unbound: update to 1.8.0
- adjust a few UCI translations to coordinate with upstream defaults - remove OpenSSL < 1.1.0 API log error patch which is included upstream Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
This commit is contained in:
parent
933c9802aa
commit
32ad87ca80
|
@ -8,8 +8,8 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=unbound
|
||||
PKG_VERSION:=1.7.3
|
||||
PKG_RELEASE:=6
|
||||
PKG_VERSION:=1.8.0
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_LICENSE:=BSD-3-Clause
|
||||
PKG_LICENSE_FILES:=LICENSE
|
||||
|
@ -17,7 +17,7 @@ PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
|
|||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=http://www.unbound.net/downloads
|
||||
PKG_HASH:=c11de115d928a6b48b2165e0214402a7a7da313cd479203a7ce7a8b62cba602d
|
||||
PKG_HASH:=78f79d6d3b643fdcd74a14fc76542250da886c82f82bc55b51e189663d61b83f
|
||||
|
||||
PKG_BUILD_PARALLEL:=1
|
||||
PKG_FIXUP:=autoreconf
|
||||
|
|
|
@ -273,8 +273,9 @@ config unbound
|
|||
|
||||
option protocol 'mixed'
|
||||
Unbound can limit its protocol used for recursive queries.
|
||||
ip4_only - limit issues if you do not have native IPv6
|
||||
ip4_only - old fashioned IPv4 upstream and downstream
|
||||
ip6_only - test environment only; could cauase problems
|
||||
ip6_local - upstream IPv4 only and local network IPv4 and IPv6
|
||||
ip6_prefer - both IPv4 and IPv6 but try IPv6 first
|
||||
mixed - both IPv4 and IPv6
|
||||
default - Unbound built-in defaults
|
||||
|
|
|
@ -619,7 +619,6 @@ unbound_conf() {
|
|||
echo " port: $UB_N_RX_PORT"
|
||||
echo " outgoing-port-permit: 10240-65535"
|
||||
echo " interface: 0.0.0.0"
|
||||
echo " interface: ::0"
|
||||
echo " outgoing-interface: 0.0.0.0"
|
||||
echo " do-ip4: yes"
|
||||
echo " do-ip6: no"
|
||||
|
@ -632,7 +631,6 @@ unbound_conf() {
|
|||
echo " edns-buffer-size: $UB_N_EDNS_SIZE"
|
||||
echo " port: $UB_N_RX_PORT"
|
||||
echo " outgoing-port-permit: 10240-65535"
|
||||
echo " interface: 0.0.0.0"
|
||||
echo " interface: ::0"
|
||||
echo " outgoing-interface: ::0"
|
||||
echo " do-ip4: no"
|
||||
|
@ -641,6 +639,20 @@ unbound_conf() {
|
|||
} >> $UB_CORE_CONF
|
||||
;;
|
||||
|
||||
ip6_local)
|
||||
{
|
||||
echo " edns-buffer-size: $UB_N_EDNS_SIZE"
|
||||
echo " port: $UB_N_RX_PORT"
|
||||
echo " outgoing-port-permit: 10240-65535"
|
||||
echo " interface: 0.0.0.0"
|
||||
echo " interface: ::0"
|
||||
echo " outgoing-interface: 0.0.0.0"
|
||||
echo " do-ip4: yes"
|
||||
echo " do-ip6: yes"
|
||||
echo
|
||||
} >> $UB_CORE_CONF
|
||||
;;
|
||||
|
||||
ip6_prefer)
|
||||
{
|
||||
echo " edns-buffer-size: $UB_N_EDNS_SIZE"
|
||||
|
@ -692,27 +704,15 @@ unbound_conf() {
|
|||
esac
|
||||
|
||||
|
||||
{
|
||||
# Other harding and options for an embedded router
|
||||
echo " harden-short-bufsize: yes"
|
||||
echo " harden-large-queries: yes"
|
||||
echo " harden-glue: yes"
|
||||
echo " harden-below-nxdomain: no"
|
||||
echo " harden-referral-path: no"
|
||||
echo " use-caps-for-id: no"
|
||||
echo
|
||||
} >> $UB_CORE_CONF
|
||||
|
||||
|
||||
case "$UB_D_RESOURCE" in
|
||||
# Tiny - Unbound's recommended cheap hardware config
|
||||
tiny) rt_mem=1 ; rt_conn=2 ; rt_buff=1 ;;
|
||||
# Small - Half RRCACHE and open ports
|
||||
small) rt_mem=8 ; rt_conn=10 ; rt_buff=2 ;;
|
||||
# Medium - Nearly default but with some added balancintg
|
||||
medium) rt_mem=16 ; rt_conn=20 ; rt_buff=4 ;;
|
||||
medium) rt_mem=16 ; rt_conn=15 ; rt_buff=4 ;;
|
||||
# Large - Double medium
|
||||
large) rt_mem=32 ; rt_conn=40 ; rt_buff=4 ;;
|
||||
large) rt_mem=32 ; rt_conn=20 ; rt_buff=4 ;;
|
||||
# Whatever unbound does
|
||||
*) rt_mem=0 ; rt_conn=0 ;;
|
||||
esac
|
||||
|
@ -720,10 +720,16 @@ unbound_conf() {
|
|||
|
||||
if [ "$rt_mem" -gt 0 ] ; then
|
||||
{
|
||||
# Other harding and options for an embedded router
|
||||
echo " harden-short-bufsize: yes"
|
||||
echo " harden-large-queries: yes"
|
||||
echo " harden-glue: yes"
|
||||
echo " use-caps-for-id: no"
|
||||
echo
|
||||
# Set memory sizing parameters
|
||||
echo " msg-buffer-size: $(($rt_buff*8192))"
|
||||
echo " outgoing-range: $(($rt_conn*64))"
|
||||
echo " num-queries-per-thread: $(($rt_conn*32))"
|
||||
echo " outgoing-range: $(($rt_conn*32))"
|
||||
echo " num-queries-per-thread: $(($rt_conn*16))"
|
||||
echo " outgoing-num-tcp: $(($rt_conn))"
|
||||
echo " incoming-num-tcp: $(($rt_conn))"
|
||||
echo " rrset-cache-size: $(($rt_mem*256))k"
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
Index: daemon/remote.c
|
||||
===================================================================
|
||||
--- a/daemon/remote.c
|
||||
+++ b/daemon/remote.c
|
||||
@@ -1950,6 +1950,11 @@
|
||||
return NULL;
|
||||
}
|
||||
} else {
|
||||
+#ifndef HAVE_SSL_SET1_HOST
|
||||
+ if(auth_name)
|
||||
+ log_err("no name verification functionality in "
|
||||
+ "ssl library, ignored name for %s", todo);
|
||||
+#endif
|
||||
/* add address */
|
||||
if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
|
||||
auth_name)) {
|
||||
Index: iterator/iter_fwd.c
|
||||
===================================================================
|
||||
--- a/iterator/iter_fwd.c
|
||||
+++ b/iterator/iter_fwd.c
|
||||
@@ -239,6 +239,11 @@
|
||||
s->name, p->str);
|
||||
return 0;
|
||||
}
|
||||
+#ifndef HAVE_SSL_SET1_HOST
|
||||
+ if(tls_auth_name)
|
||||
+ log_err("no name verification functionality in "
|
||||
+ "ssl library, ignored name for %s", p->str);
|
||||
+#endif
|
||||
if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
|
||||
tls_auth_name)) {
|
||||
log_err("out of memory");
|
||||
Index: iterator/iter_hints.c
|
||||
===================================================================
|
||||
--- a/iterator/iter_hints.c
|
||||
+++ b/iterator/iter_hints.c
|
||||
@@ -252,6 +252,11 @@
|
||||
s->name, p->str);
|
||||
return 0;
|
||||
}
|
||||
+#ifndef HAVE_SSL_SET1_HOST
|
||||
+ if(auth_name)
|
||||
+ log_err("no name verification functionality in "
|
||||
+ "ssl library, ignored name for %s", p->str);
|
||||
+#endif
|
||||
if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
|
||||
auth_name)) {
|
||||
log_err("out of memory");
|
Loading…
Reference in New Issue