git: 8fe299c09c3f - stable/12 - unbound: Vendor import 1.16.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 11 Jul 2022 12:56:21 UTC
The branch stable/12 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=8fe299c09c3f6e78dac7e329695f2c17c791c74d commit 8fe299c09c3f6e78dac7e329695f2c17c791c74d Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-06-08 22:08:42 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-07-11 12:56:15 +0000 unbound: Vendor import 1.16.0 Merge commit '5f9f82264b91e041df7cba2406625146e7268ce4' into main (cherry picked from commit a39a5a6905612447def27b66ffe73b9d11efd80c) --- contrib/unbound/Makefile.in | 23 +- contrib/unbound/acx_python.m4 | 57 +++-- contrib/unbound/config.guess | 34 ++- contrib/unbound/config.h.in | 6 +- contrib/unbound/configure | 116 ++++++--- contrib/unbound/configure.ac | 18 +- contrib/unbound/daemon/acl_list.c | 35 +++ contrib/unbound/daemon/acl_list.h | 11 + contrib/unbound/daemon/cachedump.c | 6 +- contrib/unbound/daemon/worker.c | 284 ++++++++++++++++++--- contrib/unbound/doc/Changelog | 141 ++++++++++ contrib/unbound/doc/README | 2 +- contrib/unbound/doc/example.conf.in | 16 +- contrib/unbound/doc/libunbound.3.in | 4 +- contrib/unbound/doc/unbound-anchor.8.in | 2 +- contrib/unbound/doc/unbound-checkconf.8.in | 2 +- contrib/unbound/doc/unbound-control.8.in | 24 +- contrib/unbound/doc/unbound-host.1.in | 2 +- contrib/unbound/doc/unbound.8.in | 4 +- contrib/unbound/doc/unbound.conf.5.in | 56 +++- contrib/unbound/edns-subnet/subnetmod.c | 30 ++- contrib/unbound/edns-subnet/subnetmod.h | 7 + contrib/unbound/ipset/ipset.c | 71 +++--- contrib/unbound/iterator/iter_delegpt.h | 2 +- contrib/unbound/iterator/iter_utils.c | 24 +- contrib/unbound/iterator/iter_utils.h | 6 +- contrib/unbound/iterator/iterator.c | 41 +-- contrib/unbound/libunbound/libworker.c | 6 +- contrib/unbound/respip/respip.c | 23 +- contrib/unbound/respip/respip.h | 5 +- contrib/unbound/services/authzone.c | 103 ++++++-- contrib/unbound/services/authzone.h | 3 + contrib/unbound/services/cache/dns.c | 5 + contrib/unbound/services/listen_dnsport.c | 79 +++++- contrib/unbound/services/localzone.c | 26 +- contrib/unbound/services/mesh.c | 181 ++++++++++++- contrib/unbound/services/mesh.h | 17 +- contrib/unbound/services/outside_network.c | 5 +- contrib/unbound/services/rpz.c | 41 ++- contrib/unbound/services/rpz.h | 4 +- contrib/unbound/sldns/parseutil.c | 36 ++- contrib/unbound/sldns/parseutil.h | 4 +- contrib/unbound/sldns/pkthdr.h | 4 + contrib/unbound/sldns/rrdef.h | 32 +++ contrib/unbound/sldns/str2wire.c | 38 ++- contrib/unbound/sldns/wire2str.c | 1 + contrib/unbound/smallapp/unbound-checkconf.c | 23 ++ contrib/unbound/smallapp/unbound-control.c | 28 +- contrib/unbound/testcode/unitzonemd.c | 4 +- .../unbound/testdata/auth_zonemd_file_unknown.rpl | 184 +++++++++++++ contrib/unbound/testdata/ede.tdir/bogus/clean.sh | 1 + .../testdata/ede.tdir/bogus/dnskey-failures.test | 10 + .../testdata/ede.tdir/bogus/dnssec-failures.test | 15 ++ .../testdata/ede.tdir/bogus/make-broken-zone.sh | 67 +++++ .../testdata/ede.tdir/bogus/nsec-failures.test | 10 + .../testdata/ede.tdir/bogus/rrsig-failures.test | 10 + contrib/unbound/testdata/ede.tdir/ede-auth.conf | 27 ++ contrib/unbound/testdata/ede.tdir/ede.conf | 49 ++++ contrib/unbound/testdata/ede.tdir/ede.dsc | 16 ++ contrib/unbound/testdata/ede.tdir/ede.post | 10 + contrib/unbound/testdata/ede.tdir/ede.pre | 37 +++ contrib/unbound/testdata/ede.tdir/ede.test | 72 ++++++ contrib/unbound/testdata/ede_acl_refused.rpl | 35 +++ .../unbound/testdata/ede_cache_snoop_noth_auth.rpl | 33 +++ .../testdata/ede_localzone_dname_expansion.rpl | 37 +++ contrib/unbound/testdata/ipset.tdir/ipset.conf | 23 ++ contrib/unbound/testdata/ipset.tdir/ipset.dsc | 16 ++ contrib/unbound/testdata/ipset.tdir/ipset.post | 14 + contrib/unbound/testdata/ipset.tdir/ipset.pre | 33 +++ contrib/unbound/testdata/ipset.tdir/ipset.test | 155 +++++++++++ contrib/unbound/testdata/ipset.tdir/ipset.testns | 103 ++++++++ contrib/unbound/testdata/iter_cname_minimise.rpl | 179 +++++++++++++ contrib/unbound/testdata/iter_dp_ip6useless.rpl | 168 ++++++++++++ contrib/unbound/testdata/nsid_bogus.rpl | 3 +- contrib/unbound/testdata/rpz_passthru.rpl | 154 +++++++++++ contrib/unbound/testdata/subnet_prefetch.crpl | 215 ++++++++++++++++ .../testdata/subnet_prefetch_with_client_ecs.crpl | 221 ++++++++++++++++ contrib/unbound/util/config_file.c | 136 +--------- contrib/unbound/util/config_file.h | 57 +---- contrib/unbound/util/configlexer.lex | 4 + contrib/unbound/util/configparser.y | 58 ++++- contrib/unbound/util/data/msgparse.c | 3 +- contrib/unbound/util/data/msgparse.h | 9 + contrib/unbound/util/data/msgreply.c | 31 +++ contrib/unbound/util/data/msgreply.h | 39 ++- contrib/unbound/util/module.c | 142 +++++++++++ contrib/unbound/util/module.h | 73 +++++- contrib/unbound/util/net_help.c | 8 +- contrib/unbound/util/netevent.c | 29 ++- contrib/unbound/validator/autotrust.c | 13 +- contrib/unbound/validator/val_kcache.c | 1 + contrib/unbound/validator/val_kentry.c | 20 ++ contrib/unbound/validator/val_kentry.h | 19 ++ contrib/unbound/validator/val_nsec.c | 2 +- contrib/unbound/validator/val_nsec3.c | 11 +- contrib/unbound/validator/val_nsec3.h | 4 +- contrib/unbound/validator/val_sigcrypt.c | 99 +++++-- contrib/unbound/validator/val_sigcrypt.h | 49 ++-- contrib/unbound/validator/val_utils.c | 66 ++--- contrib/unbound/validator/val_utils.h | 67 ++--- contrib/unbound/validator/validator.c | 123 +++++++-- contrib/unbound/validator/validator.h | 2 +- 102 files changed, 3983 insertions(+), 671 deletions(-) diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in index 55125a441977..7dbe5760033b 100644 --- a/contrib/unbound/Makefile.in +++ b/contrib/unbound/Makefile.in @@ -57,7 +57,7 @@ LEX=@LEX@ STRIP=@STRIP@ CC=@CC@ CPPFLAGS=-I. @CPPFLAGS@ -PYTHON_CPPFLAGS=-I. @PYTHON_CPPFLAGS@ +PYTHON_CPPFLAGS=-I. -I$(srcdir) @PYTHON_CPPFLAGS@ CFLAGS=-DSRCDIR=$(srcdir) @CFLAGS@ LDFLAGS=@LDFLAGS@ LIBS=@LIBS@ @@ -344,7 +344,18 @@ longcheck: longtest test: unittest$(EXEEXT) testbound$(EXEEXT) ./unittest$(EXEEXT) ./testbound$(EXEEXT) -s - for x in $(srcdir)/testdata/*.rpl; do printf "%s" "$$x "; if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then echo OK; else echo failed; exit 1; fi done + for x in $(srcdir)/testdata/*.rpl; do \ + printf "%s" "$$x "; \ + if ./testbound$(EXEEXT) -p $$x >/dev/null 2>&1; then \ + echo OK; \ + else \ + echo failed; \ + ./testbound$(EXEEXT) -p $$x -o -vvvvv; \ + printf "%s" "$$x "; \ + echo failed; \ + exit 1; \ + fi; \ + done @echo test OK longtest: tests @@ -556,7 +567,7 @@ pythonmod-install: pyunbound-install: $(INSTALL) -m 755 -d $(DESTDIR)$(PYTHON_SITE_PKG) - $(INSTALL) -c -m 644 $(srcdir)/libunbound/python/unbound.py $(DESTDIR)$(PYTHON_SITE_PKG)/unbound.py + $(INSTALL) -c -m 644 libunbound/python/unbound.py $(DESTDIR)$(PYTHON_SITE_PKG)/unbound.py $(LIBTOOL) --mode=install cp _unbound.la $(DESTDIR)$(PYTHON_SITE_PKG) $(LIBTOOL) --mode=finish $(DESTDIR)$(PYTHON_SITE_PKG) @@ -583,6 +594,8 @@ install-lib: lib $(UNBOUND_EVENT_INSTALL) echo ".so man3/libunbound.3" > $(DESTDIR)$(mandir)/man3/$$mpage.3 ; \ done $(LIBTOOL) --mode=install cp unbound.h $(DESTDIR)$(includedir)/unbound.h + $(INSTALL) -m 755 -d $(DESTDIR)$(libdir)/pkgconfig + $(INSTALL) -m 644 contrib/libunbound.pc $(DESTDIR)$(libdir)/pkgconfig $(LIBTOOL) --mode=install cp libunbound.la $(DESTDIR)$(libdir) $(LIBTOOL) --mode=finish $(DESTDIR)$(libdir) @@ -592,8 +605,6 @@ install-all: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL) $(UNBOUND_EVENT_INSTA $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man8 $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man5 $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man1 - $(INSTALL) -m 755 -d $(DESTDIR)$(libdir)/pkgconfig - $(INSTALL) -m 644 contrib/libunbound.pc $(DESTDIR)$(libdir)/pkgconfig $(LIBTOOL) --mode=install cp -f unbound$(EXEEXT) $(DESTDIR)$(sbindir)/unbound$(EXEEXT) $(LIBTOOL) --mode=install cp -f unbound-checkconf$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-checkconf$(EXEEXT) $(LIBTOOL) --mode=install cp -f unbound-control$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control$(EXEEXT) @@ -1248,7 +1259,7 @@ cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h $(srcdir)/services/outside_network.h daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ diff --git a/contrib/unbound/acx_python.m4 b/contrib/unbound/acx_python.m4 index 767db5b65944..16c0c6fd943f 100644 --- a/contrib/unbound/acx_python.m4 +++ b/contrib/unbound/acx_python.m4 @@ -18,27 +18,45 @@ AC_DEFUN([AC_PYTHON_DEVEL],[ print(sys.version.split()[[0]])"` fi - # - # Check if you have distutils, else fail - # - AC_MSG_CHECKING([for the distutils Python package]) - if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then + # Check if you have sysconfig + AC_MSG_CHECKING([for the sysconfig Python module]) + if ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`; then AC_MSG_RESULT([yes]) - else + sysconfig_module="sysconfig" + # if yes, use sysconfig, because distutils is deprecated. + else AC_MSG_RESULT([no]) - AC_MSG_ERROR([cannot import Python module "distutils". -Please check your Python installation. The error was: -$ac_distutils_result]) - PYTHON_VERSION="" - fi + # if no, try to use distutils + + # + # Check if you have distutils, else fail + # + AC_MSG_CHECKING([for the distutils Python package]) + if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + AC_MSG_ERROR([cannot import Python module "distutils". + Please check your Python installation. The error was: + $ac_distutils_result]) + PYTHON_VERSION="" + fi + + sysconfig_module="distutils.sysconfig" + fi # # Check for Python include path # AC_MSG_CHECKING([for Python include path]) if test -z "$PYTHON_CPPFLAGS"; then - python_path=`$PYTHON -c "import distutils.sysconfig; \ - print(distutils.sysconfig.get_python_inc());"` + if test "$sysconfig_module" = "sysconfig"; then + python_path=`$PYTHON -c 'import sysconfig; \ + print(sysconfig.get_path("include"));'` + else + python_path=`$PYTHON -c "import distutils.sysconfig; \ + print(distutils.sysconfig.get_python_inc());"` + fi if test -n "${python_path}"; then python_path="-I$python_path" fi @@ -52,14 +70,14 @@ $ac_distutils_result]) # AC_MSG_CHECKING([for Python library path]) if test -z "$PYTHON_LDFLAGS"; then - PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \ + PYTHON_LDFLAGS=`$PYTHON -c "from $sysconfig_module import *; \ print('-L'+get_config_var('LIBDIR')+' -L'+get_config_var('LIBDEST')+' '+get_config_var('BLDLIBRARY'));"` fi AC_MSG_RESULT([$PYTHON_LDFLAGS]) AC_SUBST([PYTHON_LDFLAGS]) if test -z "$PYTHON_LIBDIR"; then - PYTHON_LIBDIR=`$PYTHON -c "from distutils.sysconfig import *; \ + PYTHON_LIBDIR=`$PYTHON -c "from $sysconfig_module import *; \ print(get_config_var('LIBDIR'));"` fi @@ -68,8 +86,13 @@ $ac_distutils_result]) # AC_MSG_CHECKING([for Python site-packages path]) if test -z "$PYTHON_SITE_PKG"; then - PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \ - print(distutils.sysconfig.get_python_lib(1,0));"` + if test "$sysconfig_module" = "sysconfig"; then + PYTHON_SITE_PKG=`$PYTHON -c 'import sysconfig; \ + print(sysconfig.get_path("platlib"));'` + else + PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \ + print(distutils.sysconfig.get_python_lib(1,0));"` + fi fi AC_MSG_RESULT([$PYTHON_SITE_PKG]) AC_SUBST([PYTHON_SITE_PKG]) diff --git a/contrib/unbound/config.guess b/contrib/unbound/config.guess index 7f76b6228f73..1817bdce90dc 100755 --- a/contrib/unbound/config.guess +++ b/contrib/unbound/config.guess @@ -4,7 +4,7 @@ # shellcheck disable=SC2006,SC2268 # see below for rationale -timestamp='2022-01-09' +timestamp='2022-05-25' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -1151,16 +1151,27 @@ EOF ;; x86_64:Linux:*:*) set_cc_for_build + CPU=$UNAME_MACHINE LIBCABI=$LIBC if test "$CC_FOR_BUILD" != no_compiler_found; then - if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_X32 >/dev/null - then - LIBCABI=${LIBC}x32 - fi + ABI=64 + sed 's/^ //' << EOF > "$dummy.c" + #ifdef __i386__ + ABI=x86 + #else + #ifdef __ILP32__ + ABI=x32 + #endif + #endif +EOF + cc_set_abi=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^ABI' | sed 's, ,,g'` + eval "$cc_set_abi" + case $ABI in + x86) CPU=i686 ;; + x32) LIBCABI=${LIBC}x32 ;; + esac fi - GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI + GUESS=$CPU-pc-linux-$LIBCABI ;; xtensa*:Linux:*:*) GUESS=$UNAME_MACHINE-unknown-linux-$LIBC @@ -1367,8 +1378,11 @@ EOF BePC:Haiku:*:*) # Haiku running on Intel PC compatible. GUESS=i586-pc-haiku ;; - x86_64:Haiku:*:*) - GUESS=x86_64-unknown-haiku + ppc:Haiku:*:*) # Haiku running on Apple PowerPC + GUESS=powerpc-apple-haiku + ;; + *:Haiku:*:*) # Haiku modern gcc (not bound by BeOS compat) + GUESS=$UNAME_MACHINE-unknown-haiku ;; SX-4:SUPER-UX:*:*) GUESS=sx4-nec-superux$UNAME_RELEASE diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in index 197c2838b33f..a080dde0da2e 100644 --- a/contrib/unbound/config.h.in +++ b/contrib/unbound/config.h.in @@ -971,6 +971,10 @@ /* Define to 1 if you need to in order for `stat' and other things to work. */ #undef _POSIX_SOURCE +/* defined to use gcc ansi snprintf and sscanf that understands %lld when + compiled for windows. */ +#undef __USE_MINGW_ANSI_STDIO + /* Define to empty if `const' does not conform to ANSI C. */ #undef const @@ -1150,7 +1154,7 @@ #include <ws2tcpip.h> #endif -#ifndef USE_WINSOCK +#if !defined(USE_WINSOCK) || !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) || defined(__USE_MINGW_ANSI_STDIO) #define ARG_LL "%ll" #else #define ARG_LL "%I64" diff --git a/contrib/unbound/configure b/contrib/unbound/configure index 48f9c2d02b68..a9ec94479b55 100755 --- a/contrib/unbound/configure +++ b/contrib/unbound/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.15.0. +# Generated by GNU Autoconf 2.69 for unbound 1.16.0. # # Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>. # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.15.0' -PACKAGE_STRING='unbound 1.15.0' +PACKAGE_VERSION='1.16.0' +PACKAGE_STRING='unbound 1.16.0' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -813,6 +813,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -964,6 +965,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1216,6 +1218,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1353,7 +1364,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1466,7 +1477,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.15.0 to adapt to many kinds of systems. +\`configure' configures unbound 1.16.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1506,6 +1517,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1531,7 +1543,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.15.0:";; + short | recursive ) echo "Configuration of unbound 1.16.0:";; esac cat <<\_ACEOF @@ -1773,7 +1785,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.15.0 +unbound configure 1.16.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2482,7 +2494,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.15.0, which was +It was created by unbound $as_me 1.16.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2832,13 +2844,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu UNBOUND_VERSION_MAJOR=1 -UNBOUND_VERSION_MINOR=15 +UNBOUND_VERSION_MINOR=16 UNBOUND_VERSION_MICRO=0 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=15 +LIBUNBOUND_REVISION=16 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2921,6 +2933,7 @@ LIBUNBOUND_AGE=1 # 1.13.2 had 9:13:1 # 1.14.0 had 9:14:1 # 1.15.0 had 9:15:1 +# 1.16.0 had 9:16:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -17455,22 +17468,38 @@ fi print(sys.version.split()[0])"` fi - # - # Check if you have distutils, else fail - # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5 -$as_echo_n "checking for the distutils Python package... " >&6; } - if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then + # Check if you have sysconfig + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the sysconfig Python module" >&5 +$as_echo_n "checking for the sysconfig Python module... " >&6; } + if ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1`; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - else + sysconfig_module="sysconfig" + # if yes, use sysconfig, because distutils is deprecated. + else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "cannot import Python module \"distutils\". -Please check your Python installation. The error was: -$ac_distutils_result" "$LINENO" 5 - PYTHON_VERSION="" - fi + # if no, try to use distutils + + # + # Check if you have distutils, else fail + # + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5 +$as_echo_n "checking for the distutils Python package... " >&6; } + if ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "cannot import Python module \"distutils\". + Please check your Python installation. The error was: + $ac_distutils_result" "$LINENO" 5 + PYTHON_VERSION="" + fi + + sysconfig_module="distutils.sysconfig" + fi # # Check for Python include path @@ -17478,8 +17507,13 @@ $ac_distutils_result" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5 $as_echo_n "checking for Python include path... " >&6; } if test -z "$PYTHON_CPPFLAGS"; then - python_path=`$PYTHON -c "import distutils.sysconfig; \ - print(distutils.sysconfig.get_python_inc());"` + if test "$sysconfig_module" = "sysconfig"; then + python_path=`$PYTHON -c 'import sysconfig; \ + print(sysconfig.get_path("include"));'` + else + python_path=`$PYTHON -c "import distutils.sysconfig; \ + print(distutils.sysconfig.get_python_inc());"` + fi if test -n "${python_path}"; then python_path="-I$python_path" fi @@ -17495,7 +17529,7 @@ $as_echo "$PYTHON_CPPFLAGS" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5 $as_echo_n "checking for Python library path... " >&6; } if test -z "$PYTHON_LDFLAGS"; then - PYTHON_LDFLAGS=`$PYTHON -c "from distutils.sysconfig import *; \ + PYTHON_LDFLAGS=`$PYTHON -c "from $sysconfig_module import *; \ print('-L'+get_config_var('LIBDIR')+' -L'+get_config_var('LIBDEST')+' '+get_config_var('BLDLIBRARY'));"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5 @@ -17503,7 +17537,7 @@ $as_echo "$PYTHON_LDFLAGS" >&6; } if test -z "$PYTHON_LIBDIR"; then - PYTHON_LIBDIR=`$PYTHON -c "from distutils.sysconfig import *; \ + PYTHON_LIBDIR=`$PYTHON -c "from $sysconfig_module import *; \ print(get_config_var('LIBDIR'));"` fi @@ -17513,8 +17547,13 @@ $as_echo "$PYTHON_LDFLAGS" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5 $as_echo_n "checking for Python site-packages path... " >&6; } if test -z "$PYTHON_SITE_PKG"; then - PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \ - print(distutils.sysconfig.get_python_lib(1,0));"` + if test "$sysconfig_module" = "sysconfig"; then + PYTHON_SITE_PKG=`$PYTHON -c 'import sysconfig; \ + print(sysconfig.get_path("platlib"));'` + else + PYTHON_SITE_PKG=`$PYTHON -c "import distutils.sysconfig; \ + print(distutils.sysconfig.get_python_lib(1,0));"` + fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5 $as_echo "$PYTHON_SITE_PKG" >&6; } @@ -20181,6 +20220,9 @@ fi WIN_CHECKCONF_OBJ_LINK="rsrc_unbound_checkconf.o" + +$as_echo "#define __USE_MINGW_ANSI_STDIO 1" >>confdefs.h + fi if test $ac_cv_func_getaddrinfo = no; then case " $LIBOBJS " in @@ -21678,10 +21720,16 @@ $as_echo_n "checking for libmnl... " >&6; } withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" fi for dir in $withval ; do - if test -f "$dir/include/libmnl/libmnl.h"; then + if test -f "$dir/include/libmnl/libmnl.h" -o -f "$dir/include/libmnl/libmnl/libmnl.h"; then found_libmnl="yes" - if test "$dir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$dir/include" + extralibmnl="" + if test -f "$dir/include/libmnl/libmnl/libmnl.h"; then + extralibmnl="/libmnl" + fi + if test "$dir" != "/usr" -o -n "$extralibmnl"; then + CPPFLAGS="$CPPFLAGS -I$dir/include$extralibmnl" + fi + if test "$dir" != "/usr"; then LDFLAGS="$LDFLAGS -L$dir/lib" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $dir" >&5 @@ -21886,7 +21934,7 @@ _ACEOF -version=1.15.0 +version=1.16.0 date=`date +'%b %e, %Y'` @@ -22405,7 +22453,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.15.0, which was +This file was extended by unbound $as_me 1.16.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22471,7 +22519,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.15.0 +unbound config.status 1.16.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac index 5c7da1978131..1453b3a2fe29 100644 --- a/contrib/unbound/configure.ac +++ b/contrib/unbound/configure.ac @@ -10,7 +10,7 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[15]) +m4_define([VERSION_MINOR],[16]) m4_define([VERSION_MICRO],[0]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) @@ -18,7 +18,7 @@ AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=15 +LIBUNBOUND_REVISION=16 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -101,6 +101,7 @@ LIBUNBOUND_AGE=1 # 1.13.2 had 9:13:1 # 1.14.0 had 9:14:1 # 1.15.0 had 9:15:1 +# 1.16.0 had 9:16:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -1553,6 +1554,7 @@ if test "$USE_WINSOCK" = 1; then AC_SUBST(WIN_CONTROL_OBJ_LINK) WIN_CHECKCONF_OBJ_LINK="rsrc_unbound_checkconf.o" AC_SUBST(WIN_CHECKCONF_OBJ_LINK) + AC_DEFINE(__USE_MINGW_ANSI_STDIO, 1, [defined to use gcc ansi snprintf and sscanf that understands %lld when compiled for windows.]) fi if test $ac_cv_func_getaddrinfo = no; then AC_LIBOBJ([fake-rfc2553]) @@ -1878,11 +1880,17 @@ case "$enable_ipset" in withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" fi for dir in $withval ; do - if test -f "$dir/include/libmnl/libmnl.h"; then + if test -f "$dir/include/libmnl/libmnl.h" -o -f "$dir/include/libmnl/libmnl/libmnl.h"; then found_libmnl="yes" dnl assume /usr is in default path. + extralibmnl="" + if test -f "$dir/include/libmnl/libmnl/libmnl.h"; then + extralibmnl="/libmnl" + fi + if test "$dir" != "/usr" -o -n "$extralibmnl"; then + CPPFLAGS="$CPPFLAGS -I$dir/include$extralibmnl" + fi if test "$dir" != "/usr"; then - CPPFLAGS="$CPPFLAGS -I$dir/include" LDFLAGS="$LDFLAGS -L$dir/lib" fi AC_MSG_RESULT(found in $dir) @@ -2060,7 +2068,7 @@ dnl includes #include <ws2tcpip.h> #endif -#ifndef USE_WINSOCK +#if !defined(USE_WINSOCK) || !defined(HAVE_SNPRINTF) || defined(SNPRINTF_RET_BROKEN) || defined(__USE_MINGW_ANSI_STDIO) #define ARG_LL "%ll" #else #define ARG_LL "%I64" diff --git a/contrib/unbound/daemon/acl_list.c b/contrib/unbound/daemon/acl_list.c index 84324575e718..aecb3e0c6437 100644 --- a/contrib/unbound/daemon/acl_list.c +++ b/contrib/unbound/daemon/acl_list.c @@ -487,3 +487,38 @@ acl_list_get_mem(struct acl_list* acl) if(!acl) return 0; return sizeof(*acl) + regional_get_mem(acl->region); } + +const char* acl_access_to_str(enum acl_access acl) +{ + switch(acl) { + case acl_deny: return "deny"; + case acl_refuse: return "refuse"; + case acl_deny_non_local: return "deny_non_local"; + case acl_refuse_non_local: return "refuse_non_local"; + case acl_allow: return "allow"; + case acl_allow_snoop: return "allow_snoop"; + case acl_allow_setrd: return "allow_setrd"; + default: break; + } + return "unknown"; +} + +void +log_acl_action(const char* action, struct sockaddr_storage* addr, + socklen_t addrlen, enum acl_access acl, struct acl_addr* acladdr) +{ + char a[128], n[128]; + uint16_t port; + addr_to_str(addr, addrlen, a, sizeof(a)); + port = ntohs(((struct sockaddr_in*)addr)->sin_port); + if(acladdr) { + addr_to_str(&acladdr->node.addr, acladdr->node.addrlen, + n, sizeof(n)); + verbose(VERB_ALGO, "%s query from %s port %d because of " + "%s/%d %s", action, a, (int)port, n, acladdr->node.net, + acl_access_to_str(acl)); + } else { + verbose(VERB_ALGO, "%s query from %s port %d", action, a, + (int)port); + } +} diff --git a/contrib/unbound/daemon/acl_list.h b/contrib/unbound/daemon/acl_list.h index 3a3b94bc5879..c09e832a1def 100644 --- a/contrib/unbound/daemon/acl_list.h +++ b/contrib/unbound/daemon/acl_list.h @@ -154,4 +154,15 @@ acl_addr_lookup(struct acl_list* acl, struct sockaddr_storage* addr, */ size_t acl_list_get_mem(struct acl_list* acl); +/* + * Get string for acl access specification + * @param acl: access type value + * @return string + */ +const char* acl_access_to_str(enum acl_access acl); + +/* log acl and addr for action */ +void log_acl_action(const char* action, struct sockaddr_storage* addr, + socklen_t addrlen, enum acl_access acl, struct acl_addr* acladdr); + #endif /* DAEMON_ACL_LIST_H */ diff --git a/contrib/unbound/daemon/cachedump.c b/contrib/unbound/daemon/cachedump.c index b1ce53b596b6..b929f909bab2 100644 --- a/contrib/unbound/daemon/cachedump.c +++ b/contrib/unbound/daemon/cachedump.c @@ -47,10 +47,12 @@ #include "services/cache/rrset.h" #include "services/cache/dns.h" #include "services/cache/infra.h" +#include "services/outside_network.h" #include "util/data/msgreply.h" #include "util/regional.h" #include "util/net_help.h" #include "util/data/dname.h" +#include "util/config_file.h" #include "iterator/iterator.h" #include "iterator/iter_delegpt.h" #include "iterator/iter_utils.h" @@ -854,7 +856,9 @@ int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm, "cache; goes to configured roots\n"); } /* go up? */ - if(iter_dp_is_useless(&qinfo, BIT_RD, dp)) { + if(iter_dp_is_useless(&qinfo, BIT_RD, dp, + (worker->env.cfg->do_ip4 && worker->back->num_ip4 != 0), + (worker->env.cfg->do_ip6 && worker->back->num_ip6 != 0))) { print_dp_main(ssl, dp, msg); print_dp_details(ssl, worker, dp); if(!ssl_printf(ssl, "cache delegation was " diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c index 862affb24e9a..bf8c5d6b6763 100644 --- a/contrib/unbound/daemon/worker.c +++ b/contrib/unbound/daemon/worker.c @@ -98,7 +98,7 @@ /** ratelimit for error responses */ #define ERROR_RATELIMIT 100 /* qps */ -/** +/** * seconds to add to prefetch leeway. This is a TTL that expires old rrsets * earlier than they should in order to put the new update into the cache. * This additional value is to make sure that if not all TTLs are equal in @@ -484,6 +484,12 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, msg->rep, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, worker->env.now_tv)) return 0; + /* TODO store the reason for the bogus reply in cache + * and implement in here instead of the hardcoded EDE */ + if (worker->env.cfg->ede) { + EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out, + worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, ""); + } error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); if(worker->stats.extended) { @@ -553,7 +559,7 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo, return 1; if(!respip_rewrite_reply(qinfo, cinfo, rep, encode_repp, &actinfo, - alias_rrset, 0, worker->scratchpad, az)) + alias_rrset, 0, worker->scratchpad, az, NULL)) return 0; /* xxx_deny actions mean dropping the reply, unless the original reply @@ -654,6 +660,12 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, worker->env.now_tv)) goto bail_out; + /* TODO store the reason for the bogus reply in cache + * and implement in here instead of the hardcoded EDE */ + if (worker->env.cfg->ede) { + EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out, + worker->scratchpad, LDNS_EDE_DNSSEC_BOGUS, ""); + } error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, qinfo, id, flags, edns); rrset_array_unlock_touch(worker->env.rrset_cache, @@ -716,15 +728,25 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, if(!*partial_repp) goto bail_out; } - } else if(!reply_info_answer_encode(qinfo, encode_rep, id, flags, - repinfo->c->buffer, timenow, 1, worker->scratchpad, - udpsize, edns, (int)(edns->bits & EDNS_DO), *is_secure_answer)) { - if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, - LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, - worker->env.now_tv)) - edns->opt_list_inplace_cb_out = NULL; - error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, - qinfo, id, flags, edns); + } else { + /* We don't check the global ede as this is a warning, not + * an error */ + if (*is_expired_answer == 1 && + worker->env.cfg->ede_serve_expired && worker->env.cfg->ede) { + EDNS_OPT_LIST_APPEND_EDE(&edns->opt_list_out, + worker->scratchpad, LDNS_EDE_STALE_ANSWER, ""); + } + if(!reply_info_answer_encode(qinfo, encode_rep, id, flags, + repinfo->c->buffer, timenow, 1, worker->scratchpad, + udpsize, edns, (int)(edns->bits & EDNS_DO), + *is_secure_answer)) { + if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, + NULL, NULL, LDNS_RCODE_SERVFAIL, edns, repinfo, + worker->scratchpad, worker->env.now_tv)) + edns->opt_list_inplace_cb_out = NULL; + error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, + qinfo, id, flags, edns); + } } /* cannot send the reply right now, because blocking network syscall * is bad while holding locks. */ @@ -741,10 +763,12 @@ bail_out: /** Reply to client and perform prefetch to keep cache up to date. */ static void -reply_and_prefetch(struct worker* worker, struct query_info* qinfo, - uint16_t flags, struct comm_reply* repinfo, time_t leeway, int noreply) +reply_and_prefetch(struct worker* worker, struct query_info* qinfo, + uint16_t flags, struct comm_reply* repinfo, time_t leeway, int noreply, + int rpz_passthru, struct edns_option* opt_list) { - /* first send answer to client to keep its latency + (void)opt_list; + /* first send answer to client to keep its latency * as small as a cachereply */ if(!noreply) { if(repinfo->c->tcp_req_info) { @@ -755,13 +779,23 @@ reply_and_prefetch(struct worker* worker, struct query_info* qinfo, comm_point_send_reply(repinfo); } server_stats_prefetch(&worker->stats, worker); - +#ifdef CLIENT_SUBNET + /* Check if the subnet module is enabled. In that case pass over the + * comm_reply information for ECS generation later. The mesh states are + * unique when subnet is enabled. */ + if(modstack_find(&worker->env.mesh->mods, "subnetcache") != -1 + && worker->env.unique_mesh) { + mesh_new_prefetch(worker->env.mesh, qinfo, flags, leeway + + PREFETCH_EXPIRY_ADD, rpz_passthru, repinfo, opt_list); + return; + } +#endif /* create the prefetch in the mesh as a normal lookup without * client addrs waiting, which has the cache blacklisted (to bypass * the cache and go to the network for the data). */ /* this (potentially) runs the mesh for the new query */ - mesh_new_prefetch(worker->env.mesh, qinfo, flags, leeway + - PREFETCH_EXPIRY_ADD); + mesh_new_prefetch(worker->env.mesh, qinfo, flags, leeway + + PREFETCH_EXPIRY_ADD, rpz_passthru, NULL, NULL); } /** @@ -1012,32 +1046,178 @@ answer_notify(struct worker* w, struct query_info* qinfo, static int deny_refuse(struct comm_point* c, enum acl_access acl, enum acl_access deny, enum acl_access refuse, - struct worker* worker, struct comm_reply* repinfo) + struct worker* worker, struct comm_reply* repinfo, + struct acl_addr* acladdr, int ede) { if(acl == deny) { + if(verbosity >= VERB_ALGO) { + log_acl_action("dropped", &repinfo->addr, + repinfo->addrlen, acl, acladdr); + log_buf(VERB_ALGO, "dropped", c->buffer); + } comm_point_drop_reply(repinfo); if(worker->stats.extended) worker->stats.unwanted_queries++; return 0; } else if(acl == refuse) { - log_addr(VERB_ALGO, "refused query from", - &repinfo->addr, repinfo->addrlen); - log_buf(VERB_ALGO, "refuse", c->buffer); + size_t opt_rr_mark; + + if(verbosity >= VERB_ALGO) { + log_acl_action("refused", &repinfo->addr, + repinfo->addrlen, acl, acladdr); + log_buf(VERB_ALGO, "refuse", c->buffer); + } + if(worker->stats.extended) worker->stats.unwanted_queries++; if(worker_check_request(c->buffer, worker) == -1) { comm_point_drop_reply(repinfo); return 0; /* discard this */ } - sldns_buffer_set_limit(c->buffer, LDNS_HEADER_SIZE); - sldns_buffer_write_at(c->buffer, 4, - (uint8_t*)"\0\0\0\0\0\0\0\0", 8); + /* worker_check_request() above guarantees that the buffer contains at + * least a header and that qdcount == 1 + */ *** 7450 LINES SKIPPED ***