upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-13 15:54:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
5309 commits 26 branches 209 tags 136 MiB
Commit graph

5309 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ralph Dolmans
810862dc65 - Stop working on socket when socket() call returns an error. 
- Check malloc return values in TLS session ticket code
 2020-01-30 19:15:58 +01:00
W.C.A. Wijngaards
a4244e79ca - Add getentropy_freebsd.o to Makefile dependencies. 2020-01-30 16:15:51 +01:00
W.C.A. Wijngaards
833021d84d - Add build rule for ipset to Makefile 2020-01-30 16:12:39 +01:00
Ralph Dolmans
2c459443da - Add changelog entry for RPZ merge 2020-01-30 16:04:27 +01:00
Ralph Dolmans
1646b26369 Merge branch 'rpz' 2020-01-30 15:59:01 +01:00
Ralph Dolmans
056176ec9a Merge branch 'master' into rpz 2020-01-30 15:57:34 +01:00
Ralph Dolmans
d69ba6f39f - Add changelog entry for memory leak fix 2020-01-30 15:47:49 +01:00
Ralph Dolmans
882741bf55 - Fix memory leak in do_auth_zone_transfer on success 2020-01-30 15:45:54 +01:00
Ralph Dolmans
5dc6798e75 Merge branch 'master' of github.com:NLnetLabs/unbound 2020-01-30 14:58:25 +01:00
Ralph Dolmans
4f5b934688 - Fix small memory leak in error condition remote.c 
- Fix double free in error condition view.c
 2020-01-30 14:56:48 +01:00
Ralph Dolmans
b9c9fc066f - Fix RPZ locking issues on error conditions 2020-01-30 14:46:39 +01:00
Ralph Dolmans
833c4b1300 - Revert addition of cscope.out to project .gitignore, should be in 
global ignore list
 2020-01-30 14:25:45 +01:00
W.C.A. Wijngaards
a5f133ef2f - updated .gitignore for added contrib file. 2020-01-30 14:20:08 +01:00
W.C.A. Wijngaards
de5c0d4228 Changelog note for PR#151. 
- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
  and Frzk.  Updates the unbound.service systemd file and adds
  a portable systemd service file.
 2020-01-30 14:11:41 +01:00
Wouter Wijngaards
e4e00db42e
Merge pull request #151 from Maryse47/systemd_fix 
Fixes for systemd units
 2020-01-30 14:09:29 +01:00
Ralph Dolmans
3609287344 - Fix RPZ stats RPZ_NO_OVERRIDE_ACTION check 2020-01-30 14:05:56 +01:00
W.C.A. Wijngaards
20a2574da1 - Update contrib/fastrpz.patch for clean diff with current code. 2020-01-30 13:05:35 +01:00
W.C.A. Wijngaards
bf13191b87 - Fix subnet tests for disabled DSA algorithm by default. 2020-01-30 09:08:19 +01:00
Ralph Dolmans
5fcae2f0e0 - Fix misplaced parentheses from PR#156 2020-01-29 16:32:03 +01:00
Ralph Dolmans
4326b10169 - Add PR#156 merge to changelog (Added unbound-control view_local_datas_remove 
command)
 2020-01-29 15:46:05 +01:00
Ralph Dolmans
d82de651c6
Merge pull request #156 from n3bul4/master 
Added unbound-control view_local_datas_remove command
 2020-01-29 15:44:39 +01:00
Alexander Berkes
61c2333174 Added view_local_datas_remove description to documentation 2020-01-29 15:32:55 +01:00
Ralph Dolmans
88a706acf8 - Add extra dnamelen checks to ipdnametoaddr and netblockdnametoaddr 2020-01-29 15:16:44 +01:00
Ralph Dolmans
7da16febc4 - Use consistent dname buffer sizes for RPZ 2020-01-29 12:07:13 +01:00
W.C.A. Wijngaards
079de39b46 - Fix #157: undefined reference to `htobe64'. 2020-01-29 11:56:29 +01:00
Ralph Dolmans
1d9185229e - Make dname_has_label's dnamelen check work with 0 length 2020-01-29 11:30:22 +01:00
Ralph Dolmans
ef120738c0 - Fix RPZ's get_tld_label maxdnamelen check 2020-01-29 10:57:29 +01:00
Alexander Berkes
396d4223d9 Added unbound-control view_local_datas_remove command 2020-01-29 02:28:00 +01:00
Maryse47
9aa4b5a7a6 unbound.service.in: don't write pidfile at start 
Pidfiles aren't needed while running unbound through systemd.
The PID of the unbound daemon can still be obtained with:
'systemctl show --property MainPID --value unbound'.

While disabling pidfiles we can also drop CAP_CHOWN and writable
/run directory.
 2020-01-28 19:03:18 +01:00
Maryse47
939cf38576 unbound.service.in: drop CAP_IPC_LOCK 
CAP_IPC_LOCK controls whether a process can lock pages into physical
memory (for instance to prevent passwords or private keys from
being swapped to disk), e.g. mmap() with the MAP_LOCKED flag or
shmctl() with the SHM_LOCK command, neither of which seem to be
used by unbound.
 2020-01-28 18:42:41 +01:00
Ralph Dolmans
9df07b4036 - Address review feedback 2020-01-28 18:35:04 +01:00
W.C.A. Wijngaards
6c0a863584 - Fix to silence the tls handshake errors for broken pipe and reset 
by peer, unless verbosity is set to 2 or higher.
 2020-01-28 14:32:06 +01:00
Ralph Dolmans
a930b94658 - Add PR#147 merge to changelog 2020-01-28 13:41:26 +01:00
Ralph Dolmans
13a7783d7b
Merge pull request #147 from mnach/minor-rfc-comment 
minor #1344 change rfc reference for reserved top level dns names
 2020-01-28 13:39:18 +01:00
W.C.A. Wijngaards
f6287fc718 - iana portlist updated. 2020-01-28 12:25:37 +01:00
Maryse47
c0789a8785 unbound.service.in: allow CAP_CHOWN 
CAP_CHOWN is needed for changing onwership of pidfile before
dropping privileges and truncate pidfile on exit.
 2020-01-27 18:31:10 +01:00
Mikhail Nacharov
c3fac2550f
minor #1344 change rfc reference for reserved top level dns names 2020-01-27 22:04:09 +05:00
Ralph Dolmans
0feee99055 - Add changelog entry for PR#148. 2020-01-27 16:06:06 +01:00
Ralph Dolmans
1d0fc2d179
Merge pull request #148 from pettai/morestats 
Add some TLS stats to unbound_munin_
 2020-01-27 16:04:00 +01:00
Ralph Dolmans
41621fb1df - Add changelog entry for RP#154 
- autoconf after PR#154
 2020-01-27 15:50:12 +01:00
Ralph Dolmans
6b3df091fe
Merge pull request #154 from edmonds/edmonds/libbsd-support 
Allow use of libbsd functions with configure option --with-libbsd
 2020-01-27 15:44:32 +01:00
Ralph Dolmans
7e200ce90e
Merge branch 'master' into edmonds/libbsd-support 2020-01-27 15:37:33 +01:00
Maryse47
cfce0a5e60 unbound.service.in: add StateDirectory 
State directory will be created under /var/lib/unbound and will be
useful for writing various files managed at runtime like trust
anchors updates there instead of in ConfigureDirectory which could
be made read-only next. For this chroot needs to be disabled.
 2020-01-27 13:46:31 +01:00
Maryse47
72bfa5a48c Move unbound_nochroot.service to unbound_portable.service 
The real purpose of this service is to make it work with
https://systemd.io/PORTABLE_SERVICES/ which are incompatible with
chroot workarounds from original unbound.service.

The service content is identical to unbound.service with exception
for chroot related rules which were modified as needed.
 2020-01-27 13:44:47 +01:00
Maryse47
1464bedce2 unbound.service.in: add RuntimeDirectory and ConfigurationDirectory 
Adding 'RuntimeDirectory' is needed when pidfile path is set to
subdirectory under /run.

Adding ConfigurationDirectory may help in some non-standard setups.

Also add more descriptions about used rules to avoid user confusion
about they meaning and purpose.
 2020-01-27 13:44:46 +01:00
W.C.A. Wijngaards
68ff1730ac - Fix #153: Disable validation for DSA algorithms. RFC 8624 
compliance.
 2020-01-27 09:40:18 +01:00
W.C.A. Wijngaards
82a6a2f8cc Changelog note for PR#155. 
- Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes
  to Libs/Requires for crypto library dependencies.
 2020-01-27 09:31:07 +01:00
W.C.A. Wijngaards
0ae684830a Merge branch 'master' of github.com:NLnetLabs/unbound 2020-01-27 09:29:18 +01:00
Wouter Wijngaards
ec9e4eb406
Merge pull request #155 from edmonds/edmonds/pkg-config/libs-fixes 
contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies
 2020-01-27 09:28:53 +01:00
Robert Edmonds
394f9403df contrib/libunbound.pc.in: Embed the correct crypto dependencies 
This commit removes the hardcoded dependency in the libunbound
pkg-config .pc file on the libcrypto and libssl modules and instead
populates the .pc file based on which crypto library was selected at
configure time.

Note that the .pc file specifies pkg-config module names for the
"Requires" line and this can vary from the library filename (e.g. "nss"
is the pkg-config module name vs. "nss3" being the library name).
 2020-01-26 22:30:31 -05:00