dns/unbound: Update to 1.19.0

ChangeLog: https://nlnetlabs.nl/news/2023/Nov/08/unbound-1.19.0-released/

Features
* Fix #850: [FR] Ability to use specific database in Redis, with new
  redis-logical-db configuration option.
* Merge #944: Disable EDNS DO.  Disable the EDNS DO flag in upstream requests.
  This can be helpful for devices that cannot handle DNSSEC information. But it
  should not be enabled otherwise, because that would stop DNSSEC validation.
  The DNSSEC validation would not work for Unbound itself, and also not for
  downstream users. Default is no. The option is disable-edns-do: no
* Expose the script filename in the Python module environment 'mod_env' instead
  of the config_file structure which includes the linked list of scripts in a
  multi Python module setup; fixes #79.
* Expose the configured listening and outgoing interfaces, if any, as a list of
  strings in the Python 'config_file' class instead of the current Swig object
  proxy; fixes #79.
* Mailing list patches from Daniel Gröber for DNS64 fallback to plain AAAA when
  no A record exists for synthesis, and minor DNS64 code refactoring for better
  readability.
* Merge #951: Cachedb no store. The cachedb-no-store: yes option is used to stop
  cachedb from writing messages to the backend storage.  It reads messages when
  data is available from the backend. The default is no.

Bug Fixes
* Fix for version generation race condition that ignored changes.
* Fix #942: 1.18.0 libunbound DNS regression when built without
   OpenSSL.
* Fix for WKS call to getservbyname that creates allocation on exit in unit test
  by testing numbers first and testing from the services list later.
* Fix autoconf 2.69 warnings in configure.
* Fix #927: unbound 1.18.0 make test error. Fix make test without SHA1.
* Merge #931: Prevent warnings from -Wmissing-prototypes.
* Fix to scrub resource records of type A and AAAA that have an
   inappropriate size. They are removed from responses.
* Fix to move msgparse_rrset_remove_rr code to util/msgparse.c.
* Fix to add EDE text when RRs have been removed due to length.
* Fix to set ede match in unit test for rr length removal.
* Fix to print EDE text in readable form in output logs.
* Fix send of udp retries when ENOBUFS is returned. It stops looping
   and also waits for the condition to go away. Reported by Florian
   Obser.
* Fix authority zone answers for obscured DNAMEs and delegations.
* Merge #936: Check for c99 with autoconf versions prior to 2.70.
* Fix to remove two c99 notations.
* Fix rpz tcp-only action with rpz triggers nsdname and nsip.
* Fix misplaced comment.
* Merge #881: Generalise the proxy protocol code.
* Fix #946: Forwarder returns servfail on upstream response noerror no
   data.
* Fix edns subnet so that queries with a source prefix of zero cause
   the recursor send no edns subnet option to the upstream.
* Fix that printout of EDNS options shows the EDNS cookie option by
   name.
* Fix infinite loop when reading multiple lines of input on a broken
   remote control socket. Addesses #947 and #948.
* Fix #949: "could not create control compt".
* Fix that cachedb does not warn when serve-expired is disabled about
   use of serve-expired-reply-ttl and serve-expired-client-timeout.
* Fix for #949: Fix pythonmod/ubmodule-tst.py for Python 3.x.
* Better fix for infinite loop when reading multiple lines of input on
   a broken remote control socket, by treating a zero byte line the
   same as transmission end. Addesses #947 and #948.
* For multi Python module setups, clean previously parsed module
   functions in __main__'s dictionary, if any, so that only current
   module functions are registered.
* Fix #954: Inconsistent RPZ handling for A record returned along with
   CNAME.
* Fixes for the DNS64 patches.
* Update the dns64_lookup.rpl test for the DNS64 fallback patch.
* Merge #955 from buevsan: fix ipset wrong behavior.
* Update testdata/ipset.tdir test for ipset fix.
* Fix to print detailed errors when an SSL IO routine fails via
   SSL_get_error.
* Clearer configure text for missing protobuf-c development libraries.
* autoconf.
* Merge #930 from Stuart Henderson: add void to
   log_ident_revert_to_default declaration.
* Fix #941: dnscrypt doesn't work after upgrade to 1.18 with
   suggestion by dukeartem to also fix the udp_ancil with dnscrypt.
* Fix SSL compile failure for definition in log_crypto_err_io_code_arg.
* Fix SSL compile failure for other missing definitions in
   log_crypto_err_io_code_arg.
* Fix compilation without openssl, remove unused function warning.
* Mention flex and bison in README.md when building from repository
   source.

PR:		275012
Reported by:	jaap@NLnetLabs.nl (maintainer)

dns/unbound/Makefile

@@ -1,6 +1,5 @@
 PORTNAME=	unbound
-DISTVERSION=	1.18.0
-PORTREVISION=	1
+DISTVERSION=	1.19.0
 CATEGORIES=	dns
 MASTER_SITES=	https://www.nlnetlabs.nl/downloads/unbound/
 
@@ -32,9 +31,9 @@ PORTDOCS=	CNAME-basedRedirectionDesignNotes.pdf CREDITS Changelog \
 		control_proto_spec.txt example.conf ietf67-design-02.odp \
 		ietf67-design-02.pdf requirements.txt
 
-OPTIONS_DEFINE=		DEP-RSA1024 DNSCRYPT DNSTAP DOCS DOH ECDSA EVAPI \
-			DYNLIB FILTER_AAAA GOST HIREDIS LIBEVENT MUNIN_PLUGIN \
-			PYTHON SUBNET TFOCL TFOSE THREADS
+OPTIONS_DEFINE=		DEP-RSA1024 DNSCRYPT DNSTAP DOCS DOH DYNLIB ECDSA EVAPI \
+			FILTER_AAAA GOST HIREDIS LIBEVENT MUNIN_PLUGIN PYTHON \
+			SUBNET TFOCL TFOSE THREADS
 OPTIONS_DEFAULT=	DNSCRYPT DOH DYNLIB ECDSA GOST LIBEVENT THREADS
 OPTIONS_SUB=		yes
 
@@ -98,14 +97,18 @@ post-patch:
 		${WRKSRC}/Makefile.in
 
 post-patch-FILTER_AAAA-on:
-	 ${CAT} ${WRKSRC}/contrib/aaaa-filter-iterator.patch | ${PATCH} -d ${WRKSRC} -p1 -s
+	@${CAT} ${WRKSRC}/contrib/aaaa-filter-iterator.patch | \
+		${PATCH} -d ${WRKSRC} -p1 -s
 
 post-build:
-	@for s in ${STRIP_FILES}; do ${STRIP_CMD} ${WRKSRC}/$$s; done
+	@for s in ${STRIP_FILES}; \
+		do ${STRIP_CMD} ${WRKSRC}/$$s; \
+		done
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}
-	${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/doc/|} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/doc/|} \
+		${STAGEDIR}${DOCSDIR}
 
 post-install-MUNIN_PLUGIN-on:
 	@${MKDIR} ${STAGEDIR}${PREFIX}/share/munin/plugins

dns/unbound/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1693414086
-SHA256 (unbound-1.18.0.tar.gz) = 3da95490a85cff6420f26fae0b84a49f5112df1bf1b7fc34f8724f02082cb712
-SIZE (unbound-1.18.0.tar.gz) = 6315297
+TIMESTAMP = 1699440575
+SHA256 (unbound-1.19.0.tar.gz) = a97532468854c61c2de48ca4170de854fd3bc95c8043bb0cfb0fe26605966624
+SIZE (unbound-1.19.0.tar.gz) = 6336113

dns/unbound/files/patch-netevent.c

@@ -1,159 +0,0 @@
---- util/netevent.c.orig	2023-08-30 01:01:13.000000000 -0700
-+++ util/netevent.c	2023-10-12 19:00:53.157995000 -0700
-@@ -116,6 +116,8 @@
- 
- /** timeout in millisec to wait for write to unblock, packets dropped after.*/
- #define SEND_BLOCKED_WAIT_TIMEOUT 200
-+/** max number of times to wait for write to unblock, packets dropped after.*/
-+#define SEND_BLOCKED_MAX_RETRY 5
- 
- /** Let's make timestamping code cleaner and redefine SO_TIMESTAMP* */
- #ifndef SO_TIMESTAMP
-@@ -402,9 +404,10 @@
- 			WSAGetLastError() == WSAENOBUFS ||
- 			WSAGetLastError() == WSAEWOULDBLOCK) {
- #endif
-+			int retries = 0;
- 			/* if we set the fd blocking, other threads suddenly
- 			 * have a blocking fd that they operate on */
--			while(sent == -1 && (
-+			while(sent == -1 && retries < SEND_BLOCKED_MAX_RETRY && (
- #ifndef USE_WINSOCK
- 				errno == EAGAIN || errno == EINTR ||
- #  ifdef EWOULDBLOCK
-@@ -419,6 +422,13 @@
- #endif
- 			)) {
- #if defined(HAVE_POLL) || defined(USE_WINSOCK)
-+				int send_nobufs = (
-+#ifndef USE_WINSOCK
-+					errno == ENOBUFS
-+#else
-+					WSAGetLastError() == WSAENOBUFS
-+#endif
-+				);
- 				struct pollfd p;
- 				int pret;
- 				memset(&p, 0, sizeof(p));
-@@ -457,8 +467,48 @@
- 					log_err("poll udp out failed: %s",
- 						sock_strerror(errno));
- 					return 0;
-+				} else if((pret < 0 &&
-+#ifndef USE_WINSOCK
-+					errno == ENOBUFS
-+#else
-+					WSAGetLastError() == WSAENOBUFS
-+#endif
-+					) || (send_nobufs && retries > 0)) {
-+					/* ENOBUFS, and poll returned without
-+					 * a timeout. Or the retried send call
-+					 * returned ENOBUFS. It is good to
-+					 * wait a bit for the error to clear. */
-+					/* The timeout is 20*(2^(retries+1)),
-+					 * it increases exponentially, starting
-+					 * at 40 msec. After 5 tries, 1240 msec
-+					 * have passed in total, when poll
-+					 * returned the error, and 1200 msec
-+					 * when send returned the errors. */
-+#ifndef USE_WINSOCK
-+					pret = poll(NULL, 0, (SEND_BLOCKED_WAIT_TIMEOUT/10)<<(retries+1));
-+#else
-+					pret = WSAPoll(NULL, 0, (SEND_BLOCKED_WAIT_TIMEOUT/10)<<(retries+1));
-+#endif
-+					if(pret < 0 &&
-+#ifndef USE_WINSOCK
-+						errno != EAGAIN && errno != EINTR &&
-+#  ifdef EWOULDBLOCK
-+						errno != EWOULDBLOCK &&
-+#  endif
-+						errno != ENOBUFS
-+#else
-+						WSAGetLastError() != WSAEINPROGRESS &&
-+						WSAGetLastError() != WSAEINTR &&
-+						WSAGetLastError() != WSAENOBUFS &&
-+						WSAGetLastError() != WSAEWOULDBLOCK
-+#endif
-+					) {
-+						log_err("poll udp out timer failed: %s",
-+							sock_strerror(errno));
-+					}
- 				}
- #endif /* defined(HAVE_POLL) || defined(USE_WINSOCK) */
-+				retries++;
- 				if (!is_connected) {
- 					sent = sendto(c->fd, (void*)sldns_buffer_begin(packet),
- 						sldns_buffer_remaining(packet), 0,
-@@ -665,7 +715,8 @@
- 			WSAGetLastError() == WSAENOBUFS ||
- 			WSAGetLastError() == WSAEWOULDBLOCK) {
- #endif
--			while(sent == -1 && (
-+			int retries = 0;
-+			while(sent == -1 && retries < SEND_BLOCKED_MAX_RETRY && (
- #ifndef USE_WINSOCK
- 				errno == EAGAIN || errno == EINTR ||
- #  ifdef EWOULDBLOCK
-@@ -680,6 +731,13 @@
- #endif
- 			)) {
- #if defined(HAVE_POLL) || defined(USE_WINSOCK)
-+				int send_nobufs = (
-+#ifndef USE_WINSOCK
-+					errno == ENOBUFS
-+#else
-+					WSAGetLastError() == WSAENOBUFS
-+#endif
-+				);
- 				struct pollfd p;
- 				int pret;
- 				memset(&p, 0, sizeof(p));
-@@ -718,8 +776,48 @@
- 					log_err("poll udp out failed: %s",
- 						sock_strerror(errno));
- 					return 0;
-+				} else if((pret < 0 &&
-+#ifndef USE_WINSOCK
-+					errno == ENOBUFS
-+#else
-+					WSAGetLastError() == WSAENOBUFS
-+#endif
-+					) || (send_nobufs && retries > 0)) {
-+					/* ENOBUFS, and poll returned without
-+					 * a timeout. Or the retried send call
-+					 * returned ENOBUFS. It is good to
-+					 * wait a bit for the error to clear. */
-+					/* The timeout is 20*(2^(retries+1)),
-+					 * it increases exponentially, starting
-+					 * at 40 msec. After 5 tries, 1240 msec
-+					 * have passed in total, when poll
-+					 * returned the error, and 1200 msec
-+					 * when send returned the errors. */
-+#ifndef USE_WINSOCK
-+					pret = poll(NULL, 0, (SEND_BLOCKED_WAIT_TIMEOUT/10)<<(retries+1));
-+#else
-+					pret = WSAPoll(NULL, 0, (SEND_BLOCKED_WAIT_TIMEOUT/10)<<(retries+1));
-+#endif
-+					if(pret < 0 &&
-+#ifndef USE_WINSOCK
-+						errno != EAGAIN && errno != EINTR &&
-+#  ifdef EWOULDBLOCK
-+						errno != EWOULDBLOCK &&
-+#  endif
-+						errno != ENOBUFS
-+#else
-+						WSAGetLastError() != WSAEINPROGRESS &&
-+						WSAGetLastError() != WSAEINTR &&
-+						WSAGetLastError() != WSAENOBUFS &&
-+						WSAGetLastError() != WSAEWOULDBLOCK
-+#endif
-+					) {
-+						log_err("poll udp out timer failed: %s",
-+							sock_strerror(errno));
-+					}
- 				}
- #endif /* defined(HAVE_POLL) || defined(USE_WINSOCK) */
-+				retries++;
- 				sent = sendmsg(c->fd, &msg, 0);
- 			}
- 		}

dns/unbound/pkg-plist

@@ -5,7 +5,7 @@ libdata/pkgconfig/libunbound.pc
 lib/libunbound.a
 lib/libunbound.so
 lib/libunbound.so.8
-lib/libunbound.so.8.1.22
+lib/libunbound.so.8.1.23
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/_unbound.so
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/unbound.py
 %%PYTHON%%%%PYTHON_SITELIBDIR%%/unboundmodule.py