Next | Query returned 121 messages, browsing 41 to 50 | Previous

History of commit frequency

CVS Commit History:


   2020-02-20 21:39:07 by Havard Eidnes | Files touched by this commit (3) | Package updated
Log message:
Update unbound to version 1.10.0. (This time on the main CVS branch...)

Pkgsrc changes:
 * Adjust line numbers in patch.

Upstream changes:

The 1.10.0 release has RPZ support and serve stale functionality
according to draft draft-ietf-dnsop-serve-stale-10.  And a number of
other, smaller, features, and bug fixes.

The DNS Response Policy Zones (RPZ) functionality makes it possible
to express DNS response policies in a DNS zone. These zones can
be loaded from file or transferred over DNS zone transfers or
HTTP. The RPZ functionality in Unbound is implemented as specified in
draft-vixie-dnsop-dns-rpz-00. Only the QNAME and Response IP Address
triggers are supported. The supported RPZ actions are: NXDOMAIN, NODATA,
PASSTHRU, DROP and Local Data.

Enabling the respip module using `module-config` is required to use
RPZ. Each RPZ zone can be configured using the `rpz` clause. RPZ clauses
are applied in order of configuration.  Unbound can get the data from
zone transfer, a zonefile or https url, and more options are documented
in the man page.  A minimal RPZ configuration that will transfer the
RPZ zone using AXFR and IXFR can look like:

server:
  module-config: "respip validator iterator"

rpz:
  name: "rpz.example.com" # name of the policy zone
  master: 192.0.2.0	  # address of the name server to transfer from

The serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10 is now supported in unbound.
This allows unbound to first try and resolve a domain name before
replying with expired data from cache.  This differs from unbound's
initial serve-expired behavior which attempts to reply with expired
entries from cache without waiting for the actual resolution to finish.
Both behaviors are available and can be configured with the various
serve-expired-* configuration options.  serve-expired-client-timeout is
the option that enables one or the other.

The DSA algorithms have been disabled by default, this is because of
RFC 8624.

There is a crash fix in the parse of text of type WKS, reported by
X41 D-Sec.

In addition, neg and key caches can be shared with multiple
libunbound contexts, a change that assists unwind.  The
contrib/unbound_portable.service provides a systemd start file for a
portable setup.  The configure --with-libbsd option allows the use
of the bsd compatibility library so that it can use the arc4random
from it.  The stats in contrib/unbound_munin_ have num.query.tls and
num.query.tls.resume added to them.  For unbound-control the command
view_local_datas_remove is added that removes data from a view.

Features:
- Merge RPZ support into master. Only QNAME and Response IP triggers are
  supported.
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Merge #135 from Florian Obser: Use passed in neg and key cache
  if non-NULL.
- Fix #153: Disable validation for DSA algorithms.  RFC 8624 compliance.
- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
  and Frzk.  Updates the unbound.service systemd file and adds a portable
  systemd service file.
- Merge PR#154; Allow use of libbsd functions with configure option
  --with-libbsd. By Robert Edmonds and Steven Chamberlain.
- Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai.
- Merge PR#156 from Alexander Berkes; Added unbound-control
  view_local_datas_remove command.

Bug Fixes:
- Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by
  Florian Obser
- Update mailing list URL.
- Fix #140: Document slave not downloading new zonefile upon update.
- Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD.
  The dl_iterate_phdr() function introduced in newer versions raises
  compilation errors on solaris 10.
- Changes to compat/getentropy_solaris.c for,
  ifdef stdint.h inclusion for older systems.  ifdef sha2.h inclusion
  for older systems.
- Fix 'make test' to work for --disable-sha1 configure option.
- Fix out-of-bounds null-byte write in sldns_bget_token_par while
  parsing type WKS, reported by Luis Merino from X41 D-Sec.
- Updated sldns_bget_token_par fix for also space for the zero
  delimiter after the character.  And update for more spare space.
- Fix #138: stop binding pidfile inside chroot dir in systemd service
  file.
- Fix the relationship between serve-expired and prefetch options,
  patch from Saksham Manchanda from Secure64.
- Fix unreachable code in ssl set options code.
- Removed the dnscrypt_queries and dnscrypt_queries_chacha tests,
  because dnscrypt-proxy (2.0.36) does not support the test setup
  any more, and also the config file format does not seem to have the
  appropriate keys to recreate that setup.
- Fix crash after reload where a stats lookup could reference old key
  cache and neg cache structures.
- Fix for memory leak when edns subnet config options are read when
  compiled without edns subnet support.
- Fix auth zone support for NSEC3 records without salt.
- Merge PR#150 from Frzk: Systemd unit without chroot.  It add
  contrib/unbound_nochroot.service.in, a systemd file for use with
  chroot: "", see comments in the file, it uses systemd protections
  instead.  It was superceded by #151, the unbound_portable.service
  file.
- Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes
  to Libs/Requires for crypto library dependencies.
- iana portlist updated.
- Fix to silence the tls handshake errors for broken pipe and reset
  by peer, unless verbosity is set to 2 or higher.
- Merge PR#147; change rfc reference for reserved top level dns names.
- Fix #157: undefined reference to `htobe64'.
- Fix subnet tests for disabled DSA algorithm by default.
- Update contrib/fastrpz.patch for clean diff with current code.
- updated .gitignore for added contrib file.
- Add build rule for ipset to Makefile
- Add getentropy_freebsd.o to Makefile dependencies.
- Fix memory leak in error condition remote.c
- Fix double free in error condition view.c
- Fix memory leak in do_auth_zone_transfer on success
- Stop working on socket when socket() call returns an error.
- Check malloc return values in TLS session ticket code
- Fix fclose on error in TLS session ticket code.
- Add assertion to please static analyzer
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
- Fix num_reply_addr counting in mesh and tcp drop due to size
  after serve_stale commit.
- Fix to create and destroy rpz_lock in auth_zones structure.
- Fix to lock zone before adding rpz qname trigger.
- Fix to lock and release once in mesh_serve_expired_lookup.
- Fix to put braces around empty if body when threading is disabled.
- Fix num_reply_states and num_detached_states counting with
  serve_expired_callback.
- Cleaner code in mesh_serve_expired_lookup.
- Document in unbound.conf manpage that configuration clauses can be
  repeated in the configuration file.
- Document 'ub_result.was_ratelimited' in libunbound.
- Fix use after free on log-identity after a reload; Fixes #163.
- Fix with libnettle make test with dsa disabled.
- Fix contrib/fastrpz.patch to apply cleanly.  Fix for serve-stale
  fixes, but it does not compile, conflicts with new rpz code.
- Fix to clean memory leak of respip_addr.lock when ip_tree deleted.
- Fix compile warning when threads disabled.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-12-12 15:26:38 by Havard Eidnes | Files touched by this commit (3) | Package updated
Log message:
Update unbound to version 1.9.6

Pkgsrc changes:
 * Remove now integrated patch.

Upstream changes:

This release contains a number of security related fixes, contributed by
X41 D-Sec. They have conducted a security audit of Unbound, funded by
OSTIF. The previous CVEs fixed in 1.9.4 and 1.9.5 were the most
important ones, less important fixes and side findings for more robust
code have been included in this release, alongside a normal number of
bug fixes.

The sort order for included config snippets is now ascending by name, it
previously was reversed due to an oversight.  Most config snippets do
not depend on the order as they add a stub or forward zone or some
server: section config entries.

Features:
- The unbound.conf includes are sorted ascending, for include
  statements with a '*' from glob.
- drop-tld.diff in contrib/ : adds option drop-tld: yesno that drops 2 label
  queries, to stop random floods.  Apply with
  patch -p1 < contrib/drop-tld.diff and compile.
  From Saksham Manchanda (Secure64).  Please note that we think this
  will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
  lookups for downstream clients.
- Add new configure option `--enable-fully-static` to enable full static
  build if requested; in relation to #91.
- Add make distclean that removes everything configure produced,
  and make maintainer-clean that removes bison and flex output.
- unbound-fuzzers.tar.bz2 in contrib/ : three programs for fuzzing, that
  are 1:1 replacements for unbound-fuzzme.c that gets created after applying
  the contrib/unbound-fuzzme.patch.  They are contributed by
  Eric Sesterhenn from X41 D-Sec.

Bug Fixes:
- Fix that pkg-config is setup before --enable-systemd needs it.
- Fix contrib/fastrpz.patch asprintf return value checks.
- ipset module #28: log that an address is added, when verbosity high.
- ipset: refactor long routine into three smaller ones.
- updated Makefile dependencies.
- squelch DNS over TLS errors 'ssl handshake failed crypto error'
  on low verbosity, they show on verbosity 3 (query details), because
  there is a high volume and the operator cannot do anything for the
  remote failure.  Specifically filters the high volume errors.
- Fix #71: fix openssl error squelch commit compilation error.
- Fix #72: configure --with-syslog-facility=LOCAL0-7 with default
  LOG_DAEMON (as before) can set the syslog facility that the server
  uses to log messages.
- Use explicit bzero for wiping clear buffer of hash in cachedb,
  reported by Eric Sesterhenn from X41 D-Sec.
- Fix #78: Memory leak in outside_network.c.
- Merge pull request #76 from Maryse47: Improvements and fixes for
  systemd unbound.service.
- oss-fuzz badge on README.md.
- Fix fix for #78 to also free service callback struct.
- Fix for oss-fuzz build warning.
- Fix wrong response ttl for prepended short CNAME ttls, this would
  create a wrong zero_ttl response count with serve-expired enabled.
- Merge #80 from stasic: Improve wording in man page.
- Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW
  in unbound.service.
- Merge #81 from Maryse47: Consistently use /dev/urandom instead
  of /dev/random in scripts and docs.
- Merge #83 from Maryse47: contrib/unbound.service.in: do not fork
  into the background.
- Merge #85 for #84 from sam-lunt: Add kill capability to systemd
  service file to fix that systemctl reload fails.
- Merge #87 from hardfalcon: Fix contrib/unbound.service.in,
  Drop CAP_KILL, use + prefix for ExecReload= instead.
- Merge #90 from vcunat: fix build with nettle-3.5.
- Fix for CVE-2019-16866.  That fix is also in 1.9.4.
- Merge #86 from psquarejho: Added -b source address option to
  smallapp/unbound-anchor.c, from Lukas Wunner.
- Add doxygen comments to unbound-anchor source address code, in #86.
- Merge #97: manpage: Add missing word on unbound.conf,
  from Erethon.
- Fix #99: Memory leak in ub_ctx (event_base will never be freed).
- Fix #109: check number of arguments for stdin-pipes in
  unbound-control and fail if too many arguments.
- Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.
- iana portlist updated.
- contrib/fastrpz.patch updated to apply for current code.
- fixes for splint cleanliness, long vs int in SSL set_mode.
- In unbound-host use separate variable for get_option to please
  code checkers.
- update to bison output of 3.4.1 in code repository.
- Provide a prototype for compat malloc to remove compile warning.
- Portable grep usage for reuseport configure test.
- Check return type of HMAC_Init_ex for openssl 0.9.8.
- gitignore .source tempfile used for compatible make.
- Fix for CVE-2019-18934, shell execution in ipsecmod.  This fix is also
  in 1.9.5.
- Fix authzone printout buffer length check.
- Fixes to please lint checks.
- Fix Integer Overflow in Regional Allocator,
  reported by X41 D-Sec.
- Fix Unchecked NULL Pointer in dns64_inform_super()
  and ipsecmod_new(), reported by X41 D-Sec.
- Fix Out-of-bounds Read in rr_comment_dnskey(),
  reported by X41 D-Sec.
- Fix Integer Overflows in Size Calculations,
  reported by X41 D-Sec.
- Fix Integer Overflow to Buffer Overflow in
  sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
- Fix Out of Bounds Read in sldns_str2wire_dname(),
  reported by X41 D-Sec.
- Fix Out of Bounds Write in sldns_bget_token_par(),
  reported by X41 D-Sec.
- Fix Out of Bounds Read in rrinternal_get_owner(),
  reported by X41 D-Sec.
- Fix Race Condition in autr_tp_create(),
  reported by X41 D-Sec.
- Fix Shared Memory World Writeable,
  reported by X41 D-Sec.
- Adjust unbound-control to make stats_shm a read only operation.
- Fix Weak Entropy Used For Nettle,
  reported by X41 D-Sec.
- Fix Randomness Error not Handled Properly,
  reported by X41 D-Sec.
- Fix Out-of-Bounds Read in dname_valid(),
  reported by X41 D-Sec.
- Fix Config Injection in create_unbound_ad_servers.sh,
  reported by X41 D-Sec.
- Fix Local Memory Leak in cachedb_init(),
  reported by X41 D-Sec.
- Fix Integer Underflow in Regional Allocator,
  reported by X41 D-Sec.
- Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD.
- Synchronize compat/getentropy_win.c with version 1.5 from
  OpenBSD, no changes but makes the file, comments, identical.
- Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD.
- Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD.
- Changes to compat/getentropy files for,
  no link to openssl if using nettle, and hence config.h for
  HAVE_NETTLE variable.
  compat definition of MAP_ANON, for older systems.
  ifdef stdint.h inclusion for older systems.
  ifdef sha2.h inclusion for older systems.
- Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec.
- Fix compile with --enable-alloc-checks, reported by X41 D-Sec.
- Fix Terminating Quotes not Written, reported by X41 D-Sec.
- Fix Useless memset() in validator, reported by X41 D-Sec.
- Fix Unrequired Checks, reported by X41 D-Sec.
- Fix Enum Name not Used, reported by X41 D-Sec.
- Fix NULL Pointer Dereference via Control Port,
  reported by X41 D-Sec.
- Fix Bad Randomness in Seed, reported by X41 D-Sec.
- Fix python examples/calc.py for eval, reported by X41 D-Sec.
- Fix comments for doxygen in dns64.
- Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec.
- Fix compiler warnings.
- Merge pull request #122 from he32: In tcp_callback_writer(),
  don't disable time-out when changing to read.
- Merge pull request #124 from rmetrich: Changed log lock
  from 'quick' to 'basic' because this is an I/O lock.
- Fix text around serial arithmatic used for RRSIG times to refer
  to correct RFC number.
- Fix Assert Causing DoS in synth_cname(),
  reported by X41 D-Sec.
- Fix similar code in auth_zone synth cname to add the extra checks.
- Fix Assert Causing DoS in dname_pkt_copy(),
  reported by X41 D-Sec.
- Fix OOB Read in sldns_wire2str_dname_scan(),
  reported by X41 D-Sec.
- Fix Out of Bounds Write in sldns_str2wire_str_buf(),
  reported by X41 D-Sec.
- Fix Out of Bounds Write in sldns_b64_pton(),
  fixed by check in sldns_str2wire_int16_data_buf(),
  reported by X41 D-Sec.
- Fix Insufficient Handling of Compressed Names in dname_pkt_copy(),
  reported by X41 D-Sec.
- Fix Out of Bound Write Compressed Names in rdata_copy(),
  reported by X41 D-Sec.
- Fix Hang in sldns_wire2str_pkt_scan(),
  reported by X41 D-Sec.
  This further lowers the max to 256.
- Fix snprintf() supports the n-specifier,
  reported by X41 D-Sec.
- Fix Bad Indentation, in dnscrypt.c,
  reported by X41 D-Sec.
- Fix Client NONCE Generation used for Server NONCE,
  reported by X41 D-Sec.
- Fix compile error in dnscrypt.
- Fix _vfixed not Used, removed from sbuffer code,
  reported by X41 D-Sec.
- Fix Hardcoded Constant, reported by X41 D-Sec.
- make depend
- Fix lock type for memory purify log lock deletion.
- Fix testbound for alloccheck runs, memory purify and lock checks.
- update contrib/fastrpz.patch to apply more cleanly.
- Fix Make Test Fails when Configured With --enable-alloc-nonregional,
  reported by X41 D-Sec.
- Fix ipsecmod compile
- Fix Makefile.in for ipset module compile, from Adi Prasaja.
   2019-12-03 09:08:59 by Havard Eidnes | Files touched by this commit (3)
Log message:
Apply a fix from upstream:
  https://github.com/NLnetLabs/unbound/pull/122
which fixes
  https://github.com/NLnetLabs/unbound/issues/125

Briefly: TCP socket timeouts would effectively be disabled after
the exchange of the initial DNS query/response.

Bump PKGREVISION.
   2019-11-19 11:10:44 by Havard Eidnes | Files touched by this commit (2)
Log message:
Update unbound to version 1.9.5

Pkgsrc changes:
 * None.

Upstream changes:

Bug Fixes:
- Fix CVE-2019-18934.  A vulnerability might cause shell code execution
  with use of the "ipsecmod" feature under specific conditions.
   2019-11-03 12:45:59 by Roland Illig | Files touched by this commit (255)
Log message:
net: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-10-03 11:44:38 by Havard Eidnes | Files touched by this commit (2)
Log message:
Update unbound to version 1.9.4

Pkgsrc changes:
 * None.

Upstream changes:

Bug Fixes:
- Fix CVE-2019-16866.  An error in parsing NOTIFY queries may cause
  unbound to continue processing malformed queries and may ultimately
  result in a pointer de-reference in un-initialized memory, causing
  a crash of unbound.
   2019-08-27 11:25:25 by Havard Eidnes | Files touched by this commit (2) | Package updated
Log message:
Update unbound to version 1.9.3

Upstream changes:

This release has a number of bug fixes.  Added is the ipset module, that
helps add ip-addresses that are looked up in a domain to a firewall
ip-address filter.  Also, the python module has restart next, per-query
data and multiple instance support.  The unbound -V option has been
added and it prints the build config.

Features:
- PR #28: IPSet module, by Kevin Chou.  Created a module to support
  the ipset that could add the domain's ip to a list easily.
  Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md.
- Merge PR #6: Python module: support multiple instances
- Merge PR #5: Python module: define constant MODULE_RESTART_NEXT
- Merge PR #4: Python module: assign something useful to the
  per-query data store 'qdata'
- Introduce `-V` option to print the version number and build options.
  Previously reported build options like linked libs and linked modules
  are now moved from `-h` to `-V` as well for consistency.
- PACKAGE_BUGREPORT now also includes link to GitHub issues.

Bug Fixes:
- Fix #39: In libunbound, leftover logfile is close()d unpredictably.
- Fix for #24: Fix abort due to scan of auth zone masters using old
  address from previous scan.
- Fix to omit RRSIGs from addition to the ipset.
- Fix to make unbound-control with ipset, remove unused variable,
  use unsigned type because of comparison, and assign null instead
  of compare with it.  Remade lex and yacc output.
- make depend
- Added documentation to the ipset files (for doxygen output).
- Fix python dict reference and double free in config.
- Fix memleak in unit test, reported from the clang 8.0 static analyzer.
- For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf
  when do-not-query-localhost is turned on, or at default on,
  unbound-checkconf prints a warning if it is found in forward-addr or
  stub-addr statements.
- Fix for possible assertion failure when answering respip CNAME from
  cache.
- Fix in respip addrtree selection. Absence of addr_tree_init_parents()
  call made it impossible to go up the tree when the matching netmask is
  too specific.
- Fix #48: Unbound returns additional records on NODATA response,
  if minimal-responses is enabled, also the additional for negative
  responses is removed.
- Fix #49: Set no renegotiation on the SSL context to stop client
  session renegotiation.
- Fix question section mismatch in local zone redirect.
- Add verbose log message when auth zone file is written, at level 4.
- Add hex print of trust anchor pointer to trust anchor file temp
  name to make it unique, for libunbound created multiple contexts.
- For #52 #53, second context does not close logfile override.
- Fix #52 #53, fix for example fail program.
- Fix to return after failed auth zone http chunk write.
- Fix to remove unused test for task_probe existance.
- Fix to timeval_add for remaining second in microseconds.
- Check repinfo in worker_handle_request, if null, drop it.
- Generate configlexer with newer flex.
- Fix warning for unused variable for compilation without systemd.
- Fix #59, when compiled with systemd support check that we can properly
  communicate with systemd through the `NOTIFY_SOCKET`.
- iana portlist updated.
- Fix autotrust temp file uniqueness windows compile.
- avoid warning about upcast on 32bit systems for autotrust.
- escape commandline contents for -V.
- Fix character buffer size in ub_ctx_hosts.
- Option -V prints if TCP fastopen is available.
- Fix unittest valgrind false positive uninitialised value report,
  where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0
  issues an uninitialised value for the token buffer at the str2wire.c
  rrinternal_get_owner() strcmp with the '@' value.  Rewritten to use
  straight character comparisons removes the false positive.  Also
  valgrinds --expensive-definedness-checks=yes can stop this false
  positive.
- Please doxygen's parser for "@" occurrence in doxygen comment.
- Fixup contrib/fastrpz.patch
- Remove warning about unknown cast-function-type warning pragma.
- Document limitation of pidfile removal outside of chroot directory.
- Fix log_dns_msg to log irrespective of minimal responses config.
- Fix that pkg-config is setup before --enable-systemd needs it.
   2019-06-17 11:49:08 by Havard Eidnes | Files touched by this commit (2) | Package updated
Log message:
Update unbound to version 1.9.2

Upstream changes:

Features
- add type CAA to libpyunbound (accessing libunbound from python).
- Fix #17: Add python module example from Jan Janak, that is a
  plugin for the Unbound DNS resolver to resolve DNS records in
  multicast DNS [RFC 6762] via Avahi.  The plugin communicates
  with Avahi via DBus. The comment section at the beginning of
  the file contains detailed documentation.
- travis build file.
- PR #16: XoT support, AXFR over TLS, turn it on with
  master: <ip>#<authname> in unbound.conf.  This uses TLS to
  download the AXFR (or IXFR).

Bug Fixes
- Fix for #4233: guard use of NDEBUG, so that it can be passed in
  CFLAGS into configure.
- Add log message, at verbosity 4, that says the query is encrypted
  with TLS, if that is enabled for the query.
- Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
- Fix #4240: Fix whitespace cleanup in example.conf.
- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
  disables the tls session ticker key calls into the OpenSSL API.
- Fix crash if tls-servic-pem not filled in when necessary.
- Fix auth-zone NSEC3 response for empty nonterminals with exact
  match nsec3 records.
- Fix for out of bounds integers, thanks to OSTIF audit.  It is in
  allocation debug code.
- Fix for auth zone nsec3 ent fix for wildcard nodata.
- Move goto label in answer_from_cache to the end of the function
  where it is more visible.
- Fix auth-zone NSEC3 response for wildcard nodata answers,
  include the closest encloser in the answer.
- Fix spelling error in log output for event method.
- Fix to reinit event structure for accepted TCP (and TLS) sockets.
- Fix to use event_assign with libevent for thread-safety.
- verbose information about auth zone lookup process, also lookup
  start, timeout and fail.
- Fix to wipe ssl ticket keys from memory with explicit_bzero,
  if available.
- Fix that auth zone uses correct network type for sockets for
  SOA serial probes.  This fixes that probes fail because earlier
  probe addresses are unreachable.
- Fix that auth zone fails over to next master for timeout in tcp.
- Squelch SSL read and write connection reset by peer and broken pipe
  messages.  Verbosity 2 and higher enables them.
- Update python documentation for init_standard().
- Typos.
- Fix tls write event for read state change to re-call SSL_write and
  not resume the TLS handshake.
- Better braces in if statement in TCP fastopen code.
- iana portlist updated.
- Scrub RRs from answer section when reusing NXDOMAIN message for
  subdomain answers.
- For harden-below-nxdomain: do not consider a name to be non-exitent
  when message contains a CNAME record.
- Fix wrong query name in local zone redirect answers with a CNAME,
  the copy of the local alias is in unpacked form.
- contrib/fastrpz.patch updated for code changes, and with git diff.
- Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64.
- Fix #30: AddressSanitizer finding in lookup3.c.  This sets the
  hash function to use a slower but better auditable code that does
  not read beyond array boundaries.  This makes code better security
  checkable, and is better for security.  It is fixed to be slower,
  but not read outside of the array.
- Fix edns-subnet locks, in error cases the lock was not unlocked.
- Fix doxygen output error on readme markdown vignettes.
- Squelch log messages from tcp send about connection reset by peer.
  They can be enabled with verbosity at higher values for diagnosing
  network connectivity issues.
- Attempt to fix malformed tcp response.
- Fix #31: swig 4.0 and python module.
- Note that so-reuseport at extreme load is better turned off,
  otherwise queries are not distributed evenly, on Linux 4.4.x.
- Fix that spoolbuf is not used to store tcp pipelined response
  between mesh send and callback end.
- Fix double file close in tcp pipelined response code.
- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
- Fix to guard _OPENBSD_SOURCE from redefinition.
- Fix that fixes the Fix that spoolbuf is not used to store tcp
  pipelined response between mesh send and callback end, this fixes
  error cases that did not use the correct spoolbuf.
- Fix that fixes the Fix that spoolbuf is not used to store tcp
  pipelined response between mesh send and callback end, this fixes
  error cases that did not use the correct spoolbuf.
- Fix another spoolbuf storage code point, in prefetch.
   2019-06-12 12:04:05 by Thomas Klausner | Files touched by this commit (1)
Log message:
unbound: bump PKGREVISION for previous

a new file is installed -> PLIST change -> bump

Next | Query returned 121 messages, browsing 41 to 50 | Previous