Opened 4 years ago

Closed 4 years ago

#9415 closed enhancement (fixed)

unbound-1.6.4

Reported by: Pierre Labastie Owned by: Pierre Labastie
Priority: normal Milestone: 8.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Features

    Implemented trust anchor signaling using key tag query.
    unbound-checkconf -o allows query of dnstap config variables. Also unbound-control get_option. Also for dnscrypt.
    unbound.h exports the shm stats structures. They use type long long and no ifdefs, and ub_ before the typenames.
    Implemented opportunistic IPsec support module (ipsecmod).
    Added redirect-bogus.patch to contrib directory.
    Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
    renumbering B-Root's IPv6 address to 2001:500:200::b.
    Fix #1276: [dnscrypt] add XChaCha20-Poly1305 cipher.
    Fix #1277: disable domain ratelimit by setting value to 0.
    Added fastrpz patch to contrib

Bug Fixes

    Added ECS unit test (from Manu Bretelle).
    ECS documentation fix (from Manu Bretelle).
    Fix #1252: more indentation inconsistencies.
    Fix #1253: unused variable in edns-subnet/addrtree.c:getbit().
    Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
    iana portlist update
    Based on #1257: check parse limit before t increment in sldns RR string parse routine.
    Fix #1258: Windows 10 X64 unbound 1.6.2 service will not start. and fix that 64bit getting installed in C:\Program Files (x86).
    Fix #1259: "--disable-ecdsa" argument overwritten by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c".
    iana portlist update
    Added test for leak of stub information.
    Fix sldns wire2str printout of RR type CAA tags.
    Fix sldns int16_data parse.
    Fix sldns parse and printout of TSIG RRs.
    sldns SMIMEA and AVC definitions, same as getdns definitions.
    Fix tcp-mss failure printout text.
    Set SO_REUSEADDR on outgoing tcp connections to fix the bind before connect limited tcp connections. With the option tcp connections can share the same source port (for different destinations).
    Add 'c' to getopt() in testbound.
    Adjust servfail by iterator to not store in cache when serve-expired is enabled, to avoid overwriting useful information there.
    Fix queries for nameservers under a stub leaking to the internet.
    document trust-anchor-signaling in example config file.
    updated configure, dependencies and flex output.
    better module memory lookup, fix of unbound-control shm names for module memory printout of statistics.
    Fix type AVC sldns rrdef.
    Some whitespace fixup.
    Fix #1265: contrib/unbound.service contains hardcoded path.
    Fix #1265 to use /bin/kill.
    Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs, and compatibility with BoringSSL.
    Fix #1268: SIGSEGV after log_reopen.
    exec_prefix is by default equal to prefix.
    printout localzone for duplicate local-zone warnings.
    Fix assertion for low buffer size and big edns payload when worker overrides udpsize.
    Support for openssl EVP_DigestVerify.
    Fix #1269: inconsistent use of built-in local zones with views.
    Add defaults for new local-zone trees added to views using unbound-control.
    Fix #1273: cachedb.c doesn't compile with -Wextra.
    If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write.
    Also use global local-zones when there is a matching view that does not have any local-zone specified.
    Fix fastopen EPIPE fallthrough to perform connect.
    Fix #1274: automatically trim chroot path from dnscrypt key/cert paths (from Manu Bretelle).
    Fix #1275: cached data in cachedb is never used.
    Fix that unbound-control can set val_clean_additional and val_permissive_mode.
    Add dnscrypt XChaCha20 tests.
    Detect chacha for dnscrypt at configure time.
    dnscrypt unit tests with chacha.
    Added domain name based ECS whitelist.
    Fix #1278: Incomplete wildcard proof.
    Fix #1279: Memory leak on reload when python module is enabled.
    Fix #1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly.
    More fixes in depth for buffer checks in 0x20 qname checks.
    Fix stub zone queries leaking to the internet for harden-referral-path ns checks.
    Fix query for refetch_glue of stub leaking to internet.
    Fix #1301: memory leak in respip and tests.
    Free callback in edns-subnetmod on exit and restart.
    Fix memory leak in sldns_buffer_new_frm_data.
    Fix memory leak in dnscrypt config read.
    Fix dnscrypt chacha cert support ifdefs.
    Fix dnscrypt chacha cert unit test escapes in grep.
    Fix to unlock view in view test.
    Fix warning in pythonmod under clang compiler.
    Fix lintian typo.
    Fix #1316: heap read buffer overflow in parse_edns_options.

Change History (2)

comment:1 by Pierre Labastie, 4 years ago

Owner: changed from blfs-book@… to Pierre Labastie
Status: newassigned

comment:2 by Pierre Labastie, 4 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r18883

Note: See TracTickets for help on using tickets.