W.C.A. Wijngaards
2a4e840be4
- Fix Unchecked NULL Pointer in dns64_inform_super()
...
and ipsecmod_new(), reported by X41 D-Sec.
2019-11-19 15:48:18 +01:00
W.C.A. Wijngaards
226298bbd3
- Fix Integer Overflow in Regional Allocator,
...
reported by X41 D-Sec.
2019-11-19 15:38:05 +01:00
W.C.A. Wijngaards
79a6e9fbe2
- Fixes to please lint checks.
2019-11-19 12:10:03 +01:00
W.C.A. Wijngaards
16bbfc3461
- Fix authzone printout buffer length check.
2019-11-19 10:09:44 +01:00
W.C.A. Wijngaards
d8090b8cae
- 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development.
2019-11-19 10:06:12 +01:00
W.C.A. Wijngaards
09845779d5
- Fix CVE-2019-18934, shell execution in ipsecmod.
2019-11-19 10:05:18 +01:00
W.C.A. Wijngaards
cb8374cce5
- gitignore .source tempfile used for compatible make.
2019-11-18 15:58:19 +01:00
W.C.A. Wijngaards
442e95620e
- Portable grep usage for reuseport configure test.
...
- Check return type of HMAC_Init_ex for openssl 0.9.8.
2019-11-18 15:53:47 +01:00
W.C.A. Wijngaards
af6f5a3f54
- Provide a prototype for compat malloc to remove compile warning.
2019-11-18 13:52:17 +01:00
W.C.A. Wijngaards
253d95a8ef
- update to bison output of 3.4.1 in code repository.
2019-11-18 10:50:54 +01:00
W.C.A. Wijngaards
57f2582790
- In unbound-host use separate variable for get_option to please
...
code checkers.
2019-11-18 10:45:47 +01:00
W.C.A. Wijngaards
d05d6b959a
- fixes for splint cleanliness, long vs int in SSL set_mode.
2019-11-13 15:16:27 +01:00
W.C.A. Wijngaards
d4c904d091
- contrib/fastrpz.patch updated to apply for current code.
2019-11-13 11:40:56 +01:00
W.C.A. Wijngaards
5ac9bf3f9b
- iana portlist updated.
2019-11-13 11:37:06 +01:00
W.C.A. Wijngaards
f759fc5839
Changelog note and configure autoconf generated.
...
- Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.
2019-11-11 14:46:24 +01:00
W.C.A. Wijngaards
29b90c6e58
- Fix #109 : check number of arguments for stdin-pipes in
...
unbound-control and fail if too many arguments.
2019-11-11 12:02:51 +01:00
W.C.A. Wijngaards
7dfbcdf276
- Fix #99 : Memory leak in ub_ctx (event_base will never be freed).
2019-10-24 09:58:45 +02:00
George Thessalonikefs
941b324187
Add new configure option --enable-fully-static
to enable full static build if
...
requested; in relation to #91 .
2019-10-23 16:10:07 +02:00
W.C.A. Wijngaards
21472c2393
Changelog note for #97 .
...
- Merge #97 : manpage: Add missing word on unbound.conf,
from Erethon.
2019-10-23 07:56:17 +02:00
W.C.A. Wijngaards
e6a179e27a
- drop-tld.diff: adds option drop-tld: yesno that drops 2 label
...
queries, to stop random floods. Apply with
patch -p1 < contrib/drop-tld.diff and compile.
From Saksham Manchanda (Secure64). Please note that we think this
will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
lookups for downstream clients.
2019-10-22 10:32:37 +02:00
W.C.A. Wijngaards
eb2283332b
- Add doxygen comments to unbound-anchor source address code, in #86 .
2019-10-07 09:50:04 +02:00
W.C.A. Wijngaards
b2c3b4758b
For #86 , note credit for Lukas Wunner.
2019-10-03 16:29:45 +02:00
W.C.A. Wijngaards
8bfbd81fec
Changelog entry for #86 and whitespace fix.
...
- Merge #86 from psquarejho: Added -b source address option to
smallapp/unbound-anchor.c.
2019-10-03 16:22:42 +02:00
W.C.A. Wijngaards
facc6c6541
- Merge 1.9.4 release with fix for vulnerability CVE-2019-16866.
...
- Continue with development of 1.9.5.
2019-10-03 11:40:13 +02:00
W.C.A. Wijngaards
82dffb1023
Changelog entry for Merge #90 .
...
- Merge #90 from vcunat: fix build with nettle-3.5.
2019-10-03 08:59:16 +02:00
W.C.A. Wijngaards
7963c9f463
Changelog note for #87 .
...
- Merge #87 from hardfalcon: Fix contrib/unbound.service.in,
Drop CAP_KILL, use + prefix for ExecReload= instead.
2019-09-26 13:17:46 +02:00
W.C.A. Wijngaards
55bb4c1275
- The unbound.conf includes are sorted ascending, for include
...
statements with a '*' from glob.
2019-09-25 16:50:30 +02:00
W.C.A. Wijngaards
06a91b0eaa
Changelog entry for fix #84 and #85 .
...
- Merge #85 for #84 from sam-lunt: Add kill capability to systemd
service file to fix that systemctl reload fails.
2019-09-23 09:20:12 +02:00
W.C.A. Wijngaards
f635b47ade
Changelog entry for #83
...
- Merge #83 from Maryse47: contrib/unbound.service.in: do not fork
into the background.
2019-09-20 12:59:41 +02:00
W.C.A. Wijngaards
1b62399a6e
Changelog entry for #81 .
...
- Merge #81 from Maryse47: Consistently use /dev/urandom instead
of /dev/random in scripts and docs.
2019-09-20 07:44:43 +02:00
W.C.A. Wijngaards
aefd2df51f
(Changelog entry for #82 ).
...
- Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW
in unbound.service.
2019-09-20 07:38:34 +02:00
W.C.A. Wijngaards
1dcc88b6e8
- Merge #80 from stasic: Improve wording in man page.
...
(Changelog entry for merge)
2019-09-19 16:56:14 +02:00
W.C.A. Wijngaards
9f0b260c49
- Fix wrong response ttl for prepended short CNAME ttls, this would
...
create a wrong zero_ttl response count with serve-expired enabled.
2019-09-19 16:29:51 +02:00
W.C.A. Wijngaards
ab53baa6f5
- Fix for oss-fuzz build warning.
2019-09-19 10:09:49 +02:00
W.C.A. Wijngaards
554e4a939c
- Fix fix for #78 to also free service callback struct.
2019-09-19 10:03:47 +02:00
W.C.A. Wijngaards
45b3215594
- oss-fuzz badge on README.md.
2019-09-19 09:55:23 +02:00
W.C.A. Wijngaards
3cb1cdeebd
- Merge pull request #76 from Maryse47: Improvements and fixes for
...
systemd unbound.service.
(Changelog note for merge of #76 ).
2019-09-19 09:53:21 +02:00
W.C.A. Wijngaards
1a4eaaabc5
- Fix #78 : Memory leak in outside_network.c.
2019-09-19 09:11:23 +02:00
W.C.A. Wijngaards
13d96540de
- Use explicit bzero for wiping clear buffer of hash in cachedb,
...
reported by Eric Sesterhenn from X41 D-Sec.
2019-09-11 15:31:03 +02:00
W.C.A. Wijngaards
e45e9f1ce0
- Fix #72 : configure --with-syslog-facility=LOCAL0-7 with default
...
LOG_DAEMON (as before) can set the syslog facility that the server
uses to log messages.
2019-09-09 14:27:55 +02:00
W.C.A. Wijngaards
05b9f4fd28
- Fix #71 : fix openssl error squelch commit compilation error.
2019-09-04 08:44:19 +02:00
W.C.A. Wijngaards
1089fd6dc1
- squelch DNS over TLS errors 'ssl handshake failed crypto error'
...
on low verbosity, they show on verbosity 3 (query details), because
there is a high volume and the operator cannot do anything for the
remote failure. Specifically filters the high volume errors.
2019-09-03 09:47:27 +02:00
W.C.A. Wijngaards
366296ec14
- updated Makefile dependencies.
2019-09-02 15:56:24 +02:00
W.C.A. Wijngaards
7f9aa6734a
- ipset: refactor long routine into three smaller ones.
2019-09-02 15:17:25 +02:00
W.C.A. Wijngaards
9902a5f81d
- ipset module #28 : log that an address is added, when verbosity high.
2019-09-02 13:50:42 +02:00
W.C.A. Wijngaards
cd0a2b1af1
- Master is 1.9.4 in development.
2019-08-27 09:56:20 +02:00
W.C.A. Wijngaards
a374dfb669
- Fix contrib/fastrpz.patch asprintf return value checks.
2019-08-23 08:41:46 +02:00
W.C.A. Wijngaards
79fa94834e
- 1.9.3rc2 release candidate tag.
2019-08-22 14:50:49 +02:00
W.C.A. Wijngaards
06847ff3be
- Fix that pkg-config is setup before --enable-systemd needs it.
2019-08-22 12:22:25 +02:00
W.C.A. Wijngaards
80c2c69fa7
- Fix log_dns_msg to log irrespective of minimal responses config.
2019-08-21 17:41:29 +02:00