#9415: unbound-1.6.4
-----------------------------+-------------------------
Reporter: pierre.labastie | Owner: blfs-book@…
Type: enhancement | Status: new
Priority: normal | Milestone: 8.1
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-----------------------------+-------------------------
New point version.
{{{
Features
Implemented trust anchor signaling using key tag query.
unbound-checkconf -o allows query of dnstap config variables. Also
unbound-control get_option. Also for dnscrypt.
unbound.h exports the shm stats structures. They use type long long
and no ifdefs, and ub_ before the typenames.
Implemented opportunistic IPsec support module (ipsecmod).
Added redirect-bogus.patch to contrib directory.
Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
renumbering B-Root's IPv6 address to 2001:500:200::b.
Fix #1276: [dnscrypt] add XChaCha20-Poly1305 cipher.
Fix #1277: disable domain ratelimit by setting value to 0.
Added fastrpz patch to contrib
Bug Fixes
Added ECS unit test (from Manu Bretelle).
ECS documentation fix (from Manu Bretelle).
Fix #1252: more indentation inconsistencies.
Fix #1253: unused variable in edns-subnet/addrtree.c:getbit().
Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
iana portlist update
Based on #1257: check parse limit before t increment in sldns RR
string parse routine.
Fix #1258: Windows 10 X64 unbound 1.6.2 service will not start. and
fix that 64bit getting installed in C:\Program Files (x86).
Fix #1259: "--disable-ecdsa" argument overwritten by "#ifdef
SHA256_DIGEST_LENGTH@daemon/remote.c".
iana portlist update
Added test for leak of stub information.
Fix sldns wire2str printout of RR type CAA tags.
Fix sldns int16_data parse.
Fix sldns parse and printout of TSIG RRs.
sldns SMIMEA and AVC definitions, same as getdns definitions.
Fix tcp-mss failure printout text.
Set SO_REUSEADDR on outgoing tcp connections to fix the bind before
connect limited tcp connections. With the option tcp connections can share
the same source port (for different destinations).
Add 'c' to getopt() in testbound.
Adjust servfail by iterator to not store in cache when serve-expired
is enabled, to avoid overwriting useful information there.
Fix queries for nameservers under a stub leaking to the internet.
document trust-anchor-signaling in example config file.
updated configure, dependencies and flex output.
better module memory lookup, fix of unbound-control shm names for
module memory printout of statistics.
Fix type AVC sldns rrdef.
Some whitespace fixup.
Fix #1265: contrib/unbound.service contains hardcoded path.
Fix #1265 to use /bin/kill.
Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs, and
compatibility with BoringSSL.
Fix #1268: SIGSEGV after log_reopen.
exec_prefix is by default equal to prefix.
printout localzone for duplicate local-zone warnings.
Fix assertion for low buffer size and big edns payload when worker
overrides udpsize.
Support for openssl EVP_DigestVerify.
Fix #1269: inconsistent use of built-in local zones with views.
Add defaults for new local-zone trees added to views using unbound-
control.
Fix #1273: cachedb.c doesn't compile with -Wextra.
If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write.
Also use global local-zones when there is a matching view that does
not have any local-zone specified.
Fix fastopen EPIPE fallthrough to perform connect.
Fix #1274: automatically trim chroot path from dnscrypt key/cert paths
(from Manu Bretelle).
Fix #1275: cached data in cachedb is never used.
Fix that unbound-control can set val_clean_additional and
val_permissive_mode.
Add dnscrypt XChaCha20 tests.
Detect chacha for dnscrypt at configure time.
dnscrypt unit tests with chacha.
Added domain name based ECS whitelist.
Fix #1278: Incomplete wildcard proof.
Fix #1279: Memory leak on reload when python module is enabled.
Fix #1280: Unbound fails assert when response from authoritative
contains malformed qname. When 0x20 caps-for-id is enabled, when
assertions are not enabled the malformed qname is handled correctly.
More fixes in depth for buffer checks in 0x20 qname checks.
Fix stub zone queries leaking to the internet for harden-referral-path
ns checks.
Fix query for refetch_glue of stub leaking to internet.
Fix #1301: memory leak in respip and tests.
Free callback in edns-subnetmod on exit and restart.
Fix memory leak in sldns_buffer_new_frm_data.
Fix memory leak in dnscrypt config read.
Fix dnscrypt chacha cert support ifdefs.
Fix dnscrypt chacha cert unit test escapes in grep.
Fix to unlock view in view test.
Fix warning in pythonmod under clang compiler.
Fix lintian typo.
Fix #1316: heap read buffer overflow in parse_edns_options.
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/9415>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
