c0b8e0e4a9
Changelog: 4.2.0 ================ FEATURES: - Print IP address when bind socket fails with error. - Fix #4249: The option hide-identity: yes stops NSD from responding with the hostname for chaos class queries. Implements the RFC4829 security considerations. - Patch to add support for TCP Fast Open, from Sara Dickinson (Sinodun). - Patch to add support for tls service on a specified tls port, from Sara Dickinson (Sinodun). - Use travis for build check, initial unit test and clang analysis. BUG FIXES: - Fix to delete unused zparser.default_apex member. - Fix that the TLS handshake routine sets the correct event to continue when done. - Fix that TLS renegotiation calls the read and write routines again with the same parameters when the desired event has been satisfied. - Fix that TCP Fastopen has better error message and supports OSX. - Fix to avoid buffer alloc with global buffer in tls write handler. - Fix to initialize event structure when accepting TCP connection. - Disable TLS1.0, TLS1.1 and weak ciphers, enable CIPHER_SERVER_PREFERENCE, patch from Andreas Schulze. - further setup ssl ctx after the keys are loaded, for ECDH. - TLS OCSP stapling support, enabled with tls-service-ocsp: filename, patch from Andreas Schulze. - Fix #10: Fix memory leaks caused by duplicate rr and include instructions. - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD. 4.1.27 ================ FEATURES: - Deny ANY with only one RR in response, by default. Patch from Daisuke Higashi. The deny-any statement in nsd.conf sets ANY queries over UDP to be further moved to TCP as well. Also no additional section processing for type ANY, reducing the response size. - Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig and del_tsig. These changes are gone after reload, edit the config file (or a file included from it) to make changes that last after restart. BUG FIXES: - Fix #4213: disable-ipv6 and dnstap compile error. - Fix to reduce region_log_stats if condition, this removes a debug statement. - Fix for FreeBSD port with dnstap enabled. - Fix to remove unused code. - Fix #6: nsd-control-setup: Change validity time to a shorter period (<2038). - Fix unused definition in header remote.h. - Fix #4236: IPV4_MINIMAL_RESPONSE_SIZE=1480 is slightly too big. - Fix #4235: IP_PMTUDISC_OMIT on IPv4/UDP sockets. - Fixed radtree_insert memory leak. - Fixed access recycled variable.
7 lines
450 B
Text
7 lines
450 B
Text
$NetBSD: distinfo,v 1.66 2019/06/13 13:21:40 ryoon Exp $
|
|
|
|
SHA1 (nsd-4.2.0.tar.gz) = b62d47588def467ca5af1b4155146dc08663243a
|
|
RMD160 (nsd-4.2.0.tar.gz) = 4fd282844ec078baacfe621fdb5eab41678833f3
|
|
SHA512 (nsd-4.2.0.tar.gz) = caa14fcd599ddc631cb74c3a56e571044dae1deb2fa9bd6b062f143954f9207b64b42ab5eab917360161f96bae8711df932f3e18b58be98b3f7b640071e7e807
|
|
Size (nsd-4.2.0.tar.gz) = 1141796 bytes
|
|
SHA1 (patch-aa) = d9a423d5faa8da9a213b21fd2712225ac9645091
|