Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Oct 2018 19:42:35 +0000 (UTC)
From:      =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r339264 - in vendor/unbound/dist: . contrib daemon doc iterator libunbound respip services services/cache sldns smallapp testcode testdata testdata/clang-analysis.tdir util util/data va...
Message-ID:  <201810091942.w99JgZvc081119@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: des
Date: Tue Oct  9 19:42:34 2018
New Revision: 339264
URL: https://svnweb.freebsd.org/changeset/base/339264

Log:
  Vendor import of Unbound 1.8.1.

Added:
  vendor/unbound/dist/testdata/clang-analysis.tdir/
  vendor/unbound/dist/testdata/clang-analysis.tdir/clang-analysis.dsc
  vendor/unbound/dist/testdata/clang-analysis.tdir/clang-analysis.test
Modified:
  vendor/unbound/dist/config.h.in
  vendor/unbound/dist/configure
  vendor/unbound/dist/configure.ac
  vendor/unbound/dist/contrib/fastrpz.patch
  vendor/unbound/dist/daemon/daemon.c
  vendor/unbound/dist/daemon/remote.c
  vendor/unbound/dist/daemon/unbound.c
  vendor/unbound/dist/daemon/worker.c
  vendor/unbound/dist/doc/Changelog
  vendor/unbound/dist/doc/README
  vendor/unbound/dist/doc/example.conf.in
  vendor/unbound/dist/doc/libunbound.3.in
  vendor/unbound/dist/doc/unbound-anchor.8.in
  vendor/unbound/dist/doc/unbound-checkconf.8.in
  vendor/unbound/dist/doc/unbound-control.8.in
  vendor/unbound/dist/doc/unbound-host.1.in
  vendor/unbound/dist/doc/unbound.8.in
  vendor/unbound/dist/doc/unbound.conf.5.in
  vendor/unbound/dist/iterator/iter_scrub.c
  vendor/unbound/dist/iterator/iterator.c
  vendor/unbound/dist/libunbound/context.c
  vendor/unbound/dist/libunbound/libunbound.c
  vendor/unbound/dist/libunbound/libworker.c
  vendor/unbound/dist/respip/respip.c
  vendor/unbound/dist/services/authzone.c
  vendor/unbound/dist/services/cache/infra.c
  vendor/unbound/dist/services/outside_network.c
  vendor/unbound/dist/sldns/sbuffer.h
  vendor/unbound/dist/smallapp/unbound-anchor.c
  vendor/unbound/dist/smallapp/unbound-control.c
  vendor/unbound/dist/testcode/asynclook.c
  vendor/unbound/dist/testcode/delayer.c
  vendor/unbound/dist/testcode/perf.c
  vendor/unbound/dist/testcode/petal.c
  vendor/unbound/dist/testcode/replay.c
  vendor/unbound/dist/testcode/testbound.c
  vendor/unbound/dist/testcode/testpkts.c
  vendor/unbound/dist/testcode/unitneg.c
  vendor/unbound/dist/testdata/dlv_ask_higher.rpl
  vendor/unbound/dist/util/config_file.c
  vendor/unbound/dist/util/config_file.h
  vendor/unbound/dist/util/data/msgencode.c
  vendor/unbound/dist/util/data/msgreply.c
  vendor/unbound/dist/util/iana_ports.inc
  vendor/unbound/dist/util/log.h
  vendor/unbound/dist/validator/autotrust.c
  vendor/unbound/dist/validator/val_nsec3.c
  vendor/unbound/dist/validator/val_secalgo.c

Modified: vendor/unbound/dist/config.h.in
==============================================================================
--- vendor/unbound/dist/config.h.in	Tue Oct  9 19:27:42 2018	(r339263)
+++ vendor/unbound/dist/config.h.in	Tue Oct  9 19:42:34 2018	(r339264)
@@ -1,5 +1,11 @@
 /* config.h.in.  Generated from configure.ac by autoheader.  */
 
+/* apply the noreturn attribute to a function that exits the program */
+#undef ATTR_NORETURN
+
+/* apply the weak attribute to a symbol */
+#undef ATTR_WEAK
+
 /* Directory to chroot to */
 #undef CHROOT_DIR
 
@@ -45,6 +51,9 @@
 /* Whether the C compiler accepts the "format" attribute */
 #undef HAVE_ATTR_FORMAT
 
+/* Whether the C compiler accepts the "noreturn" attribute */
+#undef HAVE_ATTR_NORETURN
+
 /* Whether the C compiler accepts the "unused" attribute */
 #undef HAVE_ATTR_UNUSED
 
@@ -199,6 +208,9 @@
 /* Define to 1 if you have the <expat.h> header file. */
 #undef HAVE_EXPAT_H
 
+/* Define to 1 if you have the `explicit_bzero' function. */
+#undef HAVE_EXPLICIT_BZERO
+
 /* Define to 1 if you have the `fcntl' function. */
 #undef HAVE_FCNTL
 
@@ -1144,6 +1156,11 @@ char *strsep(char **stringp, const char *delim);
 int isblank(int c);
 #endif
 
+#ifndef HAVE_EXPLICIT_BZERO
+#define explicit_bzero unbound_explicit_bzero
+void explicit_bzero(void* buf, size_t len);
+#endif
+
 #if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP
 const char *inet_ntop(int af, const void *src, char *dst, size_t size);
 #endif
@@ -1176,7 +1193,6 @@ void *reallocarray(void *ptr, size_t nmemb, size_t siz
 #  endif
 #endif /* HAVE_LIBRESSL */
 #ifndef HAVE_ARC4RANDOM
-void explicit_bzero(void* buf, size_t len);
 int getentropy(void* buf, size_t len);
 uint32_t arc4random(void);
 void arc4random_buf(void* buf, size_t n);

Modified: vendor/unbound/dist/configure
==============================================================================
--- vendor/unbound/dist/configure	Tue Oct  9 19:27:42 2018	(r339263)
+++ vendor/unbound/dist/configure	Tue Oct  9 19:42:34 2018	(r339264)
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for unbound 1.8.0.
+# Generated by GNU Autoconf 2.69 for unbound 1.8.1.
 #
 # Report bugs to <unbound-bugs@nlnetlabs.nl>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='unbound'
 PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.8.0'
-PACKAGE_STRING='unbound 1.8.0'
+PACKAGE_VERSION='1.8.1'
+PACKAGE_STRING='unbound 1.8.1'
 PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
 PACKAGE_URL=''
 
@@ -1440,7 +1440,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures unbound 1.8.0 to adapt to many kinds of systems.
+\`configure' configures unbound 1.8.1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1505,7 +1505,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of unbound 1.8.0:";;
+     short | recursive ) echo "Configuration of unbound 1.8.1:";;
    esac
   cat <<\_ACEOF
 
@@ -1722,7 +1722,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-unbound configure 1.8.0
+unbound configure 1.8.1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2431,7 +2431,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by unbound $as_me 1.8.0, which was
+It was created by unbound $as_me 1.8.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2783,11 +2783,11 @@ UNBOUND_VERSION_MAJOR=1
 
 UNBOUND_VERSION_MINOR=8
 
-UNBOUND_VERSION_MICRO=0
+UNBOUND_VERSION_MICRO=1
 
 
 LIBUNBOUND_CURRENT=8
-LIBUNBOUND_REVISION=0
+LIBUNBOUND_REVISION=1
 LIBUNBOUND_AGE=0
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -2850,7 +2850,8 @@ LIBUNBOUND_AGE=0
 # 1.7.1 had 7:9:5
 # 1.7.2 had 7:10:5
 # 1.7.3 had 7:11:5
-# 1.7.4 had 8:0:0 # changes the event callback function signature
+# 1.8.0 had 8:0:0 # changes the event callback function signature
+# 1.8.1 had 8:1:0
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@@ -6265,9 +6266,57 @@ if test $ac_cv_c_weak_attribute = yes; then
 
 $as_echo "#define HAVE_ATTR_WEAK 1" >>confdefs.h
 
+
+$as_echo "#define ATTR_WEAK __attribute__((weak))" >>confdefs.h
+
 fi
 
 
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler (${CC-cc}) accepts the \"noreturn\" attribute" >&5
+$as_echo_n "checking whether the C compiler (${CC-cc}) accepts the \"noreturn\" attribute... " >&6; }
+if ${ac_cv_c_noreturn_attribute+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_c_noreturn_attribute=no
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+ #include <stdio.h>
+__attribute__((noreturn)) void f(int x) { printf("%d", x); }
+
+int
+main ()
+{
+
+   f(1);
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_c_noreturn_attribute="yes"
+else
+  ac_cv_c_noreturn_attribute="no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_noreturn_attribute" >&5
+$as_echo "$ac_cv_c_noreturn_attribute" >&6; }
+if test $ac_cv_c_noreturn_attribute = yes; then
+
+$as_echo "#define HAVE_ATTR_NORETURN 1" >>confdefs.h
+
+
+$as_echo "#define ATTR_NORETURN __attribute__((__noreturn__))" >>confdefs.h
+
+fi
+
+
 if test "$srcdir" != "."; then
 	CPPFLAGS="$CPPFLAGS -I$srcdir"
 fi
@@ -20033,6 +20082,20 @@ esac
 fi
 
 
+ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero"
+if test "x$ac_cv_func_explicit_bzero" = xyes; then :
+  $as_echo "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h
+
+else
+  case " $LIBOBJS " in
+  *" explicit_bzero.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS explicit_bzero.$ac_objext"
+ ;;
+esac
+
+fi
+
+
 LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS"
 
 ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
@@ -20080,12 +20143,6 @@ fi
 
 	if test "$ac_cv_func_arc4random" = "no"; then
 		case " $LIBOBJS " in
-  *" explicit_bzero.$ac_objext "* ) ;;
-  *) LIBOBJS="$LIBOBJS explicit_bzero.$ac_objext"
- ;;
-esac
-
-		case " $LIBOBJS " in
   *" arc4_lock.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS arc4_lock.$ac_objext"
  ;;
@@ -21077,7 +21134,7 @@ _ACEOF
 
 
 
-version=1.8.0
+version=1.8.1
 
 date=`date +'%b %e, %Y'`
 
@@ -21596,7 +21653,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by unbound $as_me 1.8.0, which was
+This file was extended by unbound $as_me 1.8.1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -21662,7 +21719,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-unbound config.status 1.8.0
+unbound config.status 1.8.1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

Modified: vendor/unbound/dist/configure.ac
==============================================================================
--- vendor/unbound/dist/configure.ac	Tue Oct  9 19:27:42 2018	(r339263)
+++ vendor/unbound/dist/configure.ac	Tue Oct  9 19:42:34 2018	(r339264)
@@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
 # must be numbers. ac_defun because of later processing
 m4_define([VERSION_MAJOR],[1])
 m4_define([VERSION_MINOR],[8])
-m4_define([VERSION_MICRO],[0])
+m4_define([VERSION_MICRO],[1])
 AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
 AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
 AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
 AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
 
 LIBUNBOUND_CURRENT=8
-LIBUNBOUND_REVISION=0
+LIBUNBOUND_REVISION=1
 LIBUNBOUND_AGE=0
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -81,7 +81,8 @@ LIBUNBOUND_AGE=0
 # 1.7.1 had 7:9:5
 # 1.7.2 had 7:10:5
 # 1.7.3 had 7:11:5
-# 1.7.4 had 8:0:0 # changes the event callback function signature
+# 1.8.0 had 8:0:0 # changes the event callback function signature
+# 1.8.1 had 8:1:0
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@@ -310,11 +311,36 @@ __attribute__((weak)) void f(int x) { printf("%d", x);
 AC_MSG_RESULT($ac_cv_c_weak_attribute)
 if test $ac_cv_c_weak_attribute = yes; then
   AC_DEFINE(HAVE_ATTR_WEAK, 1, [Whether the C compiler accepts the "weak" attribute])
+  AC_DEFINE(ATTR_WEAK, [__attribute__((weak))], [apply the weak attribute to a symbol])
 fi
 ])dnl End of CHECK_WEAK_ATTRIBUTE
 
 CHECK_WEAK_ATTRIBUTE
 
+AC_DEFUN([CHECK_NORETURN_ATTRIBUTE],
+[AC_REQUIRE([AC_PROG_CC])
+AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "noreturn" attribute)
+AC_CACHE_VAL(ac_cv_c_noreturn_attribute,
+[ac_cv_c_noreturn_attribute=no
+AC_TRY_COMPILE(
+[ #include <stdio.h>
+__attribute__((noreturn)) void f(int x) { printf("%d", x); }
+], [
+   f(1);
+],
+[ac_cv_c_noreturn_attribute="yes"],
+[ac_cv_c_noreturn_attribute="no"])
+])
+
+AC_MSG_RESULT($ac_cv_c_noreturn_attribute)
+if test $ac_cv_c_noreturn_attribute = yes; then
+  AC_DEFINE(HAVE_ATTR_NORETURN, 1, [Whether the C compiler accepts the "noreturn" attribute])
+  AC_DEFINE(ATTR_NORETURN, [__attribute__((__noreturn__))], [apply the noreturn attribute to a function that exits the program])
+fi
+])dnl End of CHECK_NORETURN_ATTRIBUTE
+
+CHECK_NORETURN_ATTRIBUTE
+
 if test "$srcdir" != "."; then
 	CPPFLAGS="$CPPFLAGS -I$srcdir"
 fi
@@ -1396,6 +1422,7 @@ AC_REPLACE_FUNCS(strlcpy)
 AC_REPLACE_FUNCS(memmove)
 AC_REPLACE_FUNCS(gmtime_r)
 AC_REPLACE_FUNCS(isblank)
+AC_REPLACE_FUNCS(explicit_bzero)
 dnl without CTIME, ARC4-functions and without reallocarray.
 LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS"
 AC_SUBST(LIBOBJ_WITHOUT_CTIMEARC4)
@@ -1404,7 +1431,6 @@ if test "$USE_NSS" = "no"; then
 	AC_REPLACE_FUNCS(arc4random)
 	AC_REPLACE_FUNCS(arc4random_uniform)
 	if test "$ac_cv_func_arc4random" = "no"; then
-		AC_LIBOBJ(explicit_bzero)
 		AC_LIBOBJ(arc4_lock)
 		AC_CHECK_FUNCS([getentropy],,[
 		    if test "$USE_WINSOCK" = 1; then
@@ -1729,6 +1755,11 @@ char *strsep(char **stringp, const char *delim);
 int isblank(int c);
 #endif
 
+#ifndef HAVE_EXPLICIT_BZERO
+#define explicit_bzero unbound_explicit_bzero
+void explicit_bzero(void* buf, size_t len);
+#endif
+
 #if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP
 const char *inet_ntop(int af, const void *src, char *dst, size_t size);
 #endif
@@ -1761,7 +1792,6 @@ void *reallocarray(void *ptr, size_t nmemb, size_t siz
 #  endif
 #endif /* HAVE_LIBRESSL */
 #ifndef HAVE_ARC4RANDOM
-void explicit_bzero(void* buf, size_t len);
 int getentropy(void* buf, size_t len);
 uint32_t arc4random(void);
 void arc4random_buf(void* buf, size_t n);

Modified: vendor/unbound/dist/contrib/fastrpz.patch
==============================================================================
--- vendor/unbound/dist/contrib/fastrpz.patch	Tue Oct  9 19:27:42 2018	(r339263)
+++ vendor/unbound/dist/contrib/fastrpz.patch	Tue Oct  9 19:42:34 2018	(r339264)
@@ -1,15 +1,11 @@
 Description: based on the included patch contrib/fastrpz.patch
 Author: fastrpz@farsightsecurity.com
 ---
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: unboundfastrpz/Makefile.in
 ===================================================================
-RCS file: ./RCS/Makefile.in,v
-retrieving revision 1.1
-Index: unbound-1.7.0~rc1/Makefile.in
-===================================================================
---- unbound-1.7.0~rc1.orig/Makefile.in
-+++ unbound-1.7.0~rc1/Makefile.in
-@@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c
+--- unboundfastrpz/Makefile.in	(revision 4923)
++++ unboundfastrpz/Makefile.in	(working copy)
+@@ -23,6 +23,8 @@
  CHECKLOCK_OBJ=@CHECKLOCK_OBJ@
  DNSTAP_SRC=@DNSTAP_SRC@
  DNSTAP_OBJ=@DNSTAP_OBJ@
@@ -18,7 +14,7 @@ Index: unbound-1.7.0~rc1/Makefile.in
  DNSCRYPT_SRC=@DNSCRYPT_SRC@
  DNSCRYPT_OBJ=@DNSCRYPT_OBJ@
  WITH_PYTHONMODULE=@WITH_PYTHONMODULE@
-@@ -125,7 +127,7 @@ validator/val_sigcrypt.c validator/val_u
+@@ -126,7 +128,7 @@
  edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \
  edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \
  cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \
@@ -27,16 +23,16 @@ Index: unbound-1.7.0~rc1/Makefile.in
  COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
  as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
  iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \
-@@ -137,7 +139,7 @@ slabhash.lo timehist.lo tube.lo winsock_
+@@ -139,7 +141,7 @@
  validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
- val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo\
+ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \
  $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \
 -$(IPSECMOD_OBJ) respip.lo
 +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) respip.lo
  COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
  outside_network.lo
  COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo
-@@ -400,6 +402,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscry
+@@ -405,6 +407,11 @@
  	$(srcdir)/util/config_file.h $(srcdir)/util/log.h \
  	$(srcdir)/util/netevent.h
  
@@ -48,11 +44,11 @@ Index: unbound-1.7.0~rc1/Makefile.in
  # Python Module
  pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \
  	pythonmod/interface.h \
-Index: unbound-1.7.0~rc1/config.h.in
+Index: unboundfastrpz/config.h.in
 ===================================================================
---- unbound-1.7.0~rc1.orig/config.h.in
-+++ unbound-1.7.0~rc1/config.h.in
-@@ -1228,4 +1228,11 @@ void *unbound_stat_realloc_log(void *ptr
+--- unboundfastrpz/config.h.in	(revision 4923)
++++ unboundfastrpz/config.h.in	(working copy)
+@@ -1272,4 +1272,11 @@
  /** the version of unbound-control that this software implements */
  #define UNBOUND_CONTROL_VERSION 1
  
@@ -65,11 +61,11 @@ Index: unbound-1.7.0~rc1/config.h.in
 +#undef FASTRPZ_LIB_OPEN
 +/** turn on fastrpz response policy zones */
 +#undef ENABLE_FASTRPZ
-Index: unbound-1.7.0~rc1/configure.ac
+Index: unboundfastrpz/configure.ac
 ===================================================================
---- unbound-1.7.0~rc1.orig/configure.ac
-+++ unbound-1.7.0~rc1/configure.ac
-@@ -6,6 +6,7 @@ sinclude(ax_pthread.m4)
+--- unboundfastrpz/configure.ac	(revision 4923)
++++ unboundfastrpz/configure.ac	(working copy)
+@@ -6,6 +6,7 @@
  sinclude(acx_python.m4)
  sinclude(ac_pkg_swig.m4)
  sinclude(dnstap/dnstap.m4)
@@ -77,7 +73,7 @@ Index: unbound-1.7.0~rc1/configure.ac
  sinclude(dnscrypt/dnscrypt.m4)
  
  # must be numbers. ac_defun because of later processing
-@@ -1453,6 +1454,9 @@ case "$enable_ipsecmod" in
+@@ -1565,6 +1566,9 @@
  		;;
  esac
  
@@ -87,11 +83,11 @@ Index: unbound-1.7.0~rc1/configure.ac
  AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope])
  # on openBSD, the implicit rule make $< work.
  # on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
-Index: unbound-1.7.0~rc1/daemon/daemon.c
+Index: unboundfastrpz/daemon/daemon.c
 ===================================================================
---- unbound-1.7.0~rc1.orig/daemon/daemon.c
-+++ unbound-1.7.0~rc1/daemon/daemon.c
-@@ -90,6 +90,9 @@
+--- unboundfastrpz/daemon/daemon.c	(revision 4923)
++++ unboundfastrpz/daemon/daemon.c	(working copy)
+@@ -91,6 +91,9 @@
  #include "sldns/keyraw.h"
  #include "respip/respip.h"
  #include <signal.h>
@@ -101,7 +97,7 @@ Index: unbound-1.7.0~rc1/daemon/daemon.c
  
  #ifdef HAVE_SYSTEMD
  #include <systemd/sd-daemon.h>
-@@ -461,6 +464,14 @@ daemon_create_workers(struct daemon* dae
+@@ -462,6 +465,14 @@
  		fatal_exit("dnstap enabled in config but not built with dnstap support");
  #endif
  	}
@@ -116,9 +112,9 @@ Index: unbound-1.7.0~rc1/daemon/daemon.c
  	for(i=0; i<daemon->num; i++) {
  		if(!(daemon->workers[i] = worker_create(daemon, i,
  			shufport+numport*i/daemon->num, 
-@@ -710,6 +721,9 @@ daemon_cleanup(struct daemon* daemon)
- #ifdef USE_DNSCRYPT
+@@ -719,6 +730,9 @@
  	dnsc_delete(daemon->dnscenv);
+ 	daemon->dnscenv = NULL;
  #endif
 +#ifdef ENABLE_FASTRPZ
 +	rpz_delete(&daemon->rpz_clist, &daemon->rpz_client);
@@ -126,11 +122,11 @@ Index: unbound-1.7.0~rc1/daemon/daemon.c
  	daemon->cfg = NULL;
  }
  
-Index: unbound-1.7.0~rc1/daemon/daemon.h
+Index: unboundfastrpz/daemon/daemon.h
 ===================================================================
---- unbound-1.7.0~rc1.orig/daemon/daemon.h
-+++ unbound-1.7.0~rc1/daemon/daemon.h
-@@ -134,6 +134,11 @@ struct daemon {
+--- unboundfastrpz/daemon/daemon.h	(revision 4923)
++++ unboundfastrpz/daemon/daemon.h	(working copy)
+@@ -136,6 +136,11 @@
  	/** the dnscrypt environment */
  	struct dnsc_env* dnscenv;
  #endif
@@ -142,11 +138,11 @@ Index: unbound-1.7.0~rc1/daemon/daemon.h
  };
  
  /**
-Index: unbound-1.7.0~rc1/daemon/worker.c
+Index: unboundfastrpz/daemon/worker.c
 ===================================================================
---- unbound-1.7.0~rc1.orig/daemon/worker.c
-+++ unbound-1.7.0~rc1/daemon/worker.c
-@@ -74,6 +74,9 @@
+--- unboundfastrpz/daemon/worker.c	(revision 4923)
++++ unboundfastrpz/daemon/worker.c	(working copy)
+@@ -75,6 +75,9 @@
  #include "libunbound/context.h"
  #include "libunbound/libworker.h"
  #include "sldns/sbuffer.h"
@@ -156,7 +152,7 @@ Index: unbound-1.7.0~rc1/daemon/worker.c
  #include "sldns/wire2str.h"
  #include "util/shm_side/shm_main.h"
  #include "dnscrypt/dnscrypt.h"
-@@ -527,8 +530,27 @@ answer_norec_from_cache(struct worker* w
+@@ -533,8 +536,27 @@
  			/* not secure */
  			secure = 0;
  			break;
@@ -182,9 +178,9 @@ Index: unbound-1.7.0~rc1/daemon/worker.c
 +	}
 +#endif
  	/* return this delegation from the cache */
+ 	edns_bak = *edns;
  	edns->edns_version = EDNS_ADVERTISED_VERSION;
- 	edns->udp_size = EDNS_ADVERTISED_SIZE;
-@@ -689,6 +711,23 @@ answer_from_cache(struct worker* worker,
+@@ -702,6 +724,23 @@
  			secure = 0;
  		}
  	} else	secure = 0;
@@ -206,9 +202,9 @@ Index: unbound-1.7.0~rc1/daemon/worker.c
 +        }
 +#endif
  
+ 	edns_bak = *edns;
  	edns->edns_version = EDNS_ADVERTISED_VERSION;
- 	edns->udp_size = EDNS_ADVERTISED_SIZE;
-@@ -1291,6 +1330,15 @@ worker_handle_request(struct comm_point*
+@@ -1407,6 +1446,15 @@
  		log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",
  			&repinfo->addr, repinfo->addrlen);
  		goto send_reply;
@@ -224,7 +220,7 @@ Index: unbound-1.7.0~rc1/daemon/worker.c
  	}
  
  	/* If we've found a local alias, replace the qname with the alias
-@@ -1339,12 +1387,21 @@ lookup_cache:
+@@ -1455,12 +1503,21 @@
  		h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2));
  		if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) {
  			/* answer from cache - we have acquired a readlock on it */
@@ -248,7 +244,7 @@ Index: unbound-1.7.0~rc1/daemon/worker.c
  				/* prefetch it if the prefetch TTL expired.
  				 * Note that if there is more than one pass
  				 * its qname must be that used for cache
-@@ -1398,11 +1455,19 @@ lookup_cache:
+@@ -1514,11 +1571,19 @@
  			lock_rw_unlock(&e->lock);
  		}
  		if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) {
@@ -270,11 +266,11 @@ Index: unbound-1.7.0~rc1/daemon/worker.c
  				goto send_reply;
  			}
  			verbose(VERB_ALGO, "answer norec from cache -- "
-Index: unbound-1.7.0~rc1/doc/unbound.conf.5.in
+Index: unboundfastrpz/doc/unbound.conf.5.in
 ===================================================================
---- unbound-1.7.0~rc1.orig/doc/unbound.conf.5.in
-+++ unbound-1.7.0~rc1/doc/unbound.conf.5.in
-@@ -1705,6 +1705,81 @@ It must be /96 or shorter.  The default
+--- unboundfastrpz/doc/unbound.conf.5.in	(revision 4923)
++++ unboundfastrpz/doc/unbound.conf.5.in	(working copy)
+@@ -1728,6 +1728,81 @@
  used by dns64 processing instead.  Can be entered multiple times, list a
  new domain for which it applies, one per line.  Applies also to names
  underneath the name given.
@@ -356,10 +352,10 @@ Index: unbound-1.7.0~rc1/doc/unbound.conf.5.in
  .SS "DNSCrypt Options"
  .LP
  The
-Index: unbound-1.7.0~rc1/fastrpz/librpz.h
+Index: unboundfastrpz/fastrpz/librpz.h
 ===================================================================
---- /dev/null
-+++ unbound-1.7.0~rc1/fastrpz/librpz.h
+--- unboundfastrpz/fastrpz/librpz.h	(nonexistent)
++++ unboundfastrpz/fastrpz/librpz.h	(working copy)
 @@ -0,0 +1,957 @@
 +/*
 + * Define the interface from a DNS resolver to the Response Policy Zone
@@ -1318,11 +1314,11 @@ Index: unbound-1.7.0~rc1/fastrpz/librpz.h
 +#endif /* LIBRPZ_LIB_OPEN */
 +
 +#endif /* LIBRPZ_H */
-Index: unbound-1.7.0~rc1/fastrpz/rpz.c
+Index: unboundfastrpz/fastrpz/rpz.c
 ===================================================================
---- /dev/null
-+++ unbound-1.7.0~rc1/fastrpz/rpz.c
-@@ -0,0 +1,1357 @@
+--- unboundfastrpz/fastrpz/rpz.c	(nonexistent)
++++ unboundfastrpz/fastrpz/rpz.c	(working copy)
+@@ -0,0 +1,1352 @@
 +/*
 + * fastrpz/rpz.c - interface to the fastrpz response policy zone library
 + *
@@ -1438,8 +1434,6 @@ Index: unbound-1.7.0~rc1/fastrpz/rpz.c
 +static void
 +log_fnc(librpz_log_level_t level, void* ATTR_UNUSED(ctx), const char* buf)
 +{
-+	char label_buf[sizeof("rpz ")+8];
-+
 +	/* Setting librpz_log_level overrides the unbound "verbose" level. */
 +	if(level > LIBRPZ_LOG_TRACE1 &&
 +	   level <= librpz->log_level_val(LIBRPZ_LOG_INVALID))
@@ -1949,12 +1943,9 @@ Index: unbound-1.7.0~rc1/fastrpz/rpz.c
 +	case st_ck_ns:
 +		/* An NSDNAME or NSIP check failed for lack of cached data. */
 +		return false;
-+#pragma clang diagnostic push
-+#pragma clang diagnostic ignored "-Wunreachable-code"
 +	default:
 +		fatal_exit("impossible RPZ state %d in rpz_worker_cache()",
 +			   rpz->st);
-+#pragma clang diagnostic pop
 +	}
 +
 +	/* Wait for a trigger. */
@@ -2680,10 +2671,10 @@ Index: unbound-1.7.0~rc1/fastrpz/rpz.c
 +}
 +
 +#endif /* ENABLE_FASTRPZ */
-Index: unbound-1.7.0~rc1/fastrpz/rpz.h
+Index: unboundfastrpz/fastrpz/rpz.h
 ===================================================================
---- /dev/null
-+++ unbound-1.7.0~rc1/fastrpz/rpz.h
+--- unboundfastrpz/fastrpz/rpz.h	(nonexistent)
++++ unboundfastrpz/fastrpz/rpz.h	(working copy)
 @@ -0,0 +1,138 @@
 +/*
 + * fastrpz/rpz.h - interface to the fastrpz response policy zone library
@@ -2823,10 +2814,10 @@ Index: unbound-1.7.0~rc1/fastrpz/rpz.h
 +
 +#endif /* ENABLE_FASTRPZ */
 +#endif /* UNBOUND_FASTRPZ_RPZ_H */
-Index: unbound-1.7.0~rc1/fastrpz/rpz.m4
+Index: unboundfastrpz/fastrpz/rpz.m4
 ===================================================================
---- /dev/null
-+++ unbound-1.7.0~rc1/fastrpz/rpz.m4
+--- unboundfastrpz/fastrpz/rpz.m4	(nonexistent)
++++ unboundfastrpz/fastrpz/rpz.m4	(working copy)
 @@ -0,0 +1,64 @@
 +# fastrpz/rpz.m4
 +
@@ -2892,10 +2883,10 @@ Index: unbound-1.7.0~rc1/fastrpz/rpz.m4
 +    AC_MSG_WARN([[dlopen and librpz.so needed for fastrpz]])
 +  fi
 +])
-Index: unbound-1.7.0~rc1/iterator/iterator.c
+Index: unboundfastrpz/iterator/iterator.c
 ===================================================================
---- unbound-1.7.0~rc1.orig/iterator/iterator.c
-+++ unbound-1.7.0~rc1/iterator/iterator.c
+--- unboundfastrpz/iterator/iterator.c	(revision 4923)
++++ unboundfastrpz/iterator/iterator.c	(working copy)
 @@ -68,6 +68,9 @@
  #include "sldns/str2wire.h"
  #include "sldns/parseutil.h"
@@ -2906,7 +2897,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c
  
  int 
  iter_init(struct module_env* env, int id)
-@@ -511,6 +514,23 @@ handle_cname_response(struct module_qsta
+@@ -525,6 +528,23 @@
  		if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME &&
  			query_dname_compare(*mname, r->rk.dname) == 0 &&
  			!iter_find_rrset_in_prepend_answer(iq, r)) {
@@ -2930,7 +2921,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c
  			/* Add this relevant CNAME rrset to the prepend list.*/
  			if(!iter_add_prepend_answer(qstate, iq, r))
  				return 0;
-@@ -519,6 +539,9 @@ handle_cname_response(struct module_qsta
+@@ -533,6 +553,9 @@
  
  		/* Other rrsets in the section are ignored. */
  	}
@@ -2940,7 +2931,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c
  	/* add authority rrsets to authority prepend, for wildcarded CNAMEs */
  	for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets +
  		msg->rep->ns_numrrsets; i++) {
-@@ -1148,6 +1171,7 @@ processInitRequest(struct module_qstate*
+@@ -1216,6 +1239,7 @@
  	uint8_t* delname;
  	size_t delnamelen;
  	struct dns_msg* msg = NULL;
@@ -2948,7 +2939,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c
  
  	log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo);
  	/* check effort */
-@@ -1223,8 +1247,7 @@ processInitRequest(struct module_qstate*
+@@ -1302,8 +1326,7 @@
  	}
  	if(msg) {
  		/* handle positive cache response */
@@ -2958,7 +2949,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c
  		if(verbosity >= VERB_ALGO) {
  			log_dns_msg("msg from cache lookup", &msg->qinfo, 
  				msg->rep);
-@@ -1232,7 +1255,22 @@ processInitRequest(struct module_qstate*
+@@ -1311,7 +1334,22 @@
  				(int)msg->rep->ttl, 
  				(int)msg->rep->prefetch_ttl);
  		}
@@ -2981,7 +2972,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c
  		if(type == RESPONSE_TYPE_CNAME) {
  			uint8_t* sname = 0;
  			size_t slen = 0;
-@@ -2552,6 +2590,62 @@ processQueryResponse(struct module_qstat
+@@ -2716,6 +2754,62 @@
  			sock_list_insert(&qstate->reply_origin, 
  				&qstate->reply->addr, qstate->reply->addrlen, 
  				qstate->region);
@@ -3041,10 +3032,10 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c
 +			}
 +		}
 +#endif
- 		if(iq->minimisation_state != DONOT_MINIMISE_STATE) {
+ 		if(iq->minimisation_state != DONOT_MINIMISE_STATE
+ 			&& !(iq->chase_flags & BIT_RD)) {
  			if(FLAGS_GET_RCODE(iq->response->rep->flags) != 
- 				LDNS_RCODE_NOERROR) {
-@@ -3273,12 +3367,44 @@ processFinished(struct module_qstate* qs
+@@ -3462,6 +3556,10 @@
  		 * but only if we did recursion. The nonrecursion referral
  		 * from cache does not need to be stored in the msg cache. */
  		if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) {
@@ -3055,6 +3046,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c
  			iter_dns_store(qstate->env, &qstate->qinfo, 
  				iq->response->rep, 0, qstate->prefetch_leeway,
  				iq->dp&&iq->dp->has_parent_side_NS,
+@@ -3468,6 +3566,34 @@
  				qstate->region, qstate->query_flags);
  		}
  	}
@@ -3089,11 +3081,11 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c
  	qstate->return_rcode = LDNS_RCODE_NOERROR;
  	qstate->return_msg = iq->response;
  	return 0;
-Index: unbound-1.7.0~rc1/iterator/iterator.h
+Index: unboundfastrpz/iterator/iterator.h
 ===================================================================
---- unbound-1.7.0~rc1.orig/iterator/iterator.h
-+++ unbound-1.7.0~rc1/iterator/iterator.h
-@@ -383,6 +383,16 @@ struct iter_qstate {
+--- unboundfastrpz/iterator/iterator.h	(revision 4923)
++++ unboundfastrpz/iterator/iterator.h	(working copy)
+@@ -386,6 +386,16 @@
  	 */
  	int minimise_count;
  
@@ -3110,11 +3102,11 @@ Index: unbound-1.7.0~rc1/iterator/iterator.h
  	/**
  	 * Count number of time-outs. Used to prevent resolving failures when
  	 * the QNAME minimisation QTYPE is blocked. */
-Index: unbound-1.7.0~rc1/services/cache/dns.c
+Index: unboundfastrpz/services/cache/dns.c
 ===================================================================
---- unbound-1.7.0~rc1.orig/services/cache/dns.c
-+++ unbound-1.7.0~rc1/services/cache/dns.c
-@@ -876,6 +876,14 @@ dns_cache_store(struct module_env* env,
+--- unboundfastrpz/services/cache/dns.c	(revision 4923)
++++ unboundfastrpz/services/cache/dns.c	(working copy)
+@@ -928,6 +928,14 @@
  	struct regional* region, uint32_t flags)
  {
  	struct reply_info* rep = NULL;
@@ -3129,11 +3121,11 @@ Index: unbound-1.7.0~rc1/services/cache/dns.c
  	/* alloc, malloc properly (not in region, like msg is) */
  	rep = reply_info_copy(msgrep, env->alloc, NULL);
  	if(!rep)
-Index: unbound-1.7.0~rc1/services/mesh.c
+Index: unboundfastrpz/services/mesh.c
 ===================================================================
---- unbound-1.7.0~rc1.orig/services/mesh.c
-+++ unbound-1.7.0~rc1/services/mesh.c
-@@ -59,6 +59,9 @@
+--- unboundfastrpz/services/mesh.c	(revision 4923)
++++ unboundfastrpz/services/mesh.c	(working copy)
+@@ -60,6 +60,9 @@
  #include "sldns/wire2str.h"
  #include "services/localzone.h"
  #include "util/data/dname.h"
@@ -3143,7 +3135,7 @@ Index: unbound-1.7.0~rc1/services/mesh.c
  #include "respip/respip.h"
  
  /** subtract timers and the values do not overflow or become negative */
-@@ -1050,6 +1053,13 @@ mesh_send_reply(struct mesh_state* m, in
+@@ -1057,6 +1060,13 @@
  	else	secure = 0;
  	if(!rep && rcode == LDNS_RCODE_NOERROR)
  		rcode = LDNS_RCODE_SERVFAIL;
@@ -3157,7 +3149,7 @@ Index: unbound-1.7.0~rc1/services/mesh.c
  	/* send the reply */
  	/* We don't reuse the encoded answer if either the previous or current
  	 * response has a local alias.  We could compare the alias records
-@@ -1199,6 +1209,7 @@ struct mesh_state* mesh_area_find(struct
+@@ -1230,6 +1240,7 @@
  	key.s.is_valrec = valrec;
  	key.s.qinfo = *qinfo;
  	key.s.query_flags = qflags;
@@ -3165,7 +3157,7 @@ Index: unbound-1.7.0~rc1/services/mesh.c
  	/* We are searching for a similar mesh state when we DO want to
  	 * aggregate the state. Thus unique is set to NULL. (default when we
  	 * desire aggregation).*/
-@@ -1245,6 +1256,10 @@ int mesh_state_add_reply(struct mesh_sta
+@@ -1276,6 +1287,10 @@
  	if(!r)
  		return 0;
  	r->query_reply = *rep;
@@ -3176,11 +3168,11 @@ Index: unbound-1.7.0~rc1/services/mesh.c
  	r->edns = *edns;
  	if(edns->opt_list) {
  		r->edns.opt_list = edns_opt_copy_region(edns->opt_list,
-Index: unbound-1.7.0~rc1/util/config_file.c
+Index: unboundfastrpz/util/config_file.c
 ===================================================================
---- unbound-1.7.0~rc1.orig/util/config_file.c
-+++ unbound-1.7.0~rc1/util/config_file.c
-@@ -1323,6 +1323,8 @@ config_delete(struct config_file* cfg)
+--- unboundfastrpz/util/config_file.c	(revision 4923)
++++ unboundfastrpz/util/config_file.c	(working copy)
+@@ -1386,6 +1386,8 @@
  	free(cfg->dnstap_socket_path);
  	free(cfg->dnstap_identity);
  	free(cfg->dnstap_version);
@@ -3189,11 +3181,11 @@ Index: unbound-1.7.0~rc1/util/config_file.c
  	config_deldblstrlist(cfg->ratelimit_for_domain);
  	config_deldblstrlist(cfg->ratelimit_below_domain);
  #ifdef USE_IPSECMOD
-Index: unbound-1.7.0~rc1/util/config_file.h
+Index: unboundfastrpz/util/config_file.h
 ===================================================================
---- unbound-1.7.0~rc1.orig/util/config_file.h
-+++ unbound-1.7.0~rc1/util/config_file.h
-@@ -431,6 +431,11 @@ struct config_file {
+--- unboundfastrpz/util/config_file.h	(revision 4923)
++++ unboundfastrpz/util/config_file.h	(working copy)
+@@ -468,6 +468,11 @@
  	/** true to disable DNSSEC lameness check in iterator */
  	int disable_dnssec_lame_check;
  
@@ -3205,11 +3197,11 @@ Index: unbound-1.7.0~rc1/util/config_file.h
  	/** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */
  	int ip_ratelimit;
  	/** number of slabs for ip_ratelimit cache */
-Index: unbound-1.7.0~rc1/util/configlexer.lex
+Index: unboundfastrpz/util/configlexer.lex
 ===================================================================
---- unbound-1.7.0~rc1.orig/util/configlexer.lex
-+++ unbound-1.7.0~rc1/util/configlexer.lex
-@@ -412,6 +412,10 @@ dnstap-log-forwarder-query-messages{COLO
+--- unboundfastrpz/util/configlexer.lex	(revision 4923)
++++ unboundfastrpz/util/configlexer.lex	(working copy)
+@@ -429,6 +429,10 @@
  		YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) }
  dnstap-log-forwarder-response-messages{COLON}	{
  		YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) }
@@ -3220,11 +3212,11 @@ Index: unbound-1.7.0~rc1/util/configlexer.lex
  disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) }
  ip-ratelimit{COLON}		{ YDVAR(1, VAR_IP_RATELIMIT) }
  ratelimit{COLON}		{ YDVAR(1, VAR_RATELIMIT) }
-Index: unbound-1.7.0~rc1/util/configparser.y
+Index: unboundfastrpz/util/configparser.y
 ===================================================================
---- unbound-1.7.0~rc1.orig/util/configparser.y
-+++ unbound-1.7.0~rc1/util/configparser.y
-@@ -124,6 +124,7 @@ extern struct config_parser_state* cfg_p
+--- unboundfastrpz/util/configparser.y	(revision 4923)
++++ unboundfastrpz/util/configparser.y	(working copy)
+@@ -125,6 +125,7 @@
  %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
  %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
  %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
@@ -3232,7 +3224,7 @@ Index: unbound-1.7.0~rc1/util/configparser.y
  %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
  %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
  %token VAR_DISABLE_DNSSEC_LAME_CHECK
-@@ -158,7 +159,7 @@ extern struct config_parser_state* cfg_p
+@@ -164,7 +165,7 @@
  
  %%
  toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -3241,7 +3233,7 @@ Index: unbound-1.7.0~rc1/util/configparser.y
  	forwardstart contents_forward | pythonstart contents_py | 
  	rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
  	dnscstart contents_dnsc | cachedbstart contents_cachedb |
-@@ -2384,6 +2385,50 @@ dt_dnstap_log_forwarder_response_message
+@@ -2546,6 +2547,50 @@
  			(strcmp($2, "yes")==0);
  	}
  	;
@@ -3269,7 +3261,7 @@ Index: unbound-1.7.0~rc1/util/configparser.y
 +
 +		OUTYY(("P(rpz_zone:%s)\n", $2));
 +		old_cstr = cfg_parser->cfg->rpz_cstr;
-+		asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2);
++		(void)asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2);
 +		if(!new_cstr)
 +			yyerror("out of memory");
 +		free(old_cstr);
@@ -3282,7 +3274,7 @@ Index: unbound-1.7.0~rc1/util/configparser.y
 +
 +		OUTYY(("P(rpz_option:%s)\n", $2));
 +		old_cstr = cfg_parser->cfg->rpz_cstr;
-+		asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2);
++		(void)asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2);
 +		if(!new_cstr)
 +			yyerror("out of memory");
 +		free(old_cstr);
@@ -3292,11 +3284,11 @@ Index: unbound-1.7.0~rc1/util/configparser.y
  pythonstart: VAR_PYTHON
  	{ 
  		OUTYY(("\nP(python:)\n")); 
-Index: unbound-1.7.0~rc1/util/data/msgencode.c
+Index: unboundfastrpz/util/data/msgencode.c
 ===================================================================
---- unbound-1.7.0~rc1.orig/util/data/msgencode.c
-+++ unbound-1.7.0~rc1/util/data/msgencode.c
-@@ -585,6 +585,35 @@ insert_section(struct reply_info* rep, s
+--- unboundfastrpz/util/data/msgencode.c	(revision 4923)
++++ unboundfastrpz/util/data/msgencode.c	(working copy)
+@@ -585,6 +585,35 @@
  	return RETVAL_OK;
  }
  
@@ -3332,7 +3324,7 @@ Index: unbound-1.7.0~rc1/util/data/msgencode.c
  /** store query section in wireformat buffer, return RETVAL */
  static int
  insert_query(struct query_info* qinfo, struct compress_tree_node** tree, 
-@@ -750,6 +779,19 @@ reply_info_encode(struct query_info* qin
+@@ -748,6 +777,19 @@
  			return 0;
  		}
  		sldns_buffer_write_u16_at(buffer, 10, arcount);
@@ -3352,13 +3344,13 @@ Index: unbound-1.7.0~rc1/util/data/msgencode.c
  	}
  	sldns_buffer_flip(buffer);
  	return 1;
-Index: unbound-1.7.0~rc1/util/data/packed_rrset.c
+Index: unboundfastrpz/util/data/packed_rrset.c
 ===================================================================
---- unbound-1.7.0~rc1.orig/util/data/packed_rrset.c
-+++ unbound-1.7.0~rc1/util/data/packed_rrset.c
-@@ -254,6 +254,10 @@ sec_status_to_string(enum sec_status s)
- 	case sec_status_indeterminate: 	return "sec_status_indeterminate";
+--- unboundfastrpz/util/data/packed_rrset.c	(revision 4923)
++++ unboundfastrpz/util/data/packed_rrset.c	(working copy)
+@@ -255,6 +255,10 @@
  	case sec_status_insecure: 	return "sec_status_insecure";
+ 	case sec_status_secure_sentinel_fail: 	return "sec_status_secure_sentinel_fail";
  	case sec_status_secure: 	return "sec_status_secure";
 +#ifdef ENABLE_FASTRPZ
 +	case sec_status_rpz_rewritten: 	return "sec_status_rpz_rewritten";
@@ -3367,12 +3359,12 @@ Index: unbound-1.7.0~rc1/util/data/packed_rrset.c
  	}
  	return "unknown_sec_status_value";
  }
-Index: unbound-1.7.0~rc1/util/data/packed_rrset.h
+Index: unboundfastrpz/util/data/packed_rrset.h
 ===================================================================
---- unbound-1.7.0~rc1.orig/util/data/packed_rrset.h
-+++ unbound-1.7.0~rc1/util/data/packed_rrset.h
-@@ -189,7 +189,15 @@ enum sec_status {
- 	sec_status_insecure,
+--- unboundfastrpz/util/data/packed_rrset.h	(revision 4923)
++++ unboundfastrpz/util/data/packed_rrset.h	(working copy)
+@@ -193,7 +193,15 @@
+ 	sec_status_secure_sentinel_fail,
  	/** SECURE means that the object (RRset or message) validated 
  	 * according to local policy. */
 -	sec_status_secure
@@ -3388,11 +3380,11 @@ Index: unbound-1.7.0~rc1/util/data/packed_rrset.h
  };
  
  /**
-Index: unbound-1.7.0~rc1/util/netevent.c
+Index: unboundfastrpz/util/netevent.c
 ===================================================================
---- unbound-1.7.0~rc1.orig/util/netevent.c
-+++ unbound-1.7.0~rc1/util/netevent.c

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810091942.w99JgZvc081119>