eda9ed35 configure_checks.cmake: update to 1.7.3 (anonimal)
e66cc1a8 config.h.cmake.in: update to 1.7.3 (anonimal)
873b46f2 Put fixes in 1.7.3 for release. - Fix for unbound-control on Windows and set TCP socket parameters more closely. - Fix windows unbound-control no cert bad file descriptor error. - Fix unbound-checkconf for control-use-cert. (wouter)
1a4c9279 release 1.7.3 (wouter)
346ff9c3 - Fix that control-use-cert: no works for 127.0.0.1 to disable certs. (wouter)
3d22bc05 tag release 1.7.3rc2 (wouter)
3c16ae0a tag for 1.7.3rc1 (wouter)
faf0f18b - tag for 1.7.3rc1. (wouter)
2d11cea1 - Fix nettle compile. (wouter)
0f9b6582 - Fix that first control-interface determines if TLS is used. Warn when IP address interfaces are used without TLS. (wouter)
393bb36e - #4103: Fix that auth-zone does not insist on SOA record first in file for url downloads. (wouter)
04e4ee1d - Don't count CNAME response types received during qname minimisation as query restart. (ralph)
0a357ade remove unreachable point for portablity (wouter)
5dc6a1f9 Fix snprintf size. (wouter)
8374fb26 - remade dependencies in the Makefile. (wouter)
1056a262 - Fix buffer size warning in unit test. (wouter)
d14abd4a Continue to read also when signals are sent. (wouter)
83da630f better documentation in header file (wouter)
ab61a40d - Rename tls-additional-ports to tls-additional-port, because every line adds one port. (wouter)
ed387e5f Fixup error print for unix pipe. (wouter)
e8165c8d Accurate printout in status output. (wouter)
7ad84e32 - #4102 for NSD, but for Unbound. Named unix pipes do not use certificate and key files, access can be restricted with file and directory permissions. The option control-use-cert is no longer used, and ignored if found in unbound.conf. (wouter)
0a7832a6 trunk is 1.7.3 in development. (wouter)
ab8e1d0b note OpenBSD accept4. (wouter)
2d8783d0 - Patch to fix openwrt for mac os build darwin detection in configure. (wouter)
16d184d2 adjust test, for timer too slow for old machines. (wouter)
0208ba98 - Fix crash if ratelimit taken into use with unbound-control instead of with unbound.conf. (wouter)
cb003501 accept4 also on OpenBSD (wouter)
a3295df8 better fix for #4100 (wouter)
0249b535 Track bug.nr 4100 (wouter)
e43d3333 - Fix stub reprime when it becomes useless. (wouter)
6504717b Note OpenBSD accept4. (wouter)
b7c6319f release 1.7.2 (wouter)
e614a2cd tag 1.7.2rc1 (wouter)
a8902d2d - tag for 1.7.2rc1 (wouter)
5399c14f - Fix deadlock caused by incoming notify for auth-zone. (wouter)
472d02ab - Rename additional-tls-port to tls-additional-ports. The older name is accepted for backwards compatibility. (wouter)
78716a75 rerun bison. (wouter)
3506f857 - Patch from Syzdek: Add ability to ignore RD bit and treat all requests as if the RD bit is set. (wouter)
ae80d3cf - Fix that fallback for windows port. (wouter)
ee22f0ee - in compat/arc4random call getentropy_urandom when getentropy fails with ENOSYS. (wouter)
4a5ccf25 - tls-win-cert option that adds the system certificate store for authenticating DNS-over-TLS connections. It can be used instead of the tls-cert-bundle option, or with it to add certificates. (wouter)
8fa54ec6 - Add routine from getdns to add windows cert store to the SSL_CTX. (wouter)
aee754fc - Fix windows tcp and tls spin on events. (wouter)
c8130661 - Fix close events for tcp only. (wouter)
4fbdf39a - Fix that tcp sticky events are removed for closed fd on windows. (wouter)
0ab6ec77 - For TCP and TLS connections that don't establish, perform address update in infra cache, so future selections can exclude them. (wouter)
432f0d80 setup when ssl upstream or a cert-bundle is configured. (wouter)
5c34d749 Fix asynclook for libunbound needing SSL initialization (wouter)
c0e79fd8 - unbound-host initializes ssl (for potential DNS-over-TLS usage inside libunbound). (wouter)
c6c33182 - Fix that windows unbound service can use DNS-over-TLS. (wouter)
4153c13b make depend for win_svc.c include. (wouter)
44f5a4a7 - Fix that libunbound can do DNS-over-TLS, when configured. (wouter)
34a161c0 - Use accept4 to speed up incoming TCP (and TLS) connections, available on Linux and FreeBSD. (wouter)
8b192398 - Qname minimisation default changed to yes. (ralph)
7d7303a6 generated yacc and lex output. (wouter)
e02f3872 - Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand. (wouter)
7ed1e207 - Fix contrib/libunbound.pc for libssl libcrypto references, from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226914 (wouter)
c2d8866e - Fix mesh state assertion failure due to callback removal. (wouter)
dab69869 - Fix windows to not have sticky TLS events for TCP. - Fix read of DNS over TLS length and data in one read call. (wouter)
d37a0c3d Fix async bool. (wouter)
6c0069a6 fix to please gcc 8 and lint. (wouter)
cd8ce5ec And cast here. (wouter)
14cb8726 - Fix function type cast warning in libunbound context callback type. (wouter)
c9f8a59c - Fix gcc 8 buffer warning in testcode. (wouter)
d0d6b73e - Fix that configure --with-libhiredis also turns on cachedb. (wouter)
a59c4e5e trunk has 1.7.2 in development (wouter)
0418878e Fixup test for new timeout value. (wouter)
bb358ef9 - Fix fail to reject dead peers in forward-zone, with ssl-upstream. (wouter)
1ad21fa5 - Fix that unbound-control reload frees the rrset keys and returns the memory pages to the system. (wouter)
bfdad924 valgrind for unittest. (wouter)
6b679fd7 valgrind more unit tests. (wouter)
4532af43 - Fix spelling error in man page and note defaults as no instead of off. (wouter)
6e90021c - tag for 1.7.1rc1 release. (wouter)
dbbaa5f5 - Fix for crash in daemon_cleanup with dnstap during reload, from Saksham Manchanda. - Also that for dnscrypt. (wouter)
a20b463a - Fix memory leak when caching wildcard records for aggressive NSEC use (ralph)
66099942 And assertion. (wouter)
9b8e7776 - Fix auth https for libev. (wouter)
54c261df - Fix contrib/fastrpz.patch for this release. (wouter)
b89b3ebb This lexer output looks like it'll have less signed-unsigned warnings. (wouter)
7e510b31 Fixup whitespace for added authzone code. (wouter)
07d180c1 strcpy to memmove, to please analysers (ralph)
f4acc196 Fix libunbound return for root key sentinel. (wouter)
a7eda964 Add root-key-sentinel test description (ralph)
7bf9e532 Added root-key-sentinel test (ralph)
38b5b4c8 - Added root-key-sentinel support (ralph)
9da4dddc make depend (wouter)
34247dd0 - list_auth_zones unbound-control command. (wouter)
d17ed685 unit test with TLS authentication (wouter)
a0252812 - Fix cname classification with qname minimisation enabled. (wouter)
76859ebf - Attempt for auth zone fix; add of callback in mesh gets from callback does not skip callback of result. (wouter)
6d975fbd - Fix sldns parse failure for CDS alternate delete syntax empty hex. (wouter)
c575ac11 - auth zone http download stores exact copy of downloaded file, including comments in the file. (wouter)
40de1a23 - Fix#4092: libunbound: use-caps-for-id lacks colon in config_set_option. (wouter)
671619c5 - makedist uses bz2 for expat code, instead of tar.gz. (wouter)
ce7cef17 - Delete auth zone when removed from config. (wouter)
bded8be7 - Fix#4091: Fix that reload of auth-zone does not merge the zonefile with the previous contents. (wouter)
589198d8 - removed free from failed parse case. (wouter)
c0f78ead explain how to read the certificate. (wouter)
b8a328a4 - man page documentation for dns-over-tls forward-addr '#' notation. (wouter)
15869716 - For addr with #authname and no @port notation, the default is 853. (wouter)
8af2d107 Note bugfix and RFC support. - Fix#658: unbound using TLS in a forwarding configuration does not verify the server's certificate (RFC 8310 support). (wouter)
b8ee6c0e note RFC. (wouter)
759a266f Note example use of tls authentication. (wouter)
5bf4d998 fix lint (wouter)
a30d67d8 fix doxygen comments. (wouter)
50220ed9 - Can set tls authentication with forward-addr: IP#tls.auth.name And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem". (wouter)
3254314e - Fix auth-zone retry timer to be on schedule with retry timeout, with backoff. Also time a refresh at the zone expiry. (wouter)
dcae8dec - unit test for allow-notify (wouter)
329a8e10 - allow-notify: config statement for auth-zones. (wouter)
625acbaa - auth zone notify work. (wouter)
9f36d666 - auth zone notify work. (wouter)
705a0dfe - auth zone notify work. (wouter)
c983bcca - Fix auth zone target lookup iterator. - notify with prefix (wouter)
261197b7 - Fix memory free on fail for $INCLUDE in authzone. - Fix that an internal error to look up the wrong rr type for auth zone gets stopped, before trying to send there. - auth zone notify work. (wouter)
524a1465 - Fix for max include depth for authzones. (wouter)
a892c6b7 fix lint. (wouter)
83334c21 Fix doxygen (wouter)
96756438 - auth zone notify work. (wouter)
bff451ac cast neg cache stats to long long (ralph)
13246765 make depend (wouter)
5ac48896 - num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN statistics counters (ralph)
9c7d10f2 Note default value. (wouter)
4d362a28 - documentation for low-rtt and low-rtt-pct. (wouter)
e0854f38 get_option and set_option for low-rtt and low-rtt-pct. (wouter)
a6494a30 - low-rtt and low-rtt-pct in unbound.conf enable the server selection of fast servers for some percentage of the time. (wouter)
0e69ab17 - Accept both option names with and without colon for get_option and set_option. (wouter)
32d7d269 - num.query.authzone.up and num.query.authzone.down statistics counters. - Fix downstream auth zone, only fallback when auth zone fails to answer and fallback is enabled. (wouter)
5718d70e - Fix that flush_zone sets prefetch ttl expired, so that with serve-expired enabled it'll start prefetching those entries. (wouter)
196b6c65 Removed unused files (from an editor?). (wouter)
eb3fb269 - ED448 support. (wouter)
7584b945 - Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3 tls_choose_sigalg routine does not allow the ciphers for the pipe, so use TLSv1.2. (wouter)
80ff206c Fixup. (wouter)
6109798f - Fix above stub queries for type NS and useless delegation point. (wouter)
c79c0275 - nitpick fixes in example.conf. (wouter)
fec78179 make depend (wouter)
7d87afac - Combine write of tcp length and tcp query for dns over tls. (wouter)
1692bfd8 - Fix unable to resolve after new WLAN connection, due to auth-zone failing with a forwarder set. Now, auth-zone is only used for answers (not referrals) when a forwarder is set. (wouter)
b54babc7 - Fix#4043: make test fails due to v6 presentation issue in macOS. (wouter)
f1cf9f98 - Check "result" in dup_all(), by Florian Obser. (ralph)
8d778e3a - Fix unbound-control get_option aggressive-nsec (ralph)
24f21152 fix compile. (wouter)
64cac946 Changelog typo fix (ralph)
997faddf deleted the chmod+x on this file, this means it removed the svn:executable property. (wouter)
3d009331 - Do use cached NSEC records to generate negative answers for domains under DNSSEC Negative Trust Anchors. (ralph)
59cd6fd7 - iana port update. (wouter)
174c8566 - corrected a minor typo in the changelog. - move htobe64/be64toh portability code to cachedb.c. (wouter)
36b33709 fix. (wouter)
747b0fe2 doc and flex and yacc. (wouter)
c549551a - Create additional tls service interfaces by opening them on other portnumbers and listing the portnumbers as additional-tls-port: nr. (wouter)
0700c011 - Fix#3817: core dump happens in libunbound delete, when queued servfail hits deleted message queue. (wouter)
96979a9d - Add --with-libhiredis, unbound support for a new cached backend that uses a Redis server as the storage. This implementation depends on the hiredis client library (https://redislabs.com/lp/hiredis/). And unbound should be built with both --enable-cachedb and --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h should exist). Patch from Jinmei Tatuya (Infoblox). (wouter)
0a3417c0 1.7.1 in development (wouter)
7babf441 Test and fix. (wouter)
e39ce268 - Fix#3736: Fix 0 TTL domains stuck on SERVFAIL unless manually flushed with serve-expired on. (wouter)
03979f95 Fix (wouter)
d17c6398 - Fix typo in documentation. (wouter)
e577f90b - Check IXFR start serial. (wouter)
e417dbf3 - Fix#3727: Protocol name is TLS, options have been renamed but documentation is not consistent. (wouter)
**IMPORTANT NOTE**
I am not actively maintaining the monero branch of unbound at this time,
aside from ensuring that the build is successful on at least one
platform. I am personally not auditing unbound changes nor am I ensuring
that monero's unbound build system or implementation is secure or fully
functional. I am currently only a merge-steward; one who ensures that
monero is using the latest version of unbound. More eyes are welcome and
needed!
**IMPORTANT NOTE**
I am not actively maintaining the monero branch of unbound at this time,
aside from ensuring that the build is successful on at least one
platform. I am personally not auditing unbound changes nor am I ensuring
that monero's unbound build system or implementation is secure or fully
functional. I am currently only a merge-steward; one who ensures that
monero is using the latest version of unbound. More eyes are welcome and
needed!
- Fix for unbound-control on Windows and set TCP socket parameters
more closely.
- Fix windows unbound-control no cert bad file descriptor error.
- Fix unbound-checkconf for control-use-cert.
git-svn-id: https://unbound.nlnetlabs.nl/svn/tags/release-1.7.3@4749 be551aaa-1e26-0410-a405-d3ace91eadb9
certificate and key files, access can be restricted with file and
directory permissions. The option control-use-cert is no longer
used, and ignored if found in unbound.conf.
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
