-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Unbound 1.3.1 is released. Tarball is here: http://unbound.net/downloads/unbound-1.3.1.tar.gz sha1 19fd5aaddfce7de9e05bb5d6720707f98c1f649a sha256 55961c23c6cde824adef8de8d83dae7dcd40528333960d5c3d5028904d799e87 Short summary: contains bugfixes for bugs reported. Features * unbound_munin_ in contrib uses ps to show total memory rss if sbrk hack does not work. * Added build-unbound-localzone-from-hosts.pl to contrib, from Dennis DeDonatis. It converts /etc/hosts into config statements. Bug Fixes * Fixup potential wrong NSEC picked out of the cache. * If unfulfilled callbacks are deleted they are called with an error. * fwd above stub in configuration works. * [bugzilla: 254 ] removed random whitespace from example.conf. * Fixed bug where cached responses would lose their security status on second validation, which especially impacted dlv lookups. Reported by Hauke Lampe. * Fixup opportunistic target query generation to it does not generate queries that are known to fail. * harden-referral-path: handle cases where NS is in answer section. * updated fedora specfile in contrib from Paul Wouters. * Fix EDNS fallback when EDNS works for short answers but long answers are dropped. * On Linux, fragment IPv6 datagrams to the IPv6 minimum MTU, to avoid dropped packets at routers. * Fix of message parse bug where (specifically) an NSEC and RRSIG in the wrong order would be parsed, but put wrongly into internal structures so that later validation would fail. * Queries for type DS when forward or stub zones are there. They are performed to higherup domains, and thus treated as if going to higher zones when looking up the right forward or stub server. This makes a stub pointing to a local server that has a local view of example.com signed with the same keys as are publicly used work. Reported by Johan Ihren. * same thing fixed for forward-zone and DS, chain of trust from public internet into the forward-zone works now. * flush_type and flush_name remove message cache entries as well, so they remove errors from the cache as well * delegationpoint bogus flag copied fix * [bugzilla: 251 ] openssl key files are opened 'apache-style', from user root and before the chroot. This makes permissions on remote-control key files easier. * fail to configure with python if swig is not found. * Fix of empty -L during linking * updated ldns tarball to latest * updated iana portlist Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkpVu6IACgkQkDLqNwOhpPg6OwCdEQ5jm/PSvYwZmufEE9b2mi1l ev4AoJu16hFrA6vIF/OoEQGtfGOk9QUH =s8FR -----END PGP SIGNATURE-----