Unbound 1.13.0rc4 pre-release

Yuri yvoinov at gmail.com
Mon Nov 30 12:39:58 UTC 2020


Runs ok.

30.11.2020 18:32, Wouter Wijngaards via Unbound-users пишет:
> Hi,
>
> Unbound 1.13.0rc4 pre-release is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0rc4.tar.gz
> sha256 b7cfb0fe0f138970271d9e037913350a0ca03a66ead6e6f77cc0ca02f7245aa3
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0rc4.tar.gz.asc
>
> This RC4 fixes a bug that was reported on the RC3 candidate, an
> assertion failure for upstream TLS and a double callback.
>
> Bug Fixes
> - Fix assertion failure on double callback when iterator loses
>    interest in query at head of line that then has the tcp stream
>    not kept for reuse.
>
> Best regards, Wouter
>
> On 27/11/2020 16:03, Wouter Wijngaards via maintainers wrote:
>> Hi,
>>
>> Unbound 1.13.0rc3 pre-release is available:
>> https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0rc3.tar.gz
>> sha256 7702fc832337a71a1cbd8026e2f2784daff3313c098021e80f479c67affb546f
>> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0rc3.tar.gz.asc
>>
>> This RC3 fixes a bug that was reported on the RC2 candidate, the fix to
>> initialize the rbtree structure for stream reuse.  Also compile warnings
>> are fixed and in depth fixes at cleanup time.
>>
>> Bug Fixes
>> - Fix to omit UDP receive errors from log, if verbosity low.
>>    These happen because of udp-connect.
>> - For #352: contrib/metrics.awk for Prometheus style metrics output.
>> - Fix that after failed read, the readagain cannot activate.
>> - Clear readagain upon decommission of pending tcp structure.
>> - Fix compile warning for type cast in http2_submit_dns_response.
>> - Fix when use free buffer to initialize rbtree for stream reuse.
>> - Fix compile warnings for windows.
>> - Fix compile warnings in rpz initialization.
>> - Fix contrib/metrics.awk for FreeBSD awk compatibility.
>>
>> Best regards, Wouter
>>
>> On 25/11/2020 14:31, Wouter Wijngaards via maintainers wrote:
>>> Hi,
>>>
>>> Unbound 1.13.0rc2 pre-release is available:
>>> https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0rc2.tar.gz
>>> sha256 63a626a301fe11d4aaf5990f0d46c645d7c99262ead76a9066e3515179f71417
>>> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0rc2.tar.gz.asc
>>>
>>> This RC2 fixes bugs that were reported on the RC1 candidate.
>>>
>>> Bug Fixes
>>> - Fix crash when TLS connection is closed prematurely, when
>>>    reuse tree comparison is not properly identical to insertion.
>>> - Fix padding of struct regional for 32bit systems.
>>> - with udp-connect ignore connection refused with UDP timeouts.
>>> - Fix udp-connect on FreeBSD, do send calls on connected UDP socket.
>>> - Better fix for reuse tree comparison for is-tls sockets.  Where
>>>    the tree key identity is preserved after cleanup of the TLS state.
>>> - Fix memory leak for edns client tag opcode config element.
>>> - Attempt fix for libevent state in tcp reuse cases after a packet
>>>    is written.
>>> - Fix readagain and writeagain callback functions for comm point
>>>    cleanup.
>>>
>>> Best regards, Wouter
>>>
>>> On 24/11/2020 15:28, Wouter Wijngaards via maintainers wrote:
>>>> Hi,
>>>>
>>>> Unbound 1.13.0rc1 pre-release is available:
>>>> https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0rc1.tar.gz
>>>> sha256 a55e8b5dfc290867017e7fbb75f1023ee2f6234943f870a5c24694b0908d7c17
>>>> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.13.0rc1.tar.gz.asc
>>>>
>>>>
>>>> This version has fixes to connect for UDP sockets, slowing down
>>>> potential ICMP side channel leakage.  The fix can be controlled with the
>>>> option udp-connect: yes, it is enabled by default.
>>>>
>>>> Additionally CVE-2020-28935 is fixed, this solves a problem where the
>>>> pidfile is altered by a symlink, and fails if a symlink is encountered.
>>>> See https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt for more
>>>> information.
>>>>
>>>> New features are upstream TCP and TLS query reuse, where a channel is
>>>> reused for several queries.  And http-notls-downstream: yesno for
>>>> unencrypted DoH, useful for back end support servers.  The option
>>>> infra-keep-probing can be used to probe hosts that are down more
>>>> frequently.
>>>>
>>>> The options edns-client-string and edns-client-string-opcode can be used
>>>> to add an EDNS option with the specified string in queries towards
>>>> servers, with the servers specified by IP address.  It replaces the
>>>> edns-client-tag option.
>>>>
>>>> Features
>>>> - Pass the comm_reply information to the inplace_cb_reply* functions
>>>>    during the mesh state and update the documentation on that.
>>>> - Fix #330: [Feature request] Add unencrypted DNS over HTTPS support.
>>>>    This adds the option http-notls-downstream: yesno to change that,
>>>>    and the dohclient test code has the -n option.
>>>> - Merge PR #228 : infra-keep-probing option to probe hosts that are
>>>>    down.  Add infra-keep-probing: yes option. Hosts that are down are
>>>>    probed more frequently.
>>>>    With the option turned on, it probes about every 120 seconds,
>>>>    eventually after exponential backoff, and that keeps that way. If
>>>>    traffic keeps up for the domain. It probes with one at a time, eg.
>>>>    one query is allowed to probe, other queries within that 120 second
>>>>    interval are turned away.
>>>> - Merge PR #313 from Ralph Dolmans: Replace edns-client-tag with
>>>>    edns-client-string option.
>>>> - Merge PR #283 : Stream reuse.  This implements upstream stream
>>>>    reuse for performing several queries over the same TCP or TLS
>>>>    channel.
>>>> - Fix to connect() to UDP destinations, default turned on,
>>>>    this lowers vulnerability to ICMP side channels.
>>>>    Option to toggle udp-connect, default is enabled.
>>>>
>>>> Bug Fixes
>>>> - Fix #319: potential memory leak on config failure, in rpz config.
>>>> - Fix dnstap socket and the chroot not applied properly to the dnstap
>>>>    socket path.
>>>> - Fix warning in libnss compile, nss_buf2dsa is not used without DSA.
>>>> - Fix #323: unbound testsuite fails on mock build in systemd-nspawn
>>>>    if systemd support is build.
>>>> - Fix for python reply callback to see mesh state reply_list member,
>>>>    it only removes it briefly for the commpoint call so that it does
>>>>    not drop it and attempt to modify the reply list during reply.
>>>> - Fix that if there are on reply callbacks, those are called per
>>>>    reply and a new message created if that was modified by the call.
>>>> - Free up auth zone parse region after use for lookup of host
>>>> - Merge PR #326 from netblue30: DoH: implement content-length
>>>>    header field.
>>>> - DoH content length, simplify code, remove declaration after
>>>>    statement and fix cast warning.
>>>> - Fix that if there are reply callbacks for the given rcode, those
>>>>    are called per reply and a new message created if that was modified
>>>>    by the call.
>>>> - Fix that the out of order TCP processing does not limit the
>>>>    number of outstanding queries over a connection.
>>>> - Fix python documentation warning on functions.rst inplace_cb_reply.
>>>> - Log ip address when http session recv fails, eg. due to tls fail.
>>>> - Fix to set the tcp handler event toggle flag back to default when
>>>>    the handler structure is reused.
>>>> - Clean the fix for out of order TCP processing limits on number
>>>>    of queries.  It was tested to work.
>>>> - Fix that http settings have colon in set_option, for
>>>>    http-endpoint, http-max-streams, http-query-buffer-size,
>>>>    http-response-buffer-size, and http-nodelay.
>>>> - Fix memory leak of https port string when reading config.
>>>> - local-zone regional allocations outside of chunk
>>>> - Merge PR #324 from James Renken: Add modern X.509v3 extensions to
>>>>    unbound-control TLS certificates.
>>>> - Fix for PR #324 to attach the x509v3 extensions to the client
>>>>    certificate.
>>>> - Fix #327: net/if.h check fails on some darwin versions; contribution by
>>>>    Joshua Root.
>>>> - Fix #320: potential memory corruption due to size miscomputation upton
>>>>    custom region alloc init.
>>>> - Fix #333: Unbound Segmentation Fault w/ log_info Functions From
>>>>    Python Mod.
>>>> - Fix that minimal-responses does not remove addresses from a priming
>>>>    query response.
>>>> - In man page note that tls-cert-bundle is read before permission
>>>>    drop and chroot.
>>>> - Fix #341: fixing a possible memory leak.
>>>> - Fix memory leak after fix for possible memory leak failure.
>>>> - Fix #343: Fail to build --with-libnghttp2 with error: 'SSIZE_MAX'
>>>>    undeclared.
>>>> - Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere
>>>>    with chown of pidfile.
>>>> - Fix #347: IP_DONTFRAG broken on Apple xcode 12.2.
>>>> - Fix #350: with the AF_NETLINK permission, to fix 1.12.0 error:
>>>>    failed to list interfaces: getifaddrs: Address family not
>>>>    supported by protocol.
>>>> - Merge #351 from dvzrv: Add AF_NETLINK to set of allowed socket
>>>>    address families.
>>>> - iana portlist updated.
>>>>
>>>> Best regards, Wouter
>>>>
>>>>
>>>> _______________________________________________
>>>> maintainers mailing list
>>>> maintainers at lists.nlnetlabs.nl
>>>> https://lists.nlnetlabs.nl/mailman/listinfo/maintainers
>>>>
>>>
>>> _______________________________________________
>>> maintainers mailing list
>>> maintainers at lists.nlnetlabs.nl
>>> https://lists.nlnetlabs.nl/mailman/listinfo/maintainers
>>>
>>
>> _______________________________________________
>> maintainers mailing list
>> maintainers at lists.nlnetlabs.nl
>> https://lists.nlnetlabs.nl/mailman/listinfo/maintainers
>>


More information about the Unbound-users mailing list