Log message:
Features
-   Create a pkg-config file for libunbound in contrib.
-   TCP Fast open.
-   Finegrained localzone control with define-tag, access-control-tag,
    access-control-tag-action, access-control-tag-data, local-zone-tag, and
    local-zone-override. And added types always_transparent, always_refuse,
    always_nxdomain with that.
-   If more than half of tcp connections are in use, a shorter timeout
    is used (200 msec, vs 2 minutes) to pressure tcp for new connects.
-   [bugzilla: 787 ] Fix #787: outgoing-interface netblock/64 ipv6
    option to use linux freebind to use 64bits of entropy for every query
    with random local part.
-   For #787: prefer-ip6 option for unbound.conf prefers to send
    upstream queries to ipv6 servers.
-   Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e.
-   keep debug symbols in windows build.

Bug Fixes:
----------
-   [bugzilla: 778 ] Fix unbound 1.5.9: -h segfault (null deref).
-   Fix unbound-anchor.exe file location defaults to Program Files with
    (x86) appended.
-   Fix to not ignore return value of chown() in daemon startup.
-   Better help text from -h.
-   [bugzilla: 773 ] Fix Non-standard Python location build failure with
    pyunbound.
-   Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures.
-   Revert fix for NetworkService account on windows due to breakage it
    causes.
-   Fix that windows install will not overwrite existing service.conf
    file (and ignore gui config choices if it exists).
-   And delete service.conf.shipped on uninstall.
-   In unbound.conf directory: dir immediately changes to that
    directory, so that include: file below that is relative to that
    directory. With chroot, make the directory an absolute path inside chroot.
-   do not delete service.conf on windows uninstall.
-   document directory immediate fix and allow EXECUTABLE syntax in it
    on windows.
-   Fix directory: fix for unbound-checkconf, it restores cwd.
-   Use QTYPE=A for QNAME minimisation.
-   Keep track of number of time-outs when performing QNAME
    minimisation. Stop minimising when number of time-outs for a QNAME/QTYPE
    pair is more than three.
-   [bugzilla: 775 ] Fix unbound-host and unbound-anchor crash on
    windows, ignore null delete for wsaevent.
-   Fix spelling in freebind option man page text.
-   Fix windows link of ssl with crypt32.
-   [bugzilla: 779 ] Fix Union casting is non-portable.
-   [bugzilla: 780 ] Fix MAP_ANON not defined in HP-UX 11.31.
-   [bugzilla: 781 ] Fix prealloc() is an HP-UX system library call.
-   Decrease dp attempts at each QNAME minimisation iteration
-   [bugzilla: 784 ] Fix Build configure assumess that having getpwnam
    means there is endpwent function available.
-   Updated repository with newer flex and bison output.
-   Fix static compile on windows missing gdi32.
-   Fix dynamic link of anchor-update.exe on windows.
-   Fix detect of mingw for MXE package build.
-   Fixes for 64bit windows compile.
-   [bugzilla: 788 ] Fix for nettle 3.0: Failed to build with Nettle >=
    3.0 and --with-libunbound-only --with-nettle.
-   Fixed unbound.doxygen for 1.8.11.
-   [bugzilla: 798 ] Fix Client-side TCP fast open fails (Linux).
-   [bugzilla: 801 ] Fix missing error condition handling in
    daemon_create_workers().
-   [bugzilla: 802 ] Fix workaround for function parameters that are
    "unused" without log_assert.
-   [bugzilla: 803 ] Fix confusing (and incorrect) code comment in
    daemon_cleanup().
-   [bugzilla: 806 ] Fix wrong comment removed.
-   use sendmsg instead of sendto for TFO.
-   [bugzilla: 807 ] Fix workaround for possible some "unused" function
    parameters in test code.
-   Note that OPENPGPKEY type is RFC 7929.
-   [bugzilla: 804 ] Fix #804: unbound stops responding after outage.
    Fixes queries that attempt to wait for an empty list of subqueries.
-   Fix for #804: lower num_target_queries for iterator also for failed
    lookups.
-   [bugzilla: 820 ] Fix set sldns_str2wire_rr_buf() dual meaning len
    parameter in each iteration in find_tag_datas().
-   [bugzilla: 777 ] Fix OpenSSL 1.1.0 compatibility.
-   RFC 7958 is now out, updated docs for unbound-anchor.
-   Fix for compile without warnings with openssl 1.1.0.
-   [bugzilla: 826 ] Fix refuse_non_local could result in a broken response.
-   iana portlist update.
-   Fix compile with openssl 1.1.0 with api=1.1.0.
-   [bugzilla: 829 ] Fix doc of sldns_wire2str_rdata_buf() return value
    has an off-by-one typo.
-   Fix incomplete prototypes reported by Dag-Erling Smørgrav.
-   [bugzilla: 828 ] Fix missing type in access-control-tag-action
    redirect results in NXDOMAIN.
-   Take configured minimum TTL into consideration when reducing TTL to
    original TTL from RRSIG.
-   [bugzilla: 831 ] Fix workaround for spurious fread_chk warning
    against petal.c
-   Silenced flex-generated sign-unsigned warning print with gcc
    diagnostic pragma.
-   Fix for new splint on FreeBSD. Fix cast for sockaddr_un.sun_len.
-   fix potential memory leak in daemon/remote.c and nullpointer
    dereference in validator/autotrust.
-   [bugzilla: 883 ] Fix error for duplicate local zone entry.
-   [bugzilla: 835 ] Fix --disable-dsa with nettle verify.

Log message:
Unbound 1.5.9
=============

Features:
---------
- generic edns option parse and store code.
- Updated L root IPv6 address.
- User defined pluggable event API for libunbound
- ip_freebind: yesno option in unbound.conf sets IP_FREEBIND for binding
  to an IP address while the interface or address is down.
- OpenSSL 1.1.0 portability, --disable-dsa configure option.
- disable-dnssec-lame-check config option.

Bug Fixes:
----------
- [bugzilla: 745 ] Fix unbound.py - idn2dname throws UnicodeError when idnname \ 
contains trailing dot.
- configure tests for the weak attribute support by the compiler.
- [bugzilla: 747 ] Fix assert in outnet_serviced_query_stop.
- Updated configure and ltmain.sh.
- Fixup of compile fix for pluggable event API.
- Fixup backend2str for libev.
- Fix libev usage of dispatch return value.
- No side effects in tolower() call, in case it is a macro.
- Fix warnings in ifdef corner case, older or unknown libevent.
- Fix ip-transparent for ipv6 on FreeBSD.
- Fix ip-transparent for tcp on freebsd.
- [bugzilla: 746 ] Fix unbound sets CD bit on all forwards.
  If no trust anchors, it'll not set CD bit when forwarding to another server.
  If a trust anchor, no CD bit on the first attempt to a forwarder,
  but CD bit thereafter on repeated attempts to get DNSSEC.
- Limit number of QNAME minimisation iterations.
- Validate QNAME minimised NXDOMAIN responses.
- If QNAME minimisation is enabled, do cache lookup for QTYPE NS in \ 
harden-below-nxdomain.
- Fix compile of getentropy_linux for SLES11 servicepack 4.
- Fix dnstap-log-resolver-response-messages.
- Fix test for openssl to use HMAC_Update for 1.1.0.
- ERR_remove_state deprecated since openssl 1.0.0.
- OPENSSL_config is deprecated, removing.
- Document permit-small-holddown for 5011 debug.
- [bugzilla: 749 ] Fix unbound-checkconf gets SIGSEGV when use against a \ 
malformatted conf file.
- [bugzilla: 753 ] Fix document dump_requestlist is for first thread.
- Fix some malformed reponses to edns queries get fallback to nonedns.
- [bugzilla: 759 ] Fix 0x20 capsforid no longer checks type PTR, for \ 
compatibility with cisco dns guard. This lowers false positives.
- Fix sldns with static checking fixes copied from getdns.
- Fix memory leak in out-of-memory conditions of local zone add.
- [bugzilla: 761 ] Fix DNSSEC LAME false positive resolving nic.club.
- [bugzilla: 766 ] Fix dns64 should synthesize results on timeout/errors.
- No QNAME minimisation fall-back for NXDOMAIN answers from DNSSEC signed zones.
- [bugzilla: 767 ] Fix Reference to an expired Internet-Draft in \ 
harden-below-nxdomain documentation.
- remove memory leak from lame-check patch.
- [bugzilla: 770 ] Fix Small subgroup attack on DH used in unix pipe on \ 
localhost if unbound control uses a unix local named pipe.
- Document write permission to directory of trust anchor needed.
- [bugzilla: 768 ] Fix Unbound Service Sometimes Can Not Shutdown Completely, \ 
WER Report Shown Up. Close handle before closing WSA.
- Fix time in case answer comes from cache in ub_resolve_event().
- Fix windows service to be created run with limited rights, as a network \ 
service account.
- [bugzilla: 752 ] Fix retry resource temporarily unavailable on control pipe.
- iana ports fetched via https.
- iana portlist update.

Log message:
Remove the stability entity, it has no meaning outside of an official context.

Log message:
Change the service_bundle name to "export" to reduce diffs between the
original manifest.xml file and the output from "svccfg export".

Log message:
Unbound 1.5.8
=============

Features:
---------
-   ip-transparent option for FreeBSD with IP_BINDANY socket option.
-   insecure-lan-zones: yesno config option.
-   RR Type CSYNC support RFC 7477, in debug printout and config input.
-   RR Type OPENPGPKEY support (draft-ietf-dane-openpgpkey-07).
-   [bugzilla: 731 ] tcp-mss, outgoing-tcp-mss options for unbound.conf
-   Support RFC7686: handle ".onion" Special-Use Domain. It is blocked
    by default, and can be unblocked with "nodefault" localzone config.
-   ub_ctx_set_stub() function for libunbound to config stub zones.

Bug Fixes:
----------
-   Fix that NSEC3 negative cache is used when there is no salt.
-   sorted ubsyms.def file with exported libunbound functions.
-   Print understandable debug log when unusable DS record is seen.
-   load gost algorithm if digest is seen before key algorithm.
-   Fix that "make install" fails due to "text file busy" error.
-   Set IPPROTO_IP6 for ipv6 sockets otherwise invalid argument error.
-   wait for sendto to drain socket buffers when they are full.
-   Neater cmdline_verbose increment patch from Edgar Pettijohn.
-   Made NetBSD sendmsg test nonfatal, in case of false positives.
-   [bugzilla: 741 ] Fix: log message for dnstap socket connection is
    more clear.
-   [bugzilla: 734 ] Fix: chown the pidfile if it resides inside the
    chroot.
-   Fix cmsg alignment for argument to sendmsg on NetBSD.
-   Fix that unbound complains about unimplemented IP_PKTINFO for
    sendmsg on NetBSD (for interface-automatic).
-   [bugzilla: 738 ] Fix: Swig should not be invoked with CPPFLAGS.
-   Squelch 'cannot assign requested address' log messages unless
    verbosity is high, it was spammed after network down.
-   Fix to simplify empty string checking.
-   [bugzilla: 734 ] Fix: Do not log an error when the PID file cannot
    be chown'ed.
-   Fix test if -pthreads unused to use better grep for portability.
-   Fix mingw crosscompile for recent mingw.
-   Update aclocal, autoconf output with new versions (1.15, 2.4.6).
-   Define DEFAULT_SOURCE together with BSD_SOURCE when that is defined,
    for Linux glibc 2.20.
-   Fixup contrib/aaaa-filter-iterator.patch for moved contents in the
    source code, so it applies cleanly again. Removed unused variable
    warnings.
-   [bugzilla: 729 ] Fix: omit use of escape sequences in echo since
    they are not portable (unbound-control-setup).
-   remove NULL-checks before free, patch from Michael McConville.
-   updated ax_pthread.m4 to version 21 with clang support, this removes
    a warning from compilation.
-   OSX portability, detect if sbrk is deprecated.
-   OSX clang, stop -pthread unused during link stage warnings.
-   OSX clang new flto check.
-   iana portlist update.

Log message:
Bump PKGREVISION for security/openssl ABI bump.

Log message:
Use CPPFLAGS.NetBSD

Log message:
Define _OPENBSD_SOURCE so that unbound works on NetBSD 8 where
reallocarray(3) is guarded.

Log message:
Fix name of the flag variable in rc.d script. From ISIHARA Takanori in
PR pkg/50595.

Log message:
Unbound 1.5.7
=============

Features:
- Fix #594. libunbound: optionally use libnettle for crypto.
  Added --with-nettle for use with --with-libunbound-only.
- Implemented qname minimisation

Bug Fixes:
- Fix #712: unbound-anchor appears to not fsync root.key.
- Fix #714: Document config to block private-address for IPv4
  mapped IPv6 addresses.
- portability, replace snprintf if return value broken
- portability fixes.
- detect libexpat without xml_StopParser function.
- isblank() compat implementation.
- patch from Doug Hogan for SSL_OP_NO_SSLvx options.
- Fix #716: nodata proof with empty non-terminals and wildcards.
- Fix #718: Fix unbound-control-setup with support for env
  without HEREDOC bash support.
- ACX_SSL_CHECKS no longer adds -ldl needlessly.
- Change example.conf: ftp.internic.net to https://www.internic.net
- Fix for lenient accept of reverse order DNAME and CNAME.
- spelling fixes from Igor Sobrado Delgado.
- Fix that malformed EDNS query gets a response without malformed EDNS.
- Added assert on rrset cache correctness.
- Fix #720: add windows scripts to zip bundle,
  and fix unbound-control-setup windows batch file.
- Fix for #724: conf syntax to read files from run dir (on Windows).
  And fix PCA prompt for unbound-service-install.exe.
  And add Changelog to windows binary dist.
- .gitignore for git users.
- iana portlist update.
- Removed unneeded whitespace from example.conf.
- Do not minimise forwarded requests.