--- - branch: MAIN date: Thu Jun 16 13:50:39 UTC 2016 files: - new: '1.46' old: '1.45' path: pkgsrc/net/unbound/Makefile pathrev: pkgsrc/net/unbound/Makefile@1.46 type: modified - new: '1.32' old: '1.31' path: pkgsrc/net/unbound/distinfo pathrev: pkgsrc/net/unbound/distinfo@1.32 type: modified id: 20160616T135039Z.ef27679b0b5e151c37df6fa3292e72029e14518a log: | Unbound 1.5.9 ============= Features: --------- - generic edns option parse and store code. - Updated L root IPv6 address. - User defined pluggable event API for libunbound - ip_freebind: yesno option in unbound.conf sets IP_FREEBIND for binding to an IP address while the interface or address is down. - OpenSSL 1.1.0 portability, --disable-dsa configure option. - disable-dnssec-lame-check config option. Bug Fixes: ---------- - [bugzilla: 745 ] Fix unbound.py - idn2dname throws UnicodeError when idnname contains trailing dot. - configure tests for the weak attribute support by the compiler. - [bugzilla: 747 ] Fix assert in outnet_serviced_query_stop. - Updated configure and ltmain.sh. - Fixup of compile fix for pluggable event API. - Fixup backend2str for libev. - Fix libev usage of dispatch return value. - No side effects in tolower() call, in case it is a macro. - Fix warnings in ifdef corner case, older or unknown libevent. - Fix ip-transparent for ipv6 on FreeBSD. - Fix ip-transparent for tcp on freebsd. - [bugzilla: 746 ] Fix unbound sets CD bit on all forwards. If no trust anchors, it'll not set CD bit when forwarding to another server. If a trust anchor, no CD bit on the first attempt to a forwarder, but CD bit thereafter on repeated attempts to get DNSSEC. - Limit number of QNAME minimisation iterations. - Validate QNAME minimised NXDOMAIN responses. - If QNAME minimisation is enabled, do cache lookup for QTYPE NS in harden-below-nxdomain. - Fix compile of getentropy_linux for SLES11 servicepack 4. - Fix dnstap-log-resolver-response-messages. - Fix test for openssl to use HMAC_Update for 1.1.0. - ERR_remove_state deprecated since openssl 1.0.0. - OPENSSL_config is deprecated, removing. - Document permit-small-holddown for 5011 debug. - [bugzilla: 749 ] Fix unbound-checkconf gets SIGSEGV when use against a malformatted conf file. - [bugzilla: 753 ] Fix document dump_requestlist is for first thread. - Fix some malformed reponses to edns queries get fallback to nonedns. - [bugzilla: 759 ] Fix 0x20 capsforid no longer checks type PTR, for compatibility with cisco dns guard. This lowers false positives. - Fix sldns with static checking fixes copied from getdns. - Fix memory leak in out-of-memory conditions of local zone add. - [bugzilla: 761 ] Fix DNSSEC LAME false positive resolving nic.club. - [bugzilla: 766 ] Fix dns64 should synthesize results on timeout/errors. - No QNAME minimisation fall-back for NXDOMAIN answers from DNSSEC signed zones. - [bugzilla: 767 ] Fix Reference to an expired Internet-Draft in harden-below-nxdomain documentation. - remove memory leak from lame-check patch. - [bugzilla: 770 ] Fix Small subgroup attack on DH used in unix pipe on localhost if unbound control uses a unix local named pipe. - Document write permission to directory of trust anchor needed. - [bugzilla: 768 ] Fix Unbound Service Sometimes Can Not Shutdown Completely, WER Report Shown Up. Close handle before closing WSA. - Fix time in case answer comes from cache in ub_resolve_event(). - Fix windows service to be created run with limited rights, as a network service account. - [bugzilla: 752 ] Fix retry resource temporarily unavailable on control pipe. - iana ports fetched via https. - iana portlist update. module: pkgsrc subject: 'CVS commit: pkgsrc/net/unbound' unixtime: '1466085039' user: pettai