---
- branch: MAIN
  date: Sat Sep 17 22:46:50 UTC 2011
  files:
  - new: '1.18'
    old: '1.17'
    path: pkgsrc/net/unbound/Makefile
    pathrev: pkgsrc/net/unbound/Makefile@1.18
    type: modified
  - new: '1.15'
    old: '1.14'
    path: pkgsrc/net/unbound/distinfo
    pathrev: pkgsrc/net/unbound/distinfo@1.15
    type: modified
  id: 20110917T224650Z.0b0088ac60776ebea4fd328d6fbd0762de192641
  log: |
    Unbound 1.4.13:

    Features:

    * Note that Unbound implements RFC6303 (since version 1.4.7).
    tcp-upstream yes/no option (works with set_option) for tunnels.
    * The format of answers to the qtype ANY with a CNAME have changed, so that there can be proper validated DNSSEC answers for them. This is for queries with qtype ANY where the domain name has a CNAME. Now an answer is returned, where before it resulted in SERVFAIL due to validation failure. When DNSSEC validation is disabled, the contents of the response have changed: the CNAME is not followed, and the correct contents of the RRsets at the initial name are included (where previously only partial contents of the initial names could have been included but the CNAME was followed). The qtype ANY is a query for debug where the resolver is to fill in relevant data that happens to be at hand from the cache.

    Bug Fixes:

    * Fix validation of qtype ANY responses with CNAMEs. Unbound responds with the RR types that are available at the name for qtype ANY and validates those RR types. It does not test for completeness (i.e. with NSEC or NSEC3 query), and it does not follow the CNAME or DNAME to another name (with even more data for the already large response)
    * Documented the options that work with control set_option command.
    * Fix that internally, CNAMEs with NXDOMAIN have that as rcode.
    * Fix validation of . DS query.
    * Fix wildcard expansion no-data reply under an optout NSEC3 zone is validated as insecure.
    * Fix python site-packages path to /usr/lib64.
    * fix memory and fd leak after out-of-memory condition.
    * contrib. patch fixes load of python modules.
    * contrib. patch that fixes a memory leak in the unbound python module, in string conversions.
    * Fix num-threads 0 does not segfault.
    * Fix autoconf 2.68 warnings
    * iana portlist updated
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/net/unbound'
  unixtime: '1316299610'
  user: pettai