Unbound 1.9.2rc1 pre-release

Wouter Wijngaards wouter at nlnetlabs.nl
Thu Jun 13 13:02:44 UTC 2019 

Hi,

Unbond 1.9.2rc3 release candidate is available:
https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc3.tar.gz
sha256 2edaf33e30e8324769941abe144717fbc11914889608e2e416ff400118e66dd8
pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc3.tar.gz.asc

This release candidate fixes an additional case for the bugfix made in
release candidate 1.9.2rc2.

Bug Fixes:
- Fix another spoolbuf storage code point, in prefetch.

Best regards, Wouter


On 6/11/19 2:06 PM, Wouter Wijngaards wrote:
> Hi,
> 
> Unbound 1.9.2rc2 release candidate is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc2.tar.gz
> sha256 f74f310e48131b379d60e08213f8c8e87d83ab1bceec347e7d5511c5f3253513
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc2.tar.gz.asc
> 
> This release candidate fixes a crash introduced in a bugfix that is part
> of 1.9.2rc1.  Fixes issue #38, whilst also attempting to fix the
> underlying issue.
> 
> Bug Fixes:
> - Fix that fixes the Fix that spoolbuf is not used to store tcp
>   pipelined response between mesh send and callback end, this fixes
>   error cases that did not use the correct spoolbuf.
> 
> Best regards, Wouter
> 
> On 6/6/19 10:57 AM, Wouter Wijngaards wrote:
>> Hi,
>>
>> Unbound 1.9.2rc1 release candidate is available:
>> https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc1.tar.gz
>> sha256 0138ea465145efb9fd573750166feb10a5bc5892c7dac7758326cfac3b52d486
>> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2rc1.tar.gz.asc
>>
>>
>> This release contains a number of bug fixes for crashes introduced in
>> 1.9, session ticket code, stream pipeline code, auth zone code and it
>> also fixes qname minimisation packet scrub failures.
>>
>> There is a new python module example.  This is an example of a module
>> that is loaded into unbound that changes DNS messages, and how Unbound
>> processes them.  The example resolves records in multicast DNS, with Avahi.
>>
>> AXFR over TLS is supported.  This uses TLS to connect to the master and
>> download the AXFR or IXFR.  Enable by loading certificates (just like
>> for other DNS over TLS), and syntax like master: "ip#authname" in
>> unbound.conf for the auth-zone where you want to use this.
>>
>>
>> Features
>> - add type CAA to libpyunbound (accessing libunbound from python).
>> - Fix #17: Add python module example from Jan Janak, that is a
>>   plugin for the Unbound DNS resolver to resolve DNS records in
>>   multicast DNS [RFC 6762] via Avahi.  The plugin communicates
>>   with Avahi via DBus. The comment section at the beginning of
>>   the file contains detailed documentation.
>> - travis build file.
>> - PR #16: XoT support, AXFR over TLS, turn it on with
>>   master: <ip>#<authname> in unbound.conf.  This uses TLS to
>>   download the AXFR (or IXFR).
>>
>> Bug Fixes
>> - Fix for #4233: guard use of NDEBUG, so that it can be passed in
>>   CFLAGS into configure.
>> - Add log message, at verbosity 4, that says the query is encrypted
>>   with TLS, if that is enabled for the query.
>> - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
>> - Fix #4240: Fix whitespace cleanup in example.conf.
>> - Fix that tls-session-ticket-keys: "" on its own in unbound.conf
>>   disables the tls session ticker key calls into the OpenSSL API.
>> - Fix crash if tls-servic-pem not filled in when necessary.
>> - Fix auth-zone NSEC3 response for empty nonterminals with exact
>>   match nsec3 records.
>> - Fix for out of bounds integers, thanks to OSTIF audit.  It is in
>>   allocation debug code.
>> - Fix for auth zone nsec3 ent fix for wildcard nodata.
>> - Move goto label in answer_from_cache to the end of the function
>>   where it is more visible.
>> - Fix auth-zone NSEC3 response for wildcard nodata answers,
>>   include the closest encloser in the answer.
>> - Fix spelling error in log output for event method.
>> - Fix to reinit event structure for accepted TCP (and TLS) sockets.
>> - Fix to use event_assign with libevent for thread-safety.
>> - verbose information about auth zone lookup process, also lookup
>>   start, timeout and fail.
>> - Fix to wipe ssl ticket keys from memory with explicit_bzero,
>>   if available.
>> - Fix that auth zone uses correct network type for sockets for
>>   SOA serial probes.  This fixes that probes fail because earlier
>>   probe addresses are unreachable.
>> - Fix that auth zone fails over to next master for timeout in tcp.
>> - Squelch SSL read and write connection reset by peer and broken pipe
>>   messages.  Verbosity 2 and higher enables them.
>> - Update python documentation for init_standard().
>> - Typos.
>> - Fix tls write event for read state change to re-call SSL_write and
>>   not resume the TLS handshake.
>> - Better braces in if statement in TCP fastopen code.
>> - iana portlist updated.
>> - Scrub RRs from answer section when reusing NXDOMAIN message for
>>   subdomain answers.
>> - For harden-below-nxdomain: do not consider a name to be non-exitent
>>   when message contains a CNAME record.
>> - Fix wrong query name in local zone redirect answers with a CNAME,
>>   the copy of the local alias is in unpacked form.
>> - contrib/fastrpz.patch updated for code changes, and with git diff.
>> - Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64.
>> - Fix #30: AddressSanitizer finding in lookup3.c.  This sets the
>>   hash function to use a slower but better auditable code that does
>>   not read beyond array boundaries.  This makes code better security
>>   checkable, and is better for security.  It is fixed to be slower,
>>   but not read outside of the array.
>> - Fix edns-subnet locks, in error cases the lock was not unlocked.
>> - Fix doxygen output error on readme markdown vignettes.
>> - Squelch log messages from tcp send about connection reset by peer.
>>   They can be enabled with verbosity at higher values for diagnosing
>>   network connectivity issues.
>> - Attempt to fix malformed tcp response.
>> - Fix #31: swig 4.0 and python module.
>> - Note that so-reuseport at extreme load is better turned off,
>>   otherwise queries are not distributed evenly, on Linux 4.4.x.
>> - Fix that spoolbuf is not used to store tcp pipelined response
>>   between mesh send and callback end.
>> - Fix double file close in tcp pipelined response code.
>> - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
>> - Fix to guard _OPENBSD_SOURCE from redefinition.
>>
>>
>> Best regards, Wouter
>>
>>
>> _______________________________________________
>> maintainers mailing list
>> maintainers at nlnetlabs.nl
>> https://nlnetlabs.nl/mailman/listinfo/maintainers
>>
> 
> 
> 
> 
> _______________________________________________
> maintainers mailing list
> maintainers at nlnetlabs.nl
> https://nlnetlabs.nl/mailman/listinfo/maintainers
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190613/ef704f30/attachment.bin>

More information about the Unbound-users mailing list