Date: Wed, 10 Oct 2018 08:53:48 +0000 (UTC) From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r339278 - in head/contrib/unbound: . contrib daemon doc iterator libunbound respip services services/cache sldns smallapp util util/data validator Message-ID: <201810100853.w9A8rm1X096218@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Wed Oct 10 08:53:47 2018 New Revision: 339278 URL: https://svnweb.freebsd.org/changeset/base/339278 Log: Upgrade to 1.8.1. Approved by: re (kib) Modified: head/contrib/unbound/config.h head/contrib/unbound/config.h.in head/contrib/unbound/configure head/contrib/unbound/configure.ac head/contrib/unbound/contrib/fastrpz.patch head/contrib/unbound/daemon/daemon.c head/contrib/unbound/daemon/remote.c head/contrib/unbound/daemon/unbound.c head/contrib/unbound/daemon/worker.c head/contrib/unbound/doc/Changelog head/contrib/unbound/doc/README head/contrib/unbound/doc/example.conf head/contrib/unbound/doc/example.conf.in head/contrib/unbound/doc/libunbound.3 head/contrib/unbound/doc/libunbound.3.in head/contrib/unbound/doc/unbound-anchor.8 head/contrib/unbound/doc/unbound-anchor.8.in head/contrib/unbound/doc/unbound-checkconf.8 head/contrib/unbound/doc/unbound-checkconf.8.in head/contrib/unbound/doc/unbound-control.8 head/contrib/unbound/doc/unbound-control.8.in head/contrib/unbound/doc/unbound-host.1 head/contrib/unbound/doc/unbound-host.1.in head/contrib/unbound/doc/unbound.8 head/contrib/unbound/doc/unbound.8.in head/contrib/unbound/doc/unbound.conf.5 head/contrib/unbound/doc/unbound.conf.5.in head/contrib/unbound/iterator/iter_scrub.c head/contrib/unbound/iterator/iterator.c head/contrib/unbound/libunbound/context.c head/contrib/unbound/libunbound/libunbound.c head/contrib/unbound/libunbound/libworker.c head/contrib/unbound/respip/respip.c head/contrib/unbound/services/authzone.c head/contrib/unbound/services/cache/infra.c head/contrib/unbound/services/outside_network.c head/contrib/unbound/sldns/sbuffer.h head/contrib/unbound/smallapp/unbound-anchor.c head/contrib/unbound/smallapp/unbound-control.c head/contrib/unbound/util/config_file.c head/contrib/unbound/util/config_file.h head/contrib/unbound/util/data/msgencode.c head/contrib/unbound/util/data/msgreply.c head/contrib/unbound/util/iana_ports.inc head/contrib/unbound/util/log.h head/contrib/unbound/validator/autotrust.c head/contrib/unbound/validator/val_nsec3.c head/contrib/unbound/validator/val_secalgo.c Directory Properties: head/contrib/unbound/ (props changed) Modified: head/contrib/unbound/config.h ============================================================================== --- head/contrib/unbound/config.h Wed Oct 10 08:20:14 2018 (r339277) +++ head/contrib/unbound/config.h Wed Oct 10 08:53:47 2018 (r339278) @@ -1,6 +1,12 @@ /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ +/* apply the noreturn attribute to a function that exits the program */ +#define ATTR_NORETURN __attribute__((__noreturn__)) + +/* apply the weak attribute to a symbol */ +#define ATTR_WEAK __attribute__((weak)) + /* Directory to chroot to */ #define CHROOT_DIR "/var/unbound" @@ -46,6 +52,9 @@ /* Whether the C compiler accepts the "format" attribute */ #define HAVE_ATTR_FORMAT 1 +/* Whether the C compiler accepts the "noreturn" attribute */ +#define HAVE_ATTR_NORETURN 1 + /* Whether the C compiler accepts the "unused" attribute */ #define HAVE_ATTR_UNUSED 1 @@ -59,7 +68,7 @@ #define HAVE_CHROOT 1 /* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ -#define HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1 +/* #undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA */ /* Define to 1 if you have the `ctime_r' function. */ #define HAVE_CTIME_R 1 @@ -85,11 +94,11 @@ /* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you don't. */ -#define HAVE_DECL_NID_ED25519 0 +#define HAVE_DECL_NID_ED25519 1 /* Define to 1 if you have the declaration of `NID_ED448', and to 0 if you don't. */ -#define HAVE_DECL_NID_ED448 0 +#define HAVE_DECL_NID_ED448 1 /* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you don't. */ @@ -135,7 +144,7 @@ #define HAVE_DLFCN_H 1 /* Define to 1 if you have the `DSA_SIG_set0' function. */ -/* #undef HAVE_DSA_SIG_SET0 */ +#define HAVE_DSA_SIG_SET0 1 /* Define to 1 if you have the <endian.h> header file. */ /* #undef HAVE_ENDIAN_H */ @@ -150,10 +159,10 @@ #define HAVE_ENDSERVENT 1 /* Define to 1 if you have the `ERR_free_strings' function. */ -#define HAVE_ERR_FREE_STRINGS 1 +/* #undef HAVE_ERR_FREE_STRINGS */ /* Define to 1 if you have the `ERR_load_crypto_strings' function. */ -#define HAVE_ERR_LOAD_CRYPTO_STRINGS 1 +/* #undef HAVE_ERR_LOAD_CRYPTO_STRINGS */ /* Define to 1 if you have the `event_base_free' function. */ /* #undef HAVE_EVENT_BASE_FREE */ @@ -171,16 +180,16 @@ /* #undef HAVE_EVENT_H */ /* Define to 1 if you have the `EVP_cleanup' function. */ -#define HAVE_EVP_CLEANUP 1 +/* #undef HAVE_EVP_CLEANUP */ /* Define to 1 if you have the `EVP_DigestVerify' function. */ -/* #undef HAVE_EVP_DIGESTVERIFY */ +#define HAVE_EVP_DIGESTVERIFY 1 /* Define to 1 if you have the `EVP_dss1' function. */ -#define HAVE_EVP_DSS1 1 +/* #undef HAVE_EVP_DSS1 */ /* Define to 1 if you have the `EVP_MD_CTX_new' function. */ -/* #undef HAVE_EVP_MD_CTX_NEW */ +#define HAVE_EVP_MD_CTX_NEW 1 /* Define to 1 if you have the `EVP_sha1' function. */ #define HAVE_EVP_SHA1 1 @@ -200,6 +209,9 @@ /* Define to 1 if you have the <expat.h> header file. */ #define HAVE_EXPAT_H 1 +/* Define to 1 if you have the `explicit_bzero' function. */ +#define HAVE_EXPLICIT_BZERO 1 + /* Define to 1 if you have the `fcntl' function. */ #define HAVE_FCNTL 1 @@ -321,7 +333,7 @@ /* #undef HAVE_NSS */ /* Define to 1 if you have the `OpenSSL_add_all_digests' function. */ -#define HAVE_OPENSSL_ADD_ALL_DIGESTS 1 +/* #undef HAVE_OPENSSL_ADD_ALL_DIGESTS */ /* Define to 1 if you have the <openssl/bn.h> header file. */ #define HAVE_OPENSSL_BN_H 1 @@ -345,10 +357,10 @@ #define HAVE_OPENSSL_ERR_H 1 /* Define to 1 if you have the `OPENSSL_init_crypto' function. */ -/* #undef HAVE_OPENSSL_INIT_CRYPTO */ +#define HAVE_OPENSSL_INIT_CRYPTO 1 /* Define to 1 if you have the `OPENSSL_init_ssl' function. */ -/* #undef HAVE_OPENSSL_INIT_SSL */ +#define HAVE_OPENSSL_INIT_SSL 1 /* Define to 1 if you have the <openssl/rand.h> header file. */ #define HAVE_OPENSSL_RAND_H 1 @@ -381,7 +393,7 @@ #define HAVE_RANDOM 1 /* Define to 1 if you have the `RAND_cleanup' function. */ -#define HAVE_RAND_CLEANUP 1 +/* #undef HAVE_RAND_CLEANUP */ /* Define to 1 if you have the `reallocarray' function. */ #define HAVE_REALLOCARRAY 1 @@ -441,13 +453,13 @@ #define HAVE_SSL /**/ /* Define to 1 if you have the `SSL_CTX_set_security_level' function. */ -/* #undef HAVE_SSL_CTX_SET_SECURITY_LEVEL */ +#define HAVE_SSL_CTX_SET_SECURITY_LEVEL 1 /* Define to 1 if you have the `SSL_get0_peername' function. */ -/* #undef HAVE_SSL_GET0_PEERNAME */ +#define HAVE_SSL_GET0_PEERNAME 1 /* Define to 1 if you have the `SSL_set1_host' function. */ -/* #undef HAVE_SSL_SET1_HOST */ +#define HAVE_SSL_SET1_HOST 1 /* Define to 1 if you have the <stdarg.h> header file. */ #define HAVE_STDARG_H 1 @@ -631,7 +643,7 @@ #define PACKAGE_NAME "unbound" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "unbound 1.8.0" +#define PACKAGE_STRING "unbound 1.8.1" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "unbound" @@ -640,7 +652,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.8.0" +#define PACKAGE_VERSION "1.8.1" /* default pidfile location */ #define PIDFILE "/var/unbound/unbound.pid" @@ -659,7 +671,7 @@ #define ROOT_CERT_FILE "/var/unbound/icannbundle.pem" /* version number for resource files */ -#define RSRC_PACKAGE_VERSION 1,8,0,0 +#define RSRC_PACKAGE_VERSION 1,8,1,0 /* Directory to chdir to */ #define RUN_DIR "/var/unbound" @@ -722,13 +734,13 @@ /* #undef USE_ECDSA_EVP_WORKAROUND */ /* Define this to enable ED25519 support. */ -/* #undef USE_ED25519 */ +#define USE_ED25519 1 /* Define this to enable ED448 support. */ -/* #undef USE_ED448 */ +#define USE_ED448 1 /* Define this to enable GOST support. */ -#define USE_GOST 1 +/* #undef USE_GOST */ /* Define to 1 to use ipsecmod support. */ /* #undef USE_IPSECMOD */ @@ -1145,6 +1157,11 @@ char *strsep(char **stringp, const char *delim); int isblank(int c); #endif +#ifndef HAVE_EXPLICIT_BZERO +#define explicit_bzero unbound_explicit_bzero +void explicit_bzero(void* buf, size_t len); +#endif + #if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP const char *inet_ntop(int af, const void *src, char *dst, size_t size); #endif @@ -1177,7 +1194,6 @@ void *reallocarray(void *ptr, size_t nmemb, size_t siz # endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM -void explicit_bzero(void* buf, size_t len); int getentropy(void* buf, size_t len); uint32_t arc4random(void); void arc4random_buf(void* buf, size_t n); Modified: head/contrib/unbound/config.h.in ============================================================================== --- head/contrib/unbound/config.h.in Wed Oct 10 08:20:14 2018 (r339277) +++ head/contrib/unbound/config.h.in Wed Oct 10 08:53:47 2018 (r339278) @@ -1,5 +1,11 @@ /* config.h.in. Generated from configure.ac by autoheader. */ +/* apply the noreturn attribute to a function that exits the program */ +#undef ATTR_NORETURN + +/* apply the weak attribute to a symbol */ +#undef ATTR_WEAK + /* Directory to chroot to */ #undef CHROOT_DIR @@ -45,6 +51,9 @@ /* Whether the C compiler accepts the "format" attribute */ #undef HAVE_ATTR_FORMAT +/* Whether the C compiler accepts the "noreturn" attribute */ +#undef HAVE_ATTR_NORETURN + /* Whether the C compiler accepts the "unused" attribute */ #undef HAVE_ATTR_UNUSED @@ -199,6 +208,9 @@ /* Define to 1 if you have the <expat.h> header file. */ #undef HAVE_EXPAT_H +/* Define to 1 if you have the `explicit_bzero' function. */ +#undef HAVE_EXPLICIT_BZERO + /* Define to 1 if you have the `fcntl' function. */ #undef HAVE_FCNTL @@ -1144,6 +1156,11 @@ char *strsep(char **stringp, const char *delim); int isblank(int c); #endif +#ifndef HAVE_EXPLICIT_BZERO +#define explicit_bzero unbound_explicit_bzero +void explicit_bzero(void* buf, size_t len); +#endif + #if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP const char *inet_ntop(int af, const void *src, char *dst, size_t size); #endif @@ -1176,7 +1193,6 @@ void *reallocarray(void *ptr, size_t nmemb, size_t siz # endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM -void explicit_bzero(void* buf, size_t len); int getentropy(void* buf, size_t len); uint32_t arc4random(void); void arc4random_buf(void* buf, size_t n); Modified: head/contrib/unbound/configure ============================================================================== --- head/contrib/unbound/configure Wed Oct 10 08:20:14 2018 (r339277) +++ head/contrib/unbound/configure Wed Oct 10 08:53:47 2018 (r339278) @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.8.0. +# Generated by GNU Autoconf 2.69 for unbound 1.8.1. # # Report bugs to <unbound-bugs@nlnetlabs.nl>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.8.0' -PACKAGE_STRING='unbound 1.8.0' +PACKAGE_VERSION='1.8.1' +PACKAGE_STRING='unbound 1.8.1' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -1440,7 +1440,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.8.0 to adapt to many kinds of systems. +\`configure' configures unbound 1.8.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1505,7 +1505,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.8.0:";; + short | recursive ) echo "Configuration of unbound 1.8.1:";; esac cat <<\_ACEOF @@ -1722,7 +1722,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.8.0 +unbound configure 1.8.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2431,7 +2431,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.8.0, which was +It was created by unbound $as_me 1.8.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2783,11 +2783,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=8 -UNBOUND_VERSION_MICRO=0 +UNBOUND_VERSION_MICRO=1 LIBUNBOUND_CURRENT=8 -LIBUNBOUND_REVISION=0 +LIBUNBOUND_REVISION=1 LIBUNBOUND_AGE=0 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2850,7 +2850,8 @@ LIBUNBOUND_AGE=0 # 1.7.1 had 7:9:5 # 1.7.2 had 7:10:5 # 1.7.3 had 7:11:5 -# 1.7.4 had 8:0:0 # changes the event callback function signature +# 1.8.0 had 8:0:0 # changes the event callback function signature +# 1.8.1 had 8:1:0 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -6265,9 +6266,57 @@ if test $ac_cv_c_weak_attribute = yes; then $as_echo "#define HAVE_ATTR_WEAK 1" >>confdefs.h + +$as_echo "#define ATTR_WEAK __attribute__((weak))" >>confdefs.h + fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler (${CC-cc}) accepts the \"noreturn\" attribute" >&5 +$as_echo_n "checking whether the C compiler (${CC-cc}) accepts the \"noreturn\" attribute... " >&6; } +if ${ac_cv_c_noreturn_attribute+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_noreturn_attribute=no +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include <stdio.h> +__attribute__((noreturn)) void f(int x) { printf("%d", x); } + +int +main () +{ + + f(1); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_noreturn_attribute="yes" +else + ac_cv_c_noreturn_attribute="no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_noreturn_attribute" >&5 +$as_echo "$ac_cv_c_noreturn_attribute" >&6; } +if test $ac_cv_c_noreturn_attribute = yes; then + +$as_echo "#define HAVE_ATTR_NORETURN 1" >>confdefs.h + + +$as_echo "#define ATTR_NORETURN __attribute__((__noreturn__))" >>confdefs.h + +fi + + if test "$srcdir" != "."; then CPPFLAGS="$CPPFLAGS -I$srcdir" fi @@ -20033,6 +20082,20 @@ esac fi +ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero" +if test "x$ac_cv_func_explicit_bzero" = xyes; then : + $as_echo "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h + +else + case " $LIBOBJS " in + *" explicit_bzero.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS explicit_bzero.$ac_objext" + ;; +esac + +fi + + LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray" @@ -20080,12 +20143,6 @@ fi if test "$ac_cv_func_arc4random" = "no"; then case " $LIBOBJS " in - *" explicit_bzero.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS explicit_bzero.$ac_objext" - ;; -esac - - case " $LIBOBJS " in *" arc4_lock.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS arc4_lock.$ac_objext" ;; @@ -21077,7 +21134,7 @@ _ACEOF -version=1.8.0 +version=1.8.1 date=`date +'%b %e, %Y'` @@ -21596,7 +21653,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.8.0, which was +This file was extended by unbound $as_me 1.8.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21662,7 +21719,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.8.0 +unbound config.status 1.8.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Modified: head/contrib/unbound/configure.ac ============================================================================== --- head/contrib/unbound/configure.ac Wed Oct 10 08:20:14 2018 (r339277) +++ head/contrib/unbound/configure.ac Wed Oct 10 08:53:47 2018 (r339278) @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[8]) -m4_define([VERSION_MICRO],[0]) +m4_define([VERSION_MICRO],[1]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=8 -LIBUNBOUND_REVISION=0 +LIBUNBOUND_REVISION=1 LIBUNBOUND_AGE=0 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -81,7 +81,8 @@ LIBUNBOUND_AGE=0 # 1.7.1 had 7:9:5 # 1.7.2 had 7:10:5 # 1.7.3 had 7:11:5 -# 1.7.4 had 8:0:0 # changes the event callback function signature +# 1.8.0 had 8:0:0 # changes the event callback function signature +# 1.8.1 had 8:1:0 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -310,11 +311,36 @@ __attribute__((weak)) void f(int x) { printf("%d", x); AC_MSG_RESULT($ac_cv_c_weak_attribute) if test $ac_cv_c_weak_attribute = yes; then AC_DEFINE(HAVE_ATTR_WEAK, 1, [Whether the C compiler accepts the "weak" attribute]) + AC_DEFINE(ATTR_WEAK, [__attribute__((weak))], [apply the weak attribute to a symbol]) fi ])dnl End of CHECK_WEAK_ATTRIBUTE CHECK_WEAK_ATTRIBUTE +AC_DEFUN([CHECK_NORETURN_ATTRIBUTE], +[AC_REQUIRE([AC_PROG_CC]) +AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "noreturn" attribute) +AC_CACHE_VAL(ac_cv_c_noreturn_attribute, +[ac_cv_c_noreturn_attribute=no +AC_TRY_COMPILE( +[ #include <stdio.h> +__attribute__((noreturn)) void f(int x) { printf("%d", x); } +], [ + f(1); +], +[ac_cv_c_noreturn_attribute="yes"], +[ac_cv_c_noreturn_attribute="no"]) +]) + +AC_MSG_RESULT($ac_cv_c_noreturn_attribute) +if test $ac_cv_c_noreturn_attribute = yes; then + AC_DEFINE(HAVE_ATTR_NORETURN, 1, [Whether the C compiler accepts the "noreturn" attribute]) + AC_DEFINE(ATTR_NORETURN, [__attribute__((__noreturn__))], [apply the noreturn attribute to a function that exits the program]) +fi +])dnl End of CHECK_NORETURN_ATTRIBUTE + +CHECK_NORETURN_ATTRIBUTE + if test "$srcdir" != "."; then CPPFLAGS="$CPPFLAGS -I$srcdir" fi @@ -1396,6 +1422,7 @@ AC_REPLACE_FUNCS(strlcpy) AC_REPLACE_FUNCS(memmove) AC_REPLACE_FUNCS(gmtime_r) AC_REPLACE_FUNCS(isblank) +AC_REPLACE_FUNCS(explicit_bzero) dnl without CTIME, ARC4-functions and without reallocarray. LIBOBJ_WITHOUT_CTIMEARC4="$LIBOBJS" AC_SUBST(LIBOBJ_WITHOUT_CTIMEARC4) @@ -1404,7 +1431,6 @@ if test "$USE_NSS" = "no"; then AC_REPLACE_FUNCS(arc4random) AC_REPLACE_FUNCS(arc4random_uniform) if test "$ac_cv_func_arc4random" = "no"; then - AC_LIBOBJ(explicit_bzero) AC_LIBOBJ(arc4_lock) AC_CHECK_FUNCS([getentropy],,[ if test "$USE_WINSOCK" = 1; then @@ -1729,6 +1755,11 @@ char *strsep(char **stringp, const char *delim); int isblank(int c); #endif +#ifndef HAVE_EXPLICIT_BZERO +#define explicit_bzero unbound_explicit_bzero +void explicit_bzero(void* buf, size_t len); +#endif + #if defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP const char *inet_ntop(int af, const void *src, char *dst, size_t size); #endif @@ -1761,7 +1792,6 @@ void *reallocarray(void *ptr, size_t nmemb, size_t siz # endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM -void explicit_bzero(void* buf, size_t len); int getentropy(void* buf, size_t len); uint32_t arc4random(void); void arc4random_buf(void* buf, size_t n); Modified: head/contrib/unbound/contrib/fastrpz.patch ============================================================================== --- head/contrib/unbound/contrib/fastrpz.patch Wed Oct 10 08:20:14 2018 (r339277) +++ head/contrib/unbound/contrib/fastrpz.patch Wed Oct 10 08:53:47 2018 (r339278) @@ -1,15 +1,11 @@ Description: based on the included patch contrib/fastrpz.patch Author: fastrpz@farsightsecurity.com --- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: unboundfastrpz/Makefile.in =================================================================== -RCS file: ./RCS/Makefile.in,v -retrieving revision 1.1 -Index: unbound-1.7.0~rc1/Makefile.in -=================================================================== ---- unbound-1.7.0~rc1.orig/Makefile.in -+++ unbound-1.7.0~rc1/Makefile.in -@@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c +--- unboundfastrpz/Makefile.in (revision 4923) ++++ unboundfastrpz/Makefile.in (working copy) +@@ -23,6 +23,8 @@ CHECKLOCK_OBJ=@CHECKLOCK_OBJ@ DNSTAP_SRC=@DNSTAP_SRC@ DNSTAP_OBJ=@DNSTAP_OBJ@ @@ -18,7 +14,7 @@ Index: unbound-1.7.0~rc1/Makefile.in DNSCRYPT_SRC=@DNSCRYPT_SRC@ DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ -@@ -125,7 +127,7 @@ validator/val_sigcrypt.c validator/val_u +@@ -126,7 +128,7 @@ edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ @@ -27,16 +23,16 @@ Index: unbound-1.7.0~rc1/Makefile.in COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ -@@ -137,7 +139,7 @@ slabhash.lo timehist.lo tube.lo winsock_ +@@ -139,7 +141,7 @@ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ - val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo\ + val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ -$(IPSECMOD_OBJ) respip.lo +$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo -@@ -400,6 +402,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscry +@@ -405,6 +407,11 @@ $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h @@ -48,11 +44,11 @@ Index: unbound-1.7.0~rc1/Makefile.in # Python Module pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ -Index: unbound-1.7.0~rc1/config.h.in +Index: unboundfastrpz/config.h.in =================================================================== ---- unbound-1.7.0~rc1.orig/config.h.in -+++ unbound-1.7.0~rc1/config.h.in -@@ -1228,4 +1228,11 @@ void *unbound_stat_realloc_log(void *ptr +--- unboundfastrpz/config.h.in (revision 4923) ++++ unboundfastrpz/config.h.in (working copy) +@@ -1272,4 +1272,11 @@ /** the version of unbound-control that this software implements */ #define UNBOUND_CONTROL_VERSION 1 @@ -65,11 +61,11 @@ Index: unbound-1.7.0~rc1/config.h.in +#undef FASTRPZ_LIB_OPEN +/** turn on fastrpz response policy zones */ +#undef ENABLE_FASTRPZ -Index: unbound-1.7.0~rc1/configure.ac +Index: unboundfastrpz/configure.ac =================================================================== ---- unbound-1.7.0~rc1.orig/configure.ac -+++ unbound-1.7.0~rc1/configure.ac -@@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) +--- unboundfastrpz/configure.ac (revision 4923) ++++ unboundfastrpz/configure.ac (working copy) +@@ -6,6 +6,7 @@ sinclude(acx_python.m4) sinclude(ac_pkg_swig.m4) sinclude(dnstap/dnstap.m4) @@ -77,7 +73,7 @@ Index: unbound-1.7.0~rc1/configure.ac sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing -@@ -1453,6 +1454,9 @@ case "$enable_ipsecmod" in +@@ -1565,6 +1566,9 @@ ;; esac @@ -87,11 +83,11 @@ Index: unbound-1.7.0~rc1/configure.ac AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). -Index: unbound-1.7.0~rc1/daemon/daemon.c +Index: unboundfastrpz/daemon/daemon.c =================================================================== ---- unbound-1.7.0~rc1.orig/daemon/daemon.c -+++ unbound-1.7.0~rc1/daemon/daemon.c -@@ -90,6 +90,9 @@ +--- unboundfastrpz/daemon/daemon.c (revision 4923) ++++ unboundfastrpz/daemon/daemon.c (working copy) +@@ -91,6 +91,9 @@ #include "sldns/keyraw.h" #include "respip/respip.h" #include <signal.h> @@ -101,7 +97,7 @@ Index: unbound-1.7.0~rc1/daemon/daemon.c #ifdef HAVE_SYSTEMD #include <systemd/sd-daemon.h> -@@ -461,6 +464,14 @@ daemon_create_workers(struct daemon* dae +@@ -462,6 +465,14 @@ fatal_exit("dnstap enabled in config but not built with dnstap support"); #endif } @@ -116,9 +112,9 @@ Index: unbound-1.7.0~rc1/daemon/daemon.c for(i=0; i<daemon->num; i++) { if(!(daemon->workers[i] = worker_create(daemon, i, shufport+numport*i/daemon->num, -@@ -710,6 +721,9 @@ daemon_cleanup(struct daemon* daemon) - #ifdef USE_DNSCRYPT +@@ -719,6 +730,9 @@ dnsc_delete(daemon->dnscenv); + daemon->dnscenv = NULL; #endif +#ifdef ENABLE_FASTRPZ + rpz_delete(&daemon->rpz_clist, &daemon->rpz_client); @@ -126,11 +122,11 @@ Index: unbound-1.7.0~rc1/daemon/daemon.c daemon->cfg = NULL; } -Index: unbound-1.7.0~rc1/daemon/daemon.h +Index: unboundfastrpz/daemon/daemon.h =================================================================== ---- unbound-1.7.0~rc1.orig/daemon/daemon.h -+++ unbound-1.7.0~rc1/daemon/daemon.h -@@ -134,6 +134,11 @@ struct daemon { +--- unboundfastrpz/daemon/daemon.h (revision 4923) ++++ unboundfastrpz/daemon/daemon.h (working copy) +@@ -136,6 +136,11 @@ /** the dnscrypt environment */ struct dnsc_env* dnscenv; #endif @@ -142,11 +138,11 @@ Index: unbound-1.7.0~rc1/daemon/daemon.h }; /** -Index: unbound-1.7.0~rc1/daemon/worker.c +Index: unboundfastrpz/daemon/worker.c =================================================================== ---- unbound-1.7.0~rc1.orig/daemon/worker.c -+++ unbound-1.7.0~rc1/daemon/worker.c -@@ -74,6 +74,9 @@ +--- unboundfastrpz/daemon/worker.c (revision 4923) ++++ unboundfastrpz/daemon/worker.c (working copy) +@@ -75,6 +75,9 @@ #include "libunbound/context.h" #include "libunbound/libworker.h" #include "sldns/sbuffer.h" @@ -156,7 +152,7 @@ Index: unbound-1.7.0~rc1/daemon/worker.c #include "sldns/wire2str.h" #include "util/shm_side/shm_main.h" #include "dnscrypt/dnscrypt.h" -@@ -527,8 +530,27 @@ answer_norec_from_cache(struct worker* w +@@ -533,8 +536,27 @@ /* not secure */ secure = 0; break; @@ -182,9 +178,9 @@ Index: unbound-1.7.0~rc1/daemon/worker.c + } +#endif /* return this delegation from the cache */ + edns_bak = *edns; edns->edns_version = EDNS_ADVERTISED_VERSION; - edns->udp_size = EDNS_ADVERTISED_SIZE; -@@ -689,6 +711,23 @@ answer_from_cache(struct worker* worker, +@@ -702,6 +724,23 @@ secure = 0; } } else secure = 0; @@ -206,9 +202,9 @@ Index: unbound-1.7.0~rc1/daemon/worker.c + } +#endif + edns_bak = *edns; edns->edns_version = EDNS_ADVERTISED_VERSION; - edns->udp_size = EDNS_ADVERTISED_SIZE; -@@ -1291,6 +1330,15 @@ worker_handle_request(struct comm_point* +@@ -1407,6 +1446,15 @@ log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", &repinfo->addr, repinfo->addrlen); goto send_reply; @@ -224,7 +220,7 @@ Index: unbound-1.7.0~rc1/daemon/worker.c } /* If we've found a local alias, replace the qname with the alias -@@ -1339,12 +1387,21 @@ lookup_cache: +@@ -1455,12 +1503,21 @@ h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { /* answer from cache - we have acquired a readlock on it */ @@ -248,7 +244,7 @@ Index: unbound-1.7.0~rc1/daemon/worker.c /* prefetch it if the prefetch TTL expired. * Note that if there is more than one pass * its qname must be that used for cache -@@ -1398,11 +1455,19 @@ lookup_cache: +@@ -1514,11 +1571,19 @@ lock_rw_unlock(&e->lock); } if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { @@ -270,11 +266,11 @@ Index: unbound-1.7.0~rc1/daemon/worker.c goto send_reply; } verbose(VERB_ALGO, "answer norec from cache -- " -Index: unbound-1.7.0~rc1/doc/unbound.conf.5.in +Index: unboundfastrpz/doc/unbound.conf.5.in =================================================================== ---- unbound-1.7.0~rc1.orig/doc/unbound.conf.5.in -+++ unbound-1.7.0~rc1/doc/unbound.conf.5.in -@@ -1705,6 +1705,81 @@ It must be /96 or shorter. The default +--- unboundfastrpz/doc/unbound.conf.5.in (revision 4923) ++++ unboundfastrpz/doc/unbound.conf.5.in (working copy) +@@ -1728,6 +1728,81 @@ used by dns64 processing instead. Can be entered multiple times, list a new domain for which it applies, one per line. Applies also to names underneath the name given. @@ -356,10 +352,10 @@ Index: unbound-1.7.0~rc1/doc/unbound.conf.5.in .SS "DNSCrypt Options" .LP The -Index: unbound-1.7.0~rc1/fastrpz/librpz.h +Index: unboundfastrpz/fastrpz/librpz.h =================================================================== ---- /dev/null -+++ unbound-1.7.0~rc1/fastrpz/librpz.h +--- unboundfastrpz/fastrpz/librpz.h (nonexistent) ++++ unboundfastrpz/fastrpz/librpz.h (working copy) @@ -0,0 +1,957 @@ +/* + * Define the interface from a DNS resolver to the Response Policy Zone @@ -1318,11 +1314,11 @@ Index: unbound-1.7.0~rc1/fastrpz/librpz.h +#endif /* LIBRPZ_LIB_OPEN */ + +#endif /* LIBRPZ_H */ -Index: unbound-1.7.0~rc1/fastrpz/rpz.c +Index: unboundfastrpz/fastrpz/rpz.c =================================================================== ---- /dev/null -+++ unbound-1.7.0~rc1/fastrpz/rpz.c -@@ -0,0 +1,1357 @@ +--- unboundfastrpz/fastrpz/rpz.c (nonexistent) ++++ unboundfastrpz/fastrpz/rpz.c (working copy) +@@ -0,0 +1,1352 @@ +/* + * fastrpz/rpz.c - interface to the fastrpz response policy zone library + * @@ -1438,8 +1434,6 @@ Index: unbound-1.7.0~rc1/fastrpz/rpz.c +static void +log_fnc(librpz_log_level_t level, void* ATTR_UNUSED(ctx), const char* buf) +{ -+ char label_buf[sizeof("rpz ")+8]; -+ + /* Setting librpz_log_level overrides the unbound "verbose" level. */ + if(level > LIBRPZ_LOG_TRACE1 && + level <= librpz->log_level_val(LIBRPZ_LOG_INVALID)) @@ -1949,12 +1943,9 @@ Index: unbound-1.7.0~rc1/fastrpz/rpz.c + case st_ck_ns: + /* An NSDNAME or NSIP check failed for lack of cached data. */ + return false; -+#pragma clang diagnostic push -+#pragma clang diagnostic ignored "-Wunreachable-code" + default: + fatal_exit("impossible RPZ state %d in rpz_worker_cache()", + rpz->st); -+#pragma clang diagnostic pop + } + + /* Wait for a trigger. */ @@ -2680,10 +2671,10 @@ Index: unbound-1.7.0~rc1/fastrpz/rpz.c +} + +#endif /* ENABLE_FASTRPZ */ -Index: unbound-1.7.0~rc1/fastrpz/rpz.h +Index: unboundfastrpz/fastrpz/rpz.h =================================================================== ---- /dev/null -+++ unbound-1.7.0~rc1/fastrpz/rpz.h +--- unboundfastrpz/fastrpz/rpz.h (nonexistent) ++++ unboundfastrpz/fastrpz/rpz.h (working copy) @@ -0,0 +1,138 @@ +/* + * fastrpz/rpz.h - interface to the fastrpz response policy zone library @@ -2823,10 +2814,10 @@ Index: unbound-1.7.0~rc1/fastrpz/rpz.h + +#endif /* ENABLE_FASTRPZ */ +#endif /* UNBOUND_FASTRPZ_RPZ_H */ -Index: unbound-1.7.0~rc1/fastrpz/rpz.m4 +Index: unboundfastrpz/fastrpz/rpz.m4 =================================================================== ---- /dev/null -+++ unbound-1.7.0~rc1/fastrpz/rpz.m4 +--- unboundfastrpz/fastrpz/rpz.m4 (nonexistent) ++++ unboundfastrpz/fastrpz/rpz.m4 (working copy) @@ -0,0 +1,64 @@ +# fastrpz/rpz.m4 + @@ -2892,10 +2883,10 @@ Index: unbound-1.7.0~rc1/fastrpz/rpz.m4 + AC_MSG_WARN([[dlopen and librpz.so needed for fastrpz]]) + fi +]) -Index: unbound-1.7.0~rc1/iterator/iterator.c +Index: unboundfastrpz/iterator/iterator.c =================================================================== ---- unbound-1.7.0~rc1.orig/iterator/iterator.c -+++ unbound-1.7.0~rc1/iterator/iterator.c +--- unboundfastrpz/iterator/iterator.c (revision 4923) ++++ unboundfastrpz/iterator/iterator.c (working copy) @@ -68,6 +68,9 @@ #include "sldns/str2wire.h" #include "sldns/parseutil.h" @@ -2906,7 +2897,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c int iter_init(struct module_env* env, int id) -@@ -511,6 +514,23 @@ handle_cname_response(struct module_qsta +@@ -525,6 +528,23 @@ if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && query_dname_compare(*mname, r->rk.dname) == 0 && !iter_find_rrset_in_prepend_answer(iq, r)) { @@ -2930,7 +2921,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c /* Add this relevant CNAME rrset to the prepend list.*/ if(!iter_add_prepend_answer(qstate, iq, r)) return 0; -@@ -519,6 +539,9 @@ handle_cname_response(struct module_qsta +@@ -533,6 +553,9 @@ /* Other rrsets in the section are ignored. */ } @@ -2940,7 +2931,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets + msg->rep->ns_numrrsets; i++) { -@@ -1148,6 +1171,7 @@ processInitRequest(struct module_qstate* +@@ -1216,6 +1239,7 @@ uint8_t* delname; size_t delnamelen; struct dns_msg* msg = NULL; @@ -2948,7 +2939,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); /* check effort */ -@@ -1223,8 +1247,7 @@ processInitRequest(struct module_qstate* +@@ -1302,8 +1326,7 @@ } if(msg) { /* handle positive cache response */ @@ -2958,7 +2949,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c if(verbosity >= VERB_ALGO) { log_dns_msg("msg from cache lookup", &msg->qinfo, msg->rep); -@@ -1232,7 +1255,22 @@ processInitRequest(struct module_qstate* +@@ -1311,7 +1334,22 @@ (int)msg->rep->ttl, (int)msg->rep->prefetch_ttl); } @@ -2981,7 +2972,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c if(type == RESPONSE_TYPE_CNAME) { uint8_t* sname = 0; size_t slen = 0; -@@ -2552,6 +2590,62 @@ processQueryResponse(struct module_qstat +@@ -2716,6 +2754,62 @@ sock_list_insert(&qstate->reply_origin, &qstate->reply->addr, qstate->reply->addrlen, qstate->region); @@ -3041,10 +3032,10 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c + } + } +#endif - if(iq->minimisation_state != DONOT_MINIMISE_STATE) { + if(iq->minimisation_state != DONOT_MINIMISE_STATE + && !(iq->chase_flags & BIT_RD)) { if(FLAGS_GET_RCODE(iq->response->rep->flags) != - LDNS_RCODE_NOERROR) { -@@ -3273,12 +3367,44 @@ processFinished(struct module_qstate* qs +@@ -3462,6 +3556,10 @@ * but only if we did recursion. The nonrecursion referral * from cache does not need to be stored in the msg cache. */ if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { @@ -3055,6 +3046,7 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c iter_dns_store(qstate->env, &qstate->qinfo, iq->response->rep, 0, qstate->prefetch_leeway, iq->dp&&iq->dp->has_parent_side_NS, +@@ -3468,6 +3566,34 @@ qstate->region, qstate->query_flags); } } @@ -3089,11 +3081,11 @@ Index: unbound-1.7.0~rc1/iterator/iterator.c qstate->return_rcode = LDNS_RCODE_NOERROR; qstate->return_msg = iq->response; return 0; -Index: unbound-1.7.0~rc1/iterator/iterator.h +Index: unboundfastrpz/iterator/iterator.h =================================================================== ---- unbound-1.7.0~rc1.orig/iterator/iterator.h -+++ unbound-1.7.0~rc1/iterator/iterator.h -@@ -383,6 +383,16 @@ struct iter_qstate { +--- unboundfastrpz/iterator/iterator.h (revision 4923) ++++ unboundfastrpz/iterator/iterator.h (working copy) +@@ -386,6 +386,16 @@ */ int minimise_count; @@ -3110,11 +3102,11 @@ Index: unbound-1.7.0~rc1/iterator/iterator.h /** * Count number of time-outs. Used to prevent resolving failures when * the QNAME minimisation QTYPE is blocked. */ -Index: unbound-1.7.0~rc1/services/cache/dns.c +Index: unboundfastrpz/services/cache/dns.c =================================================================== ---- unbound-1.7.0~rc1.orig/services/cache/dns.c -+++ unbound-1.7.0~rc1/services/cache/dns.c -@@ -876,6 +876,14 @@ dns_cache_store(struct module_env* env, +--- unboundfastrpz/services/cache/dns.c (revision 4923) ++++ unboundfastrpz/services/cache/dns.c (working copy) +@@ -928,6 +928,14 @@ struct regional* region, uint32_t flags) { struct reply_info* rep = NULL; @@ -3129,11 +3121,11 @@ Index: unbound-1.7.0~rc1/services/cache/dns.c *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810100853.w9A8rm1X096218>