This release fixes the novel ghost domain issues CVE-2022-30698 and
CVE-2022-30699. They were reported by Xiang Li from the Network and
Information Security Lab of Tsinghua University.
Other than that there are some bug fixes, and an option to configure the
max retransmit timeout, infra-cache-max-rtt. If left at default it does
not make any change.
Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
retransmit timeout.
Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian RodrÃguez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest
cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.
-----BEGIN PGP SIGNATURE-----
projects / thirdparty / unbound.git / tag
