git: 692553df59d9 - stable/14 - unbound: Vendor import 1.23.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 11 May 2025 04:49:47 UTC
The branch stable/14 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=692553df59d92558e5b65dc6e3f8b35c88817fa1 commit 692553df59d92558e5b65dc6e3f8b35c88817fa1 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2025-04-25 14:48:44 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2025-05-11 04:48:48 +0000 unbound: Vendor import 1.23.0 Release notes at https://nlnetlabs.nl/news/2025/Apr/24/unbound-1.23.0-released/ Merge commit '44bab727dfe28451b777dc9e47db4f748b709182' (cherry picked from commit be771a7b7f4580a30d99e41a5bb1b93a385a119d) --- contrib/unbound/Makefile.in | 23 +- contrib/unbound/ax_build_date_epoch.m4 | 70 + contrib/unbound/cachedb/cachedb.c | 5 +- contrib/unbound/cachedb/redis.c | 280 +- contrib/unbound/compat/malloc.c | 4 - contrib/unbound/config.h.in | 6 + contrib/unbound/configure | 122 +- contrib/unbound/configure.ac | 32 +- contrib/unbound/contrib/android/install_expat.sh | 11 +- contrib/unbound/contrib/ios/install_expat.sh | 18 +- contrib/unbound/daemon/acl_list.c | 30 +- contrib/unbound/daemon/acl_list.h | 13 +- contrib/unbound/daemon/cachedump.c | 4 +- contrib/unbound/daemon/daemon.c | 42 +- contrib/unbound/daemon/daemon.h | 35 +- contrib/unbound/daemon/remote.c | 4162 ++++++++++- contrib/unbound/daemon/remote.h | 167 + contrib/unbound/daemon/stats.c | 32 +- contrib/unbound/daemon/unbound.c | 92 +- contrib/unbound/daemon/worker.c | 118 +- contrib/unbound/daemon/worker.h | 8 +- contrib/unbound/dns64/dns64.c | 6 +- contrib/unbound/dnstap/dnstap.c | 28 +- contrib/unbound/dnstap/dnstap.h | 7 + contrib/unbound/dnstap/unbound-dnstap-socket.c | 17 +- contrib/unbound/doc/Changelog | 265 + contrib/unbound/doc/README | 2 +- contrib/unbound/doc/example.conf.in | 54 +- contrib/unbound/doc/libunbound.3.in | 4 +- contrib/unbound/doc/unbound-anchor.8.in | 2 +- contrib/unbound/doc/unbound-checkconf.8.in | 2 +- contrib/unbound/doc/unbound-control.8.in | 169 +- contrib/unbound/doc/unbound-host.1.in | 2 +- contrib/unbound/doc/unbound.8.in | 4 +- contrib/unbound/doc/unbound.conf.5.in | 204 +- contrib/unbound/ipsecmod/ipsecmod.c | 3 +- contrib/unbound/iterator/iter_delegpt.c | 2 +- contrib/unbound/iterator/iter_fwd.c | 52 +- contrib/unbound/iterator/iter_fwd.h | 9 + contrib/unbound/iterator/iter_hints.c | 13 +- contrib/unbound/iterator/iter_hints.h | 9 + contrib/unbound/iterator/iter_utils.c | 153 +- contrib/unbound/iterator/iter_utils.h | 49 +- contrib/unbound/iterator/iterator.c | 81 +- contrib/unbound/iterator/iterator.h | 26 +- contrib/unbound/libunbound/libworker.c | 16 +- contrib/unbound/libunbound/unbound.h | 6 + contrib/unbound/pythonmod/interface.i | 1857 +++++ contrib/unbound/pythonmod/pythonmod_utils.c | 201 + contrib/unbound/respip/respip.c | 74 +- contrib/unbound/respip/respip.h | 33 +- contrib/unbound/services/authzone.c | 278 +- contrib/unbound/services/authzone.h | 40 +- contrib/unbound/services/cache/dns.c | 45 +- contrib/unbound/services/cache/dns.h | 5 +- contrib/unbound/services/cache/infra.c | 170 +- contrib/unbound/services/cache/infra.h | 31 + contrib/unbound/services/listen_dnsport.c | 173 +- contrib/unbound/services/listen_dnsport.h | 25 +- contrib/unbound/services/localzone.c | 50 +- contrib/unbound/services/localzone.h | 14 + contrib/unbound/services/mesh.c | 303 +- contrib/unbound/services/mesh.h | 24 + contrib/unbound/services/outside_network.c | 33 +- contrib/unbound/services/outside_network.h | 6 +- contrib/unbound/services/rpz.c | 43 +- contrib/unbound/services/rpz.h | 7 + contrib/unbound/services/view.c | 41 +- contrib/unbound/services/view.h | 26 +- contrib/unbound/sldns/keyraw.c | 2 + contrib/unbound/sldns/rrdef.c | 10 +- contrib/unbound/sldns/rrdef.h | 6 + contrib/unbound/sldns/str2wire.c | 54 +- contrib/unbound/sldns/str2wire.h | 9 + contrib/unbound/sldns/wire2str.c | 50 +- contrib/unbound/sldns/wire2str.h | 13 + contrib/unbound/smallapp/unbound-checkconf.c | 12 +- .../unbound/smallapp/unbound-control-setup.sh.in | 3 +- contrib/unbound/smallapp/unbound-control.c | 24 +- contrib/unbound/smallapp/worker_cb.c | 14 + contrib/unbound/testcode/checklocks.c | 916 +++ contrib/unbound/testcode/do-tests.sh | 76 + contrib/unbound/testcode/doqclient.c | 2715 +++++++ contrib/unbound/testcode/fake_event.c | 2022 +++++ contrib/unbound/testcode/testbound.c | 668 ++ contrib/unbound/testcode/unitdname.c | 1037 +++ contrib/unbound/testcode/unitinfra.c | 209 + contrib/unbound/testcode/unitldns.c | 284 + contrib/unbound/testcode/unitmain.c | 1377 ++++ contrib/unbound/testcode/unitmain.h | 92 + contrib/unbound/testcode/unitneg.c | 545 ++ contrib/unbound/testcode/unitverify.c | 573 ++ contrib/unbound/testcode/unitzonemd.c | 541 ++ .../09-unbound-control.conf | 31 + .../09-unbound-control.test | 493 ++ .../09-unbound-control.testns | 44 + .../testdata/acl_interface.tdir/acl_interface.conf | 198 + .../acl_interface.tdir/acl_interface.test.scenario | 268 + .../unbound/testdata/auth_tls.tdir/auth_tls.pre | 48 + .../auth_tls_failcert.tdir/auth_tls_failcert.pre | 48 + contrib/unbound/testdata/cachedb_expired.crpl | 325 + .../testdata/cachedb_expired_reply_ttl.crpl | 260 + .../unbound/testdata/cachedb_servfail_cname.crpl | 181 + contrib/unbound/testdata/cachedb_val_expired.crpl | 328 + contrib/unbound/testdata/common.sh | 394 + contrib/unbound/testdata/dns_error_reporting.rpl | 200 + contrib/unbound/testdata/dnstap.tdir/dnstap.conf | 43 + .../testdata/fast_reload_fwd.tdir/auth1.zone | 2 + .../testdata/fast_reload_fwd.tdir/auth2.zone | 2 + .../fast_reload_fwd.tdir/fast_reload_fwd.conf | 107 + .../fast_reload_fwd.tdir/fast_reload_fwd.conf2 | 108 + .../fast_reload_fwd.tdir/fast_reload_fwd.dsc | 16 + .../fast_reload_fwd.tdir/fast_reload_fwd.ns1 | 339 + .../fast_reload_fwd.tdir/fast_reload_fwd.ns2 | 285 + .../fast_reload_fwd.tdir/fast_reload_fwd.post | 27 + .../fast_reload_fwd.tdir/fast_reload_fwd.pre | 56 + .../fast_reload_fwd.tdir/fast_reload_fwd.test | 320 + .../auth.nlnetlabs.nl.zone | 3 + .../fast_reload_most_options.conf | 143 + .../fast_reload_most_options.dsc | 16 + .../fast_reload_most_options.post | 11 + .../fast_reload_most_options.pre | 33 + .../fast_reload_most_options.test | 42 + .../rpz.nlnetlabs.nl.zone | 5 + .../fast_reload_thread.conf | 20 + .../fast_reload_thread.tdir/fast_reload_thread.dsc | 16 + .../fast_reload_thread.post | 11 + .../fast_reload_thread.tdir/fast_reload_thread.pre | 34 + .../fast_reload_thread.test | 38 + contrib/unbound/testdata/fwd_0ttlservfail.rpl | 87 + contrib/unbound/testdata/iter_failreply.rpl | 131 + contrib/unbound/testdata/iter_fwdstubauth.rpl | 155 + contrib/unbound/testdata/iter_scrub_rr_length.rpl | 297 + .../testdata/log_servfail.tdir/log_servfail.conf | 27 + .../testdata/log_servfail.tdir/log_servfail.dsc | 16 + .../testdata/log_servfail.tdir/log_servfail.post | 10 + .../testdata/log_servfail.tdir/log_servfail.pre | 21 + .../testdata/log_servfail.tdir/log_servfail.test | 47 + .../unbound/testdata/redis_replica.tdir/after.zone | 2 + .../testdata/redis_replica.tdir/before.zone | 2 + .../unbound/testdata/redis_replica.tdir/redis.conf | 583 ++ .../testdata/redis_replica.tdir/redis_replica.conf | 31 + .../testdata/redis_replica.tdir/redis_replica.dsc | 16 + .../testdata/redis_replica.tdir/redis_replica.post | 18 + .../testdata/redis_replica.tdir/redis_replica.pre | 46 + .../testdata/redis_replica.tdir/redis_replica.test | 78 + .../redis_replica.tdir/unbound_control.key | 39 + .../redis_replica.tdir/unbound_control.pem | 22 + .../testdata/redis_replica.tdir/unbound_server.key | 39 + .../testdata/redis_replica.tdir/unbound_server.pem | 22 + contrib/unbound/testdata/rpz_nsdname.rpl | 471 ++ contrib/unbound/testdata/rpz_val_block.rpl | 642 ++ contrib/unbound/testdata/serve_expired.rpl | 126 + .../unbound/testdata/serve_expired_0ttl_nodata.rpl | 154 + .../testdata/serve_expired_0ttl_nxdomain.rpl | 154 + .../testdata/serve_expired_0ttl_servfail.rpl | 129 + .../testdata/serve_expired_cached_servfail.rpl | 130 + .../serve_expired_cached_servfail_refresh.rpl | 145 + .../serve_expired_client_timeout_servfail.rpl | 219 + .../serve_expired_client_timeout_val_bogus.rpl | 328 + .../unbound/testdata/serve_expired_reply_ttl.rpl | 106 + contrib/unbound/testdata/serve_expired_ttl.rpl | 101 + .../unbound/testdata/serve_expired_ttl_reset.rpl | 101 + .../unbound/testdata/serve_expired_val_bogus.rpl | 389 + contrib/unbound/testdata/serve_expired_zerottl.rpl | 157 + contrib/unbound/testdata/serve_original_ttl.rpl | 139 + .../testdata/stat_values.tdir/stat_values.conf | 44 + .../testdata/stat_values.tdir/stat_values.pre | 50 + .../testdata/stat_values.tdir/stat_values.test | 680 ++ .../testdata/stat_values.tdir/stat_values.testns | 82 + .../stat_values.tdir/stat_values_cachedb.conf | 30 + .../stat_values_discard_wait_limit.conf | 36 + .../unbound/testdata/subnet_cached_servfail.crpl | 168 + .../subnet_global_prefetch_always_forward.crpl | 168 + .../testdata/subnet_global_prefetch_expired.crpl | 242 + contrib/unbound/testdata/test_ldnsrr.4 | 80 + contrib/unbound/testdata/test_ldnsrr.5 | 178 + contrib/unbound/testdata/test_ldnsrr.c3 | 1068 +++ contrib/unbound/testdata/test_ldnsrr.c4 | 84 + contrib/unbound/testdata/test_ldnsrr.c5 | 220 + contrib/unbound/testdata/val_failure_dnskey.rpl | 347 + contrib/unbound/testdata/val_scrub_rr_length.rpl | 163 + contrib/unbound/util/config_file.c | 169 +- contrib/unbound/util/config_file.h | 74 +- contrib/unbound/util/configlexer.c | 7712 ++++++++++---------- contrib/unbound/util/configlexer.lex | 25 +- contrib/unbound/util/configparser.c | 4659 ++++++------ contrib/unbound/util/configparser.h | 352 +- contrib/unbound/util/configparser.y | 143 +- contrib/unbound/util/data/dname.c | 16 +- contrib/unbound/util/data/dname.h | 5 +- contrib/unbound/util/data/msgreply.c | 18 +- contrib/unbound/util/data/msgreply.h | 4 +- contrib/unbound/util/edns.c | 23 + contrib/unbound/util/edns.h | 16 + contrib/unbound/util/fptr_wlist.c | 3 + contrib/unbound/util/iana_ports.inc | 5 +- contrib/unbound/util/log.c | 2 +- contrib/unbound/util/module.c | 8 +- contrib/unbound/util/module.h | 5 + contrib/unbound/util/net_help.c | 163 +- contrib/unbound/util/net_help.h | 29 +- contrib/unbound/util/netevent.c | 243 +- contrib/unbound/util/netevent.h | 21 +- contrib/unbound/util/shm_side/shm_main.c | 2 +- contrib/unbound/util/storage/dnstree.c | 2 +- contrib/unbound/util/storage/lruhash.c | 30 + contrib/unbound/util/storage/lruhash.h | 10 + contrib/unbound/util/storage/slabhash.c | 9 + contrib/unbound/util/storage/slabhash.h | 7 + contrib/unbound/util/tcp_conn_limit.c | 11 + contrib/unbound/util/tcp_conn_limit.h | 9 + contrib/unbound/util/tube.c | 5 +- contrib/unbound/util/ub_event.c | 61 +- contrib/unbound/validator/autotrust.c | 33 +- contrib/unbound/validator/val_anchor.c | 78 +- contrib/unbound/validator/val_anchor.h | 10 +- contrib/unbound/validator/val_neg.c | 9 + contrib/unbound/validator/val_neg.h | 7 + contrib/unbound/validator/validator.c | 99 +- contrib/unbound/validator/validator.h | 23 + contrib/unbound/winrc/win_svc.c | 660 ++ 222 files changed, 41990 insertions(+), 7275 deletions(-) diff --git a/contrib/unbound/Makefile.in b/contrib/unbound/Makefile.in index c262250ca2c5..463cdac286e1 100644 --- a/contrib/unbound/Makefile.in +++ b/contrib/unbound/Makefile.in @@ -179,11 +179,11 @@ testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \ testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \ testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \ testcode/unitecs.c testcode/unitauth.c testcode/unitzonemd.c \ -testcode/unittcpreuse.c testcode/unitdoq.c +testcode/unittcpreuse.c testcode/unitdoq.c testcode/unitinfra.c UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \ unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \ readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo unitzonemd.lo \ -unittcpreuse.lo unitdoq.lo +unittcpreuse.lo unitdoq.lo unitinfra.lo UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \ $(COMPAT_OBJ) DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \ @@ -509,10 +509,15 @@ util/configlexer.c: $(srcdir)/util/configlexer.lex util/configparser.h fi @if test ! -f $@; then echo "No $@ : need flex and bison to compile from source repository"; exit 1; fi -util/configparser.c util/configparser.h: $(srcdir)/util/configparser.y +# Builds both util/configparser.c and util/configparser.h. +# To avoid double-building we split one target out. +util/configparser.c: $(srcdir)/util/configparser.y @-if test ! -d util; then $(INSTALL) -d util; fi $(YACC) -d -o util/configparser.c $(srcdir)/util/configparser.y +util/configparser.h: util/configparser.c + touch $@ + clean: rm -f *.o *.d *.lo *~ tags rm -f unbound$(EXEEXT) unbound-checkconf$(EXEEXT) unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-anchor$(EXEEXT) unbound-control-setup libunbound.la unbound.h @@ -876,7 +881,7 @@ view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(s $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h rpz.lo rpz.o: $(srcdir)/services/rpz.c config.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -972,7 +977,7 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/worker.h + $(srcdir)/libunbound/worker.h $(srcdir)/daemon/remote.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ @@ -1059,7 +1064,7 @@ tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/u $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/ub_event.h ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h $(srcdir)/daemon/remote.h ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ @@ -1256,6 +1261,7 @@ unitzonemd.lo unitzonemd.o: $(srcdir)/testcode/unitzonemd.c config.h $(srcdir)/u $(srcdir)/validator/val_anchor.h unittcpreuse.lo unittcpreuse.o: $(srcdir)/testcode/unittcpreuse.c config.h $(srcdir)/services/outside_network.h \ $(srcdir)/util/random.h +unitinfra.lo unitinfra.o: $(srcdir)/testcode/unitinfra.c config.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/iterator/iterator.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ @@ -1307,7 +1313,10 @@ remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \ $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/util/edns.h + $(srcdir)/sldns/wire2str.h $(srcdir)/util/edns.h \ + $(srcdir)/util/locks.h $(srcdir)/util/ub_event.h \ + $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h $(srcdir)/validator/val_neg.h \ + $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_priv.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ diff --git a/contrib/unbound/ax_build_date_epoch.m4 b/contrib/unbound/ax_build_date_epoch.m4 new file mode 100644 index 000000000000..dbecb067a8cb --- /dev/null +++ b/contrib/unbound/ax_build_date_epoch.m4 @@ -0,0 +1,70 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_build_date_epoch.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_BUILD_DATE_EPOCH(VARIABLE[, FORMAT[, ACTION-IF-FAIL]]) +# +# DESCRIPTION +# +# Sets VARIABLE to a string representing the current time. It is +# formatted according to FORMAT if specified, otherwise it is formatted as +# the number of seconds (excluding leap seconds) since the UNIX epoch (01 +# Jan 1970 00:00:00 UTC). +# +# If the SOURCE_DATE_EPOCH environment variable is set, it uses the value +# of that variable instead of the current time. See +# https://reproducible-builds.org/specs/source-date-epoch). If +# SOURCE_DATE_EPOCH is set but cannot be properly interpreted as a UNIX +# timestamp, then execute ACTION-IF-FAIL if specified, otherwise error. +# +# VARIABLE is AC_SUBST-ed. +# +# LICENSE +# +# Copyright (c) 2016 Eric Bavier <bavier@member.fsf.org> +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <https://www.gnu.org/licenses/>. +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 2 + +AC_DEFUN([AX_BUILD_DATE_EPOCH], +[dnl +AC_MSG_CHECKING([for build time]) +ax_date_fmt="m4_default($2,%s)" +AS_IF([test x"$SOURCE_DATE_EPOCH" = x], + [$1=`date "+$ax_date_fmt"`], + [ax_build_date=`date -u -d "@$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null \ + || date -u -r "$SOURCE_DATE_EPOCH" "+$ax_date_fmt" 2>/dev/null` + AS_IF([test x"$ax_build_date" = x], + [m4_ifval([$3], + [$3], + [AC_MSG_ERROR([malformed SOURCE_DATE_EPOCH])])], + [$1=$ax_build_date])]) +AC_MSG_RESULT([$$1]) +])dnl AX_BUILD_DATE_EPOCH diff --git a/contrib/unbound/cachedb/cachedb.c b/contrib/unbound/cachedb/cachedb.c index 0329f8458bd7..bdb1754e42d2 100644 --- a/contrib/unbound/cachedb/cachedb.c +++ b/contrib/unbound/cachedb/cachedb.c @@ -47,6 +47,7 @@ #include "util/regional.h" #include "util/net_help.h" #include "util/config_file.h" +#include "util/data/dname.h" #include "util/data/msgreply.h" #include "util/data/msgencode.h" #include "services/cache/dns.h" @@ -341,6 +342,7 @@ calc_hash(struct query_info* qinfo, struct module_env* env, char* buf, /* copy the hash info into the clear buffer */ if(clen + qinfo->qname_len < sizeof(clear)) { memmove(clear+clen, qinfo->qname, qinfo->qname_len); + query_dname_tolower(clear+clen); clen += qinfo->qname_len; } if(clen + 4 < sizeof(clear)) { @@ -755,7 +757,8 @@ cachedb_intcache_store(struct module_qstate* qstate, int msg_expired) } (void)dns_cache_store(qstate->env, &qstate->qinfo, qstate->return_msg->rep, 0, qstate->prefetch_leeway, 0, - qstate->region, store_flags, qstate->qstarttime); + qstate->region, store_flags, qstate->qstarttime, + qstate->is_valrec); if(serve_expired && msg_expired) { if(qstate->env->cfg->serve_expired_client_timeout) { /* No expired response from the query state, the diff --git a/contrib/unbound/cachedb/redis.c b/contrib/unbound/cachedb/redis.c index 68c033535a69..3dfa95859eb8 100644 --- a/contrib/unbound/cachedb/redis.c +++ b/contrib/unbound/cachedb/redis.c @@ -52,19 +52,38 @@ #include "hiredis/hiredis.h" struct redis_moddata { - redisContext** ctxs; /* thread-specific redis contexts */ - int numctxs; /* number of ctx entries */ - const char* server_host; /* server's IP address or host name */ - int server_port; /* server's TCP port */ - const char* server_path; /* server's unix path, or "", NULL if unused */ - const char* server_password; /* server's AUTH password, or "", NULL if unused */ - struct timeval command_timeout; /* timeout for commands */ - struct timeval connect_timeout; /* timeout for connect */ - int logical_db; /* the redis logical database to use */ + /* thread-specific redis contexts */ + redisContext** ctxs; + redisContext** replica_ctxs; + /* number of ctx entries */ + int numctxs; + /* server's IP address or host name */ + const char* server_host; + const char* replica_server_host; + /* server's TCP port */ + int server_port; + int replica_server_port; + /* server's unix path, or "", NULL if unused */ + const char* server_path; + const char* replica_server_path; + /* server's AUTH password, or "", NULL if unused */ + const char* server_password; + const char* replica_server_password; + /* timeout for commands */ + struct timeval command_timeout; + struct timeval replica_command_timeout; + /* timeout for connection setup */ + struct timeval connect_timeout; + struct timeval replica_connect_timeout; + /* the redis logical database to use */ + int logical_db; + int replica_logical_db; + /* if the SET with EX command is supported */ + int set_with_ex_available; }; static redisReply* redis_command(struct module_env*, struct cachedb_env*, - const char*, const uint8_t*, size_t); + const char*, const uint8_t*, size_t, int); static void moddata_clean(struct redis_moddata** moddata) { @@ -78,21 +97,30 @@ moddata_clean(struct redis_moddata** moddata) { } free((*moddata)->ctxs); } + if((*moddata)->replica_ctxs) { + int i; + for(i = 0; i < (*moddata)->numctxs; i++) { + if((*moddata)->replica_ctxs[i]) + redisFree((*moddata)->replica_ctxs[i]); + } + free((*moddata)->replica_ctxs); + } free(*moddata); *moddata = NULL; } static redisContext* -redis_connect(const struct redis_moddata* moddata) +redis_connect(const char* host, int port, const char* path, + const char* password, int logical_db, + const struct timeval connect_timeout, + const struct timeval command_timeout) { redisContext* ctx; - if(moddata->server_path && moddata->server_path[0]!=0) { - ctx = redisConnectUnixWithTimeout(moddata->server_path, - moddata->connect_timeout); + if(path && path[0]!=0) { + ctx = redisConnectUnixWithTimeout(path, connect_timeout); } else { - ctx = redisConnectWithTimeout(moddata->server_host, - moddata->server_port, moddata->connect_timeout); + ctx = redisConnectWithTimeout(host, port, connect_timeout); } if(!ctx || ctx->err) { const char *errstr = "out of memory"; @@ -101,13 +129,13 @@ redis_connect(const struct redis_moddata* moddata) log_err("failed to connect to redis server: %s", errstr); goto fail; } - if(redisSetTimeout(ctx, moddata->command_timeout) != REDIS_OK) { - log_err("failed to set redis timeout"); + if(redisSetTimeout(ctx, command_timeout) != REDIS_OK) { + log_err("failed to set redis timeout, %s", ctx->errstr); goto fail; } - if(moddata->server_password && moddata->server_password[0]!=0) { + if(password && password[0]!=0) { redisReply* rep; - rep = redisCommand(ctx, "AUTH %s", moddata->server_password); + rep = redisCommand(ctx, "AUTH %s", password); if(!rep || rep->type == REDIS_REPLY_ERROR) { log_err("failed to authenticate with password"); freeReplyObject(rep); @@ -115,18 +143,25 @@ redis_connect(const struct redis_moddata* moddata) } freeReplyObject(rep); } - if(moddata->logical_db > 0) { + if(logical_db > 0) { redisReply* rep; - rep = redisCommand(ctx, "SELECT %d", moddata->logical_db); + rep = redisCommand(ctx, "SELECT %d", logical_db); if(!rep || rep->type == REDIS_REPLY_ERROR) { log_err("failed to set logical database (%d)", - moddata->logical_db); + logical_db); freeReplyObject(rep); goto fail; } freeReplyObject(rep); } - verbose(VERB_OPS, "Connection to Redis established"); + if(verbosity >= VERB_OPS) { + char port_str[6+1]; + port_str[0] = ' '; + (void)snprintf(port_str+1, sizeof(port_str)-1, "%d", port); + verbose(VERB_OPS, "Connection to Redis established (%s%s)", + path&&path[0]!=0?path:host, + path&&path[0]!=0?"":port_str); + } return ctx; fail: @@ -135,6 +170,14 @@ fail: return NULL; } +static void +set_timeout(struct timeval* timeout, int value, int explicit_value) +{ + int v = explicit_value != 0 ? explicit_value : value; + timeout->tv_sec = v / 1000; + timeout->tv_usec = (v % 1000) * 1000; +} + static int redis_init(struct module_env* env, struct cachedb_env* cachedb_env) { @@ -149,57 +192,98 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env) goto fail; } moddata->numctxs = env->cfg->num_threads; - moddata->ctxs = calloc(env->cfg->num_threads, sizeof(redisContext*)); - if(!moddata->ctxs) { - log_err("out of memory"); - goto fail; - } - /* note: server_host is a shallow reference to configured string. - * we don't have to free it in this module. */ + /* note: server_host and similar string configuration options are + * shallow references to configured strings; we don't have to free them + * in this module. */ moddata->server_host = env->cfg->redis_server_host; + moddata->replica_server_host = env->cfg->redis_replica_server_host; + moddata->server_port = env->cfg->redis_server_port; + moddata->replica_server_port = env->cfg->redis_replica_server_port; + moddata->server_path = env->cfg->redis_server_path; + moddata->replica_server_path = env->cfg->redis_replica_server_path; + moddata->server_password = env->cfg->redis_server_password; - moddata->command_timeout.tv_sec = env->cfg->redis_timeout / 1000; - moddata->command_timeout.tv_usec = - (env->cfg->redis_timeout % 1000) * 1000; - moddata->connect_timeout.tv_sec = env->cfg->redis_timeout / 1000; - moddata->connect_timeout.tv_usec = - (env->cfg->redis_timeout % 1000) * 1000; - if(env->cfg->redis_command_timeout != 0) { - moddata->command_timeout.tv_sec = - env->cfg->redis_command_timeout / 1000; - moddata->command_timeout.tv_usec = - (env->cfg->redis_command_timeout % 1000) * 1000; + moddata->replica_server_password = env->cfg->redis_replica_server_password; + + set_timeout(&moddata->command_timeout, + env->cfg->redis_timeout, + env->cfg->redis_command_timeout); + set_timeout(&moddata->replica_command_timeout, + env->cfg->redis_replica_timeout, + env->cfg->redis_replica_command_timeout); + set_timeout(&moddata->connect_timeout, + env->cfg->redis_timeout, + env->cfg->redis_connect_timeout); + set_timeout(&moddata->replica_connect_timeout, + env->cfg->redis_replica_timeout, + env->cfg->redis_replica_connect_timeout); + + moddata->logical_db = env->cfg->redis_logical_db; + moddata->replica_logical_db = env->cfg->redis_replica_logical_db; + + moddata->ctxs = calloc(env->cfg->num_threads, sizeof(redisContext*)); + if(!moddata->ctxs) { + log_err("out of memory"); + goto fail; } - if(env->cfg->redis_connect_timeout != 0) { - moddata->connect_timeout.tv_sec = - env->cfg->redis_connect_timeout / 1000; - moddata->connect_timeout.tv_usec = - (env->cfg->redis_connect_timeout % 1000) * 1000; + if((moddata->replica_server_host && moddata->replica_server_host[0]!=0) + || (moddata->replica_server_path && moddata->replica_server_path[0]!=0)) { + /* There is a replica configured, allocate ctxs */ + moddata->replica_ctxs = calloc(env->cfg->num_threads, sizeof(redisContext*)); + if(!moddata->replica_ctxs) { + log_err("out of memory"); + goto fail; + } } - moddata->logical_db = env->cfg->redis_logical_db; for(i = 0; i < moddata->numctxs; i++) { - redisContext* ctx = redis_connect(moddata); + redisContext* ctx = redis_connect( + moddata->server_host, + moddata->server_port, + moddata->server_path, + moddata->server_password, + moddata->logical_db, + moddata->connect_timeout, + moddata->command_timeout); if(!ctx) { - log_err("redis_init: failed to init redis"); - goto fail; + log_err("redis_init: failed to init redis " + "(for thread %d)", i); + /* And continue, the context can be established + * later, just like after a disconnect. */ } moddata->ctxs[i] = ctx; } + if(moddata->replica_ctxs) { + for(i = 0; i < moddata->numctxs; i++) { + redisContext* ctx = redis_connect( + moddata->replica_server_host, + moddata->replica_server_port, + moddata->replica_server_path, + moddata->replica_server_password, + moddata->replica_logical_db, + moddata->replica_connect_timeout, + moddata->replica_command_timeout); + if(!ctx) { + log_err("redis_init: failed to init redis " + "replica (for thread %d)", i); + /* And continue, the context can be established + * later, just like after a disconnect. */ + } + moddata->replica_ctxs[i] = ctx; + } + } cachedb_env->backend_data = moddata; - if(env->cfg->redis_expire_records) { + if(env->cfg->redis_expire_records && + moddata->ctxs[env->alloc->thread_num] != NULL) { redisReply* rep = NULL; int redis_reply_type = 0; - /** check if setex command is supported */ + /** check if set with ex command is supported */ rep = redis_command(env, cachedb_env, - "SETEX __UNBOUND_REDIS_CHECK__ 1 none", NULL, 0); + "SET __UNBOUND_REDIS_CHECK__ none EX 1", NULL, 0, 1); if(!rep) { /** init failed, no response from redis server*/ - log_err("redis_init: failed to init redis, the " - "redis-expire-records option requires the SETEX command " - "(redis >= 2.0.0)"); - goto fail; + goto set_with_ex_fail; } redis_reply_type = rep->type; freeReplyObject(rep); @@ -207,15 +291,18 @@ redis_init(struct module_env* env, struct cachedb_env* cachedb_env) case REDIS_REPLY_STATUS: break; default: - /** init failed, setex command not supported */ - log_err("redis_init: failed to init redis, the " - "redis-expire-records option requires the SETEX command " - "(redis >= 2.0.0)"); - goto fail; + /** init failed, set_with_ex command not supported */ + goto set_with_ex_fail; } + moddata->set_with_ex_available = 1; } return 1; +set_with_ex_fail: + log_err("redis_init: failure during redis_init, the " + "redis-expire-records option requires the SET with EX command " + "(redis >= 2.6.2)"); + return 1; fail: moddata_clean(&moddata); return 0; @@ -246,9 +333,9 @@ redis_deinit(struct module_env* env, struct cachedb_env* cachedb_env) */ static redisReply* redis_command(struct module_env* env, struct cachedb_env* cachedb_env, - const char* command, const uint8_t* data, size_t data_len) + const char* command, const uint8_t* data, size_t data_len, int write) { - redisContext* ctx; + redisContext* ctx, **ctx_selector; redisReply* rep; struct redis_moddata* d = (struct redis_moddata*) cachedb_env->backend_data; @@ -259,17 +346,38 @@ redis_command(struct module_env* env, struct cachedb_env* cachedb_env, * assumption throughout the unbound architecture, so we simply assert * it. */ log_assert(env->alloc->thread_num < d->numctxs); - ctx = d->ctxs[env->alloc->thread_num]; + + ctx_selector = !write && d->replica_ctxs + ?d->replica_ctxs + :d->ctxs; + ctx = ctx_selector[env->alloc->thread_num]; /* If we've not established a connection to the server or we've closed * it on a failure, try to re-establish a new one. Failures will be * logged in redis_connect(). */ if(!ctx) { - ctx = redis_connect(d); - d->ctxs[env->alloc->thread_num] = ctx; + if(!write && d->replica_ctxs) { + ctx = redis_connect( + d->replica_server_host, + d->replica_server_port, + d->replica_server_path, + d->replica_server_password, + d->replica_logical_db, + d->replica_connect_timeout, + d->replica_command_timeout); + } else { + ctx = redis_connect( + d->server_host, + d->server_port, + d->server_path, + d->server_password, + d->logical_db, + d->connect_timeout, + d->command_timeout); + } + ctx_selector[env->alloc->thread_num] = ctx; } - if(!ctx) - return NULL; + if(!ctx) return NULL; /* Send the command and get a reply, synchronously. */ rep = (redisReply*)redisCommand(ctx, command, data, data_len); @@ -279,7 +387,7 @@ redis_command(struct module_env* env, struct cachedb_env* cachedb_env, log_err("redis_command: failed to receive a reply, " "closing connection: %s", ctx->errstr); redisFree(ctx); - d->ctxs[env->alloc->thread_num] = NULL; + ctx_selector[env->alloc->thread_num] = NULL; return NULL; } @@ -309,7 +417,7 @@ redis_lookup(struct module_env* env, struct cachedb_env* cachedb_env, return 0; } - rep = redis_command(env, cachedb_env, cmdbuf, NULL, 0); + rep = redis_command(env, cachedb_env, cmdbuf, NULL, 0, 0); if(!rep) return 0; switch(rep->type) { @@ -346,11 +454,16 @@ redis_store(struct module_env* env, struct cachedb_env* cachedb_env, { redisReply* rep; int n; - int set_ttl = (env->cfg->redis_expire_records && + struct redis_moddata* moddata = (struct redis_moddata*) + cachedb_env->backend_data; + int set_ttl = (moddata->set_with_ex_available && + env->cfg->redis_expire_records && (!env->cfg->serve_expired || env->cfg->serve_expired_ttl > 0)); /* Supported commands: * - "SET " + key + " %b" - * - "SETEX " + key + " " + ttl + " %b" + * - "SET " + key + " %b EX " + ttl + * older redis 2.0.0 was "SETEX " + key + " " + ttl + " %b" + * - "EXPIRE " + key + " 0" */ char cmdbuf[6+(CACHEDB_HASHSIZE/8)*2+11+3+1]; @@ -358,14 +471,22 @@ redis_store(struct module_env* env, struct cachedb_env* cachedb_env, verbose(VERB_ALGO, "redis_store %s (%d bytes)", key, (int)data_len); /* build command to set to a binary safe string */ n = snprintf(cmdbuf, sizeof(cmdbuf), "SET %s %%b", key); + } else if(ttl == 0) { + /* use the EXPIRE command, SET with EX 0 is an invalid time. */ + /* Replies with REDIS_REPLY_INTEGER of 1. */ + verbose(VERB_ALGO, "redis_store expire %s (%d bytes)", + key, (int)data_len); + n = snprintf(cmdbuf, sizeof(cmdbuf), "EXPIRE %s 0", key); + data = NULL; + data_len = 0; } else { /* add expired ttl time to redis ttl to avoid premature eviction of key */ ttl += env->cfg->serve_expired_ttl; verbose(VERB_ALGO, "redis_store %s (%d bytes) with ttl %u", - key, (int)data_len, (uint32_t)ttl); + key, (int)data_len, (unsigned)(uint32_t)ttl); /* build command to set to a binary safe string */ - n = snprintf(cmdbuf, sizeof(cmdbuf), "SETEX %s %u %%b", key, - (uint32_t)ttl); + n = snprintf(cmdbuf, sizeof(cmdbuf), "SET %s %%b EX %u", key, + (unsigned)(uint32_t)ttl); } @@ -374,11 +495,12 @@ redis_store(struct module_env* env, struct cachedb_env* cachedb_env, return; } - rep = redis_command(env, cachedb_env, cmdbuf, data, data_len); + rep = redis_command(env, cachedb_env, cmdbuf, data, data_len, 1); if(rep) { verbose(VERB_ALGO, "redis_store set completed"); if(rep->type != REDIS_REPLY_STATUS && - rep->type != REDIS_REPLY_ERROR) { + rep->type != REDIS_REPLY_ERROR && + rep->type != REDIS_REPLY_INTEGER) { log_err("redis_store: unexpected type of reply (%d)", rep->type); } diff --git a/contrib/unbound/compat/malloc.c b/contrib/unbound/compat/malloc.c index d8097b13e024..74beae01c98c 100644 --- a/contrib/unbound/compat/malloc.c +++ b/contrib/unbound/compat/malloc.c @@ -5,12 +5,8 @@ #undef malloc #include <sys/types.h> -#ifndef USE_WINSOCK -void *malloc (); -#else /* provide a prototype */ void *malloc (size_t n); -#endif /* Allocate an N-byte block of memory from the heap. If N is zero, allocate a 1-byte block. */ diff --git a/contrib/unbound/config.h.in b/contrib/unbound/config.h.in index dc03e82dddba..f2dc8c8b92b3 100644 --- a/contrib/unbound/config.h.in +++ b/contrib/unbound/config.h.in @@ -378,6 +378,9 @@ /* Define if we have LibreSSL */ #undef HAVE_LIBRESSL +/* If we have atomic_store */ +#undef HAVE_LINK_ATOMIC_STORE + /* Define to 1 if you have the <linux/net_tstamp.h> header file. */ #undef HAVE_LINUX_NET_TSTAMP_H @@ -663,6 +666,9 @@ /* Define to 1 if you have the <stdarg.h> header file. */ #undef HAVE_STDARG_H +/* Define to 1 if you have the <stdatomic.h> header file. */ +#undef HAVE_STDATOMIC_H + /* Define to 1 if you have the <stdbool.h> header file. */ #undef HAVE_STDBOOL_H diff --git a/contrib/unbound/configure b/contrib/unbound/configure index 918a0632013d..0b78d97b16e9 100755 --- a/contrib/unbound/configure +++ b/contrib/unbound/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for unbound 1.22.0. +# Generated by GNU Autoconf 2.71 for unbound 1.23.0. # # Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>. # @@ -622,8 +622,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.22.0' -PACKAGE_STRING='unbound 1.22.0' +PACKAGE_VERSION='1.23.0' +PACKAGE_STRING='unbound 1.23.0' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -712,6 +712,7 @@ SSLLIB HAVE_SSL PC_CRYPTO_DEPENDENCY CONFIG_DATE +SOURCE_DATE_EPOCH GCC_DOCKER_LINTFLAGS NETBSD_LINTFLAGS PYUNBOUND_UNINSTALL @@ -959,6 +960,7 @@ SYSTEMD_LIBS SYSTEMD_DAEMON_CFLAGS SYSTEMD_DAEMON_LIBS PYTHON_VERSION +SOURCE_DATE_EPOCH PROTOBUFC_CFLAGS PROTOBUFC_LIBS' @@ -1509,7 +1511,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.22.0 to adapt to many kinds of systems. +\`configure' configures unbound 1.23.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1575,7 +1577,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.22.0:";; + short | recursive ) echo "Configuration of unbound 1.23.0:";; esac cat <<\_ACEOF @@ -1752,6 +1754,10 @@ Some influential environment variables: The installed Python version to use, for example '2.3'. This string will be appended to the Python interpreter canonical name. + SOURCE_DATE_EPOCH + If it is set, it uses the value of that variable instead of the + current time as the build timestamp. The format is a unix + timestamp. This enables reproducible build output. PROTOBUFC_CFLAGS C compiler flags for PROTOBUFC, overriding pkg-config PROTOBUFC_LIBS @@ -1824,7 +1830,7 @@ fi test -n "$ac_init_help" && exit $ac_status *** 58195 LINES SKIPPED ***