Commit 197f1a0f authored by Dag-Erling Smørgrav's avatar Dag-Erling Smørgrav
Browse files

Vendor import of Unbound 1.7.0.

parent b5c63b39
This diff is collapsed.
......@@ -568,14 +568,17 @@ cachedb_intcache_lookup(struct module_qstate* qstate)
msg = dns_cache_lookup(qstate->env, qstate->qinfo.qname,
qstate->qinfo.qname_len, qstate->qinfo.qtype,
qstate->qinfo.qclass, qstate->query_flags,
qstate->region, qstate->env->scratch);
qstate->region, qstate->env->scratch,
1 /* no partial messages with only a CNAME */
);
if(!msg && qstate->env->neg_cache) {
/* lookup in negative cache; may result in
* NOERROR/NODATA or NXDOMAIN answers that need validation */
msg = val_neg_getmsg(qstate->env->neg_cache, &qstate->qinfo,
qstate->region, qstate->env->rrset_cache,
qstate->env->scratch_buffer,
*qstate->env->now, 1/*add SOA*/, NULL);
*qstate->env->now, 1/*add SOA*/, NULL,
qstate->env->cfg);
}
if(!msg)
return 0;
......
......@@ -33,6 +33,9 @@
*/
#include "config.h"
#define LOCKRET(func) func
#ifdef ENABLE_LOCK_CHECKS
#undef ENABLE_LOCK_CHECKS
#endif
#include "util/locks.h"
void _ARC4_LOCK(void);
......@@ -46,6 +49,10 @@ void _ARC4_LOCK(void)
void _ARC4_UNLOCK(void)
{
}
void _ARC4_LOCK_DESTROY(void)
{
}
#else /* !THREADS_DISABLED */
static lock_quick_type arc4lock;
......@@ -64,4 +71,12 @@ void _ARC4_UNLOCK(void)
{
lock_quick_unlock(&arc4lock);
}
void _ARC4_LOCK_DESTROY(void)
{
if(arc4lockinit) {
arc4lockinit = 0;
lock_quick_destroy(&arc4lock);
}
}
#endif /* THREADS_DISABLED */
......@@ -425,6 +425,12 @@
/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */
#undef HAVE_SSL_CTX_SET_SECURITY_LEVEL
/* Define to 1 if you have the `SSL_get0_peername' function. */
#undef HAVE_SSL_GET0_PEERNAME
/* Define to 1 if you have the `SSL_set1_host' function. */
#undef HAVE_SSL_SET1_HOST
/* Define to 1 if you have the <stdarg.h> header file. */
#undef HAVE_STDARG_H
......@@ -646,6 +652,9 @@
/* define if (v)snprintf does not return length needed, (but length used) */
#undef SNPRINTF_RET_BROKEN
/* Define to 1 if libsodium supports sodium_set_misuse_handler */
#undef SODIUM_MISUSE_HANDLER
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
......@@ -1147,6 +1156,7 @@ uint32_t arc4random(void);
void arc4random_buf(void* buf, size_t n);
void _ARC4_LOCK(void);
void _ARC4_UNLOCK(void);
void _ARC4_LOCK_DESTROY(void);
#endif
#ifndef HAVE_ARC4RANDOM_UNIFORM
uint32_t arc4random_uniform(uint32_t upper_bound);
......
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unbound 1.6.8.
# Generated by GNU Autoconf 2.69 for unbound 1.7.0.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl>.
#
......@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
PACKAGE_VERSION='1.6.8'
PACKAGE_STRING='unbound 1.6.8'
PACKAGE_VERSION='1.7.0'
PACKAGE_STRING='unbound 1.7.0'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
PACKAGE_URL=''
 
......@@ -848,6 +848,7 @@ with_pthreads
with_solaris_threads
with_pyunbound
with_pythonmodule
enable_swig_version_check
with_nss
with_nettle
with_ssl
......@@ -1437,7 +1438,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures unbound 1.6.8 to adapt to many kinds of systems.
\`configure' configures unbound 1.7.0 to adapt to many kinds of systems.
 
Usage: $0 [OPTION]... [VAR=VALUE]...
 
......@@ -1502,7 +1503,7 @@ fi
 
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of unbound 1.6.8:";;
short | recursive ) echo "Configuration of unbound 1.7.0:";;
esac
cat <<\_ACEOF
 
......@@ -1532,6 +1533,9 @@ Optional Features:
enable nonregional allocs, slow but exposes regional
allocations to other memory purifiers, for debug
purposes
--disable-swig-version-check
Disable swig version check to build python modules
with older swig even though that is unreliable
--disable-sha1 Disable SHA1 RRSIG support, does not disable nsec3
support
--disable-sha2 Disable SHA256 and SHA512 RRSIG support
......@@ -1714,7 +1718,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
unbound configure 1.6.8
unbound configure 1.7.0
generated by GNU Autoconf 2.69
 
Copyright (C) 2012 Free Software Foundation, Inc.
......@@ -2423,7 +2427,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
 
It was created by unbound $as_me 1.6.8, which was
It was created by unbound $as_me 1.7.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
 
$ $0 $@
......@@ -2773,13 +2777,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
UNBOUND_VERSION_MAJOR=1
 
UNBOUND_VERSION_MINOR=6
UNBOUND_VERSION_MINOR=7
 
UNBOUND_VERSION_MICRO=8
UNBOUND_VERSION_MICRO=0
 
 
LIBUNBOUND_CURRENT=7
LIBUNBOUND_REVISION=7
LIBUNBOUND_REVISION=8
LIBUNBOUND_AGE=5
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
......@@ -2838,6 +2842,7 @@ LIBUNBOUND_AGE=5
# 1.6.6 had 7:5:5
# 1.6.7 had 7:6:5
# 1.6.8 had 7:7:5
# 1.7.0 had 7:8:5
 
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
......@@ -4429,6 +4434,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
# allow user to override the -g -O2 flags.
default_cflags=no
if test "x$CFLAGS" = "x" ; then
 
 
......@@ -4492,6 +4498,7 @@ $as_echo "no" >&6; }
 
fi
 
default_cflags=yes
fi
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
......@@ -5945,6 +5952,10 @@ $as_echo "#define UNBOUND_DEBUG /**/" >>confdefs.h
# nothing to do.
;;
esac
if test "$default_cflags" = "yes"; then
# only when CFLAGS was "" at the start, if the users wants to
# override we shouldn't add default cflags, because they wouldn't
# be able to turn off these options and set the CFLAGS wanted.
 
# Check whether --enable-flto was given.
if test "${enable_flto+set}" = set; then :
......@@ -6079,6 +6090,7 @@ rm -f core conftest.err conftest.$ac_objext \
 
fi
 
fi
 
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
$as_echo_n "checking for inline... " >&6; }
......@@ -16915,6 +16927,12 @@ $as_echo "#define HAVE_PYTHON 1" >>confdefs.h
 
# Check for SWIG
ub_have_swig=no
# Check whether --enable-swig-version-check was given.
if test "${enable_swig_version_check+set}" = set; then :
enableval=$enable_swig_version_check;
fi
if test "$enable_swig_version_check" = "yes"; then
 
# Extract the first word of "swig", so it can be a program name with args.
set dummy swig; ac_word=$2
......@@ -17031,6 +17049,124 @@ $as_echo "$as_me: WARNING: cannot determine SWIG version" >&2;}
fi
 
 
else
# Extract the first word of "swig", so it can be a program name with args.
set dummy swig; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
if ${ac_cv_path_SWIG+:} false; then :
$as_echo_n "(cached) " >&6
else
case $SWIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
;;
*)
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_SWIG="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
IFS=$as_save_IFS
;;
esac
fi
SWIG=$ac_cv_path_SWIG
if test -n "$SWIG"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
$as_echo "$SWIG" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
if test -z "$SWIG" ; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&5
$as_echo "$as_me: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&2;}
SWIG='echo "Error: SWIG is not installed. You should look at http://www.swig.org" ; false'
elif test -n "" ; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SWIG version" >&5
$as_echo_n "checking for SWIG version... " >&6; }
swig_version=`$SWIG -version 2>&1 | grep 'SWIG Version' | sed 's/.*\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/g'`
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $swig_version" >&5
$as_echo "$swig_version" >&6; }
if test -n "$swig_version" ; then
# Calculate the required version number components
required=
required_major=`echo $required | sed 's/[^0-9].*//'`
if test -z "$required_major" ; then
required_major=0
fi
required=`echo $required | sed 's/[0-9]*[^0-9]//'`
required_minor=`echo $required | sed 's/[^0-9].*//'`
if test -z "$required_minor" ; then
required_minor=0
fi
required=`echo $required | sed 's/[0-9]*[^0-9]//'`
required_patch=`echo $required | sed 's/[^0-9].*//'`
if test -z "$required_patch" ; then
required_patch=0
fi
# Calculate the available version number components
available=$swig_version
available_major=`echo $available | sed 's/[^0-9].*//'`
if test -z "$available_major" ; then
available_major=0
fi
available=`echo $available | sed 's/[0-9]*[^0-9]//'`
available_minor=`echo $available | sed 's/[^0-9].*//'`
if test -z "$available_minor" ; then
available_minor=0
fi
available=`echo $available | sed 's/[0-9]*[^0-9]//'`
available_patch=`echo $available | sed 's/[^0-9].*//'`
if test -z "$available_patch" ; then
available_patch=0
fi
badversion=0
if test $available_major -lt $required_major ; then
badversion=1
fi
if test $available_major -eq $required_major \
-a $available_minor -lt $required_minor ; then
badversion=1
fi
if test $available_major -eq $required_major \
-a $available_minor -eq $required_minor \
-a $available_patch -lt $required_patch ; then
badversion=1
fi
if test $badversion -eq 1 ; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SWIG version >= is required. You have $swig_version. You should look at http://www.swig.org" >&5
$as_echo "$as_me: WARNING: SWIG version >= is required. You have $swig_version. You should look at http://www.swig.org" >&2;}
SWIG='echo "Error: SWIG version >= is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false'
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: SWIG executable is '$SWIG'" >&5
$as_echo "$as_me: SWIG executable is '$SWIG'" >&6;}
SWIG_LIB=`$SWIG -swiglib`
{ $as_echo "$as_me:${as_lineno-$LINENO}: SWIG library directory is '$SWIG_LIB'" >&5
$as_echo "$as_me: SWIG library directory is '$SWIG_LIB'" >&6;}
fi
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot determine SWIG version" >&5
$as_echo "$as_me: WARNING: cannot determine SWIG version" >&2;}
SWIG='echo "Error: Cannot determine SWIG version. You should look at http://www.swig.org" ; false'
fi
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking SWIG" >&5
$as_echo_n "checking SWIG... " >&6; }
if test ! -x "$SWIG"; then
......@@ -17651,7 +17787,7 @@ done
# these check_funcs need -lssl
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level
for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
......@@ -18070,12 +18206,40 @@ case "$enable_dsa" in
ac_fn_c_check_func "$LINENO" "DSA_SIG_new" "ac_cv_func_DSA_SIG_new"
if test "x$ac_cv_func_DSA_SIG_new" = xyes; then :
 
as_ac_Type=`$as_echo "ac_cv_type_DSA_SIG*" | $as_tr_sh`
ac_fn_c_check_type "$LINENO" "DSA_SIG*" "$as_ac_Type" "
$ac_includes_default
#ifdef HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
#endif
#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
#endif
#ifdef HAVE_OPENSSL_CONF_H
#include <openssl/conf.h>
#endif
#ifdef HAVE_OPENSSL_ENGINE_H
#include <openssl/engine.h>
#endif
"
if eval test \"x\$"$as_ac_Type"\" = x"yes"; then :
 
cat >>confdefs.h <<_ACEOF
#define USE_DSA 1
_ACEOF
 
 
else
if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5
fi
fi
else
if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5
fi
......@@ -20486,6 +20650,66 @@ else
ENABLE_DNSCRYPT_XCHACHA20=0
 
 
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sodium_set_misuse_handler" >&5
$as_echo_n "checking for library containing sodium_set_misuse_handler... " >&6; }
if ${ac_cv_search_sodium_set_misuse_handler+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char sodium_set_misuse_handler ();
int
main ()
{
return sodium_set_misuse_handler ();
;
return 0;
}
_ACEOF
for ac_lib in '' sodium; do
if test -z "$ac_lib"; then
ac_res="none required"
else
ac_res=-l$ac_lib
LIBS="-l$ac_lib $ac_func_search_save_LIBS"
fi
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_search_sodium_set_misuse_handler=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
if ${ac_cv_search_sodium_set_misuse_handler+:} false; then :
break
fi
done
if ${ac_cv_search_sodium_set_misuse_handler+:} false; then :
else
ac_cv_search_sodium_set_misuse_handler=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_set_misuse_handler" >&5
$as_echo "$ac_cv_search_sodium_set_misuse_handler" >&6; }
ac_res=$ac_cv_search_sodium_set_misuse_handler
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
$as_echo "#define SODIUM_MISUSE_HANDLER 1" >>confdefs.h
fi
 
 
......@@ -20601,6 +20825,15 @@ if test "${with_libunbound_only+set}" = set; then :
 
fi
 
if test $ALLTARGET = "alltargets"; then
if test $USE_NSS = "yes"; then
as_fn_error $? "--with-nss can only be used in combination with --with-libunbound-only." "$LINENO" 5
fi
if test $USE_NETTLE = "yes"; then
as_fn_error $? "--with-nettle can only be used in combination with --with-libunbound-only." "$LINENO" 5
fi
fi
 
 
 
......@@ -20695,7 +20928,7 @@ _ACEOF
 
 
 
version=1.6.8
version=1.7.0
 
date=`date +'%b %e, %Y'`
 
......@@ -21214,7 +21447,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by unbound $as_me 1.6.8, which was
This file was extended by unbound $as_me 1.7.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
 
CONFIG_FILES = $CONFIG_FILES
......@@ -21280,7 +21513,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
unbound config.status 1.6.8
unbound config.status 1.7.0
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
 
......
......@@ -10,15 +10,15 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[6])
m4_define([VERSION_MICRO],[8])
m4_define([VERSION_MINOR],[7])
m4_define([VERSION_MICRO],[0])
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=7
LIBUNBOUND_REVISION=7
LIBUNBOUND_REVISION=8
LIBUNBOUND_AGE=5
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
......@@ -77,6 +77,7 @@ LIBUNBOUND_AGE=5
# 1.6.6 had 7:5:5
# 1.6.7 had 7:6:5
# 1.6.8 had 7:7:5
# 1.7.0 had 7:8:5
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
......@@ -246,9 +247,11 @@ AC_DEFINE_UNQUOTED(RSRC_PACKAGE_VERSION, [$wnvs], [version number for resource f
AC_C_CONST
AC_LANG_C
# allow user to override the -g -O2 flags.
default_cflags=no
if test "x$CFLAGS" = "x" ; then
ACX_CHECK_COMPILER_FLAG(g, [CFLAGS="$CFLAGS -g"])
ACX_CHECK_COMPILER_FLAG(O2, [CFLAGS="$CFLAGS -O2"])
default_cflags=yes
fi
AC_PROG_CC
ACX_DEPFLAG
......@@ -272,9 +275,14 @@ case "$debug_enabled" in
# nothing to do.
;;
esac
ACX_CHECK_FLTO
ACX_CHECK_PIE
ACX_CHECK_RELRO_NOW
if test "$default_cflags" = "yes"; then
# only when CFLAGS was "" at the start, if the users wants to
# override we shouldn't add default cflags, because they wouldn't
# be able to turn off these options and set the CFLAGS wanted.
ACX_CHECK_FLTO
ACX_CHECK_PIE
ACX_CHECK_RELRO_NOW
fi
AC_C_INLINE
ACX_CHECK_FORMAT_ATTRIBUTE
......@@ -579,7 +587,12 @@ if test x_$ub_test_python != x_no; then
# Check for SWIG
ub_have_swig=no
AC_PROG_SWIG(2.0.1)
AC_ARG_ENABLE(swig-version-check, AC_HELP_STRING([--disable-swig-version-check], [Disable swig version check to build python modules with older swig even though that is unreliable]))
if test "$enable_swig_version_check" = "yes"; then
AC_PROG_SWIG(2.0.1)
else
AC_PROG_SWIG
fi
AC_MSG_CHECKING(SWIG)
if test ! -x "$SWIG"; then
AC_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound])
......@@ -711,7 +724,7 @@ AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_C
# these check_funcs need -lssl
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level])
AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername])
LIBS="$BAKLIBS"
AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
......@@ -927,7 +940,27 @@ case "$enable_dsa" in
# detect if DSA is supported, and turn it off if not.
if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
AC_CHECK_FUNC(DSA_SIG_new, [
AC_CHECK_TYPE(DSA_SIG*, [
AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.])
], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.])
fi ], [
AC_INCLUDES_DEFAULT
#ifdef HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
#endif
#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
#endif
#ifdef HAVE_OPENSSL_CONF_H
#include <openssl/conf.h>
#endif
#ifdef HAVE_OPENSSL_ENGINE_H
#include <openssl/engine.h>
#endif
])
], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.])
fi ])
else
......@@ -1471,6 +1504,15 @@ AC_ARG_WITH(libunbound-only, AC_HELP_STRING([--with-libunbound-only],
INSTALLTARGET="install-lib"
fi
])
if test $ALLTARGET = "alltargets"; then
if test $USE_NSS = "yes"; then
AC_ERROR([--with-nss can only be used in combination with --with-libunbound-only.])
fi
if test $USE_NETTLE = "yes"; then
AC_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.])
fi
fi
AC_SUBST(ALLTARGET)
AC_SUBST(INSTALLTARGET)
......@@ -1644,6 +1686,7 @@ uint32_t arc4random(void);
void arc4random_buf(void* buf, size_t n);
void _ARC4_LOCK(void);
void _ARC4_UNLOCK(void);
void _ARC4_LOCK_DESTROY(void);
#endif
#ifndef HAVE_ARC4RANDOM_UNIFORM
uint32_t arc4random_uniform(uint32_t upper_bound);
......
......@@ -34,3 +34,4 @@ distribution but may be helpful.
* redirect-bogus.patch: Return configured address for bogus A and AAAA answers,
instead of SERVFAIL. Contributed by SIDN.
* fastrpz.patch: fastrpz support from Farsight Security.
* libunbound.so.conf: ltrace.conf file, see ltrace.conf(5), for libunbound.
This diff is collapsed.
# See ltrace.conf(5) for description of syntax of this file.
typedef ub_type = enum(TYPE_A=1,TYPE_NS=2,TYPE_SOA=6,TYPE_MX=15,TYPE_TXT=16,TYPE_AAAA=28,TYPE_DS=43,TYPE_DNSKEY=48,TYPE_TLSA=52,TYPE_ANY=255);
typedef ub_class = enum(CLASS_IN=1,CLASS_CH=3,CLASS_NONE=254,CLASS_ANY=255);
typedef ub_rcode = enum(RCODE_NOERROR,RCODE_FORMERR,RCODE_SERVFAIL,RCODE_NXDOMAIN,RCODE_NOTIMPL,RCODE_REFUSED,RCODE_YXDOMAIN,RCODE_YXRRSET,RCODE_NXRRSET,RCODE_NOTAUTH,RCODE_NOTZONE);
typedef ub_havedata = enum(no_data, have_data);
typedef ub_nxdomain = enum(name_exists, nxdomain);
typedef ub_secure = enum(not_secure, secure);
typedef ub_bogus = enum(not_bogus, bogus);
typedef ub_result = struct(string, ub_type, ub_class, array(void*,zero)*, array(int,zero)*, string, ub_rcode, void*, int, ub_havedata, ub_nxdomain, ub_secure, ub_bogus, string, int);
typedef ub_ctx = void;
ub_ctx* ub_ctx_create(void);
void ub_ctx_delete(ub_ctx*);
int ub_ctx_set_option(ub_ctx*, string, string);
int ub_ctx_get_option(ub_ctx*, string, +string*);
int ub_ctx_config(ub_ctx*, string);
int ub_ctx_set_fwd(ub_ctx*, string);
int ub_ctx_set_stub(ub_ctx*, string, string, bool(int));
int ub_ctx_resolvconf(ub_ctx*, string);
int ub_ctx_hosts(ub_ctx*, string);