From 05cb07093d5938f3caf0ffa1f11c4e0aed715ea1 Mon Sep 17 00:00:00 2001 From: frpet Date: Thu, 23 Jan 2020 08:23:16 +0100 Subject: [PATCH 1/9] Update unbound_munin_ Add TLS (DoT) counters --- contrib/unbound_munin_ | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/unbound_munin_ b/contrib/unbound_munin_ index 5d3dff8e8..2839cd8b5 100755 --- a/contrib/unbound_munin_ +++ b/contrib/unbound_munin_ @@ -242,6 +242,8 @@ if test "$1" = "config" ; then p_config "total.num.prefetch" "cache prefetch" "ABSOLUTE" p_config "num.query.tcp" "TCP queries" "ABSOLUTE" p_config "num.query.tcpout" "TCP out queries" "ABSOLUTE" + p_config "num.query.tls" "TLS queries" "ABSOLUTE" + p_config "num.query.tls.resume" "TLS resumes" "ABSOLUTE" p_config "num.query.ipv6" "IPv6 queries" "ABSOLUTE" p_config "unwanted.queries" "queries that failed acl" "ABSOLUTE" p_config "unwanted.replies" "unwanted or unsolicited replies" "ABSOLUTE" @@ -443,7 +445,8 @@ hits) for x in `grep "^thread[0-9][0-9]*\.num\.queries=" $state | sed -e 's/=.*//'` total.num.queries \ total.num.cachehits total.num.prefetch num.query.tcp \ - num.query.tcpout num.query.ipv6 unwanted.queries \ + num.query.tcpout num.query.tls num.query.tls.resume \ + num.query.ipv6 unwanted.queries \ unwanted.replies; do if grep "^"$x"=" $state >/dev/null 2>&1; then print_value $x From 61456ff81d75a67803c4372948068788b465f558 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Thu, 23 Jan 2020 16:16:52 +0100 Subject: [PATCH 2/9] Changelog and contrib/README note for PR#150. - Merge PR#150 from Frzk: Systemd unit without chroot. It add contrib/unbound_nochroot.service.in, a systemd file for use with chroot: "", see comments in the file, it uses systemd protections instead. --- contrib/README | 3 +++ doc/Changelog | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/contrib/README b/contrib/README index f12e52f25..1dce78c09 100644 --- a/contrib/README +++ b/contrib/README @@ -31,6 +31,9 @@ distribution but may be helpful. Contributed by Yuri Voinov. * unbound.socket and unbound.service: systemd files for unbound, install them in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov. +* unbound_nochroot.service.in: systemd file for use with chroot: "", see + comments in the file, it uses systemd protections instead. Contributed + by Frzk. * redirect-bogus.patch: Return configured address for bogus A and AAAA answers, instead of SERVFAIL. Contributed by SIDN. * fastrpz.patch: fastrpz support from Farsight Security. diff --git a/doc/Changelog b/doc/Changelog index 519f4c3ea..e323cb84b 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,9 @@ +23 January 2020: Wouter + - Merge PR#150 from Frzk: Systemd unit without chroot. It add + contrib/unbound_nochroot.service.in, a systemd file for use with + chroot: "", see comments in the file, it uses systemd protections + instead. + 14 January 2020: Wouter - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, because dnscrypt-proxy (2.0.36) does not support the test setup From f6b4f2a14918c96c3c3f5e35775e3edf4418ef24 Mon Sep 17 00:00:00 2001 From: Steven Chamberlain Date: Thu, 16 Feb 2017 12:37:41 +0000 Subject: [PATCH 3/9] Allow use of libbsd functions with configure option --with-libbsd Add a new configure option `--with-libbsd', which allows to use libbsd's portable implementations of: strlcpy strlcat arc4random arc4random_uniform reallocarray instead of the embedded code copies in contrib/, which will be difficult to maintain in the long term. Also patch util/random.c so that, when building with libbsd and without OpenSSL, arc4random can still be used as the PRNG. Otherwise, building with libnettle would need a kernel-specific getentropy implementation, and libbsd does not export one. [edmonds@debian.org: Imported patch description from BTS, refreshed patch against Unbound 1.9.6.] --- configure.ac | 18 ++++++++++++++++++ contrib/libunbound.pc.in | 2 +- util/random.c | 8 ++++---- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 0104554dc..15efda669 100644 --- a/configure.ac +++ b/configure.ac @@ -881,6 +881,19 @@ fi fi AC_SUBST(SSLLIB) +# libbsd +AC_ARG_WITH([libbsd], AC_HELP_STRING([--with-libbsd], [Use portable libbsd functions]), [ + AC_CHECK_HEADERS([bsd/string.h bsd/stdlib.h],,, [AC_INCLUDES_DEFAULT]) + if test "x$ac_cv_header_bsd_string_h" = xyes -a "x$ac_cv_header_bsd_stdlib_h" = xyes; then + for func in strlcpy strlcat arc4random arc4random_uniform reallocarray; do + AC_SEARCH_LIBS([$func], [bsd], [ + AC_DEFINE(HAVE_LIBBSD, 1, [Use portable libbsd functions]) + PC_LIBBSD_DEPENDENCY=libbsd + AC_SUBST(PC_LIBBSD_DEPENDENCY) + ]) + done + fi +]) AC_ARG_ENABLE(sha1, AC_HELP_STRING([--disable-sha1], [Disable SHA1 RRSIG support, does not disable nsec3 support])) case "$enable_sha1" in @@ -1946,6 +1959,11 @@ char *strptime(const char *s, const char *format, struct tm *tm); void *reallocarray(void *ptr, size_t nmemb, size_t size); #endif +#ifdef HAVE_LIBBSD +#include +#include +#endif + #ifdef HAVE_LIBRESSL # if !HAVE_DECL_STRLCPY size_t strlcpy(char *dst, const char *src, size_t siz); diff --git a/contrib/libunbound.pc.in b/contrib/libunbound.pc.in index 810c57134..e3e842695 100644 --- a/contrib/libunbound.pc.in +++ b/contrib/libunbound.pc.in @@ -8,7 +8,7 @@ Description: Library with validating, recursive, and caching DNS resolver URL: http://www.unbound.net Version: @PACKAGE_VERSION@ Requires: libcrypto libssl @PC_LIBEVENT_DEPENDENCY@ -Requires.private: @PC_PY_DEPENDENCY@ +Requires.private: @PC_PY_DEPENDENCY@ @PC_LIBBSD_DEPENDENCY@ Libs: -L${libdir} -lunbound -lssl -lcrypto Libs.private: @SSLLIB@ @LIBS@ Cflags: -I${includedir} diff --git a/util/random.c b/util/random.c index bb564f2f9..6eb102c63 100644 --- a/util/random.c +++ b/util/random.c @@ -78,7 +78,7 @@ */ #define MAX_VALUE 0x7fffffff -#if defined(HAVE_SSL) +#if defined(HAVE_SSL) || defined(HAVE_LIBBSD) struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { @@ -183,10 +183,10 @@ long int ub_random(struct ub_randstate* s) } return x & MAX_VALUE; } -#endif /* HAVE_SSL or HAVE_NSS or HAVE_NETTLE */ +#endif /* HAVE_SSL or HAVE_LIBBSD or HAVE_NSS or HAVE_NETTLE */ -#if defined(HAVE_NSS) || defined(HAVE_NETTLE) +#if defined(HAVE_NSS) || defined(HAVE_NETTLE) && !defined(HAVE_LIBBSD) long int ub_random_max(struct ub_randstate* state, long int x) { @@ -198,7 +198,7 @@ ub_random_max(struct ub_randstate* state, long int x) v = ub_random(state); return (v % x); } -#endif /* HAVE_NSS or HAVE_NETTLE */ +#endif /* HAVE_NSS or HAVE_NETTLE and !HAVE_LIBBSD */ void ub_randfree(struct ub_randstate* s) From 36b5d74fc4e604e73ddd6689a140f7b324347e30 Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Sun, 26 Jan 2020 22:01:38 -0500 Subject: [PATCH 4/9] contrib/libunbound.pc.in: Only specify -lunbound for Libs According to the pkg-config manpage, the "Libs" line in a .pc file should give the link flags "specific to your package", and specifically says not to include link flags for dependencies: Libs: This line should give the link flags specific to your package. Don't add any flags for required packages; pkg-config will add those automatically. --- contrib/libunbound.pc.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/libunbound.pc.in b/contrib/libunbound.pc.in index 810c57134..74dfdb6fc 100644 --- a/contrib/libunbound.pc.in +++ b/contrib/libunbound.pc.in @@ -9,6 +9,6 @@ URL: http://www.unbound.net Version: @PACKAGE_VERSION@ Requires: libcrypto libssl @PC_LIBEVENT_DEPENDENCY@ Requires.private: @PC_PY_DEPENDENCY@ -Libs: -L${libdir} -lunbound -lssl -lcrypto +Libs: -L${libdir} -lunbound Libs.private: @SSLLIB@ @LIBS@ -Cflags: -I${includedir} +Cflags: -I${includedir} From 394f9403df102e47bcebc174ed26968a68548c9f Mon Sep 17 00:00:00 2001 From: Robert Edmonds Date: Sun, 26 Jan 2020 22:23:53 -0500 Subject: [PATCH 5/9] contrib/libunbound.pc.in: Embed the correct crypto dependencies This commit removes the hardcoded dependency in the libunbound pkg-config .pc file on the libcrypto and libssl modules and instead populates the .pc file based on which crypto library was selected at configure time. Note that the .pc file specifies pkg-config module names for the "Requires" line and this can vary from the library filename (e.g. "nss" is the pkg-config module name vs. "nss3" being the library name). --- configure.ac | 7 +++++++ contrib/libunbound.pc.in | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0104554dc..99c662792 100644 --- a/configure.ac +++ b/configure.ac @@ -761,6 +761,8 @@ AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path], fi LIBS="$LIBS -lnss3 -lnspr4" SSLLIB="" + PC_CRYPTO_DEPENDENCY="nss nspr" + AC_SUBST(PC_CRYPTO_DEPENDENCY) ] ) @@ -781,6 +783,8 @@ AC_ARG_WITH([nettle], AC_HELP_STRING([--with-nettle=path], fi LIBS="$LIBS -lhogweed -lnettle -lgmp" SSLLIB="" + PC_CRYPTO_DEPENDENCY="hogweed nettle" + AC_SUBST(PC_CRYPTO_DEPENDENCY) ] ) @@ -790,6 +794,9 @@ ACX_WITH_SSL ACX_LIB_SSL SSLLIB="-lssl" +PC_CRYPTO_DEPENDENCY="libcrypto libssl" +AC_SUBST(PC_CRYPTO_DEPENDENCY) + # check if -lcrypt32 is needed because CAPIENG needs that. (on windows) BAKLIBS="$LIBS" LIBS="-lssl $LIBS" diff --git a/contrib/libunbound.pc.in b/contrib/libunbound.pc.in index 74dfdb6fc..f7cd1e074 100644 --- a/contrib/libunbound.pc.in +++ b/contrib/libunbound.pc.in @@ -7,7 +7,7 @@ Name: unbound Description: Library with validating, recursive, and caching DNS resolver URL: http://www.unbound.net Version: @PACKAGE_VERSION@ -Requires: libcrypto libssl @PC_LIBEVENT_DEPENDENCY@ +Requires: @PC_CRYPTO_DEPENDENCY@ @PC_LIBEVENT_DEPENDENCY@ Requires.private: @PC_PY_DEPENDENCY@ Libs: -L${libdir} -lunbound Libs.private: @SSLLIB@ @LIBS@ From 82a6a2f8ccf6f1a80d15264eb1a9e7799daf08e7 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 27 Jan 2020 09:31:07 +0100 Subject: [PATCH 6/9] Changelog note for PR#155. - Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies. --- doc/Changelog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index e323cb84b..e372886d0 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +27 January 2020: Wouter + - Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes + to Libs/Requires for crypto library dependencies. + 23 January 2020: Wouter - Merge PR#150 from Frzk: Systemd unit without chroot. It add contrib/unbound_nochroot.service.in, a systemd file for use with From 68ff1730ac9cb7f339d6618b87977f69dc02d974 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Mon, 27 Jan 2020 09:40:18 +0100 Subject: [PATCH 7/9] - Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance. --- configure | 19 +++++++++++++++---- configure.ac | 8 +++++--- doc/Changelog | 2 ++ 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/configure b/configure index eb855554d..d5f8d8cee 100755 --- a/configure +++ b/configure @@ -675,6 +675,7 @@ SUBNET_HEADER SUBNET_OBJ SSLLIB HAVE_SSL +PC_CRYPTO_DEPENDENCY CONFIG_DATE NETBSD_LINTFLAGS PYUNBOUND_UNINSTALL @@ -17759,6 +17760,8 @@ $as_echo "#define HAVE_NSS 1" >>confdefs.h fi LIBS="$LIBS -lnss3 -lnspr4" SSLLIB="" + PC_CRYPTO_DEPENDENCY="nss nspr" + fi @@ -17802,6 +17805,8 @@ done fi LIBS="$LIBS -lhogweed -lnettle -lgmp" SSLLIB="" + PC_CRYPTO_DEPENDENCY="hogweed nettle" + fi @@ -18152,6 +18157,9 @@ rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext SSLLIB="-lssl" +PC_CRYPTO_DEPENDENCY="libcrypto libssl" + + # check if -lcrypt32 is needed because CAPIENG needs that. (on windows) BAKLIBS="$LIBS" LIBS="-lssl $LIBS" @@ -18745,9 +18753,7 @@ fi use_dsa="no" case "$enable_dsa" in - no) - ;; - *) + yes) # detect if DSA is supported, and turn it off if not. if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then ac_fn_c_check_func "$LINENO" "DSA_SIG_new" "ac_cv_func_DSA_SIG_new" @@ -18800,6 +18806,10 @@ _ACEOF fi ;; + *) + # disable dsa by default, RFC 8624 section 3.1, validators MUST NOT + # support DSA for DNSSEC Validation. + ;; esac # Check whether --enable-ed25519 was given. @@ -21431,7 +21441,7 @@ version=1.9.7 date=`date +'%b %e, %Y'` -ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service" +ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service contrib/unbound_nochroot.service" ac_config_headers="$ac_config_headers config.h" @@ -22437,6 +22447,7 @@ do "contrib/libunbound.pc") CONFIG_FILES="$CONFIG_FILES contrib/libunbound.pc" ;; "contrib/unbound.socket") CONFIG_FILES="$CONFIG_FILES contrib/unbound.socket" ;; "contrib/unbound.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound.service" ;; + "contrib/unbound_nochroot.service") CONFIG_FILES="$CONFIG_FILES contrib/unbound_nochroot.service" ;; "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; diff --git a/configure.ac b/configure.ac index 99c662792..a356dcf7d 100644 --- a/configure.ac +++ b/configure.ac @@ -1072,9 +1072,7 @@ esac AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support])) use_dsa="no" case "$enable_dsa" in - no) - ;; - *) + yes) # detect if DSA is supported, and turn it off if not. if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then AC_CHECK_FUNC(DSA_SIG_new, [ @@ -1105,6 +1103,10 @@ AC_INCLUDES_DEFAULT AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) fi ;; + *) + # disable dsa by default, RFC 8624 section 3.1, validators MUST NOT + # support DSA for DNSSEC Validation. + ;; esac AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable ED25519 support])) diff --git a/doc/Changelog b/doc/Changelog index e372886d0..e38191ebb 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 27 January 2020: Wouter - Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies. + - Fix #153: Disable validation for DSA algorithms. RFC 8624 + compliance. 23 January 2020: Wouter - Merge PR#150 from Frzk: Systemd unit without chroot. It add From 41621fb1df69bd4437073bfdba5b103ff0ad6976 Mon Sep 17 00:00:00 2001 From: Ralph Dolmans Date: Mon, 27 Jan 2020 15:50:12 +0100 Subject: [PATCH 8/9] - Add changelog entry for RP#154 - autoconf after PR#154 --- config.h.in | 14 ++++++ configure | 117 +++++++++++++++++++++++++++++++++++++++++++++++--- doc/Changelog | 6 ++- 3 files changed, 130 insertions(+), 7 deletions(-) diff --git a/config.h.in b/config.h.in index 8c2aa3b94..15940c04f 100644 --- a/config.h.in +++ b/config.h.in @@ -63,6 +63,12 @@ /* Whether the C compiler accepts the "weak" attribute */ #undef HAVE_ATTR_WEAK +/* Define to 1 if you have the header file. */ +#undef HAVE_BSD_STDLIB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_BSD_STRING_H + /* Define to 1 if you have the `chown' function. */ #undef HAVE_CHOWN @@ -311,6 +317,9 @@ /* Define to 1 if you have the `kill' function. */ #undef HAVE_KILL +/* Use portable libbsd functions */ +#undef HAVE_LIBBSD + /* Define to 1 if you have the header file. */ #undef HAVE_LIBKERN_OSBYTEORDER_H @@ -1231,6 +1240,11 @@ char *strptime(const char *s, const char *format, struct tm *tm); void *reallocarray(void *ptr, size_t nmemb, size_t size); #endif +#ifdef HAVE_LIBBSD +#include +#include +#endif + #ifdef HAVE_LIBRESSL # if !HAVE_DECL_STRLCPY size_t strlcpy(char *dst, const char *src, size_t siz); diff --git a/configure b/configure index d5f8d8cee..c22850d4b 100755 --- a/configure +++ b/configure @@ -673,6 +673,7 @@ UNBOUND_EVENT_UNINSTALL UNBOUND_EVENT_INSTALL SUBNET_HEADER SUBNET_OBJ +PC_LIBBSD_DEPENDENCY SSLLIB HAVE_SSL PC_CRYPTO_DEPENDENCY @@ -802,6 +803,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -860,6 +862,7 @@ enable_swig_version_check with_nss with_nettle with_ssl +with_libbsd enable_sha1 enable_sha2 enable_subnet @@ -948,6 +951,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1200,6 +1204,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1337,7 +1350,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1490,6 +1503,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1621,6 +1635,7 @@ Optional Packages: --with-ssl=pathname enable SSL (will check /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr) + --with-libbsd Use portable libbsd functions --with-libevent=pathname use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify @@ -15645,7 +15660,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15691,7 +15706,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15715,7 +15730,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15760,7 +15775,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -15784,7 +15799,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -18450,6 +18465,96 @@ fi fi +# libbsd + +# Check whether --with-libbsd was given. +if test "${with_libbsd+set}" = set; then : + withval=$with_libbsd; + for ac_header in bsd/string.h bsd/stdlib.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + if test "x$ac_cv_header_bsd_string_h" = xyes -a "x$ac_cv_header_bsd_stdlib_h" = xyes; then + for func in strlcpy strlcat arc4random arc4random_uniform reallocarray; do + as_ac_Search=`$as_echo "ac_cv_search_$func" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing $func" >&5 +$as_echo_n "checking for library containing $func... " >&6; } +if eval \${$as_ac_Search+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $func (); +int +main () +{ +return $func (); + ; + return 0; +} +_ACEOF +for ac_lib in '' bsd; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + eval "$as_ac_Search=\$ac_res" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if eval \${$as_ac_Search+:} false; then : + break +fi +done +if eval \${$as_ac_Search+:} false; then : + +else + eval "$as_ac_Search=no" +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +eval ac_res=\$$as_ac_Search + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +eval ac_res=\$$as_ac_Search +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + + +$as_echo "#define HAVE_LIBBSD 1" >>confdefs.h + + PC_LIBBSD_DEPENDENCY=libbsd + + +fi + + done + fi + +fi + # Check whether --enable-sha1 was given. if test "${enable_sha1+set}" = set; then : diff --git a/doc/Changelog b/doc/Changelog index e38191ebb..f5ae1fc80 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,9 @@ +27 January 2020: Ralph + - Merge PR#154; Allow use of libbsd functions with configure option + --with-libbsd. By Robert Edmonds and Steven Chamberlain. + 27 January 2020: Wouter - - Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes + - Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies. - Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance. From 0feee99055786c24205970faacac6ed39835be28 Mon Sep 17 00:00:00 2001 From: Ralph Dolmans Date: Mon, 27 Jan 2020 16:06:06 +0100 Subject: [PATCH 9/9] - Add changelog entry for PR#148. --- doc/Changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/Changelog b/doc/Changelog index f5ae1fc80..b6ff710a1 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 27 January 2020: Ralph - Merge PR#154; Allow use of libbsd functions with configure option --with-libbsd. By Robert Edmonds and Steven Chamberlain. + - Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai. 27 January 2020: Wouter - Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes