Maintained by: NLnet Labs

[Unbound-users] Unbound release 1.4.12

W.C.A. Wijngaards
Thu Jul 14 11:01:44 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

unbound 1.4.12 is here, with two moderate serious bugfixes.
http://www.unbound.net/downloads/unbound-1.4.12.tar.gz
sha1: c46c05d1fa2402a59c10f51864fd4c62d10a472f
sha256: d7f0ee340b8a62e3fe02e505fdf6f2e4742ae7eaf8fd1da200fb38c4947e2d66

It has the ldns tarball removed from the unbound tarball.  If you used
- --with-ldns-builtin, you have to change your buildscripts, and use a
proper dependency on ldns.  (with --with-ldns=path you can use ldns
installed in a different location if necessary, e.g. due to different
libcrypto used, for home-users: --with-ldns=compile-dir-of-ldns works
too pointed at the build-dir of ldns).

The ID leak found by Jinmei Tatuya can leak the id bits of a previous
query in specially-crafted acl-REFUSED queries.  The previous portnumber
or queryname is not leaked.

The replyaddr count bug was reported by Robert Fleischman, it can cause
unbound to stop responding to non-cached queries, but only after
dropping and jostling thousands of queries.

Bug Fixes
    * removed ldns-src tarball inside the unbound tarball.
    * [bugzilla: 395 ]
      fix that id bits of other query may leak out under conditions
    * fix replyaddr count wrong after jostled queries, which leads to
eventual starvation where the daemon has no replyaddrs left to use.
    * fix that the listening socket is not closed when too many remote
control connections are made at the same time.
    * version number in example config file.
    * fix that --enable-static-exe does not complain about it unknown.
    * iana portlist updated

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOHrB3AAoJEJ9vHC1+BF+Nq9sP/3ZPS5VkJX2X6mGYyKoM1qAN
7H+1N97+LpakW/TN2QwHfHgX06aen9dW4P7UQMN//ug2iRr5xoYQ/eMH/vzrxGnU
tHsGk3ZLjudT3y0hT9MxVdOYTASIX3dB6TYXFyYF30gXSS7FgJOFKICWtot8PWwP
W6S8FQr6IPqajfxz/+OtEV8U72oeJ3sdjiiEhWn4pBHYvM28AwKFC6iLg+gwMXz8
HHzkS5gUn9lwHs8+fPT5S/e0ucMatNaU5FP5rhT12QRWPTLKc/TVqGcewOT81DhP
gBlRcKXiNslR+pbPy+wy05bCPeo3SpBOITThqS/jblgdRpmhh8hLBSpF6UrgdndN
l1wokz9TzI1WE4X3sxEy5Wh0nFJrLjOxX4jmOry6kV2hTyeKeZYxnb2r/i6YjrW+
xNU055dOPt7hrsOkWHstRWXQEjw72O3xnaTrIW8ASAisPS6CbNUTNc4G0YFVhCzp
rLDzWf4u9C5sMfr6VXiUKVhvRwai0D71j1y/J9kh3g0bsDLR86iw1Olf46B2G3/C
V/GTx2JDrPArptcMbqeg3iE71ThtJu2vou6qzjNByID6QlVy30hi2TMPCmtC7YKN
yKPDnEYA4/q+w65wJ5Eiiw7k7wFSToxB0hfLeJQhNRsoy33gREJu3hQZq2gDI5wx
hryFpKtWfQN56BEbjkq2
=sLik
-----END PGP SIGNATURE-----