Author: des
Date: Sat May 12 14:48:38 2018
New Revision: 333563
URL: https://svnweb.freebsd.org/changeset/base/333563
Log:
Upgrade Unbound to 1.6.6. More to follow.
Added:
head/contrib/unbound/dnscrypt/dnscrypt_config.h (contents, props changed)
Modified:
head/contrib/unbound/Makefile.in
head/contrib/unbound/acx_nlnetlabs.m4
head/contrib/unbound/cachedb/cachedb.c
head/contrib/unbound/config.h
head/contrib/unbound/config.h.in
head/contrib/unbound/configure
head/contrib/unbound/configure.ac
head/contrib/unbound/contrib/fastrpz.patch
head/contrib/unbound/daemon/daemon.c
head/contrib/unbound/daemon/remote.c
head/contrib/unbound/daemon/stats.c
head/contrib/unbound/daemon/unbound.c
head/contrib/unbound/daemon/worker.c
head/contrib/unbound/dns64/dns64.c
head/contrib/unbound/dnscrypt/dnscrypt.c
head/contrib/unbound/dnscrypt/dnscrypt.h
head/contrib/unbound/doc/Changelog
head/contrib/unbound/doc/README
head/contrib/unbound/doc/example.conf
head/contrib/unbound/doc/example.conf.in
head/contrib/unbound/doc/libunbound.3
head/contrib/unbound/doc/libunbound.3.in
head/contrib/unbound/doc/unbound-anchor.8
head/contrib/unbound/doc/unbound-anchor.8.in
head/contrib/unbound/doc/unbound-checkconf.8
head/contrib/unbound/doc/unbound-checkconf.8.in
head/contrib/unbound/doc/unbound-control.8
head/contrib/unbound/doc/unbound-control.8.in
head/contrib/unbound/doc/unbound-host.1
head/contrib/unbound/doc/unbound-host.1.in
head/contrib/unbound/doc/unbound.8
head/contrib/unbound/doc/unbound.8.in
head/contrib/unbound/doc/unbound.conf.5
head/contrib/unbound/doc/unbound.conf.5.in
head/contrib/unbound/iterator/iterator.c
head/contrib/unbound/iterator/iterator.h
head/contrib/unbound/libunbound/libworker.c
head/contrib/unbound/libunbound/unbound.h
head/contrib/unbound/services/authzone.c
head/contrib/unbound/services/cache/dns.c
head/contrib/unbound/services/cache/infra.c
head/contrib/unbound/services/listen_dnsport.c
head/contrib/unbound/services/localzone.c
head/contrib/unbound/services/localzone.h
head/contrib/unbound/services/outside_network.c
head/contrib/unbound/sldns/parseutil.c
head/contrib/unbound/sldns/str2wire.c
head/contrib/unbound/sldns/wire2str.c
head/contrib/unbound/smallapp/unbound-anchor.c
head/contrib/unbound/smallapp/unbound-checkconf.c
head/contrib/unbound/smallapp/unbound-control.c
head/contrib/unbound/util/config_file.c
head/contrib/unbound/util/config_file.h
head/contrib/unbound/util/configlexer.lex
head/contrib/unbound/util/configparser.y
head/contrib/unbound/util/data/msgreply.c
head/contrib/unbound/util/fptr_wlist.c
head/contrib/unbound/util/iana_ports.inc
head/contrib/unbound/util/net_help.c
head/contrib/unbound/util/net_help.h
head/contrib/unbound/util/netevent.c
head/contrib/unbound/util/shm_side/shm_main.c
head/contrib/unbound/util/storage/lookup3.c
head/contrib/unbound/validator/val_secalgo.c
head/contrib/unbound/validator/val_utils.c
Directory Properties:
head/contrib/unbound/ (props changed)
Modified: head/contrib/unbound/Makefile.in
==============================================================================
--- head/contrib/unbound/Makefile.in Sat May 12 14:39:41 2018
(r333562)
+++ head/contrib/unbound/Makefile.in Sat May 12 14:48:38 2018
(r333563)
@@ -426,7 +426,7 @@ libunbound/python/libunbound_wrap.c:
$(srcdir)/libunbo
# Pyunbound python unbound wrapper
_unbound.la: libunbound_wrap.lo libunbound.la
- $(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS)
$(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@
libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) L. -L.libs -lunbound
+ $(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS)
$(CFLAGS) $(LDFLAGS) -module -avoid-version -no-undefined -shared -o $@
libunbound_wrap.lo -rpath $(PYTHON_SITE_PKG) -L. -L.libs -lunbound
util/config_file.c: util/configparser.h
util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h
@@ -735,9 +735,9 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_ut
$(srcdir)/sldns/str2wire.h
listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c
config.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h
$(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/services/outside_network.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h
$(srcdir)/sldns/sbuffer.h
localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h
$(srcdir)/services/localzone.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/util/storage/dnstree.h \
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/data/msgreply.h \
@@ -749,8 +749,8 @@ localzone.lo localzone.o: $(srcdir)/services/localzone
$(srcdir)/util/as112.h
mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h
$(srcdir)/util/rbtree.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgparse.h
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h
$(srcdir)/util/module.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/util/data/msgparse.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h
$(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/services/modstack.h \
$(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h
$(srcdir)/util/net_help.h \
$(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h
$(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h \
@@ -777,12 +777,12 @@ view.lo view.o: $(srcdir)/services/view.c config.h $(s
outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \
$(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h
$(srcdir)/util/rbtree.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c
config.h \
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h
$(srcdir)/util/netevent.h \
$(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
- $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/storage/dnstree.h \
$(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
$(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h
$(srcdir)/util/fptr_wlist.h \
@@ -830,7 +830,7 @@ authzone.lo authzone.o: $(srcdir)/services/authzone.c
$(srcdir)/validator/val_secalgo.h
fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h
$(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
$(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h
$(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \
@@ -851,8 +851,8 @@ locks.lo locks.o: $(srcdir)/util/locks.c config.h $(sr
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h
$(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h
$(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h
$(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h
$(srcdir)/util/data/msgreply.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h
$(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h
$(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h
$(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h
@@ -860,8 +860,8 @@ module.lo module.o: $(srcdir)/util/module.c config.h $
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
$(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h
$(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \
@@ -876,7 +876,7 @@ net_help.lo net_help.o: $(srcdir)/util/net_help.c conf
random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h
$(srcdir)/util/log.h
rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h
$(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
$(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h
$(srcdir)/services/modstack.h
@@ -897,19 +897,19 @@ slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhas
timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h
$(srcdir)/util/timehist.h $(srcdir)/util/log.h
tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h
$(srcdir)/util/log.h $(srcdir)/util/net_help.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/util/fptr_wlist.h
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h
$(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
$(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h \
$(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h
$(srcdir)/util/ub_event.h
ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h
$(srcdir)/util/ub_event.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h
$(srcdir)/util/rbtree.h
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/tube.h
$(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
ub_event_pluggable.lo ub_event_pluggable.o:
$(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \
$(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h
$(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h
$(srcdir)/sldns/pkthdr.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h
$(srcdir)/util/rbtree.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/data/msgparse.h \
+ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h
$(srcdir)/util/rbtree.h
winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h
autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h
$(srcdir)/validator/autotrust.h \
@@ -1040,7 +1040,9 @@ checklocks.lo checklocks.o: $(srcdir)/testcode/checklo
$(srcdir)/testcode/checklocks.h
dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h
$(srcdir)/sldns/sbuffer.h \
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
$(srcdir)/util/netevent.h \
- $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h
+ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h
$(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/storage/lookup3.h
ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h
$(srcdir)/ipsecmod/ipsecmod.h \
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/data/msgparse.h \
@@ -1174,9 +1176,10 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h
$(srcdir)/services/outside_network.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h
$(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
- $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
$(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h
$(srcdir)/util/storage/dnstree.h \
- $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
+ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
$(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h
$(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h
$(srcdir)/util/rtt.h \
+ $(srcdir)/validator/val_kcache.h
unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h
$(srcdir)/daemon/daemon.h \
$(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
$(srcdir)/daemon/remote.h \
@@ -1207,16 +1210,15 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h
$(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h
$(srcdir)/util/shm_side/shm_main.h
testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h
$(srcdir)/testcode/testpkts.h \
$(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h
$(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/util/rbtree.h \
- $(srcdir)/testcode/fake_event.h $(srcdir)/daemon/remote.h \
- $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h
$(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \
- $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h
$(srcdir)/services/modstack.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
- $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h
$(srcdir)/util/storage/dnstree.h \
- $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
$(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \
- $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h
$(srcdir)/daemon/remote.h \
+ $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h
$(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \
+ $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/services/listen_dnsport.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/services/cache/infra.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h
$(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h
$(srcdir)/util/ub_event.h
testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h
$(srcdir)/testcode/testpkts.h \
$(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h
@@ -1266,17 +1268,19 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(
$(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h
$(srcdir)/services/outside_network.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h
$(srcdir)/util/tube.h $(srcdir)/util/net_help.h \
- $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
$(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h
$(srcdir)/util/storage/dnstree.h \
- $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
+ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
$(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h
$(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h
$(srcdir)/util/rtt.h \
+ $(srcdir)/validator/val_kcache.h
replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h
$(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/testcode/testpkts.h \
- $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h
$(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \
+ $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h
$(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h \
+ $(srcdir)/sldns/rrdef.h
fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h
$(srcdir)/testcode/fake_event.h \
$(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
- $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
$(srcdir)/util/data/msgparse.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/util/net_help.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/data/msgencode.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h
$(srcdir)/services/listen_dnsport.h \
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
@@ -1309,7 +1313,8 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/sm
$(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h
$(srcdir)/iterator/iter_fwd.h \
$(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h
$(srcdir)/util/storage/dnstree.h \
$(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
$(srcdir)/services/localzone.h \
- $(srcdir)/services/view.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h
$(PYTHONMOD_HEADER)
+ $(srcdir)/services/view.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h
$(PYTHONMOD_HEADER) \
+ $(srcdir)/edns-subnet/subnet-whitelist.h
worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h
$(srcdir)/libunbound/context.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h
$(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
$(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/storage/lruhash.h \
Modified: head/contrib/unbound/acx_nlnetlabs.m4
==============================================================================
--- head/contrib/unbound/acx_nlnetlabs.m4 Sat May 12 14:39:41 2018
(r333562)
+++ head/contrib/unbound/acx_nlnetlabs.m4 Sat May 12 14:48:38 2018
(r333563)
@@ -688,8 +688,8 @@ AC_DEFUN([ACX_SSL_CHECKS], [
# check if -lwsock32 or -lgdi32 are needed.
BAKLIBS="$LIBS"
BAKSSLLIBS="$LIBSSL_LIBS"
- LIBS="$LIBS -lgdi32"
- LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
+ LIBS="$LIBS -lgdi32 -lws2_32"
+ LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32"
AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
AC_TRY_LINK([], [
int HMAC_Update(void);
@@ -839,7 +839,11 @@ dnl see if on windows
if test "$ac_cv_header_windows_h" = "yes"; then
AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
USE_WINSOCK="1"
- LIBS="$LIBS -lws2_32"
+ if echo $LIBS | grep 'lws2_32' >/dev/null; then
+ :
+ else
+ LIBS="$LIBS -lws2_32"
+ fi
fi
],
dnl no quick getaddrinfo, try mingw32 and winsock2 library.
Modified: head/contrib/unbound/cachedb/cachedb.c
==============================================================================
--- head/contrib/unbound/cachedb/cachedb.c Sat May 12 14:39:41 2018
(r333562)
+++ head/contrib/unbound/cachedb/cachedb.c Sat May 12 14:48:38 2018
(r333563)
@@ -61,6 +61,8 @@
/** the unit test testframe for cachedb, its module state contains
* a cache for a couple queries (in memory). */
struct testframe_moddata {
+ /** lock for mutex */
+ lock_basic_type lock;
/** key for single stored data element, NULL if none */
char* stored_key;
/** data for single stored data element, NULL if none */
@@ -72,14 +74,18 @@ struct testframe_moddata {
static int
testframe_init(struct module_env* env, struct cachedb_env* cachedb_env)
{
+ struct testframe_moddata* d;
(void)env;
verbose(VERB_ALGO, "testframe_init");
- cachedb_env->backend_data = (void*)calloc(1,
+ d = (struct testframe_moddata*)calloc(1,
sizeof(struct testframe_moddata));
+ cachedb_env->backend_data = (void*)d;
if(!cachedb_env->backend_data) {
log_err("out of memory");
return 0;
}
+ lock_basic_init(&d->lock);
+ lock_protect(&d->lock, d, sizeof(*d));
return 1;
}
@@ -92,6 +98,7 @@ testframe_deinit(struct module_env* env, struct cached
verbose(VERB_ALGO, "testframe_deinit");
if(!d)
return;
+ lock_basic_destroy(&d->lock);
free(d->stored_key);
free(d->stored_data);
free(d);
@@ -105,17 +112,22 @@ testframe_lookup(struct module_env* env, struct cached
cachedb_env->backend_data;
(void)env;
verbose(VERB_ALGO, "testframe_lookup of %s", key);
+ lock_basic_lock(&d->lock);
if(d->stored_key && strcmp(d->stored_key, key) == 0) {
- if(d->stored_datalen > sldns_buffer_capacity(result_buffer))
+ if(d->stored_datalen > sldns_buffer_capacity(result_buffer)) {
+ lock_basic_unlock(&d->lock);
return 0; /* too large */
+ }
verbose(VERB_ALGO, "testframe_lookup found %d bytes",
(int)d->stored_datalen);
sldns_buffer_clear(result_buffer);
sldns_buffer_write(result_buffer, d->stored_data,
d->stored_datalen);
sldns_buffer_flip(result_buffer);
+ lock_basic_unlock(&d->lock);
return 1;
}
+ lock_basic_unlock(&d->lock);
return 0;
}
@@ -126,6 +138,7 @@ testframe_store(struct module_env* env, struct cachedb
struct testframe_moddata* d = (struct testframe_moddata*)
cachedb_env->backend_data;
(void)env;
+ lock_basic_lock(&d->lock);
verbose(VERB_ALGO, "testframe_store %s (%d bytes)", key, (int)data_len);
/* free old data element (if any) */
@@ -137,6 +150,7 @@ testframe_store(struct module_env* env, struct cachedb
d->stored_data = memdup(data, data_len);
if(!d->stored_data) {
+ lock_basic_unlock(&d->lock);
log_err("out of memory");
return;
}
@@ -146,8 +160,10 @@ testframe_store(struct module_env* env, struct cachedb
free(d->stored_data);
d->stored_data = NULL;
d->stored_datalen = 0;
+ lock_basic_unlock(&d->lock);
return;
}
+ lock_basic_unlock(&d->lock);
/* (key,data) successfully stored */
}
@@ -170,16 +186,17 @@ cachedb_find_backend(const char* str)
static int
cachedb_apply_cfg(struct cachedb_env* cachedb_env, struct config_file* cfg)
{
- const char* backend_str = "testframe"; /* TODO get from cfg */
- (void)cfg; /* need this until the TODO is implemented */
- if(backend_str && backend_str[0]) {
- cachedb_env->backend = cachedb_find_backend(backend_str);
- if(!cachedb_env->backend) {
- log_err("cachedb: cannot find backend name '%s",
- backend_str);
- return 0;
- }
+ const char* backend_str = cfg->cachedb_backend;
+
+ /* If unspecified we use the in-memory test DB. */
+ if(!backend_str)
+ backend_str = "testframe";
+ cachedb_env->backend = cachedb_find_backend(backend_str);
+ if(!cachedb_env->backend) {
+ log_err("cachedb: cannot find backend name '%s'", backend_str);
+ return 0;
}
+
/* TODO see if more configuration needs to be applied or not */
return 1;
}
@@ -277,9 +294,10 @@ calc_hash(struct module_qstate* qstate, char* buf, siz
size_t clen = 0;
uint8_t hash[CACHEDB_HASHSIZE/8];
const char* hex = "0123456789ABCDEF";
- const char* secret = "default"; /* TODO: from qstate->env->cfg */
+ const char* secret = qstate->env->cfg->cachedb_secret ?
+ qstate->env->cfg->cachedb_secret : "default";
size_t i;
-
+
/* copy the hash info into the clear buffer */
if(clen + qstate->qinfo.qname_len < sizeof(clear)) {
memmove(clear+clen, qstate->qinfo.qname,
Modified: head/contrib/unbound/config.h
==============================================================================
--- head/contrib/unbound/config.h Sat May 12 14:39:41 2018
(r333562)
+++ head/contrib/unbound/config.h Sat May 12 14:48:38 2018
(r333563)
@@ -297,6 +297,9 @@
/* Define to 1 if you have the <nettle/dsa-compat.h> header file. */
/* #undef HAVE_NETTLE_DSA_COMPAT_H */
+/* Define to 1 if you have the <nettle/eddsa.h> header file. */
+/* #undef HAVE_NETTLE_EDDSA_H */
+
/* Use libnss for crypto */
/* #undef HAVE_NSS */
@@ -602,7 +605,7 @@
#define PACKAGE_NAME "unbound"
/* Define to the full name and version of this package. */
-#define PACKAGE_STRING "unbound 1.6.4"
+#define PACKAGE_STRING "unbound 1.6.6"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "unbound"
@@ -611,7 +614,7 @@
#define PACKAGE_URL ""
/* Define to the version of this package. */
-#define PACKAGE_VERSION "1.6.4"
+#define PACKAGE_VERSION "1.6.6"
/* default pidfile location */
#define PIDFILE "/var/unbound/unbound.pid"
@@ -630,7 +633,7 @@
#define ROOT_CERT_FILE "/var/unbound/icannbundle.pem"
/* version number for resource files */
-#define RSRC_PACKAGE_VERSION 1,6,4,0
+#define RSRC_PACKAGE_VERSION 1,6,6,0
/* Directory to chdir to */
#define RUN_DIR "/var/unbound"
Modified: head/contrib/unbound/config.h.in
==============================================================================
--- head/contrib/unbound/config.h.in Sat May 12 14:39:41 2018
(r333562)
+++ head/contrib/unbound/config.h.in Sat May 12 14:48:38 2018
(r333563)
@@ -296,6 +296,9 @@
/* Define to 1 if you have the <nettle/dsa-compat.h> header file. */
#undef HAVE_NETTLE_DSA_COMPAT_H
+/* Define to 1 if you have the <nettle/eddsa.h> header file. */
+#undef HAVE_NETTLE_EDDSA_H
+
/* Use libnss for crypto */
#undef HAVE_NSS
Modified: head/contrib/unbound/configure
==============================================================================
--- head/contrib/unbound/configure Sat May 12 14:39:41 2018
(r333562)
+++ head/contrib/unbound/configure Sat May 12 14:48:38 2018
(r333563)
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for unbound 1.6.5.
+# Generated by GNU Autoconf 2.69 for unbound 1.6.6.
#
# Report bugs to <unbound-b...@nlnetlabs.nl>.
#
@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.6.5'
-PACKAGE_STRING='unbound 1.6.5'
+PACKAGE_VERSION='1.6.6'
+PACKAGE_STRING='unbound 1.6.6'
PACKAGE_BUGREPORT='unbound-b...@nlnetlabs.nl'
PACKAGE_URL=''
@@ -1437,7 +1437,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures unbound 1.6.5 to adapt to many kinds of systems.
+\`configure' configures unbound 1.6.6 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1502,7 +1502,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of unbound 1.6.5:";;
+ short | recursive ) echo "Configuration of unbound 1.6.6:";;
esac
cat <<\_ACEOF
@@ -1714,7 +1714,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-unbound configure 1.6.5
+unbound configure 1.6.6
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2423,7 +2423,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by unbound $as_me 1.6.5, which was
+It was created by unbound $as_me 1.6.6, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2775,11 +2775,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=6
-UNBOUND_VERSION_MICRO=5
+UNBOUND_VERSION_MICRO=6
LIBUNBOUND_CURRENT=7
-LIBUNBOUND_REVISION=4
+LIBUNBOUND_REVISION=5
LIBUNBOUND_AGE=5
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -2835,6 +2835,7 @@ LIBUNBOUND_AGE=5
# 1.6.3 had 7:2:5
# 1.6.4 had 7:3:5
# 1.6.5 had 7:4:5
+# 1.6.6 had 7:5:5
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -16464,7 +16465,9 @@ if test x"$ax_pthread_ok" = xyes; then
$as_echo "#define HAVE_PTHREAD 1" >>confdefs.h
- LIBS="$PTHREAD_LIBS $LIBS"
+ if test -n "$PTHREAD_LIBS"; then
+ LIBS="$PTHREAD_LIBS $LIBS"
+ fi
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
CC="$PTHREAD_CC"
ub_have_pthreads=yes
@@ -16894,8 +16897,16 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
$as_echo "#define HAVE_PYTHON 1" >>confdefs.h
- LIBS="$PYTHON_LDFLAGS $LIBS"
- CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS"
+ if test -n "$LIBS"; then
+ LIBS="$PYTHON_LDFLAGS $LIBS"
+ else
+ LIBS="$PYTHON_LDFLAGS"
+ fi
+ if test -n "$CPPFLAGS"; then
+ CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS"
+ else
+ CPPFLAGS="$PYTHON_CPPFLAGS"
+ fi
ub_have_python=yes
PC_PY_DEPENDENCY="python"
@@ -17250,8 +17261,8 @@ $as_echo "no" >&6; }
# check if -lwsock32 or -lgdi32 are needed.
BAKLIBS="$LIBS"
BAKSSLLIBS="$LIBSSL_LIBS"
- LIBS="$LIBS -lgdi32"
- LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
+ LIBS="$LIBS -lgdi32 -lws2_32"
+ LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto
needs -lgdi32" >&5
$as_echo_n "checking if -lcrypto needs -lgdi32... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -18053,6 +18064,7 @@ case "$enable_dsa" in
;;
*)
# detect if DSA is supported, and turn it off if not.
+ if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
ac_fn_c_check_func "$LINENO" "DSA_SIG_new" "ac_cv_func_DSA_SIG_new"
if test "x$ac_cv_func_DSA_SIG_new" = xyes; then :
@@ -18067,6 +18079,13 @@ else
fi
fi
+ else
+
+cat >>confdefs.h <<_ACEOF
+#define USE_DSA 1
+_ACEOF
+
+ fi
;;
esac
@@ -18096,11 +18115,6 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
if test $ac_have_decl = 1; then :
-
-cat >>confdefs.h <<_ACEOF
-#define USE_ED25519 1
-_ACEOF
-
use_ed25519="yes"
else
@@ -18109,6 +18123,28 @@ else
fi
fi
+ if test $USE_NETTLE = "yes"; then
+ for ac_header in nettle/eddsa.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "nettle/eddsa.h"
"ac_cv_header_nettle_eddsa_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_nettle_eddsa_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_NETTLE_EDDSA_H 1
+_ACEOF
+ use_ed25519="yes"
+fi
+
+done
+
+ fi
+ if test $use_ed25519 = "yes"; then
+
+cat >>confdefs.h <<_ACEOF
+#define USE_ED25519 1
+_ACEOF
+
+ fi
;;
esac
@@ -18621,7 +18657,12 @@ if test x_$enable_static_exe = x_yes; then
if test "$on_mingw" = yes; then
staticexe="-all-static"
# for static compile, include gdi32 and zlib here.
- LIBS="$LIBS -lgdi32 -lz"
+ if echo $LIBS | grep 'lgdi32' >/dev/null; then
+ :
+ else
+ LIBS="$LIBS -lgdi32"
+ fi
+ LIBS="$LIBS -lz"
fi
fi
@@ -18979,7 +19020,11 @@ if test "$ac_cv_header_windows_h" = "yes"; then
$as_echo "#define USE_WINSOCK 1" >>confdefs.h
USE_WINSOCK="1"
- LIBS="$LIBS -lws2_32"
+ if echo $LIBS | grep 'lws2_32' >/dev/null; then
+ :
+ else
+ LIBS="$LIBS -lws2_32"
+ fi
fi
else
@@ -20633,7 +20678,12 @@ $as_echo "#define OMITTED__D_LARGEFILE_SOURCE_1 1" >>c
fi
-LDFLAGS="$LATE_LDFLAGS $LDFLAGS"
+if test -n "$LATE_LDFLAGS"; then
+ LDFLAGS="$LATE_LDFLAGS $LDFLAGS"
+fi
+# remove start spaces
+LDFLAGS=`echo "$LDFLAGS"|sed -e 's/^ *//'`
+LIBS=`echo "$LIBS"|sed -e 's/^ *//'`
cat >>confdefs.h <<_ACEOF
@@ -20643,7 +20693,7 @@ _ACEOF
-version=1.6.5
+version=1.6.6
date=`date +'%b %e, %Y'`
@@ -21162,7 +21212,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by unbound $as_me 1.6.5, which was
+This file was extended by unbound $as_me 1.6.6, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -21228,7 +21278,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-unbound config.status 1.6.5
+unbound config.status 1.6.6
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
Modified: head/contrib/unbound/configure.ac
==============================================================================
--- head/contrib/unbound/configure.ac Sat May 12 14:39:41 2018
(r333562)
+++ head/contrib/unbound/configure.ac Sat May 12 14:48:38 2018
(r333563)
@@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[6])
-m4_define([VERSION_MICRO],[5])
+m4_define([VERSION_MICRO],[6])
AC_INIT(unbound,
m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),
unbound-b...@nlnetlabs.nl, unbound)
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=7
-LIBUNBOUND_REVISION=4
+LIBUNBOUND_REVISION=5
LIBUNBOUND_AGE=5
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -74,6 +74,7 @@ LIBUNBOUND_AGE=5
# 1.6.3 had 7:2:5
# 1.6.4 had 7:3:5
# 1.6.5 had 7:4:5
+# 1.6.6 had 7:5:5
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -456,7 +457,9 @@ ub_have_pthreads=no
if test x_$withval != x_no; then
AX_PTHREAD([
AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads
libraries and header files.])
- LIBS="$PTHREAD_LIBS $LIBS"
+ if test -n "$PTHREAD_LIBS"; then
+ LIBS="$PTHREAD_LIBS $LIBS"
+ fi
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
CC="$PTHREAD_CC"
ub_have_pthreads=yes
@@ -558,8 +561,16 @@ if test x_$ub_test_python != x_no; then
AC_SUBST(PY_MAJOR_VERSION)
# Have Python
AC_DEFINE(HAVE_PYTHON,1,[Define if you have Python libraries and header
files.])
- LIBS="$PYTHON_LDFLAGS $LIBS"
- CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS"
+ if test -n "$LIBS"; then
+ LIBS="$PYTHON_LDFLAGS $LIBS"
+ else
+ LIBS="$PYTHON_LDFLAGS"
+ fi
+ if test -n "$CPPFLAGS"; then
+ CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS"
+ else
+ CPPFLAGS="$PYTHON_CPPFLAGS"
+ fi
ub_have_python=yes
PC_PY_DEPENDENCY="python"
AC_SUBST(PC_PY_DEPENDENCY)
@@ -912,10 +923,14 @@ case "$enable_dsa" in
;;
*)
# detect if DSA is supported, and turn it off if not.
+ if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
AC_CHECK_FUNC(DSA_SIG_new, [
AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not
support DSA and you used --enable-dsa.])
fi ])
+ else
+ AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
+ fi
;;
esac
@@ -927,13 +942,18 @@ case "$enable_ed25519" in
*)
if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
AC_CHECK_DECLS([NID_ED25519], [
- AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable
ED25519 support.])
use_ed25519="yes"
], [ if test "x$enable_ed25519" = "xyes"; then
AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.])
fi ], [AC_INCLUDES_DEFAULT
#include <openssl/evp.h>
])
fi
+ if test $USE_NETTLE = "yes"; then
+ AC_CHECK_HEADERS([nettle/eddsa.h], use_ed25519="yes",,
[AC_INCLUDES_DEFAULT])
+ fi
+ if test $use_ed25519 = "yes"; then
+ AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable
ED25519 support.])
+ fi
;;
esac
@@ -1106,7 +1126,12 @@ if test x_$enable_static_exe = x_yes; then
if test "$on_mingw" = yes; then
staticexe="-all-static"
# for static compile, include gdi32 and zlib here.
- LIBS="$LIBS -lgdi32 -lz"
+ if echo $LIBS | grep 'lgdi32' >/dev/null; then
+ :
+ else
+ LIBS="$LIBS -lgdi32"
+ fi
+ LIBS="$LIBS -lz"
fi
fi
@@ -1448,7 +1473,12 @@ AC_SUBST(ALLTARGET)
AC_SUBST(INSTALLTARGET)
ACX_STRIP_EXT_FLAGS
-LDFLAGS="$LATE_LDFLAGS $LDFLAGS"
+if test -n "$LATE_LDFLAGS"; then
+ LDFLAGS="$LATE_LDFLAGS $LDFLAGS"
+fi
+# remove start spaces
+LDFLAGS=`echo "$LDFLAGS"|sed -e 's/^ *//'`
+LIBS=`echo "$LIBS"|sed -e 's/^ *//'`
AC_DEFINE_UNQUOTED([MAXSYSLOGMSGLEN], [10240], [Define to the maximum message
length to pass to syslog.])
Modified: head/contrib/unbound/contrib/fastrpz.patch
==============================================================================
--- head/contrib/unbound/contrib/fastrpz.patch Sat May 12 14:39:41 2018
(r333562)
+++ head/contrib/unbound/contrib/fastrpz.patch Sat May 12 14:48:38 2018
(r333563)
@@ -3263,15 +3263,15 @@ diff -u --unidirectional-new-file -r1.1 ./util/configp
%token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
%token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
%token VAR_DISABLE_DNSSEC_LAME_CHECK
-@@ -150,7 +151,7 @@
+@@ -153,7 +154,7 @@
toplevelvar: serverstart contents_server | stubstart contents_stub |
forwardstart contents_forward | pythonstart contents_py |
rcstart contents_rc | dtstart contents_dt | viewstart
- contents_view |
+ contents_view | rpzstart contents_rpz |
- dnscstart contents_dnsc
+ dnscstart contents_dnsc |
+ cachedbstart contents_cachedb
;
-
@@ -2160,6 +2161,50 @@
(strcmp($2, "yes")==0);
}
Modified: head/contrib/unbound/daemon/daemon.c
==============================================================================
--- head/contrib/unbound/daemon/daemon.c Sat May 12 14:39:41 2018
(r333562)
+++ head/contrib/unbound/daemon/daemon.c Sat May 12 14:48:38 2018
(r333563)
@@ -221,7 +221,9 @@ daemon_init(void)
# ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
ERR_load_crypto_strings();
# endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
ERR_load_SSL_strings();
+#endif
# ifdef USE_GOST
(void)sldns_key_EVP_load_gost_id();
# endif
@@ -239,7 +241,7 @@ daemon_init(void)
# if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL)
(void)SSL_library_init();
# else
- (void)OPENSSL_init_ssl(0, NULL);
+ (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
# endif
# if defined(HAVE_SSL) && defined(OPENSSL_THREADS) &&
!defined(THREADS_DISABLED)
if(!ub_openssl_lock_init())
@@ -421,8 +423,8 @@ daemon_create_workers(struct daemon* daemon)
daemon->rand = ub_initstate(seed, NULL);
if(!daemon->rand)
fatal_exit("could not init random generator");
+ hash_set_raninit((uint32_t)ub_random(daemon->rand));
}
- hash_set_raninit((uint32_t)ub_random(daemon->rand));
shufport = (int*)calloc(65536, sizeof(int));
if(!shufport)
fatal_exit("out of memory during daemon init");
@@ -690,6 +692,9 @@ daemon_cleanup(struct daemon* daemon)
daemon->num = 0;
#ifdef USE_DNSTAP
dt_delete(daemon->dtenv);
+#endif
+#ifdef USE_DNSCRYPT
+ dnsc_delete(daemon->dnscenv);
#endif
daemon->cfg = NULL;
}
Modified: head/contrib/unbound/daemon/remote.c
==============================================================================
--- head/contrib/unbound/daemon/remote.c Sat May 12 14:39:41 2018
(r333562)
+++ head/contrib/unbound/daemon/remote.c Sat May 12 14:48:38 2018
(r333563)
@@ -229,42 +229,10 @@ daemon_remote_create(struct config_file* cfg)
free(rc);
return NULL;
}
- /* no SSLv2, SSLv3 because has defects */
- if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
- != SSL_OP_NO_SSLv2){
- log_crypto_err("could not set SSL_OP_NO_SSLv2");
+ if(!listen_sslctx_setup(rc->ctx)) {
daemon_remote_delete(rc);
return NULL;
}
- if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
- != SSL_OP_NO_SSLv3){
- log_crypto_err("could not set SSL_OP_NO_SSLv3");
- daemon_remote_delete(rc);
- return NULL;
- }
-#if defined(SSL_OP_NO_TLSv1) && defined(SSL_OP_NO_TLSv1_1)
- /* if we have tls 1.1 disable 1.0 */
- if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1) & SSL_OP_NO_TLSv1)
- != SSL_OP_NO_TLSv1){
- log_crypto_err("could not set SSL_OP_NO_TLSv1");
- daemon_remote_delete(rc);
- return NULL;
- }
-#endif
-#if defined(SSL_OP_NO_TLSv1_1) && defined(SSL_OP_NO_TLSv1_2)
- /* if we have tls 1.2 disable 1.1 */
- if((SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1_1) & SSL_OP_NO_TLSv1_1)
- != SSL_OP_NO_TLSv1_1){
- log_crypto_err("could not set SSL_OP_NO_TLSv1_1");
- daemon_remote_delete(rc);
- return NULL;
- }
-#endif
-#if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA)
- /* if we have sha256, set the cipher list to have no known vulns */
- if(!SSL_CTX_set_cipher_list(rc->ctx,
"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"))
- log_crypto_err("could not set cipher list with
SSL_CTX_set_cipher_list");
-#endif
if (cfg->remote_control_use_cert == 0) {
/* No certificates are requested */
@@ -314,23 +282,7 @@ daemon_remote_create(struct config_file* cfg)
log_crypto_err("Error in SSL_CTX check_private_key");
goto setup_error;
}
-#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO
- if(!SSL_CTX_set_ecdh_auto(rc->ctx,1)) {
- log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling
ECDHE");
- }
-#elif defined(USE_ECDSA)
- if(1) {
- EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
- if (!ecdh) {
- log_crypto_err("could not find p256, not enabling
ECDHE");
- } else {
- if (1 != SSL_CTX_set_tmp_ecdh (rc->ctx, ecdh)) {
- log_crypto_err("Error in SSL_CTX_set_tmp_ecdh,
not enabling ECDHE");
- }
- EC_KEY_free (ecdh);
- }
- }
-#endif
+ listen_sslctx_setup_2(rc->ctx);
if(!SSL_CTX_load_verify_locations(rc->ctx, s_cert, NULL)) {
log_crypto_err("Error setting up SSL_CTX verify locations");
setup_error:
@@ -415,7 +367,7 @@ add_open(const char* ip, int nr, struct listen_port**
if (cfg->username && cfg->username[0] &&
cfg_uid != (uid_t)-1) {
if(chown(ip, cfg_uid, cfg_gid) == -1)
- log_err("cannot chown %u.%u %s: %s",
+ verbose(VERB_QUERY, "cannot chown %u.%u
%s: %s",
(unsigned)cfg_uid, (unsigned)cfg_gid,
ip, strerror(errno));
}
@@ -841,7 +793,7 @@ print_stats(SSL* ssl, const char* nm, struct ub_stats_
static int
print_thread_stats(SSL* ssl, int i, struct ub_stats_info* s)
{
- char nm[16];
+ char nm[32];
snprintf(nm, sizeof(nm), "thread%d", i);
nm[sizeof(nm)-1]=0;
return print_stats(ssl, nm, s);
@@ -873,6 +825,9 @@ print_mem(SSL* ssl, struct worker* worker, struct daem
#ifdef USE_IPSECMOD
size_t ipsecmod = 0;
#endif /* USE_IPSECMOD */
+#ifdef USE_DNSCRYPT
+ size_t dnscrypt_shared_secret = 0;
+#endif /* USE_DNSCRYPT */
msg = slabhash_get_mem(daemon->env->msg_cache);
rrset = slabhash_get_mem(&daemon->env->rrset_cache->table);
val = mod_get_mem(&worker->env, "validator");
@@ -884,6 +839,12 @@ print_mem(SSL* ssl, struct worker* worker, struct daem
#ifdef USE_IPSECMOD
ipsecmod = mod_get_mem(&worker->env, "ipsecmod");
#endif /* USE_IPSECMOD */
+#ifdef USE_DNSCRYPT
+ if(daemon->dnscenv) {
+ dnscrypt_shared_secret = slabhash_get_mem(
+ daemon->dnscenv->shared_secrets_cache);
+ }
+#endif /* USE_DNSCRYPT */
if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset))
return 0;
@@ -903,6 +864,11 @@ print_mem(SSL* ssl, struct worker* worker, struct daem
if(!print_longnum(ssl, "mem.mod.ipsecmod"SQ, ipsecmod))
return 0;
#endif /* USE_IPSECMOD */
+#ifdef USE_DNSCRYPT
+ if(!print_longnum(ssl, "mem.cache.dnscrypt_shared_secret"SQ,
+ dnscrypt_shared_secret))
+ return 0;
+#endif /* USE_DNSCRYPT */
return 1;
}
@@ -1065,6 +1031,9 @@ print_ext(SSL* ssl, struct ub_stats_info* s)
if(!ssl_printf(ssl, "num.answer.rcode.nodata"SQ"%lu\n",
(unsigned long)s->svr.ans_rcode_nodata)) return 0;
}
+ /* iteration */
+ if(!ssl_printf(ssl, "num.query.ratelimited"SQ"%lu\n",
+ (unsigned long)s->svr.queries_ratelimited)) return 0;
/* validation */
if(!ssl_printf(ssl, "num.answer.secure"SQ"%lu\n",
(unsigned long)s->svr.ans_secure)) return 0;
@@ -1086,6 +1055,12 @@ print_ext(SSL* ssl, struct ub_stats_info* s)
(unsigned)s->svr.infra_cache_count)) return 0;
if(!ssl_printf(ssl, "key.cache.count"SQ"%u\n",
(unsigned)s->svr.key_cache_count)) return 0;
+#ifdef USE_DNSCRYPT
+ if(!ssl_printf(ssl, "dnscrypt_shared_secret.cache.count"SQ"%u\n",
+ (unsigned)s->svr.shared_secret_cache_count)) return 0;
+ if(!ssl_printf(ssl,
"num.query.dnscrypt.shared_secret.cachemiss"SQ"%lu\n",
+ (unsigned long)s->svr.num_query_dnscrypt_secret_missed_cache))
return 0;
+#endif /* USE_DNSCRYPT */
return 1;
}
@@ -2389,10 +2364,16 @@ dump_infra_host(struct lruhash_entry* e, void* arg)
struct infra_data* d = (struct infra_data*)e->data;
char ip_str[1024];
char name[257];
+ int port;
if(a->ssl_failed)
return;
addr_to_str(&k->addr, k->addrlen, ip_str, sizeof(ip_str));
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
