| 18 December 2014: Wouter 2 - Fix CVE-2014-8602: denial of service by making resolver chase 3 endless series of delegations. 4 51 December 2014: Wouter 6 - Fix bug#632: unbound fails to build on AArch64, protects 7 getentropy compat code from calling sysctl if it is has been removed. 8 929 November 2014: Wouter 10 - Add include to getentropy_linux.c, hopefully fixing debian build. 11 1228 November 2014: Wouter 13 - Fix makefile for build from noexec source tree. 14 1526 November 2014: Wouter 16 - Fix libunbound undefined symbol errors for main. 17 Referencing main does not seem to be possible for libunbound. 18 1924 November 2014: Wouter 20 - Fix log at high verbosity and memory allocation failure. 21 - iana portlist update. 22 2321 November 2014: Wouter 24 - Fix crash on multiple thread random usage on systems without 25 arc4random. 26 2720 November 2014: Wouter 28 - fix compat/getentropy_win.c check if CryptGenRandom works and no 29 immediate exit on windows. 30 3119 November 2014: Wouter 32 - Fix cdflag dns64 processing. 33 3418 November 2014: Wouter 35 - Fix that CD flag disables DNS64 processing, returning the DNSSEC 36 signed AAAA denial. 37 - iana portlist update. 38 3917 November 2014: Wouter 40 - Fix #627: SSL_CTX_load_verify_locations return code not properly 41 checked. 42 4314 November 2014: Wouter 44 - parser with bison 2.7 45 4613 November 2014: Wouter 47 - Patch from Stephane Lapie for ASAHI Net that implements aaaa-filter, 48 added to contrib/aaaa-filter-iterator.patch. 49 5012 November 2014: Wouter 51 - trunk has 1.5.1 in development. 52 - Patch from Robert Edmonds to build pyunbound python module 53 differently. No versioninfo, with -shared and without $(LIBS). 54 - Patch from Robert Edmonds fixes hyphens in unbound-anchor man page. 55 - Removed 'increased limit open files' log message that is written 56 to console. It is only written on verbosity 4 and higher. 57 This keeps system bootup console cleaner. 58 - Patch from James Raftery, always print stats for rcodes 0..5. 59 6011 November 2014: Wouter 61 - iana portlist update. 62 - Fix bug where forward or stub addresses with same address but 63 different port number were not tried. 64 - version number in svn trunk is 1.5.0 65 - tag 1.5.0rc1 66 - review fix from Ralph. 67 687 November 2014: Wouter 69 - dnstap fixes by Robert Edmonds: 70 dnstap/dnstap.m4: cosmetic fixes 71 dnstap/: Remove compiled protoc-c output files 72 dnstap/dnstap.m4: Error out if required libraries are not found 73 dnstap: Fix ProtobufCBufferSimple usage that is incorrect as of 74 protobuf-c 1.0.0 75 dnstap/: Adapt to API changes in latest libfstrm (>= 0.2.0) 76 774 November 2014: Wouter 78 - Add ub_ctx_add_ta_autr function to add a RFC5011 automatically 79 tracked trust anchor to libunbound. 80 - Redefine internal minievent symbols to unique symbols that helps 81 linking on platforms where the linker leaks names across modules. 82 8327 October 2014: Wouter 84 - Disabled use of SSLv3 in remote-control and ssl-upstream. 85 - iana portlist update. 86 8716 October 2014: Wouter 88 - Documented dns64 configuration in unbound.conf man page. 89 9013 October 2014: Wouter 91 - Fix #617: in ldns in unbound, lowercase WKS services. 92 - Fix ctype invocation casts. 93 9410 October 2014: Wouter 95 - Fix unbound-checkconf check for module config with dns64 module. 96 - Fix unbound capsforid fallback, it ignores TTLs in comparison. 97 986 October 2014: Wouter 99 - Fix #614: man page variable substitution bug. 1006 October 2014: Willem 101 - Whitespaces after $ORIGIN are not part of the origin dname (ldns). 102 - $TTL's value starts at position 5 (ldns). 103 1041 October 2014: Wouter 105 - fix #613: Allow tab ws in var length last rdfs (in ldns str2wire). 106 10729 September 2014: Wouter 108 - Fix #612: create service with service.conf in present directory and 109 auto load it. 110 - Fix for mingw compile openssl ranlib. 111 11225 September 2014: Wouter 113 - updated configure and aclocal with newer autoconf 1.13. 114 11522 September 2014: Wouter 116 - Fix swig and python examples for Python 3.x. 117 - Fix for mingw compile with openssl-1.0.1i. 118 11919 September 2014: Wouter 120 - improve python configuration detection to build on Fedora 22. 121 12218 September 2014: Wouter 123 - patches to also build with Python 3.x (from Pavel Simerda). 124 12516 September 2014: Wouter 126 - Fix tcp timer waiting list removal code. 127 - iana portlist update. 128 - Updated the TCP_BACLOG from 5 to 256, so that the tcp accept queue 129 is longer and more tcp connections can be handled. 130 13115 September 2014: Wouter 132 - Fix unit test for CDS typecode. 133 1345 September 2014: Wouter 135 - type CDS and CDNSKEY types in sldns. 136 13725 August 2014: Wouter 138 - Fixup checklock code for log lock and its mutual initialization 139 dependency. 140 - iana portlist update. 141 - Removed necessity for pkg-config from the dnstap.m4, new are 142 the --with-libfstrm and --with-protobuf-c configure options. 143 14419 August 2014: Wouter 145 - Update unbound manpage with more explanation (from Florian Obser). 146 14718 August 2014: Wouter 148 - Fix #603: unbound-checkconf -o <option> should skip verification 149 checks. 150 - iana portlist update. 151 - Fixup doc/unbound.doxygen to remove obsolete 1.8.7 settings. 152 1535 August 2014: Wouter 154 - dnstap support, with a patch from Farsight Security, written by 155 Robert Edmonds. The --enable-dnstap needs libfstrm and protobuf-c. 156 It is BSD licensed (see dnstap/dnstap.c). 157 Building with --enable-dnstap needs pkg-config with this patch. 158 - Noted dnstap in doc/README and doc/CREDITS. 159 - Changes to the dnstap patch. 160 - lint fixes. 161 - dnstap/dnstap_config.h should not have been added to the repo, 162 because is it generated. 163 1641 August 2014: Wouter 165 - Patch add msg, rrset, infra and key cache sizes to stats command 166 from Maciej Soltysiak. 167 - iana portlist update. 168 16931 July 2014: Wouter 170 - DNS64 from Viagenie (BSD Licensed), written by Simon Perrault. 171 Initial commit of the patch from the FreeBSD base (with its fixes). 172 This adds a module (for module-config in unbound.conf) dns64 that 173 performs DNS64 processing, see README.DNS64. 174 - Changes from DNS64: 175 strcpy changed to memmove. 176 arraybound check fixed from prefix_net/8/4 to prefix_net/8+4. 177 allocation of result consistently in the correct region. 178 time_t is now used for ttl in unbound (since the patch's version). 179 - testdata/dns64_lookup.rpl for unit test for dns64 functionality. 180 18129 July 2014: Wouter 182 - Patch from Dag-Erling Smorgrav that implements feature, unbound -dd 183 does not fork in the background and also logs to stderr. 184 18521 July 2014: Wouter 186 - Fix endian.h include for OpenBSD. 187 18816 July 2014: Wouter 189 - And Fix#596: Bail out of unbound-control dump_infra when ssl 190 write fails. 191 19215 July 2014: Wouter 193 - Fix #596: Bail out of unbound-control list_local_zones when ssl 194 write fails. 195 - iana portlist update. 196 19713 July 2014: Wouter 198 - Configure tests if main can be linked to from getentropy compat. 199 20012 July 2014: Wouter 201 - Fix getentropy compat code, function refs were not portable. 202 - Fix to check openssl version number only for OpenSSL. 203 - LibreSSL provides compat items, check for that in configure. 204 - Fix bug in fix for log locks that caused deadlock in signal handler. 205 - update compat/getentropy and arc4random to the most recent ones from OpenBSD. 206 20711 July 2014: Matthijs 208 - fake-rfc2553 patch (thanks Benjamin Baier). 209 21011 July 2014: Wouter 211 - arc4random in compat/ and getentropy, explicit_bzero, chacha for 212 dependencies, from OpenBSD. arc4_lock and sha512 in compat. 213 This makes arc4random available on all platforms, except when 214 compiled with LIBNSS (it uses libNSS crypto random). 215 - fix strptime implicit declaration error on OpenBSD. 216 - arc4random, getentropy and explicit_bzero compat for Windows. 217 2184 July 2014: Wouter 219 - Fix #593: segfault or crash upon rotating logfile. 220 2213 July 2014: Wouter 222 - DLV tests added. 223 - signit tool fixup for compile with libldns library. 224 - iana portlist updated. 225 22627 June 2014: Wouter 227 - so-reuseport is available on BSDs(such as FreeBSD 10) and OS/X. 228 22926 June 2014: Wouter 230 - unbound-control status reports if so-reuseport was successful. 231 - iana portlist updated. 232 23324 June 2014: Wouter 234 - Fix caps-for-id fallback, and added fallback attempt when servers 235 drop 0x20 perturbed queries. 236 - Fixup testsetup for VM tests (run testcode/run_vm.sh). 237 23817 June 2014: Wouter 239 - iana portlist updated. 240 2413 June 2014: Wouter 242 - Add AAAA for B root server to default root hints. 243 2442 June 2014: Wouter 245 - Remove unused define from iterator.h 246 24730 May 2014: Wouter 248 - Fixup sldns_enum_edns_option typedef definition. 249 25028 May 2014: Wouter 251 - Code cleanup patch from Dag-Erling Smorgrav, with compiler issue 252 fixes from FreeBSD's copy of Unbound, he notes: 253 Generate unbound-control-setup.sh at build time so it respects 254 prefix and sysconfdir from the configure script. Also fix the 255 umask to match the comment, and the comment to match the umask. 256 Add const and static where needed. Use unions instead of 257 playing pointer poker. Move declarations that are needed in 258 multiple source files into a shared header. Move sldns_bgetc() 259 from parse.c to buffer.c where it belongs. Introduce a new 260 header file, worker.h, which declares the callbacks that 261 all workers must define. Remove those declarations from 262 libworker.h. Include the correct headers in the correct places. 263 Fix a few dummy callbacks that don't match their prototype. 264 Fix some casts. Hide the sbrk madness behind #ifdef HAVE_SBRK. 265 Remove a useless printf which breaks reproducible builds. 266 Get rid of CONFIGURE_{TARGET,DATE,BUILD_WITH} now that they're 267 no longer used. Add unbound-control-setup.sh to the list of 268 generated files. The prototype for libworker_event_done_cb() 269 needs to be moved from libunbound/libworker.h to 270 libunbound/worker.h. 271 - Fixup out-of-directory compile with unbound-control-setup.sh.in. 272 - make depend. 273 27423 May 2014: Wouter 275 - unbound-host -D enabled dnssec and reads root trust anchor from 276 the default root key file that was compiled in. 277 27820 May 2014: Wouter 279 - Feature, unblock-lan-zones: yesno that you can use to make unbound 280 perform 10.0.0.0/8 and other reverse lookups normally, for use if 281 unbound is running service for localhost on localhost. 282 28316 May 2014: Wouter 284 - Updated create_unbound_ad_servers and unbound_cache scripts from 285 Yuri Voinov in the source/contrib directory. Added 286 warmup.cmd (and .sh): warm up the DNS cache with your MRU domains. 287 2889 May 2014: Wouter 289 - Implement draft-ietf-dnsop-rfc6598-rfc6303-01. 290 - iana portlist updated. 291 2928 May 2014: Wouter 293 - Contrib windows scripts from Yuri Voinov added to src/contrib: 294 create_unbound_ad_servers.cmd: enters anti-ad server lists. 295 unbound_cache.cmd: saves and loads the cache. 296 - Added unbound-control-setup.cmd from Yuri Voinov to the windows 297 unbound distribution set. It requires openssl installed in %PATH%. 298 2996 May 2014: Wouter 300 - Change MAX_SENT_COUNT from 16 to 32 to resolve some cases easier. 301 3025 May 2014: Wouter 303 - More #567: remove : from output of stub and forward lists, this is 304 easier to parse. 305 30629 April 2014: Wouter 307 - iana portlist updated. 308 - Add unbound-control flush_negative that flushed nxdomains, nodata, 309 and errors from the cache. For dnssec-trigger and NetworkManager, 310 fixes cases where network changes have localdata that was already 311 negatively cached from the previous network. 312 31323 April 2014: Wouter 314 - Patch from Jeremie Courreges-Anglas to use arc4random_uniform 315 if available on the OS, it gets entropy from the OS. 316 31715 April 2014: Wouter 318 - Fix compile with libevent2 on FreeBSD. 319 32011 April 2014: Wouter 321 - Fix #502: explain that do-ip6 disable does not stop AAAA lookups, 322 but it stops the use of the ipv6 transport layer for DNS traffic. 323 - iana portlist updated. 324 32510 April 2014: Wouter 326 - iana portlist updated. 327 - Patch from Hannes Frederic Sowa for Linux 3.15 fragmentation 328 option for DNS fragmentation defense. 329 - Document that dump_requestlist only prints queries from thread 0. 330 - unbound-control stats prints num.query.tcpout with number of TCP 331 outgoing queries made in the previous statistics interval. 332 - Fix #567: unbound lists if forward zone is secure or insecure with 333 +i annotation in output of list_forwards, also for list_stubs 334 (for NetworkManager integration.) 335 - Fix #554: use unsigned long to print 64bit statistics counters on 336 64bit systems. 337 - Fix #558: failed prefetch lookup does not remove cached response 338 but delays next prefetch (in lieu of caching a SERVFAIL). 339 - Fix #545: improved logging, the ip address of the error is printed 340 on the same log-line as the error. 341 3428 April 2014: Wouter 343 - Fix #574: make test fails on Ubuntu 14.04. Disabled remote-control 344 in testbound scripts. 345 - iana portlist updated. 346 3477 April 2014: Wouter 348 - C.ROOT-SERVERS.NET has an IPv6 address, and we updated the root 349 hints (patch from Anand Buddhdev). 350 - Fix #572: Fix unit test failure for systems with different 351 /etc/services. 352 35328 March 2014: Wouter 354 - Fix #569: do_tcp is do-tcp in unbound.conf man page. 355 35625 March 2014: Wouter 357 - Patch from Stuart Henderson to build unbound-host man from .1.in. 358 35924 March 2014: Wouter 360 - Fix print filename of encompassing config file on read failure. 361
|