Commit Graph

8787 Commits

Author SHA1 Message Date
pgoyette
956f25580a Another rename from uvm_free() --> uvm_availmem() 2019-12-31 14:51:29 +00:00
ad
5c06357c90 Rename uvm_free() -> uvm_availmem(). 2019-12-31 13:07:09 +00:00
christos
3867d9a6ba Only ignore signals if we are bind (not dhcpd). 2019-12-29 01:38:27 +00:00
kamil
4f79a48470 Introduce PT_LWPSTATUS + PT_LWPNEXT, obsolete PT_LWPINFO
PT_LWPINFO is a legacy ptrace(2) operation that was originally intended
to retrieve the thread (LWP) information inside a traced process.

It has a number of flaws and is confused with PT_LWPINFO from FreeBSD.

PT_LWPSTATUS and PT_LWPNEXT address the problems (shortly by: rename,
removal of pl_event) and introduces new features: signal context
(pl_sigpend, pl_sigmask), LWP name (pl_name), LWP TLS base address
(pl_private). The private pointer was so far missing information for
a debugger.

PT_LWPSTATUS@nnn is now shipped with core(5) files and contain LWP specific
information, so far missed in the core(5) files.

PT_LWPSTATUS retrieves LWP information for the prompted thread.
PT_LWPNEXT retrieves LWP information for the next thread, borrowing the
semantics from NetBSD specific PT_LWPINFO.

PT_LWPINFO is namespaced with __LEGACY_PT_LWPINFO and still available for
the foreseeable future, without plans of removing it.

Add ATF tests for PT_LWPSTATUS + PT_LWPNEXT.

Keep ATF tests for PT_LWPINFO.

Switch GDB to new API.

Proposed on tech-kern@.
2019-12-24 14:50:59 +00:00
ad
7d06f3305f Make mntvnode_lock per-mount, and address false sharing of struct mount. 2019-12-22 19:47:34 +00:00
skrll
47e7684e70 Update for new DTC 2019-12-22 12:42:23 +00:00
skrll
d51be32b57 Update version 2019-12-22 12:41:52 +00:00
skrll
7cdf52c4e1 Merge conflicts 2019-12-22 12:38:24 +00:00
skrll
cc7d2833ec Import dtc 1.5.1 2019-12-22 12:34:02 +00:00
ad
ddd3a0be1e uvmexp.free -> uvm_free() 2019-12-21 13:00:20 +00:00
wiz
cc99a5951f Add license from https://github.com/onetrueawk/awk/blob/master/LICENSE 2019-12-21 09:11:59 +00:00
roy
7ad4da0c36 Sync 2019-12-20 22:24:59 +00:00
roy
1065b8acaf Update to dhcpcd-8.1.4 with the following change:
* options: Fix allocating the script option
2019-12-20 22:23:55 +00:00
roy
221cda2432 Sync 2019-12-20 12:01:35 +00:00
roy
77955cec60 Import dhcpcd-8.1.3 with the following changes:
* dhcpcd: Only report SSID when we have a carrier
 * IPv6ND: Fix reachable test
 * DHCP6: Work better with infinite addresses
 * DHCP6: Suboption 3 of NTP Server is a FQDN
 * DHCP6: Fix deprecating a delegated prefix
 * DHCP: Ensure we have a lease to extract options from
2019-12-20 12:00:18 +00:00
wiz
28107122fa Remove macros with no effect. 2019-12-18 10:17:48 +00:00
christos
16fd89ab39 Fix sun2 (static linking) 2019-12-17 18:59:39 +00:00
christos
33c14bf659 Sync with upstream. 2019-12-17 18:35:57 +00:00
christos
fae31486a8 Add more libraries 2019-12-17 13:35:43 +00:00
martin
e2b0943e17 Cast an off_t to intmax_t and use %jd to printf it. 2019-12-17 08:02:00 +00:00
christos
78a23c3a8c merge conflicts 2019-12-17 02:31:05 +00:00
christos
eff51ed236 Import 5.38:
- Always accept -S (no sandbox) even if we don't support sandboxing
	- More syscalls elided for sandboxiing
	- For ELF dynamic means having an interpreter not just PT_DYNAMIC
	- Check for large ELF session header offset
	- When saving and restoring a locale, keep the locale name in our
	  own storage.
	- Add a flag to disable CSV file detection.
	- Don't pass NULL/0 to memset to appease sanitizers.
	- Avoid spurious prints when looks for extensions or apple strings
	  in fsmagic.
	- Add builtin decompressors for xz and and bzip.
	- Add a limit for the number of CDF elements.
	- More checks for overflow in CDF.
2019-12-17 02:23:53 +00:00
skrll
817923ee4d Update to new RaspberryPi firware
commit 0c01dbefba45a08c47f8538d5a071a0fba6b7e83
Author: popcornmix <popcornmix@gmail.com>
Date:   Wed Dec 11 15:30:08 2019 +0000

and include firmware for RPI4

Firmware has bee updated to support mainline linux kernels as described in
https://github.com/raspberrypi/linux/issues/3237
2019-12-16 11:00:30 +00:00
christos
a3dd92aca3 resolve conflicts 2019-12-15 17:08:21 +00:00
christos
77513ecfba OpenPAM Tabebuia 2019-02-24
- BUGFIX: Fix off-by-one bug in pam_getenv(3) which was introduced in
   OpenPAM Radula.

 - ENHANCE: Add unit tests for pam_{get,put,set}env(3).
2019-12-15 16:44:27 +00:00
christos
5b490f6c36 merge conflicts 2019-12-15 16:26:04 +00:00
christos
87edd195b7 resolve conflicts 2019-12-15 16:16:34 +00:00
christos
febe9f0745 3 December 2019: Wouter
- Fix #52: do not log transient network full errors unless higher
	  verbosity is set.
	- Fix checkconf test for new error output string.
	- tag for 4.2.4rc1 release.

27 November 2017 Jeroen
	- Fix regressions in configparser.y

22 November 2019: Wouter
	- Fix #48: Add make distclean that removes config.h made by configure.
	  And add maintainer-clean that removes bison and flex output.

18 November 2019: Wouter
	- Detect fixed time memcmp for openssl 0.9.8 compatibility.
	- Detect EC_KEY_new_by_curve_name for openssl 0.9.8.
	- include limits.h for UINT_MAX.
	- If no recvmmsg, dont use msg_flags member, but errno for error,
	  where our fallback function left it, msg_flags also does not exist
	  on some systems.
	- Remove unused variable warning for portability.

14 November 2019: Wouter
	- Fix checkconf test with filenames that sort in the same order.
	- Tag for 4.2.3rc1.  Branch master is 4.2.4 in development.

11 November 2019: Wouter
	- Fix #44: document that remote-control is a top-level nsd.conf
	  attribute.
	- Fix compile on OSX.
	- Fix for #44: nicer top-level clause documentation.

22 October 2019: Jeroen
	- Number of different UDP handlers has been reduced to one. recvmmsg
	  and sendmmsg implementations are now used on all platforms.
	  Compatible implementations are in place for systems that lack the
	  system calls.
	- Socket options are now set in designated functions for easy reuse.
	- Socket setup has been simplified for easy reuse.
	- Configuration parser is now aware of the context in which an option
	  was specified.

21 October 2019: Wouter
	- For #21 add
	  contrib/patch_for_s6_startup_and_other_service_supervisors.diff
	  that adds support for readiness notification with READY_FD from
	  Cameron Nemo.

17 October 2019: Jeroen
	- Fix #40: Merge small fixes for confine-to-zone by Greg Bock.

15 October 2019: Jeroen
	- For #39: Merge confine-to-zone feature contributes by Greg Bock.

26 September 2019: Wouter
	- Fix #38: log address and failure reason with tls handshake errors,
	  squelches (the same as unbound) some unless high verbosity is used.
	- Fixup clang analysis warning in xfrd_parse_received_xfr_packet
	  master dereference.

25 September 2019: Wouter
	- The nsd.conf includes are sorted ascending, for include statements
	  with a '*' from glob.

16 September 2019: Wouter
	- Fixup warnings during --disable-ipv6 compile.
	- Fixup unit test executable to run without IPv6.

4 September 2019: Wouter
	- Fix #35: excessive logging of ixfr failures, it stops the log when
	  fallback to axfr is possible. log is enabled at high verbosity.

2 September 2019: Wouter
	- For #21: pidfile "" allows to run NSD without a pidfile, for
	  startup management tools like daemontools.

28 August 2019: Wouter
	- In tests check for tls test tool availability.

19 August 2019: Wouter
	- Tag for 4.2.2 release.  Git master contains 4.2.3 in development.

13 August 2019: Wouter
	- Fix error message for out of zone data to have more information.
	- Tag for 4.2.2rc2.

12 August 2019: Wouter
	- Fix #33: Fix segfault in service of remaining streams on exit.

6 August 2019: Wouter
	- Tag for 4.2.2rc1.

5 August 2019: Wouter
	- PR #31: nsd-control: Add missing stdio header.
	- PR #32: tsig: Fix compilation without HAVE_SSL.
	- Cleanup tls context on xfrd exit.

31 July 2019: Wouter
	- Fix #29: SSHFP check NULL pointer dereference.
	- Fix #30: SSHFP check failure due to missing domain name.
	- Fix to timeval_add in minievent for remaining second in microseconds.

22 July 2019: Wouter
	- Set timeout for refetch immediately, only spread load when there
	  are retries.

19 July 2019: Wouter
	- Set no renegotiation on the SSL context to stop client
	  session renegotiation.

18 July 2019: Wouter
	- Fix #25: NSD doesn't refresh zones after extended downtime,
	  it refreshes the old zones, with a random delay of a couple of
	  seconds to spread the load.
	- Fix so that expired zones stay expired when server is down a
	  long time.

17 July 2019: Wouter
	- Fix that NSD warns for wrong length of the hash in SSHFP records.

15 July 2019: Wouter
	- PR #23: Fix typo in nsd.conf man-page.

4 July 2019: Wouter
	- Set version to 4.2.2 in development.
	- clean memory on exit of nsd-checkzone for memory debug.
	- Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the
	  dname_concatenate() function.  Reported by Frederic Cambus.
	  It causes the zone parser to crash on a malformed zone file,
	  with assertions enabled, an assertion catches it.
	- Fix #19: Out-of-bounds read caused by improper validation of
	  array index.  Reported by Frederic Cambus.  The zone parser
	  fails on type SIG because of mismatched definition with RRSIG.

2 July 2019: Wouter
	- Tag for 4.2.1rc1

27 June 2019: Wouter
	- Fix unit test for added options and no dot after zone updated
	  log message.
	- Fix compile without accept4.

21 June 2019: Wouter
	- Omit remaining tcp processing if the list is empty.
	- Fix output of nsd-checkconf -h.

20 June 2019: Wouter
	- Initialize event structures before event_set, to stop uninitialized
	  values from setting event library lists and assertions, that would
	  sometimes also show after event_del.
	- Added num.tls and num.tls6 stat counters.
	- PR #12: send-buffer-size, receive-buffer-size,
	  tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.
	- Do not use symbol from libc, instead use own replacement, if not
	  available, for accept4.
	- Fix #14, tcp connections have 1/10 to be active and have to work
	  every second, and then they get time to complete during a reload,
	  this is a process that lingers with the old version during a version
	  update.

19 June 2019: Wouter
	- Fix tls handshake event callback function mistake, reported
	  by Mykhailo Danylenko.

18 June 2019: Wouter
	- Fix #15: crash in SSL library, initialize variables for TCP access
	  when TLS is configured.

14 June 2019: Wouter
	- Fix to init event not pointer, in reassignment.

12 June 2019: Wouter
	- Fix to init event structure for reassignment.

11 June 2019: Wouter
	- NSD 4.2.0 release.  Current development is 4.2.1.
	- Fixup of RELNOTES, corrected RFC reference for 4892.
	- Fix #13: Stray dot at the end of some log entries, removes dot
	  after updated serial number in log entry.
	- Fix TLS cipher selection, the previous was redundant, prefers
	  CHACHA20-POLY1305 over AESGCM and was not as readable as it could be.
	- Consolidate server tls context create and remote control context
	  create, with hardening for the remote control tls context too.

6 June 2019: Wouter
	- NSD 4.2.0rc1 tag.

4 June 2019: Wouter
	- Fix unit test for outgoing interface to use random port numbers for
	  the outgoing interface config.

29 May 2019: Wouter
	- Fix to guard _OPENBSD_SOURCE from redefinition.

28 May 2019: Wouter
	- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.

16 May 2019: Wouter
	- Fix #10: Fix memory leaks caused by duplicate rr and include
	  instructions.

6 May 2019: Wouter
	- Note CII best practices badge for NSD on the README.md.

2 May 2019: Wouter
	- Fix .gitignore for unit test generated files.
	- Fix checkconf unit test for hide-identity and tls.

1 May 2019: Wouter
	- Fix makedist.sh for use with git.
	- Nicer output on travis for clang analysis.
	- Add .gitignore file to exclude built files from version tracking.
	- Add README.md file in repository with compile instructions.
	- Fix .gitignore for dnstap files and aclocal temp.
	- Add aclocal to README.md for pkgconfig for some configure options.

25 April 2019: Wouter
	- Add tls.tpkg unit test for DNS over TLS functionality.

18 April 2019: Wouter
	- Fix to avoid buffer alloc with global buffer in tls write handler.
	- Fix to initialize event structure when accepting TCP connection.
	- Use travis for build check, initial unit test and clang analysis.
	- Disable SSLv2,3,TLSv1.0,1.1 if TLS1.2 is available in libssl.
	- Disable weak ciphers, enable CIPHER_SERVER_PREFERENCE.
	- further setup ssl ctx after the keys are loaded, for ECDH.
	- TLS OCSP stapling support, enabled with tls-service-ocsp: filename,
	  patch from Andreas Schulze.

17 April 2019: Wouter
	- Fix to share openssl init code, and perform it once.

16 April 2019: Andreas via Sara
	- Patch to add support for TCP Fast Open
	- Patch to add support for tls service on a specified tls port

16 April 2019: Wouter
	- Fix #4249: The option hide-identity: yes stops NSD from responding
	  with the hostname for chaos class queries.  Implements the RFC4829
	  security considerations.
	- Remove starttls, this signalling method was not standardized.
	- Remove TO bit, this signalling method was not standardized.
	- Remove unused first_query and tls_ok states.
	- Remove sign-compare warning in tls packet send code.
	- Fix spelling in comment and log printout.
	- Fix potential uninitialized variable.
	- Fix documentation for DNS over TLS, and set default port 853.
	- Fix to add missing comment.
	- Fix that the TLS handshake routine sets the correct event to
	  continue when done.
	- Fix that TLS renegotiation calls the read and write routines again
	  with the same parameters when the desired event has been satisfied.
	- Fix that TCP Fastopen has better error message and supports OSX.
	- Fix log for fastopen with verbosity.
	- Squelch TLS handshake failure log until verbosity 3.
	- Add per-zone statistics for TLS queries, and dnstap for TLS queries,
	  and rcode and TCflag statistics for TCP and TLS queries.

25 March 2019: Wouter
	- Print IP address when bind socket fails with error.

21 March 2019: Wouter
	- Fix spelling error in release notes.
	- Fix to delete unused zparser.default_apex member.
2019-12-15 16:00:52 +00:00
christos
01049ae6d5 Import unbound 1.9.6:
6 December 2019: Wouter
	- Fix ipsecmod compile.
	- Fix Makefile.in for ipset module compile, from Adi Prasaja.

5 December 2019: Wouter
	- unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1
	  replacements for unbound-fuzzme.c that gets created after applying
	  the contrib/unbound-fuzzme.patch.  They are contributed by
	  Eric Sesterhenn from X41 D-Sec.
	- tag for 1.9.6rc1.

4 December 2019: Wouter
	- Fix lock type for memory purify log lock deletion.
	- Fix testbound for alloccheck runs, memory purify and lock checks.
	- update contrib/fastrpz.patch to apply more cleanly.
	- Fix Make Test Fails when Configured With --enable-alloc-nonregional,
	  reported by X41 D-Sec.

3 December 2019: Wouter
	- Merge pull request #124 from rmetrich: Changed log lock
	  from 'quick' to 'basic' because this is an I/O lock.
	- Fix text around serial arithmatic used for RRSIG times to refer
	  to correct RFC number.
	- Fix Assert Causing DoS in synth_cname(),
	  reported by X41 D-Sec.
	- Fix similar code in auth_zone synth cname to add the extra checks.
	- Fix Assert Causing DoS in dname_pkt_copy(),
	  reported by X41 D-Sec.
	- Fix OOB Read in sldns_wire2str_dname_scan(),
	  reported by X41 D-Sec.
	- Fix Out of Bounds Write in sldns_str2wire_str_buf(),
	  reported by X41 D-Sec.
	- Fix Out of Bounds Write in sldns_b64_pton(),
	  fixed by check in sldns_str2wire_int16_data_buf(),
	  reported by X41 D-Sec.
	- Fix Insufficient Handling of Compressed Names in dname_pkt_copy(),
	  reported by X41 D-Sec.
	- Fix Out of Bound Write Compressed Names in rdata_copy(),
	  reported by X41 D-Sec.
	- Fix Hang in sldns_wire2str_pkt_scan(),
	  reported by X41 D-Sec.
	  This further lowers the max to 256.
	- Fix snprintf() supports the n-specifier,
	  reported by X41 D-Sec.
	- Fix Bad Indentation, in dnscrypt.c,
	  reported by X41 D-Sec.
	- Fix Client NONCE Generation used for Server NONCE,
	  reported by X41 D-Sec.
	- Fix compile error in dnscrypt.
	- Fix _vfixed not Used, removed from sbuffer code,
	  reported by X41 D-Sec.
	- Fix Hardcoded Constant, reported by X41 D-Sec.
	- make depend

2 December 2019: Wouter
	- Merge pull request #122 from he32: In tcp_callback_writer(),
	  don't disable time-out when changing to read.

22 November 2019: George
	- Fix compiler warnings.

22 November 2019: Wouter
	- Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec.
	- Add make distclean that removes everything configure produced,
	  and make maintainer-clean that removes bison and flex output.

20 November 2019: Wouter
	- Fix Out of Bounds Read in rrinternal_get_owner(),
	  reported by X41 D-Sec.
	- Fix Race Condition in autr_tp_create(),
	  reported by X41 D-Sec.
	- Fix Shared Memory World Writeable,
	  reported by X41 D-Sec.
	- Adjust unbound-control to make stats_shm a read only operation.
	- Fix Weak Entropy Used For Nettle,
	  reported by X41 D-Sec.
	- Fix Randomness Error not Handled Properly,
	  reported by X41 D-Sec.
	- Fix Out-of-Bounds Read in dname_valid(),
	  reported by X41 D-Sec.
	- Fix Config Injection in create_unbound_ad_servers.sh,
	  reported by X41 D-Sec.
	- Fix Local Memory Leak in cachedb_init(),
	  reported by X41 D-Sec.
	- Fix Integer Underflow in Regional Allocator,
	  reported by X41 D-Sec.
	- Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD.
	- Synchronize compat/getentropy_win.c with version 1.5 from
	  OpenBSD, no changes but makes the file, comments, identical.
	- Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD.
	- Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD.
	- Changes to compat/getentropy files for,
	  no link to openssl if using nettle, and hence config.h for
	  HAVE_NETTLE variable.
	  compat definition of MAP_ANON, for older systems.
	  ifdef stdint.h inclusion for older systems.
	  ifdef sha2.h inclusion for older systems.
	- Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec.
	- Fix compile with --enable-alloc-checks, reported by X41 D-Sec.
	- Fix Terminating Quotes not Written, reported by X41 D-Sec.
	- Fix Useless memset() in validator, reported by X41 D-Sec.
	- Fix Unrequired Checks, reported by X41 D-Sec.
	- Fix Enum Name not Used, reported by X41 D-Sec.
	- Fix NULL Pointer Dereference via Control Port,
	  reported by X41 D-Sec.
	- Fix Bad Randomness in Seed, reported by X41 D-Sec.
	- Fix python examples/calc.py for eval, reported by X41 D-Sec.
	- Fix comments for doxygen in dns64.

19 November 2019: Wouter
	- Fix CVE-2019-18934, shell execution in ipsecmod.
	- 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development.
	- Fix authzone printout buffer length check.
	- Fixes to please lint checks.
	- Fix Integer Overflow in Regional Allocator,
	  reported by X41 D-Sec.
	- Fix Unchecked NULL Pointer in dns64_inform_super()
	  and ipsecmod_new(), reported by X41 D-Sec.
	- Fix Out-of-bounds Read in rr_comment_dnskey(),
	  reported by X41 D-Sec.
	- Fix Integer Overflows in Size Calculations,
	  reported by X41 D-Sec.
	- Fix Integer Overflow to Buffer Overflow in
	  sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
	- Fix Out of Bounds Read in sldns_str2wire_dname(),
	  reported by X41 D-Sec.
	- Fix Out of Bounds Write in sldns_bget_token_par(),
	  reported by X41 D-Sec.

18 November 2019: Wouter
	- In unbound-host use separate variable for get_option to please
	  code checkers.
	- update to bison output of 3.4.1 in code repository.
	- Provide a prototype for compat malloc to remove compile warning.
	- Portable grep usage for reuseport configure test.
	- Check return type of HMAC_Init_ex for openssl 0.9.8.
	- gitignore .source tempfile used for compatible make.

13 November 2019: Wouter
	- iana portlist updated.
	- contrib/fastrpz.patch updated to apply for current code.
	- fixes for splint cleanliness, long vs int in SSL set_mode.

11 November 2019: Wouter
	- Fix #109: check number of arguments for stdin-pipes in
	  unbound-control and fail if too many arguments.
	- Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.

24 October 2019: Wouter
	- Fix #99: Memory leak in ub_ctx (event_base will never be freed).

23 October 2019: George
	- Add new configure option `--enable-fully-static` to enable full static
	  build if requested; in relation to #91.

23 October 2019: Wouter
	- Merge #97: manpage: Add missing word on unbound.conf,
	  from Erethon.

22 October 2019: Wouter
	- drop-tld.diff: adds option drop-tld: yesno that drops 2 label
	  queries, to stop random floods.  Apply with
	  patch -p1 < contrib/drop-tld.diff and compile.
	  From Saksham Manchanda (Secure64).  Please note that we think this
	  will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
	  lookups for downstream clients.

7 October 2019: Wouter
	- Add doxygen comments to unbound-anchor source address code, in #86.

3 October 2019: Wouter
	- Merge #90 from vcunat: fix build with nettle-3.5.
	- Merge 1.9.4 release with fix for vulnerability CVE-2019-16866.
	- Continue with development of 1.9.5.
	- Merge #86 from psquarejho: Added -b source address option to
	  smallapp/unbound-anchor.c, from Lukas Wunner.

26 September 2019: Wouter
	- Merge #87 from hardfalcon: Fix contrib/unbound.service.in,
	  Drop CAP_KILL, use + prefix for ExecReload= instead.

25 September 2019: Wouter
	- The unbound.conf includes are sorted ascending, for include
	  statements with a '*' from glob.

23 September 2019: Wouter
	- Merge #85 for #84 from sam-lunt: Add kill capability to systemd
	  service file to fix that systemctl reload fails.

20 September 2019: Wouter
	- Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW
	  in unbound.service.
	- Merge #81 from Maryse47: Consistently use /dev/urandom instead
	  of /dev/random in scripts and docs.
	- Merge #83 from Maryse47: contrib/unbound.service.in: do not fork
	  into the background.

19 September 2019: Wouter
	- Fix #78: Memory leak in outside_network.c.
	- Merge pull request #76 from Maryse47: Improvements and fixes for
	  systemd unbound.service.
	- oss-fuzz badge on README.md.
	- Fix fix for #78 to also free service callback struct.
	- Fix for oss-fuzz build warning.
	- Fix wrong response ttl for prepended short CNAME ttls, this would
	  create a wrong zero_ttl response count with serve-expired enabled.
	- Merge #80 from stasic: Improve wording in man page.

11 September 2019: Wouter
	- Use explicit bzero for wiping clear buffer of hash in cachedb,
	  reported by Eric Sesterhenn from X41 D-Sec.

9 September 2019: Wouter
	- Fix #72: configure --with-syslog-facility=LOCAL0-7 with default
	  LOG_DAEMON (as before) can set the syslog facility that the server
	  uses to log messages.

4 September 2019: Wouter
	- Fix #71: fix openssl error squelch commit compilation error.

3 September 2019: Wouter
	- squelch DNS over TLS errors 'ssl handshake failed crypto error'
	  on low verbosity, they show on verbosity 3 (query details), because
	  there is a high volume and the operator cannot do anything for the
	  remote failure.  Specifically filters the high volume errors.

2 September 2019: Wouter
	- ipset module #28: log that an address is added, when verbosity high.
	- ipset: refactor long routine into three smaller ones.
	- updated Makefile dependencies.

23 August 2019: Wouter
	- Fix contrib/fastrpz.patch asprintf return value checks.

22 August 2019: Wouter
	- Fix that pkg-config is setup before --enable-systemd needs it.
	- 1.9.3rc2 release candidate tag.  And this became the 1.9.3 release.
	  Master is 1.9.4 in development.

21 August 2019: Wouter
	- Fix log_dns_msg to log irrespective of minimal responses config.

19 August 2019: Ralph
	- Document limitation of pidfile removal outside of chroot directory.

16 August 2019: Wouter
	- Fix unittest valgrind false positive uninitialised value report,
	  where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0
	  issues an uninitialised value for the token buffer at the str2wire.c
	  rrinternal_get_owner() strcmp with the '@' value.  Rewritten to use
	  straight character comparisons removes the false positive.  Also
	  valgrinds --expensive-definedness-checks=yes can stop this false
	  positive.
	- Please doxygen's parser for "@" occurrence in doxygen comment.
	- Fixup contrib/fastrpz.patch
	- Remove warning about unknown cast-function-type warning pragma.

15 August 2019: Wouter
	- iana portlist updated.
	- Fix autotrust temp file uniqueness windows compile.
	- avoid warning about upcast on 32bit systems for autotrust.
	- escape commandline contents for -V.
	- Fix character buffer size in ub_ctx_hosts.
	- 1.9.3rc1 release candidate tag.
	- Option -V prints if TCP fastopen is available.

14 August 2019: George
	- Fix #59, when compiled with systemd support check that we can properly
	  communicate with systemd through the `NOTIFY_SOCKET`.

14 August 2019: Wouter
	- Generate configlexer with newer flex.
	- Fix warning for unused variable for compilation without systemd.

12 August 2019: George
	- Introduce `-V` option to print the version number and build options.
	  Previously reported build options like linked libs and linked modules
	  are now moved from `-h` to `-V` as well for consistency.
	- PACKAGE_BUGREPORT now also includes link to GitHub issues.

1 August 2019: Wouter
	- For #52 #53, second context does not close logfile override.
	- Fix #52 #53, fix for example fail program.
	- Fix to return after failed auth zone http chunk write.
	- Fix to remove unused test for task_probe existance.
	- Fix to timeval_add for remaining second in microseconds.
	- Check repinfo in worker_handle_request, if null, drop it.

29 July 2019: Wouter
	- Add verbose log message when auth zone file is written, at level 4.
	- Add hex print of trust anchor pointer to trust anchor file temp
	  name to make it unique, for libunbound created multiple contexts.

23 July 2019: Wouter
	- Fix question section mismatch in local zone redirect.

19 July 2019: Wouter
	- Fix #49: Set no renegotiation on the SSL context to stop client
	  session renegotiation.

12 July 2019: Wouter
	- Fix #48: Unbound returns additional records on NODATA response,
	  if minimal-responses is enabled, also the additional for negative
	  responses is removed.

9 July 2019: Ralph
	- Fix in respip addrtree selection. Absence of addr_tree_init_parents()
	  call made it impossible to go up the tree when the matching netmask is
	  too specific.

5 July 2019: Ralph
	- Fix for possible assertion failure when answering respip CNAME from
	  cache.

25 June 2019: Wouter
	- For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf
	  when do-not-query-localhost is turned on, or at default on,
	  unbound-checkconf prints a warning if it is found in forward-addr or
	  stub-addr statements.

24 June 2019: Wouter
	- Fix memleak in unit test, reported from the clang 8.0 static analyzer.

18 June 2019: Wouter
	- PR #28: IPSet module, by Kevin Chou.  Created a module to support
	  the ipset that could add the domain's ip to a list easily.
	  Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md.
	- Fix to omit RRSIGs from addition to the ipset.
	- Fix to make unbound-control with ipset, remove unused variable,
	  use unsigned type because of comparison, and assign null instead
	  of compare with it.  Remade lex and yacc output.
	- make depend
	- Added documentation to the ipset files (for doxygen output).
	- Merge PR #6: Python module: support multiple instances
	- Merge PR #5: Python module: define constant MODULE_RESTART_NEXT
	- Merge PR #4: Python module: assign something useful to the
	  per-query data store 'qdata'
	- Fix python dict reference and double free in config.

17 June 2019: Wouter
	- Master contains version 1.9.3 in development.
	- Fix #39: In libunbound, leftover logfile is close()d unpredictably.
	- Fix for #24: Fix abort due to scan of auth zone masters using old
	  address from previous scan.

12 June 2019: Wouter
	- Fix another spoolbuf storage code point, in prefetch.
	- 1.9.2rc3 release candidate tag.  Which became the 1.9.2 release
	  on 17 June 2019.

11 June 2019: Wouter
	- Fix that fixes the Fix that spoolbuf is not used to store tcp
	  pipelined response between mesh send and callback end, this fixes
	  error cases that did not use the correct spoolbuf.
	- 1.9.2rc2 release candidate tag.

6 June 2019: Wouter
	- 1.9.2rc1 release candidate tag.

4 June 2019: Wouter
	- iana portlist updated.

29 May 2019: Wouter
	- Fix to guard _OPENBSD_SOURCE from redefinition.

28 May 2019: Wouter
	- Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
	- gitignore config.h.in~.

27 May 2019: Wouter
	- Fix double file close in tcp pipelined response code.

24 May 2019: Wouter
	- Fix that spoolbuf is not used to store tcp pipelined response
	  between mesh send and callback end.

20 May 2019: Wouter
	- Note that so-reuseport at extreme load is better turned off,
	  otherwise queries are not distributed evenly, on Linux 4.4.x.

16 May 2019: Wouter
	- Fix #31: swig 4.0 and python module.

13 May 2019: Wouter
	- Squelch log messages from tcp send about connection reset by peer.
	  They can be enabled with verbosity at higher values for diagnosing
	  network connectivity issues.
	- Attempt to fix malformed tcp response.

9 May 2019: Wouter
	- Revert fix for oss-fuzz, error is in that build script that
	  unconditionally includes .o files detected by configure, also
	  when the machine architecture uses different LIBOBJS files.

8 May 2019: Wouter
	- Attempt to fix build failure in oss-fuzz because of reallocarray.
	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14648.
	  Does not omit compile flags from commandline.

7 May 2019: Wouter
	- Fix edns-subnet locks, in error cases the lock was not unlocked.
	- Fix doxygen output error on readme markdown vignettes.

6 May 2019: Wouter
	- Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64.
	- Fix #30: AddressSanitizer finding in lookup3.c.  This sets the
	  hash function to use a slower but better auditable code that does
	  not read beyond array boundaries.  This makes code better security
	  checkable, and is better for security.  It is fixed to be slower,
	  but not read outside of the array.

2 May 2019: Wouter
	- contrib/fastrpz.patch updated for code changes, and with git diff.
	- Fix .gitignore, add pythonmod and dnstap generated files.
	  And unit test generated files, and generated doc files.

1 May 2019: Wouter
	- Update makedist for git.
	- Nicer travis output for clang analysis.
	- PR #16: XoT support, AXFR over TLS, turn it on with
	  master: <ip>#<authname> in unbound.conf.  This uses TLS to
	  download the AXFR (or IXFR).

25 April 2019: Wouter
	- Fix wrong query name in local zone redirect answers with a CNAME,
	  the copy of the local alias is in unpacked form.

18 April 2019: Ralph
	- Scrub RRs from answer section when reusing NXDOMAIN message for
	  subdomain answers.
	- For harden-below-nxdomain: do not consider a name to be non-exitent
	  when message contains a CNAME record.

18 April 2019: Wouter
	- travis build file.

16 April 2019: Wouter
	- Better braces in if statement in TCP fastopen code.
	- iana portlist updated.

15 April 2019: Wouter
	- Fix tls write event for read state change to re-call SSL_write and
	  not resume the TLS handshake.

11 April 2019: George
	- Update python documentation for init_standard().
	- Typos.

11 April 2019: Wouter
	- Fix that auth zone uses correct network type for sockets for
	  SOA serial probes.  This fixes that probes fail because earlier
	  probe addresses are unreachable.
	- Fix that auth zone fails over to next master for timeout in tcp.
	- Squelch SSL read and write connection reset by peer and broken pipe
	  messages.  Verbosity 2 and higher enables them.

8 April 2019: Wouter
	- Fix to use event_assign with libevent for thread-safety.
	- verbose information about auth zone lookup process, also lookup
	  start, timeout and fail.
	- Fix #17: Add python module example from Jan Janak, that is a
	  plugin for the Unbound DNS resolver to resolve DNS records in
	  multicast DNS [RFC 6762] via Avahi.  The plugin communicates
	  with Avahi via DBus. The comment section at the beginning of
	  the file contains detailed documentation.
	- Fix to wipe ssl ticket keys from memory with explicit_bzero,
	  if available.

5 April 2019: Wouter
	- Fix to reinit event structure for accepted TCP (and TLS) sockets.

4 April 2019: Wouter
	- Fix spelling error in log output for event method.

3 April 2019: Wouter
	- Move goto label in answer_from_cache to the end of the function
	  where it is more visible.
	- Fix auth-zone NSEC3 response for wildcard nodata answers,
	  include the closest encloser in the answer.

2 April 2019: Wouter
	- Fix auth-zone NSEC3 response for empty nonterminals with exact
	  match nsec3 records.
	- Fix for out of bounds integers, thanks to OSTIF audit.  It is in
	  allocation debug code.
	- Fix for auth zone nsec3 ent fix for wildcard nodata.

25 March 2019: Wouter
	- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
	  disables the tls session ticker key calls into the OpenSSL API.
	- Fix crash if tls-servic-pem not filled in when necessary.

21 March 2019: Wouter
	- Fix #4240: Fix whitespace cleanup in example.conf.

19 March 2019: Wouter
	- add type CAA to libpyunbound (accessing libunbound from python).

18 March 2019: Wouter
	- Add log message, at verbosity 4, that says the query is encrypted
	  with TLS, if that is enabled for the query.
	- Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.

7 March 2019: Wouter
	- Fix for #4233: guard use of NDEBUG, so that it can be passed in
	  CFLAGS into configure.
2019-12-15 15:28:12 +00:00
mlelstv
656eb63c5c Handle NULL params, fix error paths. 2019-12-14 09:05:30 +00:00
ad
5978ddc663 Break the global uvm_pageqlock into a per-page identity lock and a private
lock for use of the pagedaemon policy code.  Discussed on tech-kern.

PR kern/54209: NetBSD 8 large memory performance extremely low
PR kern/54210: NetBSD-8 processes presumably not exiting
PR kern/54727: writing a large file causes unreasonable system behaviour
2019-12-13 20:10:21 +00:00
mbalmer
f21ee73934 Apply a fix for the bug "Joining an upvalue with itself can cause a use-after
free", documented on http://www.lua.org/bugs.html
2019-12-12 12:35:43 +00:00
sevan
59348bc454 We currently lack a tunable to control ZFS prefetch, so skip the warning and
FreeBSD specific instructions on settings.
2019-12-09 00:15:11 +00:00
kamil
1826c36972 Switch proc_getlwpstatus from PT_LWPINFO to PT_GET_SIGINFO for NetBSD
PT_LWPINFO from FreeBSD is almost never intended to be expressed with
PT_LWPINFO in NetBSD. PT_GET_SIGINFO reads siginfo_t with the signal
information about the event, on FreeBSD siginfo_t is merged into
ptrace_lwpinfo and returns the thread that received the event (not the
first one in a list like on NetBSD).
2019-12-07 19:38:29 +00:00
wiz
04ba8470c8 Really add -isoC-2018 (not just the docs). 2019-12-07 12:45:28 +00:00
wiz
61075eb365 Reduce diff to upstream. 2019-12-07 12:43:19 +00:00
riastradh
aca9a2fd6e Avoid redefining uint_t &c. if compat_defs.h already defines them. 2019-12-05 03:21:42 +00:00
jmcneill
37d677e093 dtrace: add support for aarch64 2019-12-03 22:10:56 +00:00
he
bc229951fc Apply a fix from upstream:
https://github.com/NLnetLabs/unbound/pull/122
This should enable proper functioning of tcp-idle-timeout.
2019-12-03 11:25:19 +00:00
jmcneill
e578db34f0 Need sys/atomic.h on NetBSD 2019-12-01 20:26:31 +00:00
jmcneill
fa74c92e0a Provide a default ptob() implementation 2019-12-01 20:26:05 +00:00
jmcneill
87afc7bc0f Initialize b_dev before passing buf to d_minphys (ldminphys needs this) 2019-12-01 20:25:31 +00:00
rin
f2a119be2e Fix 'nm /dev/ksyms' (noticed by ryo).
Since binutils 2.15, nm(1) cannot be used for character devices.
We worked around this by a local patch:

http://cvsweb.netbsd.org/bsdweb.cgi/src/gnu/dist/binutils/binutils/Attic/bucomm.c?r1=1.1.1.2&hideattic=0#rev1.2

With recent update of binutils, 'nm /dev/ksyms' got broken again.
This is due to a consistency check involving file size reported by
stat(2), which is always zero for character devices. So, skip this
check if file size is zero.
2019-11-30 22:50:11 +00:00
joerg
c091bb989f Use -fno-strict-aliasing unconditionally for the cross compiler. 2019-11-28 23:01:22 +00:00
mrg
f3e1e5aaf8 note that earm and riscv switched to GCC 8. 2019-11-28 19:31:27 +00:00
christos
fa69ba79e0 match ifdefs with stats.c atomic selection 2019-11-28 00:18:36 +00:00
christos
1dc39bd675 merge bind 9.14.8 2019-11-27 05:48:39 +00:00
christos
dcfcf77388 Import bind 9.14.8 (security fix -- limits on concurrent TCP queries)
--- 9.14.8 released ---

5315.	[bug]		Apply the inital RRSIG expiration spread fixed
			to all dynamically created records in the zone
			including NSEC3. Also fix the signature clusters
			when the server has been offline for prolonged
			period of times. [GL #1256]

5314.	[func]		Added a new statistics variable "tcp-highwater"
			that reports the maximum number of simultaneous TCP
			clients BIND has handled while running. [GL #1206]

5313.	[bug]		The default GeoIP2 database location did not match
			the ARM.  'named -V' now reports the default
			location. [GL #1301]

5310.	[bug]		TCP failures were affecting EDNS statistics. [GL #1059]

5308.	[bug]		Don't log DNS_R_UNCHANGED from sync_secure_journal()
			at ERROR level in receive_secure_serial(). [GL #1288]

5307.	[bug]		Fix hang when named-compilezone output is sent to pipe.
			Thanks to Tony Finch. [GL !2481]

5306.	[security]	Set a limit on the number of concurrently served
			pipelined TCP queries. (CVE-2019-6477) [GL #1264]

5305.	[bug]		NSEC Aggressive Cache ("synth-from-dnssec") has been
			disabled by default because it was found to have
			a significant performance impact on the recursive
			service. [GL #1265]

5304.	[bug]		"dnskey-sig-validity 0;" was not being accepted.
			[GL #876]

5302.	[bug]		Fix checking that "dnstap-output" is defined when
			"dnstap" is specified in a view. [GL #1281]

5301.	[bug]		Detect partial prefixes / incomplete IPv4 address in
			acls. [GL #1143]
2019-11-24 19:56:50 +00:00
christos
54e278d262 more regen stuff. 2019-11-22 14:57:01 +00:00
christos
01b509c1c7 regen x86_64 for i386 support 2019-11-22 01:52:20 +00:00