Hi, Unbound 1.8.1rc1 pre-release is available: https://nlnetlabs.nl/downloads/unbound/unbound-1.8.1rc1.tar.gz sha256 e1f285320f6f826ffe50dea8ad405bebaa84d13bdfefc91add1676c272029a46 pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.8.1rc1.tar.gz.asc
This release of Unbound contains a number of bug fixes. A memory leak in the TLS lookup code is fixed. Leaked requests in the requestlist are fixed. Lookup failure due to qname minimisation and a lack of IPv6 with connectivity issues is fixed. TLS upstream servers are signalled with SNI with the name that is configured. This allows hosting servers by name on the destination. Also Unbound is fixed from calling disallowed routines, by using EVP code, for FIPS OpenSSL. Features: - Perform TLS SNI indication of the host that is being contacted for DNS over TLS service. It sets the configured tls auth name. This is useful for hosts that apart from the DNS over TLS services also provide other (web) services. Bug Fixes: - More explicitly mention the type of ratelimit when applying ip-ratelimit. - Fix spelling error in header, from getdns commit by Andreas Gelmini. - iana port update. - Fixed unused return value warnings in contrib/fastrpz.patch for asprintf. - Fix to squelch respip warning in unit test, it is printed at higher verbosity settings. - Fix spelling errors. - Fix initialisation in remote.c - Fix seed for random backup code to use explicit zero when wiped. - exit log routine is annotated as noreturn function. - free memory leaks in config strlist and str2list insert functions. - do not move unused argv variable after getopt. - Remove unused if clause in testcode. - in testcode, free async ids, initialise array, and check for null pointer during test of the test. And use exit for return to note irregular program stop. - Free memory leak in config strlist append. - make sure nsec3 comparison salt is initialized. - unit test has clang analysis. - remove unused variable assignment from iterator scrub routine. - check for null in delegation point during iterator refetch in forward zone. - neater pointer cast in libunbound context quit routine. - initialize statistics totals for printout. - in authzone check that node exists before adding rrset. - in unbound-anchor, use readwrite memory BIO. - assertion in autotrust that packed rrset is formed correctly. - Fix memory leak when message parse fails partway through copy. - remove unused udpsize assignment in message encode. - nicer bio free code in unbound-anchor. - annotate exit functions with noreturn in unbound-control. - Fix compile on Mac for unbound, provide explicit_bzero when libc does not have it. - Fix unbound for openssl in FIPS mode, it uses the digests with the EVP call contexts. - Fix that with harden-below-nxdomain and qname minisation enabled some iterator states for nonresponsive domains can get into a state where they waited for an empty list. - Stop UDP to TCP failover after timeouts that causes the ping count to be reset by the TCP time measurement (that exists for TLS), because that causes the UDP part to not be measured as timeout. - Fix #4156: Fix systemd service manager state change notification. - Fix #4149: Add SSL cleanup for tcp timeout. - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, fixes qname minimisation with a forwarder when connectivity has issues from rejecting responses. Best regards, Wouter
signature.asc
Description: OpenPGP digital signature
