Created attachment 237264 [details]
patch to update

This release has new interface acl configuration options. These
allow access-control actions, per interface. Also tags, and views
can be configured per interface, queries over the interface are
answered with these tags and views. It is configured with the
options `interface-action`, `interface-tag`, `interface-tag-action`,
`interface-tag-data` and `interface-view`. If there is also an
access-control setting for the query, this overrides the interface
settings for that query.

The PROXYv2 protocol is supported. It can be configured with the
`proxy-protocol-port: portno` option. It is used to convey the
IP addresses of clients that connect via a proxy to Unbound.

There are also fixes for a number of bugs. In some cases a
blocking wait on a socket could happen, and this has been
fixed. If the upstream sends a TC flag, erroneously, the reply
is ignored and retried. When under load, with the new
NRDelegation fixes from the previous release, there are
mitigations to continue target discovery. There is also a fix
for possible loops in the tcp reuse code.

The release version differs from the RC1, there is a bugfix
for the proxy protocol for tcp read when no proxied addresses
are provided.

Features
- Merge #753: ACL per interface. (New interface-* configuration
  options).
- Merge #760: PROXYv2 downstream support. (New proxy-protocol-port
  configuration option).

Bug Fixes
- Fix #728: alloc_reg_obtain() core dump. Stop double
  alloc_reg_release when serviced_create fails.
- Fix edns subnet so that scope 0 answers only match sourcemask 0
  queries for answers from cache if from a query with sourcemask 0.
- Fix unittest for edns subnet change.
- Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due
  to unsupported IPV6_USER_MTU socket option being set.
- Fix ratelimit inconsistency, for ip-ratelimits the value is the
  amount allowed, like for ratelimits.
- Fix #734 [FR] enable unbound-checkconf to detect more (basic)
  errors.
- Fix to log accept error ENFILE and EMFILE errno, but slowly, once
  per 10 seconds. Also log accept failures when no slow down is used.
- Fix to avoid process wide fcntl calls mixed with nonblocking
  operations after a blocked write.
- Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive
  operations, so that instruction reordering does not cause mistakenly
  blocking socket operations.
- Fix to wait for blocked write on UDP sockets, with a timeout if it
  takes too long the packet is dropped.
- Fix for wait for udp send to stop when packet is successfully sent.
- Fix #741: systemd socket activation fails on IPv6.
- Fix to update config tests to fix checking if nonblocking sockets
  work on OpenBSD.
- Slow down log frequency of write wait failures.
- Fix to set out of file descriptor warning to operational verbosity.
- Fix to log a verbose message at operational notice level if a
  thread is not responding, to stats requests. It is logged with
  thread identifiers.
- Remove include that was there for debug purposes.
- Fix to check pthread_t size after pthread has been detected.
- Convert tdir tests to use the new skip_test functionality.
- Remove unused testcode/mini_tpkg.sh file.
- Better output for skipped tdir tests.
- Fix doxygen warning in respip.h.
- Fix to remove erroneous TC flag from TCP upstream.
- Fix test tdir skip report printout.
- Fix windows compile, the identifier interface is defined in headers.
- Fix to close errno block in comm_point_tcp_handle_read outside of
  ifdef.
- Fix static analysis report to remove dead code from the
  rpz_callback_from_iterator_module function.
- Fix to clean up after the acl_interface unit test.
- Merge #764: Leniency for target discovery when under load (for
  NRDelegation changes).
- Use DEBUG_TDIR from environment in mini_tdir.sh for debugging.
- Fix string comparison in mini_tdir.sh.
- Make ede.tdir test more predictable by using static data.
- Fix checkconf test for dnscrypt and proxy port.
- Fix dnscrypt compile for proxy protocol code changes.
- Fix to stop responses with TC flag from resulting in partial
  responses. It retries to fetch the data elsewhere, or fails the
  query and in depth fix removes the TC flag from the cached item.
- Fix proxy length debug output printout typecasts.
- Fix to stop possible loops in the tcp reuse code (write_wait list
  and tcp_wait list). Based on analysis and patch from Prad Seniappan
  and Karthik Umashankar.
- Fix PROXYv2 header read for TCP connections when no proxied addresses
  are provided.