Log Message:
Unbound 1.4.13:

Features:

* Note that Unbound implements RFC6303 (since version 1.4.7).
tcp-upstream yes/no option (works with set_option) for tunnels.
* The format of answers to the qtype ANY with a CNAME have changed, so that \ 
there can be proper validated DNSSEC answers for them. This is for queries with \ 
qtype ANY where the domain name has a CNAME. Now an answer is returned, where \ 
before it resulted in SERVFAIL due to validation failure. When DNSSEC validation \ 
is disabled, the contents of the response have changed: the CNAME is not \ 
followed, and the correct contents of the RRsets at the initial name are \ 
included (where previously only partial contents of the initial names could have \ 
been included but the CNAME was followed). The qtype ANY is a query for debug \ 
where the resolver is to fill in relevant data that happens to be at hand from \ 
the cache.

Bug Fixes:

* Fix validation of qtype ANY responses with CNAMEs. Unbound responds with the \ 
RR types that are available at the name for qtype ANY and validates those RR \ 
types. It does not test for completeness (i.e. with NSEC or NSEC3 query), and it \ 
does not follow the CNAME or DNAME to another name (with even more data for the \ 
already large response)
* Documented the options that work with control set_option command.
* Fix that internally, CNAMEs with NXDOMAIN have that as rcode.
* Fix validation of . DS query.
* Fix wildcard expansion no-data reply under an optout NSEC3 zone is validated \ 
as insecure.
* Fix python site-packages path to /usr/lib64.
* fix memory and fd leak after out-of-memory condition.
* contrib. patch fixes load of python modules.
* contrib. patch that fixes a memory leak in the unbound python module, in \ 
string conversions.
* Fix num-threads 0 does not segfault.
* Fix autoconf 2.68 warnings
* iana portlist updated