Date: Sat, 12 May 2018 14:48:38 +0000 (UTC) From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r333563 - in head/contrib/unbound: . cachedb contrib daemon dns64 dnscrypt doc iterator libunbound services services/cache sldns smallapp util util/data util/shm_side util/storage valid... Message-ID: <201805121448.w4CEmcmD006208@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Sat May 12 14:48:38 2018 New Revision: 333563 URL: https://svnweb.freebsd.org/changeset/base/333563 Log: Upgrade Unbound to 1.6.6. More to follow. Added: head/contrib/unbound/dnscrypt/dnscrypt_config.h (contents, props changed) Modified: head/contrib/unbound/Makefile.in head/contrib/unbound/acx_nlnetlabs.m4 head/contrib/unbound/cachedb/cachedb.c head/contrib/unbound/config.h head/contrib/unbound/config.h.in head/contrib/unbound/configure head/contrib/unbound/configure.ac head/contrib/unbound/contrib/fastrpz.patch head/contrib/unbound/daemon/daemon.c head/contrib/unbound/daemon/remote.c head/contrib/unbound/daemon/stats.c head/contrib/unbound/daemon/unbound.c head/contrib/unbound/daemon/worker.c head/contrib/unbound/dns64/dns64.c head/contrib/unbound/dnscrypt/dnscrypt.c head/contrib/unbound/dnscrypt/dnscrypt.h head/contrib/unbound/doc/Changelog head/contrib/unbound/doc/README head/contrib/unbound/doc/example.conf head/contrib/unbound/doc/example.conf.in head/contrib/unbound/doc/libunbound.3 head/contrib/unbound/doc/libunbound.3.in head/contrib/unbound/doc/unbound-anchor.8 head/contrib/unbound/doc/unbound-anchor.8.in head/contrib/unbound/doc/unbound-checkconf.8 head/contrib/unbound/doc/unbound-checkconf.8.in head/contrib/unbound/doc/unbound-control.8 head/contrib/unbound/doc/unbound-control.8.in head/contrib/unbound/doc/unbound-host.1 head/contrib/unbound/doc/unbound-host.1.in head/contrib/unbound/doc/unbound.8 head/contrib/unbound/doc/unbound.8.in head/contrib/unbound/doc/unbound.conf.5 head/contrib/unbound/doc/unbound.conf.5.in head/contrib/unbound/iterator/iterator.c head/contrib/unbound/iterator/iterator.h head/contrib/unbound/libunbound/libworker.c head/contrib/unbound/libunbound/unbound.h head/contrib/unbound/services/authzone.c head/contrib/unbound/services/cache/dns.c head/contrib/unbound/services/cache/infra.c head/contrib/unbound/services/listen_dnsport.c head/contrib/unbound/services/localzone.c head/contrib/unbound/services/localzone.h head/contrib/unbound/services/outside_network.c head/contrib/unbound/sldns/parseutil.c head/contrib/unbound/sldns/str2wire.c head/contrib/unbound/sldns/wire2str.c head/contrib/unbound/smallapp/unbound-anchor.c head/contrib/unbound/smallapp/unbound-checkconf.c head/contrib/unbound/smallapp/unbound-control.c head/contrib/unbound/util/config_file.c head/contrib/unbound/util/config_file.h head/contrib/unbound/util/configlexer.lex head/contrib/unbound/util/configparser.y head/contrib/unbound/util/data/msgreply.c head/contrib/unbound/util/fptr_wlist.c head/contrib/unbound/util/iana_ports.inc head/contrib/unbound/util/net_help.c head/contrib/unbound/util/net_help.h head/contrib/unbound/util/netevent.c head/contrib/unbound/util/shm_side/shm_main.c head/contrib/unbound/util/storage/lookup3.c head/contrib/unbound/validator/val_secalgo.c head/contrib/unbound/validator/val_utils.c Directory Properties: head/contrib/unbound/ (props changed) Modified: head/contrib/unbound/Makefile.in ============================================================================== --- head/contrib/unbound/Makefile.in Sat May 12 14:39:41 2018 (r333562) +++ head/contrib/unbound/Makefile.in Sat May 12 14:48:38 2018 (r333563) @@ -426,7 +426,7 @@ libunbound/python/libunbound_wrap.c: $(srcdir)/libunbo # Pyunbound python unbound wrapper _unbound.la: libunbound_wrap.lo libunbound.la - $(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@ libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) L. -L.libs -lunbound + $(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@ libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) -L. -L.libs -lunbound util/config_file.c: util/configparser.h util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h @@ -735,9 +735,9 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_ut $(srcdir)/sldns/str2wire.h listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -749,8 +749,8 @@ localzone.lo localzone.o: $(srcdir)/services/localzone $(srcdir)/util/as112.h mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h \ @@ -777,12 +777,12 @@ view.lo view.o: $(srcdir)/services/view.c config.h $(s outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ @@ -830,7 +830,7 @@ authzone.lo authzone.o: $(srcdir)/services/authzone.c $(srcdir)/validator/val_secalgo.h fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ @@ -851,8 +851,8 @@ locks.lo locks.o: $(srcdir)/util/locks.c config.h $(sr log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h @@ -860,8 +860,8 @@ module.lo module.o: $(srcdir)/util/module.c config.h $ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ @@ -876,7 +876,7 @@ net_help.lo net_help.o: $(srcdir)/util/net_help.c conf random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h @@ -897,19 +897,19 @@ slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhas timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h \ $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \ @@ -1040,7 +1040,9 @@ checklocks.lo checklocks.o: $(srcdir)/testcode/checklo $(srcdir)/testcode/checklocks.h dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/storage/lookup3.h ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ @@ -1174,9 +1176,10 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $( $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/validator/val_kcache.h unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/remote.h \ @@ -1207,16 +1210,15 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/rbtree.h \ - $(srcdir)/testcode/fake_event.h $(srcdir)/daemon/remote.h \ - $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/daemon/remote.h \ + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \ + $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h @@ -1266,17 +1268,19 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $( $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ + $(srcdir)/validator/val_kcache.h replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \ + $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/rrdef.h fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ @@ -1309,7 +1313,8 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/sm $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h $(PYTHONMOD_HEADER) + $(srcdir)/services/view.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h $(PYTHONMOD_HEADER) \ + $(srcdir)/edns-subnet/subnet-whitelist.h worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ Modified: head/contrib/unbound/acx_nlnetlabs.m4 ============================================================================== --- head/contrib/unbound/acx_nlnetlabs.m4 Sat May 12 14:39:41 2018 (r333562) +++ head/contrib/unbound/acx_nlnetlabs.m4 Sat May 12 14:48:38 2018 (r333563) @@ -688,8 +688,8 @@ AC_DEFUN([ACX_SSL_CHECKS], [ # check if -lwsock32 or -lgdi32 are needed. BAKLIBS="$LIBS" BAKSSLLIBS="$LIBSSL_LIBS" - LIBS="$LIBS -lgdi32" - LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32" + LIBS="$LIBS -lgdi32 -lws2_32" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32" AC_MSG_CHECKING([if -lcrypto needs -lgdi32]) AC_TRY_LINK([], [ int HMAC_Update(void); @@ -839,7 +839,11 @@ dnl see if on windows if test "$ac_cv_header_windows_h" = "yes"; then AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used]) USE_WINSOCK="1" - LIBS="$LIBS -lws2_32" + if echo $LIBS | grep 'lws2_32' >/dev/null; then + : + else + LIBS="$LIBS -lws2_32" + fi fi ], dnl no quick getaddrinfo, try mingw32 and winsock2 library. Modified: head/contrib/unbound/cachedb/cachedb.c ============================================================================== --- head/contrib/unbound/cachedb/cachedb.c Sat May 12 14:39:41 2018 (r333562) +++ head/contrib/unbound/cachedb/cachedb.c Sat May 12 14:48:38 2018 (r333563) @@ -61,6 +61,8 @@ /** the unit test testframe for cachedb, its module state contains * a cache for a couple queries (in memory). */ struct testframe_moddata { + /** lock for mutex */ + lock_basic_type lock; /** key for single stored data element, NULL if none */ char* stored_key; /** data for single stored data element, NULL if none */ @@ -72,14 +74,18 @@ struct testframe_moddata { static int testframe_init(struct module_env* env, struct cachedb_env* cachedb_env) { + struct testframe_moddata* d; (void)env; verbose(VERB_ALGO, "testframe_init"); - cachedb_env->backend_data = (void*)calloc(1, + d = (struct testframe_moddata*)calloc(1, sizeof(struct testframe_moddata)); + cachedb_env->backend_data = (void*)d; if(!cachedb_env->backend_data) { log_err("out of memory"); return 0; } + lock_basic_init(&d->lock); + lock_protect(&d->lock, d, sizeof(*d)); return 1; } @@ -92,6 +98,7 @@ testframe_deinit(struct module_env* env, struct cached verbose(VERB_ALGO, "testframe_deinit"); if(!d) return; + lock_basic_destroy(&d->lock); free(d->stored_key); free(d->stored_data); free(d); @@ -105,17 +112,22 @@ testframe_lookup(struct module_env* env, struct cached cachedb_env->backend_data; (void)env; verbose(VERB_ALGO, "testframe_lookup of %s", key); + lock_basic_lock(&d->lock); if(d->stored_key && strcmp(d->stored_key, key) == 0) { - if(d->stored_datalen > sldns_buffer_capacity(result_buffer)) + if(d->stored_datalen > sldns_buffer_capacity(result_buffer)) { + lock_basic_unlock(&d->lock); return 0; /* too large */ + } verbose(VERB_ALGO, "testframe_lookup found %d bytes", (int)d->stored_datalen); sldns_buffer_clear(result_buffer); sldns_buffer_write(result_buffer, d->stored_data, d->stored_datalen); sldns_buffer_flip(result_buffer); + lock_basic_unlock(&d->lock); return 1; } + lock_basic_unlock(&d->lock); return 0; } @@ -126,6 +138,7 @@ testframe_store(struct module_env* env, struct cachedb struct testframe_moddata* d = (struct testframe_moddata*) cachedb_env->backend_data; (void)env; + lock_basic_lock(&d->lock); verbose(VERB_ALGO, "testframe_store %s (%d bytes)", key, (int)data_len); /* free old data element (if any) */ @@ -137,6 +150,7 @@ testframe_store(struct module_env* env, struct cachedb d->stored_data = memdup(data, data_len); if(!d->stored_data) { + lock_basic_unlock(&d->lock); log_err("out of memory"); return; } @@ -146,8 +160,10 @@ testframe_store(struct module_env* env, struct cachedb free(d->stored_data); d->stored_data = NULL; d->stored_datalen = 0; + lock_basic_unlock(&d->lock); return; } + lock_basic_unlock(&d->lock); /* (key,data) successfully stored */ } @@ -170,16 +186,17 @@ cachedb_find_backend(const char* str) static int cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg) { - const char* backend_str = "testframe"; /* TODO get from cfg */ - (void)cfg; /* need this until the TODO is implemented */ - if(backend_str && backend_str[0]) { - cachedb_env->backend = cachedb_find_backend(backend_str); - if(!cachedb_env->backend) { - log_err("cachedb: cannot find backend name '%s", - backend_str); - return 0; - } + const char* backend_str = cfg->cachedb_backend; + + /* If unspecified we use the in-memory test DB. */ + if(!backend_str) + backend_str = "testframe"; + cachedb_env->backend = cachedb_find_backend(backend_str); + if(!cachedb_env->backend) { + log_err("cachedb: cannot find backend name '%s'", backend_str); + return 0; } + /* TODO see if more configuration needs to be applied or not */ return 1; } @@ -277,9 +294,10 @@ calc_hash(struct module_qstate* qstate, char* buf, siz size_t clen = 0; uint8_t hash[CACHEDB_HASHSIZE/8]; const char* hex = "0123456789ABCDEF"; - const char* secret = "default"; /* TODO: from qstate->env->cfg */ + const char* secret = qstate->env->cfg->cachedb_secret ? + qstate->env->cfg->cachedb_secret : "default"; size_t i; - + /* copy the hash info into the clear buffer */ if(clen + qstate->qinfo.qname_len < sizeof(clear)) { memmove(clear+clen, qstate->qinfo.qname, Modified: head/contrib/unbound/config.h ============================================================================== --- head/contrib/unbound/config.h Sat May 12 14:39:41 2018 (r333562) +++ head/contrib/unbound/config.h Sat May 12 14:48:38 2018 (r333563) @@ -297,6 +297,9 @@ /* Define to 1 if you have the <nettle/dsa-compat.h> header file. */ /* #undef HAVE_NETTLE_DSA_COMPAT_H */ +/* Define to 1 if you have the <nettle/eddsa.h> header file. */ +/* #undef HAVE_NETTLE_EDDSA_H */ + /* Use libnss for crypto */ /* #undef HAVE_NSS */ @@ -602,7 +605,7 @@ #define PACKAGE_NAME "unbound" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "unbound 1.6.4" +#define PACKAGE_STRING "unbound 1.6.6" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "unbound" @@ -611,7 +614,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.6.4" +#define PACKAGE_VERSION "1.6.6" /* default pidfile location */ #define PIDFILE "/var/unbound/unbound.pid" @@ -630,7 +633,7 @@ #define ROOT_CERT_FILE "/var/unbound/icannbundle.pem" /* version number for resource files */ -#define RSRC_PACKAGE_VERSION 1,6,4,0 +#define RSRC_PACKAGE_VERSION 1,6,6,0 /* Directory to chdir to */ #define RUN_DIR "/var/unbound" Modified: head/contrib/unbound/config.h.in ============================================================================== --- head/contrib/unbound/config.h.in Sat May 12 14:39:41 2018 (r333562) +++ head/contrib/unbound/config.h.in Sat May 12 14:48:38 2018 (r333563) @@ -296,6 +296,9 @@ /* Define to 1 if you have the <nettle/dsa-compat.h> header file. */ #undef HAVE_NETTLE_DSA_COMPAT_H +/* Define to 1 if you have the <nettle/eddsa.h> header file. */ +#undef HAVE_NETTLE_EDDSA_H + /* Use libnss for crypto */ #undef HAVE_NSS Modified: head/contrib/unbound/configure ============================================================================== --- head/contrib/unbound/configure Sat May 12 14:39:41 2018 (r333562) +++ head/contrib/unbound/configure Sat May 12 14:48:38 2018 (r333563) @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.6.5. +# Generated by GNU Autoconf 2.69 for unbound 1.6.6. # # Report bugs to <unbound-bugs@nlnetlabs.nl>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.6.5' -PACKAGE_STRING='unbound 1.6.5' +PACKAGE_VERSION='1.6.6' +PACKAGE_STRING='unbound 1.6.6' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -1437,7 +1437,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.6.5 to adapt to many kinds of systems. +\`configure' configures unbound 1.6.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1502,7 +1502,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.6.5:";; + short | recursive ) echo "Configuration of unbound 1.6.6:";; esac cat <<\_ACEOF @@ -1714,7 +1714,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.6.5 +unbound configure 1.6.6 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2423,7 +2423,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.6.5, which was +It was created by unbound $as_me 1.6.6, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2775,11 +2775,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=6 -UNBOUND_VERSION_MICRO=5 +UNBOUND_VERSION_MICRO=6 LIBUNBOUND_CURRENT=7 -LIBUNBOUND_REVISION=4 +LIBUNBOUND_REVISION=5 LIBUNBOUND_AGE=5 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2835,6 +2835,7 @@ LIBUNBOUND_AGE=5 # 1.6.3 had 7:2:5 # 1.6.4 had 7:3:5 # 1.6.5 had 7:4:5 +# 1.6.6 had 7:5:5 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -16464,7 +16465,9 @@ if test x"$ax_pthread_ok" = xyes; then $as_echo "#define HAVE_PTHREAD 1" >>confdefs.h - LIBS="$PTHREAD_LIBS $LIBS" + if test -n "$PTHREAD_LIBS"; then + LIBS="$PTHREAD_LIBS $LIBS" + fi CFLAGS="$CFLAGS $PTHREAD_CFLAGS" CC="$PTHREAD_CC" ub_have_pthreads=yes @@ -16894,8 +16897,16 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu $as_echo "#define HAVE_PYTHON 1" >>confdefs.h - LIBS="$PYTHON_LDFLAGS $LIBS" - CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" + if test -n "$LIBS"; then + LIBS="$PYTHON_LDFLAGS $LIBS" + else + LIBS="$PYTHON_LDFLAGS" + fi + if test -n "$CPPFLAGS"; then + CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" + else + CPPFLAGS="$PYTHON_CPPFLAGS" + fi ub_have_python=yes PC_PY_DEPENDENCY="python" @@ -17250,8 +17261,8 @@ $as_echo "no" >&6; } # check if -lwsock32 or -lgdi32 are needed. BAKLIBS="$LIBS" BAKSSLLIBS="$LIBSSL_LIBS" - LIBS="$LIBS -lgdi32" - LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32" + LIBS="$LIBS -lgdi32 -lws2_32" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -lgdi32" >&5 $as_echo_n "checking if -lcrypto needs -lgdi32... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -18053,6 +18064,7 @@ case "$enable_dsa" in ;; *) # detect if DSA is supported, and turn it off if not. + if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then ac_fn_c_check_func "$LINENO" "DSA_SIG_new" "ac_cv_func_DSA_SIG_new" if test "x$ac_cv_func_DSA_SIG_new" = xyes; then : @@ -18067,6 +18079,13 @@ else fi fi + else + +cat >>confdefs.h <<_ACEOF +#define USE_DSA 1 +_ACEOF + + fi ;; esac @@ -18096,11 +18115,6 @@ cat >>confdefs.h <<_ACEOF _ACEOF if test $ac_have_decl = 1; then : - -cat >>confdefs.h <<_ACEOF -#define USE_ED25519 1 -_ACEOF - use_ed25519="yes" else @@ -18109,6 +18123,28 @@ else fi fi + if test $USE_NETTLE = "yes"; then + for ac_header in nettle/eddsa.h +do : + ac_fn_c_check_header_compile "$LINENO" "nettle/eddsa.h" "ac_cv_header_nettle_eddsa_h" "$ac_includes_default +" +if test "x$ac_cv_header_nettle_eddsa_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETTLE_EDDSA_H 1 +_ACEOF + use_ed25519="yes" +fi + +done + + fi + if test $use_ed25519 = "yes"; then + +cat >>confdefs.h <<_ACEOF +#define USE_ED25519 1 +_ACEOF + + fi ;; esac @@ -18621,7 +18657,12 @@ if test x_$enable_static_exe = x_yes; then if test "$on_mingw" = yes; then staticexe="-all-static" # for static compile, include gdi32 and zlib here. - LIBS="$LIBS -lgdi32 -lz" + if echo $LIBS | grep 'lgdi32' >/dev/null; then + : + else + LIBS="$LIBS -lgdi32" + fi + LIBS="$LIBS -lz" fi fi @@ -18979,7 +19020,11 @@ if test "$ac_cv_header_windows_h" = "yes"; then $as_echo "#define USE_WINSOCK 1" >>confdefs.h USE_WINSOCK="1" - LIBS="$LIBS -lws2_32" + if echo $LIBS | grep 'lws2_32' >/dev/null; then + : + else + LIBS="$LIBS -lws2_32" + fi fi else @@ -20633,7 +20678,12 @@ $as_echo "#define OMITTED__D_LARGEFILE_SOURCE_1 1" >>c fi -LDFLAGS="$LATE_LDFLAGS $LDFLAGS" +if test -n "$LATE_LDFLAGS"; then + LDFLAGS="$LATE_LDFLAGS $LDFLAGS" +fi +# remove start spaces +LDFLAGS=`echo "$LDFLAGS"|sed -e 's/^ *//'` +LIBS=`echo "$LIBS"|sed -e 's/^ *//'` cat >>confdefs.h <<_ACEOF @@ -20643,7 +20693,7 @@ _ACEOF -version=1.6.5 +version=1.6.6 date=`date +'%b %e, %Y'` @@ -21162,7 +21212,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.6.5, which was +This file was extended by unbound $as_me 1.6.6, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21228,7 +21278,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.6.5 +unbound config.status 1.6.6 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Modified: head/contrib/unbound/configure.ac ============================================================================== --- head/contrib/unbound/configure.ac Sat May 12 14:39:41 2018 (r333562) +++ head/contrib/unbound/configure.ac Sat May 12 14:48:38 2018 (r333563) @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[6]) -m4_define([VERSION_MICRO],[5]) +m4_define([VERSION_MICRO],[6]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=7 -LIBUNBOUND_REVISION=4 +LIBUNBOUND_REVISION=5 LIBUNBOUND_AGE=5 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -74,6 +74,7 @@ LIBUNBOUND_AGE=5 # 1.6.3 had 7:2:5 # 1.6.4 had 7:3:5 # 1.6.5 had 7:4:5 +# 1.6.6 had 7:5:5 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -456,7 +457,9 @@ ub_have_pthreads=no if test x_$withval != x_no; then AX_PTHREAD([ AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]) - LIBS="$PTHREAD_LIBS $LIBS" + if test -n "$PTHREAD_LIBS"; then + LIBS="$PTHREAD_LIBS $LIBS" + fi CFLAGS="$CFLAGS $PTHREAD_CFLAGS" CC="$PTHREAD_CC" ub_have_pthreads=yes @@ -558,8 +561,16 @@ if test x_$ub_test_python != x_no; then AC_SUBST(PY_MAJOR_VERSION) # Have Python AC_DEFINE(HAVE_PYTHON,1,[Define if you have Python libraries and header files.]) - LIBS="$PYTHON_LDFLAGS $LIBS" - CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" + if test -n "$LIBS"; then + LIBS="$PYTHON_LDFLAGS $LIBS" + else + LIBS="$PYTHON_LDFLAGS" + fi + if test -n "$CPPFLAGS"; then + CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" + else + CPPFLAGS="$PYTHON_CPPFLAGS" + fi ub_have_python=yes PC_PY_DEPENDENCY="python" AC_SUBST(PC_PY_DEPENDENCY) @@ -912,10 +923,14 @@ case "$enable_dsa" in ;; *) # detect if DSA is supported, and turn it off if not. + if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then AC_CHECK_FUNC(DSA_SIG_new, [ AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.]) fi ]) + else + AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) + fi ;; esac @@ -927,13 +942,18 @@ case "$enable_ed25519" in *) if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then AC_CHECK_DECLS([NID_ED25519], [ - AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.]) use_ed25519="yes" ], [ if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.]) fi ], [AC_INCLUDES_DEFAULT #include <openssl/evp.h> ]) fi + if test $USE_NETTLE = "yes"; then + AC_CHECK_HEADERS([nettle/eddsa.h], use_ed25519="yes",, [AC_INCLUDES_DEFAULT]) + fi + if test $use_ed25519 = "yes"; then + AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.]) + fi ;; esac @@ -1106,7 +1126,12 @@ if test x_$enable_static_exe = x_yes; then if test "$on_mingw" = yes; then staticexe="-all-static" # for static compile, include gdi32 and zlib here. - LIBS="$LIBS -lgdi32 -lz" + if echo $LIBS | grep 'lgdi32' >/dev/null; then + : + else + LIBS="$LIBS -lgdi32" + fi + LIBS="$LIBS -lz" fi fi @@ -1448,7 +1473,12 @@ AC_SUBST(ALLTARGET) AC_SUBST(INSTALLTARGET) ACX_STRIP_EXT_FLAGS -LDFLAGS="$LATE_LDFLAGS $LDFLAGS" +if test -n "$LATE_LDFLAGS"; then + LDFLAGS="$LATE_LDFLAGS $LDFLAGS" +fi +# remove start spaces +LDFLAGS=`echo "$LDFLAGS"|sed -e 's/^ *//'` +LIBS=`echo "$LIBS"|sed -e 's/^ *//'` AC_DEFINE_UNQUOTED([MAXSYSLOGMSGLEN], [10240], [Define to the maximum message length to pass to syslog.]) Modified: head/contrib/unbound/contrib/fastrpz.patch ============================================================================== --- head/contrib/unbound/contrib/fastrpz.patch Sat May 12 14:39:41 2018 (r333562) +++ head/contrib/unbound/contrib/fastrpz.patch Sat May 12 14:48:38 2018 (r333563) @@ -3263,15 +3263,15 @@ diff -u --unidirectional-new-file -r1.1 ./util/configp %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT %token VAR_DISABLE_DNSSEC_LAME_CHECK -@@ -150,7 +151,7 @@ +@@ -153,7 +154,7 @@ toplevelvar: serverstart contents_server | stubstart contents_stub | forwardstart contents_forward | pythonstart contents_py | rcstart contents_rc | dtstart contents_dt | viewstart - contents_view | + contents_view | rpzstart contents_rpz | - dnscstart contents_dnsc + dnscstart contents_dnsc | + cachedbstart contents_cachedb ; - @@ -2160,6 +2161,50 @@ (strcmp($2, "yes")==0); } Modified: head/contrib/unbound/daemon/daemon.c ============================================================================== --- head/contrib/unbound/daemon/daemon.c Sat May 12 14:39:41 2018 (r333562) +++ head/contrib/unbound/daemon/daemon.c Sat May 12 14:48:38 2018 (r333563) @@ -221,7 +221,9 @@ daemon_init(void) # ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); # endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) ERR_load_SSL_strings(); +#endif # ifdef USE_GOST (void)sldns_key_EVP_load_gost_id(); # endif @@ -239,7 +241,7 @@ daemon_init(void) # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) (void)SSL_library_init(); # else - (void)OPENSSL_init_ssl(0, NULL); + (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); # endif # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) if(!ub_openssl_lock_init()) @@ -421,8 +423,8 @@ daemon_create_workers(struct daemon* daemon) daemon->rand = ub_initstate(seed, NULL); if(!daemon->rand) fatal_exit("could not init random generator"); + hash_set_raninit((uint32_t)ub_random(daemon->rand)); } - hash_set_raninit((uint32_t)ub_random(daemon->rand)); shufport = (int*)calloc(65536, sizeof(int)); if(!shufport) fatal_exit("out of memory during daemon init"); @@ -690,6 +692,9 @@ daemon_cleanup(struct daemon* daemon) daemon->num = 0; #ifdef USE_DNSTAP dt_delete(daemon->dtenv); +#endif +#ifdef USE_DNSCRYPT + dnsc_delete(daemon->dnscenv); #endif daemon->cfg = NULL; } Modified: head/contrib/unbound/daemon/remote.c ============================================================================== --- head/contrib/unbound/daemon/remote.c Sat May 12 14:39:41 2018 (r333562) +++ head/contrib/unbound/daemon/remote.c Sat May 12 14:48:38 2018 (r333563) @@ -229,42 +229,10 @@ daemon_remote_create(struct config_file* cfg) free(rc); return NULL; } - /* no SSLv2, SSLv3 because has defects */ - if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) - != SSL_OP_NO_SSLv2){ - log_crypto_err("could not set SSL_OP_NO_SSLv2"); + if(!listen_sslctx_setup(rc->ctx)) { daemon_remote_delete(rc); return NULL; } - if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) - != SSL_OP_NO_SSLv3){ - log_crypto_err("could not set SSL_OP_NO_SSLv3"); - daemon_remote_delete(rc); - return NULL; - } -#if defined(SSL_OP_NO_TLSv1) && defined(SSL_OP_NO_TLSv1_1) - /* if we have tls 1.1 disable 1.0 */ - if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1) & SSL_OP_NO_TLSv1) - != SSL_OP_NO_TLSv1){ - log_crypto_err("could not set SSL_OP_NO_TLSv1"); - daemon_remote_delete(rc); - return NULL; - } -#endif -#if defined(SSL_OP_NO_TLSv1_1) && defined(SSL_OP_NO_TLSv1_2) - /* if we have tls 1.2 disable 1.1 */ - if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1_1) & SSL_OP_NO_TLSv1_1) - != SSL_OP_NO_TLSv1_1){ - log_crypto_err("could not set SSL_OP_NO_TLSv1_1"); - daemon_remote_delete(rc); - return NULL; - } -#endif -#if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA) - /* if we have sha256, set the cipher list to have no known vulns */ - if(!SSL_CTX_set_cipher_list(rc->ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256")) - log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list"); -#endif if (cfg->remote_control_use_cert == 0) { /* No certificates are requested */ @@ -314,23 +282,7 @@ daemon_remote_create(struct config_file* cfg) log_crypto_err("Error in SSL_CTX check_private_key"); goto setup_error; } -#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO - if(!SSL_CTX_set_ecdh_auto(rc->ctx,1)) { - log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE"); - } -#elif defined(USE_ECDSA) - if(1) { - EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1); - if (!ecdh) { - log_crypto_err("could not find p256, not enabling ECDHE"); - } else { - if (1 != SSL_CTX_set_tmp_ecdh (rc->ctx, ecdh)) { - log_crypto_err("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE"); - } - EC_KEY_free (ecdh); - } - } -#endif + listen_sslctx_setup_2(rc->ctx); if(!SSL_CTX_load_verify_locations(rc->ctx, s_cert, NULL)) { log_crypto_err("Error setting up SSL_CTX verify locations"); setup_error: @@ -415,7 +367,7 @@ add_open(const char* ip, int nr, struct listen_port** if (cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1) { if(chown(ip, cfg_uid, cfg_gid) == -1) - log_err("cannot chown %u.%u %s: %s", + verbose(VERB_QUERY, "cannot chown %u.%u %s: %s", (unsigned)cfg_uid, (unsigned)cfg_gid, ip, strerror(errno)); } @@ -841,7 +793,7 @@ print_stats(SSL* ssl, const char* nm, struct ub_stats_ static int print_thread_stats(SSL* ssl, int i, struct ub_stats_info* s) { - char nm[16]; + char nm[32]; snprintf(nm, sizeof(nm), "thread%d", i); nm[sizeof(nm)-1]=0; return print_stats(ssl, nm, s); @@ -873,6 +825,9 @@ print_mem(SSL* ssl, struct worker* worker, struct daem #ifdef USE_IPSECMOD size_t ipsecmod = 0; #endif /* USE_IPSECMOD */ +#ifdef USE_DNSCRYPT + size_t dnscrypt_shared_secret = 0; +#endif /* USE_DNSCRYPT */ msg = slabhash_get_mem(daemon->env->msg_cache); rrset = slabhash_get_mem(&daemon->env->rrset_cache->table); val = mod_get_mem(&worker->env, "validator"); @@ -884,6 +839,12 @@ print_mem(SSL* ssl, struct worker* worker, struct daem #ifdef USE_IPSECMOD ipsecmod = mod_get_mem(&worker->env, "ipsecmod"); #endif /* USE_IPSECMOD */ +#ifdef USE_DNSCRYPT + if(daemon->dnscenv) { + dnscrypt_shared_secret = slabhash_get_mem( + daemon->dnscenv->shared_secrets_cache); + } +#endif /* USE_DNSCRYPT */ if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset)) return 0; @@ -903,6 +864,11 @@ print_mem(SSL* ssl, struct worker* worker, struct daem if(!print_longnum(ssl, "mem.mod.ipsecmod"SQ, ipsecmod)) return 0; #endif /* USE_IPSECMOD */ +#ifdef USE_DNSCRYPT + if(!print_longnum(ssl, "mem.cache.dnscrypt_shared_secret"SQ, + dnscrypt_shared_secret)) + return 0; +#endif /* USE_DNSCRYPT */ return 1; } @@ -1065,6 +1031,9 @@ print_ext(SSL* ssl, struct ub_stats_info* s) if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%lu\n", (unsigned long)s->svr.ans_rcode_nodata)) return 0; } + /* iteration */ + if(!ssl_printf(ssl, "num.query.ratelimited"SQ"%lu\n", + (unsigned long)s->svr.queries_ratelimited)) return 0; /* validation */ if(!ssl_printf(ssl, "num.answer.secure"SQ"%lu\n", (unsigned long)s->svr.ans_secure)) return 0; @@ -1086,6 +1055,12 @@ print_ext(SSL* ssl, struct ub_stats_info* s) (unsigned)s->svr.infra_cache_count)) return 0; if(!ssl_printf(ssl, "key.cache.count"SQ"%u\n", (unsigned)s->svr.key_cache_count)) return 0; +#ifdef USE_DNSCRYPT + if(!ssl_printf(ssl, "dnscrypt_shared_secret.cache.count"SQ"%u\n", + (unsigned)s->svr.shared_secret_cache_count)) return 0; + if(!ssl_printf(ssl, "num.query.dnscrypt.shared_secret.cachemiss"SQ"%lu\n", + (unsigned long)s->svr.num_query_dnscrypt_secret_missed_cache)) return 0; +#endif /* USE_DNSCRYPT */ return 1; } @@ -2389,10 +2364,16 @@ dump_infra_host(struct lruhash_entry* e, void* arg) struct infra_data* d = (struct infra_data*)e->data; char ip_str[1024]; char name[257]; + int port; if(a->ssl_failed) return; addr_to_str(&k->addr, k->addrlen, ip_str, sizeof(ip_str)); *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201805121448.w4CEmcmD006208>