upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fixed contrib/fastrpz.patch, even though this already applied

Browse source 
cleanly for me, now also for others.


git-svn-id: file:///svn/unbound/trunk@4565 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2018-03-07 08:32:14 +00:00
parent 5c8819f1ac
commit 3a69cf5c69
2 changed files with 141 additions and 179 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

316
contrib/fastrpz.patch
View file

@ -1,10 +1,15 @@
Description: based on the included patch contrib/fastrpz.patch
Author: fastrpz@farsightsecurity.com
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
=================================================================== ===================================================================
RCS file: ./RCS/Makefile.in,v RCS file: ./RCS/Makefile.in,v
retrieving revision 1.1 retrieving revision 1.1
diff -u --unidirectional-new-file -r1.1 ./Makefile.in Index: unbound-1.7.0~rc1/Makefile.in
--- ./Makefile.in ===================================================================
+++ ./Makefile.in --- unbound-1.7.0~rc1.orig/Makefile.in
@@ -23,6 +23,8 @@ +++ unbound-1.7.0~rc1/Makefile.in
@@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c
CHECKLOCK_OBJ=@CHECKLOCK_OBJ@ CHECKLOCK_OBJ=@CHECKLOCK_OBJ@
DNSTAP_SRC=@DNSTAP_SRC@ DNSTAP_SRC=@DNSTAP_SRC@
DNSTAP_OBJ=@DNSTAP_OBJ@ DNSTAP_OBJ=@DNSTAP_OBJ@
@ -13,7 +18,7 @@ diff -u --unidirectional-new-file -r1.1 ./Makefile.in
DNSCRYPT_SRC=@DNSCRYPT_SRC@ DNSCRYPT_SRC=@DNSCRYPT_SRC@
DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ DNSCRYPT_OBJ=@DNSCRYPT_OBJ@
WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ WITH_PYTHONMODULE=@WITH_PYTHONMODULE@
@@ -125,7 +127,7 @@ @@ -125,7 +127,7 @@ validator/val_sigcrypt.c validator/val_u
edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \
edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \
cachedb/cachedb.c respip/respip.c $(CHECKLOCK_SRC) \ cachedb/cachedb.c respip/respip.c $(CHECKLOCK_SRC) \
@ -22,7 +27,7 @@ diff -u --unidirectional-new-file -r1.1 ./Makefile.in
COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \
@@ -137,7 +139,7 @@ @@ -137,7 +139,7 @@ slabhash.lo timehist.lo tube.lo winsock_
validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo\ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo\
$(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \
@ -31,7 +36,7 @@ diff -u --unidirectional-new-file -r1.1 ./Makefile.in
COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \
outside_network.lo outside_network.lo
COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo
@@ -398,6 +401,11 @@ @@ -400,6 +402,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscry
$(srcdir)/util/config_file.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/util/netevent.h
@ -43,13 +48,11 @@ diff -u --unidirectional-new-file -r1.1 ./Makefile.in
# Python Module # Python Module
pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \
pythonmod/interface.h \ pythonmod/interface.h \
Index: unbound-1.7.0~rc1/config.h.in
=================================================================== ===================================================================
RCS file: ./RCS/config.h.in,v --- unbound-1.7.0~rc1.orig/config.h.in
retrieving revision 1.1 +++ unbound-1.7.0~rc1/config.h.in
diff -u --unidirectional-new-file -r1.1 ./config.h.in @@ -1228,4 +1228,11 @@ void *unbound_stat_realloc_log(void *ptr
--- ./config.h.in
+++ ./config.h.in
@@ -1199,4 +1199,11 @@
/** the version of unbound-control that this software implements */ /** the version of unbound-control that this software implements */
#define UNBOUND_CONTROL_VERSION 1 #define UNBOUND_CONTROL_VERSION 1
@ -62,13 +65,11 @@ diff -u --unidirectional-new-file -r1.1 ./config.h.in
+#undef FASTRPZ_LIB_OPEN +#undef FASTRPZ_LIB_OPEN
+/** turn on fastrpz response policy zones */ +/** turn on fastrpz response policy zones */
+#undef ENABLE_FASTRPZ +#undef ENABLE_FASTRPZ
Index: unbound-1.7.0~rc1/configure.ac
=================================================================== ===================================================================
RCS file: ./RCS/configure.ac,v --- unbound-1.7.0~rc1.orig/configure.ac
retrieving revision 1.1 +++ unbound-1.7.0~rc1/configure.ac
diff -u --unidirectional-new-file -r1.1 ./configure.ac @@ -6,6 +6,7 @@ sinclude(ax_pthread.m4)
--- ./configure.ac
+++ ./configure.ac
@@ -6,6 +6,7 @@
sinclude(acx_python.m4) sinclude(acx_python.m4)
sinclude(ac_pkg_swig.m4) sinclude(ac_pkg_swig.m4)
sinclude(dnstap/dnstap.m4) sinclude(dnstap/dnstap.m4)
@ -76,8 +77,8 @@ diff -u --unidirectional-new-file -r1.1 ./configure.ac
sinclude(dnscrypt/dnscrypt.m4) sinclude(dnscrypt/dnscrypt.m4)
# must be numbers. ac_defun because of later processing # must be numbers. ac_defun because of later processing
@@ -1352,6 +1353,9 @@ @@ -1453,6 +1454,9 @@ case "$enable_ipsecmod" in
;; ;;
esac esac
+# check for Fastrpz with fastrpz/rpz.m4 +# check for Fastrpz with fastrpz/rpz.m4
@ -86,13 +87,11 @@ diff -u --unidirectional-new-file -r1.1 ./configure.ac
AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope])
# on openBSD, the implicit rule make $< work. # on openBSD, the implicit rule make $< work.
# on Solaris, it does not work ($? is changed sources, $^ lists dependencies). # on Solaris, it does not work ($? is changed sources, $^ lists dependencies).
Index: unbound-1.7.0~rc1/daemon/daemon.c
=================================================================== ===================================================================
RCS file: ./daemon/RCS/daemon.c,v --- unbound-1.7.0~rc1.orig/daemon/daemon.c
retrieving revision 1.1 +++ unbound-1.7.0~rc1/daemon/daemon.c
diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.c @@ -90,6 +90,9 @@
--- ./daemon/daemon.c
+++ ./daemon/daemon.c
@@ -89,6 +89,9 @@
#include "sldns/keyraw.h" #include "sldns/keyraw.h"
#include "respip/respip.h" #include "respip/respip.h"
#include <signal.h> #include <signal.h>
@ -102,7 +101,7 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.c
#ifdef HAVE_SYSTEMD #ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h> #include <systemd/sd-daemon.h>
@@ -451,6 +454,14 @@ @@ -461,6 +464,14 @@ daemon_create_workers(struct daemon* dae
fatal_exit("dnstap enabled in config but not built with dnstap support"); fatal_exit("dnstap enabled in config but not built with dnstap support");
#endif #endif
} }
@ -117,9 +116,9 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.c
for(i=0; i<daemon->num; i++) { for(i=0; i<daemon->num; i++) {
if(!(daemon->workers[i] = worker_create(daemon, i, if(!(daemon->workers[i] = worker_create(daemon, i,
shufport+numport*i/daemon->num, shufport+numport*i/daemon->num,
@@ -691,6 +702,9 @@ @@ -710,6 +721,9 @@ daemon_cleanup(struct daemon* daemon)
#ifdef USE_DNSTAP #ifdef USE_DNSCRYPT
dt_delete(daemon->dtenv); dnsc_delete(daemon->dnscenv);
#endif #endif
+#ifdef ENABLE_FASTRPZ +#ifdef ENABLE_FASTRPZ
+ rpz_delete(&daemon->rpz_clist, &daemon->rpz_client); + rpz_delete(&daemon->rpz_clist, &daemon->rpz_client);
@ -127,13 +126,11 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.c
daemon->cfg = NULL; daemon->cfg = NULL;
} }
Index: unbound-1.7.0~rc1/daemon/daemon.h
=================================================================== ===================================================================
RCS file: ./daemon/RCS/daemon.h,v --- unbound-1.7.0~rc1.orig/daemon/daemon.h
retrieving revision 1.1 +++ unbound-1.7.0~rc1/daemon/daemon.h
diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.h @@ -134,6 +134,11 @@ struct daemon {
--- ./daemon/daemon.h
+++ ./daemon/daemon.h
@@ -134,6 +134,11 @@
/** the dnscrypt environment */ /** the dnscrypt environment */
struct dnsc_env* dnscenv; struct dnsc_env* dnscenv;
#endif #endif
@ -145,13 +142,11 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.h
}; };
/** /**
Index: unbound-1.7.0~rc1/daemon/worker.c
=================================================================== ===================================================================
RCS file: ./daemon/RCS/worker.c,v --- unbound-1.7.0~rc1.orig/daemon/worker.c
retrieving revision 1.1 +++ unbound-1.7.0~rc1/daemon/worker.c
diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c @@ -74,6 +74,9 @@
--- ./daemon/worker.c
+++ ./daemon/worker.c
@@ -73,6 +73,9 @@
#include "libunbound/context.h" #include "libunbound/context.h"
#include "libunbound/libworker.h" #include "libunbound/libworker.h"
#include "sldns/sbuffer.h" #include "sldns/sbuffer.h"
@ -161,7 +156,7 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c
#include "sldns/wire2str.h" #include "sldns/wire2str.h"
#include "util/shm_side/shm_main.h" #include "util/shm_side/shm_main.h"
#include "dnscrypt/dnscrypt.h" #include "dnscrypt/dnscrypt.h"
@@ -526,8 +529,27 @@ @@ -527,8 +530,27 @@ answer_norec_from_cache(struct worker* w
/* not secure */ /* not secure */
secure = 0; secure = 0;
break; break;
@ -189,7 +184,7 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c
/* return this delegation from the cache */ /* return this delegation from the cache */
edns->edns_version = EDNS_ADVERTISED_VERSION; edns->edns_version = EDNS_ADVERTISED_VERSION;
edns->udp_size = EDNS_ADVERTISED_SIZE; edns->udp_size = EDNS_ADVERTISED_SIZE;
@@ -688,6 +710,23 @@ @@ -689,6 +711,23 @@ answer_from_cache(struct worker* worker,
secure = 0; secure = 0;
} }
} else secure = 0; } else secure = 0;
@ -213,7 +208,7 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c
edns->edns_version = EDNS_ADVERTISED_VERSION; edns->edns_version = EDNS_ADVERTISED_VERSION;
edns->udp_size = EDNS_ADVERTISED_SIZE; edns->udp_size = EDNS_ADVERTISED_SIZE;
@@ -1267,6 +1306,15 @@ @@ -1291,6 +1330,15 @@ worker_handle_request(struct comm_point*
log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from",
&repinfo->addr, repinfo->addrlen); &repinfo->addr, repinfo->addrlen);
goto send_reply; goto send_reply;
@ -229,7 +224,7 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c
} }
/* If we've found a local alias, replace the qname with the alias /* If we've found a local alias, replace the qname with the alias
@@ -1315,12 +1363,21 @@ @@ -1339,12 +1387,21 @@ lookup_cache:
h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2));
if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) {
/* answer from cache - we have acquired a readlock on it */ /* answer from cache - we have acquired a readlock on it */
@ -253,7 +248,7 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c
/* prefetch it if the prefetch TTL expired. /* prefetch it if the prefetch TTL expired.
* Note that if there is more than one pass * Note that if there is more than one pass
* its qname must be that used for cache * its qname must be that used for cache
@@ -1371,11 +1428,19 @@ @@ -1398,11 +1455,19 @@ lookup_cache:
lock_rw_unlock(&e->lock); lock_rw_unlock(&e->lock);
} }
if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) {
@ -275,13 +270,11 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c
goto send_reply; goto send_reply;
} }
verbose(VERB_ALGO, "answer norec from cache -- " verbose(VERB_ALGO, "answer norec from cache -- "
Index: unbound-1.7.0~rc1/doc/unbound.conf.5.in
=================================================================== ===================================================================
RCS file: ./doc/RCS/unbound.conf.5.in,v --- unbound-1.7.0~rc1.orig/doc/unbound.conf.5.in
retrieving revision 1.1 +++ unbound-1.7.0~rc1/doc/unbound.conf.5.in
diff -u --unidirectional-new-file -r1.1 ./doc/unbound.conf.5.in @@ -1581,6 +1581,81 @@ It must be /96 or shorter. The default
--- ./doc/unbound.conf.5.in
+++ ./doc/unbound.conf.5.in
@@ -1446,6 +1446,81 @@
.B dns64\-synthall: \fI<yes or no>\fR .B dns64\-synthall: \fI<yes or no>\fR
Debug option, default no. If enabled, synthesize all AAAA records Debug option, default no. If enabled, synthesize all AAAA records
despite the presence of actual AAAA records. despite the presence of actual AAAA records.
@ -363,12 +356,10 @@ diff -u --unidirectional-new-file -r1.1 ./doc/unbound.conf.5.in
.SS "DNSCrypt Options" .SS "DNSCrypt Options"
.LP .LP
The The
Index: unbound-1.7.0~rc1/fastrpz/librpz.h
=================================================================== ===================================================================
RCS file: ./fastrpz/RCS/librpz.h,v --- /dev/null
retrieving revision 1.1 +++ unbound-1.7.0~rc1/fastrpz/librpz.h
diff -u --unidirectional-new-file -r1.1 ./fastrpz/librpz.h
--- ./fastrpz/librpz.h
+++ ./fastrpz/librpz.h
@@ -0,0 +1,957 @@ @@ -0,0 +1,957 @@
+/* +/*
+ * Define the interface from a DNS resolver to the Response Policy Zone + * Define the interface from a DNS resolver to the Response Policy Zone
@ -1327,12 +1318,10 @@ diff -u --unidirectional-new-file -r1.1 ./fastrpz/librpz.h
+#endif /* LIBRPZ_LIB_OPEN */ +#endif /* LIBRPZ_LIB_OPEN */
+ +
+#endif /* LIBRPZ_H */ +#endif /* LIBRPZ_H */
Index: unbound-1.7.0~rc1/fastrpz/rpz.c
=================================================================== ===================================================================
RCS file: ./fastrpz/RCS/rpz.c,v --- /dev/null
retrieving revision 1.1 +++ unbound-1.7.0~rc1/fastrpz/rpz.c
diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.c
--- ./fastrpz/rpz.c
+++ ./fastrpz/rpz.c
@@ -0,0 +1,1357 @@ @@ -0,0 +1,1357 @@
+/* +/*
+ * fastrpz/rpz.c - interface to the fastrpz response policy zone library + * fastrpz/rpz.c - interface to the fastrpz response policy zone library
@ -2691,12 +2680,10 @@ diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.c
+} +}
+ +
+#endif /* ENABLE_FASTRPZ */ +#endif /* ENABLE_FASTRPZ */
Index: unbound-1.7.0~rc1/fastrpz/rpz.h
=================================================================== ===================================================================
RCS file: ./fastrpz/RCS/rpz.h,v --- /dev/null
retrieving revision 1.1 +++ unbound-1.7.0~rc1/fastrpz/rpz.h
diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.h
--- ./fastrpz/rpz.h
+++ ./fastrpz/rpz.h
@@ -0,0 +1,138 @@ @@ -0,0 +1,138 @@
+/* +/*
+ * fastrpz/rpz.h - interface to the fastrpz response policy zone library + * fastrpz/rpz.h - interface to the fastrpz response policy zone library
@ -2836,12 +2823,10 @@ diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.h
+ +
+#endif /* ENABLE_FASTRPZ */ +#endif /* ENABLE_FASTRPZ */
+#endif /* UNBOUND_FASTRPZ_RPZ_H */ +#endif /* UNBOUND_FASTRPZ_RPZ_H */
Index: unbound-1.7.0~rc1/fastrpz/rpz.m4
=================================================================== ===================================================================
RCS file: ./fastrpz/RCS/rpz.m4,v --- /dev/null
retrieving revision 1.1 +++ unbound-1.7.0~rc1/fastrpz/rpz.m4
diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.m4
--- ./fastrpz/rpz.m4
+++ ./fastrpz/rpz.m4
@@ -0,0 +1,64 @@ @@ -0,0 +1,64 @@
+# fastrpz/rpz.m4 +# fastrpz/rpz.m4
+ +
@ -2907,13 +2892,11 @@ diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.m4
+ AC_MSG_WARN([[dlopen and librpz.so needed for fastrpz]]) + AC_MSG_WARN([[dlopen and librpz.so needed for fastrpz]])
+ fi + fi
+]) +])
Index: unbound-1.7.0~rc1/iterator/iterator.c
=================================================================== ===================================================================
RCS file: ./iterator/RCS/iterator.c,v --- unbound-1.7.0~rc1.orig/iterator/iterator.c
retrieving revision 1.1 +++ unbound-1.7.0~rc1/iterator/iterator.c
diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c @@ -68,6 +68,9 @@
--- ./iterator/iterator.c
+++ ./iterator/iterator.c
@@ -67,6 +67,9 @@
#include "sldns/str2wire.h" #include "sldns/str2wire.h"
#include "sldns/parseutil.h" #include "sldns/parseutil.h"
#include "sldns/sbuffer.h" #include "sldns/sbuffer.h"
@ -2923,7 +2906,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c
int int
iter_init(struct module_env* env, int id) iter_init(struct module_env* env, int id)
@@ -487,6 +490,23 @@ @@ -511,6 +514,23 @@ handle_cname_response(struct module_qsta
if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME &&
query_dname_compare(*mname, r->rk.dname) == 0 && query_dname_compare(*mname, r->rk.dname) == 0 &&
!iter_find_rrset_in_prepend_answer(iq, r)) { !iter_find_rrset_in_prepend_answer(iq, r)) {
@ -2947,7 +2930,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c
/* Add this relevant CNAME rrset to the prepend list.*/ /* Add this relevant CNAME rrset to the prepend list.*/
if(!iter_add_prepend_answer(qstate, iq, r)) if(!iter_add_prepend_answer(qstate, iq, r))
return 0; return 0;
@@ -495,6 +515,9 @@ @@ -519,6 +539,9 @@ handle_cname_response(struct module_qsta
/* Other rrsets in the section are ignored. */ /* Other rrsets in the section are ignored. */
} }
@ -2957,7 +2940,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c
/* add authority rrsets to authority prepend, for wildcarded CNAMEs */ /* add authority rrsets to authority prepend, for wildcarded CNAMEs */
for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets + for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets +
msg->rep->ns_numrrsets; i++) { msg->rep->ns_numrrsets; i++) {
@@ -996,6 +1019,7 @@ @@ -1148,6 +1171,7 @@ processInitRequest(struct module_qstate*
uint8_t* delname; uint8_t* delname;
size_t delnamelen; size_t delnamelen;
struct dns_msg* msg = NULL; struct dns_msg* msg = NULL;
@ -2965,7 +2948,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c
log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo);
/* check effort */ /* check effort */
@@ -1056,8 +1080,7 @@ @@ -1223,8 +1247,7 @@ processInitRequest(struct module_qstate*
} }
if(msg) { if(msg) {
/* handle positive cache response */ /* handle positive cache response */
@ -2975,7 +2958,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c
if(verbosity >= VERB_ALGO) { if(verbosity >= VERB_ALGO) {
log_dns_msg("msg from cache lookup", &msg->qinfo, log_dns_msg("msg from cache lookup", &msg->qinfo,
msg->rep); msg->rep);
@@ -1065,7 +1088,22 @@ @@ -1232,7 +1255,22 @@ processInitRequest(struct module_qstate*
(int)msg->rep->ttl, (int)msg->rep->ttl,
(int)msg->rep->prefetch_ttl); (int)msg->rep->prefetch_ttl);
} }
@ -2998,7 +2981,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c
if(type == RESPONSE_TYPE_CNAME) { if(type == RESPONSE_TYPE_CNAME) {
uint8_t* sname = 0; uint8_t* sname = 0;
size_t slen = 0; size_t slen = 0;
@@ -2321,6 +2359,62 @@ @@ -2552,6 +2590,62 @@ processQueryResponse(struct module_qstat
sock_list_insert(&qstate->reply_origin, sock_list_insert(&qstate->reply_origin,
&qstate->reply->addr, qstate->reply->addrlen, &qstate->reply->addr, qstate->reply->addrlen,
qstate->region); qstate->region);
@ -3061,7 +3044,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c
if(iq->minimisation_state != DONOT_MINIMISE_STATE) { if(iq->minimisation_state != DONOT_MINIMISE_STATE) {
if(FLAGS_GET_RCODE(iq->response->rep->flags) != if(FLAGS_GET_RCODE(iq->response->rep->flags) !=
LDNS_RCODE_NOERROR) { LDNS_RCODE_NOERROR) {
@@ -3022,12 +3116,44 @@ @@ -3273,12 +3367,44 @@ processFinished(struct module_qstate* qs
* but only if we did recursion. The nonrecursion referral * but only if we did recursion. The nonrecursion referral
* from cache does not need to be stored in the msg cache. */ * from cache does not need to be stored in the msg cache. */
if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) {
@ -3106,13 +3089,11 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c
qstate->return_rcode = LDNS_RCODE_NOERROR; qstate->return_rcode = LDNS_RCODE_NOERROR;
qstate->return_msg = iq->response; qstate->return_msg = iq->response;
return 0; return 0;
Index: unbound-1.7.0~rc1/iterator/iterator.h
=================================================================== ===================================================================
RCS file: ./iterator/RCS/iterator.h,v --- unbound-1.7.0~rc1.orig/iterator/iterator.h
retrieving revision 1.1 +++ unbound-1.7.0~rc1/iterator/iterator.h
diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.h @@ -383,6 +383,16 @@ struct iter_qstate {
--- ./iterator/iterator.h
+++ ./iterator/iterator.h
@@ -381,6 +381,16 @@
*/ */
int minimise_count; int minimise_count;
@ -3129,14 +3110,12 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.h
/** /**
* Count number of time-outs. Used to prevent resolving failures when * Count number of time-outs. Used to prevent resolving failures when
* the QNAME minimisation QTYPE is blocked. */ * the QNAME minimisation QTYPE is blocked. */
Index: unbound-1.7.0~rc1/services/cache/dns.c
=================================================================== ===================================================================
RCS file: ./services/cache/RCS/dns.c,v --- unbound-1.7.0~rc1.orig/services/cache/dns.c
retrieving revision 1.1 +++ unbound-1.7.0~rc1/services/cache/dns.c
diff -u --unidirectional-new-file -r1.1 ./services/cache/dns.c @@ -876,6 +876,14 @@ dns_cache_store(struct module_env* env,
--- ./services/cache/dns.c struct regional* region, uint32_t flags)
+++ ./services/cache/dns.c
@@ -838,6 +838,14 @@
struct regional* region, uint16_t flags)
{ {
struct reply_info* rep = NULL; struct reply_info* rep = NULL;
+ +
@ -3150,12 +3129,10 @@ diff -u --unidirectional-new-file -r1.1 ./services/cache/dns.c
/* alloc, malloc properly (not in region, like msg is) */ /* alloc, malloc properly (not in region, like msg is) */
rep = reply_info_copy(msgrep, env->alloc, NULL); rep = reply_info_copy(msgrep, env->alloc, NULL);
if(!rep) if(!rep)
Index: unbound-1.7.0~rc1/services/mesh.c
=================================================================== ===================================================================
RCS file: ./services/RCS/mesh.c,v --- unbound-1.7.0~rc1.orig/services/mesh.c
retrieving revision 1.1 +++ unbound-1.7.0~rc1/services/mesh.c
diff -u --unidirectional-new-file -r1.1 ./services/mesh.c
--- ./services/mesh.c
+++ ./services/mesh.c
@@ -59,6 +59,9 @@ @@ -59,6 +59,9 @@
#include "sldns/wire2str.h" #include "sldns/wire2str.h"
#include "services/localzone.h" #include "services/localzone.h"
@ -3166,7 +3143,7 @@ diff -u --unidirectional-new-file -r1.1 ./services/mesh.c
#include "respip/respip.h" #include "respip/respip.h"
/** subtract timers and the values do not overflow or become negative */ /** subtract timers and the values do not overflow or become negative */
@@ -1011,6 +1014,13 @@ @@ -1050,6 +1053,13 @@ mesh_send_reply(struct mesh_state* m, in
else secure = 0; else secure = 0;
if(!rep && rcode == LDNS_RCODE_NOERROR) if(!rep && rcode == LDNS_RCODE_NOERROR)
rcode = LDNS_RCODE_SERVFAIL; rcode = LDNS_RCODE_SERVFAIL;
@ -3180,7 +3157,7 @@ diff -u --unidirectional-new-file -r1.1 ./services/mesh.c
/* send the reply */ /* send the reply */
/* We don't reuse the encoded answer if either the previous or current /* We don't reuse the encoded answer if either the previous or current
* response has a local alias. We could compare the alias records * response has a local alias. We could compare the alias records
@@ -1160,6 +1170,7 @@ @@ -1199,6 +1209,7 @@ struct mesh_state* mesh_area_find(struct
key.s.is_valrec = valrec; key.s.is_valrec = valrec;
key.s.qinfo = *qinfo; key.s.qinfo = *qinfo;
key.s.query_flags = qflags; key.s.query_flags = qflags;
@ -3188,7 +3165,7 @@ diff -u --unidirectional-new-file -r1.1 ./services/mesh.c
/* We are searching for a similar mesh state when we DO want to /* We are searching for a similar mesh state when we DO want to
* aggregate the state. Thus unique is set to NULL. (default when we * aggregate the state. Thus unique is set to NULL. (default when we
* desire aggregation).*/ * desire aggregation).*/
@@ -1206,6 +1217,10 @@ @@ -1245,6 +1256,10 @@ int mesh_state_add_reply(struct mesh_sta
if(!r) if(!r)
return 0; return 0;
r->query_reply = *rep; r->query_reply = *rep;
@ -3199,13 +3176,11 @@ diff -u --unidirectional-new-file -r1.1 ./services/mesh.c
r->edns = *edns; r->edns = *edns;
if(edns->opt_list) { if(edns->opt_list) {
r->edns.opt_list = edns_opt_copy_region(edns->opt_list, r->edns.opt_list = edns_opt_copy_region(edns->opt_list,
Index: unbound-1.7.0~rc1/util/config_file.c
=================================================================== ===================================================================
RCS file: ./util/RCS/config_file.c,v --- unbound-1.7.0~rc1.orig/util/config_file.c
retrieving revision 1.1 +++ unbound-1.7.0~rc1/util/config_file.c
diff -u --unidirectional-new-file -r1.1 ./util/config_file.c @@ -1323,6 +1323,8 @@ config_delete(struct config_file* cfg)
--- ./util/config_file.c
+++ ./util/config_file.c
@@ -1167,6 +1167,8 @@
free(cfg->dnstap_socket_path); free(cfg->dnstap_socket_path);
free(cfg->dnstap_identity); free(cfg->dnstap_identity);
free(cfg->dnstap_version); free(cfg->dnstap_version);
@ -3213,14 +3188,12 @@ diff -u --unidirectional-new-file -r1.1 ./util/config_file.c
+ free(cfg->rpz_cstr); + free(cfg->rpz_cstr);
config_deldblstrlist(cfg->ratelimit_for_domain); config_deldblstrlist(cfg->ratelimit_for_domain);
config_deldblstrlist(cfg->ratelimit_below_domain); config_deldblstrlist(cfg->ratelimit_below_domain);
free(cfg); #ifdef USE_IPSECMOD
Index: unbound-1.7.0~rc1/util/config_file.h
=================================================================== ===================================================================
RCS file: ./util/RCS/config_file.h,v --- unbound-1.7.0~rc1.orig/util/config_file.h
retrieving revision 1.1 +++ unbound-1.7.0~rc1/util/config_file.h
diff -u --unidirectional-new-file -r1.1 ./util/config_file.h @@ -431,6 +431,11 @@ struct config_file {
--- ./util/config_file.h
+++ ./util/config_file.h
@@ -416,6 +416,11 @@
/** true to disable DNSSEC lameness check in iterator */ /** true to disable DNSSEC lameness check in iterator */
int disable_dnssec_lame_check; int disable_dnssec_lame_check;
@ -3232,13 +3205,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/config_file.h
/** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */
int ip_ratelimit; int ip_ratelimit;
/** number of slabs for ip_ratelimit cache */ /** number of slabs for ip_ratelimit cache */
Index: unbound-1.7.0~rc1/util/configlexer.lex
=================================================================== ===================================================================
RCS file: ./util/RCS/configlexer.lex,v --- unbound-1.7.0~rc1.orig/util/configlexer.lex
retrieving revision 1.1 +++ unbound-1.7.0~rc1/util/configlexer.lex
diff -u --unidirectional-new-file -r1.1 ./util/configlexer.lex @@ -412,6 +412,10 @@ dnstap-log-forwarder-query-messages{COLO
--- ./util/configlexer.lex
+++ ./util/configlexer.lex
@@ -395,6 +395,10 @@
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) }
dnstap-log-forwarder-response-messages{COLON} { dnstap-log-forwarder-response-messages{COLON} {
YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) }
@ -3249,13 +3220,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/configlexer.lex
disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) }
ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) }
ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) }
Index: unbound-1.7.0~rc1/util/configparser.y
=================================================================== ===================================================================
RCS file: ./util/RCS/configparser.y,v --- unbound-1.7.0~rc1.orig/util/configparser.y
retrieving revision 1.1 +++ unbound-1.7.0~rc1/util/configparser.y
diff -u --unidirectional-new-file -r1.1 ./util/configparser.y @@ -124,6 +124,7 @@ extern struct config_parser_state* cfg_p
--- ./util/configparser.y
+++ ./util/configparser.y
@@ -124,6 +124,7 @@
%token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES
%token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES
%token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES
@ -3263,7 +3232,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/configparser.y
%token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA
%token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT
%token VAR_DISABLE_DNSSEC_LAME_CHECK %token VAR_DISABLE_DNSSEC_LAME_CHECK
@@ -158,7 +159,7 @@ @@ -158,7 +159,7 @@ extern struct config_parser_state* cfg_p
%% %%
toplevelvars: /* empty */ | toplevelvars toplevelvar ; toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@ -3272,7 +3241,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/configparser.y
forwardstart contents_forward | pythonstart contents_py | forwardstart contents_forward | pythonstart contents_py |
rcstart contents_rc | dtstart contents_dt | viewstart contents_view | rcstart contents_rc | dtstart contents_dt | viewstart contents_view |
dnscstart contents_dnsc | cachedbstart contents_cachedb | dnscstart contents_dnsc | cachedbstart contents_cachedb |
@@ -2160,6 +2161,50 @@ @@ -2384,6 +2385,50 @@ dt_dnstap_log_forwarder_response_message
(strcmp($2, "yes")==0); (strcmp($2, "yes")==0);
} }
; ;
@ -3323,13 +3292,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/configparser.y
pythonstart: VAR_PYTHON pythonstart: VAR_PYTHON
{ {
OUTYY(("\nP(python:)\n")); OUTYY(("\nP(python:)\n"));
Index: unbound-1.7.0~rc1/util/data/msgencode.c
=================================================================== ===================================================================
RCS file: ./util/data/RCS/msgencode.c,v --- unbound-1.7.0~rc1.orig/util/data/msgencode.c
retrieving revision 1.1 +++ unbound-1.7.0~rc1/util/data/msgencode.c
diff -u --unidirectional-new-file -r1.1 ./util/data/msgencode.c @@ -585,6 +585,35 @@ insert_section(struct reply_info* rep, s
--- ./util/data/msgencode.c
+++ ./util/data/msgencode.c
@@ -585,6 +585,35 @@
return RETVAL_OK; return RETVAL_OK;
} }
@ -3365,7 +3332,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/data/msgencode.c
/** store query section in wireformat buffer, return RETVAL */ /** store query section in wireformat buffer, return RETVAL */
static int static int
insert_query(struct query_info* qinfo, struct compress_tree_node** tree, insert_query(struct query_info* qinfo, struct compress_tree_node** tree,
@@ -748,6 +777,19 @@ @@ -750,6 +779,19 @@ reply_info_encode(struct query_info* qin
return 0; return 0;
} }
sldns_buffer_write_u16_at(buffer, 10, arcount); sldns_buffer_write_u16_at(buffer, 10, arcount);
@ -3385,13 +3352,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/data/msgencode.c
} }
sldns_buffer_flip(buffer); sldns_buffer_flip(buffer);
return 1; return 1;
Index: unbound-1.7.0~rc1/util/data/packed_rrset.c
=================================================================== ===================================================================
RCS file: ./util/data/RCS/packed_rrset.c,v --- unbound-1.7.0~rc1.orig/util/data/packed_rrset.c
retrieving revision 1.1 +++ unbound-1.7.0~rc1/util/data/packed_rrset.c
diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.c @@ -254,6 +254,10 @@ sec_status_to_string(enum sec_status s)
--- ./util/data/packed_rrset.c
+++ ./util/data/packed_rrset.c
@@ -254,6 +254,10 @@
case sec_status_indeterminate: return "sec_status_indeterminate"; case sec_status_indeterminate: return "sec_status_indeterminate";
case sec_status_insecure: return "sec_status_insecure"; case sec_status_insecure: return "sec_status_insecure";
case sec_status_secure: return "sec_status_secure"; case sec_status_secure: return "sec_status_secure";
@ -3402,13 +3367,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.c
} }
return "unknown_sec_status_value"; return "unknown_sec_status_value";
} }
Index: unbound-1.7.0~rc1/util/data/packed_rrset.h
=================================================================== ===================================================================
RCS file: ./util/data/RCS/packed_rrset.h,v --- unbound-1.7.0~rc1.orig/util/data/packed_rrset.h
retrieving revision 1.1 +++ unbound-1.7.0~rc1/util/data/packed_rrset.h
diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.h @@ -189,7 +189,15 @@ enum sec_status {
--- ./util/data/packed_rrset.h
+++ ./util/data/packed_rrset.h
@@ -189,7 +189,15 @@
sec_status_insecure, sec_status_insecure,
/** SECURE means that the object (RRset or message) validated /** SECURE means that the object (RRset or message) validated
* according to local policy. */ * according to local policy. */
@ -3425,12 +3388,10 @@ diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.h
}; };
/** /**
Index: unbound-1.7.0~rc1/util/netevent.c
=================================================================== ===================================================================
RCS file: ./util/RCS/netevent.c,v --- unbound-1.7.0~rc1.orig/util/netevent.c
retrieving revision 1.1 +++ unbound-1.7.0~rc1/util/netevent.c
diff -u --unidirectional-new-file -r1.1 ./util/netevent.c
--- ./util/netevent.c
+++ ./util/netevent.c
@@ -54,6 +54,9 @@ @@ -54,6 +54,9 @@
#ifdef HAVE_OPENSSL_ERR_H #ifdef HAVE_OPENSSL_ERR_H
#include <openssl/err.h> #include <openssl/err.h>
@ -3441,7 +3402,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c
/* -------- Start of local definitions -------- */ /* -------- Start of local definitions -------- */
/** if CMSG_ALIGN is not defined on this platform, a workaround */ /** if CMSG_ALIGN is not defined on this platform, a workaround */
@@ -579,6 +582,9 @@ @@ -585,6 +588,9 @@ comm_point_udp_ancil_callback(int fd, sh
struct cmsghdr* cmsg; struct cmsghdr* cmsg;
#endif /* S_SPLINT_S */ #endif /* S_SPLINT_S */
@ -3451,9 +3412,9 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c
rep.c = (struct comm_point*)arg; rep.c = (struct comm_point*)arg;
log_assert(rep.c->type == comm_udp); log_assert(rep.c->type == comm_udp);
@@ -668,6 +674,9 @@ @@ -674,6 +680,9 @@ comm_point_udp_callback(int fd, short ev
int i; int i;
struct sldns_buffer *buffer; struct sldns_buffer *buffer;
+#ifdef ENABLE_FASTRPZ +#ifdef ENABLE_FASTRPZ
+ rep.rpz = NULL; + rep.rpz = NULL;
@ -3461,7 +3422,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c
rep.c = (struct comm_point*)arg; rep.c = (struct comm_point*)arg;
log_assert(rep.c->type == comm_udp); log_assert(rep.c->type == comm_udp);
@@ -711,6 +720,9 @@ @@ -717,6 +726,9 @@ comm_point_udp_callback(int fd, short ev
(void)comm_point_send_udp_msg(rep.c, buffer, (void)comm_point_send_udp_msg(rep.c, buffer,
(struct sockaddr*)&rep.addr, rep.addrlen); (struct sockaddr*)&rep.addr, rep.addrlen);
} }
@ -3471,7 +3432,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c
if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for
another UDP port. Note rep.c cannot be reused with TCP fd. */ another UDP port. Note rep.c cannot be reused with TCP fd. */
break; break;
@@ -2145,6 +2157,9 @@ @@ -2956,6 +2968,9 @@ comm_point_send_reply(struct comm_reply
comm_point_start_listening(repinfo->c, -1, comm_point_start_listening(repinfo->c, -1,
repinfo->c->tcp_timeout_msec); repinfo->c->tcp_timeout_msec);
} }
@ -3481,7 +3442,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c
} }
void void
@@ -2154,6 +2169,9 @@ @@ -2965,6 +2980,9 @@ comm_point_drop_reply(struct comm_reply*
return; return;
log_assert(repinfo && repinfo->c); log_assert(repinfo && repinfo->c);
log_assert(repinfo->c->type != comm_tcp_accept); log_assert(repinfo->c->type != comm_tcp_accept);
@ -3491,7 +3452,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c
if(repinfo->c->type == comm_udp) if(repinfo->c->type == comm_udp)
return; return;
reclaim_tcp_handler(repinfo->c); reclaim_tcp_handler(repinfo->c);
@@ -2173,6 +2191,9 @@ @@ -2984,6 +3002,9 @@ comm_point_start_listening(struct comm_p
{ {
verbose(VERB_ALGO, "comm point start listening %d", verbose(VERB_ALGO, "comm point start listening %d",
c->fd==-1?newfd:c->fd); c->fd==-1?newfd:c->fd);
@ -3501,13 +3462,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c
if(c->type == comm_tcp_accept && !c->tcp_free) { if(c->type == comm_tcp_accept && !c->tcp_free) {
/* no use to start listening no free slots. */ /* no use to start listening no free slots. */
return; return;
Index: unbound-1.7.0~rc1/util/netevent.h
=================================================================== ===================================================================
RCS file: ./util/RCS/netevent.h,v --- unbound-1.7.0~rc1.orig/util/netevent.h
retrieving revision 1.1 +++ unbound-1.7.0~rc1/util/netevent.h
diff -u --unidirectional-new-file -r1.1 ./util/netevent.h @@ -119,6 +119,10 @@ struct comm_reply {
--- ./util/netevent.h
+++ ./util/netevent.h
@@ -117,6 +117,10 @@
/** return type 0 (none), 4(IP4), 6(IP6) */ /** return type 0 (none), 4(IP4), 6(IP6) */
int srctype; int srctype;
/* DnsCrypt context */ /* DnsCrypt context */
@ -3518,13 +3477,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.h
#ifdef USE_DNSCRYPT #ifdef USE_DNSCRYPT
uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; uint8_t client_nonce[crypto_box_HALF_NONCEBYTES];
uint8_t nmkey[crypto_box_BEFORENMBYTES]; uint8_t nmkey[crypto_box_BEFORENMBYTES];
Index: unbound-1.7.0~rc1/validator/validator.c
=================================================================== ===================================================================
RCS file: ./validator/RCS/validator.c,v --- unbound-1.7.0~rc1.orig/validator/validator.c
retrieving revision 1.1 +++ unbound-1.7.0~rc1/validator/validator.c
diff -u --unidirectional-new-file -r1.1 ./validator/validator.c @@ -2688,6 +2688,12 @@ ds_response_to_ke(struct module_qstate*
--- ./validator/validator.c
+++ ./validator/validator.c
@@ -2552,6 +2552,12 @@
default: default:
/* NSEC proof did not work, try next */ /* NSEC proof did not work, try next */
break; break;
@ -3537,7 +3494,7 @@ diff -u --unidirectional-new-file -r1.1 ./validator/validator.c
} }
sec = nsec3_prove_nods(qstate->env, ve, sec = nsec3_prove_nods(qstate->env, ve,
@@ -2584,6 +2590,12 @@ @@ -2721,6 +2727,12 @@ ds_response_to_ke(struct module_qstate*
default: default:
/* NSEC3 proof did not work */ /* NSEC3 proof did not work */
break; break;
@ -3550,3 +3507,4 @@ diff -u --unidirectional-new-file -r1.1 ./validator/validator.c
} }
/* Apparently, no available NSEC/NSEC3 proved NODATA, so /* Apparently, no available NSEC/NSEC3 proved NODATA, so

4
doc/Changelog
View file

@ -1,3 +1,7 @@
7 March 2018: Wouter
- Fixed contrib/fastrpz.patch, even though this already applied
cleanly for me, now also for others.
6 March 2018: Wouter 6 March 2018: Wouter
- Reverted fix for #3512, this may not be the best way forward; - Reverted fix for #3512, this may not be the best way forward;
although it could be changed at a later time, to stay similar to although it could be changed at a later time, to stay similar to