upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-08 15:52:53 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
5217 commits 23 branches 209 tags 126 MiB
Commit graph

5217 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ralph Dolmans
1d0fc2d179
Merge pull request #148 from pettai/morestats 
Add some TLS stats to unbound_munin_
 2020-01-27 16:04:00 +01:00
Ralph Dolmans
41621fb1df - Add changelog entry for RP#154 
- autoconf after PR#154
 2020-01-27 15:50:12 +01:00
Ralph Dolmans
6b3df091fe
Merge pull request #154 from edmonds/edmonds/libbsd-support 
Allow use of libbsd functions with configure option --with-libbsd
 2020-01-27 15:44:32 +01:00
Ralph Dolmans
7e200ce90e
Merge branch 'master' into edmonds/libbsd-support 2020-01-27 15:37:33 +01:00
W.C.A. Wijngaards
68ff1730ac - Fix #153: Disable validation for DSA algorithms. RFC 8624 
compliance.
 2020-01-27 09:40:18 +01:00
W.C.A. Wijngaards
82a6a2f8cc Changelog note for PR#155. 
- Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes
  to Libs/Requires for crypto library dependencies.
 2020-01-27 09:31:07 +01:00
W.C.A. Wijngaards
0ae684830a Merge branch 'master' of github.com:NLnetLabs/unbound 2020-01-27 09:29:18 +01:00
Wouter Wijngaards
ec9e4eb406
Merge pull request #155 from edmonds/edmonds/pkg-config/libs-fixes 
contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies
 2020-01-27 09:28:53 +01:00
Robert Edmonds
394f9403df contrib/libunbound.pc.in: Embed the correct crypto dependencies 
This commit removes the hardcoded dependency in the libunbound
pkg-config .pc file on the libcrypto and libssl modules and instead
populates the .pc file based on which crypto library was selected at
configure time.

Note that the .pc file specifies pkg-config module names for the
"Requires" line and this can vary from the library filename (e.g. "nss"
is the pkg-config module name vs. "nss3" being the library name).
 2020-01-26 22:30:31 -05:00
Robert Edmonds
36b5d74fc4 contrib/libunbound.pc.in: Only specify -lunbound for Libs 
According to the pkg-config manpage, the "Libs" line in a .pc file
should give the link flags "specific to your package", and specifically
says not to include link flags for dependencies:

    Libs:  This line should give the link flags specific to your
           package.  Don't add any flags for required packages;
           pkg-config will add those automatically.
 2020-01-26 22:06:58 -05:00
Steven Chamberlain
f6b4f2a149 Allow use of libbsd functions with configure option --with-libbsd 
Add a new configure option `--with-libbsd', which allows to use libbsd's
portable implementations of:

    strlcpy strlcat arc4random arc4random_uniform reallocarray

instead of the embedded code copies in contrib/, which will be
difficult to maintain in the long term.

Also patch util/random.c so that, when building with libbsd and without
OpenSSL, arc4random can still be used as the PRNG.  Otherwise, building
with libnettle would need a kernel-specific getentropy implementation,
and libbsd does not export one.

[edmonds@debian.org: Imported patch description from BTS, refreshed
patch against Unbound 1.9.6.]
 2020-01-26 19:09:43 -05:00
W.C.A. Wijngaards
61456ff81d Changelog and contrib/README note for PR#150. 
- Merge PR#150 from Frzk: Systemd unit without chroot.  It add
  contrib/unbound_nochroot.service.in, a systemd file for use with
  chroot: "", see comments in the file, it uses systemd protections
  instead.
 2020-01-23 16:16:52 +01:00
Wouter Wijngaards
ff92edcd41
Merge pull request #150 from Frzk/systemd_unit_without_chroot 
Systemd unit without chroot
 2020-01-23 16:14:17 +01:00
François KUBLER
c3f6f0a332 Patch configure.ac file to take the new contrib/unbound_nochroot.service unit file in consideration. 
All props to Wouter Wijngaards for this work.
 2020-01-23 15:51:07 +01:00
François KUBLER
016f742f16 Added a new unit file to run unbound with systemd and without chroot. 
See https://github.com/NLnetLabs/unbound/pull/149
 2020-01-23 15:46:53 +01:00
frpet
05cb07093d Update unbound_munin_ 
Add TLS (DoT) counters
 2020-01-23 08:23:16 +01:00
W.C.A. Wijngaards
1e0c957dcd - Fix auth zone support for NSEC3 records without salt. 2020-01-14 16:03:29 +01:00
W.C.A. Wijngaards
ea26e5038e - Fix for memory leak when edns subnet config options are read when 
compiled without edns subnet support.
 2020-01-14 15:48:27 +01:00
W.C.A. Wijngaards
2c4be0c201 - Fix crash after reload where a stats lookup could reference old key 
cache and neg cache structures.
 2020-01-14 15:18:52 +01:00
W.C.A. Wijngaards
9b3f3101e3 - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, 
because dnscrypt-proxy (2.0.36) does not support the test setup
  any more, and also the config file format does not seem to have
  the appropriate keys to recreate that setup.
 2020-01-14 14:40:44 +01:00
W.C.A. Wijngaards
e149bc7046 - Fix unreachable code in ssl set options code. 2020-01-10 11:28:01 +01:00
W.C.A. Wijngaards
a8db52120b - Fix the relationship between serve-expired and prefetch options, 
patch from Saksham Manchanda from Secure64.
 2020-01-10 10:04:50 +01:00
Ralph Dolmans
92a525225b - Add changelog entry for fix #138 (stop binding pidfile inside chroot dir in 
systemd service file).
 2020-01-08 16:36:18 +01:00
Ralph Dolmans
1e8d20de0d
Merge pull request #142 from Maryse47/patch-1 
unbound.service.in: stop binding pidfile inside chroot dir
 2020-01-08 16:23:23 +01:00
Maryse47
89d98564c3
unbound.service.in: stop binding pidfile inside chroot dir 
Apparently pidfile isn't used inside chroot and binding it may cause some weird failures with older systemd.

Fixes https://github.com/NLnetLabs/unbound/issues/138
 2020-01-08 15:21:22 +00:00
W.C.A. Wijngaards
c4e199ecca - And update for more spare space. 2020-01-08 12:58:07 +01:00
W.C.A. Wijngaards
5ae1544583 - Updated sldns_bget_token_par fix for also space for the zero 
delimiter after the character.
 2020-01-08 11:55:42 +01:00
W.C.A. Wijngaards
05a5dc2d0d - Fix out-of-bounds null-byte write in sldns_bget_token_par while 
parsing type WKS, reported by Luis Merino from X41 D-Sec.
 2020-01-08 11:08:16 +01:00
W.C.A. Wijngaards
19473d95eb - Fix 'make test' to work for --disable-sha1 configure option. 2020-01-08 09:23:46 +01:00
George Thessalonikefs
8686b0abbf - Changes to compat/getentropy_solaris.c for, 
ifdef stdint.h inclusion for older systems.
  ifdef sha2.h inclusion for older systems.
 2020-01-07 15:19:15 +02:00
George Thessalonikefs
d68ece28c4 - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. 
The dl_iterate_phdr() function introduced in newer versions raises
  compilation errors on solaris 10.
 2020-01-07 15:06:14 +02:00
W.C.A. Wijngaards
453c84b237 - Fix #140: Document slave not downloading new zonefile upon update. 2020-01-06 16:36:44 +01:00
W.C.A. Wijngaards
20a3d3be5f (Changelog note for #135). 
- Merge #135 from Florian Obser: Use passed in neg and key cache
  if non-NULL.
 2020-01-06 16:18:46 +01:00
Wouter Wijngaards
d982dff464
Merge pull request #135 from fobser/pass-in-neg-key-cache 
Use passed in neg and key cache if non-NULL.
 2020-01-06 16:17:16 +01:00
Florian Obser
da6ac0c4ff Use passed in neg and key cache if non-NULL. 
With this the neg and key caches can be shared between multiple
libunbound contexts.

The msg and rrset caches already allowed this since context_finalize()
did not touch those if they are already available and have the correct
size.

Care must be taken to properly unhook the caches from the validator
environment before calling ub_ctx_delete() otherwise one risks double
free or use after free bugs.
 2019-12-19 13:20:34 +01:00
George Thessalonikefs
1d45b4a1e0 - Update mailing list URL. 2019-12-16 16:03:31 +01:00
W.C.A. Wijngaards
40787a06d8 Fixup 1.9.7 version commit in configure.ac. 2019-12-12 15:52:21 +01:00
Ralph Dolmans
90b42b56b6 - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by 
Florian Obser
 2019-12-12 13:05:09 +01:00
Ralph Dolmans
13a76ba0a6
Merge pull request #129 from fobser/serve-expired-ttl-typo 
Fix typo to let serve-expired-ttl work with ub_ctx_set_option().
 2019-12-12 12:59:28 +01:00
Ralph Dolmans
f1d5d5d682 Make master 1.9.7 in development. 2019-12-12 12:48:29 +01:00
Florian Obser
0a499ec2ee Fix typo to let serve-expired-ttl work with ub_ctx_set_option(). 2019-12-10 18:03:24 +01:00
W.C.A. Wijngaards
41d3e2027c - Fix to make auth zone IXFR to fallback to AXFR if a single 
response RR is received over TCP with the SOA in it.
 2019-12-10 13:09:50 +01:00
W.C.A. Wijngaards
e828d678ba - Fix Makefile.in for ipset module compile, from Adi Prasaja. 2019-12-06 11:31:34 +01:00
W.C.A. Wijngaards
f3c2d05728 - Fix ipsecmod compile. 2019-12-06 07:59:55 +01:00
W.C.A. Wijngaards
4b73b5f299 - tag for 1.9.6rc1. 2019-12-05 11:21:46 +01:00
W.C.A. Wijngaards
ff7d68ca53 - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 
replacements for unbound-fuzzme.c that gets created after applying
  the contrib/unbound-fuzzme.patch.  They are contributed by
  Eric Sesterhenn from X41 D-Sec.
 2019-12-05 09:10:49 +01:00
W.C.A. Wijngaards
3fb98a72d2 - Fix Make Test Fails when Configured With --enable-alloc-nonregional, 
reported by X41 D-Sec.
 2019-12-04 16:23:52 +01:00
W.C.A. Wijngaards
6e8b4a7796 - update contrib/fastrpz.patch to apply more cleanly. 2019-12-04 11:41:13 +01:00
W.C.A. Wijngaards
6f7eb3ea9f - Fix testbound for alloccheck runs, memory purify and lock checks. 2019-12-04 11:37:24 +01:00
W.C.A. Wijngaards
216747bb17 - Fix lock type for memory purify log lock deletion. 2019-12-04 09:44:31 +01:00