for %s", p->str);
+Index: iterator/iter_hints.c
+===================================================================
+--- a/iterator/iter_hints.c    (revision 5105)
++++ b/iterator/iter_hints.c    (working copy)
+@@ -252,7 +252,7 @@
+                               s->name, p->str);
+                       return 0;
+               }
+-#ifndef HAVE_SSL_SET1_HOST
++#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
+               if(auth_name)
+                       log_err("no name verification functionality in "
+                               "ssl library, ignored name for %s", p->str);