Commit Graph

7691 Commits

Author SHA1 Message Date
riastradh
3951e80425 libdrm needs libpci for bus info stuff. 2018-09-09 01:53:23 +00:00
christos
e39fe20315 add libnv build glue 2018-09-08 14:11:10 +00:00
christos
0883f3731a fix the build; this was mis-generated before to an empty file. 2018-09-07 18:41:39 +00:00
christos
ea47d3adaa make a link to the pid file so the rc scripts can find it. 2018-09-07 16:51:12 +00:00
christos
3085e9459c handle clang stupidity 2018-09-07 02:25:40 +00:00
christos
7c0e6d1ccc remove duplicate typedef (it is in sunddi.h) 2018-09-06 00:44:43 +00:00
christos
4a64af01e1 search first for the kernel bpf_filter.c 2018-09-05 17:10:27 +00:00
christos
355fa16a61 make sure we don't accidentally compile this file. 2018-09-05 17:10:07 +00:00
mrg
866b3c4cbe merge in missing changes from gcc to gcc.old (both GCC 6.4.):
--
redo mknative-gcc for all ports.  main changes include:
- "#define HAVE_CC_TLS 1" for most/all ports, thanks maya@
- "#define _GLIBCXX_HAVE_LDEXPL 1" and "#define _GLIBCXX_HAVE_TGMATH_H 1"
  for many ports
- arm64 and amd64 had a broken c++config.h that disabled many things
- configargs.h has more normalisation
- ppc64 has a few things fixed, must have missed several mknative rounds
--
regen to pull out INTERNAL_CFLAGS.
--
pull -DHAVE_CC_TLS out of $(INTERNAL_CFLAGS) if it is there, and add
it to CPPFLAGS.

this fixes PR#53567 for me.
2018-09-05 06:26:58 +00:00
mrg
7ef108d600 pull -DHAVE_CC_TLS out of $(INTERNAL_CFLAGS) if it is there, and add
it to CPPFLAGS.

this fixes PR#53567 for me.
2018-09-05 00:51:42 +00:00
mrg
8d0a685795 regen to pull out INTERNAL_CFLAGS. 2018-09-05 00:22:07 +00:00
christos
a0034603e3 add back the yacc and lex generated files 2018-09-04 22:38:55 +00:00
mrg
82c55164cb redo mknative-gcc for all ports. main changes include:
- "#define HAVE_CC_TLS 1" for most/all ports, thanks maya@
- "#define _GLIBCXX_HAVE_LDEXPL 1" and "#define _GLIBCXX_HAVE_TGMATH_H 1"
  for many ports
- arm64 and amd64 had a broken c++config.h that disabled many things
- configargs.h has more normalisation
- ppc64 has a few things fixed, must have missed several mknative rounds
2018-09-04 18:52:49 +00:00
mrg
ca946efc7f add missing sources needed by new mpfr/mpc. 2018-09-04 06:09:31 +00:00
mrg
c85a385b03 build new libmpc and libmpfr files. define endianness as needed.
remove odd sort of duplicated SRCS list for mpfr.
2018-09-04 05:16:25 +00:00
mrg
2dd031d465 merge mpfr 4.0.1. 2018-09-04 05:05:25 +00:00
mrg
299c6f0c6b import mpfr 4.0.1. main changes since 3.1.5 are:
Changes from version 4.0.0 to version 4.0.1:
- Bug fixes (see ChangeLog file), in particular in mpfr_div_ui, which
  could yield an incorrectly rounded result to nearest when using
  different precisions; this bug had been present since the introduction
  of mpfr_div_ui, and in MPFR 4.0.0, it was affecting mpfr_div too.

Changes from versions 3.1.* to version 4.0.0:
- Partial support of MPFR_RNDF (faithful rounding).
- New functions: mpfr_fpif_export and mpfr_fpif_import to export and import
  numbers in a floating-point interchange format, independent both on the
  number of bits per word and on the endianness.
- New function mpfr_fmodquo to return the low bits of the quotient
  corresponding to mpfr_fmod.
- New functions mpfr_flags_clear, mpfr_flags_set, mpfr_flags_test,
  mpfr_flags_save and mpfr_flags_restore to operate on groups of flags.
- New functions mpfr_set_float128 and mpfr_get_float128 to convert from/to
  the __float128 type (requires --enable-float128 and compiler support).
- New functions mpfr_buildopt_float128_p and mpfr_buildopt_sharedcache_p.
- New functions mpfr_rint_roundeven and mpfr_roundeven, completing the
  other similar round-to-integer functions for rounding to nearest with
  the even-rounding rule.
- New macro mpfr_round_nearest_away to add partial emulation of the
  rounding to nearest-away (as defined in IEEE 754-2008).
- New functions mpfr_nrandom and mpfr_erandom to generate random numbers
  following normal and exponential distributions respectively.
- New functions mpfr_fmma and mpfr_fmms to compute a*b+c*d and a*b-c*d.
- New function mpfr_rootn_ui, similar to mpfr_root, but agreeing with the
  rootn function of the IEEE 754-2008 standard.
- New functions mpfr_log_ui to compute the logarithm of an integer,
  mpfr_gamma_inc for the incomplete Gamma function.
- New function mpfr_beta for the Beta function (incomplete, experimental).
- New function mpfr_get_q to convert a floating-point number into rational.
- Dropped K&R C compatibility.
- Major speedup in mpfr_add, mpfr_sub, mpfr_mul, mpfr_div and mpfr_sqrt when
  all operands have the same precision and this precision is less than twice
  the number of bits per word, e.g., less than 128 on a 64-bit computer.
- Speedup by a factor of almost 2 in the double <--> mpfr conversions
  (mpfr_set_d and mpfr_get_d).
- Speedup in mpfr_log1p and mpfr_atanh for small arguments.
- Speedup in the mpfr_const_euler function (contributed by Fredrik Johansson),
  in the computation of Bernoulli numbers (used in mpfr_gamma, mpfr_li2,
  mpfr_digamma, mpfr_lngamma and mpfr_lgamma), in mpfr_div, in mpfr_fma
  and mpfr_fms.
2018-09-04 05:02:00 +00:00
mrg
39f28e1e14 import MPC 1.1.0. from their NEWS:
Changes in version 1.1.0:
  - Minimally required library versions: GMP 5.0.0 and MPFR 3.0.0
  - Fixed issues with MPFR 4.0.0
  - New functions: mpc_cmp_abs, mpc_rootofunity
  - Improved speed for corner cases of mpc_asin, mpc_sin, see
    http://lists.gforge.inria.fr/pipermail/mpc-discuss/2013-December/001266.html
  - Rewrite of the testing framework
  - New mpcbench tool, used with "make bench"
  - Fixed handling of over- and underflows with directed rounding in the
    "other direction" for mpc_cos, mpc_sin, mpc_exp and mpc_pow, see
    http://lists.gforge.inria.fr/pipermail/mpc-discuss/2015-March/001336.html
  - Fixed a bug in mpc_atan(0,y) with |y| near 1, see
    http://lists.gforge.inria.fr/pipermail/mpc-discuss/2017-March/001404.html
2018-09-04 04:28:12 +00:00
maya
9e53aadb1c Correct missing paren and regen for gcc.old, too.
Now HAVE_CC_TLS will be defined in confdefs.h.
2018-09-03 22:52:00 +00:00
maya
73c0b39422 Correct extra parens, regen configure (selectively)
Fixes root cause of PR toolchain/53567
2018-09-03 22:41:00 +00:00
kre
577253c7c5 Yet another pcap include. 2018-09-03 21:26:19 +00:00
christos
7c368bce5d fix includes 2018-09-03 21:03:07 +00:00
kre
546b9682fd pcap/export-defs.h no longer exists, so don't attempt to install it.
Allows builds after libpcap update to get further, if there is fallout
from the file being missing elsewhere, that can be fixed later.
2018-09-03 19:32:58 +00:00
riastradh
d1579b2d70 Rename min/max -> uimin/uimax for better honesty.
These functions are defined on unsigned int.  The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.

HOWEVER!  Some subsystems have

	#define min(a, b)	((a) < (b) ? (a) : (b))
	#define max(a, b)	((a) > (b) ? (a) : (b))

even though our standard name for that is MIN/MAX.  Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.

To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.

I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:

cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))

It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.

Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate.  But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all.  (Who knows, maybe in some cases integer
truncation is actually intended!)
2018-09-03 16:29:22 +00:00
christos
3b604290f1 merge conflicts 2018-09-03 15:26:43 +00:00
christos
9185e895f1 Import libpcap-1.9.0
Sunday, June 24, 2018, by mcr@sandelman.ca
  Summary for 1.9.0 libpcap release
    Added testing system to libpcap, independent of tcpdump
    Changes to how pcap_t is activated
    Adding support for Large stream buffers on Endace DAG cards
    Changes to BSD 3-clause license to 2-clause licence
    Additions to TCP header parsing, per RFC3168
    Add CMake build process (extensive number of changes)
    Assign a value for OpenBSD DLT_OPENFLOW.
    Support setting non-blocking mode before activating.
    Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
    Added RPCAPD support when --enable-remote (default no)
    Add the rpcap daemon source and build instructions.
    Put back the greasy "save the capture filter string so we can tweak it"
        hack, that keeps libpcap from capturing rpcap traffic.
    Fixes for captures on MacOS, utun0
    fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
    Add a linktype for IBM SDLC frames containing SNA PDUs.
    pcap_compile() in 1.8.0 and later is newly thread-safe.
    bound snaplen for linux tpacket_v2 to ~64k
    Make VLAN filter handle both metadata and inline tags
    D-Bus captures can now be up to 128MB in size
    Added LORATAP DLT value
    Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
    probe_devices() fixes not to overrun buffer for name of device
    Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
    RDMA sniffing support for pcap
    Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
    fixes for reading /etc/ethers
    Make it possible to build on Windows without packet.dll.
    Add tests for large file support on UN*X.
    Solaris fixes to work with 2.8.6
    configuration test now looks for header files, not capture devices present
    Fix to work with Berkeley YACC.
    fixes for DragonBSD compilation of pcap-netmap.c
    Clean up the ether_hostton() stuff.
    Add an option to disable Linux memory-mapped capture support.
    Add DAG API support checks.
    Add Septel, Myricom SNF, and Riverbed TurboCap checks.
    Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
    Add a check for hardware time stamping on Linux.
    Don't bother supporting pre-2005 Visual Studio.
    Increased minimum autoconf version requirement to 2.64
    Add DLT value 273 for XRA-31 sniffer
    Clean up handing of signal interrupts in pcap_read_nocb_remote().
    Use the XPG 4.2 versions of the networking APIs in Solaris.
    Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
    Explicitly warn that negative packet buffer timeouts should not be used.
    rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
    Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
    Add DISPLAYPORT AUX link type
    Remove the sunos4 kernel modules and all references to them.
    Add more interface flags to pcap_findalldevs().
  Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
    Man page improvements
    Fix Linux cooked mode userspace filtering (GitHub pull request #429)
    Fix compilation if IPv6 support not enabled
    Fix some Linux memory-mapped capture buffer size issues
    Don't fail if kernel filter can't be set on Linux (GitHub issue
      #549)
    Improve sorting of interfaces for pcap_findalldevs()
    Don't list Linux usbmon devices if usbmon module isn't loaded
    Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
      devices
    Fix DLT_ type for Solaris IPNET devices
    Always return an error message for errors finding DAG or Myricom
      devices
    If possible, don't require that a device be openable when
      enumerating them for pcap_findalldevs()
    Don't put incompletely-initialized addresses in the address list for
    When finding Myricom devices, update description for regular
      interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
      aggregation enabled)
    Fix compilation error in DAG support
    Fix issues with CMake configuration
    Add support for stream buffers larger than 2GB on newer DAG cards
    Remove support for building against DAG versions without STREAMS
      support (before dag-3.0.0 2007)
2018-09-03 14:43:43 +00:00
christos
b5212ae70f merge conflicts 2018-09-03 14:36:04 +00:00
christos
7cd94d692f Import unbound-1.7.3
19 June 2018: Wouter
	- Fix for unbound-control on Windows and set TCP socket parameters
	  more closely.
	- Fix windows unbound-control no cert bad file descriptor error.

18 June 2018: Wouter
	- Fix that control-use-cert: no works for 127.0.0.1 to disable certs.
	- Fix unbound-checkconf for control-use-cert.

15 June 2018: Wouter
	- tag for 1.7.3rc1.

14 June 2018: Wouter
	- #4103: Fix that auth-zone does not insist on SOA record first in
	  file for url downloads.
	- Fix that first control-interface determines if TLS is used.  Warn
	  when IP address interfaces are used without TLS.
	- Fix nettle compile.

12 June 2018: Ralph
	- Don't count CNAME response types received during qname minimisation as
	  query restart.

12 June 2018: Wouter
	- #4102 for NSD, but for Unbound.  Named unix pipes do not use
	  certificate and key files, access can be restricted with file and
	  directory permissions.  The option control-use-cert is no longer
	  used, and ignored if found in unbound.conf.
	- Rename tls-additional-ports to tls-additional-port, because every
	  line adds one port.
	- Fix buffer size warning in unit test.
	- remade dependencies in the Makefile.

6 June 2018: Wouter
	- Patch to fix openwrt for mac os build darwin detection in configure.

5 June 2018: Wouter
	- Fix crash if ratelimit taken into use with unbound-control
	  instead of with unbound.conf.

4 June 2018: Wouter
	- Fix deadlock caused by incoming notify for auth-zone.
	- tag for 1.7.2rc1, became 1.7.2 release on 11 June 2018,
	  trunk is 1.7.3 in development from this point.
	- #4100: Fix stub reprime when it becomes useless.

1 June 2018: Wouter
	- Rename additional-tls-port to tls-additional-ports.
	  The older name is accepted for backwards compatibility.

30 May 2018: Wouter
	- Patch from Syzdek: Add ability to ignore RD bit and treat all
	  requests as if the RD bit is set.

29 May 2018: Wouter
	- in compat/arc4random call getentropy_urandom when getentropy fails
	  with ENOSYS.
	- Fix that fallback for windows port.

28 May 2018: Wouter
	- Fix windows tcp and tls spin on events.
	- Add routine from getdns to add windows cert store to the SSL_CTX.
	- tls-win-cert option that adds the system certificate store for
	  authenticating DNS-over-TLS connections.  It can be used instead
	  of the tls-cert-bundle option, or with it to add certificates.

25 May 2018: Wouter
	- For TCP and TLS connections that don't establish, perform address
	  update in infra cache, so future selections can exclude them.
	- Fix that tcp sticky events are removed for closed fd on windows.
	- Fix close events for tcp only.

24 May 2018: Wouter
	- Fix that libunbound can do DNS-over-TLS, when configured.
	- Fix that windows unbound service can use DNS-over-TLS.
	- unbound-host initializes ssl (for potential DNS-over-TLS usage
	  inside libunbound), when ssl upstream or a cert-bundle is configured.

23 May 2018: Wouter
	- Use accept4 to speed up incoming TCP (and TLS) connections,
	  available on Linux, FreeBSD and OpenBSD.

17 May 2018: Ralph
	- Qname minimisation default changed to yes.

15 May 2018: Wouter
	- Fix low-rtt-pct to low-rtt-permil, as it is parts in one thousand.

11 May 2018: Wouter
	- Fix contrib/libunbound.pc for libssl libcrypto references,
	  from https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226914

7 May 2018: Wouter
	- Fix windows to not have sticky TLS events for TCP.
	- Fix read of DNS over TLS length and data in one read call.
	- Fix mesh state assertion failure due to callback removal.

3 May 2018: Wouter
	- Fix that configure --with-libhiredis also turns on cachedb.
	- Fix gcc 8 buffer warning in testcode.
	- Fix function type cast warning in libunbound context callback type.

2 May 2018: Wouter
	- Fix fail to reject dead peers in forward-zone, with ssl-upstream.

1 May 2018: Wouter
	- Fix that unbound-control reload frees the rrset keys and returns
	  the memory pages to the system.

30 April 2018: Wouter
	- Fix spelling error in man page and note defaults as no instead of
	  off.

26 April 2018: Wouter
	- Fix for crash in daemon_cleanup with dnstap during reload,
	  from Saksham Manchanda.
	- Also that for dnscrypt.
	- tag for 1.7.1rc1 release.  Became 1.7.1 release on 3 May, trunk
	  is from here 1.7.2 in development.

25 April 2018: Ralph
	- Fix memory leak when caching wildcard records for aggressive NSEC use

24 April 2018: Wouter
	- Fix contrib/fastrpz.patch for this release.
	- Fix auth https for libev.

24 April 2018: Ralph
	- Added root-key-sentinel support

23 April 2018: Wouter
	- makedist uses bz2 for expat code, instead of tar.gz.
	- Fix #4092: libunbound: use-caps-for-id lacks colon in
	  config_set_option.
	- auth zone http download stores exact copy of downloaded file,
	  including comments in the file.
	- Fix sldns parse failure for CDS alternate delete syntax empty hex.
	- Attempt for auth zone fix; add of callback in mesh gets from
	  callback does not skip callback of result.
	- Fix cname classification with qname minimisation enabled.
	- list_auth_zones unbound-control command.

20 April 2018: Wouter
	- man page documentation for dns-over-tls forward-addr '#' notation.
	- removed free from failed parse case.
	- Fix #4091: Fix that reload of auth-zone does not merge the zonefile
	  with the previous contents.
	- Delete auth zone when removed from config.

19 April 2018: Wouter
	- Can set tls authentication with forward-addr: IP#tls.auth.name
	  And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".
	  such as forward-addr: 9.9.9.9@853#dns.quad9.net or
	  1.1.1.1@853#cloudflare-dns.com
	- Fix #658: unbound using TLS in a forwarding configuration does not
	  verify the server's certificate (RFC 8310 support).
	- For addr with #authname and no @port notation, the default is 853.

18 April 2018: Wouter
	- Fix auth-zone retry timer to be on schedule with retry timeout,
	  with backoff.  Also time a refresh at the zone expiry.

17 April 2018: Wouter
	- auth zone notify work.
	- allow-notify: config statement for auth-zones.
	- unit test for allow-notify

16 April 2018: Wouter
	- Fix auth zone target lookup iterator.
	- auth zone notify with prefix
	- auth zone notify work.

13 April 2018: Wouter
	- Fix for max include depth for authzones.
	- Fix memory free on fail for $INCLUDE in authzone.
	- Fix that an internal error to look up the wrong rr type for
	  auth zone gets stopped, before trying to send there.
	- auth zone notify work.

10 April 2018: Ralph
	- num.query.aggressive.NOERROR and num.query.aggressive.NXDOMAIN
	  statistics counters.

10 April 2018: Wouter
	- documentation for low-rtt and low-rtt-pct.
	- auth zone notify work.

9 April 2018: Wouter
	- Fix that flush_zone sets prefetch ttl expired, so that with
	  serve-expired enabled it'll start prefetching those entries.
	- num.query.authzone.up and num.query.authzone.down statistics counters.
	- Fix downstream auth zone, only fallback when auth zone fails to
	  answer and fallback is enabled.
	- Accept both option names with and without colon for get_option
	  and set_option.
	- low-rtt and low-rtt-pct in unbound.conf enable the server selection
	  of fast servers for some percentage of the time.

5 April 2018: Wouter
	- Combine write of tcp length and tcp query for dns over tls.
	- nitpick fixes in example.conf.
	- Fix above stub queries for type NS and useless delegation point.
	- Fix unbound-control over pipe with openssl 1.1.1, the TLSv1.3
	  tls_choose_sigalg routine does not allow the ciphers for the pipe,
	  so use TLSv1.2.
	- ED448 support.

3 April 2018: Wouter
	- Fix #4043: make test fails due to v6 presentation issue in macOS.
	- Fix unable to resolve after new WLAN connection, due to auth-zone
	  failing with a forwarder set.  Now, auth-zone is only used for
	  answers (not referrals) when a forwarder is set.

29 March 2018: Ralph
	- Check "result" in dup_all(), by Florian Obser.

23 March 2018: Ralph
	- Fix unbound-control get_option aggressive-nsec

21 March 2018: Ralph
	- Do not use cached NSEC records to generate negative answers for
	  domains under DNSSEC Negative Trust Anchors.

19 March 2018: Wouter
	- iana port update.

16 March 2018: Wouter
	- corrected a minor typo in the changelog.
	- move htobe64/be64toh portability code to cachedb.c.

15 March 2018: Wouter
	- Add --with-libhiredis, unbound support for a new cachedb backend
	  that uses a Redis server as the storage.  This implementation
	  depends on the hiredis client library (https://redislabs.com/lp/hiredis/).
	  And unbound should be built with both --enable-cachedb and
	  --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h
	  should exist).  Patch from Jinmei Tatuya (Infoblox).
	- Fix #3817: core dump happens in libunbound delete, when queued
	  servfail hits deleted message queue.
	- Create additional tls service interfaces by opening them on other
	  portnumbers and listing the portnumbers as additional-tls-port: nr.

13 March 2018: Wouter
	- Fix typo in documentation.
	- Fix #3736: Fix 0 TTL domains stuck on SERVFAIL unless manually
	  flushed with serve-expired on.

12 March 2018: Wouter
	- Added documentation for aggressive-nsec: yes.
	- tag 1.7.0rc3.  That became the 1.7.0 release on 15 Mar, trunk
	  now has 1.7.1 in development.
	- Fix #3727: Protocol name is TLS, options have been renamed but
	  documentation is not consistent.
	- Check IXFR start serial.

9 March 2018: Wouter
	- Fix #3598: Fix swig build issue on rhel6 based system.
	  configure --disable-swig-version-check stops the swig version check.

8 March 2018: Wouter
	- tag 1.7.0rc2.

7 March 2018: Wouter
	- Fixed contrib/fastrpz.patch, even though this already applied
	  cleanly for me, now also for others.
	- patch to log creates keytag queries, from A. Schulze.
	- patch suggested by Debian lintian: allow to -> allow one to, from
	  A. Schulze.
	- Attempt to remove warning about trailing whitespace.

6 March 2018: Wouter
	- Reverted fix for #3512, this may not be the best way forward;
	  although it could be changed at a later time, to stay similar to
	  other implementations.
	- svn trunk contains 1.7.0, this is the number for the next release.
	- Fix for windows compile.
	- tag 1.7.0rc1.

5 March 2018: Wouter
	- Fix to check define of DSA for when openssl is without deprecated.
	- iana port update.
	- Fix #3582: Squelch address already in use log when reuseaddr option
	  causes same port to be used twice for tcp connections.

27 February 2018: Wouter
	- Fixup contrib/fastrpz.patch so that it applies.
	- Fix compile without threads, and remove unused variable.
	- Fix compile with staticexe and python module.
	- Fix nettle compile.

22 February 2018: Ralph
	- Save wildcard RRset from answer with original owner for use in
 	  aggressive NSEC.

21 February 2018: Wouter
	- Fix #3512: unbound incorrectly reports SERVFAIL for CAA query
	  when there is a CNAME loop.
	- Fix validation for CNAME loops.  When it detects a cname loop,
	  by finding the cname, cname in the existing list, it returns
	  the partial result with the validation result up to then.
	- more robust cachedump rrset routine.

19 February 2018: Wouter
	- Fix #3505: Documentation for default local zones references
	  wrong RFC.
	- Fix #3494: local-zone noview can be used to break out of the view
	  to the global local zone contents, for queries for that zone.
	- Fix for more maintainable code in localzone.

16 February 2018: Wouter
	- Fixes for clang static analyzer, the missing ; in
	  edns-subnet/addrtree.c after the assert made clang analyzer
	  produce a failure to analyze it.

13 February 2018: Ralph
	- Aggressive NSEC tests

13 February 2018: Wouter
	- tls-cert-bundle option in unbound.conf enables TLS authentication.
	- iana port update.

12 February 2018: Wouter
	- Unit test for auth zone https url download.

12 February 2018: Ralph
	- Added tests with wildcard expanded NSEC records (CVE-2017-15105 test)
	- Processed aggressive NSEC code review remarks Wouter

8 February 2018: Ralph
	- Aggressive use of NSEC implementation. Use cached NSEC records to
	  generate NXDOMAIN, NODATA and positive wildcard answers.

8 February 2018: Wouter
	- iana port update.
	- auth zone url config.

5 February 2018: Wouter
	- Fix #3451: dnstap not building when you have a separate build dir.
	  And removed protoc warning, set dnstap.proto syntax to proto2.
	- auth-zone provides a way to configure RFC7706 from unbound.conf,
	  eg. with auth-zone: name: "." for-downstream: no for-upstream: yes
	  fallback-enabled: yes and masters or a zonefile with data.

2 February 2018: Wouter
	- Fix unfreed locks in log and arc4random at exit of unbound.
	- unit test with valgrind
	- Fix lock race condition in dns cache dname synthesis.
	- lock subnet new item before insertion to please checklocks,
	  no modification of critical regions outside of lock region.

1 February 2018: Wouter
	- fix unaligned structure making a false positive in checklock
	  unitialised memory.

29 January 2018: Ralph
	- Use NSEC with longest ce to prove wildcard absence.
	- Only use *.ce to prove wildcard absence, no longer names.

25 January 2018: Wouter
	- ltrace.conf file for libunbound in contrib.

23 January 2018: Wouter
	- Fix that unbound-checkconf -f flag works with auto-trust-anchor-file
	  for startup scripts to get the full pathname(s) of anchor file(s).
	- Print fatal errors about remote control setup before log init,
	  so that it is printed to console.

22 January 2018: Wouter
	- Accept tls-upstream in unbound.conf, the ssl-upstream keyword is
	  also recognized and means the same.  Also for tls-port,
	  tls-service-key, tls-service-pem, stub-tls-upstream and
	  forward-tls-upstream.
	- Fix #3397: Fix that cachedb could return a partial CNAME chain.
	- Fix #3397: Fix that when the cache contains an unsigned DNAME in
	  the middle of a cname chain, a result without the DNAME could
	  be returned.
2018-09-03 14:08:55 +00:00
christos
e25cbffb47 merge conflicts 2018-09-03 11:40:09 +00:00
christos
da4c7d9d86 Import nsd-4.1.24
6 August 2018: Wouter
	- tag for 4.1.24 release.

30 July 2018: Wouter
	- Tag for NSD 4.1.23 release, trunk is 4.1.24, includes
	  fix NSD time sensitive TSIG compare vulnerability.
	- Fix checkconf test for use-systemd option.

25 July 2018: Wouter
	- #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM
	  chain, NSD leniently attempts to find a working NSEC3PARAM.

23 July 2018: Wouter
	- Remove socket activation from systemd code, it was reported as
	  not useful to enable.  The readiness signalling is still there,
	  and can be enabled with use-systemd: yes.
	- Only call sd_notify from systemd when use-systemd is yes.

6 July 2018: Wouter
	- RFC8162 support, for record type SMIMEA.
	- Fix that type CAA (and URI) in the zone file can contain
	  dots when not in quotes.

26 June 2018: Wouter
	- configure --enable-systemd (needs pkg-config and libsystemd) can
	  be used to then use-systemd: yes in nsd.conf and use socket
	  activation and readiness signalling with systemd.

19 June 2018: Wouter
	- #4106: Fix that stats printed from nsd-control are recast from
	  unsigned long to unsigned (remote.c).

14 June 2018: Wouter
	- Fix that first control-interface determines if TLS is used.  Warn
	  when IP address interfaces are used without TLS.

12 June 2018: Wouter
	- #4102: control interface via local socket.
	  configure it with control-interface: "/path/nsd.ctl"  The path
	  has to start with a / to separate it from an IP address.
	  The local socket does not use SSL, but unencrypted traffic, use
	  file and containing directory permissions to restrict access.

6 June 2018: Wouter
	- Patch to fix openwrt for mac os build darwin detection in configure.

4 June 2018: Wouter
	- tag for 4.1.22rc1.  Became 4.1.22 on 11 June, trunk is 4.1.23 in
	  development from this point.

31 May 2018: Wouter
	- Fix to use same condition for nsec3 hash allocation and free.

23 May 2018: Wouter
	- Use accept4 to speed up answer of TCP queries, on Linux and FreeBSD
	  and OpenBSD.

22 May 2018: Wouter
	- Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.

15 May 2018: Wouter
	- Fix memory free in unit test.

14 May 2018: Wouter
	- Tag for 4.1.21 release.
	- trunk has 4.1.22 in development.
	- refuse-any sends truncation (+TC) in reply to ANY queries over UDP,
	  and allows TCP queries like normal.

7 May 2018: Wouter
	- Tag for 4.1.21rc1 release.

4 May 2018: Wouter
	- Fix #4093: Release notes not using 2018.

3 May 2018: Wouter
	- Fix buffer size warnings from compiler on filename lengths.

26 April 2018: Wouter
	- lower memory usage for tcp connections, so tcp-count can be higher.
	- Fix checkconf test for refuse-any option.

3 April 2018: Wouter
	- refuse-any nsd.conf option that refuses queries of type ANY.

5 March 2018: Wouter
	- Fix #3562: explain build error when flex missing.

20 February 2018: Wouter
	- For more clang warnings
	- Fix spelling error in xfr-inspect.

19 February 2018: Wouter
	- Fix for clang analysis complaints.

15 February 2018: Wouter
	- --enable-memclean cleans up memory for use with memory checkers,
	  eg. valgrind.
	- Fix unused variable warnings from clang analyzer.

14 February 2018: Wouter
	- updated RELNOTES for upcoming release.
	- tag 4.1.20rc1, became release on 20 feb, trunk has 4.1.21 in
	  development.

9 February 2018: Wouter
	- make depend: updated the make dependencies in the Makefile.

8 February 2018: Wouter
	- Fix memory leak when rehashing nsec3 after axfr or zonefile read,
	  in the selectively allocated precompiled nsec3 hashes.

6 February 2018: Wouter
	- Fix memory leak in zone file read of unknown rr formatted RRs.
2018-09-03 11:29:14 +00:00
maya
433ad4054d revert my own commit from a while back. Do allow matching bitmap fonts.
Not all bitmap fonts are bad, apparently.
2018-08-30 05:39:21 +00:00
christos
94523889c7 - use setproctitle if we have it
- emulate setproctitle better
2018-08-28 11:11:18 +00:00
sevan
e004a11994 Update usage() to include documented flags 2018-08-27 13:43:05 +00:00
sevan
1ff6a451ed Document the WCPU field. 2018-08-26 21:31:34 +00:00
christos
70aed070fa support SIGINFO 2018-08-21 15:37:33 +00:00
roy
0ef7c20cc1 Sync 2018-08-20 10:55:59 +00:00
roy
3e0aeb312b Import dhcpcd-7.0.8 with the following changes:
*  Don't use IP_PKTINFO on NetBSD-7 as it's incomplete.
  *  Workaround RTM_NEWADDR sending the wrong broadcast address
     on NetBSD-7.
  *  Silence diagnostics if an address vanishes when reading
     it's flags on all BSD's.
  *  Misc compiler warnings fixed.
2018-08-20 10:55:03 +00:00
christos
c1743b4aca avoid redefinition of the package macros. 2018-08-20 10:26:58 +00:00
kre
6a9b9ce521 PR toolchain/53511
_NETBSD_SOURCE and nbtool_config.h don't play well together...
(unbreak tools build on netbsd host)
2018-08-20 10:24:17 +00:00
christos
fae359aff2 PR/53511: Palle Lyckegaard: Fix compiling flex on a Solaris 11 host system 2018-08-20 08:51:56 +00:00
christos
49c18b3098 Avoid uninitialized warning. 2018-08-20 06:47:16 +00:00
christos
54ddcf50a8 use the right variables (fix cut-n-pastos) 2018-08-18 12:00:11 +00:00
christos
3d1aec003a make sure rid and idx are initialized. 2018-08-18 11:59:25 +00:00
christos
4122fc0e66 vdev_inuse might not be called and spare_guid contains random stuff. 2018-08-18 11:58:59 +00:00
christos
c6b4facc77 libisccfg uses libdns... 2018-08-16 16:34:33 +00:00
christos
2df913e657 get rid of kernelbase 2018-08-16 14:14:51 +00:00
christos
355746e494 From FreeBSD:
When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC
flag set, the data field was decrypted first without verifying the MIC.  When
the dta field was encrypted using RC4, for example, when negotiating TKIP as
a pairwise cipher, the unauthenticated but decrypted data was subsequently
processed.  This opened wpa_supplicant(8) to abuse by decryption and recovery
of sensitive information contained in EAPOL-Key messages.

See https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
for a detailed description of the bug.

XXX: pullup-8
2018-08-16 11:34:41 +00:00
kre
8ee9bb6d7f mandoc_xr.c is now in libmandoc (where it should be) it no longer
needs to be here (why having it broke building I did not look to see,
it should be possible to replace a file from a library).
2018-08-16 06:24:40 +00:00
kre
a0734df14c mandoc needs mandoc_xr.c and (because we do not have it in libc, which
should remain the state forever IMO) compat_recallocarray.c

And now that compat_recallocarray() is in libmandoc we no longer
need to manually add its source to mandoc (either the full, or the
tools builds).
2018-08-16 05:03:17 +00:00
kre
2581e35471 man_term.c needs -Wno-error=array-bounds for the exact same reason
as libmandoc/mandoc-validate.c

And as we do not have recallocarray() in libc, we need the compat
source file for the full build, as well as for tools builds.
2018-08-16 03:59:52 +00:00