upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8108 commits 23 branches 209 tags 123 MiB
Commit graph

8108 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yorgos Thessalonikefs
1e2dc657a1
ac_cv_func_malloc_0_nonnull for malloc(0) check (#1351) 
- For #1339, use the standard variable ac_cv_func_malloc_0_nonnull for
  the malloc(0) check during configure; patch from Helmut Grohne.
 2025-09-29 13:12:27 +02:00
Yorgos Thessalonikefs
843124852f Changelog entry for #1349: 
- Merge #1349: Fix #1346: [FR] Please allow back TLS 1.2.
 2025-09-29 12:10:34 +02:00
W.C.A. Wijngaards
5e2fdff8e5 - Fix fr_atomic_copy_cfg. 2025-09-29 12:08:30 +02:00
Yorgos Thessalonikefs
499a3a7a61
Fix #1346: [FR] Please allow back TLS 1.2. (#1349) 
* 'tls-use-system-policy-versions' is introduced to allow Unbound to use
  any system available TLS version when serving TLS.

* Apply suggestions from code review

---------

Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2025-09-29 12:03:56 +02:00
W.C.A. Wijngaards
2024c1d050 - Neaten up the change in acx_nlnetlabs.m4 to version 49. 2025-09-29 11:40:14 +02:00
W.C.A. Wijngaards
6cd595a816 - Fix modstack_call_init to use the original string when it has 
changed, to call modstack_config with. And skip the changed name
  in the string correctly. Thanks to Jan Komissar.
 2025-09-29 11:31:50 +02:00
W.C.A. Wijngaards
74cf81e9a7 - Rebuild configure script from its sources. 2025-09-29 10:02:54 +02:00
Yorgos Thessalonikefs
35f6fd47fb - Test for nonstring attribute in configure and add 
nonstring attribute annotations.
 2025-09-26 16:23:55 +02:00
Alex Band
270e099aab
Update Mastodon shield 2025-09-25 21:39:39 +02:00
Yorgos Thessalonikefs
64645e1401 - Avoid calling mesh_detect_cycle_found() when there is no mesh state 
to begin with.
 2025-09-24 14:30:24 +02:00
Yorgos Thessalonikefs
421d317a64 - For #1350, same CAP_NET_ADMIN change for unbound_portable.service.in 
as well.
 2025-09-23 17:42:41 +02:00
Yorgos Thessalonikefs
0b8ed987de Changelog entry for #1350: 
- Merge #1350 from Maryse47: unbound.service.in: allow CAP_NET_ADMIN.
 2025-09-23 17:37:59 +02:00
Yorgos Thessalonikefs
9511797487
Merge pull request #1350 from Maryse47/patch-1 
unbound.service.in: allow CAP_NET_ADMIN and drop CAP_NET_RAW (redundant now).
 2025-09-23 17:37:09 +02:00
Yorgos Thessalonikefs
0b7bb75152 - For #1352, align with the current Python<3 code. 2025-09-23 17:31:55 +02:00
Yorgos Thessalonikefs
88c688ec10 Changelog entry for #1352: 
- Merge #1352 from Petr Vaganov: pythonmod: fix HANDLE_LEAK on
  pythonmod_init.
 2025-09-23 17:15:16 +02:00
Maryse47
81fd1dc71c
unbound.service.in: drop CAP_NET_RAW 
CAP_NET_RAW is unnecessary after CAP_NET_ADMIN was added
 2025-09-23 17:13:31 +02:00
Yorgos Thessalonikefs
69217cf675
Merge pull request #1352 from petrvaganoff/dev-52227 
pythonmod: fix HANDLE_LEAK on pythonmod_init
 2025-09-23 17:13:30 +02:00
Petr Vaganov
7c28f1b99c pythonmod: fix HANDLE_LEAK on pythonmod_init 
Found by the static analyzer Svace (ISP RAS).

Handle 'script_py' is created at pythonmod.c:436
by calling function 'fopen' and lost at pythonmod.c:457,465.

Signed-off-by: Petr Vaganov <petrvaganoff@gmail.com>
 2025-09-23 19:51:46 +05:00
Maryse47
fa6340cfa5
unbound.service.in: allow CAP_NET_ADMIN 
Allowing CAP_NET_ADMIN is necessary for SO_SNDBUFFORCE and SO_RCVBUFFORCE calls.
 2025-09-23 13:00:50 +02:00
Yorgos Thessalonikefs
e471e15774 - unbound.conf manpage: explicitly mention RFC6891. 2025-09-19 15:49:07 +02:00
Yorgos Thessalonikefs
ec3db03121 Changelog entry for #1337: 
- Merge #1337: 0 TTL cached replies and some TTL behavior changes.
 2025-09-19 15:01:30 +02:00
Yorgos Thessalonikefs
e2bf773089 Merge branch 'features/no-ttl-zero-cacherep' 2025-09-19 14:56:04 +02:00
Yorgos Thessalonikefs
3017a0aa52 - Update README.man with clearer text. 2025-09-19 10:03:10 +02:00
W.C.A. Wijngaards
8419e9780e - Fix to remove configure~ from release tarballs. 2025-09-19 09:46:34 +02:00
W.C.A. Wijngaards
c429c4ab96 - Tag for 1.24.0 release. Includes the fixes below after rc1. 
The repository continues with version 1.24.1.
 2025-09-18 10:57:37 +02:00
Yorgos Thessalonikefs
bc61034f60
code review: use proper roundrobin index 
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
 2025-09-17 12:19:20 +02:00
Yorgos Thessalonikefs
2dd821c257 - Too many quotes for the EDE message debug printout. 2025-09-17 11:27:16 +02:00
W.C.A. Wijngaards
713b5db537 - Fix to print warning for when so-sndbuf setsockopt is not granted. 2025-09-15 16:11:27 +02:00
Yorgos Thessalonikefs
c3a8d5251f - Small debug output improvement when attaching an EDE. 2025-09-15 12:06:49 +02:00
Yorgos Thessalonikefs
73e408f1d0 A few changes for TTL processing: 
- Cached messages that reach 0 TTL are considered expired. This prevents
  Unbound itself from issuing replies with TTL 0 and possibly causing a
  thundering herd at the last second. Upstream replies of TTL 0 still
  get the usual pass-through but they are not considered for caching
  from Unbound or any of its caching modules.
- 'serve-expired-reply-ttl' is changed and is now capped by the original
  TTL value of the record to try and make some sense when replying
  with expired records.
- TTL decoding was updated to adhere to RFC8767 section 4 where a set
  high-order bit means the value is positive instead of 0.
 2025-09-15 10:03:35 +02:00
Yorgos Thessalonikefs
d521135f66 Merge branch 'master' into features/no-ttl-zero-cacherep 2025-09-12 15:24:06 +02:00
W.C.A. Wijngaards
d71ead5598 - Update contrib/aaaa-filter-iterator.patch so it applies on 1.24.0. 2025-09-11 13:23:51 +02:00
W.C.A. Wijngaards
cdbfadfb7b - version set to 1.24.0 for release. 
- tag for 1.24.0rc1.
 2025-09-11 09:03:40 +02:00
W.C.A. Wijngaards
4267de87b5 - Fix #1332: CNAME chains are sometimes not followed when RPZs add a 
local CNAME rewrite.
 2025-09-09 12:34:11 +02:00
Yorgos Thessalonikefs
dd6200065f - Update man pages. 2025-09-08 14:50:27 +02:00
Yorgos Thessalonikefs
a72177e73c - Update documentation for using "SET ... EX" in Redis. 
- Document max buffer sizes for Redis commands.
 2025-09-08 14:49:12 +02:00
W.C.A. Wijngaards
5588f66bdb - For #1328: make depend. 2025-09-03 14:04:24 +02:00
W.C.A. Wijngaards
85e916e7e0 - Fix indentation in tcp-mss option parsing. 2025-09-02 17:12:14 +02:00
W.C.A. Wijngaards
af96824642 - Fix #1324: Memory leak in 'msgparse.c' in 
'parse_edns_options_from_query(...)'.
 2025-09-02 17:10:42 +02:00
W.C.A. Wijngaards
8faa95354d - Fix #1235: Outdated Python2 code in 
unbound/pythonmod/examples/log.py.
 2025-09-02 12:54:03 +02:00
W.C.A. Wijngaards
c57c39833e - Fix for #1324: Fix to free edns options scratch in ratelimit case. 2025-09-01 09:28:29 +02:00
Yorgos Thessalonikefs
44da5eee66 - Limit the number of consecutive reads on an HTTP/2 session. 
Thanks to Gal Bar Nahum for exposing the possibility of infinite
  reads on the session.
 2025-08-29 15:35:32 +02:00
W.C.A. Wijngaards
74bc8c9e77 - Fix setup_listen_sslctx warning for nettle compile. 2025-08-28 14:19:52 +02:00
W.C.A. Wijngaards
0c558cb805 - Fix unbound-control dump_cache for double unlock of lruhash table. 
Changelog entry.
 2025-08-27 16:55:55 +02:00
W.C.A. Wijngaards
533291dce9 - Fix unbound-control dump_cache for double unlock of lruhash table. 2025-08-27 16:55:38 +02:00
W.C.A. Wijngaards
e613e27f35 - Fix ports workflow to install expat for macos. 2025-08-26 14:41:13 +02:00
W.C.A. Wijngaards
f2f36a2733 - Fix that the zone acquired timestamp is set after the 
zonefile is read.
 2025-08-22 14:06:51 +02:00
W.C.A. Wijngaards
78d9bcacb6 - Fix #1319: [FR] zone status for Unbound auth-zones. 2025-08-22 12:40:00 +02:00
W.C.A. Wijngaards
c170ed1b30 - Fix sha1 enable environment variable in test code on windows. 2025-08-22 10:04:57 +02:00
W.C.A. Wijngaards
ebfa09e04f - For #1318: Fix compile warnings for DoH compile on windows. 2025-08-22 10:04:00 +02:00