1 files changed, 183 insertions, 4 deletions
diff --git a/doc/Changelog b/doc/Changelog
index 328e83289102..8d2ce0cde663 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,15 +1,194 @@
+1 May 2024: Wouter
+	- Fix for the DNSBomb vulnerability CVE-2024-33655. Thanks to Xiang Li
+	  from the Network and Information Security Lab of Tsinghua University
+	  for reporting it.
+	- Set version number to 1.20.0 for release.
+
+29 April 2024: Yorgos
+	- Cleanup unnecessary strdup calls for EDE strings.
+
+29 April 2024: Wouter
+	- Fix doxygen comment for errinf_to_str_bogus.
+
+26 April 2024: Wouter
+	- Fix cachedb with serve-expired-client-timeout disabled. The edns
+	  subnet module deletes global cache and cachedb cache when it
+	  stores a result, and serve-expired is enabled, so that the global
+	  reply, that is older than the ecs reply, does not return after
+	  the ecs reply expires.
+	- Add unit tests for cachedb and subnet cache expired data.
+	- Man page entry for unbound-checkconf -q.
+
+26 April 2024: Yorgos
+	- Fix #876: [FR] can unbound-checkconf be silenced when configuration
+	  is valid?
+
+25 April 2024: Wouter
+	- Fix configure flto check error, by finding grep for it.
+	- Merge #1041: Stub and Forward unshare. This has one structure
+	  for them and fixes #1038: fatal error: Could not initialize
+	  thread / error: reading root hints.
+	- Fix to disable fragmentation on systems with IP_DONTFRAG,
+	  with a nonzero value for the socket option argument.
+	- Fix doc unit test for out of directory build.
+
+24 April 2024: Wouter
+	- Fix ci workflow for macos for moved install locations.
+
+23 April 2024: Yorgos
+	- Merge #1053: Remove child delegations from cache when grandchild
+	  delegations are returned from parent.
+
+22 April 2024: Wouter
+	- Add checklock feature verbose_locking to trace locks and unlocks.
+	- Fix edns subnet to sort rrset references when storing messages
+	  in the cache. This fixes a race condition in the rrset locks.
+
+15 April 2024: Wouter
+	- Fix #1048: Update ax_pkg_swig.m4 and ax_pthread.m4.
+	- Fix configure, autoconf for #1048.
+
+15 April 2024: Yorgos
+	- Merge #1049 from Petr Menšík: Py_NoSiteFlag is not needed since
+	  Python 3.8
+
+12 April 2024: Wouter
+	- Fix cachedb for serve-expired with serve-expired-client-timeout.
+	- Fixup unit test for cachedb server expired client timeout with
+	  a check if response if from upstream or from cachedb.
+	- Fixup cachedb to not refetch when serve-expired-client-timeout is
+	  used.
+
+10 April 2024: Wouter
+	- Implement cachedb-check-when-serve-expired: yes option, default
+	  is enabled. When serve expired is enabled with cachedb, it first
+	  checks cachedb before serving the expired response.
+	- Fixup compile without cachedb.
+	- Add test for cachedb serve expired.
+	- Extended test for cachedb serve expired.
+	- Fix makefile dependencies for fake_event.c.
+	- Fix cachedb for serve-expired with serve-expired-reply-ttl.
+	- Fix to not reply serve expired unless enabled for cachedb.
+
+9 April 2024: Yorgos
+	- Merge #1043 from xiaoxiaoafeifei: Add loongarch support; updates
+	  config.guess(2024-01-01) and config.sub(2024-01-01), verified
+	  with upstream.
+
+8 April 2024: Yorgos
+	- Fix #595: unbound-anchor cannot deal with full disk; it will now
+	  first write out to a temp file before replacing the original one,
+	  like Unbound already does for auto-trust-anchor-file.
+
+5 April 2024: Wouter
+	- Fix comment syntax for view function views_find_view.
+
+5 April 2024: Yorgos
+	- Merge #1027: Introduce 'cache-min-negative-ttl' option.
+
+3 April 2024: Wouter
+	- Fix #1040: fix heap-buffer-overflow issue in function cfg_mark_ports
+	  of file util/config_file.c.
+	- For #1040: adjust error text and disallow negative ports in other
+	  parts of cfg_mark_ports.
+
+3 April 2024: Yorgos
+	- Fix #1035: Potential Bug while parsing port from the "stub-host"
+	  string; also affected forward-zones and remote-control host
+	  directives.
+	- Fix #369: dnstap showing extra responses; for client responses
+	  right from the cache when replying with expired data or
+	  prefetching.
+
+28 March 2024: Wouter
+	- Fix #1034: DoT forward-zone via unbound-control.
+	- Fix for crypto related failures to have a better error string.
+
+27 March 2024: Wouter
+	- Fix name of unit test for subnet cache response.
+	- Fix #1032: The size of subnet_msg_cache calculation mistake cause
+	  memory usage increased beyond expectations.
+	- Fix for #1032, add safeguard to make table space positive.
+	- Fix comment in lruhash space function.
+	- Fix to add unit test for lruhash space that exercises the routines.
+	- Fix that when the server truncates the pidfile, it does not follow
+	  symbolic links.
+	- Fix that the server does not chown the pidfile.
+
+25 March 2024: Yorgos
+	- Merge #831 from Pierre4012: Improve Windows NSIS installer
+	  script (setup.nsi).
+	- For #831: Format text, use exclamation icon and explicit label
+	  names.
+
+19 March 2024: Wouter
+	- Fix rpz so that rpz CNAME can apply after rpz CNAME. And fix that
+	  clientip and nsip can give a CNAME.
+	- Fix localdata and rpz localdata to match CNAME only if no direct
+	  type match is available.
+
+18 March 2024: Wouter
+	- Fix that rpz CNAME content is limited to the max number of cnames.
+	- Fix rpz, it follows iterator CNAMEs for nsip and nsdname and sets
+	  the reply query_info values, that is better for debug logging.
+	- Fix rpz that copies the cname override completely to the temp
+	  region, so there are no references to the rpz region.
+	- Add rpz unit test for nsip action override.
+	- Fix rpz for qtype CNAME after nameserver trigger.
+
+15 March 2024: Yorgos
+	- Merge #1030: Persist the openssl and expat directories for repeated
+	  Windows builds.
+
+15 March 2024: Wouter
+	- Fix that addrinfo is not kept around but copied and freed, so that
+	  log-destaddr uses a copy of the information, much like NSD does.
+
+13 March 2024: Wouter
+	- Fix #1029: rpz trigger clientip and action rpz-passthru not working
+	  as expected.
+	- Fix rpz that the rpz override is taken in case of clientip triggers.
+	  Fix that the clientip passthru action is logged. Fix that the
+	  clientip localdata action is logged. Fix rpz override action cname
+	  for the clientip trigger.
+	- Fix to unify codepath for local alias for rpz cname action override.
+	- Fix rpz for cname override action after nsdname and nsip triggers.
+
+12 March 2024: Yorgos
+	- Merge #1028: Clearer documentation for tcp-idle-timeout and
+	  edns-tcp-keepalive-timeout.
+
+11 March 2024: Wouter
+	- Fix #1021 Inconsistent Behavior with Changing rpz-cname-override
+	  and doing a unbound-control reload.
+
 8 March 2024: Wouter
 	- Fix unbound-control-setup.cmd to use 3072 bits so that certificates
-	  are long enough for newer OpenSSL versions.
-	- Fix TTL of synthesized CNAME when a DNAME is used from cache.
+	  are long enough for newer OpenSSL versions. This fix is included
+	  in 1.19.3rc2.
+	- Fix TTL of synthesized CNAME when a DNAME is used from cache. This
+	  fix is included in 1.19.3rc2.
+	- Remove unused portion from iter_dname_ttl unit test.
+	- Fix validator classification of qtype DNAME for positive and
+	  redirection answers, and fix validator signature routine for dealing
+	  with the synthesized CNAME for a DNAME without previously
+	  encountering it and also for when the qtype is DNAME.
+	- Fix qname minimisation for reply with a DNAME for qtype CNAME that
+	  answers it.
+	- Fix doc test so it ignores but outputs unsupported doxygen options.
 	- Fix unbound-control-setup.cmd to have CA v3 basicConstraints,
-	  like unbound-control-setup.sh has.
+	  like unbound-control-setup.sh has. This fix is included in 1.19.3rc2.
+
+8 March 2024: Yorgos
+	- Update doc/unbound.doxygen with 'doxygen -u'. Fixes option
+	  deprecation warnings and updates with newer defaults.
 
 7 March 2024: Wouter
 	- Version set to 1.19.3 for release. After 1.19.2 point release with
 	  security fix for CVE-2024-1931, Denial of service when trimming
 	  EDE text on positive replies. The code repo includes the fix and
-	  is for version 1.19.3.
+	  is for version 1.19.3. The code repo continues for version 1.19.4,
+	  but 1.19.3 includes the fixes in 1.19.3rc2 as well.
 
 5 March 2024: Wouter
 	- Fix for #1022: Fix ede prohibited in access control refused answers.