mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-15 05:22:59 +02:00
30c6cf7e3c
For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-1 "Features Fix #704: [FR] Statistics counter for number of outgoing UDP queries sent; introduces 'num.query.udpout' to the 'unbound-control stats' command. Bug Fixes makedist.sh picks up 32bit libssp-0.dll when 32bit compile. Fix for edns client subnet to respect not looking in its cache when instructed to do so (e.g., prefetch). Merge PR #688: Rpz url notify issue. Note in the unbound.conf text that NOTIFY is allowed from the 'url:' addresses for auth and rpz zones. Remove unused LDNS function check for GOST Engine unloading. Fix for loading locally stored zones that have lines with blanks or blanks and comments. Fix #663: use after free issue with edns options. Clarify -v flag manpage entry (#705) Fix test program dohclient close to use portability routine. Show the output of the exact .rpl run that failed with 'make test'. Fix for cached 0 TTL records to not trigger prefetching when serve-expired-client-timeout is set. Add debug option to the mini_tdir.sh test code. Fix to not count cached NXDOMAIN for MAX_TARGET_NX. Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. iana portlist update. Fix detection of libz on windows compile with static option. Fix compile warning for windows compile. Merge PR #706: NXNS fallback. From #706: Cached NXDOMAIN does not increase the target nx responses. From #706: Don't generate parent side queries if we already have the lame records in cache. From #706: When a lame address is the best choice, don't try to generate target queries when the missing targets are all lame. Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS mode on openssl3. Merge PR #660 from Petr Menšík: Sha1 runtime insecure. For #660: formatting, less verbose logging, add EDE information. Fix for correct openssl error when adding windows CA certificates to the openssl trust store. Improve val_sigcrypt.c::algo_needs_missing for one loop pass. Reintroduce documentation and more EDE support for val_sigcrypt.c::dnskeyset_verify_rrset_sig. Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for one loop pass'. Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
IPFire 2.x - The Open Source Firewall
What is IPFire?
IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Its ease of use, high performance in any scenario and extensibility make it usable for everyone. For a full list of features have a look here.
This repository contains the source code of IPFire 2.x which is used to build the whole distribution from scratch, since IPFire is not based on any other distribution.
Where can I get IPFire?
Just head over to https://www.ipfire.org/download
How do I use this software?
We have a long and detailed wiki located here which should answers most of your questions.
But I have some questions left. Where can I get support?
You can ask your question at our community located here. A complete list of our support channels can be found here.
How can I contribute?
We have another document for this. Please look here.