Tags give the ability to mark specific points in history as being important
-
-
release-1.11.0
753487ff · ·Unbound 1.11.0 This release contains a number of bug fixes. Also new features are introduced. The configure --with-dynlibmodule enables dynamic library support that can have code modules function like the python library scripts. It allows to load multiple dynlib instances. The new `include-toplevel: <file or wildcard>` configuration option allows to include a directory with config files where every config file does not modify the config section for the later files so that the include order is idempotent. This makes it much easier to drop files into a config snippet directory in etc and manage that set of config files, without for example one config file starting a stub section and creating parse errors in another config file with server options. The `rrset-roundrobin` option is now default to yes. This is more in line with what users expect. The KSK-2010 has been removed from our default key set output. The option `prefer-ip4` can be used to prefer ip4 over ip6 when reputation for the ip6 netblock is shared with other users. There is also a dnstap implementation inside Unbound. This removes the dependency on the libfstrm library. The protobuf library is still used. The fstrm protocol code resides in `dnstap/dnstap_fstrm.h` and `dnstap/dnstap_fstrm.c`. This contains a brief definition of what unbound needs. The `make unbound-dnstap-socket` builds a debug tool, unbound-dnstap-socket. It can listen, accept multiple DNSTAP streams and print information. Commandline options control it. Unbound can reconnect if the unix domain socket file socket is closed. This uses exponential backoff after which it uses a one second timer to throttle cpu down. There is also support to use TCP and TLS for connecting to the log server. There are new config options to turn them on, in the `dnstap` section in the man page and example config file. `dnstap-ip` with IP address of server for TCP or TLS use. `dnstap-tls` to turn on TLS. And `dnstap-tls-server-name`, `dnstap-tls-cert-bundle`, `dnstap-tls-client-key-file` and `dnstap-tls-client-cert-file` to configure the certificates for server authentication and client authentication, or leave at `""` to not use that. With `dnstap-bidirectional` the frame streams can be set to bidirectional or unidirectional connection mode. Features - Merge #225 from akhait: KSK-2010 has been revoked. It removes the KSK-2010 from the default list in unbound-anchor, now that the revocation period is over. KSK-2017 is the only trust anchor in the shipped default now. - Merge PR #93: Add dynamic library support. - Introduce 'include-toplevel:' configuration option. - Change default value for 'rrset-roundrobin' to yes. - Add SNI support on more TLS connections (fixes #193). - Add SNI support to unbound-anchor. - Merge PR #164: Framestreams, this branch implements dnstap connectivity in unbound. This has a number of new features. The dependency on libfstrm is removed. The fstrm protocol code resides in dnstap/dnstap_fstrm.h and dnstap/dnstap_fstrm.c. This contains a brief definition of what unbound needs. The make unbound-dnstap-socket builds a debug tool, unbound-dnstap-socket. It can listen, accept multiple DNSTAP streams and print information. Commandline options control it. Unbound can reconnect if the unix domain socket file socket is closed. This uses exponential backoff after which it uses a one second timer to throttle cpu down. There is also support to use TCP and TLS for connecting to the log server. There are new config options to turn them on, in the dnstap section in the man page and example config file. dnstap-ip with IP address of server for TCP or TLS use. dnstap-tls to turn on TLS. And dnstap-tls-server-name, dnstap-tls-cert-bundle, dnstap-tls-client-key-file and dnstap-tls-client-cert-file to configure the certificates for server authentication and client authentication, or leave at "" to not use that. - Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for using ipv4 filters, because the hosts ip6 netblock /64 is not owned by one operator, and thus reputation is shared. Bug Fixes - protect X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS with ifdef for different openssl versions. - Merge PR #166: Fix typo in unbound.service.in, by glitsj16. - Fix #169: Fix warning for daemon/remote.c output may be truncated from snprintf. - Fix #170: Fix gcc undefined sanitizer signed integer overflow warning in signature expiry RFC1982 serial number arithmetic. - Fix more undefined sanitizer issues, in respip copy_rrset null dname, and in the client_info_compare routine for null memcmp. - Merge PR #171: Add additional compilers and platforms to Travis testing, by noloader. - Merge PR #173: updated makedist.sh for config.guess and config.sub and sha256 digest for gpg, by noloader. - Merge PR #172: Add IBM s390x arch for testing, by noloader. - Fix #177: dnstap does not build on macOS. - Fix compiler warning in dns64/dns64.c - Merge PR #174: Add Android to Travis testing, by noloader. - Move android build scripts to contrib/ and allow android tests to fail. - Fix #175, Merge PR #176: fix link error when OpenSSL is configured with no-engine, thanks noloader. - Upgrade config.guess(2020-01-01) and config.sub(2020-01-01). - Merge PR #180 from noloader: Avoid calling exit in Travis script. - Merge PR #181 from noloader: Fix OpenSSL -pie warning on Android. - Update README-Travis.md (from PR #179), by Jeffrey Walton. - Fix PR #182 from noloader: Add iOS testing to Travis. - Merge PR #186, fix #183: Fix unrecognized 'echo -n' option on OS X, by noloader - Fix #188: unbound-control.c:882:6: error: 'execlp' is unavailable: not available on tvOS. - Fix #189: mini_event.h:142:17: error: field 'ev_timeout' has incomplete type, by noloader. - Add check to make sure RPZ records are subdomains of configured zone origin. - Fix #192: In the unbound-checkconf tool, the module config of dns64 subnetcache respip validator iterator is whitelisted, it was reported it seems to work. - Merge PR#191: Update iOS testing on Travis, by Jeffrey Walton. - Fix #158: open tls-session-ticket-keys as binary, for Windows. By Daisuke HIGASHI. - Merge PR#134, Allow the kernel to provide random source ports. By Florian Obser. - Log warning when using outgoing-port-permit and outgoing-port-avoid while explicit port randomisation is disabled. - Merge PR#194: Add libevent testing to Travis, by Jeffrey Walton. - Fix .travis.yml error, missing 'env' option. - Merge PR #197 from fobser: Make log_ident_revert_to_default() a proper prototype. - Merge PR #198 from fobser: Declare lz_enter_rr_into_zone() static, it's only used in this file. - Fix compile on Solaris for unbound-checkconf. - Fix compile of test tools without protobuf. - Merge PR #200 from yarikk: add ip-dscp option to specify the DSCP tag for outgoing packets. - Travis fix for ios by omitting tools from install. - Merge PR #201 from noloader: Fix OpenSSL cross-compaile warnings. - Fix RPZ concurrency issue when using auth_zone_reload. - Make unbound-control error returned on missing domain name more user friendly. - Merge PR #203 from noloader: Update README-Travis.md with current procedures. - Merge PR #207: Clarify if-automatic listens on 0.0.0.0 and :: - Merge PR #208: Fix uncached CLIENT_RESPONSE'es on stateful transports. - Merge PR #206: Redis TTL, by Talkabout. - More documentation for redis-expire-records option. - Keep track of number of timeouts. Use this counter to determine if capsforid fallback should be started. - Merge PR #214 from gearnode: unbound-control-setup recreate certificates. With the -r option the certificates are created again, without it, only the files that do not exist are created. - Fix #220: auth-zone section in config may lead to segfault. - Fix help return code in unbound-control-setup script. - Fix for posix shell syntax for trap in nsd-control-setup. - Fix for posix shell syntax for trap in run_msg.sh test script. - Add doxygen documentation for DSCP. - Fix #222: --enable-rpath, fails to rpath python lib. - Fix for count of reply states in the mesh. - Remove unneeded was_mesh_reply check. - Explicitly use 'rrset-roundrobin: no' for test cases. - Cache ECS answers with longest scope of CNAME chain. - windows compile warnings removal for ip dscp option code. - Fix for integer overflow when printing RDF_TYPE_TIME. - Update contrib/aaaa-filter-iterator.patch for the recent generate_sub_request() change and to apply cleanly. - Merge PR #241 by Robert Edmonds: contrib/libunbound.pc.in: Do not use "Requires:". - Mention tls name possible when tls is enabled for stub-addr in the man page. - Fix default explanation in man page for qname-minimisation-strict. - Fix display of event loop method with libev. - iana portlist updated. - Move reply list clean for serve expired mesh callback to after the reply is sent, so that script callbacks have reply_info. - Also move reply list clean for mesh callbacks to the scrip callback can see the reply_info. - Fix for mesh accounting if the reply list already empty to begin with. - Fix for mesh accounting when rpz decides to drop a reply with a tcp stream waiting for it. - Review fix for number of detached states due to use of variable after end of loop. - Fix tcp req info drop due to size call into mesh accounting removal of mesh state during mesh send reply. - Fix #259: Fix unbound-checkconf does not check view existence. unbound-checkconf checks access-control-view, access-control-tags, access-control-tag-actions and access-control-tag-datas. - Fix offset of error printout for access-control-tag-datas. - Fix add missing DSA header, for compilation without deprecated OpenSSL APIs. - Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL 3.0.0-alpha4. - Longer keys for the test set, this avoids weak crypto errors. - Add bidirectional frame streams support. - Fix check conf test for referencing installation paths. - Fix unused variable warning for clang analyzer. - Merge PR #234 - Ensure proper alignment of cmsg buffers by Jérémie Courrèges-Anglas. - Fix PR #234 log_assert sizeof to use union buffer. - Fix libnettle compile for session ticket key callback function changes. - Fix lock dependency cycle in rpz zone config setup. - Fix streamtcp to print packet data to stdout. This makes the stdout and stderr not mix together lines, when parsing its output. - Fix contrib/fastrpz.patch to apply cleanly. It fixes for changes due to added libdynmod, but it does not compile, it conflicts with new rpz code.
-
-
-
release-1.10.0rc2
b7706993 · ·Unbound 1.10.0rc2 The release candidate 2 is there to fix unbound-checkconf from rejecting the configuration. Additional changes are: - Fix spelling in unbound.conf.5.in. - Stop unbound-checkconf from insisting that auth-zone and rpz zonefiles have to exist. They can not exist, and download later. - contrib/drop2rpz: perl script that converts the Spamhaus DROP-List in RPZ-Format, contributed by Andreas Schulze. - Remove unused variable. - Add respip to supported module-config options in unbound-checkconf. The 1.10.0 release has RPZ support and serve stale functionality according to draft draft-ietf-dnsop-serve-stale-10. And a number of other, smaller, features, and bug fixes. The DNS Response Policy Zones (RPZ) functionality makes it possible to express DNS response policies in a DNS zone. These zones can be loaded from file or transferred over DNS zone transfers or HTTP. The RPZ functionality in Unbound is implemented as specified in draft-vixie-dnsop-dns-rpz-00. Only the QNAME and Response IP Address triggers are supported. The supported RPZ actions are: NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. Enabling the respip module using `module-config` is required to use RPZ. Each RPZ zone can be configured using the `rpz` clause. RPZ clauses are applied in order of configuration. Unbound can get the data from zone transfer, a zonefile or https url, and more options are documented in the man page. A minimal RPZ configuration that will transfer the RPZ zone using AXFR and IXFR can look like: server: module-config: "respip validator iterator" rpz: name: "rpz.example.com" # name of the policy zone master: 192.0.2.0 # address of the name server to transfer from The serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10 is now supported in unbound. This allows unbound to first try and resolve a domain name before replying with expired data from cache. This differs from unbound's initial serve-expired behavior which attempts to reply with expired entries from cache without waiting for the actual resolution to finish. Both behaviors are available and can be configured with the various serve-expired-* configuration options. serve-expired-client-timeout is the option that enables one or the other. The DSA algorithms have been disabled by default, this is because of RFC 8624. There is a crash fix in the parse of text of type WKS, reported by X41 D-Sec. In addition, neg and key caches can be shared with multiple libunbound contexts, a change that assists unwind. The contrib/unbound_portable.service provides a systemd start file for a portable setup. The configure --with-libbsd option allows the use of the bsd compatibility library so that it can use the arc4random from it. The stats in contrib/unbound_munin_ have num.query.tls and num.query.tls.resume added to them. For unbound-control the command view_local_datas_remove is added that removes data from a view. Features: - Merge RPZ support into master. Only QNAME and Response IP triggers are supported. - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Merge #135 from Florian Obser: Use passed in neg and key cache if non-NULL. - Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance. - Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds and Frzk. Updates the unbound.service systemd file and adds a portable systemd service file. - Merge PR#154; Allow use of libbsd functions with configure option --with-libbsd. By Robert Edmonds and Steven Chamberlain. - Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai. - Merge PR#156 from Alexander Berkes; Added unbound-control view_local_datas_remove command. Bug Fixes: - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by Florian Obser - Update mailing list URL. - Fix #140: Document slave not downloading new zonefile upon update. - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. The dl_iterate_phdr() function introduced in newer versions raises compilation errors on solaris 10. - Changes to compat/getentropy_solaris.c for, ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. - Fix 'make test' to work for --disable-sha1 configure option. - Fix out-of-bounds null-byte write in sldns_bget_token_par while parsing type WKS, reported by Luis Merino from X41 D-Sec. - Updated sldns_bget_token_par fix for also space for the zero delimiter after the character. And update for more spare space. - Fix #138: stop binding pidfile inside chroot dir in systemd service file. - Fix the relationship between serve-expired and prefetch options, patch from Saksham Manchanda from Secure64. - Fix unreachable code in ssl set options code. - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, because dnscrypt-proxy (2.0.36) does not support the test setup any more, and also the config file format does not seem to have the appropriate keys to recreate that setup. - Fix crash after reload where a stats lookup could reference old key cache and neg cache structures. - Fix for memory leak when edns subnet config options are read when compiled without edns subnet support. - Fix auth zone support for NSEC3 records without salt. - Merge PR#150 from Frzk: Systemd unit without chroot. It add contrib/unbound_nochroot.service.in, a systemd file for use with chroot: "", see comments in the file, it uses systemd protections instead. It was superceded by #151, the unbound_portable.service file. - Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies. - iana portlist updated. - Fix to silence the tls handshake errors for broken pipe and reset by peer, unless verbosity is set to 2 or higher. - Merge PR#147; change rfc reference for reserved top level dns names. - Fix #157: undefined reference to `htobe64'. - Fix subnet tests for disabled DSA algorithm by default. - Update contrib/fastrpz.patch for clean diff with current code. - updated .gitignore for added contrib file. - Add build rule for ipset to Makefile - Add getentropy_freebsd.o to Makefile dependencies. - Fix memory leak in error condition remote.c - Fix double free in error condition view.c - Fix memory leak in do_auth_zone_transfer on success - Stop working on socket when socket() call returns an error. - Check malloc return values in TLS session ticket code - Fix fclose on error in TLS session ticket code. - Add assertion to please static analyzer - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend. - Fix num_reply_addr counting in mesh and tcp drop due to size after serve_stale commit. - Fix to create and destroy rpz_lock in auth_zones structure. - Fix to lock zone before adding rpz qname trigger. - Fix to lock and release once in mesh_serve_expired_lookup. - Fix to put braces around empty if body when threading is disabled. - Fix num_reply_states and num_detached_states counting with serve_expired_callback. - Cleaner code in mesh_serve_expired_lookup. - Document in unbound.conf manpage that configuration clauses can be repeated in the configuration file. - Document 'ub_result.was_ratelimited' in libunbound. - Fix use after free on log-identity after a reload; Fixes #163. - Fix with libnettle make test with dsa disabled. - Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale fixes, but it does not compile, conflicts with new rpz code. - Fix to clean memory leak of respip_addr.lock when ip_tree deleted. - Fix compile warning when threads disabled.
-
release-1.10.0rc1
00d622be · ·Unbound 1.10.0rc1 The 1.10.0rc1 release has RPZ support and serve stale functionality according to draft draft-ietf-dnsop-serve-stale-10. And a number of other, smaller, features, and bug fixes. The DNS Response Policy Zones (RPZ) functionality makes it possible to express DNS response policies in a DNS zone. These zones can be loaded from file or transferred over DNS zone transfers or HTTP. The RPZ functionality in Unbound is implemented as specified in draft-vixie-dnsop-dns-rpz-00. Only the QNAME and Response IP Address triggers are supported. The supported RPZ actions are: NXDOMAIN, NODATA, PASSTHRU, DROP and Local Data. Enabling the respip module using `module-config` is required to use RPZ. Each RPZ zone can be configured using the `rpz` clause. RPZ clauses are applied in order of configuration. Unbound can get the data from zone transfer, a zonefile or https url, and more options are documented in the man page. A minimal RPZ configuration that will transfer the RPZ zone using AXFR and IXFR can look like: server: module-config: "respip validator iterator" rpz: name: "rpz.example.com" # name of the policy zone master: 192.0.2.0 # address of the name server to transfer from The serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10 is now supported in unbound. This allows unbound to first try and resolve a domain name before replying with expired data from cache. This differs from unbound's initial serve-expired behavior which attempts to reply with expired entries from cache without waiting for the actual resolution to finish. Both behaviors are available and can be configured with the various serve-expired-* configuration options. serve-expired-client-timeout is the option that enables one or the other. The DSA algorithms have been disabled by default, this is because of RFC 8624. There is a crash fix in the parse of text of type WKS, reported by X41 D-Sec. In addition, neg and key caches can be shared with multiple libunbound contexts, a change that assists unwind. The contrib/unbound_portable.service provides a systemd start file for a portable setup. The configure --with-libbsd option allows the use of the bsd compatibility library so that it can use the arc4random from it. The stats in contrib/unbound_munin_ have num.query.tls and num.query.tls.resume added to them. For unbound-control the command view_local_datas_remove is added that removes data from a view. Features: - Merge RPZ support into master. Only QNAME and Response IP triggers are supported. - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Merge #135 from Florian Obser: Use passed in neg and key cache if non-NULL. - Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance. - Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds and Frzk. Updates the unbound.service systemd file and adds a portable systemd service file. - Merge PR#154; Allow use of libbsd functions with configure option --with-libbsd. By Robert Edmonds and Steven Chamberlain. - Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai. - Merge PR#156 from Alexander Berkes; Added unbound-control view_local_datas_remove command. Bug Fixes: - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by Florian Obser - Update mailing list URL. - Fix #140: Document slave not downloading new zonefile upon update. - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. The dl_iterate_phdr() function introduced in newer versions raises compilation errors on solaris 10. - Changes to compat/getentropy_solaris.c for, ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. - Fix 'make test' to work for --disable-sha1 configure option. - Fix out-of-bounds null-byte write in sldns_bget_token_par while parsing type WKS, reported by Luis Merino from X41 D-Sec. - Updated sldns_bget_token_par fix for also space for the zero delimiter after the character. And update for more spare space. - Fix #138: stop binding pidfile inside chroot dir in systemd service file. - Fix the relationship between serve-expired and prefetch options, patch from Saksham Manchanda from Secure64. - Fix unreachable code in ssl set options code. - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, because dnscrypt-proxy (2.0.36) does not support the test setup any more, and also the config file format does not seem to have the appropriate keys to recreate that setup. - Fix crash after reload where a stats lookup could reference old key cache and neg cache structures. - Fix for memory leak when edns subnet config options are read when compiled without edns subnet support. - Fix auth zone support for NSEC3 records without salt. - Merge PR#150 from Frzk: Systemd unit without chroot. It add contrib/unbound_nochroot.service.in, a systemd file for use with chroot: "", see comments in the file, it uses systemd protections instead. It was superceded by #151, the unbound_portable.service file. - Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies. - iana portlist updated. - Fix to silence the tls handshake errors for broken pipe and reset by peer, unless verbosity is set to 2 or higher. - Merge PR#147; change rfc reference for reserved top level dns names. - Fix #157: undefined reference to `htobe64'. - Fix subnet tests for disabled DSA algorithm by default. - Update contrib/fastrpz.patch for clean diff with current code. - updated .gitignore for added contrib file. - Add build rule for ipset to Makefile - Add getentropy_freebsd.o to Makefile dependencies. - Fix memory leak in error condition remote.c - Fix double free in error condition view.c - Fix memory leak in do_auth_zone_transfer on success - Stop working on socket when socket() call returns an error. - Check malloc return values in TLS session ticket code - Fix fclose on error in TLS session ticket code. - Add assertion to please static analyzer - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend. - Fix num_reply_addr counting in mesh and tcp drop due to size after serve_stale commit. - Fix to create and destroy rpz_lock in auth_zones structure. - Fix to lock zone before adding rpz qname trigger. - Fix to lock and release once in mesh_serve_expired_lookup. - Fix to put braces around empty if body when threading is disabled. - Fix num_reply_states and num_detached_states counting with serve_expired_callback. - Cleaner code in mesh_serve_expired_lookup. - Document in unbound.conf manpage that configuration clauses can be repeated in the configuration file. - Document 'ub_result.was_ratelimited' in libunbound. - Fix use after free on log-identity after a reload; Fixes #163. - Fix with libnettle make test with dsa disabled. - Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale fixes, but it does not compile, conflicts with new rpz code. - Fix to clean memory leak of respip_addr.lock when ip_tree deleted. - Fix compile warning when threads disabled.
-
-
release-1.9.6
e828d678 · ·Unbound 1.9.6 This release contains a number of security related fixes, contributed by X41 D-Sec. They have conducted a security audit of Unbound, funded by OSTIF. The previous CVEs fixed in 1.9.4 and 1.9.5 were the most important ones, less important fixes and side findings for more robust code have been included in this release, alongside a normal number of bug fixes. X41 D-Sec news item: https://www.x41-dsec.de/security/research/job/news/2019/12/11/unbound/ OSTIF news item: https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ The sort order for included config snippets is not ascending by name, it previously was reversed due to an oversight. Most config snippets do not depend on the order as they add a stub or forward zone or some server: section config entries. Features: - The unbound.conf includes are sorted ascending, for include statements with a '*' from glob. - drop-tld.diff in contrib/ : adds option drop-tld: yesno that drops 2 label queries, to stop random floods. Apply with patch -p1 < contrib/drop-tld.diff and compile. From Saksham Manchanda (Secure64). Please note that we think this will drop DNSKEY and DS lookups for tlds and hence break DNSSEC lookups for downstream clients. - Add new configure option `--enable-fully-static` to enable full static build if requested; in relation to #91. - Add make distclean that removes everything configure produced, and make maintainer-clean that removes bison and flex output. - unbound-fuzzers.tar.bz2 in contrib/ : three programs for fuzzing, that are 1:1 replacements for unbound-fuzzme.c that gets created after applying the contrib/unbound-fuzzme.patch. They are contributed by Eric Sesterhenn from X41 D-Sec. Bug Fixes: - Fix that pkg-config is setup before --enable-systemd needs it. - Fix contrib/fastrpz.patch asprintf return value checks. - ipset module #28: log that an address is added, when verbosity high. - ipset: refactor long routine into three smaller ones. - updated Makefile dependencies. - squelch DNS over TLS errors 'ssl handshake failed crypto error' on low verbosity, they show on verbosity 3 (query details), because there is a high volume and the operator cannot do anything for the remote failure. Specifically filters the high volume errors. - Fix #71: fix openssl error squelch commit compilation error. - Fix #72: configure --with-syslog-facility=LOCAL0-7 with default LOG_DAEMON (as before) can set the syslog facility that the server uses to log messages. - Use explicit bzero for wiping clear buffer of hash in cachedb, reported by Eric Sesterhenn from X41 D-Sec. - Fix #78: Memory leak in outside_network.c. - Merge pull request #76 from Maryse47: Improvements and fixes for systemd unbound.service. - oss-fuzz badge on README.md. - Fix fix for #78 to also free service callback struct. - Fix for oss-fuzz build warning. - Fix wrong response ttl for prepended short CNAME ttls, this would create a wrong zero_ttl response count with serve-expired enabled. - Merge #80 from stasic: Improve wording in man page. - Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW in unbound.service. - Merge #81 from Maryse47: Consistently use /dev/urandom instead of /dev/random in scripts and docs. - Merge #83 from Maryse47: contrib/unbound.service.in: do not fork into the background. - Merge #85 for #84 from sam-lunt: Add kill capability to systemd service file to fix that systemctl reload fails. - Merge #87 from hardfalcon: Fix contrib/unbound.service.in, Drop CAP_KILL, use + prefix for ExecReload= instead. - Merge #90 from vcunat: fix build with nettle-3.5. - Fix for CVE-2019-16866. That fix is also in 1.9.4. - Merge #86 from psquarejho: Added -b source address option to smallapp/unbound-anchor.c, from Lukas Wunner. - Add doxygen comments to unbound-anchor source address code, in #86. - Merge #97: manpage: Add missing word on unbound.conf, from Erethon. - Fix #99: Memory leak in ub_ctx (event_base will never be freed). - Fix #109: check number of arguments for stdin-pipes in unbound-control and fail if too many arguments. - Merge #102 from jrtc27: Add getentropy emulation for FreeBSD. - iana portlist updated. - contrib/fastrpz.patch updated to apply for current code. - fixes for splint cleanliness, long vs int in SSL set_mode. - In unbound-host use separate variable for get_option to please code checkers. - update to bison output of 3.4.1 in code repository. - Provide a prototype for compat malloc to remove compile warning. - Portable grep usage for reuseport configure test. - Check return type of HMAC_Init_ex for openssl 0.9.8. - gitignore .source tempfile used for compatible make. - Fix for CVE-2019-18934, shell execution in ipsecmod. This fix is also in 1.9.5. - Fix authzone printout buffer length check. - Fixes to please lint checks. - Fix Integer Overflow in Regional Allocator, reported by X41 D-Sec. - Fix Unchecked NULL Pointer in dns64_inform_super() and ipsecmod_new(), reported by X41 D-Sec. - Fix Out-of-bounds Read in rr_comment_dnskey(), reported by X41 D-Sec. - Fix Integer Overflows in Size Calculations, reported by X41 D-Sec. - Fix Integer Overflow to Buffer Overflow in sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec. - Fix Out of Bounds Read in sldns_str2wire_dname(), reported by X41 D-Sec. - Fix Out of Bounds Write in sldns_bget_token_par(), reported by X41 D-Sec. - Fix Out of Bounds Read in rrinternal_get_owner(), reported by X41 D-Sec. - Fix Race Condition in autr_tp_create(), reported by X41 D-Sec. - Fix Shared Memory World Writeable, reported by X41 D-Sec. - Adjust unbound-control to make stats_shm a read only operation. - Fix Weak Entropy Used For Nettle, reported by X41 D-Sec. - Fix Randomness Error not Handled Properly, reported by X41 D-Sec. - Fix Out-of-Bounds Read in dname_valid(), reported by X41 D-Sec. - Fix Config Injection in create_unbound_ad_servers.sh, reported by X41 D-Sec. - Fix Local Memory Leak in cachedb_init(), reported by X41 D-Sec. - Fix Integer Underflow in Regional Allocator, reported by X41 D-Sec. - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. - Synchronize compat/getentropy_win.c with version 1.5 from OpenBSD, no changes but makes the file, comments, identical. - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD. - Changes to compat/getentropy files for, no link to openssl if using nettle, and hence config.h for HAVE_NETTLE variable. compat definition of MAP_ANON, for older systems. ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. - Fix Terminating Quotes not Written, reported by X41 D-Sec. - Fix Useless memset() in validator, reported by X41 D-Sec. - Fix Unrequired Checks, reported by X41 D-Sec. - Fix Enum Name not Used, reported by X41 D-Sec. - Fix NULL Pointer Dereference via Control Port, reported by X41 D-Sec. - Fix Bad Randomness in Seed, reported by X41 D-Sec. - Fix python examples/calc.py for eval, reported by X41 D-Sec. - Fix comments for doxygen in dns64. - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. - Fix compiler warnings. - Merge pull request #122 from he32: In tcp_callback_writer(), don't disable time-out when changing to read. - Merge pull request #124 from rmetrich: Changed log lock from 'quick' to 'basic' because this is an I/O lock. - Fix text around serial arithmatic used for RRSIG times to refer to correct RFC number. - Fix Assert Causing DoS in synth_cname(), reported by X41 D-Sec. - Fix similar code in auth_zone synth cname to add the extra checks. - Fix Assert Causing DoS in dname_pkt_copy(), reported by X41 D-Sec. - Fix OOB Read in sldns_wire2str_dname_scan(), reported by X41 D-Sec. - Fix Out of Bounds Write in sldns_str2wire_str_buf(), reported by X41 D-Sec. - Fix Out of Bounds Write in sldns_b64_pton(), fixed by check in sldns_str2wire_int16_data_buf(), reported by X41 D-Sec. - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), reported by X41 D-Sec. - Fix Out of Bound Write Compressed Names in rdata_copy(), reported by X41 D-Sec. - Fix Hang in sldns_wire2str_pkt_scan(), reported by X41 D-Sec. This further lowers the max to 256. - Fix snprintf() supports the n-specifier, reported by X41 D-Sec. - Fix Bad Indentation, in dnscrypt.c, reported by X41 D-Sec. - Fix Client NONCE Generation used for Server NONCE, reported by X41 D-Sec. - Fix compile error in dnscrypt. - Fix _vfixed not Used, removed from sbuffer code, reported by X41 D-Sec. - Fix Hardcoded Constant, reported by X41 D-Sec. - make depend - Fix lock type for memory purify log lock deletion. - Fix testbound for alloccheck runs, memory purify and lock checks. - update contrib/fastrpz.patch to apply more cleanly. - Fix Make Test Fails when Configured With --enable-alloc-nonregional, reported by X41 D-Sec.