git: 66f60770fd7d - stable/14 - unbound: Vendor import 1.19.3
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 24 Mar 2024 02:22:23 UTC
The branch stable/14 has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=66f60770fd7d39518fef679533c3034e1e4f6baa
commit 66f60770fd7d39518fef679533c3034e1e4f6baa
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2024-03-17 00:13:09 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2024-03-24 02:22:03 +0000
unbound: Vendor import 1.19.3
Release notes at
https://www.nlnetlabs.nl/news/2024/Mar/14/unbound-1.19.3-released/
Merge commit '5a33598e88ad8fbc0affa74dee0a2d8cc4010fbc' into main
(cherry picked from commit b7c0c8c18e0f12bc22e251fbcabad719b364a38a)
---
contrib/unbound/acx_nlnetlabs.m4 | 121 +-
contrib/unbound/configure | 350 +-
contrib/unbound/configure.ac | 28 +-
contrib/unbound/daemon/remote.c | 10 +-
contrib/unbound/daemon/worker.c | 28 +-
contrib/unbound/dnstap/dnstap.c | 32 +-
contrib/unbound/dnstap/dnstap.h | 4 +
contrib/unbound/dnstap/dnstap.m4 | 107 +-
contrib/unbound/dnstap/dnstap.proto | 82 +-
contrib/unbound/doc/Changelog | 140 +-
contrib/unbound/doc/README | 11 +-
contrib/unbound/doc/example.conf.in | 25 +-
contrib/unbound/doc/libunbound.3.in | 4 +-
contrib/unbound/doc/unbound-anchor.8.in | 2 +-
contrib/unbound/doc/unbound-checkconf.8.in | 2 +-
contrib/unbound/doc/unbound-control.8.in | 2 +-
contrib/unbound/doc/unbound-host.1.in | 2 +-
contrib/unbound/doc/unbound.8.in | 4 +-
contrib/unbound/doc/unbound.conf.5.in | 24 +-
contrib/unbound/iterator/iter_fwd.c | 1 -
contrib/unbound/iterator/iter_hints.c | 5 +-
contrib/unbound/iterator/iter_scrub.c | 3 +-
contrib/unbound/iterator/iterator.c | 8 +-
contrib/unbound/services/authzone.c | 2 +-
contrib/unbound/services/cache/dns.c | 12 +-
contrib/unbound/services/localzone.c | 6 +-
contrib/unbound/services/mesh.c | 10 +-
contrib/unbound/services/outside_network.c | 46 +-
.../cachedb_no_store.tdir/cachedb_no_store.post | 2 +-
.../cachedb_no_store.tdir/cachedb_no_store.test | 14 +-
.../unbound/testdata/iter_cname_minimise_nx.rpl | 1 -
contrib/unbound/testdata/iter_dname_ttl.rpl | 310 +
.../testdata/root_zonemd.tdir/root_zonemd.test | 32 +-
contrib/unbound/testdata/rrset_use_cached.rpl | 151 +
.../unbound/testdata/serve_expired_0ttl_nodata.rpl | 2 +-
.../testdata/serve_expired_0ttl_nxdomain.rpl | 2 +-
.../testdata/serve_expired_0ttl_servfail.rpl | 2 +-
.../testdata/serve_expired_cached_servfail.rpl | 2 +-
.../serve_expired_cached_servfail_refresh.rpl | 2 +-
.../unbound/testdata/subnet_scopezero_noedns.crpl | 441 ++
contrib/unbound/util/config_file.c | 3 +
contrib/unbound/util/config_file.h | 2 +
contrib/unbound/util/configlexer.c | 7627 +++++++++++++++++++
contrib/unbound/util/configlexer.lex | 1 +
contrib/unbound/util/configparser.c | 7713 ++++++++++++++++++++
contrib/unbound/util/configparser.h | 781 ++
contrib/unbound/util/configparser.y | 13 +-
contrib/unbound/util/data/msgencode.c | 3 +
contrib/unbound/util/data/msgreply.c | 53 +-
contrib/unbound/util/data/msgreply.h | 6 +-
contrib/unbound/util/data/packed_rrset.c | 5 +-
contrib/unbound/util/iana_ports.inc | 1 -
contrib/unbound/util/netevent.c | 12 +-
contrib/unbound/validator/autotrust.c | 8 +-
contrib/unbound/validator/val_sigcrypt.c | 2 +-
contrib/unbound/validator/val_utils.c | 55 +-
contrib/unbound/validator/validator.c | 2 +
lib/libunbound/config.h | 6 +-
58 files changed, 18038 insertions(+), 287 deletions(-)
diff --git a/contrib/unbound/acx_nlnetlabs.m4 b/contrib/unbound/acx_nlnetlabs.m4
index f27615bd8bce..6a01dc5a4769 100644
--- a/contrib/unbound/acx_nlnetlabs.m4
+++ b/contrib/unbound/acx_nlnetlabs.m4
@@ -2,7 +2,10 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
-# Version 46
+# Version 48
+# 2024-01-16 fix to add -l:libssp.a to -lcrypto link check.
+# and check for getaddrinfo with only header.
+# 2024-01-15 fix to add crypt32 to -lcrypto link check when checking for gdi32.
# 2023-05-04 fix to remove unused whitespace.
# 2023-01-26 fix -Wstrict-prototypes.
# 2022-09-01 fix checking if nonblocking sockets work on OpenBSD.
@@ -707,7 +710,7 @@ AC_DEFUN([ACX_SSL_CHECKS], [
LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir_lib"
ACX_RUNTIME_PATH_ADD([$ssldir_lib])
fi
-
+
AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
LIBS="$LIBS -lcrypto"
LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
@@ -732,40 +735,73 @@ AC_DEFUN([ACX_SSL_CHECKS], [
]])],[
AC_DEFINE([HAVE_EVP_SHA256], 1,
[If you have EVP_sha256])
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT(yes)
],[
AC_MSG_RESULT(no)
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
- LIBS="$LIBS -ldl"
- LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
- AC_MSG_CHECKING([if -lcrypto needs -ldl])
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
- int EVP_sha256(void);
- (void)EVP_sha256();
- ]])],[
- AC_DEFINE([HAVE_EVP_SHA256], 1,
- [If you have EVP_sha256])
- AC_MSG_RESULT(yes)
- ],[
- AC_MSG_RESULT(no)
- LIBS="$BAKLIBS"
- LIBSSL_LIBS="$BAKSSLLIBS"
- LIBS="$LIBS -ldl -pthread"
- LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
- AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
- int EVP_sha256(void);
- (void)EVP_sha256();
- ]])],[
- AC_DEFINE([HAVE_EVP_SHA256], 1,
- [If you have EVP_sha256])
- AC_MSG_RESULT(yes)
- ],[
- AC_MSG_RESULT(no)
- AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])
+
+ LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32"
+ LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32"
+ AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
+ int EVP_sha256(void);
+ (void)EVP_sha256();
+ ]])],[
+ AC_DEFINE([HAVE_EVP_SHA256], 1,
+ [If you have EVP_sha256])
+ AC_MSG_RESULT(yes)
+ ],[
+ AC_MSG_RESULT(no)
+ LIBS="$BAKLIBS"
+ LIBSSL_LIBS="$BAKSSLLIBS"
+
+ LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a"
+ LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a"
+ AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
+ int EVP_sha256(void);
+ (void)EVP_sha256();
+ ]])],[
+ AC_DEFINE([HAVE_EVP_SHA256], 1,
+ [If you have EVP_sha256])
+ AC_MSG_RESULT(yes)
+ ],[
+ AC_MSG_RESULT(no)
+ LIBS="$BAKLIBS"
+ LIBSSL_LIBS="$BAKSSLLIBS"
+
+ LIBS="$LIBS -ldl"
+ LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
+ AC_MSG_CHECKING([if -lcrypto needs -ldl])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
+ int EVP_sha256(void);
+ (void)EVP_sha256();
+ ]])],[
+ AC_DEFINE([HAVE_EVP_SHA256], 1,
+ [If you have EVP_sha256])
+ AC_MSG_RESULT(yes)
+ ],[
+ AC_MSG_RESULT(no)
+ LIBS="$BAKLIBS"
+ LIBSSL_LIBS="$BAKSSLLIBS"
+ LIBS="$LIBS -ldl -pthread"
+ LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
+ AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[
+ int EVP_sha256(void);
+ (void)EVP_sha256();
+ ]])],[
+ AC_DEFINE([HAVE_EVP_SHA256], 1,
+ [If you have EVP_sha256])
+ AC_MSG_RESULT(yes)
+ ],[
+ AC_MSG_RESULT(no)
+ AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])
+ ])
+ ])
])
- ])
+ ])
])
])
fi
@@ -779,7 +815,7 @@ AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT])
dnl Check for SSL, where SSL is mandatory
dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found
-dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS.
+dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS.
dnl Checks main header files of SSL.
dnl
AC_DEFUN([ACX_WITH_SSL],
@@ -872,7 +908,7 @@ dnl see if on windows
if test "$ac_cv_header_windows_h" = "yes"; then
AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
USE_WINSOCK="1"
- if echo $LIBS | grep 'lws2_32' >/dev/null; then
+ if echo "$LIBS" | grep 'lws2_32' >/dev/null; then
:
else
LIBS="$LIBS -lws2_32"
@@ -880,6 +916,24 @@ if test "$ac_cv_header_windows_h" = "yes"; then
fi
],
dnl no quick getaddrinfo, try mingw32 and winsock2 library.
+dnl perhaps getaddrinfo needs only the include
+AC_LINK_IFELSE(
+[AC_LANG_PROGRAM(
+[
+#ifdef HAVE_WS2TCPIP_H
+#include <ws2tcpip.h>
+#endif
+],
+[
+ (void)getaddrinfo(NULL, NULL, NULL, NULL);
+]
+)],
+[
+ac_cv_func_getaddrinfo="yes"
+AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
+USE_WINSOCK="1"
+],
+
ORIGLIBS="$LIBS"
LIBS="$LIBS -lws2_32"
AC_LINK_IFELSE(
@@ -904,6 +958,7 @@ ac_cv_func_getaddrinfo="no"
LIBS="$ORIGLIBS"
])
)
+)
AC_MSG_RESULT($ac_cv_func_getaddrinfo)
if test $ac_cv_func_getaddrinfo = yes; then
diff --git a/contrib/unbound/configure b/contrib/unbound/configure
index c87c669c8435..6aa1aeb80676 100755
--- a/contrib/unbound/configure
+++ b/contrib/unbound/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for unbound 1.19.1.
+# Generated by GNU Autoconf 2.69 for unbound 1.19.3.
#
# Report bugs to <unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues>.
#
@@ -591,8 +591,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.19.1'
-PACKAGE_STRING='unbound 1.19.1'
+PACKAGE_VERSION='1.19.3'
+PACKAGE_STRING='unbound 1.19.3'
PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues'
PACKAGE_URL=''
@@ -655,6 +655,8 @@ DNSTAP_SOCKET_TESTBIN
DNSTAP_SOCKET_PATH
opt_dnstap_socket_path
ENABLE_DNSTAP
+PROTOBUFC_LIBS
+PROTOBUFC_CFLAGS
PROTOC_C
UBSYMS
EXTRALINK
@@ -926,7 +928,9 @@ SYSTEMD_CFLAGS
SYSTEMD_LIBS
SYSTEMD_DAEMON_CFLAGS
SYSTEMD_DAEMON_LIBS
-PYTHON_VERSION'
+PYTHON_VERSION
+PROTOBUFC_CFLAGS
+PROTOBUFC_LIBS'
# Initialize some variables set by options.
@@ -1477,7 +1481,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures unbound 1.19.1 to adapt to many kinds of systems.
+\`configure' configures unbound 1.19.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1543,7 +1547,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of unbound 1.19.1:";;
+ short | recursive ) echo "Configuration of unbound 1.19.3:";;
esac
cat <<\_ACEOF
@@ -1718,6 +1722,10 @@ Some influential environment variables:
The installed Python version to use, for example '2.3'. This
string will be appended to the Python interpreter canonical
name.
+ PROTOBUFC_CFLAGS
+ C compiler flags for PROTOBUFC, overriding pkg-config
+ PROTOBUFC_LIBS
+ linker flags for PROTOBUFC, overriding pkg-config
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
@@ -1785,7 +1793,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-unbound configure 1.19.1
+unbound configure 1.19.3
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2494,7 +2502,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by unbound $as_me 1.19.1, which was
+It was created by unbound $as_me 1.19.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2846,11 +2854,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=19
-UNBOUND_VERSION_MICRO=1
+UNBOUND_VERSION_MICRO=3
LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=24
+LIBUNBOUND_REVISION=26
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -2942,6 +2950,8 @@ LIBUNBOUND_AGE=1
# 1.18.0 had 9:22:1
# 1.19.0 had 9:23:1
# 1.19.1 had 9:24:1
+# 1.19.2 had 9:25:1
+# 1.19.3 had 9:26:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -14416,7 +14426,7 @@ CC=$lt_save_CC
# pkg-config is only needed for these options, do not require it otherwise
-if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
+if test "$enable_systemd" = "yes" -o "$enable_dnstap" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
@@ -18104,19 +18114,86 @@ else
$as_echo "no" >&6; }
LIBS="$BAKLIBS"
LIBSSL_LIBS="$BAKSSLLIBS"
- LIBS="$LIBS -ldl"
- LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl" >&5
+
+ LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32"
+ LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32" >&5
+$as_echo_n "checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ int EVP_sha256(void);
+ (void)EVP_sha256();
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+
+$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LIBS="$BAKLIBS"
+ LIBSSL_LIBS="$BAKSSLLIBS"
+
+ LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a"
+ LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" >&5
+$as_echo_n "checking if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ int EVP_sha256(void);
+ (void)EVP_sha256();
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+
+$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LIBS="$BAKLIBS"
+ LIBSSL_LIBS="$BAKSSLLIBS"
+
+ LIBS="$LIBS -ldl"
+ LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl" >&5
$as_echo_n "checking if -lcrypto needs -ldl... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
- int EVP_sha256(void);
- (void)EVP_sha256();
+ int EVP_sha256(void);
+ (void)EVP_sha256();
;
return 0;
@@ -18127,28 +18204,28 @@ if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
- LIBS="$BAKLIBS"
- LIBSSL_LIBS="$BAKSSLLIBS"
- LIBS="$LIBS -ldl -pthread"
- LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5
+ LIBS="$BAKLIBS"
+ LIBSSL_LIBS="$BAKSSLLIBS"
+ LIBS="$LIBS -ldl -pthread"
+ LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -lcrypto needs -ldl -pthread" >&5
$as_echo_n "checking if -lcrypto needs -ldl -pthread... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
- int EVP_sha256(void);
- (void)EVP_sha256();
+ int EVP_sha256(void);
+ (void)EVP_sha256();
;
return 0;
@@ -18159,14 +18236,22 @@ if ac_fn_c_try_link "$LINENO"; then :
$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
- as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5
+ as_fn_error $? "OpenSSL found in $ssldir, but version 0.9.7 or higher is required" "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
fi
rm -f core conftest.err conftest.$ac_objext \
@@ -19847,7 +19932,7 @@ if test x_$enable_static_exe = x_yes; then
if test "$on_mingw" = yes; then
staticexe="-all-static"
# for static compile, include gdi32 and zlib here.
- if echo $LIBS | grep 'lgdi32' >/dev/null; then
+ if echo "$LIBS" | grep 'lgdi32' >/dev/null; then
:
else
LIBS="$LIBS -lgdi32"
@@ -19892,7 +19977,11 @@ if test "x$ac_cv_lib_z_compress" = xyes; then :
LIBS="$LIBS -lz"
fi
- LIBS="$LIBS -l:libssp.a"
+ if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then
+ :
+ else
+ LIBS="$LIBS -l:libssp.a"
+ fi
fi
fi
@@ -19951,7 +20040,11 @@ if test "x$ac_cv_lib_z_compress" = xyes; then :
LIBS="$LIBS -lz"
fi
- LIBS="$LIBS -l:libssp.a"
+ if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then
+ :
+ else
+ LIBS="$LIBS -l:libssp.a"
+ fi
fi
fi
@@ -19998,13 +20091,40 @@ if test "$ac_cv_header_windows_h" = "yes"; then
$as_echo "#define USE_WINSOCK 1" >>confdefs.h
USE_WINSOCK="1"
- if echo $LIBS | grep 'lws2_32' >/dev/null; then
+ if echo "$LIBS" | grep 'lws2_32' >/dev/null; then
:
else
LIBS="$LIBS -lws2_32"
fi
fi
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#ifdef HAVE_WS2TCPIP_H
+#include <ws2tcpip.h>
+#endif
+
+int
+main ()
+{
+
+ (void)getaddrinfo(NULL, NULL, NULL, NULL);
+
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ac_cv_func_getaddrinfo="yes"
+
+$as_echo "#define USE_WINSOCK 1" >>confdefs.h
+
+USE_WINSOCK="1"
+
else
ORIGLIBS="$LIBS"
LIBS="$LIBS -lws2_32"
@@ -20047,6 +20167,10 @@ fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getaddrinfo" >&5
$as_echo "$ac_cv_func_getaddrinfo" >&6; }
if test $ac_cv_func_getaddrinfo = yes; then
@@ -20166,7 +20290,11 @@ else
WINDRES="$ac_cv_prog_WINDRES"
fi
- LIBS="$LIBS -liphlpapi -lcrypt32"
+ if echo "$LIBS" | grep crypt32 >/dev/null; then
+ LIBS="$LIBS -liphlpapi"
+ else
+ LIBS="$LIBS -liphlpapi -lcrypt32"
+ fi
WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe"
WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c"
@@ -21199,7 +21327,7 @@ fi
# check for dnstap if requested
- # Check whether --enable-dnstap was given.
+ # Check whether --enable-dnstap was given.
if test "${enable_dnstap+set}" = set; then :
enableval=$enable_dnstap; opt_dnstap=$enableval
else
@@ -21216,8 +21344,8 @@ else
fi
- if test "x$opt_dnstap" != "xno"; then
- # Extract the first word of "protoc-c", so it can be a program name with args.
+ if test "x$opt_dnstap" != "xno"; then
+ # Extract the first word of "protoc-c", so it can be a program name with args.
set dummy protoc-c; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
@@ -21257,36 +21385,132 @@ $as_echo "no" >&6; }
fi
- if test -z "$PROTOC_C"; then
- as_fn_error $? "The protoc-c program was not found. Please install protobuf-c!" "$LINENO" 5
- fi
+ if test -z "$PROTOC_C"; then
+ as_fn_error $? "The protoc-c program was not found. Please install protobuf-c!" "$LINENO" 5
+ fi
# Check whether --with-protobuf-c was given.
if test "${with_protobuf_c+set}" = set; then :
withval=$with_protobuf_c;
- # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
- if test -f $withval/include/google/protobuf-c/protobuf-c.h; then
- CFLAGS="$CFLAGS -I$withval/include/google"
- else
- CFLAGS="$CFLAGS -I$withval/include"
- fi
- LDFLAGS="$LDFLAGS -L$withval/lib"
+ # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
+ if test -f $withval/include/google/protobuf-c/protobuf-c.h; then
+ CFLAGS="$CFLAGS -I$withval/include/google"
+ else
+ CFLAGS="$CFLAGS -I$withval/include"
+ fi
+ LDFLAGS="$LDFLAGS -L$withval/lib"
else
- # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
- if test -f /usr/include/google/protobuf-c/protobuf-c.h; then
- CFLAGS="$CFLAGS -I/usr/include/google"
- else
- if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then
- CFLAGS="$CFLAGS -I/usr/local/include/google"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- fi
- fi
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for PROTOBUFC" >&5
+$as_echo_n "checking for PROTOBUFC... " >&6; }
+
+if test -n "$PROTOBUFC_CFLAGS"; then
+ pkg_cv_PROTOBUFC_CFLAGS="$PROTOBUFC_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libprotobuf-c\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libprotobuf-c") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_PROTOBUFC_CFLAGS=`$PKG_CONFIG --cflags "libprotobuf-c" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$PROTOBUFC_LIBS"; then
+ pkg_cv_PROTOBUFC_LIBS="$PROTOBUFC_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libprotobuf-c\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libprotobuf-c") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_PROTOBUFC_LIBS=`$PKG_CONFIG --libs "libprotobuf-c" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
fi
+ if test $_pkg_short_errors_supported = yes; then
+ PROTOBUFC_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libprotobuf-c" 2>&1`
+ else
+ PROTOBUFC_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libprotobuf-c" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$PROTOBUFC_PKG_ERRORS" >&5
+
+
+ # pkg-config failed; try falling back to known values
+ # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
+ if test -f /usr/include/google/protobuf-c/protobuf-c.h; then
+ CFLAGS="$CFLAGS -I/usr/include/google"
+ else
+ if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then
+ CFLAGS="$CFLAGS -I/usr/local/include/google"
+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ else
+ as_fn_error $? "The protobuf-c package was not found with pkg-config. Please install protobuf-c!" "$LINENO" 5
+ fi
+ fi
+
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing protobuf_c_message_pack" >&5
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+ # pkg-config failed; try falling back to known values
+ # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0
+ if test -f /usr/include/google/protobuf-c/protobuf-c.h; then
+ CFLAGS="$CFLAGS -I/usr/include/google"
+ else
+ if test -f /usr/local/include/google/protobuf-c/protobuf-c.h; then
+ CFLAGS="$CFLAGS -I/usr/local/include/google"
+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ else
+ as_fn_error $? "The protobuf-c package was not found with pkg-config. Please install protobuf-c!" "$LINENO" 5
+ fi
+ fi
+
+
+else
+ PROTOBUFC_CFLAGS=$pkg_cv_PROTOBUFC_CFLAGS
+ PROTOBUFC_LIBS=$pkg_cv_PROTOBUFC_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+ CFLAGS="$CFLAGS $PROTOBUFC_CFLAGS"
+ LIBS="$LIBS $PROTOBUFC_LIBS"
+
+fi
+
+
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing protobuf_c_message_pack" >&5
$as_echo_n "checking for library containing protobuf_c_message_pack... " >&6; }
if ${ac_cv_search_protobuf_c_message_pack+:} false; then :
$as_echo_n "(cached) " >&6
@@ -21368,13 +21592,13 @@ _ACEOF
DNSTAP_OBJ="dnstap.lo dnstap.pb-c.lo dnstap_fstrm.lo dtstream.lo"
- else
+ else
ENABLE_DNSTAP=0
- fi
+ fi
# check for dnscrypt if requested
@@ -21895,7 +22119,7 @@ _ACEOF
-version=1.19.1
+version=1.19.3
date=`date +'%b %e, %Y'`
@@ -22414,7 +22638,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by unbound $as_me 1.19.1, which was
+This file was extended by unbound $as_me 1.19.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -22480,7 +22704,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-unbound config.status 1.19.1
+unbound config.status 1.19.3
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git a/contrib/unbound/configure.ac b/contrib/unbound/configure.ac
index 70fc7e7fdf49..e0dedbef9add 100644
--- a/contrib/unbound/configure.ac
+++ b/contrib/unbound/configure.ac
@@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[19])
-m4_define([VERSION_MICRO],[1])
+m4_define([VERSION_MICRO],[3])
AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound])
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=9
-LIBUNBOUND_REVISION=24
+LIBUNBOUND_REVISION=26
LIBUNBOUND_AGE=1
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -110,6 +110,8 @@ LIBUNBOUND_AGE=1
# 1.18.0 had 9:22:1
# 1.19.0 had 9:23:1
# 1.19.1 had 9:24:1
+# 1.19.2 had 9:25:1
+# 1.19.3 had 9:26:1
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -407,7 +409,7 @@ AC_CHECK_TOOL(STRIP, strip)
ACX_LIBTOOL_C_ONLY
# pkg-config is only needed for these options, do not require it otherwise
-if test "$enable_systemd" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
+if test "$enable_systemd" = "yes" -o "$enable_dnstap" = "yes" -o "$with_pyunbound" = "yes" -o "$with_pythonmod" = "yes"; then
PKG_PROG_PKG_CONFIG
fi
@@ -1526,13 +1528,17 @@ if test x_$enable_static_exe = x_yes; then
if test "$on_mingw" = yes; then
staticexe="-all-static"
# for static compile, include gdi32 and zlib here.
- if echo $LIBS | grep 'lgdi32' >/dev/null; then
+ if echo "$LIBS" | grep 'lgdi32' >/dev/null; then
:
else
LIBS="$LIBS -lgdi32"
fi
AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ])
- LIBS="$LIBS -l:libssp.a"
+ if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then
+ :
+ else
+ LIBS="$LIBS -l:libssp.a"
+ fi
fi
fi
@@ -1549,7 +1555,11 @@ if test x_$enable_fully_static = x_yes; then
LIBS="$LIBS -lgdi32"
fi
AC_CHECK_LIB([z], [compress], [ LIBS="$LIBS -lz" ])
- LIBS="$LIBS -l:libssp.a"
+ if echo "$LIBS" | grep -e "libssp.a" -e "lssp" >/dev/null; then
+ :
+ else
+ LIBS="$LIBS -l:libssp.a"
+ fi
fi
fi
@@ -1569,7 +1579,11 @@ if test "$USE_WINSOCK" = 1; then
#include <windows.h>
])
AC_CHECK_TOOL(WINDRES, windres)
- LIBS="$LIBS -liphlpapi -lcrypt32"
+ if echo "$LIBS" | grep crypt32 >/dev/null; then
+ LIBS="$LIBS -liphlpapi"
+ else
+ LIBS="$LIBS -liphlpapi -lcrypt32"
+ fi
WINAPPS="unbound-service-install.exe unbound-service-remove.exe anchor-update.exe"
AC_SUBST(WINAPPS)
WIN_DAEMON_SRC="winrc/win_svc.c winrc/w_inst.c"
diff --git a/contrib/unbound/daemon/remote.c b/contrib/unbound/daemon/remote.c
index 3eb711ce6428..5d79eafd23be 100644
--- a/contrib/unbound/daemon/remote.c
+++ b/contrib/unbound/daemon/remote.c
@@ -553,7 +553,7 @@ ssl_print_text(RES* res, const char* text)
static int
ssl_print_vmsg(RES* ssl, const char* format, va_list args)
{
- char msg[1024];
+ char msg[65535];
vsnprintf(msg, sizeof(msg), format, args);
return ssl_print_text(ssl, msg);
}
@@ -3181,10 +3181,10 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd,
do_flush_bogus(ssl, worker);
} else if(cmdcmp(p, "flush_negative", 14)) {
do_flush_negative(ssl, worker);
- } else if(cmdcmp(p, "rpz_enable", 10)) {
- do_rpz_enable(ssl, worker, skipwhite(p+10));
- } else if(cmdcmp(p, "rpz_disable", 11)) {
- do_rpz_disable(ssl, worker, skipwhite(p+11));
+ } else if(cmdcmp(p, "rpz_enable", 10)) {
+ do_rpz_enable(ssl, worker, skipwhite(p+10));
+ } else if(cmdcmp(p, "rpz_disable", 11)) {
+ do_rpz_disable(ssl, worker, skipwhite(p+11));
} else {
(void)ssl_printf(ssl, "error unknown command '%s'\n", p);
}
diff --git a/contrib/unbound/daemon/worker.c b/contrib/unbound/daemon/worker.c
index 8ae05eb67e66..176abf57d56e 100644
--- a/contrib/unbound/daemon/worker.c
+++ b/contrib/unbound/daemon/worker.c
@@ -1151,7 +1151,7 @@ deny_refuse(struct comm_point* c, enum acl_access acl,
log_assert(sldns_buffer_limit(c->buffer) >= LDNS_HEADER_SIZE
&& LDNS_QDCOUNT(sldns_buffer_begin(c->buffer)) == 1);
- sldns_buffer_skip(c->buffer, LDNS_HEADER_SIZE); /* skip header */
+ sldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE); /* skip header */
/* check additional section is present and that we respond with EDEs */
if(LDNS_ARCOUNT(sldns_buffer_begin(c->buffer)) != 1
@@ -1163,6 +1163,7 @@ deny_refuse(struct comm_point* c, enum acl_access acl,
LDNS_QR_SET(sldns_buffer_begin(c->buffer));
LDNS_RCODE_SET(sldns_buffer_begin(c->buffer),
LDNS_RCODE_REFUSED);
+ sldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE);
*** 18928 LINES SKIPPED ***