Maintained by: NLnet Labs

[Unbound-users] unbound 1.4.18rc1 maintainers prerelease

W.C.A. Wijngaards
Thu Jul 26 11:47:51 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Unbound 1.4.18rc1 is available for download:
http://unbound.net/downloads/unbound-1.4.18rc1.tar.gz
sha1 e1d765195beddb5489029e7ad09d032ffd8563fd
sha256 110c19aa28b54b510b2b00941089e8d32fbb0e2320f1c657bdf3347d1d6f63d3

http://unbound.net/downloads/unbound_setup_1.4.18rc1.exe

This release has bugfixes, notably two assertion failures.

There is a build feature to build with libnss, but only to compile
libunbound not the unbound daemon (because of its remote control
functions) at this time.  You have to link with libldns compiled
- --without-ssl, otherwise ldns links with openssl.

There is some support for FIPS-compliant mode, where it will
understand that some algorithms are not available, those DNSSEC
results are then marked 'insecure' (and not 'bogus').


Features
    implement log-time-ascii on windows.
    --with-libunbound-only build option, only builds the library and
not the daemon and other tools.
    --with-nss build option (for now, --with-libunbound-only), uses
libNSS for crypto operations.
    disable RSAMD5 if in FIPS mode (for openssl and for libnss).
    Add flush_bogus option for unbound-control.

Bug Fixes
    Fix libunbound report of errors when in background mode.
    [bugzilla: 454 ]
    Fix for ACX_CHECK_COMPILER_FLAG from configure.ac, if CFLAGS is
specified at configure time then '-g -O2' is not appended to CFLAGS,
so that the user can override them.
    FIPS_mode openssl does not use arc4random but RAND_pseudo_bytes.
    fix missing break for GOST DS hash function.
    implemented forward_first for the root.
    code review: return value of cache_store can be ignored for better
performance in out of memory conditions.
    patch for unbound_munin_ script to handle arbitrary thread count
by Sven Ulland.
    Fix validation of qtype DS queries that result in no data for
non-optout NSEC3 zones.
    fix edns-buffer-size and msg-buffer-size manpage documentation.
    fix error handling of alloc failure during rrsig verification.
    The key-cache bad key ttl is now 60 seconds.
    [bugzilla: 452 ]
    fix crash on assert in mesh_state_attachment. Fixes DS NS search
to not generate duplicate sub queries.
    silence warning from swig-generated code (md set but not used in
swig initmodule, due to ifdefs in swig-generated code).
    Fix debian-bugs-658021: Please enable hardened build flags.
    update iana ports list

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQERJHAAoJEJ9vHC1+BF+NC4wP/0HCYQIUyI2Qr2WPetw/hsf5
7sFrC1aGr05slCq+ohpKJSVWOvOOf0gIu+6I/ilxRL0qDAJa63KVqxFf4Yb7RnQF
/Jcb11WqURJb/a0E8qqBFh+ftFCp7Bd/prFl8ahpg3vjb0omZTv7hWoUCEUnIqAt
kGDF+6CqLb37ajiqYYZ5qTUplOWg7jDrffQYo5AVjzOEhUY0c/DjZoAkjJP/pZeK
qClumgzzZ1KPFSv7XUM1P7TtJ0kZXhelzLaoCQ6fRI9ZrVGiH0EexwpV4Y3yQZTW
OHTpdTDLeSiJTAZxxs1KWSjQgG13anQvXS+SmZgNCPhr0RdHwUV97CYysZ0Dp3AD
oUsCcYmZro/57icf8TLuNSUnc5z0ilmdoePej5j7knLmID9BNfREhjLqfCEISWfQ
1oxmRoBstOJTYGCuIGia5EnZKvg5qdJg3jAXQ2nolUOkQQPEUTkyoosyaIqB49tL
l7uo9ESs4/Ha+8kP3Wo4pi+KzrrqrJH/G5zmGM1doz42TfhdJf1ydE5j9kPpuB14
0FPUnVgiMFOCtdeCFRHEjPxdFuOICHKgDEB0RaDUpqL8hubtdOUW7wns4oIo0Olr
V8NsMpFdEZwFjL6cMh2yD0brcZUTd4DKYJpGoCklv57PsFZICpcQiG9p8sJJ7GCW
crJ6t1+wIoZM9/EE9/SO
=7gXv
-----END PGP SIGNATURE-----