From nobody Sun Mar 24 02:22:23 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V2Kb368tjz5DhFC; Sun, 24 Mar 2024 02:22:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V2Kb35xjpz4np0; Sun, 24 Mar 2024 02:22:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711246943; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=W+QZexvHmj69GBfw5sWYhqzqMxtyQtpe7qluT4VUgz4=; b=tP9Eh3APMS5iTuvSyfR1eFuCZwb9cUVSR9hXLuV15/VMnMl27Uypfahg5nHYJ5LL0diuKk hJXrUIdnyl1Ag358Eig5CaRfQlq3Os6OtDIwVf9Nks5OWbw6ow/Qrt5fsIG82SY/B2Lsn0 fnLksUh4lW9Dk5ZP+GHnH7vYoIIl6nWOZWF0Z2XkDGlJBGugeXtlUSfj++XJ7S2BlMPAPg AoCWFWUexmM7nWi0RGE7Dj6vcGKq88HzuOpJSC5nc5TRTarWowhZ19MbR2R6LpcxD84aMM mVMNr/scS8d+89rA/rZQ3zNjUkr8/sjWyvikaWS+ydaCT1bkDBllZoLllX6CZA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1711246943; a=rsa-sha256; cv=none; b=CeLtsAeIS9/Nv3osmN0a7DplNAx+ZeJWoQfg+K88i9x0ip1JfSfUecunBCgg0ddYqVPQgQ P4HhHj33bbaM0sjAbN/wxIwicGkyMOLgA1ZQ351l3OTnS7Rv2FqcMH6sfxgPAmu/qKjfyv sfQQMYIigCXl4QD9j4K/IbDTjzSEeXAKuBBuxjmxSWLnOCXAVjg6md/Jj4Wlndyqspvpm7 kJfz8LmnmkFSjL7ljetFvoONy55Br/TM0ZjM1b/VkAuvarBlV3tejJ8fiJjqj0k15h3aS7 ZLRid05PkGWj7po3KPOrocMfMjDOcJCEEoma0QpSpoaGN6qX58wV62LuVidwyg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711246943; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=W+QZexvHmj69GBfw5sWYhqzqMxtyQtpe7qluT4VUgz4=; b=LXNkH4zv0Ek6XQbn1UAtEArbJTnDFB97hL8uRq25JusEL095Mk+sXh2ogvIaJzMz+d0neK s18ZqE7jabzGMFDycH8Dbzndi3Vqpoz0Na9jPtLUSH+H7fDY98qCpGvzFuY4r7Wpp2tHgt U0zPY61jdoEIGf6OT4Gug7/14cvL/5slmN5O3yomgsTjj7M8jn9yN4yQwh2LXKeyOrOXzp TXDCTr0lmfNYGDKivjlR156KTDQ+D5lsqY4xCkKapLD+2knSKQa2Lk6lmFAQErxqs5Z7sX W3rpGBuxK0oKb7k90M4R+tYfU38K06iICzeq0MA5RRApXJcwRENsULDu453K0g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4V2Kb35Xsqz1CvM; Sun, 24 Mar 2024 02:22:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 42O2MNk9069122; Sun, 24 Mar 2024 02:22:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 42O2MN4v069119; Sun, 24 Mar 2024 02:22:23 GMT (envelope-from git) Date: Sun, 24 Mar 2024 02:22:23 GMT Message-Id: <202403240222.42O2MN4v069119@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: 66f60770fd7d - stable/14 - unbound: Vendor import 1.19.3 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 66f60770fd7d39518fef679533c3034e1e4f6baa Auto-Submitted: auto-generated The branch stable/14 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=66f60770fd7d39518fef679533c3034e1e4f6baa commit 66f60770fd7d39518fef679533c3034e1e4f6baa Author: Cy Schubert AuthorDate: 2024-03-17 00:13:09 +0000 Commit: Cy Schubert CommitDate: 2024-03-24 02:22:03 +0000 unbound: Vendor import 1.19.3 Release notes at https://www.nlnetlabs.nl/news/2024/Mar/14/unbound-1.19.3-released/ Merge commit '5a33598e88ad8fbc0affa74dee0a2d8cc4010fbc' into main (cherry picked from commit b7c0c8c18e0f12bc22e251fbcabad719b364a38a) --- contrib/unbound/acx_nlnetlabs.m4 | 121 +- contrib/unbound/configure | 350 +- contrib/unbound/configure.ac | 28 +- contrib/unbound/daemon/remote.c | 10 +- contrib/unbound/daemon/worker.c | 28 +- contrib/unbound/dnstap/dnstap.c | 32 +- contrib/unbound/dnstap/dnstap.h | 4 + contrib/unbound/dnstap/dnstap.m4 | 107 +- contrib/unbound/dnstap/dnstap.proto | 82 +- contrib/unbound/doc/Changelog | 140 +- contrib/unbound/doc/README | 11 +- contrib/unbound/doc/example.conf.in | 25 +- contrib/unbound/doc/libunbound.3.in | 4 +- contrib/unbound/doc/unbound-anchor.8.in | 2 +- contrib/unbound/doc/unbound-checkconf.8.in | 2 +- contrib/unbound/doc/unbound-control.8.in | 2 +- contrib/unbound/doc/unbound-host.1.in | 2 +- contrib/unbound/doc/unbound.8.in | 4 +- contrib/unbound/doc/unbound.conf.5.in | 24 +- contrib/unbound/iterator/iter_fwd.c | 1 - contrib/unbound/iterator/iter_hints.c | 5 +- contrib/unbound/iterator/iter_scrub.c | 3 +- contrib/unbound/iterator/iterator.c | 8 +- contrib/unbound/services/authzone.c | 2 +- contrib/unbound/services/cache/dns.c | 12 +- contrib/unbound/services/localzone.c | 6 +- contrib/unbound/services/mesh.c | 10 +- contrib/unbound/services/outside_network.c | 46 +- .../cachedb_no_store.tdir/cachedb_no_store.post | 2 +- .../cachedb_no_store.tdir/cachedb_no_store.test | 14 +- .../unbound/testdata/iter_cname_minimise_nx.rpl | 1 - contrib/unbound/testdata/iter_dname_ttl.rpl | 310 + .../testdata/root_zonemd.tdir/root_zonemd.test | 32 +- contrib/unbound/testdata/rrset_use_cached.rpl | 151 + .../unbound/testdata/serve_expired_0ttl_nodata.rpl | 2 +- .../testdata/serve_expired_0ttl_nxdomain.rpl | 2 +- .../testdata/serve_expired_0ttl_servfail.rpl | 2 +- .../testdata/serve_expired_cached_servfail.rpl | 2 +- .../serve_expired_cached_servfail_refresh.rpl | 2 +- .../unbound/testdata/subnet_scopezero_noedns.crpl | 441 ++ contrib/unbound/util/config_file.c | 3 + contrib/unbound/util/config_file.h | 2 + contrib/unbound/util/configlexer.c | 7627 +++++++++++++++++++ contrib/unbound/util/configlexer.lex | 1 + contrib/unbound/util/configparser.c | 7713 ++++++++++++++++++++ contrib/unbound/util/configparser.h | 781 ++ contrib/unbound/util/configparser.y | 13 +- contrib/unbound/util/data/msgencode.c | 3 + contrib/unbound/util/data/msgreply.c | 53 +- contrib/unbound/util/data/msgreply.h | 6 +- contrib/unbound/util/data/packed_rrset.c | 5 +- contrib/unbound/util/iana_ports.inc | 1 - contrib/unbound/util/netevent.c | 12 +- contrib/unbound/validator/autotrust.c | 8 +- contrib/unbound/validator/val_sigcrypt.c | 2 +- contrib/unbound/validator/val_utils.c | 55 +- contrib/unbound/validator/validator.c | 2 + lib/libunbound/config.h | 6 +- 58 files changed, 18038 insertions(+), 287 deletions(-) diff --git a/contrib/unbound/acx_nlnetlabs.m4 b/contrib/unbound/acx_nlnetlabs.m4 index f27615bd8bce..6a01dc5a4769 100644 --- a/contrib/unbound/acx_nlnetlabs.m4 +++ b/contrib/unbound/acx_nlnetlabs.m4 @@ -2,7 +2,10 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 46 +# Version 48 +# 2024-01-16 fix to add -l:libssp.a to -lcrypto link check. +# and check for getaddrinfo with only header. +# 2024-01-15 fix to add crypt32 to -lcrypto link check when checking for gdi32. # 2023-05-04 fix to remove unused whitespace. # 2023-01-26 fix -Wstrict-prototypes. # 2022-09-01 fix checking if nonblocking sockets work on OpenBSD. @@ -707,7 +710,7 @@ AC_DEFUN([ACX_SSL_CHECKS], [ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir_lib" ACX_RUNTIME_PATH_ADD([$ssldir_lib]) fi - + AC_MSG_CHECKING([for EVP_sha256 in -lcrypto]) LIBS="$LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" @@ -732,40 +735,73 @@ AC_DEFUN([ACX_SSL_CHECKS], [ ]])],[ AC_DEFINE([HAVE_EVP_SHA256], 1, [If you have EVP_sha256]) - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) LIBS="$BAKLIBS" LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - AC_MSG_CHECKING([if -lcrypto needs -ldl]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ - int EVP_sha256(void); - (void)EVP_sha256(); - ]])],[ - AC_DEFINE([HAVE_EVP_SHA256], 1, - [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl -pthread" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" - AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ - int EVP_sha256(void); - (void)EVP_sha256(); - ]])],[ - AC_DEFINE([HAVE_EVP_SHA256], 1, - [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) - AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) + + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32" + AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" + AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + + LIBS="$LIBS -ldl" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl" + AC_MSG_CHECKING([if -lcrypto needs -ldl]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + LIBS="$LIBS -ldl -pthread" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" + AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) + ]) + ]) ]) - ]) + ]) ]) ]) fi @@ -779,7 +815,7 @@ AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT]) dnl Check for SSL, where SSL is mandatory dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found -dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS. +dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS. dnl Checks main header files of SSL. dnl AC_DEFUN([ACX_WITH_SSL], @@ -872,7 +908,7 @@ dnl see if on windows if test "$ac_cv_header_windows_h" = "yes"; then AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used]) USE_WINSOCK="1" - if echo $LIBS | grep 'lws2_32' >/dev/null; then + if echo "$LIBS" | grep 'lws2_32' >/dev/null; then : else LIBS="$LIBS -lws2_32" @@ -880,6 +916,24 @@ if test "$ac_cv_header_windows_h" = "yes"; then fi ], dnl no quick getaddrinfo, try mingw32 and winsock2 library. +dnl perhaps getaddrinfo needs only the include +AC_LINK_IFELSE( +[AC_LANG_PROGRAM( +[ +#ifdef HAVE_WS2TCPIP_H +#include +#endif +], +[ + (void)getaddrinfo(NULL, NULL, NULL, NULL); +] +)], +[ +ac_cv_func_getaddrinfo="yes" +AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used]) +USE_WINSOCK="1" +], + ORIGLIBS="$LIBS" LIBS="$LIBS -lws2_32" AC_LINK_IFELSE( @@ -904,6 +958,7 @@ ac_cv_func_getaddrinfo="no" LIBS="$ORIGLIBS" ]) ) +) AC_MSG_RESULT($ac_cv_func_getaddrinfo) if test $ac_cv_func_getaddrinfo = yes; then diff --git a/contrib/unbound/configure b/contrib/unbound/configure index c87c669c8435..6aa1aeb80676 100755 --- a/contrib/unbound/configure +++ b/contrib/unbound/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.19.1. +# Generated by GNU Autoconf 2.69 for unbound 1.19.3. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.19.1' -PACKAGE_STRING='unbound 1.19.1' +PACKAGE_VERSION='1.19.3' +PACKAGE_STRING='unbound 1.19.3' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -655,6 +655,8 @@ DNSTAP_SOCKET_TESTBIN DNSTAP_SOCKET_PATH opt_dnstap_socket_path ENABLE_DNSTAP +PROTOBUFC_LIBS +PROTOBUFC_CFLAGS PROTOC_C UBSYMS EXTRALINK @@ -926,7 +928,9 @@ SYSTEMD_CFLAGS SYSTEMD_LIBS SYSTEMD_DAEMON_CFLAGS SYSTEMD_DAEMON_LIBS -PYTHON_VERSION' +PYTHON_VERSION +PROTOBUFC_CFLAGS +PROTOBUFC_LIBS' # Initialize some variables set by options. @@ -1477,7 +1481,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.19.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.19.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1543,7 +1547,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.19.1:";; + short | recursive ) echo "Configuration of unbound 1.19.3:";; esac cat <<\_ACEOF @@ -1718,6 +1722,10 @@ Some influential environment variables: The installed Python version to use, for example '2.3'. This string will be appended to the Python interpreter canonical name. + PROTOBUFC_CFLAGS + C compiler flags for PROTOBUFC, overriding pkg-config + PROTOBUFC_LIBS + linker flags for PROTOBUFC, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. @@ -1785,7 +1793,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.19.1 +unbound configure 1.19.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2494,7 +2502,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.19.1, which was +It was created by unbound $as_me 1.19.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2846,11 +2854,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=19 -UNBOUND_VERSION_MICRO=1 +UNBOUND_VERSION_MICRO=3 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=24 +LIBUNBOUND_REVISION=26 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2942,6 +2950,8 @@ LIBUNBOUND_AGE=1 # 1.18.0 had 9:22:1 # 1.19.0 had 9:23:1 # 1.19.1 had 9:24:1 +# 1.19.2 had 9:25:1 +# 1.19.3 had 9:26:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -14416,7 +14426,7 @@ CC=$lt_save_CC # pkg-config is only needed for these options, do not require it otherwise -if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then +if test "$enable_systemd" = "yes" -o "$enable_dnstap" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then @@ -18104,19 +18114,86 @@ else $as_echo "no" >&6; } LIBS="$BAKLIBS" LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl" >&5 + + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32" >&5 +$as_echo_n "checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + int EVP_sha256(void); + (void)EVP_sha256(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" >&5 +$as_echo_n "checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + int EVP_sha256(void); + (void)EVP_sha256(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + + LIBS="$LIBS -ldl" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl" >&5 $as_echo_n "checking if -lcrypto needs -ldl... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { - int EVP_sha256(void); - (void)EVP_sha256(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -18127,28 +18204,28 @@ if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - LIBS="$BAKLIBS" - LIBSSL_LIBS="$BAKSSLLIBS" - LIBS="$LIBS -ldl -pthread" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5 + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + LIBS="$LIBS -ldl -pthread" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5 $as_echo_n "checking if -lcrypto needs -ldl -pthread... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { - int EVP_sha256(void); - (void)EVP_sha256(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -18159,14 +18236,22 @@ if ac_fn_c_try_link "$LINENO"; then : $as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5 + as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext \ @@ -19847,7 +19932,7 @@ if test x_$enable_static_exe = x_yes; then if test "$on_mingw" = yes; then staticexe="-all-static" # for static compile, include gdi32 and zlib here. - if echo $LIBS | grep 'lgdi32' >/dev/null; then + if echo "$LIBS" | grep 'lgdi32' >/dev/null; then : else LIBS="$LIBS -lgdi32" @@ -19892,7 +19977,11 @@ if test "x$ac_cv_lib_z_compress" = xyes; then : LIBS="$LIBS -lz" fi - LIBS="$LIBS -l:libssp.a" + if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then + : + else + LIBS="$LIBS -l:libssp.a" + fi fi fi @@ -19951,7 +20040,11 @@ if test "x$ac_cv_lib_z_compress" = xyes; then : LIBS="$LIBS -lz" fi - LIBS="$LIBS -l:libssp.a" + if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then + : + else + LIBS="$LIBS -l:libssp.a" + fi fi fi @@ -19998,13 +20091,40 @@ if test "$ac_cv_header_windows_h" = "yes"; then $as_echo "#define USE_WINSOCK 1" >>confdefs.h USE_WINSOCK="1" - if echo $LIBS | grep 'lws2_32' >/dev/null; then + if echo "$LIBS" | grep 'lws2_32' >/dev/null; then : else LIBS="$LIBS -lws2_32" fi fi +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +int +main () +{ + + (void)getaddrinfo(NULL, NULL, NULL, NULL); + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +ac_cv_func_getaddrinfo="yes" + +$as_echo "#define USE_WINSOCK 1" >>confdefs.h + +USE_WINSOCK="1" + else ORIGLIBS="$LIBS" LIBS="$LIBS -lws2_32" @@ -20047,6 +20167,10 @@ fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getaddrinfo" >&5 $as_echo "$ac_cv_func_getaddrinfo" >&6; } if test $ac_cv_func_getaddrinfo = yes; then @@ -20166,7 +20290,11 @@ else WINDRES="$ac_cv_prog_WINDRES" fi - LIBS="$LIBS -liphlpapi -lcrypt32" + if echo "$LIBS" | grep crypt32 >/dev/null; then + LIBS="$LIBS -liphlpapi" + else + LIBS="$LIBS -liphlpapi -lcrypt32" + fi WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe" WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c" @@ -21199,7 +21327,7 @@ fi # check for dnstap if requested - # Check whether --enable-dnstap was given. + # Check whether --enable-dnstap was given. if test "${enable_dnstap+set}" = set; then : enableval=$enable_dnstap; opt_dnstap=$enableval else @@ -21216,8 +21344,8 @@ else fi - if test "x$opt_dnstap" != "xno"; then - # Extract the first word of "protoc-c", so it can be a program name with args. + if test "x$opt_dnstap" != "xno"; then + # Extract the first word of "protoc-c", so it can be a program name with args. set dummy protoc-c; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } @@ -21257,36 +21385,132 @@ $as_echo "no" >&6; } fi - if test -z "$PROTOC_C"; then - as_fn_error $? "The protoc-c program was not found. Please install protobuf-c!" "$LINENO" 5 - fi + if test -z "$PROTOC_C"; then + as_fn_error $? "The protoc-c program was not found. Please install protobuf-c!" "$LINENO" 5 + fi # Check whether --with-protobuf-c was given. if test "${with_protobuf_c+set}" = set; then : withval=$with_protobuf_c; - # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 - if test -f $withval/include/google/protobuf-c/protobuf-c.h; then - CFLAGS="$CFLAGS -I$withval/include/google" - else - CFLAGS="$CFLAGS -I$withval/include" - fi - LDFLAGS="$LDFLAGS -L$withval/lib" + # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 + if test -f $withval/include/google/protobuf-c/protobuf-c.h; then + CFLAGS="$CFLAGS -I$withval/include/google" + else + CFLAGS="$CFLAGS -I$withval/include" + fi + LDFLAGS="$LDFLAGS -L$withval/lib" else - # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 - if test -f /usr/include/google/protobuf-c/protobuf-c.h; then - CFLAGS="$CFLAGS -I/usr/include/google" - else - if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then - CFLAGS="$CFLAGS -I/usr/local/include/google" - LDFLAGS="$LDFLAGS -L/usr/local/lib" - fi - fi + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for PROTOBUFC" >&5 +$as_echo_n "checking for PROTOBUFC... " >&6; } + +if test -n "$PROTOBUFC_CFLAGS"; then + pkg_cv_PROTOBUFC_CFLAGS="$PROTOBUFC_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libprotobuf-c\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libprotobuf-c") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_PROTOBUFC_CFLAGS=`$PKG_CONFIG --cflags "libprotobuf-c" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$PROTOBUFC_LIBS"; then + pkg_cv_PROTOBUFC_LIBS="$PROTOBUFC_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libprotobuf-c\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libprotobuf-c") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_PROTOBUFC_LIBS=`$PKG_CONFIG --libs "libprotobuf-c" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no fi + if test $_pkg_short_errors_supported = yes; then + PROTOBUFC_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libprotobuf-c" 2>&1` + else + PROTOBUFC_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libprotobuf-c" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$PROTOBUFC_PKG_ERRORS" >&5 + + + # pkg-config failed; try falling back to known values + # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 + if test -f /usr/include/google/protobuf-c/protobuf-c.h; then + CFLAGS="$CFLAGS -I/usr/include/google" + else + if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then + CFLAGS="$CFLAGS -I/usr/local/include/google" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + else + as_fn_error $? "The protobuf-c package was not found with pkg-config. Please install protobuf-c!" "$LINENO" 5 + fi + fi + - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing protobuf_c_message_pack" >&5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + # pkg-config failed; try falling back to known values + # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 + if test -f /usr/include/google/protobuf-c/protobuf-c.h; then + CFLAGS="$CFLAGS -I/usr/include/google" + else + if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then + CFLAGS="$CFLAGS -I/usr/local/include/google" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + else + as_fn_error $? "The protobuf-c package was not found with pkg-config. Please install protobuf-c!" "$LINENO" 5 + fi + fi + + +else + PROTOBUFC_CFLAGS=$pkg_cv_PROTOBUFC_CFLAGS + PROTOBUFC_LIBS=$pkg_cv_PROTOBUFC_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + CFLAGS="$CFLAGS $PROTOBUFC_CFLAGS" + LIBS="$LIBS $PROTOBUFC_LIBS" + +fi + + + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing protobuf_c_message_pack" >&5 $as_echo_n "checking for library containing protobuf_c_message_pack... " >&6; } if ${ac_cv_search_protobuf_c_message_pack+:} false; then : $as_echo_n "(cached) " >&6 @@ -21368,13 +21592,13 @@ _ACEOF DNSTAP_OBJ="dnstap.lo dnstap.pb-c.lo dnstap_fstrm.lo dtstream.lo" - else + else ENABLE_DNSTAP=0 - fi + fi # check for dnscrypt if requested @@ -21895,7 +22119,7 @@ _ACEOF -version=1.19.1 +version=1.19.3 date=`date +'%b %e, %Y'` @@ -22414,7 +22638,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.19.1, which was +This file was extended by unbound $as_me 1.19.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22480,7 +22704,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.19.1 +unbound config.status 1.19.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac index 70fc7e7fdf49..e0dedbef9add 100644 --- a/contrib/unbound/configure.ac +++ b/contrib/unbound/configure.ac @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[19]) -m4_define([VERSION_MICRO],[1]) +m4_define([VERSION_MICRO],[3]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=24 +LIBUNBOUND_REVISION=26 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -110,6 +110,8 @@ LIBUNBOUND_AGE=1 # 1.18.0 had 9:22:1 # 1.19.0 had 9:23:1 # 1.19.1 had 9:24:1 +# 1.19.2 had 9:25:1 +# 1.19.3 had 9:26:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -407,7 +409,7 @@ AC_CHECK_TOOL(STRIP, strip) ACX_LIBTOOL_C_ONLY # pkg-config is only needed for these options, do not require it otherwise -if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then +if test "$enable_systemd" = "yes" -o "$enable_dnstap" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then PKG_PROG_PKG_CONFIG fi @@ -1526,13 +1528,17 @@ if test x_$enable_static_exe = x_yes; then if test "$on_mingw" = yes; then staticexe="-all-static" # for static compile, include gdi32 and zlib here. - if echo $LIBS | grep 'lgdi32' >/dev/null; then + if echo "$LIBS" | grep 'lgdi32' >/dev/null; then : else LIBS="$LIBS -lgdi32" fi AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ]) - LIBS="$LIBS -l:libssp.a" + if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then + : + else + LIBS="$LIBS -l:libssp.a" + fi fi fi @@ -1549,7 +1555,11 @@ if test x_$enable_fully_static = x_yes; then LIBS="$LIBS -lgdi32" fi AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ]) - LIBS="$LIBS -l:libssp.a" + if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then + : + else + LIBS="$LIBS -l:libssp.a" + fi fi fi @@ -1569,7 +1579,11 @@ if test "$USE_WINSOCK" = 1; then #include ]) AC_CHECK_TOOL(WINDRES, windres) - LIBS="$LIBS -liphlpapi -lcrypt32" + if echo "$LIBS" | grep crypt32 >/dev/null; then + LIBS="$LIBS -liphlpapi" + else + LIBS="$LIBS -liphlpapi -lcrypt32" + fi WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe" AC_SUBST(WINAPPS) WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c" diff --git a/contrib/unbound/daemon/remote.c b/contrib/unbound/daemon/remote.c index 3eb711ce6428..5d79eafd23be 100644 --- a/contrib/unbound/daemon/remote.c +++ b/contrib/unbound/daemon/remote.c @@ -553,7 +553,7 @@ ssl_print_text(RES* res, const char* text) static int ssl_print_vmsg(RES* ssl, const char* format, va_list args) { - char msg[1024]; + char msg[65535]; vsnprintf(msg, sizeof(msg), format, args); return ssl_print_text(ssl, msg); } @@ -3181,10 +3181,10 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, do_flush_bogus(ssl, worker); } else if(cmdcmp(p, "flush_negative", 14)) { do_flush_negative(ssl, worker); - } else if(cmdcmp(p, "rpz_enable", 10)) { - do_rpz_enable(ssl, worker, skipwhite(p+10)); - } else if(cmdcmp(p, "rpz_disable", 11)) { - do_rpz_disable(ssl, worker, skipwhite(p+11)); + } else if(cmdcmp(p, "rpz_enable", 10)) { + do_rpz_enable(ssl, worker, skipwhite(p+10)); + } else if(cmdcmp(p, "rpz_disable", 11)) { + do_rpz_disable(ssl, worker, skipwhite(p+11)); } else { (void)ssl_printf(ssl, "error unknown command '%s'\n", p); } diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c index 8ae05eb67e66..176abf57d56e 100644 --- a/contrib/unbound/daemon/worker.c +++ b/contrib/unbound/daemon/worker.c @@ -1151,7 +1151,7 @@ deny_refuse(struct comm_point* c, enum acl_access acl, log_assert(sldns_buffer_limit(c->buffer) >= LDNS_HEADER_SIZE && LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) == 1); - sldns_buffer_skip(c->buffer, LDNS_HEADER_SIZE); /* skip header */ + sldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE); /* skip header */ /* check additional section is present and that we respond with EDEs */ if(LDNS_ARCOUNT(sldns_buffer_begin(c->buffer)) != 1 @@ -1163,6 +1163,7 @@ deny_refuse(struct comm_point* c, enum acl_access acl, LDNS_QR_SET(sldns_buffer_begin(c->buffer)); LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_REFUSED); + sldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE); *** 18928 LINES SKIPPED ***