unbound: update to 1.8.1

bug fixes for memory leaks
bug fixes for DNS over TLS

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>

net/unbound/Makefile

@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
-PKG_VERSION:=1.8.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.8.1
+PKG_RELEASE:=1
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
@@ -17,7 +17,7 @@ PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.unbound.net/downloads
-PKG_HASH:=78f79d6d3b643fdcd74a14fc76542250da886c82f82bc55b51e189663d61b83f
+PKG_HASH:=c362b3b9c35d1b8c1918da02cdd5528d729206c14c767add89ae95acae363c5d
 
 PKG_BUILD_PARALLEL:=1
 PKG_FIXUP:=autoreconf

net/unbound/patches/210-query-state-leak.patch

@@ -1,38 +0,0 @@
-Unbound (trunk):
-Fix that with harden-below-nxdomain and qname minisation enabled
-some iterator states for nonresponsive domains can get into a
-state where they waited for an empty list.
-Stop UDP to TCP failover after timeouts that causes the ping count
-to be reset by the TCP time measurement (that exists for TLS),
-because that causes the UDP part to not be measured as timeout.
-
-Index: iterator/iterator.c
-===================================================================
---- a/iterator/iterator.c
-+++ b/iterator/iterator.c
-@@ -2752,6 +2752,12 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
- 						verbose(VERB_ALGO,
- 						"could not validate NXDOMAIN "
- 						"response");
-+					outbound_list_clear(&iq->outlist);
-+					iq->num_current_queries = 0;
-+					fptr_ok(fptr_whitelist_modenv_detach_subs(
-+						qstate->env->detach_subs));
-+					(*qstate->env->detach_subs)(qstate);
-+					iq->num_target_queries = 0;
- 				}
- 			}
- 			return next_state(iq, QUERYTARGETS_STATE);
-Index: services/outside_network.c
-===================================================================
---- a/services/outside_network.c
-+++ b/services/outside_network.c
-@@ -1979,7 +1979,7 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error,
- 			return 0;
- 		}
- 		if(rto >= RTT_MAX_TIMEOUT) {
--			fallback_tcp = 1;
-+			/* fallback_tcp = 1; */
- 			/* UDP does not work, fallback to TCP below */
- 		} else {
- 			serviced_callbacks(sq, NETEVENT_TIMEOUT, c, rep);

net/unbound/patches/211-tls-timeout-leak.patch

@@ -1,32 +0,0 @@
-Unbound (trunk):
-For DNS over TLS service, it sets the configured tls auth name.
-This is useful for hosts that apart from the DNS over TLS services
-also provide other (web) services. Add SSL cleanup for tcp timeout.
-
-Index: services/outside_network.c
-===================================================================
---- a/services/outside_network.c
-+++ b/services/outside_network.c
-@@ -377,6 +379,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
-                         if(!SSL_set1_host(pend->c->ssl, w->tls_auth_name)) {
-                                 log_err("SSL_set1_host failed");
- 				pend->c->fd = s;
-+				SSL_free(pend->c->ssl);
-+				pend->c->ssl = NULL;
- 				comm_point_close(pend->c);
- 				return 0;
- 			}
-@@ -1264,6 +1268,13 @@ outnet_tcptimer(void* arg)
- 	} else {
- 		/* it was in use */
- 		struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting;
-+		if(pend->c->ssl) {
-+#ifdef HAVE_SSL
-+			SSL_shutdown(pend->c->ssl);
-+			SSL_free(pend->c->ssl);
-+			pend->c->ssl = NULL;
-+#endif
-+		}
- 		comm_point_close(pend->c);
- 		pend->query = NULL;
- 		pend->next_free = outnet->tcp_free;