-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
Unbound 1.5.5rc1 maintainers prelease candidate 1 is available: http://www.unbound.net/downloads/unbound-1.5.5rc1.tar.gz sha1 5b00efea35abb168d7788d6970edf221ddcc975d sha256 d03f293305ca5c5e354db6fb1389870322b1fa2ec02e3c146c6a14c2ba53c525 pgp http://www.unbound.net/downloads/unbound-1.5.5rc1.tar.gz.asc This release contains new H root server IPs for the upcoming change in December 2015. There are fixes for the 5011 tracking, and a feature that makes it easier to test. Algorithm rollover is made easier by the new default for harden-algo-downgrade that is more lenient. Features - - Change default of harden-algo-downgrade to off. This is lenient for algorithm rollover. - - Added permit-small-holddown config to debug fast 5011 rollover. - - Allow certificate chain files to allow for intermediate certificates. (thanks Daniel Kahn Gillmor) - - Enable ECDHE for servers. Where available, use SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations to enable ECDHE. Otherwise, manually offer curve p256. Client connections should automatically use ECDHE when available. (thanks Daniel Kahn Gillmor) - - [bugzilla: 699] Feature --enable-pie option to that builds PIE binary. - - [bugzilla: 700] Feature --enable-relro-now option that enables full read-only relocation. - - [bugzilla: 702] New IPs for for h.root-servers.net. Bug Fixes - - [bugzilla: 681] Fix setting forwarders with unbound-control forward implicitly turns on forward-first. - - [bugzilla: 690] Fix that reload fails when so-reuseport is yes after changing num-threads. - - please afl-gcc (llvm) for uninitialised variable warning. - - Fix mktime in unbound-anchor not using UTC. - - Fix 5011 anchor update timer after reload. - - 5011 implementation does not insist on all algorithms, when harden- algo-downgrade is turned off. - - Document in the manual more text about configuring locally served zones. - - Document that local-zone nodefault matches exactly and transparent can be used to release a subzone. - - [bugzilla: 694] Fix that configure script does not detect LibreSSL 2.2.2 - - Fix deadlock for local data add and zone add when unbound-control list_local_data printout is interrupted. - - [bugzilla: 697] Fix get PY_MAJOR_VERSION failure at configure for python 2.4 to 2.6. - - changed windows setup compression to be more transparent. - - Fix config globbed include chroot treatment, this fixes reload of globs (patch from Dag-Erling Smørgrav). - - [bugzilla: 705] Fix ub_ctx_set_fwd() return value mishandled on windows. - - Fix minor error in unbound.conf.5.in. - - Fix unbound.conf(5) access-control description for precedence and default. - - Fix unbound-control flush that does not succeed in removing data. - - MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution failures. - - iana portlist update. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWCU3YAAoJEJ9vHC1+BF+N2hkQAJnhe+86cYkImRNKZkEzkzFE JLK5pX6+bbYPQQ5vVIYkSM9XM615Lj0aDQ5SpxQKMXW5y/6Gy3g7kEuZfuuFtYdH jt7/QLx8N7K+s209JSprbaVIRFCn/7D7ub9S8eyGqKnc9DBr/1tvhDzC3PbHZldb GQR1KAx5xzxbNf1gzIo+QA9S7hpeBH0riD+K74THy2hWtVmvAKZ0b1AgRjCppiT3 a6kb1Hfn62z6QWbGIMrudxhgUS2DcpZA2UzffS9kMSFJiV1sGx95LE785nrI8Jpl 05tT1ZoTB7aZpmyAQNNk6gFrPyi/jbJqwgUnrcV2A0uxUU8ZPtK4txICMKqs2SkM dsZFICOMbFoHc9HNzOQg6pg1Y8Ko/zgg3cKYsqp31jDx7awQWyFKdGHUfAqOuvu5 kg1YMLmdEr7KDMMNZxRX0LWC89Pkg8Gx6QwJanshtcfvqrP3u9aLoVqR24DxOK+t zv3qc17pQIc+fxyEEAzWvzx+/SNun7J5OmZiaMn34LjiJzkSa3L8RMUsl8mIjEpp YpTwazUZEw5szFyYzo11ZDvxDNxbZzfE5t5vbjm1paDkmd8v9d1Ot6UXRX3Xhj4E uUqJl5/HwqHax4yUCAL0zl1rS+Z0HQYn6R5t6GblVucPk5OaT7E/zyHvsWBlVsUg PRhP1fjHsXMjGrn35PkK =aZju -----END PGP SIGNATURE-----
