Unbound 1.8.1rc1 pre-release
yvoinov at gmail.com
Tue Oct 2 07:54:20 UTC 2018
It eats significantly less RAM (comparing with 1.8.0) and runs smoothly.
01.10.2018 18:30, Wouter Wijngaards via Unbound-users пишет:
> Unbound 1.8.1rc1 pre-release is available:
> sha256 e1f285320f6f826ffe50dea8ad405bebaa84d13bdfefc91add1676c272029a46
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.8.1rc1.tar.gz.asc
> This release of Unbound contains a number of bug fixes. A memory leak
> in the TLS lookup code is fixed. Leaked requests in the requestlist are
> fixed. Lookup failure due to qname minimisation and a lack of IPv6 with
> connectivity issues is fixed.
> TLS upstream servers are signalled with SNI with the name that is
> configured. This allows hosting servers by name on the destination.
> Also Unbound is fixed from calling disallowed routines, by using EVP
> code, for FIPS OpenSSL.
> - Perform TLS SNI indication of the host that is being contacted
> for DNS over TLS service. It sets the configured tls auth name.
> This is useful for hosts that apart from the DNS over TLS services
> also provide other (web) services.
> Bug Fixes:
> - More explicitly mention the type of ratelimit when applying
> - Fix spelling error in header, from getdns commit by Andreas Gelmini.
> - iana port update.
> - Fixed unused return value warnings in contrib/fastrpz.patch for
> - Fix to squelch respip warning in unit test, it is printed at
> higher verbosity settings.
> - Fix spelling errors.
> - Fix initialisation in remote.c
> - Fix seed for random backup code to use explicit zero when wiped.
> - exit log routine is annotated as noreturn function.
> - free memory leaks in config strlist and str2list insert functions.
> - do not move unused argv variable after getopt.
> - Remove unused if clause in testcode.
> - in testcode, free async ids, initialise array, and check for null
> pointer during test of the test. And use exit for return to note
> irregular program stop.
> - Free memory leak in config strlist append.
> - make sure nsec3 comparison salt is initialized.
> - unit test has clang analysis.
> - remove unused variable assignment from iterator scrub routine.
> - check for null in delegation point during iterator refetch
> in forward zone.
> - neater pointer cast in libunbound context quit routine.
> - initialize statistics totals for printout.
> - in authzone check that node exists before adding rrset.
> - in unbound-anchor, use readwrite memory BIO.
> - assertion in autotrust that packed rrset is formed correctly.
> - Fix memory leak when message parse fails partway through copy.
> - remove unused udpsize assignment in message encode.
> - nicer bio free code in unbound-anchor.
> - annotate exit functions with noreturn in unbound-control.
> - Fix compile on Mac for unbound, provide explicit_bzero when libc
> does not have it.
> - Fix unbound for openssl in FIPS mode, it uses the digests with
> the EVP call contexts.
> - Fix that with harden-below-nxdomain and qname minisation enabled
> some iterator states for nonresponsive domains can get into a
> state where they waited for an empty list.
> - Stop UDP to TCP failover after timeouts that causes the ping count
> to be reset by the TCP time measurement (that exists for TLS),
> because that causes the UDP part to not be measured as timeout.
> - Fix #4156: Fix systemd service manager state change notification.
> - Fix #4149: Add SSL cleanup for tcp timeout.
> - Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, fixes
> qname minimisation with a forwarder when connectivity has issues
> from rejecting responses.
> Best regards, Wouter
"C++ seems like a language suitable for firing other people's legs."
* C++20 : Bug to the future *
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 659 bytes
Desc: OpenPGP digital signature
More information about the Unbound-users