Commit de0161d6 authored by Dag-Erling Smørgrav's avatar Dag-Erling Smørgrav
Browse files

import unbound 1.5.5

parent af3dabbf
......@@ -168,7 +168,7 @@ HOST_OBJ=unbound-host.lo
HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) @WIN_HOST_OBJ_LINK@
UBANCHOR_SRC=smallapp/unbound-anchor.c
UBANCHOR_OBJ=unbound-anchor.lo
UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) \
UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) parseutil.lo \
$(COMPAT_OBJ_WITHOUT_CTIME) @WIN_UBANCHOR_OBJ_LINK@
TESTBOUND_SRC=testcode/testbound.c testcode/testpkts.c \
daemon/worker.c daemon/acl_list.c daemon/daemon.c daemon/stats.c \
......@@ -1175,7 +1175,7 @@ delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_h
unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \
$(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h
unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/sldns/rrdef.h \
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \
petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \
......
......@@ -2,7 +2,8 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 27
# Version 28
# 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added.
# 2015-03-17 AHX_CONFIG_REALLOCARRAY added
# 2013-09-19 FLTO help text improved.
# 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes
......@@ -94,6 +95,8 @@
# ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters.
# AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED.
# ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family
# ACX_CHECK_PIE - add --enable-pie option and check if works
# ACX_CHECK_RELRO_NOW - add --enable-relro-now option and check it
#
dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines.
......@@ -1386,4 +1389,46 @@ AC_DEFUN([ACX_CHECK_SS_FAMILY],
#endif
]) ])
dnl Check if CC and linker support -fPIE and -pie.
dnl If so, sets them in CFLAGS / LDFLAGS.
AC_DEFUN([ACX_CHECK_PIE], [
AC_ARG_ENABLE([pie], AS_HELP_STRING([--enable-pie], [Enable Position-Independent Executable (eg. to fully benefit from ASLR, small performance penalty)]))
AS_IF([test "x$enable_pie" = "xyes"], [
AC_MSG_CHECKING([if $CC supports PIE])
BAKLDFLAGS="$LDFLAGS"
BAKCFLAGS="$CFLAGS"
LDFLAGS="$LDFLAGS -pie"
CFLAGS="$CFLAGS -fPIE"
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
LDFLAGS="$BAKLDFLAGS"
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
rm -f conftest conftest.c conftest.o
], [LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)])
])
])
dnl Check if linker supports -Wl,-z,relro,-z,now.
dnl If so, adds it to LDFLAGS.
AC_DEFUN([ACX_CHECK_RELRO_NOW], [
AC_ARG_ENABLE([relro_now], AS_HELP_STRING([--enable-relro-now], [Enable full relocation binding at load-time (RELRO NOW, to protect GOT and .dtor areas)]))
AS_IF([test "x$enable_relro_now" = "xyes"], [
AC_MSG_CHECKING([if $CC supports -Wl,-z,relro,-z,now])
BAKLDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now"
AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
LDFLAGS="$BAKLDFLAGS"
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
rm -f conftest conftest.c conftest.o
], [LDFLAGS="$BAKLDFLAGS" ; AC_MSG_RESULT(no)])
])
])
dnl End of file
......@@ -82,6 +82,10 @@
`SSL_COMP_get_compression_methods', and to 0 if you don't. */
#undef HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
/* Define to 1 if you have the declaration of `SSL_CTX_set_ecdh_auto', and to
0 if you don't. */
#undef HAVE_DECL_SSL_CTX_SET_ECDH_AUTO
/* Define to 1 if you have the declaration of `strlcat', and to 0 if you
don't. */
#undef HAVE_DECL_STRLCAT
......
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unbound 1.5.4.
# Generated by GNU Autoconf 2.69 for unbound 1.5.5.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl>.
#
......@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
PACKAGE_VERSION='1.5.4'
PACKAGE_STRING='unbound 1.5.4'
PACKAGE_VERSION='1.5.5'
PACKAGE_STRING='unbound 1.5.5'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
PACKAGE_URL=''
 
......@@ -804,6 +804,8 @@ with_username
enable_checking
enable_debug
enable_flto
enable_pie
enable_relro_now
enable_shared
enable_static
with_pic
......@@ -1389,7 +1391,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures unbound 1.5.4 to adapt to many kinds of systems.
\`configure' configures unbound 1.5.5 to adapt to many kinds of systems.
 
Usage: $0 [OPTION]... [VAR=VALUE]...
 
......@@ -1454,7 +1456,7 @@ fi
 
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of unbound 1.5.4:";;
short | recursive ) echo "Configuration of unbound 1.5.5:";;
esac
cat <<\_ACEOF
 
......@@ -1465,6 +1467,10 @@ Optional Features:
--enable-checking Enable warnings, asserts, makefile-dependencies
--enable-debug same as enable-checking
--disable-flto Disable link-time optimization (gcc specific option)
--enable-pie Enable Position-Independent Executable (eg. to fully
benefit from ASLR, small performance penalty)
--enable-relro-now Enable full relocation binding at load-time (RELRO
NOW, to protect GOT and .dtor areas)
--enable-shared[=PKGS] build shared libraries [default=yes]
--enable-static[=PKGS] build static libraries [default=yes]
--enable-fast-install[=PKGS]
......@@ -1629,7 +1635,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
unbound configure 1.5.4
unbound configure 1.5.5
generated by GNU Autoconf 2.69
 
Copyright (C) 2012 Free Software Foundation, Inc.
......@@ -2338,7 +2344,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
 
It was created by unbound $as_me 1.5.4, which was
It was created by unbound $as_me 1.5.5, which was
generated by GNU Autoconf 2.69. Invocation command line was
 
$ $0 $@
......@@ -2690,11 +2696,11 @@ UNBOUND_VERSION_MAJOR=1
 
UNBOUND_VERSION_MINOR=5
 
UNBOUND_VERSION_MICRO=4
UNBOUND_VERSION_MICRO=5
 
 
LIBUNBOUND_CURRENT=5
LIBUNBOUND_REVISION=7
LIBUNBOUND_REVISION=8
LIBUNBOUND_AGE=3
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
......@@ -2738,6 +2744,7 @@ LIBUNBOUND_AGE=3
# 1.5.2 had 5:5:3
# 1.5.3 had 5:6:3
# 1.5.4 had 5:7:3
# 1.5.5 had 5:8:3
 
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
......@@ -5879,6 +5886,96 @@ rm -f core conftest.err conftest.$ac_objext \
fi
 
 
# Check whether --enable-pie was given.
if test "${enable_pie+set}" = set; then :
enableval=$enable_pie;
fi
if test "x$enable_pie" = "xyes"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports PIE" >&5
$as_echo_n "checking if $CC supports PIE... " >&6; }
BAKLDFLAGS="$LDFLAGS"
BAKCFLAGS="$CFLAGS"
LDFLAGS="$LDFLAGS -pie"
CFLAGS="$CFLAGS -fPIE"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
LDFLAGS="$BAKLDFLAGS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
fi
rm -f conftest conftest.c conftest.o
else
LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi
# Check whether --enable-relro_now was given.
if test "${enable_relro_now+set}" = set; then :
enableval=$enable_relro_now;
fi
if test "x$enable_relro_now" = "xyes"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wl,-z,relro,-z,now" >&5
$as_echo_n "checking if $CC supports -Wl,-z,relro,-z,now... " >&6; }
BAKLDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then
LDFLAGS="$BAKLDFLAGS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
fi
rm -f conftest conftest.c conftest.o
else
LDFLAGS="$BAKLDFLAGS" ; { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
$as_echo_n "checking for inline... " >&6; }
if ${ac_cv_c_inline+:} false; then :
......@@ -16101,7 +16198,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
as_fn_error $? "Python version >= 2.4.0 is required" "$LINENO" 5
fi
 
PY_MAJOR_VERSION="`$PYTHON -c "import sys; print(sys.version_info.major)"`"
PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`"
 
# Have Python
 
......@@ -16684,7 +16781,7 @@ rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LibreSSL" >&5
$as_echo_n "checking for LibreSSL... " >&6; }
if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
 
......@@ -16845,6 +16942,36 @@ fi
cat >>confdefs.h <<_ACEOF
#define HAVE_DECL_SK_SSL_COMP_POP_FREE $ac_have_decl
_ACEOF
ac_fn_c_check_decl "$LINENO" "SSL_CTX_set_ecdh_auto" "ac_cv_have_decl_SSL_CTX_set_ecdh_auto" "
$ac_includes_default
#ifdef HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
#endif
#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
#endif
#ifdef HAVE_OPENSSL_CONF_H
#include <openssl/conf.h>
#endif
#ifdef HAVE_OPENSSL_ENGINE_H
#include <openssl/engine.h>
#endif
#include <openssl/ssl.h>
#include <openssl/evp.h>
"
if test "x$ac_cv_have_decl_SSL_CTX_set_ecdh_auto" = xyes; then :
ac_have_decl=1
else
ac_have_decl=0
fi
cat >>confdefs.h <<_ACEOF
#define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO $ac_have_decl
_ACEOF
 
fi
 
......@@ -18890,7 +19017,7 @@ _ACEOF
 
 
 
version=1.5.4
version=1.5.5
 
date=`date +'%b %e, %Y'`
 
......@@ -19405,7 +19532,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by unbound $as_me 1.5.4, which was
This file was extended by unbound $as_me 1.5.5, which was
generated by GNU Autoconf 2.69. Invocation command line was
 
CONFIG_FILES = $CONFIG_FILES
......@@ -19471,7 +19598,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
unbound config.status 1.5.4
unbound config.status 1.5.5
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
 
......
......@@ -10,14 +10,14 @@ sinclude(dnstap/dnstap.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[5])
m4_define([VERSION_MICRO],[4])
m4_define([VERSION_MICRO],[5])
AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=5
LIBUNBOUND_REVISION=7
LIBUNBOUND_REVISION=8
LIBUNBOUND_AGE=3
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
......@@ -61,6 +61,7 @@ LIBUNBOUND_AGE=3
# 1.5.2 had 5:5:3
# 1.5.3 had 5:6:3
# 1.5.4 had 5:7:3
# 1.5.5 had 5:8:3
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
......@@ -246,6 +247,8 @@ case "$debug_enabled" in
;;
esac
ACX_CHECK_FLTO
ACX_CHECK_PIE
ACX_CHECK_RELRO_NOW
AC_C_INLINE
ACX_CHECK_FORMAT_ATTRIBUTE
......@@ -475,7 +478,7 @@ if test x_$ub_test_python != x_no; then
AC_ERROR([Python version >= 2.4.0 is required])
fi
PY_MAJOR_VERSION="`$PYTHON -c "import sys; print(sys.version_info.major)"`"
[PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`"]
AC_SUBST(PY_MAJOR_VERSION)
# Have Python
AC_DEFINE(HAVE_PYTHON,1,[Define if you have Python libraries and header files.])
......@@ -566,7 +569,7 @@ if test $USE_NSS = "no"; then
ACX_WITH_SSL
ACX_LIB_SSL
AC_MSG_CHECKING([for LibreSSL])
if grep OPENSSL_VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL])
# libressl provides these compat functions, but they may also be
......@@ -578,7 +581,7 @@ fi
AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode])
AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free], [], [], [
AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
AC_INCLUDES_DEFAULT
#ifdef HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
......
......@@ -399,6 +399,12 @@ daemon_create_workers(struct daemon* daemon)
verbose(VERB_ALGO, "total of %d outgoing ports available", numport);
daemon->num = (daemon->cfg->num_threads?daemon->cfg->num_threads:1);
if(daemon->reuseport && (int)daemon->num < (int)daemon->num_ports) {
log_warn("cannot reduce num-threads to %d because so-reuseport "
"so continuing with %d threads.", (int)daemon->num,
(int)daemon->num_ports);
daemon->num = (int)daemon->num_ports;
}
daemon->workers = (struct worker**)calloc((size_t)daemon->num,
sizeof(struct worker*));
if(daemon->cfg->dnstap) {
......@@ -464,7 +470,7 @@ thread_start(void* arg)
#endif
#ifdef SO_REUSEPORT
if(worker->daemon->cfg->so_reuseport)
port_num = worker->thread_num;
port_num = worker->thread_num % worker->daemon->num_ports;
else
port_num = 0;
#endif
......
......@@ -243,9 +243,9 @@ daemon_remote_create(struct config_file* cfg)
goto setup_error;
}
verbose(VERB_ALGO, "setup SSL certificates");
if (!SSL_CTX_use_certificate_file(rc->ctx,s_cert,SSL_FILETYPE_PEM)) {
if (!SSL_CTX_use_certificate_chain_file(rc->ctx,s_cert)) {
log_err("Error for server-cert-file: %s", s_cert);
log_crypto_err("Error in SSL_CTX use_certificate_file");
log_crypto_err("Error in SSL_CTX use_certificate_chain_file");
goto setup_error;
}
if(!SSL_CTX_use_PrivateKey_file(rc->ctx,s_key,SSL_FILETYPE_PEM)) {
......@@ -258,6 +258,23 @@ daemon_remote_create(struct config_file* cfg)
log_crypto_err("Error in SSL_CTX check_private_key");
goto setup_error;
}
#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO
if(!SSL_CTX_set_ecdh_auto(rc->ctx,1)) {
log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE");
}
#elif defined(USE_ECDSA)
if(1) {
EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
if (!ecdh) {
log_crypto_err("could not find p256, not enabling ECDHE");
} else {
if (1 != SSL_CTX_set_tmp_ecdh (rc->ctx, ecdh)) {
log_crypto_err("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE");
}
EC_KEY_free (ecdh);
}
}
#endif
if(!SSL_CTX_load_verify_locations(rc->ctx, s_cert, NULL)) {
log_crypto_err("Error setting up SSL_CTX verify locations");
setup_error:
......@@ -1242,8 +1259,6 @@ struct del_info {
size_t len;
/** labels */
int labs;
/** now */
time_t now;
/** time to invalidate to */
time_t expired;
/** number of rrsets removed */
......@@ -1272,7 +1287,7 @@ infra_del_host(struct lruhash_entry* e, void* arg)
d->timeout_AAAA = 0;
d->timeout_other = 0;
rtt_init(&d->rtt);
if(d->ttl >= inf->now) {
if(d->ttl > inf->expired) {
d->ttl = inf->expired;
inf->num_keys++;
}
......@@ -1301,7 +1316,6 @@ do_flush_infra(SSL* ssl, struct worker* worker, char* arg)
inf.name = 0;
inf.len = 0;
inf.labs = 0;
inf.now = *worker->env.now;
inf.expired = *worker->env.now;
inf.expired -= 3; /* handle 3 seconds skew between threads */
inf.num_rrsets = 0;
......@@ -1332,7 +1346,7 @@ zone_del_rrset(struct lruhash_entry* e, void* arg)
if(dname_subdomain_c(k->rk.dname, inf->name)) {
struct packed_rrset_data* d =
(struct packed_rrset_data*)e->data;
if(d->ttl >= inf->now) {
if(d->ttl > inf->expired) {
d->ttl = inf->expired;
inf->num_rrsets++;
}
......@@ -1348,7 +1362,7 @@ zone_del_msg(struct lruhash_entry* e, void* arg)
struct msgreply_entry* k = (struct msgreply_entry*)e->key;
if(dname_subdomain_c(k->key.qname, inf->name)) {
struct reply_info* d = (struct reply_info*)e->data;
if(d->ttl >= inf->now) {
if(d->ttl > inf->expired) {
d->ttl = inf->expired;
inf->num_msgs++;
}
......@@ -1364,7 +1378,7 @@ zone_del_kcache(struct lruhash_entry* e, void* arg)
struct key_entry_key* k = (struct key_entry_key*)e->key;
if(dname_subdomain_c(k->name, inf->name)) {
struct key_entry_data* d = (struct key_entry_data*)e->data;
if(d->ttl >= inf->now) {
if(d->ttl > inf->expired) {
d->ttl = inf->expired;
inf->num_keys++;
}
......@@ -1387,7 +1401,6 @@ do_flush_zone(SSL* ssl, struct worker* worker, char* arg)
inf.name = nm;
inf.len = nmlen;
inf.labs = nmlabs;
inf.now = *worker->env.now;
inf.expired = *worker->env.now;
inf.expired -= 3; /* handle 3 seconds skew between threads */
inf.num_rrsets = 0;
......@@ -1457,7 +1470,6 @@ do_flush_bogus(SSL* ssl, struct worker* worker)
struct del_info inf;
/* what we do is to set them all expired */
inf.worker = worker;
inf.now = *worker->env.now;
inf.expired = *worker->env.now;
inf.expired -= 3; /* handle 3 seconds skew between threads */
inf.num_rrsets = 0;
......@@ -1533,7 +1545,6 @@ do_flush_negative(SSL* ssl, struct worker* worker)
struct del_info inf;
/* what we do is to set them all expired */
inf.worker = worker;
inf.now = *worker->env.now;
inf.expired = *worker->env.now;
inf.expired -= 3; /* handle 3 seconds skew between threads */
inf.num_rrsets = 0;
......@@ -1683,6 +1694,7 @@ parse_delegpt(SSL* ssl, char* args, uint8_t* nm, int allow_names)
}
}
}
dp->has_parent_side_NS = 1;
return dp;
}
......@@ -2265,11 +2277,17 @@ do_list_local_data(SSL* ssl, struct worker* worker)
for(i=0; i<d->count + d->rrsig_count; i++) {
if(!packed_rr_to_string(p->rrset, i,
0, s, slen)) {
if(!ssl_printf(ssl, "BADRR\n"))
if(!ssl_printf(ssl, "BADRR\n")) {
lock_rw_unlock(&z->lock);
lock_rw_unlock(&zones->lock);
return;
}
}
if(!ssl_printf(ssl, "%s\n", s))
if(!ssl_printf(ssl, "%s\n", s)) {
lock_rw_unlock(&z->lock);
lock_rw_unlock(&zones->lock);
return;
}
}
}
}
......
28 September 2015: Wouter
- MAX_TARGET_COUNT increased to 64, to fix up sporadic resolution
failures.
- tag for 1.5.5rc1 release.
- makedist.sh: pgp sig echo commands.
25 September 2015: Wouter
- Fix unbound-control flush that does not succeed in removing data.
22 September 2015: Wouter
- Fix config globbed include chroot treatment, this fixes reload of
globs (patch from Dag-Erling Smørgrav).
- iana portlist update.
- Fix #702: New IPs for for h.root-servers.net.
- Remove confusion comment from canonical_compare() function.
- Fix #705: ub_ctx_set_fwd() return value mishandled on windows.
- testbound selftest also works in non-debug mode.
- Fix minor error in unbound.conf.5.in
- Fix unbound.conf(5) access-control description for precedence
and default.
31 August 2015: Wouter
- changed windows setup compression to be more transparent.
28 August 2015: Wouter
- Fix #697: Get PY_MAJOR_VERSION failure at configure for python
2.4 to 2.6.
- Feature #699: --enable-pie option to that builds PIE binary.
- Feature #700: --enable-relro-now option that enables full read-only
relocation.
24 August 2015: Wouter
- Fix deadlock for local data add and zone add when unbound-control
list_local_data printout is interrupted.
- iana portlist update.
- Change default of harden-algo-downgrade to off. This is lenient
for algorithm rollover.
13 August 2015: Wouter
- 5011 implementation does not insist on all algorithms, when
harden-algo-downgrade is turned off.
- Reap the child process that libunbound spawns.
11 August 2015: Wouter
- Fix #694: configure script does not detect LibreSSL 2.2.2
4 August 2015: Wouter
- Document that local-zone nodefault matches exactly and transparent
can be used to release a subzone.
3 August 2015: Wouter
- Document in the manual more text about configuring locally served
zones.
- Fix 5011 anchor update timer after reload.
- Fix mktime in unbound-anchor not using UTC.
30 July 2015: Wouter
- please afl-gcc (llvm) for uninitialised variable warning.
- Added permit-small-holddown config to debug fast 5011 rollover.
24 July 2015: Wouter
- Fix #690: Reload fails when so-reuseport is yes after changing
num-threads.
- iana portlist update.
21 July 2015: Wouter
- Fix configure to detect SSL_CTX_set_ecdh_auto.
- iana portlist update.
20 July 2015: Wouter
- Enable ECDHE for servers. Where available, use
SSL_CTX_set_ecdh_auto() for TLS-wrapped server configurations to
enable ECDHE. Otherwise, manually offer curve p256.