Log message:
Unbound 1.4.16

Features:

* applied patch to support outgoing-interface with ub_ctx_set_option.

Bug Fixes:

* Fix validation failures (like: validation failure xx: no NSEC3 closest
  encloser from yy for DS zz. while building chain of trust, because of
  a bug in the TTL-fix in 1.4.15, it picked the wrong rdata for an NSEC3.
  Now it does not change rdata, and fixes TTL.
* Fix version-number in libtool to be version-info so it produces
  libunbound.so.2 like it should.
* Fixes for port to OpenIndiana OS with gcc 4.6.
* Fix to write key files completely to a temporary file, and if that
  succeeds, replace the real key file. So failures leave a useful file.

Unbound 1.4.15

Bug Fixes:

* Fix for memory leak (about 20 bytes when a tcp or udp send operation
  towards authority servers failed, takes about 50.000 such failures to
  leak one Mb, such failures are also usually logged).
* Fix to randomize hash function, based on 28c3 congress.
* [bugzilla: 425 ] unbound reports wrong TTL in reply, it reports a TTL
  that would be permissible by the RFCs but it is not the TTL in the cache.
* [bugzilla: 429 ] add ub_version() call to libunbound. API version increase,
  with (binary) backwards compatibility for the previous version.
* Fix bug where canonical_compare of RRSIG did not downcase the signer-name.
  This is mostly harmless because RRSIGs do not have to be sorted in
  canonical order, usually.
* uninitialised variable in reprobe for rtt blocked domains fixed.
* iana portlist updated.

Log message:
Unbound 1.4.14:

Features:

* Makefile changed for BSD make compatibility.
* dns over ssl support as a client, ssl-upstream yes turns it on.
  It performs an SSL transaction for every DNS query.
* dns over ssl support as a server, ssl-service-pem and ssl-service-key files
  can be given and then TCP queries are serviced wrapped in SSL.
* lame-ttl and lame-size options no longer exist, it is integrated with the
  host info. They are ignored (with verbose warning) if encountered
  to keep the config file backwards compatible.
* TCP-upstream calculates tcp-ping so server selection works if there are
  alternatives.
* Unbound probes at EDNS1480 if there an EDNS0 timeout.

Bug Fixes:

* Fix for VU#209659 CVE-2011-4528: Unbound denial of service vulnerabilities
  from nonstandard redirection and denial of existence
  http://www.unbound.net/downloads/CVE-2011-4528.txt
* Fix for tcp-upstream and ssl-upstream for if a laptop sleeps,
  causes SERVFAILs. Also fixed for UDP (but less likely).
* Fix quartile time estimate, it was too low.
* Fix double free in unbound-host.
* fix -flto detection on Lion for llvm-gcc.
* [bugzilla: 416 ] Infra cache stores information about ping and lameness
  per IP, zone.
* [bugzilla: 415 ] Fix resolve of partners.extranet.microsoft.com with a fix
  for the server selection for choosing out of a (particular) list of bad
  choices.
* Fix make_new_space function so that the incoming query is not overwritten
  if a jostled out query causes a waiting query to be resumed that then fails
  and sends an error message.
* fix unbound-anchor for broken strptime on OSX lion, detected in configure.
* Detect if GOST really works, openssl1.0 on OSX fails.
* Implement ipv6%interface notation for scope_id usage.
* better documentation for inform_super.
* Fix for out-of-memory condition in libunbound.
* Fix --enable-allsymbols, it depended on link specifics of the target platform, \ 
or fptr_wlist assertion failures could occur.
* updated contrib/unbound_munin_ to family=auto so that it works with
  munin-node-configure automatically.
* Fix classification of NS set in answer section, where there is a
  parent-child server, and the answer has the AA flag for dir.slb.com.
* [bugzilla: 408 ] accept patch from Steve Snyder that comments out unused
  functions in lookup3.c.
* fix various compiler warnings.
* max sent count. EDNS1480 only for rtt < 5000. No promiscuous fetch if
  sentcount > 3, stop query if sentcount > 16. Count is reset when referral
  or CNAME happens. This makes unbound better at managing large NS sets,
  they are explored when there is continued interest (in the form of queries).
* remove uninit warning from cachedump code.
* Fix parse error on negative SOA RRSIGs if badly ordered in the packet.
* fix infra cache comparison.
* Fix to constrain signer_name to be a parent of the lookupname.
* robust checks for next-closer NSEC3s.
* iana portlist updated.

(Ok'ed by wiz@)

Log message:
Unbound 1.4.13:

Features:

* Note that Unbound implements RFC6303 (since version 1.4.7).
tcp-upstream yes/no option (works with set_option) for tunnels.
* The format of answers to the qtype ANY with a CNAME have changed, so that \ 
there can be proper validated DNSSEC answers for them. This is for queries with \ 
qtype ANY where the domain name has a CNAME. Now an answer is returned, where \ 
before it resulted in SERVFAIL due to validation failure. When DNSSEC validation \ 
is disabled, the contents of the response have changed: the CNAME is not \ 
followed, and the correct contents of the RRsets at the initial name are \ 
included (where previously only partial contents of the initial names could have \ 
been included but the CNAME was followed). The qtype ANY is a query for debug \ 
where the resolver is to fill in relevant data that happens to be at hand from \ 
the cache.

Bug Fixes:

* Fix validation of qtype ANY responses with CNAMEs. Unbound responds with the \ 
RR types that are available at the name for qtype ANY and validates those RR \ 
types. It does not test for completeness (i.e. with NSEC or NSEC3 query), and it \ 
does not follow the CNAME or DNAME to another name (with even more data for the \ 
already large response)
* Documented the options that work with control set_option command.
* Fix that internally, CNAMEs with NXDOMAIN have that as rcode.
* Fix validation of . DS query.
* Fix wildcard expansion no-data reply under an optout NSEC3 zone is validated \ 
as insecure.
* Fix python site-packages path to /usr/lib64.
* fix memory and fd leak after out-of-memory condition.
* contrib. patch fixes load of python modules.
* contrib. patch that fixes a memory leak in the unbound python module, in \ 
string conversions.
* Fix num-threads 0 does not segfault.
* Fix autoconf 2.68 warnings
* iana portlist updated

Log message:
1.4.12:

Bug Fixes:

* removed ldns-src tarball inside the unbound tarball.
* [bugzilla: 395 ]
  fix that id bits of other query may leak out under conditions
* fix replyaddr count wrong after jostled queries, which leads to eventual \ 
starvation where the daemon has no replyaddrs left to use.
* fix that the listening socket is not closed when too many remote control \ 
connections are made at the same time.
* version number in example config file.
* fix that --enable-static-exe does not complain about it unknown.
* iana portlist updated

1.4.11:

Features:

* log-queries: yesno option, default is no, prints querylog.
* ignore-cd-flag: yesno to provide dnssec to legacy servers.
* Use -flto compiler flag for link time optimization, if supported.
* unbound-control has version number in the header, and uses port number \ 
registered with IANA, 8953.

Bug Fixes:

* Fix Makefile for U in environment, since wrong U is more common than \ 
deansification necessity.
* defense in depth against the assertion failure bug fixed in 1.4.10, an error \ 
is printed to log instead of an assertion failure.
* [bugzilla: 386 ]
  --enable-allsymbols option links all binaries to libunbound and reduces \ 
install size significantly.
* Fix TTL of SOA so negative TTL is separately cached from normal TTL.
* configure created with newer autoconf 2.66.
* [bugzilla: 378 ]
  Fix that configure checks for ldns_get_random presence.
* queries with CD flag set cause DNSSEC validation, but the answer is not \ 
withheld if it is bogus. Thus, unbound will retry if it is bad and curb the TTL \ 
if it is bad, thus protecting the cache for use by downstream validators.
* val-override-date: -1 ignores dates entirely, for NTP usage.
* harden-below-nxdomain: changed so that it activates when the cached nxdomain \ 
is dnssec secure. This avoids backwards incompatibility because those old \ 
servers do not have dnssec.
* statistics-interval prints the number of jostled queries to log.
* IPv6 service address for d.root-servers.net (2001:500:2D::D).
* updated ldns tarball to 1.6.10rc2 snapshot
* iana portlist updated.

Log message:
1.4.10:

Bug Fixes:

* Fix assertion failure when unbound generates an empty error reply in response \ 
to a query, CVE-2011-1922 VU#531342.

Log message:
1.4.9:

Bug Fixes:

* Added explicit note on unbound-anchor usage: Please note usage of
  unbound-anchor root anchor is at your own risk and under the terms of our
  LICENSE (see that file in the source).
* Fix remove private address does not throw away entire response. [bugzilla: 361 ]
* Fix, time.elapsed variable not reset with stats_noreset.
* Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout.
* give config parse error for multiple names on a stub or forward zone.
* updated ldns tarball to 1.6.9(snapshot).
* iana portlist updated.

Log message:
unbound 1.48:

Features:
* harden-below-nxdomain config option, default off (because very old software
  may be incompatible). We could enable it by default in the future.
  From draft-vixie-dnsext-resimprove-00.
* typetransparent localzone: does not block other RR types.
* so-sndbuf option for very busy servers, a bit like so-rcvbuf.

Bug Fixes:
* Fix so a changed NS RRset does not get moved name stuck on old server,
  for type NS the TTL is not increased.
* Fix prefetch so it does not get stuck on old server for moved names.
* Fix insecure CNAME sequence marked as secure, reported by Bert Hubert.
* faster lruhash get_mem routine.
* [bugzilla: 346 ] remove ITAR scripts from contrib,
  the service is discontinued, use the root.
* Fix in infra cache that could cause rto larger than TOP_TIMEOUT kept.
* algorithm compromise protection using the algorithms signalled in the DS
  record. Also, trust anchors, DLV, and RFC5011 receive this, and thus,
  if you have multiple algorithms in your trust-anchor-file then it will now
  behave different than before. Also, 5011 rollover for algorithms needs to be
  double-signature until the old algorithm is revoked.
* squelch 'tcp connect: bla' in logfile, (set verbosity 2 to see them)
* fix validation in this case: CNAME to nodata for co-hosted opt-in
  NSEC3 insecure delegation, was bogus, fixed to be insecure.
* Fix our 'BDS' license (typo reported by Xavier Belanger).
* [bugzilla: 338 ] print address when socket creation fails.
* Fix storage of EDNS failures in the infra cache.
* silence 'tcp connect: broken pipe' and 'net down' at low verbosity.
* unbound-anchor compiles with openssl 0.9.7.
* Be lenient and accept imgw.pl malformed packet (like BIND).
* the included ldns tarball is updated (to 1.6.8)
* iana portlist updated.

unbound 1.47:

Features:
* unbound-anchor app, unbound requires libexpat (xml parser library).
  It creates or updates a root.key file. Use it before you start the validator
  (e.g. at system boot time).
* dump_infra and flush_infra commands for unbound-control.

Bug Fixes:
* GOST code enabled by default (RFC 5933).
* Configure detects libev-4.00.
* do not synthesize a CNAME message from cache for qtype DS.
* Use central entropy to seed threads.
* Change the rtt used to probe EDNS-timeout hosts to 1000 msec.
* Fix validation failure for parent and child on same server with an insecure
  childzone and a CNAME from parent to child.
* Change of timeout code. No more lost and backoff in blockage. At 12sec timeout
  (and at least 2x lost before) one probe per IP is allowed only. At 120sec,
  the IP is blocked. After 15min, a 120sec entry has a single retry packet.
* no timeout backoff if meanwhile a query succeeded.
* Configure errors if ldns is not found.
* Windows 7 fix for the installer.
* Fix bug where fallback_tcp causes wrong roundtrip and edns observation to be
  noted in cache. Fix bug where EDNSprobe halted exponential backoff if EDNS
  status unknown.
* interface automatic works for some people with ip6 disabled. Therefore the
  error check is removed, so they can use the option.
* Fix TCP so it uses a random outgoing-interface.
* Fix bug when DLV below a trust-anchor that uses NSEC3 optout where the zone
  has a secure delegation hosted on the same server did not verify as secure
  (it was insecure by mistake).
* Fix alloc_reg_release for longer uptime in out of memory conditions.
* [bugzilla: 329 ] in example.conf show correct ipv4 link-local 169.254/16.
* compliance with draft-ietf-dnsop-default-local-zones-14,
  removed reverse ipv6 orchid prefix from builtin list.
* Algorithm rollover operational reality intrudes, for trust-anchor and
  5011-store, if one key matches it's good enough.
* Fix reported validation error in out of memory condition.
* Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout.
* increased mesh-max-activation from 1000 to 3000 for crazy domains like
  _tcp.slb.com with 262 servers.
* [bugzilla: 327 ] Fix for cannot access stub zones until the root is primed.
* openbsd-lint fixes
* [bugzilla: 321 ] Fix resolution of rs.ripe.net artifacts with 0x20.
  Delegpt structures checked for duplicates always.
  No more nameserver lookups generated when depth is full anyway.
* [bugzilla: 322 ] Fix, configure does not respect CFLAGS on Solaris.
  Pass CFLAGS="-xO4 -xtarget=generic" on the configure command line if use
  sun-cc, but some systems need different flags.
* Fix acx_nlnetlabs.m4 configure output for autoconf-2.66 AS_TR_CPP changes,
  uses m4_bpatsubst now.
* make test (or make check) should be more portable and run the unit test and
  testbound scripts. (make longtest has special requirements).
* More pleasant remote control command parsing.
* Fix name of rrset printed that failed validation.
* Return NXDOMAIN after chain of CNAMEs ends at name-not-found.
* Fix validation in case a trust anchor enters into a zone with
  unsupported algorithms.
* iana portlist updated.
* updated ldns tarball.

Log message:
Honor PKG_SYSCONFDIR.

Log message:
unbound 1.4.6:

Features:
* Builtin root hints contain AAAA for I.ROOT-SERVERS.NET.
* unbound.h has extern "C" statement for easier include in c++.
* added feature to print configure date, target and options with -h.
* added feature to print event backend system details with -h.
* (ports and works on Minix 3.1.7). On Minix, add /usr/gnu/bin to PATH,
  use ./configure AR=/usr/gnu/bin/gar and gmake.
* GOST enabled if SSL is recent and ldns has GOST enabled too.

Bug Fixes:
* Fix TCPreply on systems with no writev, if just 1 byte could be sent.
* Fix to use one pointer less for iterator query state store_parent_NS.
* Max referral count from 30 to 130, because 128 one character domains is valid DNS.
* added documentation for the histogram printout to syslog.
* Fix assertion failure reported by Kai Storbeck from XS4ALL, the assertion was \ 
wrong.
* updated ldns tarball.
* iana portlist updated.
* Unbound reports libev or libevent correctly in logs in verbose mode.
* Fix handling of corner case reply from lame server, follows rfc2308.
* Fix jostle list bug found by Vince (luoce at cnnic), it caused the qps in
  overload situations to be about 5 qps for the class of shortly serviced
  queries.
* Fix the max number of reply-address count to be applied for duplicate queries,
  and not for new query list entries.
* Fix RFC4035 compliance with 2.2 statement that the DNSKEY at apex must be
  signed with all algorithms from the DS rrset at the parent.
* Fix validation of qtype DNSKEY when a key-cache entry exists but no rr-cache
  entry is used (it expired or prefetch), it then goes back up to the DS or
  trust-anchor to validate the DNSKEY.
* log if a server is skipped because it is on the donotquery list, at verbosity
  4, to enable diagnosis why no queries to 127.0.0.1.
* failure to chown the pidfile is not fatal any more.
* Neat function prototypes, unshadowed local declarations.
* Fix integer underflow in prefetch ttl creation from cache.
  This fixes a potential negative prefetch ttl.
* Changed the defaults for num-queries-per-thread/outgoing-range.

Log message:
unbound-1.4.5:

Features:
* unbound-control get_option domain-insecure shows config file items.
* Autotrust anchor file can be initialized with a ZSK key as well
  (if the domain's DNSKEY set is signed with that ZSK).
* Conforms to draft-ietf-dnsop-default-local-zones-13. Added default
  reverse lookup blocks for IPv4 test nets 100.51.198.in-addr.arpa,
  113.0.203.in-addr.arpa and Orchid prefix 0.1.1.0.0.2.ip6.arpa.
* Contribution from Migiel de Vos (Surfnet): nagios patch for unbound-host,
  in contrib/ (in the source tarball). Makes unbound-host suitable for
  monitoring dnssec(-chain) status.
* GOST disabled-by-default, the algorithm number is allocated but the RFC
  is still has to pass AUTH48 at the IETF.

Bug Fixes:
* Fix validation failure for qtype ANY caused by a RRSIG parse failure.
  The validator error message was 'no signatures from ...'.
* Squelch log message: sendto failed permission denied for 255.255.255.255,
  it is visible in VERB_DETAIL (verbosity 2).
* Fix fetch from blacklisted dnssec lame servers as last resort.
  The server's IP address is then given in validator errors as well.
* Fix local-zone type redirect that did not use the query name for the
  answer rrset.
* Compile fix using Sun Studio 12 compiler on Solaris 5.9, use CPPFLAGS
  during configure process.
* Fix if libev is installed on the base system (not libevent),
  detect it from the event.h header file and link with -lev.
* Fix configlexer.lex gets config.h, and configyyrename.h added by make,
  no more double include.
* More strict scrubber (Thanks to George Barwood for the idea):
  NS set must be pertinent to the query.
* [bugzilla: 307 ] In 0x20 backoff fix fallback so the number of outstanding
  queries does not become -1 and block the request. Fixed handling of
  recursion-lame in combination with 0x20 fallback. Fix so RRsets are
  compared canonicalized and sorted if the immediate comparison fails,
  this makes the 0x20 option work around round-robin sites.
* Fix retry sequence if prime hints are recursion-lame.
* Fix so harden-referral-path does not result in failures due to max-depth.
  You can increase the max-depth by adding numbers (' 0') after the
  target-fetch-policy, this increases the depth to which is checked.
* Fix detection of GOST support in ldns (reported by Chris Smith).
* Fix for dnssec lameness detection to use the key cache.
* infra cache entries that are expired are wiped clean.
  Previously it was possible to not expire host data (if accessed often).
* Fix dnssec-missing detection that was turned off by server selection.
* [bugzilla: 308 ] Fix spelling error in variable name in parser and lexer.
* Fix various compiler warnings from the clang llvm compiler.
* Fix comments in iter_utils:dp_is_useless.
* EDNS timeout code will not fire if EDNS status already known.
* EDNS failure not stored if EDNS status known to work.
* Parent-child disagreement approach altered. Older fixes are removed in
  place of a more exhaustive search for misconfigured data available via
  the parent of a delegation. This is designed to be throttled by cache
  entries, with TTL from the parent if possible. Additionally the
  loop-counter is used. It also tests for NS RRset differences between
  parent and child. The fetch of misconfigured data should be more
  reliable and thorough. It should work reliably even with no or only
  partial data in cache. Data received from the child (as always) is
  deemed more authoritative than information received from the delegation
  parent. The search for misconfigured data is not performed normally.
* Fix AD flag handling, it could in some cases mistakenly copy the AD flag
  from upstream servers.
* Ignore Z flag in incoming messages too.
* alloc_special_obtain out of memory is not a fatal error any more,
  enabling unbound to continue longer in out of memory conditions.
* Parentside names are dispreferred but not said to be dnssec-lame.
* Fix parentside and querytargets modulestate, for dump_requestlist.
* unbound-control-setup makes keys -rw-r--- so not all users permitted.
* libtoolize 2.2.6b, autoconf 2.65 applied to configure.
* Fix compile warning if compiled without threads.
* iana portlist updated.
* included ldns tarball updated.
* Fix bug where a long loop could be entered, now cycle detection has
  a loop-counter and maximum search amount.