Log Message:
unbound: updated to 1.14.0

1.14.0

Features

Merge 401: RPZ triggers. This add additional RPZ triggers, unbound supports a \ 
full set of rpz triggers, and this now includes nsdname, nsip and clientip \ 
triggers. Also actions are fully supported, and this now includes the tcp-only \ 
action.
Merge 519: Support for selective enabling tcp-upstream for stub/forward zones.
Merge PR 514, from ziollek: Docker environment for run tests.
Support using system-wide crypto policies.
Fix that --with-ssl can use "/usr/include/openssl11" to pass the \ 
location of a different openssl version.
Merged 41 from Moritz Schneider: made outbound-msg-retry configurable.
Implement RFC8375: Special-Use Domain 'home.arpa.'.
Merge PR 555 from fobser: Allow interface names as scope-id in IPv6 link-local \ 
addresses.

Bug Fixes

Add test tool readzone to .gitignore.
Merge 521: Update mini_event.c.
Merge 523: fix: free() call more than once with the same pointer.
For 519: note stub-tcp-upstream and forward-tcp-upstream in the example \ 
configuration file.
For 519: yacc and lex. And fix python bindings, and test program \ 
unbound-dnstap-socket.
For 519: fix comments for doxygen.
Fix to print error from unbound-anchor for writing to the key file, also when \ 
not verbose.
For 514: generate configure.
Fix for 431: Squelch permission denied errors for udp connect, and udp send, \ 
they are visible at higher verbosity settings.
Fix zonemd verification of key that is not in DNS but in the zone and needs a \ 
chain of trust.
zonemd, fix order of bogus printout string manipulation.
Fix to support harden-algo-downgrade for ZONEMD dnssec checks.
Merge PR 528 from fobser: Make sldns_str2wire_svcparam_buf() static.
Fix 527: not sending quad9 cert to syslog (and may be more).
Fix sed script in ssldir split handling.
Fix 529: Fix: log_assert does nothing if UNBOUND_DEBUG is undefined.
Fix 531: Fix: passed to proc after free.
Fix 536: error: RPZ: name of record (drop.spamhaus.org.rpz.local.) to insert \ 
into RPZ.
Fix the stream wait stream_wait_count_lock and http2 buffer locks setup and \ 
desetup from race condition.
Fix RPZ locks. Do not unlock zones lock if requested and rpz find zone does not \ 
find the zone. Readlock the clientip that is found for ipbased triggers. Unlock \ 
the nsdname zone lock when done. Unlock zone and ip in rpz nsip and nsdname \ 
callback. Unlock authzone and localzone if clientip found in rpz worker call.
Fix compile warning in libunbound for listen desetup routine.
Fix asynclook unit test for setup of lockchecks before log.
Fix 533: Negative responses get cached even when setting cache-max-negative-ttl: 1
Fix tcp fastopen failure when disabled, try normal connect instead.
Fix 538: Fix subnetcache statistics.
Small fixes for 41: changelog, conflicts resolved, processQueryResponse takes an \ 
iterator env argument like other functions in the iterator, no colon in string \ 
for set_option, and some whitespace style, to make it similar to the rest.
Fix for 41: change outbound retry to int to fix signed comparison warnings.
Fix root_anchor test to check with new icannbundle date.
Fix initialisation errors reported by gcc sanitizer.
Fix lock debug code for gcc sanitizer reports.
Fix more initialisation errors reported by gcc sanitizer.
Fix crosscompile on windows to work with openssl 3.0.0 the link with ws2_32 \ 
needs -l:libssp.a for __strcpy_chk. Also copy results from lib64 directory if \ 
needed.
For crosscompile on windows, detect 64bit stackprotector library.
Fix crosscompile shell syntax.
Fix crosscompile windows to use libssp when it exists.
For the windows compile script disable gost.
Fix that on windows, use BIO_set_callback_ex instead of deprecated BIO_set_callback.
Fix crosscompile script for the shared build flags.
Fix to add example.conf note for outbound-msg-retry.
Fix chaos replies to have truncation for short message lengths, or long reply \ 
strings.
Fix to protect custom regional create against small values.
Fix 552: Unbound assumes index.html exists on RPZ host.
Fix that forward-zone name is documented as the full name of the zone. It is not \ 
relative but a fully qualified domain name.
Fix analyzer review failure in rpz action override code to not crash on \ 
unlocking the local zone lock.
Fix to remove unused code from rpz resolve client and action function.
Merge 565: unbound.service.in: Disable ProtectKernelTunables again.
Fix for 558: fix loop in comm_point->tcp_free when a comm_point is reclaimed \ 
more than once during callbacks.
Fix for 558: clear the UB_EV_TIMEOUT bit before adding an event.
Improve EDNS option handling, now also works for synthesised responses such as \ 
local-data and server.id CH TXT responses.
Merge PR 570 from rex4539: Fix typos.
Fix for 570: regen aclocal.m4, fix configure.ac for spelling.
Fix to make python module opt_list use opt_list_in.
Fix 574: unbound-checkconf reports fatal error if interface names are used as \ 
value for interfaces:
Fix 574: Review fixes for it.
Fix 576: [FR] UB_* error codes in unbound.h
Fix 574: Review fix for spelling.
Fix to remove git tracking and ci information from release tarballs.
iana portlist update.
Merge PR 511 from yan12125: Reduce unnecessary linking.
Merge PR 493 from Jaap: Fix generation of libunbound.pc.
Merge PR 562 from Willem: Reset keepalive per new tcp session.
Merge PR 522 from sibeream: memory management violations fixed.
Merge PR 530 from Shchelk: Fix: dereferencing a null pointer.
Fix 454: listen_dnsport.c:825: error: ‘IPV6_TCLASS’ undeclared.
Fix 574: Review fixes for size allocation.
Fix doc/unbound.doxygen to remove obsolete tag warning.