Maintained by: NLnet Labs

[NLnet Labs Maintainers] Unbound 1.6.4rc2 pre-release

W.C.A. Wijngaards
Thu Jun 22 14:34:44 CEST 2017


Hi,

Unbound 1.6.4rc2 release candidate 2 is available:
https://unbound.net/downloads/unbound-1.6.4rc2.tar.gz
sha256 c9839f7292af75eda5b72d53ef2ea241dadc4bdba0369f9d91f8162cba7946ca
pgp https://unbound.net/downloads/unbound-1.6.4rc2.tar.gz.asc

This release candidate fixes a recently found heap overflow, and adds a
contrib patch for fastrpz.

Best regards, Wouter


On 20/06/17 10:58, W.C.A. Wijngaards wrote:
> Hi,
> 
> Unbound 1.6.4rc1 release candidate 1 is available:
> https://unbound.net/downloads/unbound-1.6.4rc1.tar.gz
> sha256 54dd9bc2bedc8f171dcad69cb1a64c5b5590ae04284c2eed3515993d86a46dc1
> pgp https://unbound.net/downloads/unbound-1.6.4rc1.tar.gz.asc
> 
> 
> This release contains key tag signaling RFC8145 support.  B root is
> renumbered in the default root hints.  The dnscrypt code supports the
> chacha cipher.  The Unbound DNSSEC validator supports the ED25519
> algorithm.  The redirect-bogus patch in contrib can send validation
> failure users to a landing page.
> 
> 
> Features:
> - Implemented trust anchor signaling using key tag query.
> - unbound-checkconf -o allows query of dnstap config variables.
>   Also unbound-control get_option.  Also for dnscrypt.
> - unbound.h exports the shm stats structures.  They use
>   type long long and no ifdefs, and ub_ before the typenames.
> - Implemented opportunistic IPsec support module (ipsecmod).
> - Added redirect-bogus.patch to contrib directory.
> - Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
> - renumbering B-Root's IPv6 address to 2001:500:200::b.
> - Fix #1276: [dnscrypt] add XChaCha20-Poly1305 cipher.
> - Fix #1277: disable domain ratelimit by setting value to 0.
> 
> Bug Fixes:
> - Added ECS unit test (from Manu Bretelle).
> - ECS documentation fix (from Manu Bretelle).
> - Fix #1252: more indentation inconsistencies.
> - Fix #1253: unused variable in edns-subnet/addrtree.c:getbit().
> - Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle).
> - iana portlist update
> - Based on #1257: check parse limit before t increment in sldns RR
>   string parse routine.
> - Fix #1258: Windows 10 X64 unbound 1.6.2 service will not start.
>   and fix that 64bit getting installed in C:\Program Files (x86).
> - Fix #1259: "--disable-ecdsa" argument overwritten
>   by "#ifdef SHA256_DIGEST_LENGTH at daemon/remote.c".
> - iana portlist update
> - Added test for leak of stub information.
> - Fix sldns wire2str printout of RR type CAA tags.
> - Fix sldns int16_data parse.
> - Fix sldns parse and printout of TSIG RRs.
> - sldns SMIMEA and AVC definitions, same as getdns definitions.
> - Fix tcp-mss failure printout text.
> - Set SO_REUSEADDR on outgoing tcp connections to fix the bind before
>   connect limited tcp connections.  With the option tcp connections
>   can share the same source port (for different destinations).
> - Add 'c' to getopt() in testbound.
> - Adjust servfail by iterator to not store in cache when serve-expired
>   is enabled, to avoid overwriting useful information there.
> - Fix queries for nameservers under a stub leaking to the internet.
> - document trust-anchor-signaling in example config file.
> - updated configure, dependencies and flex output.
> - better module memory lookup, fix of unbound-control shm names for
>   module memory printout of statistics.
> - Fix type AVC sldns rrdef.
> - Some whitespace fixup.
> - Fix #1265: contrib/unbound.service contains hardcoded path.
> - Fix #1265 to use /bin/kill.
> - Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs,
>   and compatibility with BoringSSL.
> - Fix #1268: SIGSEGV after log_reopen.
> - exec_prefix is by default equal to prefix.
> - printout localzone for duplicate local-zone warnings.
> - Fix assertion for low buffer size and big edns payload when worker
>   overrides udpsize.
> - Support for openssl EVP_DigestVerify.
> - Fix #1269: inconsistent use of built-in local zones with views.
> - Add defaults for new local-zone trees added to views using
>   unbound-control.
> - Fix #1273: cachedb.c doesn't compile with -Wextra.
> - If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write.
> - Also use global local-zones when there is a matching view that does
>   not have any local-zone specified.
> - Fix fastopen EPIPE fallthrough to perform connect.
> - Fix #1274: automatically trim chroot path from dnscrypt key/cert paths
>   (from Manu Bretelle).
> - Fix #1275: cached data in cachedb is never used.
> - Fix that unbound-control can set val_clean_additional and
> val_permissive_mode.
> - Add dnscrypt XChaCha20 tests.
> - Detect chacha for dnscrypt at configure time.
> - dnscrypt unit tests with chacha.
> - Added domain name based ECS whitelist.
> - Fix #1278: Incomplete wildcard proof.
> - Fix #1279: Memory leak on reload when python module is enabled.
> - Fix #1280: Unbound fails assert when response from authoritative
>   contains malformed qname.  When 0x20 caps-for-id is enabled, when
>   assertions are not enabled the malformed qname is handled correctly.
> - More fixes in depth for buffer checks in 0x20 qname checks.
> - Fix stub zone queries leaking to the internet for
>   harden-referral-path ns checks.
> - Fix query for refetch_glue of stub leaking to internet.
> - Fix #1301: memory leak in respip and tests.
> - Free callback in edns-subnetmod on exit and restart.
> - Fix memory leak in sldns_buffer_new_frm_data.
> - Fix memory leak in dnscrypt config read.
> - Fix dnscrypt chacha cert support ifdefs.
> - Fix dnscrypt chacha cert unit test escapes in grep.
> - Fix to unlock view in view test.
> - Fix warning in pythonmod under clang compiler.
> 
> 
> Best regards, Wouter
> 
> 
> 
> _______________________________________________
> maintainers mailing list
> maintainers at nlnetlabs.nl
> https://nlnetlabs.nl/mailman/listinfo/maintainers
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20170622/ed628a9f/attachment.sig>