Maintained by: NLnet Labs

[Unbound-users] Unbound 1.4.19 release

W.C.A. Wijngaards
Wed Dec 12 10:14:51 CET 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

This is Unbound 1.4.19, source link and sha hash.
http://unbound.net/downloads/unbound-1.4.19.tar.gz
sha1 ccf0d465fc0045d59ceca11ecde688edebd28ec1
sha256 47e681cf2489cdbad9c9687d579e9b052dceada8f9a720ba447689246aaeeadd


http://unbound.net/downloads/unbound-1.4.19.zip and
unbound_setup_1.4.19.exe are also available.


This release has few features and mostly bugfixes. The include:
"otherfile.*.conf" wildcard directive in the config file the most
interesting for package maintainers.  The RSAMD5 algorithm is
deprecated, there exists a patch in the source contrib that can
re-enable RSAMD5 support.


Features
- -   RFC6725 deprecates RSAMD5: this DNSKEY algorithm is disabled. The
contrib/patch_rsamd5_enable.diff patch enables RSAMD5 validation
otherwise it is treated as insecure. The MD5 hash is considered weak
for some purposes, if you want to sign your zone, then RSASHA256 is an
uncontested hash.
- -   unbound-control -q option is quiet, patch from Mariano Absatz.
- -   include: directive in config file accepts wildcards. Patch from
Paul Wouters. Suggested use: include: "/etc/unbound.d/conf.d/*"

Bug Fixes
- -   Fix openssl race condition, initializes openssl locks, reported by
Einar Lonn and Patrik Wallstrom.
- -   Improved forward-first and stub-first documentation.
- -   Fix that enables modules to register twice for the same
serviced_query, without race conditions or administration issues.
- -   Fix forward-first option where it sets the RD flag wrongly.
- -   added manpage links for libunbound calls (Thanks Paul Wouters).
- -   Add documentation to libunbound for default nonuse of resolv.conf.
- -   Fix timeouts so that when a server has been offline for a while
and is probed to see it works, it becomes fully available for server
selection again.
- -   Fallback to 1472 and 1232, one fragment size without headers.
- -   [bugzilla: 465 ]
- -   Nicer comments outgoing-port-avoid, thanks Stu.
- -   chdir to / after chroot call (suggested by Camiel Dobbelaar).
- -   updated contrib/unbound.spec, patch from Valentin Bud.
- -   ignore trusted-keys globs that have no files (from Paul Wouters).
- -   fix text in unbound-anchor man page.
- -   fix build of pythonmod in objdir (thanks Jakob Schlyter).
- -   make clean and makerealclean remove generated python and docs.
- -   Fix validation for responses with both CNAME and wildcard expanded
CNAME records in answer section.
- -   [bugzilla: 477 ]
    Fix unbound-anchor segfault if EDNS is blocked.
- -   Fix unbound-control forward disables configured stubs below it.
- -   iana portlist updated.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQyEsLAAoJEJ9vHC1+BF+N0fUP/RbVCZl98xjFQkl0u/YjIIhE
jZAF0vrcDCfXGbWbrZ9rfLQ7cDuY0vTstIgJWX+2HoYVJ2C4YvV7Xssqn3OrLAhG
N+67WkkZ292DaSW0OOTqg4Sm6bCMuK3VQu01GrokEAhp8GcNY8s5IcPrDRQY3gyP
RidSeaEcxPk4YjOk8k/xoazs/o9+IbCW1zBkT+jY8BRNZTXSXSeyEfU99LRO8zkf
vdT1ctRPfwXbOEMKO4mSEAP2Dc6hVEGUW/iWbp94mKk5ANsM38w0E8hzSRE+nayZ
K9WUHzti2PC+N/botiBExP1fRVtXS8U1eCud+ExSG5ehjE5G4zpidCxPObSvr/UD
J1d1kpryu/w9qyPlFELNxuUxmZq6mm5fVdoqk5mS/iax7gFzYtcblzIgTmc1/cDg
IoxpbRAznrNb55Gf0ECc16yh6qP8JGrkJoF8BOh3s570w4QJ1QcUBrebeaNYQs8w
x2zjSr1zJhcRsQbz8WoFacwOFzAofc5Woq5JwvNSnqaYqj4ughqq3GOpstabcw/T
rSfGU0Er1VjOZpTYnJEdKur6D3e9XUhSP2C3eH7S/AMopMQC0g095/miu/bAaBM4
5lONWqSAeJ8wx7DGbeAMTz+rLiYZcLJeTP9Y3DDVrXf5W1xPD39UyaRnAPCTedfo
X3ES+ZBdqGqV47/2eJna
=obla
-----END PGP SIGNATURE-----