Hi, Unbond 1.9.2rc3 release candidate is available: https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc3.tar.gz sha256 2edaf33e30e8324769941abe144717fbc11914889608e2e416ff400118e66dd8 pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc3.tar.gz.asc
This release candidate fixes an additional case for the bugfix made in release candidate 1.9.2rc2. Bug Fixes: - Fix another spoolbuf storage code point, in prefetch. Best regards, Wouter On 6/11/19 2:06 PM, Wouter Wijngaards wrote: > Hi, > > Unbound 1.9.2rc2 release candidate is available: > https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc2.tar.gz > sha256 f74f310e48131b379d60e08213f8c8e87d83ab1bceec347e7d5511c5f3253513 > pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc2.tar.gz.asc > > This release candidate fixes a crash introduced in a bugfix that is part > of 1.9.2rc1. Fixes issue #38, whilst also attempting to fix the > underlying issue. > > Bug Fixes: > - Fix that fixes the Fix that spoolbuf is not used to store tcp > pipelined response between mesh send and callback end, this fixes > error cases that did not use the correct spoolbuf. > > Best regards, Wouter > > On 6/6/19 10:57 AM, Wouter Wijngaards wrote: >> Hi, >> >> Unbound 1.9.2rc1 release candidate is available: >> https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc1.tar.gz >> sha256 0138ea465145efb9fd573750166feb10a5bc5892c7dac7758326cfac3b52d486 >> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc1.tar.gz.asc >> >> >> This release contains a number of bug fixes for crashes introduced in >> 1.9, session ticket code, stream pipeline code, auth zone code and it >> also fixes qname minimisation packet scrub failures. >> >> There is a new python module example. This is an example of a module >> that is loaded into unbound that changes DNS messages, and how Unbound >> processes them. The example resolves records in multicast DNS, with Avahi. >> >> AXFR over TLS is supported. This uses TLS to connect to the master and >> download the AXFR or IXFR. Enable by loading certificates (just like >> for other DNS over TLS), and syntax like master: "ip#authname" in >> unbound.conf for the auth-zone where you want to use this. >> >> >> Features >> - add type CAA to libpyunbound (accessing libunbound from python). >> - Fix #17: Add python module example from Jan Janak, that is a >> plugin for the Unbound DNS resolver to resolve DNS records in >> multicast DNS [RFC 6762] via Avahi. The plugin communicates >> with Avahi via DBus. The comment section at the beginning of >> the file contains detailed documentation. >> - travis build file. >> - PR #16: XoT support, AXFR over TLS, turn it on with >> master: <ip>#<authname> in unbound.conf. This uses TLS to >> download the AXFR (or IXFR). >> >> Bug Fixes >> - Fix for #4233: guard use of NDEBUG, so that it can be passed in >> CFLAGS into configure. >> - Add log message, at verbosity 4, that says the query is encrypted >> with TLS, if that is enabled for the query. >> - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482. >> - Fix #4240: Fix whitespace cleanup in example.conf. >> - Fix that tls-session-ticket-keys: "" on its own in unbound.conf >> disables the tls session ticker key calls into the OpenSSL API. >> - Fix crash if tls-servic-pem not filled in when necessary. >> - Fix auth-zone NSEC3 response for empty nonterminals with exact >> match nsec3 records. >> - Fix for out of bounds integers, thanks to OSTIF audit. It is in >> allocation debug code. >> - Fix for auth zone nsec3 ent fix for wildcard nodata. >> - Move goto label in answer_from_cache to the end of the function >> where it is more visible. >> - Fix auth-zone NSEC3 response for wildcard nodata answers, >> include the closest encloser in the answer. >> - Fix spelling error in log output for event method. >> - Fix to reinit event structure for accepted TCP (and TLS) sockets. >> - Fix to use event_assign with libevent for thread-safety. >> - verbose information about auth zone lookup process, also lookup >> start, timeout and fail. >> - Fix to wipe ssl ticket keys from memory with explicit_bzero, >> if available. >> - Fix that auth zone uses correct network type for sockets for >> SOA serial probes. This fixes that probes fail because earlier >> probe addresses are unreachable. >> - Fix that auth zone fails over to next master for timeout in tcp. >> - Squelch SSL read and write connection reset by peer and broken pipe >> messages. Verbosity 2 and higher enables them. >> - Update python documentation for init_standard(). >> - Typos. >> - Fix tls write event for read state change to re-call SSL_write and >> not resume the TLS handshake. >> - Better braces in if statement in TCP fastopen code. >> - iana portlist updated. >> - Scrub RRs from answer section when reusing NXDOMAIN message for >> subdomain answers. >> - For harden-below-nxdomain: do not consider a name to be non-exitent >> when message contains a CNAME record. >> - Fix wrong query name in local zone redirect answers with a CNAME, >> the copy of the local alias is in unpacked form. >> - contrib/fastrpz.patch updated for code changes, and with git diff. >> - Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64. >> - Fix #30: AddressSanitizer finding in lookup3.c. This sets the >> hash function to use a slower but better auditable code that does >> not read beyond array boundaries. This makes code better security >> checkable, and is better for security. It is fixed to be slower, >> but not read outside of the array. >> - Fix edns-subnet locks, in error cases the lock was not unlocked. >> - Fix doxygen output error on readme markdown vignettes. >> - Squelch log messages from tcp send about connection reset by peer. >> They can be enabled with verbosity at higher values for diagnosing >> network connectivity issues. >> - Attempt to fix malformed tcp response. >> - Fix #31: swig 4.0 and python module. >> - Note that so-reuseport at extreme load is better turned off, >> otherwise queries are not distributed evenly, on Linux 4.4.x. >> - Fix that spoolbuf is not used to store tcp pipelined response >> between mesh send and callback end. >> - Fix double file close in tcp pipelined response code. >> - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD. >> - Fix to guard _OPENBSD_SOURCE from redefinition. >> >> >> Best regards, Wouter >> >> >> _______________________________________________ >> maintainers mailing list >> [email protected] >> https://nlnetlabs.nl/mailman/listinfo/maintainers >> > > > > > _______________________________________________ > maintainers mailing list > [email protected] > https://nlnetlabs.nl/mailman/listinfo/maintainers >
signature.asc
Description: OpenPGP digital signature
