Maintained by: NLnet Labs

[Unbound-users] unbound release 1.4.4

W.C.A. Wijngaards
Thu Apr 22 10:55:08 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Unbound version 1.4.4 is released.  There are no changes to 1.4.4rc1.

http://www.unbound.net/downloads/unbound-1.4.4.tar.gz
SHA1 2cb4c34ece87e43c9acc8da85d2ea1c8ea1ffe66
SHA256 0ed08d9a60670730f906a571cbd0ed8b5b78deca9417161b5df8296d77ad7f5f

This release contains mainly bugfixes.

The ECC-GOST support is still disabled by default and uses the algorithm
number as allocated by IANA.  As the RFC goes out we plan to make it
optional.  The dependency for GOST on openssl 1.0.0 makes it hard across
distributions to make this feature mandatory.


Features
    * Experimental ECC-GOST algorithm support, needs openssl-1.0.0 and
currently needs ldns from svn trunk. Uses ECC-GOST algorithm number 12
(assigned by IANA). As the RFC is written, we intend to make it
optional, because a dependency on openssl-1.0.0 is hard across
distributions right now.
    * unbound-host disables use-syslog from config file so that the
config file for the main server can be used more easily.
    * Include less in config.h and include per code file for ldns, ssl.

Bug Fixes
    * [bugzilla: 305 ]
      pkt_dname_tolower could read beyond end of buffer or get into an
endless loop, if 0x20 was enabled, and buffers are small or particular
broken packets are received.
    * Fix chain of trust with CNAME at an intermediate step, for the DS
processing proof.
    * Fix validation of queries with wildcard names (*.example).
    * Fix EDNS probe for .de DNSSEC testbed failure, where the infra
cache timeout coincided with a server update, the current EDNS backoff
is less sensitive, and does not cache the backoff unless the backoff
actually works and the domain is not expecting DNSSEC.
    * unbound control flushed items are not counted when flushed again.
    * iana portlist updated.
    * [bugzilla: 301 ]
      unbound-checkconf could not parse interface '0.0.0.0 at 5353', even
though unbound itself worked fine.
    * Fixed random numbers for port, interface and server selection.
Removed very small bias.
    * Refer to the listing in unbound-control man page in the extended
statistics entry in the unbound.conf man page.
    * Fix interface-automatic for OpenBSD: msg.controllen was too small,
also assertions on ancillary data buffer.
    * check for IP_SENDSRCADDR for interface-automatic or IP_PKTINFO.
    * for NSEC3 check if signatures are cached.
    * Reordered configure checks so fork and -lnsl -lsocket checks are
earlier, and thus later checks benefit from and do not hinder them.
    * ldns tarball updated.
    * Fix python use when multithreaded.
    * Fix solaris python compile.
    * spelling fix in validation error involving cnames.


Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvQDusACgkQkDLqNwOhpPiEQACgtdoXd3gc3WRmd5eHI5xl3Nn2
iZIAoLUw3vR6XSgU5LZAIFNFVJbu4PJs
=2rcy
-----END PGP SIGNATURE-----