Opened 8 years ago

Closed 8 years ago

#7001 closed enhancement (fixed)


Reported by: Fernando de Oliveira Owned by: Igor Živković
Priority: normal Milestone: 7.9
Component: BOOK Version: SVN
Severity: normal Keywords:

Description (last modified by Fernando de Oliveira)


Unbound 1.5.6


   • Default for ssl-port is port 853, the temporary port assignment for
     secure domain name system traffic. If you used to rely on the older
     default of port 443, you have to put a clause in unbound.conf for
     that. The new value is likely going to be the standardised port
     number for this traffic.
   • ANY responses include DNAME records if present, as per Evan Hunt's
     remark in dnsop.

Bug Fixes

   • Fix segfault in the dns64 module in the formaterror error path.
   • Fix manpage to suggest using SIGTERM to terminate the server.
   • iana portlist update.


Unbound 1.5.5

   • Change default of harden-algo-downgrade to off. This is lenient for
     algorithm rollover.
   • Added permit-small-holddown config to debug fast 5011 rollover.
   • Allow certificate chain files to allow for intermediate
     certificates. (thanks Daniel Kahn Gillmor)
   • Enable ECDHE for servers. Where available, use
     SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations to
     enable ECDHE. Otherwise, manually offer curve p256. Client
     connections should automatically use ECDHE when available. (thanks
     Daniel Kahn Gillmor)
   • [bugzilla: 699 ]
     Feature --enable-pie option to that builds PIE binary.
   • [bugzilla: 700 ]
     Feature --enable-relro-now option that enables full read-only
   • [bugzilla: 702 ]
     New IPs for for

Bug Fixes

   • [bugzilla: 681 ]
     Fix setting forwarders with unbound-control forward implicitly
     turns on forward-first.
   • [bugzilla: 690 ]
     Fix that reload fails when so-reuseport is yes after changing
   • please afl-gcc (llvm) for uninitialised variable warning.
   • Fix mktime in unbound-anchor not using UTC.
   • Fix 5011 anchor update timer after reload.
   • 5011 implementation does not insist on all algorithms, when
     harden-algo-downgrade is turned off.
   • Document in the manual more text about configuring locally served
   • Document that local-zone nodefault matches exactly and transparent
     can be used to release a subzone.
   • [bugzilla: 694 ]
     Fix that configure script does not detect LibreSSL 2.2.2
   • Fix deadlock for local data add and zone add when unbound-control
     list_local_data printout is interrupted.
   • [bugzilla: 697 ]
     Fix get PY_MAJOR_VERSION failure at configure for python 2.4 to
   • changed windows setup compression to be more transparent.
   • Fix config globbed include chroot treatment, this fixes reload of
     globs (patch from Dag-Erling Smørgrav).
   • [bugzilla: 705 ]
     Fix ub_ctx_set_fwd() return value mishandled on windows.
   • Fix minor error in
   • Fix unbound.conf(5) access-control description for precedence and
   • Fix unbound-control flush that does not succeed in removing data.
   • MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution
   • iana portlist update.

Change History (4)

comment:1 by Fernando de Oliveira, 8 years ago

Description: modified (diff)
Summary: unbound-1.5.5unbound-1.5.6

comment:2 by Fernando de Oliveira, 8 years ago

New point version 1.5.6.

comment:3 by Igor Živković, 8 years ago

Owner: changed from blfs-book@… to Igor Živković
Status: newassigned

comment:4 by Igor Živković, 8 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r16591.

Note: See TracTickets for help on using tickets.