Unbound 1.8.1rc1 pre-release

Amanda Constant amanda.constant at secure64.com
Mon Oct 1 17:38:19 UTC 2018


I am out of the office October 1st & 2nd and will respond to your message as quickly as possible once I return.

Amanda

On Oct 1, 2018, at 11:27 AM, Amanda Constant via Unbound-users <unbound-users at nlnetlabs.nl> wrote:

> I am out of the office October 1st & 2nd and will respond to your message as quickly as possible once I return.
> 
> Amanda
> 
> On Oct 1, 2018, at 6:30 AM, Wouter Wijngaards via Unbound-users <unbound-users at nlnetlabs.nl> wrote:
> 
> Hi,
> 
> Unbound 1.8.1rc1 pre-release is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.8.1rc1.tar.gz
> sha256 e1f285320f6f826ffe50dea8ad405bebaa84d13bdfefc91add1676c272029a46
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.8.1rc1.tar.gz.asc
> 
> This release of Unbound contains a number of bug fixes.  A memory leak
> in the TLS lookup code is fixed.  Leaked requests in the requestlist are
> fixed.  Lookup failure due to qname minimisation and a lack of IPv6 with
> connectivity issues is fixed.
> 
> TLS upstream servers are signalled with SNI with the name that is
> configured.  This allows hosting servers by name on the destination.
> 
> Also Unbound is fixed from calling disallowed routines, by using EVP
> code, for FIPS OpenSSL.
> 
> 
> Features:
> - Perform TLS SNI indication of the host that is being contacted
> for DNS over TLS service.  It sets the configured tls auth name.
> This is useful for hosts that apart from the DNS over TLS services
> also provide other (web) services.
> 
> Bug Fixes:
> - More explicitly mention the type of ratelimit when applying
> ip-ratelimit.
> - Fix spelling error in header, from getdns commit by Andreas Gelmini.
> - iana port update.
> - Fixed unused return value warnings in contrib/fastrpz.patch for
> asprintf.
> - Fix to squelch respip warning in unit test, it is printed at
> higher verbosity settings.
> - Fix spelling errors.
> - Fix initialisation in remote.c
> - Fix seed for random backup code to use explicit zero when wiped.
> - exit log routine is annotated as noreturn function.
> - free memory leaks in config strlist and str2list insert functions.
> - do not move unused argv variable after getopt.
> - Remove unused if clause in testcode.
> - in testcode, free async ids, initialise array, and check for null
> pointer during test of the test.  And use exit for return to note
> irregular program stop.
> - Free memory leak in config strlist append.
> - make sure nsec3 comparison salt is initialized.
> - unit test has clang analysis.
> - remove unused variable assignment from iterator scrub routine.
> - check for null in delegation point during iterator refetch
> in forward zone.
> - neater pointer cast in libunbound context quit routine.
> - initialize statistics totals for printout.
> - in authzone check that node exists before adding rrset.
> - in unbound-anchor, use readwrite memory BIO.
> - assertion in autotrust that packed rrset is formed correctly.
> - Fix memory leak when message parse fails partway through copy.
> - remove unused udpsize assignment in message encode.
> - nicer bio free code in unbound-anchor.
> - annotate exit functions with noreturn in unbound-control.
> - Fix compile on Mac for unbound, provide explicit_bzero when libc
> does not have it.
> - Fix unbound for openssl in FIPS mode, it uses the digests with
> the EVP call contexts.
> - Fix that with harden-below-nxdomain and qname minisation enabled
> some iterator states for nonresponsive domains can get into a
> state where they waited for an empty list.
> - Stop UDP to TCP failover after timeouts that causes the ping count
> to be reset by the TCP time measurement (that exists for TLS),
> because that causes the UDP part to not be measured as timeout.
> - Fix #4156: Fix systemd service manager state change notification.
> - Fix #4149: Add SSL cleanup for tcp timeout.
> - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, fixes
> qname minimisation with a forwarder when connectivity has issues
> from rejecting responses.
> 
> Best regards, Wouter
> 
> 
> 
> 
> 
> ______________________________________________________________________
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> ______________________________________________________________________ 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 4280 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20181001/e2ceb6a8/attachment.bin>


More information about the Unbound-users mailing list