unbound: update to 1.8.1

bug fixes for memory leaks
bug fixes for DNS over TLS

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index 39aa0b0e81769a1590aceb19e7a200842cfd57b0..6b55bcf23d09ea1355c37649da3abc5738356ac5 100644 (file)
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
-PKG_VERSION:=1.7.3
-PKG_RELEASE:=3
+PKG_VERSION:=1.8.1
+PKG_RELEASE:=1
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
@@ -17,7 +17,7 @@ PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.unbound.net/downloads
-PKG_HASH:=c11de115d928a6b48b2165e0214402a7a7da313cd479203a7ce7a8b62cba602d
+PKG_HASH:=c362b3b9c35d1b8c1918da02cdd5528d729206c14c767add89ae95acae363c5d
 
 PKG_BUILD_PARALLEL:=1
 PKG_FIXUP:=autoreconf

diff --git a/net/unbound/patches/001-conf.patch b/net/unbound/patches/001-conf.patch
deleted file mode 100644 (file)
index 94a5169..0000000
--- a/net/unbound/patches/001-conf.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-diff --git a/doc/example.conf.in b/doc/example.conf.in
-index be83bda..7317b23 100644
---- a/doc/example.conf.in
-+++ b/doc/example.conf.in
-@@ -15,6 +15,76 @@ server:
-       # verbosity number, 0 is least verbose. 1 is default.
-       verbosity: 1
-
-+      ############################################################################
-+      # MEMORY CONTROL EXAMPLE
-+      # In the example config settings below memory usage is reduced. Some ser-
-+      # vice levels are lower, notable very large data and a high TCP load are
-+      # no longer supported ... are exceptional for the DNS.
-+      # (http://unbound.net/documentation/unbound.conf.html)
-+      ############################################################################
-+
-+      # Self jail Unbound with user "unbound" to /var/lib/unbound
-+      # The script /etc/init.d/unbound will setup the location
-+      username: "unbound"
-+      directory: "/var/lib/unbound"
-+      chroot: "/var/lib/unbound"
-+
-+      # The pid file is created before privleges drop so no concern
-+      pidfile: "/var/run/unbound.pid"
-+
-+      # no threads and no memory slabs for threads
-+      num-threads: 1
-+      msg-cache-slabs: 1
-+      rrset-cache-slabs: 1
-+      infra-cache-slabs: 1
-+      key-cache-slabs: 1
-+
-+      # don't be picky about interfaces but consider your firewall
-+      interface: 0.0.0.0
-+      interface: ::0
-+      access-control: 0.0.0.0/0 allow
-+      access-control: ::0/0 allow
-+
-+      # this limits TCP service but uses less buffers
-+      outgoing-num-tcp: 1
-+      incoming-num-tcp: 1
-+
-+      # use somewhat higher port numbers versus possible NAT issue
-+      outgoing-port-permit: "10240-65335"
-+
-+      # uses less memory but less performance
-+      outgoing-range: 60
-+      num-queries-per-thread: 30
-+
-+      # exclude large responses
-+      msg-buffer-size: 8192
-+
-+      # tiny memory cache
-+      infra-cache-numhosts: 200
-+      msg-cache-size: 100k
-+      rrset-cache-size: 100k
-+      key-cache-size: 100k
-+      neg-cache-size: 10k
-+
-+      # gentle on recursion
-+      target-fetch-policy: "2 1 0 0 0 0"
-+      harden-large-queries: yes
-+      harden-short-bufsize: yes
-+
-+      # DNSSEC enable by removing comments on "module-config:" and "auto-trust-
-+      # -anchor-file:" The init script will copy root key to /var/lib/unbound.
-+      # See package documentation for crontab entry to copy RFC5011 results back.
-+      #module-config: "validator iterator"
-+      #auto-trust-anchor-file: "/var/lib/unbound/root.key"
-+
-+      # DNSSEC needs real time to validate signatures. If your device does not
-+      # have power off clock (reboot), then you may need this work around.
-+      #domain-insecure: "pool.ntp.org"
-+
-+      ############################################################################
-+      # Resume Stock example.conf.in
-+      ############################################################################
-+
-       # print statistics to the log (for every thread) every N seconds.
-       # Set to "" or 0 to disable. Default is disabled.
-       # statistics-interval: 0

diff --git a/net/unbound/patches/100-example-conf-in.patch b/net/unbound/patches/100-example-conf-in.patch
new file mode 100644 (file)
index 0000000..0a4b611
--- /dev/null
+++ b/net/unbound/patches/100-example-conf-in.patch
@@ -0,0 +1,86 @@
+OpenWrt (modification):
+Patch the default configuration file with the tiny memory
+configuration example from Unbound documentation. This is the best
+starting point for embedded routers if one is not going to use UCI.
+
+Index: doc/example.conf.in
+===================================================================
+--- a/doc/example.conf.in
++++ b/doc/example.conf.in
+@@ -15,6 +15,76 @@ server:
+       # verbosity number, 0 is least verbose. 1 is default.
+       verbosity: 1
+
++      ############################################################################
++      # MEMORY CONTROL EXAMPLE
++      # In the example config settings below memory usage is reduced. Some ser-
++      # vice levels are lower, notable very large data and a high TCP load are
++      # no longer supported ... are exceptional for the DNS.
++      # (http://unbound.net/documentation/unbound.conf.html)
++      ############################################################################
++
++      # Self jail Unbound with user "unbound" to /var/lib/unbound
++      # The script /etc/init.d/unbound will setup the location
++      username: "unbound"
++      directory: "/var/lib/unbound"
++      chroot: "/var/lib/unbound"
++
++      # The pid file is created before privleges drop so no concern
++      pidfile: "/var/run/unbound.pid"
++
++      # no threads and no memory slabs for threads
++      num-threads: 1
++      msg-cache-slabs: 1
++      rrset-cache-slabs: 1
++      infra-cache-slabs: 1
++      key-cache-slabs: 1
++
++      # don't be picky about interfaces but consider your firewall
++      interface: 0.0.0.0
++      interface: ::0
++      access-control: 0.0.0.0/0 allow
++      access-control: ::0/0 allow
++
++      # this limits TCP service but uses less buffers
++      outgoing-num-tcp: 1
++      incoming-num-tcp: 1
++
++      # use somewhat higher port numbers versus possible NAT issue
++      outgoing-port-permit: "10240-65335"
++
++      # uses less memory but less performance
++      outgoing-range: 60
++      num-queries-per-thread: 30
++
++      # exclude large responses
++      msg-buffer-size: 8192
++
++      # tiny memory cache
++      infra-cache-numhosts: 200
++      msg-cache-size: 100k
++      rrset-cache-size: 100k
++      key-cache-size: 100k
++      neg-cache-size: 10k
++
++      # gentle on recursion
++      target-fetch-policy: "2 1 0 0 0 0"
++      harden-large-queries: yes
++      harden-short-bufsize: yes
++
++      # DNSSEC enable by removing comments on "module-config:" and "auto-trust-
++      # -anchor-file:" The init script will copy root key to /var/lib/unbound.
++      # See package documentation for crontab entry to copy RFC5011 results back.
++      #module-config: "validator iterator"
++      #auto-trust-anchor-file: "/var/lib/unbound/root.key"
++
++      # DNSSEC needs real time to validate signatures. If your device does not
++      # have power off clock (reboot), then you may need this work around.
++      #domain-insecure: "pool.ntp.org"
++
++      ############################################################################
++      # Resume Stock example.conf.in
++      ############################################################################
++
+       # print statistics to the log (for every thread) every N seconds.
+       # Set to "" or 0 to disable. Default is disabled.
+       # statistics-interval: 0