Unbound 1.9.3rc2 pre-release

Wouter Wijngaards wouter at nlnetlabs.nl
Thu Aug 22 13:38:27 UTC 2019 

Hi,

Unbound 1.9.3rc2 maintainers' prerelease is available:
https://nlnetlabs.nl/downloads/unbound/unbound-1.9.3rc2.tar.gz
sha256 8167e260bf935b6eddc089b65a09cf3c22727f340f1b766011ddacbb2f21ba54
pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.9.3rc2.tar.gz.asc

And update to 1.9.3 rc1 with fixes for it in this rc2 candidate.

Bug Fixes
- Option -V prints if TCP fastopen is available.
- Fix unittest valgrind false positive uninitialised value report,
  where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0
  issues an uninitialised value for the token buffer at the str2wire.c
  rrinternal_get_owner() strcmp with the '@' value.  Rewritten to use
  straight character comparisons removes the false positive.  Also
  valgrinds --expensive-definedness-checks=yes can stop this false
  positive.
- Please doxygen's parser for "@" occurrence in doxygen comment.
- Fixup contrib/fastrpz.patch
- Remove warning about unknown cast-function-type warning pragma.
- Document limitation of pidfile removal outside of chroot directory.
- Fix log_dns_msg to log irrespective of minimal responses config.
- Fix that pkg-config is setup before --enable-systemd needs it.

Best regards, Wouter

On 8/15/19 4:25 PM, Wouter Wijngaards wrote:
> Hi,
> 
> Unbound 1.9.3rc1 maintainers' prerelease is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.9.3rc1.tar.gz
> sha256 d8511328ae6643c9d38cd1b3aa6b25b639ac1e67885f919c5d7e1b8b02fdb24e
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.9.3rc1.tar.gz.asc
> 
> This release has a number of bug fixes.  Added is the ipset module, that
> helps add ip-addresses that are looked up in a domain to a firewall
> ip-address filter.  Also, the python module has restart next, per-query
> data and multiple instance support.  The unbound -V option has been
> added and it prints the build config.
> 
> 
> Features:
> - PR #28: IPSet module, by Kevin Chou.  Created a module to support
>   the ipset that could add the domain's ip to a list easily.
>   Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md.
> - Merge PR #6: Python module: support multiple instances
> - Merge PR #5: Python module: define constant MODULE_RESTART_NEXT
> - Merge PR #4: Python module: assign something useful to the
>   per-query data store 'qdata'
> - Introduce `-V` option to print the version number and build options.
>   Previously reported build options like linked libs and linked modules
>   are now moved from `-h` to `-V` as well for consistency.
> - PACKAGE_BUGREPORT now also includes link to GitHub issues.
> 
> Bug Fixes:
> - Fix #39: In libunbound, leftover logfile is close()d unpredictably.
> - Fix for #24: Fix abort due to scan of auth zone masters using old
>   address from previous scan.
> - Fix to omit RRSIGs from addition to the ipset.
> - Fix to make unbound-control with ipset, remove unused variable,
>   use unsigned type because of comparison, and assign null instead
>   of compare with it.  Remade lex and yacc output.
> - make depend
> - Added documentation to the ipset files (for doxygen output).
> - Fix python dict reference and double free in config.
> - Fix memleak in unit test, reported from the clang 8.0 static analyzer.
> - For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf
>   when do-not-query-localhost is turned on, or at default on,
>   unbound-checkconf prints a warning if it is found in forward-addr or
>   stub-addr statements.
> - Fix for possible assertion failure when answering respip CNAME from
>   cache.
> - Fix in respip addrtree selection. Absence of addr_tree_init_parents()
>   call made it impossible to go up the tree when the matching netmask is
>   too specific.
> - Fix #48: Unbound returns additional records on NODATA response,
>   if minimal-responses is enabled, also the additional for negative
>   responses is removed.
> - Fix #49: Set no renegotiation on the SSL context to stop client
>   session renegotiation.
> - Fix question section mismatch in local zone redirect.
> - Add verbose log message when auth zone file is written, at level 4.
> - Add hex print of trust anchor pointer to trust anchor file temp
>   name to make it unique, for libunbound created multiple contexts.
> - For #52 #53, second context does not close logfile override.
> - Fix #52 #53, fix for example fail program.
> - Fix to return after failed auth zone http chunk write.
> - Fix to remove unused test for task_probe existance.
> - Fix to timeval_add for remaining second in microseconds.
> - Check repinfo in worker_handle_request, if null, drop it.
> - Generate configlexer with newer flex.
> - Fix warning for unused variable for compilation without systemd.
> - Fix #59, when compiled with systemd support check that we can properly
>   communicate with systemd through the `NOTIFY_SOCKET`.
> - iana portlist updated.
> - Fix autotrust temp file uniqueness windows compile.
> - avoid warning about upcast on 32bit systems for autotrust.
> - escape commandline contents for -V.
> - Fix character buffer size in ub_ctx_hosts.
> 
> 
> Best regards, Wouter
> 
> 
> _______________________________________________
> maintainers mailing list
> maintainers at nlnetlabs.nl
> https://nlnetlabs.nl/mailman/listinfo/maintainers
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190822/8bbf6b1e/attachment.bin>

More information about the Unbound-users mailing list