<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="/rss.xsl.xml"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
    <title>Changes in tcp_conn_limit.h</title>
    <link>http://nxr.netbsd.org/rss/src/external/bsd/unbound/dist/util/tcp_conn_limit.h</link>
    <description></description>
    <language>en</language>
    <copyright>Copyright 2005</copyright>
    <generator>Java</generator>
    
<item>
    <title>branches:  1.1.1;<br/>Initial revision</title>
    <description>/src/external/bsd/unbound/dist/util/tcp_conn_limit.h - 1.1</description>
    <pubDate>Sat May 25 21:18:03 UTC 2019</pubDate>
    <dc:creator>christos</dc:creator>
</item>

<item>
    <title>Import unbound-1.23.1 (previous was 1.19.1)<br/><br/>Unbound 1.23.1<br/>July 16, 2025<br/><br/>This security release fixes the Rebirthday Attack CVE-2025-5994.<br/><br/>This re-opens up resolvers to a birthday paradox, for EDNS client subnet<br/>servers that respond with non-ECS answers. It only affects Unbound when<br/>compiled with --enable-subnet, and subnetmod is enabled with config<br/>options that send ECS information to upstream servers.<br/><br/>The CVE is described here<br/>https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt<br/><br/>We would like to thank Xiang Li (AOSP Lab, Nankai University) for<br/>discovering and responsibly disclosing the vulnerability.<br/><br/>Bug Fixes:<br/><br/>Fix RebirthDay Attack CVE-2025-5994, reported by Xiang Li from<br/>AOSP Lab Nankai University.<br/><br/>Unbound 1.23.0<br/>Apr 24, 2025<br/><br/>This release features changed defaults, fast reload, redis replica,<br/>DNS Error Reporting, and bug fixes.<br/><br/>The fast reload is a feature that is listed as experimental. With<br/>unbound-control fast_reload the server can read the new config in<br/>a thread, and when done only briefly pauses the server to update the<br/>settings. This uses double memory, for like zones from disk or config<br/>that is loaded. It only pauses the server, for like less than a second,<br/>so DNS service is not interrupted by the reload of config. A lot of<br/>config items can be changed, but not all. It has options to print<br/>more information, or memory usage, and there is a list of config<br/>options in the man page.<br/><br/>The redis replica support allows for a redis backend to use a redis<br/>replica. The read commands are sent to the redis replica host, while<br/>the write commands are sent to the redis server. So with several<br/>replicas there can be more readers that all write to the redis server.<br/><br/>With DNS error reporting, RFC9567, enabled with<br/>dns-error-reporting: yes, this uses the error reporting agent to send<br/>failure reports to. The number of error reporting queries is output in<br/>the statistics as num.dns_error_reports.<br/><br/>Some defaults are changed in this release. The resolver.arpa. and<br/>service.arpa. zones are added to the default locally served zones,<br/>this can be disabled with a nodefault local zone. The default for<br/>max-global-quota has changed to 200, after operational feedback.<br/>The defaults from RFC8767 are used by serve-expired-client-timeout<br/>on 1800 milliseconds and serve-expired-ttl on 86400 seconds. If<br/>Unbound is compiled with edns subnet, the default for module-config<br/>is no longer altered, so that compilation with subnet does not<br/>interfere when the server does not use subnet. When edns subnet needs<br/>to be enabled, module-config: "subnetcache validator iterator" should<br/>be explicitly set as configuration in the server: section.<br/><br/>If edns subnet is enabled, the default for<br/>module-config is no longer altered, so that compilation with subnet<br/>does not interfere when the server does not use subnet. When edns subnet<br/>is in use, also module-config: "subnetcache validator iterator" should<br/>be set as configuration in the server: section.<br/><br/>The RC2 has fixes for building on Solaris and portability to Windows,<br/>and fixes a memory leak for DoH.<br/><br/>Features<br/><br/>Increase the default of max-global-quota to 200 from 128 after<br/>operational feedback. Still keeping the possible amplification<br/>factor (CAMP related issues) in the hundreds.<br/>Fix #1175: serve-expired does not adhere to secure-by-default<br/>principle. The default value of serve-expired-client-timeout<br/>is set to 1800 as suggested by RFC8767.<br/>For #1175, the default value of serve-expired-ttl is set to 86400<br/>(1 day) as suggested by RFC8767.<br/>For #1207: [FR] Support for RESINFO RRType 261 (RFC9606), add<br/>LDNS_RR_TYPE_RESINFO similar to LDNS_RR_TYPE_TXT.<br/>Add resolver.arpa and service.arpa to the default locally served<br/>zones.<br/>Merge #1042: Fast Reload. The unbound-control fast_reload is added.<br/>It reads changed config in a thread, then only briefly pauses the<br/>service threads, that keep running. DNS service is only interrupted<br/>briefly, less than a second.<br/>Merge #1019: Redis read-only replica support.<br/>Introduces new 'redis-replica-*' options for the Redis cache backend.<br/>Merge #902: DNS Error Reporting (RFC 9567). Introduces new<br/>configuration option 'dns-error-reporting' and new statistics for<br/>'num.dns_error_reports'.<br/>Bug Fixes<br/><br/>Fix #1154: Tag Incorrectly Applying for Other Interfaces<br/>Using the Same IP. This fix is not for 1.22.0.<br/>Fix #1163: Typos in unbound.conf documentation.<br/>Merge #1159: Stats for discard-timeout and wait-limit.<br/>Add test case for #1159.<br/>Some clean up for stat_values.test.<br/>Merge #1170 from Melroy van den Berg, Fix chroot manpage<br/>description.<br/>Merge #1157 from Liang Zhu, Fix heap corruption when calling<br/>ub_ctx_delete in Windows.<br/>Fix redis that during a reload it does not fail if the redis<br/>server does not connect or does not respond. It still logs the<br/>errors and if the server is up checks expiration features.<br/>Merge #1167: Makefile.in: fix occasional parallel build failures<br/>around bison rule.<br/>Fix SETEX check during Redis (re)initialization.<br/>Fix for the serve expired DNSSEC information fix, it would not allow<br/>current delegation information be updated in cache. The fix allows<br/>current delegation and validation recursion information to be<br/>updated, but as a consequence no longer has certain expired<br/>information around for later dnssec valid expired responses.<br/>Fix to log redis timeout error string on failure.<br/>More descriptive text for 'harden-algo-downgrade'.<br/>Complete fix for max-global-quota to 200.<br/>Fix #1183: the data being used is released in method<br/>nsec3_hash_test_entry.<br/>Fix for #1183: release nsec3 hashes per test file.<br/>Merge #1169 from Sergey Kacheev, fix: lock-free counters for<br/>auth_zone up/down queries.<br/>Fix comparison to help static analyzer.<br/>For #1175, update serve-expired tests.<br/>Merge #1189: Fix the dname_str method to cause conversion errors<br/>when the domain name length is 255.<br/>Merge #1197: dname_str() fixes.<br/>Merge #1198: Fix log-servfail with serve expired and no useful cache<br/>contents.<br/>Safeguard alias loop while looking in the cache for expired answers.<br/>Merge #1187: Create the SSL_CTX for QUIC before chroot and privilege<br/>drop.<br/>Fix typo in log_servfail.tdir test.<br/>Merge #1204: ci: set persist-credentials: false for actions/checkout<br/>per zizmor suggestion.<br/>Merge #1174: Serve expired cache update fixes. Fixes a regression bug<br/>with serve-expired that appeared in 1.22.0 and would not allow the<br/>iterator to update the cache with not-yet-validated entries resulting<br/>in increased outgoing traffic.<br/>Merge #1214: Use TCP_NODELAY on TLS sockets to speed up the TLS<br/>handshake.<br/>Fix #1213: Misleading error message on default access control causing<br/>refuse.<br/>Merge #1221: Consider auth zones when checking for forwarders.<br/>Merge #1222: Unique DoT and DoH SSL contexts to allow for different<br/>ALPN.<br/>Create the quic SSL listening context only when needed.<br/>Fix compile of interface check code when dnscrypt or quic is<br/>disabled.<br/>Fix encoding of RR type ATMA.<br/>Fix to check length in ATMA string to wire.<br/>Merge #1229: check before use daemon-&gt;shm_info.<br/>Use the same interface listening port discovery code for all needed<br/>protocols.<br/>Port to string only when needed before getaddrinfo().<br/>Do not open unencrypted channels next to encrypted ones on the same<br/>port.<br/>Merge #1224 from Theo Buehler: Do not use DSA API unless USE_DSA is<br/>set.<br/>Merge #1220 from Petr Men#�k, Add unbound members group access to<br/>control key.<br/>Make the default value of module-config "validator iterator"<br/>regardless of compilation options. --enable-subnet would implicitly<br/>change the value to enable the subnetcache module by default in the<br/>past.<br/>Fix #986: Resolving sas.com with dnssec-validation fails though<br/>signed delegations seem to be (mostly) correct.<br/>Consider reconfigurations when calculating the still_useful_timeout<br/>for servers in the infrastructure cache.<br/>Fix static analysis report about unhandled EOF on error conditions<br/>when reading anchor key files.<br/>Merge #1241: Fix infra-keep-probing for low infra-cache-max-rtt<br/>values.<br/>Fix hash calculation for cachedb to ignore case. Previously, cached<br/>records there were only relevant for same case queries (if not<br/>already in Unbound's internal cache).<br/>Merge #1243: Do not shadow tm on line 236.<br/>Merge #1238: Prefer SOURCE_DATE_EPOCH over actual time.<br/>Add --help output description for the SOURCE_DATE_EPOCH variable.<br/>Fix 'unbound-control flush_negative' when reporting removed data;<br/>reported by David 'eqvinox' Lamparter.<br/>Fix representation of types GPOS and RESINFO, add rdf type for<br/>unquoted str.<br/>Fix #1251: WSAPoll first argument cannot be NULL.<br/>Fix for windows compile create ssl contexts.<br/>Fix print of RR type NSAP-PTR, it is an unquoted string.<br/>Fix #1253: Cache entries fail to be removed from Redis cachedb<br/>backend with unbound-control flush* +c.<br/>Fix for #1253: Fix for redis cachedb backend to expect an integer<br/>reply for the EXPIRE command.<br/>Fix #1254: send failed: Socket is not connected and<br/>remote address is 0.0.0.0 port 53.<br/>Fix #1255: Multiple pinnings to vulnerable copies of libexpat.<br/>For #1255, for ios use an older expat version that does not require<br/>C++11 language features.<br/>For #1255, for ios disable building tests that require C++11.<br/>For #1255, for ios try the latest expat version again.<br/>Fix unit test dname log printout typecast.<br/>Fix for ci test, expat is installed on the osx image.<br/>iana portlist update.<br/>Skip the unit tests for auth_tls.tdir and auth_tls_failcert.tdir.<br/>Fix escape more characters when printing an RR type with an unquoted<br/>string.<br/>Enable the auth_tls.tdir and auth_tls_failcert.tdir tests.<br/>Fix unbound-control test so it counts the new flush_negative output,<br/>also answers the _ta probe from testns and prints command output<br/>and skip a thread specific test when no threads are available.<br/>Fix that ub_event has the facility to deal with callbacks for<br/>fast reload, doq, windows-stop and dnstap.<br/>Fix fast reload test to check if pid exists before acting on it.<br/>Merge #1262 from markyang92, fix build with<br/>'gcc-15 -Wbuiltin-declaration-mismatch' error in compat/malloc.c.<br/>For #1262, ifdef is no longer needed.<br/>Fix #1263: Exempt loopback addresses from wait-limit.<br/>Fix wait-limit-netblock and wait-limit-cookie-netblock config parse<br/>to allow two arguments.<br/>Fix ub_event and include dnstap and win_svc headers.<br/>Fix test for stat_values for wait limit default...<br/><br/>Unbound 1.22.0<br/>Oct 17, 2024<br/><br/>This release has an option to harden against unverified glue, it<br/>is enabled with harden-unverified-glue: yes. It was contributed<br/>by Karthik Umashankar from Microsoft. This protects Unbound against<br/>bad glue, that is out of zone, by performing a lookup for it.<br/>Because it uses the original information as a last resort if nothing<br/>works, it should not give lookup failures, and add protection.<br/><br/>There are options to configure the scrubbing for NS records and<br/>the CNAME scrubbing and the max global quota lookup limit from<br/>previous security fix releases. They can be configured with the<br/>options iter-scrub-ns, iter-scrub-cname and max-global-quota.<br/><br/>For redis use, with cachedb, it is possible to specify the<br/>timeout for the initial connection separately from the timeout<br/>for commands. With the options redis-command-timeout: 20 and<br/>redis-connect-timeout: 200 they can be set separately, for<br/>a longer connect attempt, but a short command timeout to keep<br/>resolution faster.<br/><br/>It is possible to log with ISO8601 format with log-time-iso: yes<br/>this also logs time in milliseconds. Useful if the server writes to<br/>file, syslog may have its own format.<br/><br/>DNS over QUIC is support is added, if compiled with libngtcp2 and<br/>with the openssl+quic that it uses. Use --with-libngtcp2 for that,<br/>and enable it with quic-port: 853. There is a post about it<br/>on https://blog.nlnetlabs.nl/dns-over-quic-in-unbound [that is to<br/>appear after the release].<br/><br/>Features<br/><br/>Add iter-scrub-ns, iter-scrub-cname and max-global-quota<br/>configuration options.<br/>Merge patch to fix for glue that is outside of zone, with<br/>harden-unverified-glue, from Karthik Umashankar (Microsoft).<br/>Enabling this option protects the Unbound resolver against bad<br/>glue, that is unverified out of zone glue, by resolving them.<br/>It uses the records as last resort if there is no other working<br/>glue.<br/>Add redis-command-timeout: 20 and redis-connect-timeout: 200,<br/>that can set the timeout separately for commands and the<br/>connection set up to the redis server. If they are not<br/>specified, the redis-timeout value is used.<br/>Fix #1144: [FR] log timestamps in ISO8601 format with timezone.<br/>This adds the option log-time-iso: yes that logs in ISO8601<br/>format.<br/>Merge #871: DNS over QUIC. This adds quic-port: 853 and<br/>quic-size: 8m that enable dnsoverquic, and the counters<br/>num.query.quic and mem.quic in the statistics output.<br/>The feature needs to be enabled by compiling with libngtcp2,<br/>with --with-libngtcp2=path and libngtcp2 needs openssl+quic,<br/>pass that with --with-ssl=path to compile unbound as well.<br/>Bug Fixes<br/><br/>Fix #1126: unbound-control-setup hangs while testing for openssl<br/>presence starting from version 1.21.0.<br/>Add cross platform freebsd, openbsd and netbsd to github ci.<br/>Fix for char signedness warnings on NetBSD.<br/>Fix #1127: error: "memory exhausted" when defining more than 9994<br/>local-zones.<br/>Fix documentation for cache_fill_missing function.<br/>Fix #1130: Loads of logs: "validation failure: key for validation<br/>. is marked as invalid because of a previous" for<br/>non-DNSSEC signed zone.<br/>Fix that when rpz is applied the message does not get picked up by<br/>the validator. That stops validation failures for the message.<br/>Fix that stub-zone and forward-zone clauses do not exhaust memory<br/>for long content.<br/>Unit test for auth zone transfer TLS, and TLS failure.<br/>Fix to print port number in logs for auth zone transfer activities.<br/>Merge #1132: b.root renumbering.<br/>Fix for #1132, adjusted unit test for change in the test file.<br/>Fix for #1132, comment about adjusted copy of reference check.<br/>Merge #1135: Add new IANA trust anchor.<br/>Fix config file read for dnstap-sample-rate.<br/>Fix alloc-size and calloc-transposed-args compiler warnings.<br/>Fix comment to not trigger doxygen unknown command.<br/>Fix to limit NSEC and NSEC3 TTL when aggressive nsec is<br/>enabled (RFC9077).<br/>Add unit test for ttl limit for aggressive nsec.<br/>Fix and add comments in testdata/val_negcache_ttl.rpl.<br/>Merge #1140: Fix spelling mistake in comments.<br/>Fix doxygen warnings by commenting out CLANG_ASSISTED_PARSING,<br/>CLANG_ADD_INC_PATHS, CLANG_OPTIONS and CLANG_DATABASE_PATH; they were<br/>already disabled.<br/>Fix dns64 with prefetch that the prefetch is stored in cache.<br/>Attempt to further fix doh_downstream_buffer_size.tdir flakiness.<br/>More clear text for prefetch and minimal-responses in the<br/>unbound.conf man page.<br/>Merge #1143: Fix cache update when serve expired is used. Expired<br/>records are favored over resolution and validation failures when<br/>serve-expired is used.<br/>Fix negative cache NSEC3 parameter compares for zero length NSEC3<br/>salt.<br/>Fix unbound dnstap socket test program analyzer warnings about<br/>unused variable assignments and variable initialization.<br/>Fix #1149: unbound-control-setup hangs sometimes depending on<br/>the openssl version.<br/>Fix #1128: Cannot override tcp-upstream and tls-upstream with<br/>forward-tcp-upstream and forward-tls-upstream.<br/>Fix to limit NSEC TTL for messages from cachedb. Fix to limit the<br/>prefetch ttl for messages after a CNAME with short TTL.<br/>Fix for dnstap compile of doqclient with doq disabled.<br/>Fix cookie_file test sporadic fails for time change during<br/>the test.<br/>Fix add reallocarray to alloc stats unit test, and disable<br/>override of strdup in unbound-host, and the result of config<br/>get option is freed properly.<br/>Fix to disable detection of quic configured ports when quic is<br/>not compiled in.<br/>Fix harden-unverified-glue for AAAA cache_fill_missing lookups.<br/>Fix contrib/aaaa-filter-iterator.patch for change in call<br/>signature for cache_fill_missing.<br/>Fix to display warning if quic-port is set but dnsoverquic is not<br/>enabled when compiled.<br/>Fix dnsoverquic to extend the number of streams when one is closed.<br/>Fix for dnstap with dnscrypt and dnstap without dnsoverquic.<br/>Fix for dnsoverquic and dnstap to use the correct dnstap<br/>environment.<br/><br/>Unbound 1.21.1<br/>Oct 4, 2024<br/><br/>This security release fixes CVE-2024-8508.<br/><br/>A vulnerability has been discovered in Unbound when handling replies<br/>with very large RRsets that Unbound needs to perform name compression<br/>for.<br/><br/>Malicious upstreams responses with very large RRsets can cause Unbound<br/>to spend a considerable time applying name compression to downstream<br/>replies. This can lead to degraded performance and eventually denial of<br/>service in well orchestrated attacks.<br/><br/>The vulnerability can be exploited by a malicious actor querying Unbound<br/>for the specially crafted contents of a malicious zone with very large<br/>RRsets.<br/>Before Unbound replies to the query it will try to apply name<br/>compression which was an unbounded operation that could lock the CPU<br/>until the whole packet was complete.<br/><br/>Unbound version 1.21.1 introduces a hard limit on the number of name<br/>compression calculations it is willing to do per packet.<br/>Packets that need more compression will result in semi-compressed<br/>packets or truncated packets, even on TCP for huge messages, to avoid<br/>locking the CPU for long.<br/><br/>This change should not affect normal DNS traffic.<br/><br/>We would like to thank Toshifumi Sakaguchi for discovering and<br/>responsibly disclosing the vulnerability.<br/><br/>Bug Fixes:<br/><br/>Fix CVE-2024-8508, unbounded name compression could lead to denial of<br/>service.<br/><br/>Unbound 1.21.0<br/>Aug 15, 2024<br/><br/>This release has a fix for the CAMP and CacheFlush issues. They have a<br/>low severity for Unbound, since it does not affect Unbound so much.<br/><br/>The Compositional Amplification (CAMP) type of attacks can lead to DoS<br/>attacks against DNS servers. In Unbound legitimate client requests to<br/>the resolvers under typical workload are not directly affected by CAMP<br/>attacks. However we introduce a global quota for 128 outgoing packets<br/>per query (and it's subqueries) that is never reset to prevent the<br/>combination of CAMP with other amplification attacks in the future. We<br/>would like to thank Huayi Duan, Marco Bearzi, Jodok Vieli, and Cagin<br/>Tanir from NetSec group, ETH Zurich for discovering and notifying us<br/>about the issue.<br/><br/>The CacheFlush type of attacks (NSCacheFlush, CNAMECacheFlush) try to<br/>evict cached data by utilizing rogue zones and a steady rogue stream to<br/>a resolver. Based on the zone, the stream, the configured cache size<br/>and the legitimate traffic, Unbound could experience a degradation of<br/>service if a useful entry is evicted and Unbound needs to resolve again.<br/>As a mitigation to the NSCacheFlush attack Unbound is setting a limit<br/>of 20 RRs in an NS RRset. We would like to thank Yehuda Afek, Anat<br/>Bremler-Barr, Shoham Danino and Yuval Shavitt (Tel-Aviv University and<br/>Reichman University) for discovering and notifying us about the issue.<br/><br/>Other fixes in this release are bug fixes. Also the unbound control<br/>commands that flush the cache can clear both the memory and cachedb<br/>module cache. The ipset module can use BSD pf tables. The new option<br/>dnstap-sample-rate: 100 can be used to log 1/N messages, for use in<br/>high volume server environments where the log server does not keep up.<br/><br/>The new DNSSEC key for the root, 38696 from 2024 has been added. It is<br/>added to the default root keys in unbound-anchor. The content can be<br/>inspected with unbound-anchor -l. Older versions of Unbound can keep<br/>up with the root key with auto-trust-anchor-file that has RFC5011<br/>key rollover. Also unbound-anchor can fetch the keys from the website<br/>with a certificate if needed.<br/><br/>For cookie secrets, it is possible to perform rollover. The file<br/>with cookie secret in use and the staging secret is configured<br/>with cookie-secret-file. With the remote control the rollover can be<br/>performed, add_cookie_secret, activate_cookie_secret, drop_cookie_secret<br/>and print_cookie_secrets can be used for that.<br/><br/>Compared to the RC1, the release has a fix for module loading on Windows,<br/>and a spelling correction.<br/><br/>Features<br/><br/>Fix #1071: [FR] Clear both in-memory and cachedb module cache with<br/>unbound-control flush* commands.<br/>Fix #144: Port ipset to BSD pf tables.<br/>Add dnstap-sample-rate that logs only 1/N messages, for high volume<br/>server environments. Thanks Dan Luther.<br/>Add root key 38696 from 2024 for DNSSEC validation. It is added<br/>to the default root keys in unbound-anchor. The content can be<br/>inspected with unbound-anchor -l.<br/>Merge #1090: Cookie secret file. Adds<br/>cookie-secret-file: "unbound_cookiesecrets.txt" option to store<br/>cookie secrets for EDNS COOKIE secret rollover. The remote control<br/>add_cookie_secret, activate_cookie_secret and drop_cookie_secret<br/>commands can be used for rollover, the command print_cookie_secrets<br/>shows the values in use.<br/>Bug Fixes<br/><br/>Fix CAMP issues with global quota. Thanks to Huayi Duan, Marco<br/>Bearzi, Jodok Vieli, and Cagin Tanir from NetSec group, ETH Zurich.<br/>Fix CacheFlush issues with limit on NS RRs. Thanks to Yehuda Afek,<br/>Anat Bremler-Barr, Shoham Danino and Yuval Shavitt (Tel-Aviv<br/>University and Reichman University).<br/>Merge #1062: Fix potential overflow bug while parsing port in<br/>function cfg_mark_ports.<br/>Fix for #1062: declaration before statement, avoid print of null,<br/>and redundant check for array size.<br/>Fix to squelch udp connect errors in the log at low verbosity about<br/>invalid argument for IPv6 link local addresses.<br/>Fix when the mesh jostle is exceeded that nameserver targets are<br/>marked as resolved, so that the lookup is not stuck on the<br/>requestlist.<br/>Add missing common functions to tdir tests.<br/>Merge #1070: Fix rtt assignement for low values of<br/>infra-cache-max-rtt.<br/>Merge #1069: Fix unbound-control stdin commands for multi-process<br/>Unbounds.<br/>Fix unbound-control commands that read stdin in multi-process<br/>operation (local_zones_remove, local_zones, local_datas_remove,<br/>local_datas, view_local_datas_remove, view_local_datas). They will<br/>be properly distributed to all processes. dump_cache and load_cache<br/>are no longer supported in multi-process operation.<br/>Remove testdata/remote-threaded.tdir. testdata/09-unbound-control.tdir<br/>now checks both single and multi process/thread operation.<br/>Merge #1073: fix null pointer dereference issue in function<br/>ub_ctx_set_fwd.<br/>Fix to print a parse error when config is read with no name for<br/>a forward-zone, stub-zone or view.<br/>Fix for parse end of forward-zone, stub-zone and view.<br/>Fix for #1064: Fix that cachedb expired messages are considered<br/>insecure, and thus can be served to clients when dnssec is enabled.<br/>Fix #1059: Intermittent DNS blocking failure with local-zone and<br/>always_nxdomain. Addition of local_zones dynamically via<br/>unbound-control was not finding the zone's parent correctly.<br/>Fix #1064: Unbound 1.20 Cachedb broken?<br/>Fix unused variable warning on compilation with no thread support.<br/>unbound-control-setup: check openssl availability before doing<br/>anything, patch from Michael Tokarev.<br/>Update patch to remove 'command' shell builtin and update error<br/>text.<br/>Fix to enable that SERVFAIL is cached, for a short period, for more<br/>cases. In the cases where limits are exceeded.<br/>Fix spelling of tcp-idle-timeout docs, from Michael Tokarev.<br/>Merge #1078: Only check old pid if no username.<br/>Fix #1079: tags from tagged rpz zones are no longer honored after<br/>upgrade from 1.19.3 to 1.20.0.<br/>Fix for #1079: fix RPZ taglist in iterator callback that no client<br/>info is like no taglist intersection.<br/>Fix to squelch connection reset by peer errors from log. And fix<br/>that the tcp read errors are labeled as initial for the first calls.<br/>Merge #1080: AddressSanitizer detection in tdir tests and memory leak<br/>fixes.<br/>Fix memory leak when reload_keep_cache is used and num-threads<br/>changes.<br/>Fix memory leak on exit for unbound-dnstap-socket; creates false<br/>negatives during testing.<br/>Fix memory leak in setup of dsa sig.<br/>Fix typos for 'the the' in text.<br/>Fix validation for repeated use of a DNAME record.<br/>Add unit test for validation of repeated use of a DNAME record.<br/>Fix #1091: Build fails with OpenSSL &gt;= 3.0 built with<br/>OPENSSL_NO_DEPRECATED.<br/>Fix #1092: Ubuntu 22.04 Jammy fails to compile unbound 1.20.0; by<br/>adding helpful text for the Python interpreter version and allowing<br/>the default pkg-config unavailability error message to be shown.<br/>Fix pkg-config availability check in dnstap/dnstap.m4 and<br/>systemd.m4.<br/>Explicitly set the RD bit for the mesh query flags when prefetching.<br/>These queries have no waiting client but they need to be treated as<br/>recursive.<br/>Fix ip-ratelimit-cookie setting, it was not applied.<br/>Fix to remove unused include from the readzone test program.<br/>Fix unused variable warning in do_cache_remove.<br/>Fix compile warning in worker pthread id printout.<br/>Add unit test skip files and bison and flex output to gitignore.<br/>Fix to use modstack_init in zonemd unit test.<br/>Fix to remove unneeded linebreak in fptr_wlist.c.<br/>Fix compile warnings in fptr_wlist.c.<br/>Fix for repeated use of a DNAME record: first overallocate and then<br/>move the exact size of the init value to avoid false positive heap<br/>overflow reads from address sanitizers.<br/>Fix to print details about the failure to lookup a DNSKEY record<br/>when validation fails due to the missing DNSKEY. Also for key prime<br/>and DS lookups.<br/>Fix for neater printout for error for missing DS response.<br/>Fix neater printout.<br/>Fix #1099: Unbound core dump on SIGSEGV.<br/>Fix for #1099: Fix to check for deleted RRset when the contents<br/>is updated and fetched after it is stored, and also check for a<br/>changed RRset.<br/>Don't check for message TTL changes if the RRsets remain the same.<br/>Fix that validation reason failure that uses string print uses<br/>separate buffer that is passed, from the scratch validation buffer.<br/>Fixup algo_needs_reason string buffer length.<br/>Fix shadowed error string variable in validator dnskey handling.<br/>Update list of known EDE codes.<br/>For #773: In contrib/unbound.service.in set unbound to start after<br/>network-online.target. Also for contrib/unbound_portable.service.in.<br/>Fix #1103: unbound 1.20.0 segmentation fault with nghttp2.<br/>For #1103: fix to also drop mesh state reference when a h2 reply is<br/>dropped.<br/>Add RPZ tag tests in acl_interface.tdir.<br/>For #1102: clearer text for using interface-* options for the<br/>loopback interface.<br/>For #1103: fix to also drop mesh state reference when the discard<br/>limit is reached, when there is an error making a new recursion<br/>state and when the connection is dropped with is_drop.<br/>For #1103: Fix to drop mesh state reference for the http2 stream<br/>associated with the reply, not the currently active stream. And<br/>it does not remove it twice on a mesh_send_reply call. The reply<br/>h2_stream is NULL when not in use, for more initialisation.<br/>Fix dnstap wakeup, a running wakeup timer is left to expire and not<br/>increased, a timer is started when the dtio thread is sleeping,<br/>the timer set disabled when the dtio thread goes to sleep, and<br/>after sleep the thread checks to see if there are messages to log<br/>immediately.<br/>Merge #1110: Make fallthrough explicit for libworker.c.<br/>For #1110: Test for fallthrough attribute in configure and add<br/>fallthrough attribute an...<br/><br/>Unbound 1.20.0<br/>May 8, 2024<br/><br/>This release has a fix for the DNSBomb issue CVE-2024-33655. This has a<br/>low severity for Unbound, since it makes Unbound complicit in targeting<br/>others, but does not affect Unbound so much.<br/><br/>To mitigate the issue new configuration options are introduced.<br/>The options discard-timeout: 1900, wait-limit: 1000<br/>and wait-limit-cookie: 10000 are enabled by default. They limit the<br/>number of outstanding queries that a querier can have. This limits<br/>the reply pulse, and make Unbound less favorable for the issue.<br/>With the config wait-limit-netblock and wait-limit-cookie-netblock<br/>the parameters can be fine tuned for specific destinations.<br/>More information on the attack and Unbound's mitigations are<br/>presented further down.<br/><br/>Other fixes in this release are that Unbound no longer follows symlinks<br/>when truncating the pidfile. Unbound also does not chown the pidfile,<br/>this is for safety reasons. There are also a number of fixes for RPZ, in<br/>handling CNAMEs. There is a memory leak fix for the edns client subnet<br/>cache. For DNSSEC validation a case is fixed when the query is of type<br/>DNAME. The unbound-anchor program is fixed to first write to a temporary<br/>file, before replacing the original. This handles disk full situations,<br/>and because of it unbound-anchor needs permission to create that file,<br/>in the same directory as the original file. There is also a fix for<br/>IP_DONTFRAG, to disable fragmentation instead of the opposite.<br/><br/>The option cache-min-negative-ttl can be used to set the minimum TTL<br/>for negative responses in the cache. It complements existing options to<br/>set the maximum ttl for negative responses and to set the minimum and<br/>maximum ttl but not specifically for negative responses.<br/><br/>The option cachedb-check-when-serve-expired option makes Unbound use<br/>cachedb to check for expired responses, when serve-expired is enabled,<br/>and cachedb is used. It is enabled by default.<br/><br/>The -q option for unbound-checkconf can be added to silence it when<br/>there are no errors.<br/><br/>The DNSBomb vulnerability CVE-2024-33655.<br/><br/>== Summary<br/>The DNSBomb attack, via specially timed DNS queries and answers, can<br/>cause a Denial of Service on resolvers and spoofed targets.<br/><br/>Unbound itself is not vulnerable for DoS, rather it can be used to take<br/>part in a pulsing DoS amplification attack.<br/><br/>Unbound 1.20.0 includes fixes so the impact of the DoS from Unbound<br/>is significantly lower than it used to be and making the attack, and<br/>Unbound's participation, less tempting for attackers.<br/><br/>== Affected products<br/>Unbound up to and including 1.19.3.<br/><br/>== Description<br/>The DNSBomb attack works by sending low-rate spoofed queries for a<br/>malicious zone to Unbound. By controlling the delay of the malicious<br/>authoritative answers, Unbound slowly accumulates pending answers for<br/>the spoofed addresses. When the authoritative answers become available<br/>to Unbound at the same time, Unbound starts serving all the accumulated<br/>queries. This results into large-sized, concentrated response bursts to<br/>the spoofed addresses.<br/><br/>From version 1.20.0 on, Unbound introduces a couple of configuration<br/>options to help mitigate the impact.<br/>Their complete description can be found in the included manpages but<br/>they are also briefly listed here together with their default values for<br/>convenience:<br/><br/>discard-timeout: 1900<br/>After 1900 ms a reply to the client will be dropped.<br/>Unbound would still work on the query but refrain from replying in<br/>order to not accumulate a huge number of "old" replies.<br/>Legitimate clients retry on timeouts.<br/><br/>wait-limit: 1000<br/>wait-limit-cookie: 10000<br/>Limits the amount of client queries that require recursion<br/>(cache-hits are not counted) per IP address. More recursive queries<br/>than the allowed limit are dropped. Clients with a valid EDNS Cookie<br/>can have a different limit, higher by default.<br/>wait-limit: 0 disables all wait limits.<br/><br/>wait-limit-netblock<br/>wait-limit-cookie-netblock<br/>These do not have a default value but they can fine grain<br/>configuration for specific netblocks. With or without EDNS Cookies.<br/><br/>The options above are trying to shrink the DNSBomb window so that the<br/>impact of the DoS from Unbound is significantly lower than it used to be<br/>and making the attack, and Unbound's participation, less tempting for<br/>attackers.<br/><br/>== Acknowledgements<br/>We would like to thank Xiang Li from the Network and Information<br/>Security Lab of Tsinghua University for discovering and disclosing the<br/>attack.<br/><br/>Features<br/><br/>The config for discard-timeout, wait-limit, wait-limit-cookie,<br/>wait-limit-netblock and wait-limit-cookie-netblock was added, for<br/>the fix to the DNSBomb issue.<br/>Merge #1027: Introduce 'cache-min-negative-ttl' option.<br/>Merge #1043 from xiaoxiaoafeifei: Add loongarch support; updates<br/>config.guess(2024-01-01) and config.sub(2024-01-01), verified<br/>with upstream.<br/>Implement cachedb-check-when-serve-expired: yes option, default<br/>is enabled. When serve expired is enabled with cachedb, it first<br/>checks cachedb before serving the expired response.<br/>Fix #876: [FR] can unbound-checkconf be silenced when configuration<br/>is valid?<br/>Bug Fixes<br/><br/>Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li<br/>from the Network and Information Security Lab of Tsinghua University<br/>for reporting it.<br/>Update doc/unbound.doxygen with 'doxygen -u'. Fixes option<br/>deprecation warnings and updates with newer defaults.<br/>Remove unused portion from iter_dname_ttl unit test.<br/>Fix validator classification of qtype DNAME for positive and<br/>redirection answers, and fix validator signature routine for dealing<br/>with the synthesized CNAME for a DNAME without previously<br/>encountering it and also for when the qtype is DNAME.<br/>Fix qname minimisation for reply with a DNAME for qtype CNAME that<br/>answers it.<br/>Fix doc test so it ignores but outputs unsupported doxygen options.<br/>Fix #1021 Inconsistent Behavior with Changing rpz-cname-override<br/>and doing a unbound-control reload.<br/>Merge #1028: Clearer documentation for tcp-idle-timeout and<br/>edns-tcp-keepalive-timeout.<br/>Fix #1029: rpz trigger clientip and action rpz-passthru not working<br/>as expected.<br/>Fix rpz that the rpz override is taken in case of clientip triggers.<br/>Fix that the clientip passthru action is logged. Fix that the<br/>clientip localdata action is logged. Fix rpz override action cname<br/>for the clientip trigger.<br/>Fix to unify codepath for local alias for rpz cname action override.<br/>Fix rpz for cname override action after nsdname and nsip triggers.<br/>Fix that addrinfo is not kept around but copied and freed, so that<br/>log-destaddr uses a copy of the information, much like NSD does.<br/>Merge #1030: Persist the openssl and expat directories for repeated<br/>Windows builds.<br/>Fix that rpz CNAME content is limited to the max number of cnames.<br/>Fix rpz, it follows iterator CNAMEs for nsip and nsdname and sets<br/>the reply query_info values, that is better for debug logging.<br/>Fix rpz that copies the cname override completely to the temp<br/>region, so there are no references to the rpz region.<br/>Add rpz unit test for nsip action override.<br/>Fix rpz for qtype CNAME after nameserver trigger.<br/>Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that<br/>clientip and nsip can give a CNAME.<br/>Fix localdata and rpz localdata to match CNAME only if no direct<br/>type match is available.<br/>Merge #831 from Pierre4012: Improve Windows NSIS installer<br/>script (setup.nsi).<br/>For #831: Format text, use exclamation icon and explicit label<br/>names.<br/>Fix name of unit test for subnet cache response.<br/>Fix #1032: The size of subnet_msg_cache calculation mistake cause<br/>memory usage increased beyond expectations.<br/>Fix for #1032, add safeguard to make table space positive.<br/>Fix comment in lruhash space function.<br/>Fix to add unit test for lruhash space that exercises the routines.<br/>Fix that when the server truncates the pidfile, it does not follow<br/>symbolic links.<br/>Fix that the server does not chown the pidfile.<br/>Fix #1034: DoT forward-zone via unbound-control.<br/>Fix for crypto related failures to have a better error string.<br/>Fix #1035: Potential Bug while parsing port from the "stub-host"<br/>string; also affected forward-zones and remote-control host<br/>directives.<br/>Fix #369: dnstap showing extra responses; for client responses<br/>right from the cache when replying with expired data or<br/>prefetching.<br/>Fix #1040: fix heap-buffer-overflow issue in function cfg_mark_ports<br/>of file util/config_file.c.<br/>For #1040: adjust error text and disallow negative ports in other<br/>parts of cfg_mark_ports.<br/>Fix comment syntax for view function views_find_view.<br/>Fix #595: unbound-anchor cannot deal with full disk; it will now<br/>first write out to a temp file before replacing the original one,<br/>like Unbound already does for auto-trust-anchor-file.<br/>Fixup compile without cachedb.<br/>Add test for cachedb serve expired.<br/>Extended test for cachedb serve expired.<br/>Fix makefile dependencies for fake_event.c.<br/>Fix cachedb for serve-expired with serve-expired-reply-ttl.<br/>Fix to not reply serve expired unless enabled for cachedb.<br/>Fix cachedb for serve-expired with serve-expired-client-timeout.<br/>Fixup unit test for cachedb server expired client timeout with<br/>a check if response if from upstream or from cachedb.<br/>Fixup cachedb to not refetch when serve-expired-client-timeout is<br/>used.<br/>Merge #1049 from Petr Men#�k: Py_NoSiteFlag is not needed since<br/>Python 3.8<br/>Fix #1048: Update ax_pkg_swig.m4 and ax_pthread.m4.<br/>Fix configure, autoconf for #1048.<br/>Add checklock feature verbose_locking to trace locks and unlocks.<br/>Fix edns subnet to sort rrset references when storing messages<br/>in the cache. This fixes a race condition in the rrset locks.<br/>Merge #1053: Remove child delegations from cache when grandchild<br/>delegation...<br/><br/>Unbound 1.19.3<br/>Mar 14, 2024<br/><br/>This release has a number of bug fixes. The CNAME synthesized for a<br/>DNAME record uses the original TTL, of the DNAME record, and that means<br/>it can be cached for the TTL, instead of 0.<br/><br/>There is a fix that when a message was stored in cache, but one of the<br/>RRsets was not updated due to cache policy, it now restricts the message<br/>TTL if the cache version of the RRset has a shorter TTL. It avoids a<br/>bug where the message is not expired, but its contents is expired.<br/><br/>For dnstap, it logs type DoH and DoT correctly, if that is used for<br/>the message.<br/><br/>The b.root-servers.net address is updated in the default root hints.<br/><br/>When performing retries for failed sends, a retry at a smaller UDP size<br/>is now not performed when that attempt is not actually smaller, and at<br/>defaults, since the flag day changes, it is the same size. This makes<br/>it skip the step, it is useless because there is no reduction in size.<br/><br/>Clients with a valid DNS Cookie will bypass the ratelimit, if one is<br/>set. The value from ip-ratelimit-cookie is used for these queries.<br/><br/>Furthermore there is a fix to make correct EDE Prohibited answers for<br/>access control denials, and a fix for EDNS client subnet scope zero<br/>answers.<br/><br/>Features:<br/><br/>Merge PR #973: Use the origin (DNAME) TTL for synthesized CNAMEs as<br/>per RFC 6672.<br/>Bug Fixes:<br/><br/>Fix unit test parse of origin syntax.<br/>Use 127.0.0.1 explicitly in tests to avoid delays and errors on<br/>newer systems.<br/>Fix #964: config.h.in~ backup file in release tar balls.<br/>Merge #968: Replace the obsolescent fgrep with grep -F in tests.<br/>Merge #971: fix 'WARNING: Message has 41 extra bytes at end'.<br/>Fix #969: [FR] distinguish Do53, DoT and DoH in the logs.<br/>Fix dnstap that assertion failed on logging other than UDP and TCP<br/>traffic. It lists it as TCP traffic.<br/>Fix to sync the tests script file common.sh.<br/>iana portlist update.<br/>Updated IPv4 and IPv6 address for b.root-servers.net in root hints.<br/>Update test script file common.sh.<br/>Fix tests to use new common.sh functions, wait_logfile and<br/>kill_from_pidfile.<br/>Fix #974: doc: default number of outgoing ports without libevent.<br/>Merge #975: Fixed some syntax errors in rpl files.<br/>Fix root_zonemd unit test, it checks that the root ZONEMD verifies,<br/>now that the root has a valid ZONEMD.<br/>Update example.conf with cookie options.<br/>Merge #980: DoH: reject non-h2 early. To fix #979: Improve errors<br/>for non-HTTP/2 DoH clients.<br/>Merge #985: Add DoH and DoT to dnstap message.<br/>Fix #983: Sha1 runtime insecure change was incomplete.<br/>Remove unneeded newlines and improve indentation in remote control<br/>code.<br/>Merge #987: skip edns frag retry if advertised udp payload size is<br/>not smaller.<br/>Fix unit test for #987 change in udp1xxx retry packet send.<br/>Merge #988: Fix #981: dump_cache truncates large records.<br/>Fix to link with -lcrypt32 for OpenSSL 3.2.0 on Windows.<br/>Fix to link with libssp for libcrypto and getaddrinfo check for<br/>only header. Also update crosscompile to remove ssp for 32bit.<br/>Merge #993: Update b.root-servers.net also in example config file.<br/>Update workflow for ports to use newer openssl on windows compile.<br/>Fix warning for windres on resource files due to redefinition.<br/>Fix for #997: Print details for SSL certificate failure.<br/>Update error printout for duplicate trust anchors to include the<br/>trust anchor name (relates to #920).<br/>Update message TTL when using cached RRSETs. It could result in<br/>non-expired messages with expired RRSETs (non-usable messages by<br/>Unbound).<br/>Merge #999: Search for protobuf-c with pkg-config.<br/>Fix #1006: Can't find protobuf-c package since #999.<br/>Fix documentation for access-control in the unbound.conf man page.<br/>Merge #1010: Mention REFUSED has the TC bit set with unmatched<br/>allow_cookie acl in the manpage. It also fixes the code to match the<br/>documentation about clients with a valid cookie that bypass the<br/>ratelimit regardless of the allow_cookie acl.<br/>Document the suspend argument for process_ds_response().<br/>Move github workflows to use checkoutv4.<br/>Fix edns subnet replies for scope zero answers to not get stored<br/>in the global cache, and in cachedb, when the upstream replies<br/>without an EDNS record.<br/>Fix for #1022: Fix ede prohibited in access control refused answers.<br/>Fix unbound-control-setup.cmd to use 3072 bits so that certificates<br/>are long enough for newer OpenSSL versions.<br/>Fix TTL of synthesized CNAME when a DNAME is used from cache.<br/>Fix unbound-control-setup.cmd to have CA v3 basicConstraints,<br/>like unbound-control-setup.sh has.<br/><br/>Unbound 1.19.2<br/>Mar 7, 2024<br/><br/>This security release fixes CVE-2024-1931.<br/><br/>NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1<br/>contain a vulnerability that can cause denial of service by a certain<br/>code path that can lead to an infinite loop.<br/><br/>Unbound 1.18.0 introduced a feature that removes EDE records from<br/>responses with size higher than the client's advertised buffer size.<br/>Before removing all the EDE records however, it would try to see if<br/>trimming the extra text fields on those records would result in an<br/>acceptable size while still retaining the EDE codes.<br/>Due to an unchecked condition, the code that trims the text of the EDE<br/>records could loop indefinitely.<br/>This happens when Unbound would reply with attached EDE information on a<br/>positive reply and the client's buffer size is smaller than the needed<br/>space to include EDE records.<br/><br/>The vulnerability can only be triggered when the 'ede: yes' option is<br/>used; non default configuration.<br/><br/>From version 1.19.2 on, the code is fixed to avoid looping indefinitely.<br/><br/>We would like to thank Fredrik Pettai and Patrik Lundin from SUNET for<br/>notifying us about the issue and working with us to identify the<br/>vulnerability.<br/><br/>Bug Fixes:<br/><br/>Fix CVE-2024-1931, Denial of service when trimming EDE text on<br/>positive replies.</title>
    <description>/src/external/bsd/unbound/dist/util/tcp_conn_limit.h - 1.1.1.2</description>
    <pubDate>Sat Sep 06 14:24:24 UTC 2025</pubDate>
    <dc:creator>christos</dc:creator>
</item>

<item>
    <title>branches:  1.1.1.1.2;  1.1.1.1.16;<br/>Import 1.9.1:<br/><br/>1 March 2019: Wouter<br/>	- output forwarder log in ssl_req_order test.<br/><br/>28 February 2019: Wouter<br/>	- Remove memory leak on pythonmod python2 script file init.<br/>	- Remove swig gcc8 python function cast warnings, they are ignored.<br/>	- Print correct module that failed when module-config is wrong.<br/><br/>27 February 2019: Wouter<br/>	- Fix #4229: Unbound man pages lack information, about access-control<br/>	  order and local zone tags, and elements in views.<br/>	- Fix #14: contrib/unbound.init: Fix wrong comparison judgment<br/>	  before copying.<br/>	- Fix for python module on Windows, fix fopen.<br/><br/>25 February 2019: Wouter<br/>	- Fix #4227: pair event del and add for libevent for tcp_req_info.<br/><br/>21 February 2019: Wouter<br/>	- Fix the error for unknown module in module-config is understandable,<br/>	  and explains it was not compiled in and where to see the list.<br/>	- In example.conf explain where to put cachedb module in module-config.<br/>	- In man page and example config explain that most modules have to<br/>	  be listed at the start of module-config.<br/><br/>20 February 2019: Wouter<br/>	- Fix pythonmod include and sockaddr_un ifdefs for compile on<br/>	  Windows, and for libunbound.<br/><br/>18 February 2019: Wouter<br/>	- Print query name with ip_ratelimit exceeded log lines.<br/>	- Spaces instead of tabs in that log message.<br/>	- Print query name and IP address when domain rate limit exceeded.<br/><br/>14 February 2019: Wouter<br/>	- Fix capsforid canonical sort qsort callback.<br/><br/>11 February 2019: Wouter<br/>	- Note default for module-config in man page.<br/>	- Fix recursion lame test for qname minimisation asked queries,<br/>	  that were not present in the set of prepared answers.<br/>	- Fix #13: Remove left-over requirements on OpenSSL &gt;= 1.1.0 for<br/>	  cert name matching, from man page.<br/>	- make depend, with newer gcc, nicer layout.<br/><br/>7 February 2019: Wouter<br/>	- Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2.<br/>	- Fix that qname minimisation does not skip a label when missing<br/>	  nameserver targets need to be fetched.<br/>	- Fix #4225: clients seem to erroneously receive no answer with<br/>	  DNS-over-TLS and qname-minimisation.<br/><br/>4 February 2019: Wouter<br/>	- Fix that log-replies prints the correct name for local-alias<br/>	  names, for names that have a CNAME in local-data configuration.<br/>	  It logs the original query name, not the target of the CNAME.<br/>	- Add local-zone type inform_redirect, which logs like type inform,<br/>	  and redirects like type redirect.<br/>	- Perform canonical sort for 0x20 capsforid compare of replies,<br/>	  this sorts rrsets in the authority and additional section before<br/>	  comparison, so that out of order rrsets do not cause failure.<br/><br/>31 January 2019: Wouter<br/>	- Set ub_ctx_set_tls call signature in ltrace config file for<br/>	  libunbound in contrib/libunbound.so.conf.<br/>	- improve documentation for tls-service-key and forward-first.<br/>	- #10: fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of<br/>	  conditional section, fixes systemd builds, from Enrico Scholz.<br/>	- #9: For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,<br/>	  still supports the set_id_callback previous API.  And for 1.1.0<br/>	  no locking callbacks are needed.<br/>	- #8: Fix OpenSSL without ENGINE support compilation.<br/>	- Wipe TLS session key data from memory on exit.<br/><br/>30 January 2019: Ralph<br/>	- Fix case in which query timeout can result in marking delegation<br/>	  as edns_lame_known.<br/><br/>29 January 2019: Wouter<br/>	- Fix spelling of tls-ciphers in example.conf.in.<br/>	- Fix #4224: auth_xfr_notify.rpl test broken due to typo<br/>	- Fix locking for libunbound context setup with broken port config.<br/><br/>28 January 2019: Wouter<br/>	- ub_ctx_set_tls call for libunbound that enables DoT for the machines<br/>	  set with ub_ctx_set_fwd.  Patch from Florian Obser.<br/>	- Set build system for added call in the libunbound API.<br/>	- List example config for root zone copy locally hosted with auth-zone<br/>	  as suggested from draft-ietf-dnsop-7706-bis-02.  But with updated<br/>	  B root address.<br/>	- set version to 1.9.0 for release.  And this was released with the<br/>	  spelling for tls-ciphers fix as 1.9.0 on Feb 5.  Trunk has 1.9.1 in<br/>	  development.<br/><br/>25 January 2019: Wouter<br/>	- Fix that tcp for auth zone and outgoing does not remove and<br/>	  then gets the ssl read again applied to the deleted commpoint.<br/>	- updated contrib/fastrpz.patch to cleanly diff.<br/>	- no lock when threads disabled in tcp request buffer count.<br/>	- remove compile warnings from libnettle compile.<br/>	- output of newer lex 2.6.1 and bison 3.0.5.<br/><br/>24 January 2019: Wouter<br/>	- Newer aclocal and libtoolize used for generating configure scripts,<br/>	  aclocal 1.16.1 and libtoolize 2.4.6.<br/>	- Fix unit test for python 3.7 new keyword 'async'.<br/>	- clang analysis fixes, assert arc4random buffer in init,<br/>	  no check for already checked delegation pointer in iterator,<br/>	  in testcode check for NULL packet matches, in perf do not copy<br/>	  from NULL start list when growing capacity.  Adjust host and file<br/>	  only when present in test header read to please checker.  In<br/>	  testcode for unknown macro operand give zero result. Initialise the<br/>	  passed argv array in test code.  In test code add EDNS data<br/>	  segment copy only when nonempty.<br/>	- Patch from Florian Obser fixes some compiler warnings:<br/>	  include mini_event.h to have a prototype for mini_ev_cmp<br/>	  include edns.h to have a prototype for apply_edns_options<br/>	  sldns_wire2str_edns_keepalive_print is only called in the wire2str,<br/>	  module declare it static to get rid of compiler warning:<br/>	  no previous prototype for function<br/>	  infra_find_ip_ratedata() is only called in the infra module,<br/>	  declare it static to get rid of compiler warning:<br/>	  no previous prototype for function<br/>	  do not shadow local variable buf in authzone<br/>	  auth_chunks_delete and az_nsec3_findnode are only called in the<br/>	  authzone module, declare them static to get rid of compiler warning:<br/>	  no previous prototype for function...<br/>	  copy_rrset() is only called in the respip module, declare it<br/>	  static to get rid of compiler warning:<br/>	  no previous prototype for function 'copy_rrset'<br/>	  no need for another variable "r"; gets rid of compiler warning:<br/>	  declaration shadows a local variable in libunbound.c<br/>	  no need for another variable "ns"; gets rid of compiler warning:<br/>	  declaration shadows a local variable in iterator.c<br/>	- Moved includes and make depend.<br/><br/>23 January 2019: Wouter<br/>	- Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites<br/>	  options for unbound.conf.<br/>	- Fixes for the patch, and man page entry.<br/>	- Fix configure to detect SSL_CTX_set_ciphersuites, for better<br/>	  library compatibility when compiling.<br/>	- Patch for TLS session resumption from Manabu Sonoda,<br/>	  enable with tls-session-ticket-keys in unbound.conf.<br/>	- Fixes for patch (includes, declarations, warnings).  Free at end<br/>	  and keep config options in order read from file to keep the first<br/>	  one as the first one.<br/>	- Fix for IXFR fallback to reset counter when IXFR does not timeout.<br/><br/>22 January 2019: Wouter<br/>	- Fix space calculation for tcp req buffer size.<br/>	- Doc for stream-wait-size and unit test.<br/>	- unbound-control stats has mem.streamwait that counts TCP and TLS<br/>	  waiting result buffers.<br/>	- Fix for #4219: secondaries not updated after serial change, unbound<br/>	  falls back to AXFR after IXFR gives several timeout failures.<br/>	- Fix that auth zone after IXFR fallback tries the same master.<br/><br/>21 January 2019: Wouter<br/>	- Fix tcp idle timeout test, for difference in the tcp reply code.<br/>	- Unit test for tcp request reorder and timeouts.<br/>	- Unit tests for ssl out of order processing.<br/>	- Fix that multiple dns fragments can be carried in one TLS frame.<br/>	- Add stream-wait-size: 4m config option to limit the maximum<br/>	  memory used by waiting tcp and tls stream replies.  This avoids<br/>	  a denial of service where these replies use up all of the memory.<br/><br/>17 January 2019: Wouter<br/>	- For caps-for-id fallback, use the whitelist to avoid timeout<br/>	  starting a fallback sequence for it.<br/>	- increase mesh max activation count for capsforid long fetches.<br/><br/>16 January 2019: Ralph<br/>	- Get ready for the DNS flag day: remove EDNS lame procedure, do not<br/>	  re-query without EDNS after timeout.<br/><br/>15 January 2019: Wouter<br/>	- In the out of order processing, reset byte count for (potential)<br/>	  partial read.<br/>	- Review fixes in out of order processing.<br/><br/>14 January 2019: Wouter<br/>	- streamtcp option -a send queries consecutively and prints answers<br/>	  as they arrive.<br/>	- Fix for out of order processing administration quit cleanup.<br/>	- unit test for tcp out of order processing.<br/><br/>11 January 2019: Wouter<br/>	- Initial commit for out-of-order processing for TCP and TLS.<br/><br/>9 January 2019: Wouter<br/>	- Log query name for looping module errors.<br/><br/>8 January 2019: Wouter<br/>	- Fix syntax in comment of local alias processing.<br/>	- Fix NSEC3 record that is returned in wildcard replies from<br/>	  auth-zone zones with NSEC3 and wildcards.<br/><br/>7 January 2019: Wouter<br/>	- On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN,<br/>	  and server tcp fastopen is enabled at compile time.<br/>	- Document interaction between the tls-upstream option in the server<br/>	  section and forward-tls-upstream option in the forward-zone sections.<br/>	- Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews,<br/>	  the patch adds a program used for fuzzing.<br/><br/>12 December 2018: Wouter<br/>	- Fix for crash in dns64 module if response is null.<br/><br/>10 December 2018: Wouter<br/>	- Fix config parser memory leaks.<br/>	- ip-ratelimit-factor of 1 allows all traffic through, instead of the<br/>	  previous blocking everything.<br/>	- Fix for FreeBSD port make with dnscrypt and dnstap enabled.<br/>	- Fix #4206: support openssl 1.0.2 for TLS hostname verification,<br/>	  alongside the 1.1.0 and later support that is already there.<br/>	- Fixup openssl 1.0.2 compile<br/><br/>6 December 2018: Wouter<br/>	- Fix dns64 allocation in wrong region for returned internal queries.<br/><br/>3 December 2018: Wouter<br/>	- Fix icon, no ragged edges and nicer resolutions available, for eg.<br/>	  Win 7 and Windows 10 display.<br/>	- cache-max-ttl also defines upperbound of initial TTL in response.<br/><br/>30 November 2018: Wouter<br/>	- Patch for typo in unbound.conf man page.<br/>	- log-tag-queryreply: yes in unbound.conf tags the log-queries and<br/>	  log-replies in the log file for easier log filter maintenance.<br/><br/>29 November 2018: Wouter<br/>	- iana portlist updated.<br/>	- Fix chroot auth-zone fix to remove chroot prefix.<br/>	- tag for 1.8.2rc1, which became 1.8.2 on 4 dec 2018, with icon<br/>	  updated.  Trunk contains 1.8.3 in development.<br/>	  Which became 1.8.3 on 11 december with only the dns64 fix of 6 dec.<br/>	  Trunk then became 1.8.4 in development.<br/>	- Fix that unbound-checkconf does not complains if the config file<br/>	  is not placed inside the chroot.<br/>	- Refuse to start with no ports.<br/>	- Remove clang analysis warnings.<br/><br/>28 November 2018: Wouter<br/>	- Fix leak in chroot fix for auth-zone.<br/>	- Fix clang analysis for outside directory build test.<br/><br/>27 November 2018: Wouter<br/>	- Fix DNS64 to not store intermediate results in cache, this avoids<br/>	  other threads from picking up the wrong data.  The module restores<br/>	  the previous no_cache_store setting when the the module is finished.<br/>	- Fix #4208: 'stub-no-cache' and 'forward-no-cache' not work.<br/>	- New and better fix for Fix #4193: Fix that prefetch failure does<br/>	  not overwrite valid cache entry with SERVFAIL.<br/>	- auth-zone give SERVFAIL when expired, fallback activates when<br/>	  expired, and this is documented in the man page.<br/>	- stat count SERVFAIL downstream auth-zone queries for expired zones.<br/>	- Put new logos into windows installer.<br/>	- Fix windows compile for new rrset roundrobin fix.<br/>	- Update contrib fastrpz patch for latest release.<br/><br/>26 November 2018: Wouter<br/>	- Fix to not set GLOB_NOSORT so the unbound.conf include: files are<br/>	  sorted and in a predictable order.<br/>	- Fix #4193: Fix that prefetch failure does not overwrite valid cache<br/>	  entry with SERVFAIL.<br/>	- Add unbound-control view_local_datas command, like local_datas.<br/>	- Fix that unbound-control can send file for view_local_datas.<br/><br/>22 November 2018: Wouter<br/>	- With ./configure --with-pyunbound --with-pythonmodule<br/>	  PYTHON_VERSION=3.6 or with 2.7 unbound can compile and unit tests<br/>	  succeed for the python module.<br/>	- pythonmod logs the python error and traceback on failure.<br/>	- ignore debug python module for test in doxygen output.<br/>	- review fixes for python module.<br/>	- Fix #4209: Crash in libunbound when called from getdns.<br/>	- auth zone zonefiles can be in a chroot, the chroot directory<br/>	  components are removed before use.<br/>	- Fix that empty zonefile means the zonefile is not set and not used.<br/>	- make depend.<br/><br/>21 November 2018: Wouter<br/>	- Scrub NS records from NODATA responses as well.<br/><br/>20 November 2018: Wouter<br/>	- Scrub NS records from NXDOMAIN responses to stop fragmentation<br/>	  poisoning of the cache.<br/>	- Add patch from Jan Vcelak for pythonmod,<br/>	  add sockaddr_storage getters, add support for query callbacks,<br/>	  allow raw address access via comm_reply and update API documentation.<br/>	- Removed compile warnings in pythonmod sockaddr routines.<br/><br/>19 November 2018: Wouter<br/>	- Support SO_REUSEPORT_LB in FreeBSD 12 with the so-reuseport: yes<br/>	  option in unbound.conf.<br/><br/>6 November 2018: Ralph<br/>	- Bugfix min-client-subnet-ipv6<br/><br/>25 October 2018: Ralph<br/>	- Add min-client-subnet-ipv6 and min-client-subnet-ipv4 options.<br/><br/>25 October 2018: Wouter<br/>	- Fix #4191: NXDOMAIN vs SERVFAIL during dns64 PTR query.<br/>	- Fix #4190: Please create a "ANY" deny option, adds the option<br/>	  deny-any: yes in unbound.conf.  This responds with an empty message<br/>	  to queries of type ANY.<br/>	- Fix #4141: More randomness to rrset-roundrobin.<br/>	- Fix #4132: Openness/closeness of RANGE intervals in rpl files.<br/>	- Fix #4126: RTT_band too low on VSAT links with 600+ms latency,<br/>	  adds the option unknown-server-time-limit to unbound.conf that<br/>	  can be increased to avoid the problem.<br/>	- remade makefile dependencies.<br/>	- Fix #4152: Logs shows wrong time when using log-time-ascii: yes.<br/><br/>24 October 2018: Ralph<br/>	- Add markdel function to ECS slabhash.<br/>	- Limit ECS scope returned to client to the scope used for caching.<br/>	- Make lint like previous #4154 fix.<br/><br/>22 October 2018: Wouter<br/>	- Fix #4192: unbound-control-setup generates keys not readable by<br/>	  group.<br/>	- check that the dnstap socket file can be opened and exists, print<br/>	  error if not.<br/>	- Fix #4154: make ECS_MAX_TREESIZE configurable, with<br/>	  the max-ecs-tree-size-ipv4 and max-ecs-tree-size-ipv6 options.<br/><br/>22 October 2018: Ralph<br/>	- Change fast-server-num default to 3.<br/><br/>8 October 2018: Ralph<br/>	- Add fast-server-permil and fast-server-num options.<br/>	- Deprecate low-rtt and low-rtt-permil options.<br/><br/>8 October 2018: Wouter<br/>	- Squelch log of failed to tcp initiate after TCP Fastopen failure.<br/><br/>5 October 2018: Wouter<br/>	- Squelch EADDRNOTAVAIL errors when the interface goes away,<br/>	  this omits 'can't assign requested address' errors unless<br/>	  verbosity is set to a high value.<br/>	- Set default for so-reuseport to no for FreeBSD.  It is enabled<br/>	  by default for Linux and DragonFlyBSD.  The setting can<br/>	  be configured in unbound.conf to override the default.<br/>	- iana port update.<br/><br/>2 October 2018: Wouter<br/>	- updated contrib/fastrpz.patch to apply for this version<br/>	- dnscrypt.c removed sizeof to get array bounds.<br/>	- Fix testlock code to set noreturn on error routine.<br/>	- Remove unused variable from contrib fastrpz/rpz.c and<br/>	  remove unused diagnostic pragmas that themselves generate warnings<br/>	- clang analyze test is used only when assertions are enabled.<br/><br/>1 October 2018: Wouter<br/>	- tag for release 1.8.1rc1.  Became release 1.8.1 on 8 oct, with<br/>	  fastrpz.patch fix included.  Trunk has 1.8.2 in development.<br/><br/>27 September 2018: Wouter<br/>	- Fix #4188: IPv6 forwarders without ipv6 result in SERVFAIL, fixes<br/>	  qname minimisation with a forwarder when connectivity has issues<br/>	  from rejecting responses.<br/><br/>25 September 2018: Wouter<br/>	- Perform TLS SNI indication of the host that is being contacted<br/>	  for DNS over TLS service.  It sets the configured tls auth name.<br/>	  This is useful for hosts that apart from the DNS over TLS services<br/>	  also provide other (web) services.<br/>	- Fix #4149: Add SSL cleanup for tcp timeout.<br/><br/>17 September 2018: Wouter<br/>	- Fix compile on Mac for unbound, provide explicit_bzero when libc<br/>	  does not have it.<br/>	- Fix unbound for openssl in FIPS mode, it uses the digests with<br/>	  the EVP call contexts.<br/>	- Fix that with harden-below-nxdomain and qname minisation enabled<br/>	  some iterator states for nonresponsive domains can get into a<br/>	  state where they waited for an empty list.<br/>	- Stop UDP to TCP failover after timeouts that causes the ping count<br/>	  to be reset by the TCP time measurement (that exists for TLS),<br/>	  because that causes the UDP part to not be measured as timeout.<br/>	- Fix #4156: Fix systemd service manager state change notification.<br/><br/>13 September 2018: Wouter<br/>	- Fix seed for random backup code to use explicit zero when wiped.<br/>	- exit log routine is annotated as noreturn function.<br/>	- free memory leaks in config strlist and str2list insert functions.<br/>	- do not move unused argv variable after getopt.<br/>	- Remove unused if clause in testcode.<br/>	- in testcode, free async ids, initialise array, and check for null<br/>	  pointer during test of the test.  And use exit for return to note<br/>	  irregular program stop.<br/>	- Free memory leak in config strlist append.<br/>	- make sure nsec3 comparison salt is initialized.<br/>	- unit test has clang analysis.<br/>	- remove unused variable assignment from iterator scrub routine.<br/>	- check for null in delegation point during iterator refetch<br/>	  in forward zone.<br/>	- neater pointer cast in libunbound context quit routine.<br/>	- initialize statistics totals for printout.<br/>	- in authzone check that node exists before adding rrset.<br/>	- in unbound-anchor, use readwrite memory BIO.<br/>	- assertion in autotrust that packed rrset is formed correctly.<br/>	- Fix memory leak when message parse fails partway through copy.<br/>	- remove unused udpsize assignment in message encode.<br/>	- nicer bio free code in unbound-anchor.<br/>	- annotate exit functions with noreturn in unbound-control.<br/><br/>11 September 2018: Wouter<br/>	- Fixed unused return value warnings in contrib/fastrpz.patch for<br/>	  asprintf.<br/>	- Fix to squelch respip warning in unit test, it is printed at<br/>	  higher verbosity settings.<br/>	- Fix spelling errors.<br/>	- Fix initialisation in remote.c<br/><br/>10 September 2018: Wouter<br/>	- 1.8.1 in svn trunk. (changes from 4,5,.. sep apply).<br/>	- iana port update.<br/><br/>5 September 2018: Wouter<br/>	- Fix spelling error in header, from getdns commit by Andreas Gelmini.<br/><br/>4 September 2018: Ralph<br/>	- More explicitly mention the type of ratelimit when applying<br/>	  ip-ratelimit.<br/><br/>4 September 2018: Wouter<br/>	- Tag for 1.8.0rc1 release, became 1.8.0 release on 10 Sep 2018.<br/><br/>31 August 2018: Wouter<br/>	- Disable minimal-responses in subnet unit tests.<br/><br/>30 August 2018: Wouter<br/>	- Fix that a local-zone with a local-zone-type that is transparent<br/>	  in a view with view-first, makes queries check for answers from the<br/>	  local-zones defined outside of views.<br/><br/>28 August 2018: Ralph<br/>	- Disable minimal-responses in ipsecmod unit tests.<br/>	- Added serve-expired-ttl and serve-expired-ttl-reset options.<br/><br/>27 August 2018: Wouter<br/>	- Set defaults to yes for a number of options to increase speed and<br/>	  resilience of the server.  The so-reuseport, harden-below-nxdomain,<br/>	  and minimal-responses options are enabled by default.  They used<br/>	  to be disabled by default, waiting to make sure they worked.  They<br/>	  are enabled by default now, and can be disabled explicitly by<br/>	  setting them to "no" in the unbound.conf config file.  The reuseport<br/>	  and minimal options increases speed of the server, and should be<br/>	  otherwise harmless.  The harden-below-nxdomain option works well<br/>	  together with the recently default enabled qname minimisation, this<br/>	  causes more fetches to use information from the cache.<br/>	- next release is called 1.8.0.<br/>	- Fix lintflags for lint on FreeBSD.<br/><br/>22 August 2018: George<br/>	- #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This<br/>	  gives access to reply information for the client's communication<br/>	  point when the callback is called before the mesh state (modules).<br/>	  Changes to C and Python's inplace_callback signatures were also<br/>	  necessary.<br/><br/>21 August 2018: Wouter<br/>	- log-local-actions: yes option for unbound.conf that logs all the<br/>	  local zone actions, a patch from Saksham Manchanda (Secure64).<br/>	- #4146: num.query.subnet and num.query.subnet_cache counters.<br/>	- Fix only misc failure from log-servfail when val-log-level is not<br/>	  enabled.<br/><br/>17 August 2018: Ralph<br/>	- Fix classification for QTYPE=CNAME queries when QNAME minimisation is<br/> 	  enabled.<br/><br/>17 August 2018: Wouter<br/>	- Set libunbound to increase current, because the libunbound change<br/>	  to the event callback function signature.  That needs programs,<br/>	  that use it, to recompile against the new header definition.<br/>	- print servfail info to log as error.<br/>	- added more servfail printout statements, to the iterator.<br/>	- log-servfail: yes prints log lines that say why queries are<br/>	  returning SERVFAIL to clients.<br/><br/>16 August 2018: Wouter<br/>	- Fix warning on compile without threads.<br/>	- Fix contrib/fastrpz.patch.<br/><br/>15 August 2018: Wouter<br/>	- Fix segfault in auth-zone read and reorder of RRSIGs.<br/><br/>14 August 2018: Wouter<br/>	- Fix that printout of error for cycle targets is a verbosity 4<br/>	  printout and does not wrongly print it is a memory error.<br/>	- Upgraded crosscompile script to include libunbound DLL in the<br/>	  zipfile.<br/><br/>10 August 2018: Wouter<br/>	- Fix #4144: dns64 module caches wrong (negative) information.<br/><br/>9 August 2018: Wouter<br/>	- unbound-checkconf checks if modules exist and prints if they are<br/>	  not compiled in the name of the wrong module.<br/>	- document --enable-subnet in doc/README.<br/>	- Patch for stub-no-cache and forward-no-cache options that disable<br/>	  caching for the contents of that stub or forward, for when you<br/>	  want immediate changes visible, from Bjoern A. Zeeb.<br/><br/>7 August 2018: Ralph<br/>	- Make capsforid fallback QNAME minimisation aware.<br/><br/>7 August 2018: Wouter<br/>	- Fix #4142: unbound.service.in: improvements and fixes.<br/>	  Add unit dependency ordering (based on systemd-resolved).<br/>	  Add 'CAP_SYS_RESOURCE' to 'CapabilityBoundingSet' (fixes warnings<br/>	  about missing privileges during startup). Add 'AF_INET6' to<br/>	  'RestrictAddressFamilies' (without it IPV6 can't work). From<br/>	  Guido Shanahan.<br/>	- Patch to implement tcp-connection-limit from Jim Hague (Sinodun).<br/>	  This limits the number of simultaneous TCP client connections<br/>	  from a nominated netblock.<br/>	- make depend, yacc, lex, doc, headers.  And log the limit exceeded<br/>	  message only on high verbosity, so as to not spam the logs when<br/>	  it is busy.<br/><br/>6 August 2018: Wouter<br/>	- Fix for #4136: Fix to unconditionally call destroy in daemon.c.<br/><br/>3 August 2018: George<br/>	- Expose if a query (or a subquery) was ratelimited (not src IP<br/>	  ratelimiting) to libunbound under 'ub_result.was_ratelimited'.<br/>	  This also introduces a change to 'ub_event_callback_type' in<br/>	  libunbound/unbound-event.h.<br/>	- Tidy pylib tests.<br/><br/>3 August 2018: Wouter<br/>	- Revert previous change for #4136: because it introduces build<br/>	  problems.<br/>	- New fix for #4136: This one ignores lex without without<br/>	  yylex_destroy.<br/><br/>1 August 2018: Wouter<br/>	- Fix to remove systemd sockaddr function check, that is not<br/>	  always present.  Make socket activation more lenient.  But not<br/>	  different when socket activation is not used.<br/>	- iana port list update.<br/><br/>31 July 2018: Wouter<br/>	- Patches from Jim Hague (Sinodun) for EDNS KeepAlive.<br/>	- Sort out test runs when the build directory isn't the project<br/>	  root directory.<br/>	- Add config tcp-idle-timeout (default 30s). This applies to<br/>	  client connections only; the timeout on TCP connections upstream<br/>	  is unaffected.<br/>	- Error if EDNS Keepalive received over UDP.<br/>	- Add edns-tcp-keepalive and edns-tcp-keepalive timeout options<br/>	  and implement option in client responses.<br/>	- Correct and expand manual page entries for keepalive and idle timeout.<br/>	- Implement progressive backoff of TCP idle/keepalive timeout.<br/>	- Fix 'make depend' to work when build dir is not project root.<br/>	- Add delay parameter to streamtcp, -d secs.<br/>	  To be used when testing idle timeout.<br/>	- From Wouter: make depend, the dependencies in the patches did not<br/>	  apply cleanly.  Also remade yacc and lex.<br/>	- Fix mesh.c incompatible pointer pass.<br/>	- Please doxygen so it passes.<br/>	- Fix #4139: Fix unbound-host leaks memory on ANY.<br/><br/>30 July 2018: Wouter<br/>	- Fix #4136: insufficiency from mismatch of FLEX capability between<br/>	  released tarball and build host.<br/><br/>27 July 2018: Wouter<br/>	- Fix man page, say that chroot is enabled by default.<br/><br/>26 July 2018: Wouter<br/>	- Fix #4135: 64-bit Windows Installer Creates Entries Under The<br/>	  Wrong Registry Key, reported by Brian White.<br/><br/>23 July 2018: Wouter<br/>	- Fix use-systemd readiness signalling, only when use-systemd is yes<br/>	  and not in signal handler.<br/><br/>20 July 2018: Wouter<br/>	- Fix #4130: print text describing -dd and unbound-checkconf on<br/>	  config file read error at startup, the errors may have been moved<br/>	  away by the startup process.<br/>	- Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared.<br/><br/>19 July 2018: Wouter<br/>	- Fix #4129 unbound-control error message with wrong cert permissions<br/>	  is too cryptic.<br/><br/>17 July 2018: Wouter<br/>	- Fix #4127 unbound -h does not list -p help.<br/>	- Print error if SSL name verification configured but not available<br/>	  in the ssl library.<br/>	- Fix that ratelimit and ip-ratelimit are applied after reload of<br/>	  changed config file.<br/>	- Resize ratelimit and ip-ratelimit caches if changed on reload.<br/><br/>16 July 2018: Wouter<br/>	- Fix qname minimisation NXDOMAIN validation lookup failures causing<br/>	  error_supers assertion fails.<br/>	- Squelch can't bind socket errors with Permission denied unless<br/>	  verbosity is 4 or higher, for UDP outgoing sockets.<br/><br/>12 July 2018: Wouter<br/>	- Fix to improve systemd socket activation code file descriptor<br/>	  assignment.<br/>	- Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more<br/>	  easily changed to adjust default rtt assumptions.<br/><br/>10 July 2018: Wouter<br/>	- Note in documentation that the cert name match code needs<br/>	  OpenSSL 1.1.0 or later to be enabled.<br/><br/>6 July 2018: Wouter<br/>	- Fix documentation ambiguity for tls-win-cert in tls-upstream and<br/>	  forward-tls-upstream docs.<br/>	- iana port update.<br/>	- Note RFC8162 support.  SMIMEA record type can be read in by the<br/>	  zone record parser.<br/>	- Fix round robin for failed addresses with prefer-ip6: yes<br/><br/>4 July 2018: Wouter<br/>	- Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass<br/>	  if DNSSEC is not enabled.  New option -R allows fallback from<br/>	  resolv.conf to direct queries.<br/><br/>3 July 2018: Wouter<br/>	- Better documentation for unblock-lan-zones and insecure-lan-zones<br/>	  config statements.<br/>	- Fix permission denied printed for auth zone probe random port nrs.<br/><br/>2 July 2018: Wouter<br/>	- Fix checking for libhiredis printout in configure output.<br/>	- Fix typo on man page in ip-address description.<br/>	- Update libunbound/python/examples/dnssec_test.py example code to<br/>	  also set the 20326 trust anchor for the root in the example code.<br/><br/>29 June 2018: Wouter<br/>	- dns64-ignore-aaaa: config option to list domain names for which the<br/>	  existing AAAA is ignored and dns64 processing is used on the A<br/>	  record.<br/><br/>28 June 2018: Wouter<br/>	- num.queries.tls counter for queries over TLS.<br/>	- log port number with err_addr logs.<br/><br/>27 June 2018: Wouter<br/>	- #4109: Fix that package config depends on python unconditionally.<br/>	- Patch, do not export python from pkg-config, from Petr Menšík.<br/><br/>26 June 2018: Wouter<br/>	- Partial fix for permission denied on IPv6 address on FreeBSD.<br/>	- Fix that auth-zone master reply with current SOA serial does not<br/>	  stop scan of masters for an updated zone.<br/>	- Fix that auth-zone does not start the wait timer without checking<br/>	  if the wait timer has already been started.<br/><br/>21 June 2018: Wouter<br/>	- #4108: systemd reload hang fix.<br/>	- Fix usage printout for unbound-host, hostname has to be last<br/>	  argument on BSDs and Windows.</title>
    <description>/src/external/bsd/unbound/dist/util/tcp_conn_limit.h - 1.1.1.1</description>
    <pubDate>Sat May 25 21:18:03 UTC 2019</pubDate>
    <dc:creator>christos</dc:creator>
</item>

<item>
    <title>Pull up following revision(s) (requested by gutteridge in ticket #162):<br/><br/>	distrib/sets/lists/debug/shl.mi: revision 1.385<br/>	distrib/sets/lists/base/shl.mi: revision 1.1027<br/>	external/bsd/unbound/dist/doc/README.man        up to 1.1.1.1<br/>	external/bsd/unbound/dist/doc/libunbound.rst    up to 1.1.1.1<br/>	external/bsd/unbound/dist/doc/unbound-anchor.rst up to 1.1.1.1<br/>	external/bsd/unbound/dist/doc/unbound-checkconf.rst up to 1.1.1.1<br/>	external/bsd/unbound/dist/doc/unbound-control.rst up to 1.1.1.1<br/>	external/bsd/unbound/dist/doc/unbound-host.rst  up to 1.1.1.1<br/>	external/bsd/unbound/dist/doc/unbound.conf.rst  up to 1.1.1.1<br/>	external/bsd/unbound/dist/doc/unbound.rst       up to 1.1.1.1<br/>	external/bsd/unbound/dist/testcode/doqclient.c  up to 1.1.1.2<br/>	external/bsd/unbound/dist/testcode/unitdoq.c    up to 1.1.1.1<br/>	external/bsd/unbound/dist/testcode/unitinfra.c  up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/09-unbound-control.tdir/view_local_data up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/09-unbound-control.tdir/view_local_data_remove up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values_discard_wait_limit.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/acl_interface.tdir/rpz-nx.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/acl_interface.tdir/rpz-one.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/acl_interface.tdir/rpz-two.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/cachedb_expired.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/cachedb_expired_client_timeout.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/cachedb_expired_reply_ttl.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_cached_size.crpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/cachedb_subnet_change.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/cachedb_subnet_expired.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/cachedb_subnet_toecs_timeout.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/cachedb_val_expired.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/dns64_prefetch_cache.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/dns_error_reporting.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fwd_name_lookup.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/iter_dname_ttl.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/iter_fwdstubauth.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/iter_ghost_grandchild_delegation.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/iter_max_global_quota.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/iter_unverified_glue.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/iter_unverified_glue_fallback.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/local_cnameother.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_clientip_override.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_cname_handle.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_cname_tag.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_nsdname_override.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_nsip_override.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_passthru_clientip.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_qtype_cname.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_val_block.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rrset_use_cached.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/serve_expired_client_timeout_val_bogus.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/serve_expired_client_timeout_val_insecure_delegation.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/serve_expired_ttl_reset.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/serve_expired_val_bogus.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls.tdir/auth_tls.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls.tdir/auth_tls.nsd.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls.tdir/auth_tls.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls.tdir/auth_tls.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls.tdir/auth_tls.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls.tdir/auth_tls.ub.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls.tdir/example.com.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls.tdir/nsd_server.key up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls.tdir/nsd_server.pem up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls.tdir/unbound_server.key up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls.tdir/unbound_server.pem up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_scopezero_noedns.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/ttl_max_negative.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/ttl_min_negative.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/val_cnameqtype_qmin.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/val_dname_twice.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/val_dnameqtype.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/val_dnameqtype_qmin.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/val_failure_dnskey.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/val_negcache_ttl.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/val_negcache_ttl_prefetch.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls_failcert.tdir/auth_tls_failcert.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls_failcert.tdir/auth_tls_failcert.nsd.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls_failcert.tdir/auth_tls_failcert.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls_failcert.tdir/auth_tls_failcert.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls_failcert.tdir/auth_tls_failcert.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls_failcert.tdir/auth_tls_failcert.ub.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls_failcert.tdir/example.com.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls_failcert.tdir/nsd_server.key up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls_failcert.tdir/nsd_server.pem up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls_failcert.tdir/unbound_server.key up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_tls_failcert.tdir/unbound_server.pem up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/cookie_file.tdir/cookie_file.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/cookie_file.tdir/cookie_file.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/cookie_file.tdir/cookie_file.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/cookie_file.tdir/cookie_file.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/cookie_file.tdir/cookie_file.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_nsec3_ent_with_out_of_zone_data.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/doq_downstream.tdir/doq_downstream.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/doq_downstream.tdir/doq_downstream.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/doq_downstream.tdir/doq_downstream.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/doq_downstream.tdir/doq_downstream.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/doq_downstream.tdir/doq_downstream.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/doq_downstream.tdir/doq_downstream.testns up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/doq_downstream.tdir/unbound_server.key up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/doq_downstream.tdir/unbound_server.pem up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/iter_fwdfirstequaltcp.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_fwd.tdir/auth1.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_fwd.tdir/auth2.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_fwd.tdir/fast_reload_fwd.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_fwd.tdir/fast_reload_fwd.conf2 up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_fwd.tdir/fast_reload_fwd.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_fwd.tdir/fast_reload_fwd.ns1 up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_fwd.tdir/fast_reload_fwd.ns2 up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_fwd.tdir/fast_reload_fwd.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_fwd.tdir/fast_reload_fwd.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_fwd.tdir/fast_reload_fwd.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_most_options.tdir/auth.nlnetlabs.nl.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_most_options.tdir/fast_reload_most_options.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_most_options.tdir/fast_reload_most_options.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_most_options.tdir/fast_reload_most_options.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_most_options.tdir/fast_reload_most_options.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_most_options.tdir/fast_reload_most_options.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_most_options.tdir/rpz.nlnetlabs.nl.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_thread.tdir/fast_reload_thread.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_thread.tdir/fast_reload_thread.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_thread.tdir/fast_reload_thread.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_thread.tdir/fast_reload_thread.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/fast_reload_thread.tdir/fast_reload_thread.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/log_servfail.tdir/log_servfail.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/log_servfail.tdir/log_servfail.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/log_servfail.tdir/log_servfail.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/log_servfail.tdir/log_servfail.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/log_servfail.tdir/log_servfail.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/after.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/before.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/redis.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/redis_replica.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/redis_replica.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/redis_replica.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/redis_replica.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/redis_replica.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/unbound_control.key up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/unbound_control.pem up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/unbound_server.key up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_replica.tdir/unbound_server.pem up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_reload.tdir/example.org.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_reload.tdir/rpz.example.com.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_reload.tdir/rpz_reload.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_reload.tdir/rpz_reload.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_reload.tdir/rpz_reload.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_reload.tdir/rpz_reload.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_reload.tdir/rpz_reload.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/auth_nsec3_wild_with_out_of_zone_data.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/iter_minimise_chain.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/iter_scrub_promiscuous.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/rpz_cname_wild.rpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_noecs_mult.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_noecs_refused.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_noecs_support.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_scopezero_global.crpl up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/after.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/before.zone up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/redis.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/redis_reconnect_interval.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/unbound_control.key up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/unbound_control.pem up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/unbound_server.key up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/redis_reconnect_interval.tdir/unbound_server.pem up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.conf up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.dsc up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.post up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.pre up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.test up to 1.1.1.1<br/>	external/bsd/unbound/dist/testdata/subnet_cache_lookup.tdir/subnet_cache_lookup.testns up to 1.1.1.1<br/>	external/bsd/unbound/dist/ax_build_date_epoch.m4 up to 1.1.1.1<br/>	external/bsd/unbound/dist/ax_pkg_swig.m4        up to 1.1.1.1<br/>	external/bsd/unbound/dist/ac_pkg_swig.m4        delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/bad_control.key delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/bad_control.pem delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/bad_server.key delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/bad_server.pem delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.conf delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.dsc delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.post delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.pre delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.test delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/remote-threaded.testns delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_control.key delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_control.pem delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_server.key delete<br/>	external/bsd/unbound/dist/testdata/remote-threaded.tdir/unbound_server.pem delete<br/>	external/bsd/unbound/dist/Makefile.in           up to 1.1.1.10<br/>	external/bsd/unbound/dist/aclocal.m4            up to 1.1.1.6<br/>	external/bsd/unbound/dist/acx_nlnetlabs.m4      up to 1.1.1.6<br/>	external/bsd/unbound/dist/acx_python.m4         up to 1.1.1.6<br/>	external/bsd/unbound/dist/ax_pthread.m4         up to 1.1.1.2<br/>	external/bsd/unbound/dist/config.guess          up to 1.9<br/>	external/bsd/unbound/dist/config.h.in           up to 1.1.1.10<br/>	external/bsd/unbound/dist/config.sub            up to 1.8<br/>	external/bsd/unbound/dist/configure             up to 1.1.1.10<br/>	external/bsd/unbound/dist/configure.ac          up to 1.1.1.10<br/>	external/bsd/unbound/dist/install-sh            up to 1.1.1.5<br/>	external/bsd/unbound/dist/ltmain.sh             up to 1.1.1.3<br/>	external/bsd/unbound/dist/systemd.m4            up to 1.1.1.2<br/>	external/bsd/unbound/dist/cachedb/cachedb.c     up to 1.1.1.9<br/>	external/bsd/unbound/dist/cachedb/cachedb.h     up to 1.1.1.4<br/>	external/bsd/unbound/dist/cachedb/redis.c       up to 1.1.1.5<br/>	external/bsd/unbound/dist/compat/fake-rfc2553.c up to 1.1.1.2<br/>	external/bsd/unbound/dist/compat/malloc.c       up to 1.1.1.3<br/>	external/bsd/unbound/dist/contrib/aaaa-filter-iterator.patch up to 1.1.1.7<br/>	external/bsd/unbound/dist/contrib/rc_d_unbound  up to 1.1.1.2<br/>	external/bsd/unbound/dist/contrib/unbound.init  up to 1.1.1.4<br/>	external/bsd/unbound/dist/contrib/unbound.init_fedora up to 1.1.1.3<br/>	external/bsd/unbound/dist/contrib/unbound.init_yocto up to 1.1.1.2<br/>	external/bsd/unbound/dist/contrib/unbound.service.in up to 1.1.1.8<br/>	external/bsd/unbound/dist/contrib/unbound_portable.service.in up to 1.1.1.2<br/>	external/bsd/unbound/dist/contrib/android/install_expat.sh up to 1.1.1.2<br/>	external/bsd/unbound/dist/contrib/ios/install_expat.sh up to 1.1.1.2<br/>	external/bsd/unbound/dist/daemon/acl_list.c     up to 1.1.1.7<br/>	external/bsd/unbound/dist/daemon/acl_list.h     up to 1.1.1.6<br/>	external/bsd/unbound/dist/daemon/cachedump.c    up to 1.1.1.8<br/>	external/bsd/unbound/dist/daemon/daemon.c       up to 1.1.1.9<br/>	external/bsd/unbound/dist/daemon/daemon.h       up to 1.1.1.6<br/>	external/bsd/unbound/dist/daemon/remote.c       up to 1.1.1.10<br/>	external/bsd/unbound/dist/daemon/remote.h       up to 1.1.1.5<br/>	external/bsd/unbound/dist/daemon/stats.c        up to 1.1.1.10<br/>	external/bsd/unbound/dist/daemon/unbound.c      up to 1.1.1.9<br/>	external/bsd/unbound/dist/daemon/worker.c       up to 1.1.1.10<br/>	external/bsd/unbound/dist/daemon/worker.h       up to 1.1.1.4<br/>	external/bsd/unbound/dist/dns64/dns64.c         up to 1.1.1.9<br/>	external/bsd/unbound/dist/dnstap/dnstap.c       up to 1.1.1.8<br/>	external/bsd/unbound/dist/dnstap/dnstap.h       up to 1.1.1.5<br/>	external/bsd/unbound/dist/dnstap/dnstap.m4      up to 1.1.1.5<br/>	external/bsd/unbound/dist/dnstap/dnstap.proto   up to 1.1.1.4<br/>	external/bsd/unbound/dist/dnstap/dtstream.c     up to 1.1.1.5<br/>	external/bsd/unbound/dist/dnstap/unbound-dnstap-socket.c up to 1.1.1.4<br/>	external/bsd/unbound/dist/doc/Changelog         up to 1.1.1.10<br/>	external/bsd/unbound/dist/doc/README            up to 1.1.1.10<br/>	external/bsd/unbound/dist/doc/example.conf.in   up to 1.1.1.10<br/>	external/bsd/unbound/dist/doc/libunbound.3.in   up to 1.1.1.10<br/>	external/bsd/unbound/dist/doc/unbound-anchor.8.in up to 1.1.1.10<br/>	external/bsd/unbound/dist/doc/unbound-checkconf.8.in up to 1.1.1.10<br/>	external/bsd/unbound/dist/doc/unbound-control.8.in up to 1.1.1.10<br/>	external/bsd/unbound/dist/doc/unbound-host.1.in up to 1.1.1.10<br/>	external/bsd/unbound/dist/doc/unbound.8.in      up to 1.1.1.10<br/>	external/bsd/unbound/dist/doc/unbound.conf.5.in up to 1.1.1.10<br/>	external/bsd/unbound/dist/doc/unbound.doxygen   up to 1.1.1.7<br/>	external/bsd/unbound/dist/dynlibmod/dynlibmod.c up to 1.1.1.3<br/>	external/bsd/unbound/dist/edns-subnet/addrtree.h up to 1.1.1.4<br/>	external/bsd/unbound/dist/edns-subnet/subnetmod.c up to 1.1.1.9<br/>	external/bsd/unbound/dist/edns-subnet/subnetmod.h up to 1.1.1.7<br/>	external/bsd/unbound/dist/ipsecmod/ipsecmod.c   up to 1.1.1.5<br/>	external/bsd/unbound/dist/ipset/ipset.c         up to 1.1.1.4<br/>	external/bsd/unbound/dist/ipset/ipset.h         up to 1.1.1.2<br/>	external/bsd/unbound/dist/iterator/iter_delegpt.c up to 1.1.1.7<br/>	external/bsd/unbound/dist/iterator/iter_delegpt.h up to 1.1.1.8<br/>	external/bsd/unbound/dist/iterator/iter_fwd.c   up to 1.1.1.7<br/>	external/bsd/unbound/dist/iterator/iter_fwd.h   up to 1.1.1.3<br/>	external/bsd/unbound/dist/iterator/iter_hints.c up to 1.1.1.7<br/>	external/bsd/unbound/dist/iterator/iter_hints.h up to 1.1.1.3<br/>	external/bsd/unbound/dist/iterator/iter_scrub.c up to 1.1.1.10<br/>	external/bsd/unbound/dist/iterator/iter_utils.c up to 1.1.1.9<br/>	external/bsd/unbound/dist/iterator/iter_utils.h up to 1.1.1.8<br/>	external/bsd/unbound/dist/iterator/iterator.c   up to 1.1.1.10<br/>	external/bsd/unbound/dist/iterator/iterator.h   up to 1.1.1.8<br/>	external/bsd/unbound/dist/libunbound/context.c  up to 1.1.1.9<br/>	external/bsd/unbound/dist/libunbound/libunbound.c up to 1.1.1.9<br/>	external/bsd/unbound/dist/libunbound/libworker.c up to 1.1.1.10<br/>	external/bsd/unbound/dist/libunbound/unbound.h  up to 1.7<br/>	external/bsd/unbound/dist/libunbound/python/examples/dnssec_test.py up to 1.1.1.3<br/>	external/bsd/unbound/dist/pythonmod/interface.i up to 1.1.1.9<br/>	external/bsd/unbound/dist/pythonmod/pythonmod.c up to 1.1.1.7<br/>	external/bsd/unbound/dist/pythonmod/pythonmod_utils.c up to 1.1.1.6<br/>	external/bsd/unbound/dist/pythonmod/doc/modules/config.rst up to 1.1.1.4<br/>	external/bsd/unbound/dist/pythonmod/examples/log.py up to 1.1.1.3<br/>	external/bsd/unbound/dist/respip/respip.c       up to 1.1.1.7<br/>	external/bsd/unbound/dist/respip/respip.h       up to 1.1.1.6<br/>	external/bsd/unbound/dist/services/authzone.c   up to 1.5<br/>	external/bsd/unbound/dist/services/authzone.h   up to 1.1.1.8<br/>	external/bsd/unbound/dist/services/listen_dnsport.c up to 1.1.1.10<br/>	external/bsd/unbound/dist/services/listen_dnsport.h up to 1.1.1.8<br/>	external/bsd/unbound/dist/services/localzone.c  up to 1.1.1.9<br/>	external/bsd/unbound/dist/services/localzone.h  up to 1.1.1.8<br/>	external/bsd/unbound/dist/services/mesh.c       up to 1.1.1.10<br/>	external/bsd/unbound/dist/services/mesh.h       up to 1.1.1.8<br/>	external/bsd/unbound/dist/services/modstack.c   up to 1.1.1.9<br/>	external/bsd/unbound/dist/services/modstack.h   up to 1.1.1.4<br/>	external/bsd/unbound/dist/services/outside_network.c up to 1.1.1.10<br/>	external/bsd/unbound/dist/services/outside_network.h up to 1.1.1.9<br/>	external/bsd/unbound/dist/services/rpz.c        up to 1.1.1.5<br/>	external/bsd/unbound/dist/services/rpz.h        up to 1.1.1.4<br/>	external/bsd/unbound/dist/services/view.c       up to 1.1.1.4<br/>	external/bsd/unbound/dist/services/view.h       up to 1.1.1.2<br/>	external/bsd/unbound/dist/services/cache/dns.c  up to 1.1.1.9<br/>	external/bsd/unbound/dist/services/cache/dns.h  up to 1.1.1.8<br/>	external/bsd/unbound/dist/services/cache/infra.c up to 1.1.1.8<br/>	external/bsd/unbound/dist/services/cache/infra.h up to 1.1.1.7<br/>	external/bsd/unbound/dist/services/cache/rrset.c up to 1.1.1.7<br/>	external/bsd/unbound/dist/services/cache/rrset.h up to 1.1.1.5<br/>	external/bsd/unbound/dist/sldns/keyraw.c        up to 1.1.1.6<br/>	external/bsd/unbound/dist/sldns/parse.h         up to 1.1.1.4<br/>	external/bsd/unbound/dist/sldns/parseutil.c     up to 1.1.1.5<br/>	external/bsd/unbound/dist/sldns/rrdef.c         up to 1.1.1.7<br/>	external/bsd/unbound/dist/sldns/rrdef.h         up to 1.1.1.7<br/>	external/bsd/unbound/dist/sldns/str2wire.c      up to 1.1.1.9<br/>	external/bsd/unbound/dist/sldns/str2wire.h      up to 1.1.1.6<br/>	external/bsd/unbound/dist/sldns/wire2str.c      up to 1.1.1.8<br/>	external/bsd/unbound/dist/sldns/wire2str.h      up to 1.1.1.8<br/>	external/bsd/unbound/dist/smallapp/unbound-anchor.c up to 1.1.1.9<br/>	external/bsd/unbound/dist/smallapp/unbound-checkconf.c up to 1.1.1.10<br/>	external/bsd/unbound/dist/smallapp/unbound-control-setup.sh.in up to 1.1.1.4<br/>	external/bsd/unbound/dist/smallapp/unbound-control.c up to 1.1.1.10<br/>	external/bsd/unbound/dist/smallapp/unbound-host.c up to 1.1.1.8<br/>	external/bsd/unbound/dist/smallapp/worker_cb.c  up to 1.1.1.7<br/>	external/bsd/unbound/dist/testcode/checklocks.c up to 1.1.1.4<br/>	external/bsd/unbound/dist/testcode/checklocks.h up to 1.1.1.3<br/>	external/bsd/unbound/dist/testcode/do-tests.sh  up to 1.1.1.6<br/>	external/bsd/unbound/dist/testcode/dohclient.c  up to 1.1.1.4<br/>	external/bsd/unbound/dist/testcode/fake_event.c up to 1.1.1.10<br/>	external/bsd/unbound/dist/testcode/mini_tdir.sh up to 1.1.1.5<br/>	external/bsd/unbound/dist/testcode/perf.c       up to 1.1.1.8<br/>	external/bsd/unbound/dist/testcode/petal.c      up to 1.1.1.8<br/>	external/bsd/unbound/dist/testcode/readzone.c   up to 1.1.1.2<br/>	external/bsd/unbound/dist/testcode/replay.c     up to 1.1.1.8<br/>	external/bsd/unbound/dist/testcode/replay.h     up to 1.1.1.7<br/>	external/bsd/unbound/dist/testcode/streamtcp.c  up to 1.1.1.9<br/>	external/bsd/unbound/dist/testcode/testbound.c  up to 1.1.1.9<br/>	external/bsd/unbound/dist/testcode/testpkts.c   up to 1.1.1.10<br/>	external/bsd/unbound/dist/testcode/unitauth.c   up to 1.1.1.7<br/>	external/bsd/unbound/dist/testcode/unitdname.c  up to 1.1.1.4<br/>	external/bsd/unbound/dist/testcode/unitldns.c   up to 1.1.1.5<br/>	external/bsd/unbound/dist/testcode/unitmain.c   up to 1.1.1.10<br/>	external/bsd/unbound/dist/testcode/unitmain.h   up to 1.1.1.4<br/>	external/bsd/unbound/dist/testcode/unitneg.c    up to 1.1.1.5<br/>	external/bsd/unbound/dist/testcode/unitverify.c up to 1.1.1.8<br/>	external/bsd/unbound/dist/testcode/unitzonemd.c up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/autotrust_init.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/autotrust_init_ds.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/autotrust_init_sigs.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/autotrust_init_zsk.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/black_data.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/black_prime.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/cachedb_servfail_cname.crpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/common.sh    up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/disable_edns_do.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/dns64_lookup.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/domain_insec_ds.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/fetch_glue.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/fetch_glue_cname.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/fwd_0ttlservfail.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/fwd_cached.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/fwd_minimal.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/ipsecmod_bogus_ipseckey.crpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/ipsecmod_enabled.crpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/ipsecmod_ignore_bogus_ipseckey.crpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/ipsecmod_max_ttl.crpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/ipsecmod_strict.crpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/ipsecmod_whitelist.crpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_class_any.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/iter_cname_minimise_nx.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/iter_cycle_noh.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_dname_insec.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_dname_yx.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/iter_domain_sale.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_domain_sale_nschange.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_emptydp.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/iter_emptydp_for_glue.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/iter_failreply.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/iter_fwdfirst.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_fwdfirstequal.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_fwdstub.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_fwdstubroot.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_ghost_sub.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_ghost_timewindow.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_got6only.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_hint_lame.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_lame_noaa.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/iter_lame_nosoa.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_mod.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_ns_badip.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/iter_ns_spoof.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_nxns_fallback.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_nxns_parentside.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/iter_pc_a.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_pc_aaaa.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_pcdiff.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_pcdirect.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_pcname.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_pcnamech.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_pcnamechrec.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_pcnamerec.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_pcttl.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_prefetch.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_prefetch_change.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_prefetch_change2.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_prefetch_childns.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_prefetch_fail.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_prefetch_ns.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_primenoglue.rpl up to 1.1.1.7<br/>	external/bsd/unbound/dist/testdata/iter_privaddr.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/iter_ranoaa_lame.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/iter_reclame_one.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/iter_reclame_two.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/iter_recurse.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/iter_resolve.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_resolve_minimised.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/iter_resolve_minimised_nx.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_resolve_minimised_refused.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_resolve_minimised_timeout.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_scrub_cname_an.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/iter_scrub_dname_insec.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/iter_scrub_dname_rev.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/iter_scrub_dname_sec.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/iter_scrub_rr_length.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_soamin.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_stub_noroot.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_stubfirst.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/iter_timeout_ra_aaaa.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/local_cname.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/rpz_nsdname.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/rrset_rettl.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/rrset_untrusted.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/rrset_updated.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/serve_expired.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/serve_expired_0ttl_nodata.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/serve_expired_0ttl_nxdomain.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/serve_expired_0ttl_servfail.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/serve_expired_cached_servfail.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/serve_expired_cached_servfail_refresh.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/serve_expired_client_timeout.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/serve_expired_client_timeout_no_prefetch.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/serve_expired_client_timeout_servfail.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/serve_expired_reply_ttl.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/serve_expired_ttl.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/serve_expired_ttl_client_timeout.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/serve_expired_zerottl.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/serve_original_ttl.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/subnet_cached.crpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/subnet_cached_servfail.crpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/subnet_global_prefetch.crpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/subnet_global_prefetch_always_forward.crpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/subnet_global_prefetch_expired.crpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/subnet_global_prefetch_with_client_ecs.crpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/subnet_max_source.crpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/subnet_prefetch.crpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/subnet_val_positive.crpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/subnet_val_positive_client.crpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/test_ldnsrr.4 up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/test_ldnsrr.5 up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/test_ldnsrr.c3 up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/test_ldnsrr.c4 up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/test_ldnsrr.c5 up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/trust_cname_chain.rpl up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/ttl_max.rpl  up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/ttl_min.rpl  up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/val_adbit.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_adcopy.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_cnameqtype.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/val_cnametocnamewctoposwc.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/val_cnametodnametocnametopos.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/val_dnametopos.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/val_dnametoposwc.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/val_ds_afterprime.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_faildnskey_ok.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_keyprefetch_verify.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/val_noadwhennodo.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_nsec3_b3_optout.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/val_nsec3_b3_optout_negcache.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/val_nsec3_b4_wild.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_nsec3_cnametocnamewctoposwc.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/val_positive.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_positive_wc.rpl up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/val_qds_badanc.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_qds_oneanc.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_qds_twoanc.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_refer_unsignadd.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_referd.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_referglue.rpl up to 1.1.1.6<br/>	external/bsd/unbound/dist/testdata/val_rrsig.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_scrub_rr_length.rpl up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/val_spurious_ns.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_stub_noroot.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_ta_algo_dnskey.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_ta_algo_dnskey_dp.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_ta_algo_missing_dp.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_twocname.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_unalgo_anchor.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/val_wild_pos.rpl up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/views.rpl    up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/zonemd.example_a5.zone up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/01-doc.tdir/01-doc.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/02-unittest.tdir/02-unittest.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/07-confroot.tdir/07-confroot.pre up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.conf up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.pre up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/09-unbound-control.tdir/09-unbound-control.testns up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/09-unbound-control.tdir/local_data up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/09-unbound-control.tdir/local_data_remove up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/09-unbound-control.tdir/local_zones up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/09-unbound-control.tdir/local_zones_remove up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/acl_interface.tdir/acl_interface.conf up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/acl_interface.tdir/acl_interface.pre up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/acl_interface.tdir/acl_interface.test.scenario up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/auth_axfr.tdir/auth_axfr.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/auth_https.tdir/auth_https.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/blanks_cached_zone.tdir/blanks_cached_zone.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/blanks_https.tdir/blanks_https.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/cachedb_no_store.tdir/cachedb_no_store.post up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/cachedb_no_store.tdir/cachedb_no_store.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/dnstap.tdir/dnstap.conf up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/dnstap.tdir/dnstap.post up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/dnstap.tdir/dnstap.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/dnstap.tdir/dnstap.testns up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/doh_downstream.tdir/doh_downstream.conf up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/doh_downstream_post.tdir/doh_downstream_post.conf up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/ede.tdir/ede-auth.conf up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/ede.tdir/ede.conf up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/ede.tdir/ede.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.post up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.pre up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/fwd_ancil.tdir/fwd_ancil.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/fwd_bogus.tdir/fwd_bogus.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_capsid.tdir/fwd_capsid.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_capsid_fallback.tdir/fwd_capsid_fallback.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_capsid_strip.tdir/fwd_capsid_strip.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_capsid_white.tdir/fwd_capsid_white.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.conf up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/fwd_edns_bksec.tdir/fwd_edns_bksec.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_edns_probe.tdir/fwd_edns_probe.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_malformed.tdir/fwd_malformed.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_no_edns.tdir/fwd_no_edns.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_oneport.tdir/fwd_oneport.post up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_oneport.tdir/fwd_oneport.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/fwd_tcp.tdir/fwd_tcp.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_tcp_tc.tdir/fwd_tcp_tc.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_three.tdir/fwd_three.post up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_three.tdir/fwd_three.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_three_service.tdir/fwd_three_service.conf up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_three_service.tdir/fwd_three_service.post up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_three_service.tdir/fwd_three_service.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_ttlexpire.tdir/fwd_ttlexpire.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_udp.tdir/fwd_udp.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_udp_with_tcp_upstream.tdir/fwd_udp_with_tcp_upstream.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_udptmout.tdir/fwd_udptmout.post up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_udptmout.tdir/fwd_udptmout.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_waitudp.tdir/fwd_waitudp.post up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_waitudp.tdir/fwd_waitudp.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/fwd_zero.tdir/fwd_zero.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/http_user_agent.tdir/http_user_agent.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/ipset.tdir/ipset.pre up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/local_nodefault.tdir/local_nodefault.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/local_norec.tdir/local_norec.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/local_nosnoop.tdir/local_nosnoop.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/padding.tdir/padding.post up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/padding.tdir/padding.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/pymod.tdir/pymod.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/pymod_thread.tdir/pymod_thread.test up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/ratelimit.tdir/ratelimit.testns up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/root_anchor.tdir/root_anchor.pre up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/root_hints.tdir/root_hints.pre up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/root_zonemd.tdir/root_zonemd.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/ssl_req_order.tdir/ssl_req_order.conf up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/stat_timer.tdir/stat_timer.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.conf up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.pre up to 1.1.1.3<br/>	external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.test up to 1.1.1.5<br/>	external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values.testns up to 1.1.1.4<br/>	external/bsd/unbound/dist/testdata/stat_values.tdir/stat_values_cachedb.conf up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/stub_auth_tc.tdir/stub_auth_tc.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/tcp_req_order.tdir/tcp_req_order.conf up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/tcp_reuse.tdir/tcp_reuse.post up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/tcp_sigpipe.tdir/tcp_sigpipe.conf up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/tls_reuse.tdir/tls_reuse.post up to 1.1.1.2<br/>	external/bsd/unbound/dist/testdata/zonemd_reload.tdir/zonemd_reload.test up to 1.1.1.2<br/>	external/bsd/unbound/dist/util/alloc.c          up to 1.1.1.5<br/>	external/bsd/unbound/dist/util/config_file.c    up to 1.1.1.10<br/>	external/bsd/unbound/dist/util/config_file.h    up to 1.1.1.10<br/>	external/bsd/unbound/dist/util/configlexer.c    up to 1.1.1.10<br/>	external/bsd/unbound/dist/util/configlexer.lex  up to 1.1.1.10<br/>	external/bsd/unbound/dist/util/configparser.c   up to 1.1.1.10<br/>	external/bsd/unbound/dist/util/configparser.h   up to 1.1.1.10<br/>	external/bsd/unbound/dist/util/configparser.y   up to 1.1.1.10<br/>	external/bsd/unbound/dist/util/edns.c           up to 1.1.1.5<br/>	external/bsd/unbound/dist/util/edns.h           up to 1.1.1.5<br/>	external/bsd/unbound/dist/util/fptr_wlist.c     up to 1.1.1.9<br/>	external/bsd/unbound/dist/util/fptr_wlist.h     up to 1.1.1.6<br/>	external/bsd/unbound/dist/util/iana_ports.inc   up to 1.1.1.10<br/>	external/bsd/unbound/dist/util/locks.h          up to 1.1.1.3<br/>	external/bsd/unbound/dist/util/log.c            up to 1.1.1.8<br/>	external/bsd/unbound/dist/util/log.h            up to 1.1.1.5<br/>	external/bsd/unbound/dist/util/mini_event.c     up to 1.6<br/>	external/bsd/unbound/dist/util/module.c         up to 1.1.1.6<br/>	external/bsd/unbound/dist/util/module.h         up to 1.1.1.8<br/>	external/bsd/unbound/dist/util/net_help.c       up to 1.1.1.10<br/>	external/bsd/unbound/dist/util/net_help.h       up to 1.1.1.9<br/>	external/bsd/unbound/dist/util/netevent.c       up to 1.8<br/>	external/bsd/unbound/dist/util/netevent.h       up to 1.1.1.9<br/>	external/bsd/unbound/dist/util/proxy_protocol.c up to 1.1.1.2<br/>	external/bsd/unbound/dist/util/random.c         up to 1.1.1.4<br/>	external/bsd/unbound/dist/util/siphash.c        up to 1.1.1.2<br/>	external/bsd/unbound/dist/util/tcp_conn_limit.c up to 1.1.1.2<br/>	external/bsd/unbound/dist/util/tcp_conn_limit.h up to 1.1.1.2<br/>	external/bsd/unbound/dist/util/tube.c           up to 1.1.1.6<br/>	external/bsd/unbound/dist/util/ub_event.c       up to 1.1.1.7<br/>	external/bsd/unbound/dist/util/data/dname.c     up to 1.1.1.7<br/>	external/bsd/unbound/dist/util/data/dname.h     up to 1.1.1.7<br/>	external/bsd/unbound/dist/util/data/msgencode.c up to 1.1.1.9<br/>	external/bsd/unbound/dist/util/data/msgencode.h up to 1.1.1.4<br/>	external/bsd/unbound/dist/util/data/msgparse.c  up to 1.1.1.8<br/>	external/bsd/unbound/dist/util/data/msgparse.h  up to 1.1.1.8<br/>	external/bsd/unbound/dist/util/data/msgreply.c  up to 1.1.1.10<br/>	external/bsd/unbound/dist/util/data/msgreply.h  up to 1.1.1.10<br/>	external/bsd/unbound/dist/util/data/packed_rrset.c up to 1.1.1.5<br/>	external/bsd/unbound/dist/util/data/packed_rrset.h up to 1.1.1.6<br/>	external/bsd/unbound/dist/util/shm_side/shm_main.c up to 1.1.1.5<br/>	external/bsd/unbound/dist/util/storage/dnstree.c up to 1.1.1.5<br/>	external/bsd/unbound/dist/util/storage/lookup3.c up to 1.1.1.5<br/>	external/bsd/unbound/dist/util/storage/lruhash.c up to 1.1.1.5<br/>	external/bsd/unbound/dist/util/storage/lruhash.h up to 1.1.1.4<br/>	external/bsd/unbound/dist/util/storage/slabhash.c up to 1.1.1.5<br/>	external/bsd/unbound/dist/util/storage/slabhash.h up to 1.1.1.5<br/>	external/bsd/unbound/dist/validator/autotrust.c up to 1.1.1.8<br/>	external/bsd/unbound/dist/validator/val_anchor.c up to 1.1.1.8<br/>	external/bsd/unbound/dist/validator/val_anchor.h up to 1.1.1.6<br/>	external/bsd/unbound/dist/validator/val_neg.c   up to 1.1.1.7<br/>	external/bsd/unbound/dist/validator/val_neg.h   up to 1.1.1.5<br/>	external/bsd/unbound/dist/validator/val_nsec.c  up to 1.1.1.7<br/>	external/bsd/unbound/dist/validator/val_nsec.h  up to 1.1.1.5<br/>	external/bsd/unbound/dist/validator/val_nsec3.c up to 1.1.1.6<br/>	external/bsd/unbound/dist/validator/val_nsec3.h up to 1.1.1.5<br/>	external/bsd/unbound/dist/validator/val_secalgo.c up to 1.1.1.8<br/>	external/bsd/unbound/dist/validator/val_sigcrypt.c up to 1.1.1.9<br/>	external/bsd/unbound/dist/validator/val_sigcrypt.h up to 1.1.1.5<br/>	external/bsd/unbound/dist/validator/val_utils.c up to 1.1.1.6<br/>	external/bsd/unbound/dist/validator/val_utils.h up to 1.1.1.6<br/>	external/bsd/unbound/dist/validator/validator.c up to 1.1.1.10<br/>	external/bsd/unbound/dist/validator/validator.h up to 1.1.1.7<br/>	external/bsd/unbound/dist/winrc/rsrc_anchorupd.rc up to 1.1.1.2<br/>	external/bsd/unbound/dist/winrc/rsrc_svcinst.rc up to 1.1.1.2<br/>	external/bsd/unbound/dist/winrc/rsrc_svcuninst.rc up to 1.1.1.2<br/>	external/bsd/unbound/dist/winrc/rsrc_unbound.rc up to 1.1.1.2<br/>	external/bsd/unbound/dist/winrc/rsrc_unbound_anchor.rc up to 1.1.1.2<br/>	external/bsd/unbound/dist/winrc/rsrc_unbound_checkconf.rc up to 1.1.1.2<br/>	external/bsd/unbound/dist/winrc/rsrc_unbound_control.rc up to 1.1.1.2<br/>	external/bsd/unbound/dist/winrc/rsrc_unbound_host.rc up to 1.1.1.2<br/>	external/bsd/unbound/dist/winrc/setup.nsi       up to 1.1.1.4<br/>	external/bsd/unbound/dist/winrc/unbound-control-setup.cmd up to 1.1.1.3<br/>	external/bsd/unbound/dist/winrc/win_svc.c       up to 1.1.1.5<br/>	external/bsd/unbound/include/config.h           up to 1.14<br/>	external/bsd/unbound/lib/libunbound/shlib_version up to 1.8<br/>	external/bsd/unbound/lib/libunbound/unbound.expsym up to 1.3<br/><br/>Import Unbound 1.24.2 (fixes CVE-2025-11411).</title>
    <description>/src/external/bsd/unbound/dist/util/tcp_conn_limit.h - 1.1.1.1.16.1</description>
    <pubDate>Fri Jan 23 16:15:56 UTC 2026</pubDate>
    <dc:creator>martin</dc:creator>
</item>

<item>
    <title>Sync with HEAD</title>
    <description>/src/external/bsd/unbound/dist/util/tcp_conn_limit.h - 1.1.1.1.2.2</description>
    <pubDate>Mon Jun 10 21:51:49 UTC 2019</pubDate>
    <dc:creator>christos</dc:creator>
</item>

<item>
    <title>file tcp_conn_limit.h was added on branch phil-wifi on 2019-06-10 21:51:49 +0000</title>
    <description>/src/external/bsd/unbound/dist/util/tcp_conn_limit.h - 1.1.1.1.2.1</description>
    <pubDate>Sat May 25 21:18:03 UTC 2019</pubDate>
    <dc:creator>christos</dc:creator>
</item>
</channel></rss>

