Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/external/bsd/unbound/dist/testdata/pylib.tdir/pylib.dsc

17 lines
283 B
Plaintext
Raw Permalink Normal View History

Unbound 1.6.8 Download: unbound-1.6.8.tar.gz SHA1 checksum: 492737be9647c26ee39d4d198f2755062803b412 SHA256 checksum: e3b428e33f56a45417107448418865fe08d58e0e7fea199b855515f60884dd49 PGP signature: unbound-1.6.8.tar.gz.asc Date: 19 Jan, 2018 Bug Fixes Fix for CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records. Older versions Unbound 1.6.7 Download: unbound-1.6.7.tar.gz SHA1 checksum: 098f8acfc3e9d1cab54f07863e61eabbb67c80dc SHA256 checksum: 4e7bd43d827004c6d51bef73adf941798e4588bdb40de5e79d89034d69751c9f PGP signature: unbound-1.6.7.tar.gz.asc Date: 10 Oct, 2017 Features Set trust-anchor-signaling default to yes #1440: [dnscrypt] client nonce cache. #1435: Allow UDP to be disabled separately upstream and downstream. Bug Fixes Fix that looping modules always stop the query, and don't pass control. Fix unbound-host to report error for DNSSEC state of failed lookups. Spelling fixes, from Josh Soref. Fix #1400: allowing use of global cache on ECS-forwarding unless always-forward. use a cachedb answer even if it's "expired" when serve-expired is yes (patch from Jinmei Tatuya). trigger refetching of the answer in that case (this will bypass cachedb lookup) allow storing a 0-TTL answer from cachedb in the in-memory message cache when serve-expired is yes Fix DNSCACHE_STORE_ZEROTTL to be bigger than 0xffff. Log name of looping module Fix #1450: Generate again patch contrib/aaaa-filter-iterator.patch (by Danilo G. Baio). Fix param unused warning for windows exportsymbol compile. Use RCODE from A query on DNS64 synthesized answer. Fix trust-anchor-signaling works in libunbound. Fix spelling in unbound-control man page. Unbound 1.6.6 Download: unbound-1.6.6.tar.gz SHA1 checksum: d205c03a402f5d900d5bad3d036849a12804a49e SHA256 checksum: 972b14dc33093e672652a7b2b5f159bab2198b0fe9c9e1c5707e1895d4d4b390 PGP signature: unbound-1.6.6.tar.gz.asc Date: 18 Sep, 2017 Features unbound-control dump_infra prints port number for address if not 53. Fix #1344: RFC6761-reserved domains: test. and invalid. Fix #1349: allow suppression of pidfiles (from Daniel Kahn Gillmor). With the -p option unbound does not create a pidfile. Added stats for queries that have been ratelimited by domain recursion. Patch to show DNSCrypt status in help output, from Carsten Strotmann. Fix #1407: Add ECS options check to unbound-checkconf. Fix #1415: [dnscrypt] shared secret cache, patch from Manu Bretelle. Bug Fixes fixup of dnscrypt_cert_chacha test (from Manu Bretelle). First fix for zero b64 and hex text zone format in sldns. Better fixup of dnscrypt_cert_chacha test for different escapes. Fix that infra cache host hash does not change after reconfig. Fix python example0 return module wait instead of error for pass. enhancement for hardened-tls for DNS over TLS. Removed duplicated security settings. Fix for unbound-checkconf, check ipsecmod-hook if ipsecmod is turned on. Fix #1331: libunbound segfault in threaded mode when context is deleted. Fix pythonmod link line option flag. Fix openssl 1.1.0 load of ssl error strings from ssl init. Fix 1332: Bump verbosity of failed chown'ing of the control socket. Redirect all localhost names to localhost address for RFC6761. Fix #1350: make cachedb backend configurable (from JINMEI Tatuya). Fix tests to use .tdir (from Manu Bretelle) instead of .tpkg. upgrade aclocal(pkg.m4 0.29.1), config.guess(2016-10-02), config.sub(2016-09-05). annotate case statement fallthrough for gcc 7.1.1. flex output from flex 2.6.1. snprintf of thread number does not warn about truncated string. squelch TCP fast open error on FreeBSD when kernel has it disabled, unless verbosity is high. remove warning from windows compile. Fix compile with libnettle Fix DSA configure switch (--disable dsa) for libnettle and libnss. Fix #1365: Add Ed25519 support using libnettle. Fix #1394: mix of serve-expired and response-ip could cause a crash. Remove unused iter_env member (ip6arpa_dname) Do not reset rrset.bogus stats when called using stats_noreset. Do not add rrset_bogus and query ratelimiting stats per thread, these module stats are global. Fix #1397: Recursive DS lookups for AS112 zones names should recurse. Fix #1398: make cachedb secret configurable. Remove spaces from Makefile. Fix issue on macOX 10.10 where TCP fast open is detected but not implemented causing TCP to fail. The fix allows fallback to regular TCP in this case and is also more robust for cases where connectx() fails for some reason. Fix #1402: squelch invalid argument error for fd_set_block on windows. Fix to reclaim tcp handler when it is closed due to dnscrypt buffer allocation failure. Fix #1415: patch to free dnscrypt environment on reload. iana portlist update Small fixes for the shared secret cache patch. Fix WKS records on kvm autobuild host, with default protobyname entries for udp and tcp. Fix #1414: fix segfault on parse failure and log_replies. zero qinfo in handle_request, this zeroes local_alias and also the qname member. new keys and certs for dnscrypt tests. fixup WKS test on buildhost without servicebyname. updated contrib/fastrpz.patch to apply with configparser changes. Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs. Fix #1424: cachedb:testframe is not thread safe. Fix #1417: [dnscrypt] shared secret cache counters, and works when dnscrypt is not enabled. And cache size configuration option. Fix #1418: [ip ratelimit] initialize slabhash using ip-ratelimit-slabs. Recommend 1472 buffer size in unbound.conf Fix #1412: QNAME minimisation strict mode not honored Fix #1434: Fix windows openssl 1.1.0 linking. Add dns64 for client-subnet in unbound-checkconf. Unbound 1.6.5 Download: unbound-1.6.5.tar.gz SHA1 checksum: ecb260b94d139d84fae2bff80f9701f53a329e26 SHA256 checksum: e297aa1229015f25bf24e4923cb1dadf1f29b84f82a353205006421f82cc104e PGP signature: unbound-1.6.5.tar.gz.asc Date: 21 Aug, 2017 Bug Fixes Fix install of trust anchor when two anchors are present, makes both valid. Checks hash of DS but not signature of new key. This fixes the root.key file if created when unbound is installed between sep11 and oct11 2017. Unbound 1.6.4 Download: unbound-1.6.4.tar.gz SHA1 checksum: 836ecc48518b9159f600a738c276423ef1f95021 SHA256 checksum: df0a88816ec31ccb8284c9eb132e1166fbf6d9cde71fbc4b8cd08a91ee777fed PGP signature: unbound-1.6.4.tar.gz.asc Date: 27 Jun, 2017 Features Implemented trust anchor signaling using key tag query. unbound-checkconf -o allows query of dnstap config variables. Also unbound-control get_option. Also for dnscrypt. unbound.h exports the shm stats structures. They use type long long and no ifdefs, and ub_ before the typenames. Implemented opportunistic IPsec support module (ipsecmod). Added redirect-bogus.patch to contrib directory. Support for the ED25519 algorithm with openssl (from openssl 1.1.1). renumbering B-Root's IPv6 address to 2001:500:200::b. Fix #1276: [dnscrypt] add XChaCha20-Poly1305 cipher. Fix #1277: disable domain ratelimit by setting value to 0. Added fastrpz patch to contrib Bug Fixes Added ECS unit test (from Manu Bretelle). ECS documentation fix (from Manu Bretelle). Fix #1252: more indentation inconsistencies. Fix #1253: unused variable in edns-subnet/addrtree.c:getbit(). Fix #1254: clarify ratelimit-{for,below}-domain (from Manu Bretelle). iana portlist update Based on #1257: check parse limit before t increment in sldns RR string parse routine. Fix #1258: Windows 10 X64 unbound 1.6.2 service will not start. and fix that 64bit getting installed in C:\Program Files (x86). Fix #1259: "--disable-ecdsa" argument overwritten by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c". iana portlist update Added test for leak of stub information. Fix sldns wire2str printout of RR type CAA tags. Fix sldns int16_data parse. Fix sldns parse and printout of TSIG RRs. sldns SMIMEA and AVC definitions, same as getdns definitions. Fix tcp-mss failure printout text. Set SO_REUSEADDR on outgoing tcp connections to fix the bind before connect limited tcp connections. With the option tcp connections can share the same source port (for different destinations). Add 'c' to getopt() in testbound. Adjust servfail by iterator to not store in cache when serve-expired is enabled, to avoid overwriting useful information there. Fix queries for nameservers under a stub leaking to the internet. document trust-anchor-signaling in example config file. updated configure, dependencies and flex output. better module memory lookup, fix of unbound-control shm names for module memory printout of statistics. Fix type AVC sldns rrdef. Some whitespace fixup. Fix #1265: contrib/unbound.service contains hardcoded path. Fix #1265 to use /bin/kill. Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs, and compatibility with BoringSSL. Fix #1268: SIGSEGV after log_reopen. exec_prefix is by default equal to prefix. printout localzone for duplicate local-zone warnings. Fix assertion for low buffer size and big edns payload when worker overrides udpsize. Support for openssl EVP_DigestVerify. Fix #1269: inconsistent use of built-in local zones with views. Add defaults for new local-zone trees added to views using unbound-control. Fix #1273: cachedb.c doesn't compile with -Wextra. If MSG_FASTOPEN gives EPIPE fallthrough to try normal tcp write. Also use global local-zones when there is a matching view that does not have any local-zone specified. Fix fastopen EPIPE fallthrough to perform connect. Fix #1274: automatically trim chroot path from dnscrypt key/cert paths (from Manu Bretelle). Fix #1275: cached data in cachedb is never used. Fix that unbound-control can set val_clean_additional and val_permissive_mode. Add dnscrypt XChaCha20 tests. Detect chacha for dnscrypt at configure time. dnscrypt unit tests with chacha. Added domain name based ECS whitelist. Fix #1278: Incomplete wildcard proof. Fix #1279: Memory leak on reload when python module is enabled. Fix #1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly. More fixes in depth for buffer checks in 0x20 qname checks. Fix stub zone queries leaking to the internet for harden-referral-path ns checks. Fix query for refetch_glue of stub leaking to internet. Fix #1301: memory leak in respip and tests. Free callback in edns-subnetmod on exit and restart. Fix memory leak in sldns_buffer_new_frm_data. Fix memory leak in dnscrypt config read. Fix dnscrypt chacha cert support ifdefs. Fix dnscrypt chacha cert unit test escapes in grep. Fix to unlock view in view test. Fix warning in pythonmod under clang compiler. Fix lintian typo. Fix #1316: heap read buffer overflow in parse_edns_options. Unbound 1.6.3 Download: unbound-1.6.3.tar.gz SHA1 checksum: 4477627c31e8728058565f3bae3a12a1544d8a9c SHA256 checksum: 4c7e655c1d0d2d133fdeb81bc1ab3aa5c155700f66c9f5fb53fa6a5c3ea9845f PGP signature: unbound-1.6.3.tar.gz.asc Date: 13 Jun, 2017 Bug Fixes Fix #1280: Unbound fails assert when response from authoritative contains malformed qname. When 0x20 caps-for-id is enabled, when assertions are not enabled the malformed qname is handled correctly. Unbound 1.6.2 Download: unbound-1.6.2.tar.gz SHA1 checksum: de370b1ac8e260db9c4c1504453752713dd8818f SHA256 checksum: 1a323d72c32180b7141c9e6ebf199fc68a0208dfebad4640cd2c4c27235e3b9c PGP signature: unbound-1.6.2.tar.gz.asc Date: 24 Apr, 2017 Features Add trustanchor.unbound CH TXT that gets a response with a number of TXT RRs with a string like "example.com. 2345 1234" with the trust anchors and their keytags. Patch for view functionality for local-data-ptr from Björn Ketelaars. Response actions based on IP address from Jinmei Tatuya (Infoblox). Patch from Luiz Fernando Softov for Stats Shared Memory. unbound-control stats_shm command prints stats using shared memory, which uses less cpu. --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and DS records. NSEC3 is not disabled. #1217. DNSCrypt support, with --enable-dnscrypt, libsodium and then enabled in the config file from Manu Bretelle. Merge EDNS Client subnet implementation from feature branch into main branch, using new EDNS processing framework. harden-algo-downgrade: no also makes unbound more lenient about digest algorithms in DS records. Bug Fixes sldns has ED25519 and ED448 algorithm number and name for display. sldns updated for vfixed and buffer resize indication from getdns. iana portlist update Fix #1224: Fix that defaults should not fall back to "Program Files (x86) if Unbound is 64bit by default on windows. Fix doc/CNAME-basedRedirectionDesignNotes.pdf zone static to redirect. make depend, autoconf, doxygen and lint fixed up. include sys/time.h for new shm code on NetBSD. Fix #1227: Fix that Unbound control allows weak ciphersuits. Fix #1226: provide official 32bit binary for windows. For #1227: if we have sha256, set the cipher list to have no known vulns. Fix testpkts.c, check if DO bit is set, not only if there is an OPT record. Fix #1229: Systemd service sandboxing in contrib/unbound.service. Fix #1230: swig version 2.0.1 is required for pythonmod, with 1.3.40 it crashes when running repeatly unbound-control reload. fix enum conversion warnings fake-sha1 test option; print warning if used. To make unit tests. unbound-control list local zone and data commands listed in the help output. Fix #1234: shortening DNAME loop produces duplicate DNAME records in ANSWER section. testbound understands Deckard MATCH rcode question answer commands. Fix #1235: Fix too long DNAME expansion produces SERVFAIL instead of YXDOMAIN + query loop, reported by Petr Spacek. Fix that SHM is not inited if not enabled. Fix that looped DNAMEs do not cause unbound to spend effort. trustanchor tags are sorted. reusable routine to fetch taglist. Fix #1237 - Wrong resolving in chain, for norec queries that get SERVFAIL returned. make depend, autoconf, remove warnings about statement before var. lru_demote and lruhash_insert_or_retrieve functions for getdns. fixup for lruhash (whitespace and header file comment). dnscrypt tests. Fix doxygen for dnscrypt files. Fix #1238: segmentation fault when adding through the remote interface a per-view local zone to a view with no previous (configured) local zones. Fix #1229: Systemd service sandboxing, options in wrong sections. Fix #1239: configure fails to find python distutils if python prints warning. Fix to prevent non-referal query from being cached as referal when the no_cache_store flag was set. Remove (now unused) event2 include from dnscrypt code. Fix #1217: Add metrics to unbound-control interface showing crypted, cert request, plaintext and malformed queries (from Manu Bretelle). Do not add current time twice to TTL before ECS cache store. Do not touch rrset cache after ECS cache message generation. Use LDNS_EDNS_CLIENT_SUBNET as default ECS opcode. Fix #1244: document that use of chroot requires trust anchor file to be under chroot. Small fixup for documentation. Fix respip for braces when locks arent used. Fix pythonmod for cb changes. Generalise inplace callback (de)registration (de)register inplace callbacks for module id No unbound-control set_option for ECS options Deprecated client-subnet-opcode config option Introduced client-subnet-always-forward config option Changed max-client-subnet-ipv6 default to 56 (as in RFC) Removed extern ECS config options module_restart_next now calls clear on all following modules Also create ECS module qstate on module_event_pass event remove malloc from inplace_cb_register Unlock view in respip unit test Some whitespace fixup. Remove ECS option after REFUSED answer. Fix small memory leak in edns_opt_copy_alloc. Respip dereference after NULL check. Zero initialize addrtree allocation. Use correct identifier for SHM destroy. Display ECS module memory usage. Fix #1247: unbound does not shorten source prefix length when forwarding ECS. Properly check for allocation failure in local_data_find_tag_datas. Fix #1249: unbound doesn't return FORMERR to bogus ECS. Set SHM ECS memory usage to 0 when module not loaded. subnet mem value is available in shm, also when not enabled, to make the struct easier to memmap by other applications, independent of the configuration of unbound. Fix #1250: inconsistent indentation in services/listen_dnsport.c. Unbound 1.6.1 Download: unbound-1.6.1.tar.gz SHA1 checksum: 41369fcfd37844b02b7293b37ec78e69f0db34c7 SHA256 checksum: 42df63f743c0fe8424aeafcf003ad4b880b46c14149d696057313f5c1ef51400 PGP signature: unbound-1.6.1.tar.gz.asc Date: 21 Feb, 2017 Features configure --enable-systemd and lets unbound use systemd sockets if you enable use-systemd: yes in unbound.conf. Also there are contrib/unbound.socket and contrib/unbound.service: systemd files for unbound, install them in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov. [bugzilla: 1187 ] Source IP rate limiting, patch from Larissa Feng. [bugzilla: 1184 ] Log DNS replies. This includes the same logging information that DNS queries and response code and response size, patch from Larissa Feng. Include root trust anchor id 20326 in unbound-anchor. 64bit is default for windows builds. Bug Fixes [bugzilla: 1176 ] Fix stack size too small for Alpine Linux. Fix unbound-control and ipv6 only. [bugzilla: 1182 ] Fix Resource leak (socket), at startup. [bugzilla: 1178 ] Fix attempt to fix setup error at end, pop result values at end of install. iana portlist update Fix inet_ntop and inet_pton warnings in windows compile. [bugzilla: 1191 ] Fix remove comment about view deletion. [bugzilla: 1188 ] Fix unresolved symbol 'fake_dsa' in libunbound.so when built with Nettle [bugzilla: 1190 ] Fix to not echo back EDNS options in local-zone error response. [bugzilla: 1194 ] Fix if cross build fails when $host isn't `uname` for getentropy. Fix reload chdir failure when also chrooted to that directory. Fix to return formerr for queries for meta-types, to avoid packet amplification if this meta-type is sent on to upstream. [bugzilla: 1201 ] Fix missing unlock in answer_from_cache error condition. [bugzilla: 1202 ] Fix code comment that packed_rrset_data is not always 'packed'. Fix to also block meta types 128 through to 248 with formerr. [bugzilla: 1206 ] Fix that some view-related commands are missing from 'unbound-control -h' Fix to rename ub_callback_t to ub_callback_type, because POSIX reserves _t typedefs. Fix to rename internally used types from _t to _type, because _t type names are reserved by POSIX. Increase MAX_MODULE to 16. [bugzilla: 1211 ] Fix can't enable interface-automatic if no IPv6 with more helpful error message. fix root_anchor test for updated icannbundle.pem lower certificates. Fix compile on solaris of the fix to use $host detect. Fix for type name change and fix warning on windows compile. Fix pythonmod for typedef changes. Fix dnstap for warning of set but not used. Fix autoconf of systemd check for lack of pkg-config. Unbound 1.6.0 Download: unbound-1.6.0.tar.gz SHA1 checksum: 9b7606b016b447dc837efc108cee94f3fecf4ede SHA256 checksum: 6b7db874e6debda742fee8869d722e5a17faf1086e93c911b8564532aeeffab7 PGP signature: unbound-1.6.0.tar.gz.asc Date: 15 Dec, 2016 Features Added generic EDNS code for registering known EDNS option codes, bypassing the cache response stage and uniquifying mesh states. Four EDNS option lists were added to module_qstate (module_qstate.edns_opts_*) to store EDNS options from/to front/back side. Added two flags to module_qstate (no_cache_lookup, no_cache_store) that control the modules' cache interactions. Added code for registering inplace callback functions. The registered functions can be called just before replying with local data or Chaos, replying from cache, replying with SERVFAIL, replying with a resolved query, sending a query to a nameserver. The functions can inspect the available data and maybe change response/query related data (i.e. append EDNS options). Updated Python module for the above. Updated Python documentation. Added views functionality. Added qname-minimisation-strict config option. Patch that resolves CNAMEs entered in local-data conf statements that point to data on the internet, from Jinmei Tatuya (Infoblox). serve-expired config option: serve expired responses with TTL 0. .gitattributes line for githubs code language display. log-identity: config option to set sys log identity, patch from "Robin H. Johnson" (robbat2@gentoo.org). Added stub-ssl-upstream and forward-ssl-upstream options. Added local-zones and local-data bulk addition and removal functionality in unbound-control (local_zones, local_zones_remove, local_datas and local_datas_remove). Bug Fixes Fix #836: unbound could echo back EDNS options in an error response. Fix #838: 1.5.10 cannot be built on Solaris, undefined PATH_MAX. Fix #839: Memory grows unexpectedly with large RPZ files. Fix #840: infinite loop in unbound_munin_ plugin on unowned lockfile. Fix #841: big local-zone's make it consume large amounts of memory. Fix dnstap relaying "random" messages instead of resolver/forwarder responses, from Nikolay Edigaryev. Fix Nits for 1.5.10 reported by Dag-Erling Smorgrav. Fix #1117: spelling errors, from Robert Edmonds. iana portlist update. fix memoryleak logfile when in debug mode. Re-fix #839 from view commit overwrite. Fixup const void cast warning. Removed patch comments from acllist.c and msgencode.c Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf, from Jinmei Tatuya (Infoblox). Fix #1125: unbound could reuse an answer packet incorrectly for clients with different EDNS parameters, from Jinmei Tatuya. Fix #1118: libunbound.pc sets strange Libs, Libs.private values. Added Requires line to libunbound.pc Fix #1130: whitespace in example.conf.in more consistent. suppress compile warning in lex files. init lzt variable, for older gcc compiler warnings. fix --enable-dsa to work, instead of copying ecdsa enable. Fix DNSSEC validation of query type ANY with DNAME answers. Fixup query_info local_alias init. Ported tests for local_cname unit test to testbound framework. g.root-servers.net has AAAA address. Fix #1134: unbound-control set_option -- val-override-date: -1 works immediately to ignore datetime, or back to 0 to enable it again. The -- is to ignore the '-1' as an option flag. Patch for server.num.zero_ttl stats for count of expired replies, from Pavel Odintsov. Fix failure to build on arm64 with no sbrk. Set OpenSSL security level to 0 when using aNULL ciphers. configure detects ssl security level API function in the autoconf manner. Every function on its own, so that other libraries (eg. LibreSSL) can develop their API without hindrance. Fix #1154: segfault when reading config with duplicate zones. Note that for harden-below-nxdomain the nxdomain must be secure, this means nsec3 with optout is insufficient. Fix #1155: test status code of unbound-control in 04-checkconf, not the status code from the tee command. Fix #1158: reference RFC 8020 "NXDOMAIN: There Really Is Nothing Underneath" for the harden-below-nxdomain option. patch from Dag-Erling Smorgrav that removes code that relies on sbrk(). Make access-control-tag-data RDATA absolute. This makes the RDATA origin consistent between local-data and access-control-tag-data. Fix NSEC ENT wildcard check. Matching wildcard does not have to be a subdomain of the NSEC owner. QNAME minimisation uses QTYPE=A, therefore always check cache for this type in harden-below-nxdomain functionality. Added unit test for QNAME minimisation + harden below nxdomain synergy. Fix that with openssl 1.1 control-use-cert: no uses less cpu, by using no encryption over the unix socket. hyphen as minus fix, by Andreas Schulze Fix #1170: document that 'inform' local-zone uses local-data. Fix #1173: differ local-zone type deny from unset tag_actions element. Add DSA support for OpenSSL 1.1.0 Fix remote control without cert for LibreSSL Fix downcast warnings from visual studio in sldns code. Unbound 1.5.10 Download: unbound-1.5.10.tar.gz SHA1 checksum: 6102849c400db3a4195b1f16df8f312568a6ec57 SHA256 checksum: a39b8b4fcca2a2b35a2daa53fe35150cc3f09038dc9acede09c912fc248a9486 PGP signature: unbound-1.5.10.tar.gz.asc Date: 27 Sep, 2016 Features Create a pkg-config file for libunbound in contrib. TCP Fast open patch from Sara Dickinson. Finegrained localzone control with define-tag, access-control-tag, access-control-tag-action, access-control-tag-data, local-zone-tag, and local-zone-override. And added types always_transparent, always_refuse, always_nxdomain with that. If more than half of tcp connections are in use, a shorter timeout is used (200 msec, vs 2 minutes) to pressure tcp for new connects. [bugzilla: 787 ] Fix #787: outgoing-interface netblock/64 ipv6 option to use linux freebind to use 64bits of entropy for every query with random local part. For #787: prefer-ip6 option for unbound.conf prefers to send upstream queries to ipv6 servers. Add default root hints for IPv6 E.ROOT-SERVERS.NET, 2001:500:a8::e. keep debug symbols in windows build. Bug Fixes [bugzilla: 778 ] Fix unbound 1.5.9: -h segfault (null deref). Fix unbound-anchor.exe file location defaults to Program Files with (x86) appended. Fix to not ignore return value of chown() in daemon startup. Better help text from -h (from Ray Griffith). [bugzilla: 773 ] Fix Non-standard Python location build failure with pyunbound. Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures. Revert fix for NetworkService account on windows due to breakage it causes. Fix that windows install will not overwrite existing service.conf file (and ignore gui config choices if it exists). And delete service.conf.shipped on uninstall. In unbound.conf directory: dir immediately changes to that directory, so that include: file below that is relative to that directory. With chroot, make the directory an absolute path inside chroot. do not delete service.conf on windows uninstall. document directory immediate fix and allow EXECUTABLE syntax in it on windows. Fix directory: fix for unbound-checkconf, it restores cwd. Use QTYPE=A for QNAME minimisation. Keep track of number of time-outs when performing QNAME minimisation. Stop minimising when number of time-outs for a QNAME/QTYPE pair is more than three. [bugzilla: 775 ] Fix unbound-host and unbound-anchor crash on windows, ignore null delete for wsaevent. Fix spelling in freebind option man page text. Fix windows link of ssl with crypt32. [bugzilla: 779 ] Fix Union casting is non-portable. [bugzilla: 780 ] Fix MAP_ANON not defined in HP-UX 11.31. [bugzilla: 781 ] Fix prealloc() is an HP-UX system library call. Decrease dp attempts at each QNAME minimisation iteration [bugzilla: 784 ] Fix Build configure assumess that having getpwnam means there is endpwent function available. Updated repository with newer flex and bison output. Fix static compile on windows missing gdi32. Fix dynamic link of anchor-update.exe on windows. Fix detect of mingw for MXE package build. Fixes for 64bit windows compile. [bugzilla: 788 ] Fix for nettle 3.0: Failed to build with Nettle >= 3.0 and --with-libunbound-only --with-nettle. Fixed unbound.doxygen for 1.8.11. [bugzilla: 798 ] Fix Client-side TCP fast open fails (Linux). [bugzilla: 801 ] Fix missing error condition handling in daemon_create_workers(). [bugzilla: 802 ] Fix workaround for function parameters that are "unused" without log_assert. [bugzilla: 803 ] Fix confusing (and incorrect) code comment in daemon_cleanup(). [bugzilla: 806 ] Fix wrong comment removed. use sendmsg instead of sendto for TFO. [bugzilla: 807 ] Fix workaround for possible some "unused" function parameters in test code, from Jinmei Tatuya. Note that OPENPGPKEY type is RFC 7929. [bugzilla: 804 ] Fix #804: unbound stops responding after outage. Fixes queries that attempt to wait for an empty list of subqueries. Fix for #804: lower num_target_queries for iterator also for failed lookups. [bugzilla: 820 ] Fix set sldns_str2wire_rr_buf() dual meaning len parameter in each iteration in find_tag_datas(). [bugzilla: 777 ] Fix OpenSSL 1.1.0 compatibility, patch from Sebastian A. Siewior. RFC 7958 is now out, updated docs for unbound-anchor. Fix for compile without warnings with openssl 1.1.0. [bugzilla: 826 ] Fix refuse_non_local could result in a broken response. iana portlist update. Fix compile with openssl 1.1.0 with api=1.1.0. [bugzilla: 829 ] Fix doc of sldns_wire2str_rdata_buf() return value has an off-by-one typo, from Jinmei Tatuya (Infoblox). Fix incomplete prototypes reported by Dag-Erling Smørgrav. [bugzilla: 828 ] Fix missing type in access-control-tag-action redirect results in NXDOMAIN. Take configured minimum TTL into consideration when reducing TTL to original TTL from RRSIG. [bugzilla: 831 ] Fix workaround for spurious fread_chk warning against petal.c Silenced flex-generated sign-unsigned warning print with gcc diagnostic pragma. Fix for new splint on FreeBSD. Fix cast for sockaddr_un.sun_len. fix potential memory leak in daemon/remote.c and nullpointer dereference in validator/autotrust. [bugzilla: 883 ] Fix error for duplicate local zone entry. [bugzilla: 835 ] Fix --disable-dsa with nettle verify.
2018-02-06 05:39:25 +03:00
BaseName: pylib
Version: 1.0
Description: Test python wrapper for libunbound
CreationDate: Mon Apr 6 12:33:31 CEST 2009
Maintainer: dr. W.C.A. Wijngaards
Category:
Component:
CmdDepends:
Depends:
Help:
Pre: pylib.pre
Post: pylib.post
Test: pylib.test
AuxFiles:
Passed:
Failure: