upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-01 03:09:28 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
5625 commits 25 branches 209 tags 133 MiB
Commit graph

3907 commits

Author SHA1 Message Date
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
W.C.A. Wijngaards
1e0c957dcd - Fix auth zone support for NSEC3 records without salt. 2020-01-14 16:03:29 +01:00
W.C.A. Wijngaards
ea26e5038e - Fix for memory leak when edns subnet config options are read when 
compiled without edns subnet support.
 2020-01-14 15:48:27 +01:00
W.C.A. Wijngaards
2c4be0c201 - Fix crash after reload where a stats lookup could reference old key 
cache and neg cache structures.
 2020-01-14 15:18:52 +01:00
W.C.A. Wijngaards
9b3f3101e3 - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, 
because dnscrypt-proxy (2.0.36) does not support the test setup
  any more, and also the config file format does not seem to have
  the appropriate keys to recreate that setup.
 2020-01-14 14:40:44 +01:00
W.C.A. Wijngaards
e149bc7046 - Fix unreachable code in ssl set options code. 2020-01-10 11:28:01 +01:00
W.C.A. Wijngaards
a8db52120b - Fix the relationship between serve-expired and prefetch options, 
patch from Saksham Manchanda from Secure64.
 2020-01-10 10:04:50 +01:00
Ralph Dolmans
92a525225b - Add changelog entry for fix #138 (stop binding pidfile inside chroot dir in 
systemd service file).
 2020-01-08 16:36:18 +01:00
W.C.A. Wijngaards
c4e199ecca - And update for more spare space. 2020-01-08 12:58:07 +01:00
W.C.A. Wijngaards
5ae1544583 - Updated sldns_bget_token_par fix for also space for the zero 
delimiter after the character.
 2020-01-08 11:55:42 +01:00
W.C.A. Wijngaards
05a5dc2d0d - Fix out-of-bounds null-byte write in sldns_bget_token_par while 
parsing type WKS, reported by Luis Merino from X41 D-Sec.
 2020-01-08 11:08:16 +01:00
W.C.A. Wijngaards
19473d95eb - Fix 'make test' to work for --disable-sha1 configure option. 2020-01-08 09:23:46 +01:00
George Thessalonikefs
8686b0abbf - Changes to compat/getentropy_solaris.c for, 
ifdef stdint.h inclusion for older systems.
  ifdef sha2.h inclusion for older systems.
 2020-01-07 15:19:15 +02:00
George Thessalonikefs
d68ece28c4 - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. 
The dl_iterate_phdr() function introduced in newer versions raises
  compilation errors on solaris 10.
 2020-01-07 15:06:14 +02:00
W.C.A. Wijngaards
453c84b237 - Fix #140: Document slave not downloading new zonefile upon update. 2020-01-06 16:36:44 +01:00
W.C.A. Wijngaards
20a3d3be5f (Changelog note for #135). 
- Merge #135 from Florian Obser: Use passed in neg and key cache
  if non-NULL.
 2020-01-06 16:18:46 +01:00
George Thessalonikefs
1d45b4a1e0 - Update mailing list URL. 2019-12-16 16:03:31 +01:00
Ralph Dolmans
90b42b56b6 - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by 
Florian Obser
 2019-12-12 13:05:09 +01:00
Ralph Dolmans
f1d5d5d682 Make master 1.9.7 in development. 2019-12-12 12:48:29 +01:00
W.C.A. Wijngaards
41d3e2027c - Fix to make auth zone IXFR to fallback to AXFR if a single 
response RR is received over TCP with the SOA in it.
 2019-12-10 13:09:50 +01:00
W.C.A. Wijngaards
e828d678ba - Fix Makefile.in for ipset module compile, from Adi Prasaja. 2019-12-06 11:31:34 +01:00
W.C.A. Wijngaards
f3c2d05728 - Fix ipsecmod compile. 2019-12-06 07:59:55 +01:00
W.C.A. Wijngaards
4b73b5f299 - tag for 1.9.6rc1. 2019-12-05 11:21:46 +01:00
W.C.A. Wijngaards
ff7d68ca53 - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 
replacements for unbound-fuzzme.c that gets created after applying
  the contrib/unbound-fuzzme.patch.  They are contributed by
  Eric Sesterhenn from X41 D-Sec.
 2019-12-05 09:10:49 +01:00
W.C.A. Wijngaards
3fb98a72d2 - Fix Make Test Fails when Configured With --enable-alloc-nonregional, 
reported by X41 D-Sec.
 2019-12-04 16:23:52 +01:00
W.C.A. Wijngaards
6e8b4a7796 - update contrib/fastrpz.patch to apply more cleanly. 2019-12-04 11:41:13 +01:00
W.C.A. Wijngaards
6f7eb3ea9f - Fix testbound for alloccheck runs, memory purify and lock checks. 2019-12-04 11:37:24 +01:00
W.C.A. Wijngaards
216747bb17 - Fix lock type for memory purify log lock deletion. 2019-12-04 09:44:31 +01:00
W.C.A. Wijngaards
8f79119826 - make depend 2019-12-03 17:28:51 +01:00
W.C.A. Wijngaards
4106308bd5 - Fix Hardcoded Constant, reported by X41 D-Sec. 2019-12-03 17:23:38 +01:00
W.C.A. Wijngaards
c4c1f9e5ef - Fix _vfixed not Used, removed from sbuffer code, 
reported by X41 D-Sec.
 2019-12-03 17:07:35 +01:00
W.C.A. Wijngaards
b6f0b1af86 - Fix compile error in dnscrypt. 2019-12-03 16:44:24 +01:00
W.C.A. Wijngaards
68027ab145 - Fix Client NONCE Generation used for Server NONCE, 
reported by X41 D-Sec.
 2019-12-03 16:42:14 +01:00
W.C.A. Wijngaards
4a7ebfabcf - Fix Bad Indentation, in dnscrypt.c, 
reported by X41 D-Sec.
 2019-12-03 16:34:53 +01:00
W.C.A. Wijngaards
9ce6119513 - Fix snprintf() supports the n-specifier, 
reported by X41 D-Sec.
 2019-12-03 16:29:18 +01:00
W.C.A. Wijngaards
534eac6ae5 Note what it did, lower to 256 max count. 2019-12-03 16:21:04 +01:00
W.C.A. Wijngaards
d3ff930b06 - Fix Hang in sldns_wire2str_pkt_scan(), 
reported by X41 D-Sec.
 2019-12-03 16:20:24 +01:00
W.C.A. Wijngaards
6c3a0b54ed - Fix Out of Bound Write Compressed Names in rdata_copy(), 
reported by X41 D-Sec.
 2019-12-03 16:18:47 +01:00
W.C.A. Wijngaards
2d444a5037 - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), 
reported by X41 D-Sec.
 2019-12-03 16:17:03 +01:00
W.C.A. Wijngaards
c99438c6a1 - Fix Out of Bounds Write in sldns_b64_pton(), 
fixed by check in sldns_str2wire_int16_data_buf(),
  reported by X41 D-Sec.
 2019-12-03 16:10:34 +01:00
W.C.A. Wijngaards
3f3cadd416 - Fix Out of Bounds Write in sldns_str2wire_str_buf(), 
reported by X41 D-Sec.
 2019-12-03 16:01:31 +01:00
W.C.A. Wijngaards
e183a66d60 - Fix OOB Read in sldns_wire2str_dname_scan(), 
reported by X41 D-Sec.
 2019-12-03 15:42:34 +01:00
W.C.A. Wijngaards
d2eb78e871 - Fix Assert Causing DoS in dname_pkt_copy(), 
reported by X41 D-Sec.
 2019-12-03 15:20:48 +01:00
W.C.A. Wijngaards
5a66aecef9 - Fix similar code in auth_zone synth cname to add the extra checks. 2019-12-03 15:11:22 +01:00
W.C.A. Wijngaards
f5e06689d1 - Fix Assert Causing DoS in synth_cname(), 
reported by X41 D-Sec.
 2019-12-03 15:10:36 +01:00
W.C.A. Wijngaards
5a00b31f86 - Fix text around serial arithmatic used for RRSIG times to refer 
to correct RFC number.
 2019-12-03 12:58:09 +01:00
W.C.A. Wijngaards
cdbf091c0d Changelog entry for merge of #124. 
- Merge pull request #124 from rmetrich: Changed log lock
  from 'quick' to 'basic' because this is an I/O lock.
 2019-12-03 10:03:44 +01:00
W.C.A. Wijngaards
aa64c58368 Changelog entry for #122. 
- Merge pull request #122 from he32: In tcp_callback_writer(),
  don't disable time-out when changing to read.
 2019-12-02 13:59:43 +01:00
W.C.A. Wijngaards
f82f971997 - Add make distclean that removes everything configure produced, 
and make maintainer-clean that removes bison and flex output.
 2019-11-22 15:10:02 +01:00
George Thessalonikefs
30b0fa1e8e Fix compiler warnings. 2019-11-22 14:30:56 +01:00
W.C.A. Wijngaards
1718a8e6b5 - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. 2019-11-22 14:23:00 +01:00
Ralph Dolmans
bbb737ca5a processing RPZ review feedback 2019-11-22 12:56:24 +08:00
W.C.A. Wijngaards
ebad5416d7 - Fix comments for doxygen in dns64. 2019-11-20 15:22:20 +01:00
W.C.A. Wijngaards
8833d44d01 - Fix python examples/calc.py for eval, reported by X41 D-Sec. 2019-11-20 15:07:09 +01:00
W.C.A. Wijngaards
da4d6ffee3 - Fix Bad Randomness in Seed, reported by X41 D-Sec. 2019-11-20 14:40:50 +01:00
W.C.A. Wijngaards
981fedea0e - Fix NULL Pointer Dereference via Control Port, 
reported by X41 D-Sec.
 2019-11-20 14:37:13 +01:00
W.C.A. Wijngaards
3a49e683ed - Fix Enum Name not Used, reported by X41 D-Sec. 2019-11-20 14:22:06 +01:00
W.C.A. Wijngaards
3907876eac - Fix Unrequired Checks, reported by X41 D-Sec. 2019-11-20 14:05:54 +01:00
W.C.A. Wijngaards
fcd9b34bb5 - Fix Useless memset() in validator, reported by X41 D-Sec. 2019-11-20 14:02:58 +01:00
W.C.A. Wijngaards
d63ec2dfcb - Fix Terminating Quotes not Written, reported by X41 D-Sec. 2019-11-20 14:01:01 +01:00
W.C.A. Wijngaards
6139943428 - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. 2019-11-20 13:51:10 +01:00
W.C.A. Wijngaards
a76e43341f - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. 2019-11-20 13:30:27 +01:00
W.C.A. Wijngaards
d63536289c - Changes to compat/getentropy files for, 
no link to openssl if using nettle, and hence config.h for
  HAVE_NETTLE variable.
  compat definition of MAP_ANON, for older systems.
  ifdef stdint.h inclusion for older systems.
  ifdef sha2.h inclusion for older systems.
 2019-11-20 13:28:49 +01:00
W.C.A. Wijngaards
d085a0039b - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD. 2019-11-20 13:12:36 +01:00
W.C.A. Wijngaards
3ebc480690 - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. 2019-11-20 13:11:05 +01:00
W.C.A. Wijngaards
20dd979d00 - Synchronize compat/getentropy_win.c with version 1.5 from 
OpenBSD, no changes but makes the file, comments, identical.
 2019-11-20 13:08:43 +01:00
W.C.A. Wijngaards
623dba975a - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. 2019-11-20 13:05:10 +01:00
W.C.A. Wijngaards
09707fc403 - Fix Integer Underflow in Regional Allocator, 
reported by X41 D-Sec.
 2019-11-20 13:00:56 +01:00
W.C.A. Wijngaards
2dcc7016ac - Fix Local Memory Leak in cachedb_init(), 
reported by X41 D-Sec.
 2019-11-20 12:56:39 +01:00
W.C.A. Wijngaards
f887552763 - Fix Config Injection in create_unbound_ad_servers.sh, 
reported by X41 D-Sec.
 2019-11-20 12:02:19 +01:00
W.C.A. Wijngaards
72d348de6a - Fix Out-of-Bounds Read in dname_valid(), 
reported by X41 D-Sec.
 2019-11-20 11:38:11 +01:00
W.C.A. Wijngaards
7646c96259 - Fix Randomness Error not Handled Properly, 
reported by X41 D-Sec.
 2019-11-20 11:35:07 +01:00
W.C.A. Wijngaards
d8809c672a - Fix Weak Entropy Used For Nettle, 
reported by X41 D-Sec.
 2019-11-20 11:28:53 +01:00
W.C.A. Wijngaards
7e3da817c3 - Adjust unbound-control to make stats_shm a read only operation. 2019-11-20 11:18:03 +01:00
W.C.A. Wijngaards
c54fe82886 - Fix Shared Memory World Writeable, 
reported by X41 D-Sec.
 2019-11-20 11:13:45 +01:00
W.C.A. Wijngaards
1fa40654d2 - Fix Race Condition in autr_tp_create(), 
reported by X41 D-Sec.
 2019-11-20 11:01:56 +01:00
W.C.A. Wijngaards
d79d75538b - Fix Out of Bounds Read in rrinternal_get_owner(), 
reported by X41 D-Sec.
 2019-11-20 08:28:12 +01:00
W.C.A. Wijngaards
fa23ee8f31 - Fix Out of Bounds Write in sldns_bget_token_par(), 
reported by X41 D-Sec.
 2019-11-19 16:54:44 +01:00
W.C.A. Wijngaards
51c23b0209 - Fix Out of Bounds Read in sldns_str2wire_dname(), 
reported by X41 D-Sec.
 2019-11-19 16:46:33 +01:00
W.C.A. Wijngaards
a3545867fc - Fix Integer Overflow to Buffer Overflow in 
sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
 2019-11-19 16:42:17 +01:00
W.C.A. Wijngaards
02080f6b18 - Fix Integer Overflows in Size Calculations, 
reported by X41 D-Sec.
 2019-11-19 16:32:40 +01:00
W.C.A. Wijngaards
07156bd5ea - Fix Out-of-bounds Read in rr_comment_dnskey(), 
reported by X41 D-Sec.
 2019-11-19 16:17:06 +01:00
W.C.A. Wijngaards
2a4e840be4 - Fix Unchecked NULL Pointer in dns64_inform_super() 
and ipsecmod_new(), reported by X41 D-Sec.
 2019-11-19 15:48:18 +01:00
W.C.A. Wijngaards
226298bbd3 - Fix Integer Overflow in Regional Allocator, 
reported by X41 D-Sec.
 2019-11-19 15:38:05 +01:00
W.C.A. Wijngaards
79a6e9fbe2 - Fixes to please lint checks. 2019-11-19 12:10:03 +01:00
W.C.A. Wijngaards
16bbfc3461 - Fix authzone printout buffer length check. 2019-11-19 10:09:44 +01:00
W.C.A. Wijngaards
d8090b8cae - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. 2019-11-19 10:06:12 +01:00
W.C.A. Wijngaards
09845779d5 - Fix CVE-2019-18934, shell execution in ipsecmod. 2019-11-19 10:05:18 +01:00
W.C.A. Wijngaards
cb8374cce5 - gitignore .source tempfile used for compatible make. 2019-11-18 15:58:19 +01:00
W.C.A. Wijngaards
442e95620e - Portable grep usage for reuseport configure test. 
- Check return type of HMAC_Init_ex for openssl 0.9.8.
 2019-11-18 15:53:47 +01:00
W.C.A. Wijngaards
af6f5a3f54 - Provide a prototype for compat malloc to remove compile warning. 2019-11-18 13:52:17 +01:00
W.C.A. Wijngaards
253d95a8ef - update to bison output of 3.4.1 in code repository. 2019-11-18 10:50:54 +01:00
W.C.A. Wijngaards
57f2582790 - In unbound-host use separate variable for get_option to please 
code checkers.
 2019-11-18 10:45:47 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
W.C.A. Wijngaards
d4c904d091 - contrib/fastrpz.patch updated to apply for current code. 2019-11-13 11:40:56 +01:00
W.C.A. Wijngaards
5ac9bf3f9b - iana portlist updated. 2019-11-13 11:37:06 +01:00
W.C.A. Wijngaards
f759fc5839 Changelog note and configure autoconf generated. 
- Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.
 2019-11-11 14:46:24 +01:00
W.C.A. Wijngaards
29b90c6e58 - Fix #109: check number of arguments for stdin-pipes in 
unbound-control and fail if too many arguments.
 2019-11-11 12:02:51 +01:00
W.C.A. Wijngaards
7dfbcdf276 - Fix #99: Memory leak in ub_ctx (event_base will never be freed). 2019-10-24 09:58:45 +02:00
George Thessalonikefs
941b324187 Add new configure option --enable-fully-static to enable full static build if 
requested; in relation to #91.
 2019-10-23 16:10:07 +02:00
W.C.A. Wijngaards
21472c2393 Changelog note for #97. 
- Merge #97: manpage: Add missing word on unbound.conf,
  from Erethon.
 2019-10-23 07:56:17 +02:00
Dionysis Grigoropoulos
e8b8d42f8b
manpage: Add missing word on unbound.conf 2019-10-23 00:35:49 +03:00
W.C.A. Wijngaards
e6a179e27a - drop-tld.diff: adds option drop-tld: yesno that drops 2 label 
queries, to stop random floods.  Apply with
  patch -p1 < contrib/drop-tld.diff and compile.
  From Saksham Manchanda (Secure64).  Please note that we think this
  will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
  lookups for downstream clients.
 2019-10-22 10:32:37 +02:00
PMunch
f177dc974c Add support for multiple dynamic modules 
Allows the use of multiple dynamic modules. Simply add more "dynlib"
entries to the "modules-config" and the same amount of "dynlib-file"
entries in the dynlib configuration block.
 2019-10-21 15:59:53 +02:00
PMunch
8eeb910e3d Improve dynlib module and add documentation 
Dynamic library module is now only a thin wrapper that loads dynamic
libraries and forwards all function calls directly to the loaded module.
This meant adding get_mem and clear, and get_mem calls have been added
in the expected places.

Documentation has also been added to the example.conf and the
unbound.conf manpage.
 2019-10-21 14:20:33 +02:00
W.C.A. Wijngaards
eb2283332b - Add doxygen comments to unbound-anchor source address code, in #86. 2019-10-07 09:50:04 +02:00
W.C.A. Wijngaards
b2c3b4758b For #86, note credit for Lukas Wunner. 2019-10-03 16:29:45 +02:00
W.C.A. Wijngaards
8bfbd81fec Changelog entry for #86 and whitespace fix. 
- Merge #86 from psquarejho: Added -b source address option to
  smallapp/unbound-anchor.c.
 2019-10-03 16:22:42 +02:00
Wouter Wijngaards
3d91a9fd56
Merge pull request #86 from psquarejho/master 
Added -b / source address option to smallapp/unbound-anchor.c
 2019-10-03 16:19:58 +02:00
W.C.A. Wijngaards
facc6c6541 - Merge 1.9.4 release with fix for vulnerability CVE-2019-16866. 
- Continue with development of 1.9.5.
 2019-10-03 11:40:13 +02:00
W.C.A. Wijngaards
82dffb1023 Changelog entry for Merge #90. 
- Merge #90 from vcunat: fix build with nettle-3.5.
 2019-10-03 08:59:16 +02:00
W.C.A. Wijngaards
7963c9f463 Changelog note for #87. 
- Merge #87 from hardfalcon: Fix contrib/unbound.service.in,
  Drop CAP_KILL, use + prefix for ExecReload= instead.
 2019-09-26 13:17:46 +02:00
W.C.A. Wijngaards
55bb4c1275 - The unbound.conf includes are sorted ascending, for include 
statements with a '*' from glob.
 2019-09-25 16:50:30 +02:00
Jens Hoffrichter
b966dd8e06 Added -b / source address option to smallapp/unbound-anchor.c 2019-09-24 14:42:36 +00:00
W.C.A. Wijngaards
06a91b0eaa Changelog entry for fix #84 and #85. 
- Merge #85 for #84 from sam-lunt: Add kill capability to systemd
  service file to fix that systemctl reload fails.
 2019-09-23 09:20:12 +02:00
W.C.A. Wijngaards
f635b47ade Changelog entry for #83 
- Merge #83 from Maryse47: contrib/unbound.service.in: do not fork
  into the background.
 2019-09-20 12:59:41 +02:00
W.C.A. Wijngaards
1b62399a6e Changelog entry for #81. 
- Merge #81 from Maryse47: Consistently use /dev/urandom instead
  of /dev/random in scripts and docs.
 2019-09-20 07:44:43 +02:00
Wouter Wijngaards
e1e71eac3e
Merge pull request #81 from Maryse47/urandom 
Consistently use /dev/urandom instead of /dev/random in scripts and docs
 2019-09-20 07:44:22 +02:00
W.C.A. Wijngaards
aefd2df51f (Changelog entry for #82). 
- Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW
  in unbound.service.
 2019-09-20 07:38:34 +02:00
Maryse47
ce0e9bef45 Consistently use /dev/urandom instead of /dev/random in scripts and docs 
Unbound code call /dev/urandom (see below)  but various docs and scripts
mention /dev/random which may be confusing.

https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/arc4random.c#L107
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_linux.c#L251
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_osx.c
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_solaris.c#L116
 2019-09-19 17:40:49 +02:00
W.C.A. Wijngaards
1dcc88b6e8 - Merge #80 from stasic: Improve wording in man page. 
(Changelog entry for merge)
 2019-09-19 16:56:14 +02:00
Arsen Stasic
9303292b7f
Improve wording in man page 
Make it more consistent throughout the man page.
If a config option can either be *yes* or *no* use exact these terms and not something like *on* which could be easily read as *no*.
 2019-09-19 14:51:54 +00:00
W.C.A. Wijngaards
9f0b260c49 - Fix wrong response ttl for prepended short CNAME ttls, this would 
create a wrong zero_ttl response count with serve-expired enabled.
 2019-09-19 16:29:51 +02:00
W.C.A. Wijngaards
ab53baa6f5 - Fix for oss-fuzz build warning. 2019-09-19 10:09:49 +02:00
W.C.A. Wijngaards
554e4a939c - Fix fix for #78 to also free service callback struct. 2019-09-19 10:03:47 +02:00
W.C.A. Wijngaards
45b3215594 - oss-fuzz badge on README.md. 2019-09-19 09:55:23 +02:00
W.C.A. Wijngaards
3cb1cdeebd - Merge pull request #76 from Maryse47: Improvements and fixes for 
systemd unbound.service.
(Changelog note for merge of #76).
 2019-09-19 09:53:21 +02:00
W.C.A. Wijngaards
1a4eaaabc5 - Fix #78: Memory leak in outside_network.c. 2019-09-19 09:11:23 +02:00
W.C.A. Wijngaards
13d96540de - Use explicit bzero for wiping clear buffer of hash in cachedb, 
reported by Eric Sesterhenn from X41 D-Sec.
 2019-09-11 15:31:03 +02:00
Ralph Dolmans
f3dfb4d537 Typo fix, reported by jpmens 2019-09-09 18:54:23 +02:00
Ralph Dolmans
9843b836ee Merge branch 'master' into rpz 2019-09-09 17:17:43 +02:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
W.C.A. Wijngaards
e45e9f1ce0 - Fix #72: configure --with-syslog-facility=LOCAL0-7 with default 
LOG_DAEMON (as before) can set the syslog facility that the server
  uses to log messages.
 2019-09-09 14:27:55 +02:00
W.C.A. Wijngaards
05b9f4fd28 - Fix #71: fix openssl error squelch commit compilation error. 2019-09-04 08:44:19 +02:00
W.C.A. Wijngaards
1089fd6dc1 - squelch DNS over TLS errors 'ssl handshake failed crypto error' 
on low verbosity, they show on verbosity 3 (query details), because
  there is a high volume and the operator cannot do anything for the
  remote failure.  Specifically filters the high volume errors.
 2019-09-03 09:47:27 +02:00
W.C.A. Wijngaards
366296ec14 - updated Makefile dependencies. 2019-09-02 15:56:24 +02:00
W.C.A. Wijngaards
7f9aa6734a - ipset: refactor long routine into three smaller ones. 2019-09-02 15:17:25 +02:00
W.C.A. Wijngaards
9902a5f81d - ipset module #28: log that an address is added, when verbosity high. 2019-09-02 13:50:42 +02:00
W.C.A. Wijngaards
cd0a2b1af1 - Master is 1.9.4 in development. 2019-08-27 09:56:20 +02:00
W.C.A. Wijngaards
a374dfb669 - Fix contrib/fastrpz.patch asprintf return value checks. 2019-08-23 08:41:46 +02:00
W.C.A. Wijngaards
79fa94834e - 1.9.3rc2 release candidate tag. 2019-08-22 14:50:49 +02:00
W.C.A. Wijngaards
06847ff3be - Fix that pkg-config is setup before --enable-systemd needs it. 2019-08-22 12:22:25 +02:00
W.C.A. Wijngaards
80c2c69fa7 - Fix log_dns_msg to log irrespective of minimal responses config. 2019-08-21 17:41:29 +02:00
Ralph Dolmans
8b752e359e - Document limitation of pidfile removal outside of chroot directory. 2019-08-19 13:27:19 +02:00
W.C.A. Wijngaards
d3b3d64ef3 - Remove warning about unknown cast-function-type warning pragma. 2019-08-16 12:52:58 +02:00
W.C.A. Wijngaards
c602ba7319 - Fixup contrib/fastrpz.patch 2019-08-16 12:37:13 +02:00
W.C.A. Wijngaards
bdb6c153e4 - Please doxygen's parser for "@" occurrence in doxygen comment. 2019-08-16 12:21:40 +02:00
W.C.A. Wijngaards
d8a8730cac - Fix unittest valgrind false positive uninitialised value report, 
where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0
  issues an uninitialised value for the token buffer at the str2wire.c
  rrinternal_get_owner() strcmp with the '@' value.  Rewritten to use
  straight character comparisons removes the false positive.  Also
  valgrinds --expensive-definedness-checks=yes can stop this false
  positive.
 2019-08-16 12:18:23 +02:00
W.C.A. Wijngaards
0532cdd357 - (for later release): -V prints if TCP fastopen is available. 2019-08-15 17:04:38 +02:00
W.C.A. Wijngaards
e84b913585 - 1.9.3rc1 release candidate tag. 2019-08-15 15:49:15 +02:00
W.C.A. Wijngaards
a5027f5f56 - Fix character buffer size in ub_ctx_hosts. 2019-08-15 15:11:04 +02:00
W.C.A. Wijngaards
06a58ca248 - escape commandline contents for -V. 2019-08-15 15:05:02 +02:00
W.C.A. Wijngaards
4700d79024 - avoid warning about upcast on 32bit systems for autotrust. 2019-08-15 14:25:46 +02:00
W.C.A. Wijngaards
9d9884c442 - Fix autotrust temp file uniqueness windows compile. 2019-08-15 14:02:14 +02:00
W.C.A. Wijngaards
c1c75929fa - iana portlist updated. 2019-08-15 13:07:26 +02:00
W.C.A. Wijngaards
8cb3656b3e - Fix warning for unused variable for compilation without systemd. 2019-08-14 16:08:19 +02:00
George Thessalonikefs
a90f173875 - Fix #59, when compiled with systemd support check that we can properly 
communicate with systemd through the `NOTIFY_SOCKET`.
 2019-08-14 15:51:28 +02:00
gthess
fd415d8833
Merge branch 'master' into show-build-options 2019-08-14 11:45:41 +02:00
W.C.A. Wijngaards
b5a52f8c86 - Generate configlexer with newer flex. 2019-08-14 11:40:35 +02:00
George Thessalonikefs
008813f0a2 - Introduce -V option to print the version number and build options. 
Previously reported build options like linked libs and linked modules
  are now moved from `-h` to `-V` as well for consistency.
- PACKAGE_BUGREPORT now also includes link to GitHub issues.
 2019-08-12 17:52:43 +02:00
Ralph Dolmans
abbb5c0f6d Update RPZ man page and example.conf 2019-08-07 14:53:23 +02:00
W.C.A. Wijngaards
fa506e3cda - Check repinfo in worker_handle_request, if null, drop it. 2019-08-01 16:57:36 +02:00
W.C.A. Wijngaards
df0c844eed - Fix to timeval_add for remaining second in microseconds. 2019-08-01 16:48:41 +02:00
W.C.A. Wijngaards
199e6c586b - Fix to return after failed auth zone http chunk write. 
- Fix to remove unused test for task_probe existance.
 2019-08-01 16:40:52 +02:00
W.C.A. Wijngaards
21f740d313 - Fix #52 #53, fix for example fail program. 2019-08-01 09:34:44 +02:00
W.C.A. Wijngaards
e860d39f54 - For #52 #53, second context does not close logfile override. 2019-08-01 09:15:33 +02:00
W.C.A. Wijngaards
27811ffaa9 - Add hex print of trust anchor pointer to trust anchor file temp 
name to make it unique, for libunbound created multiple contexts.
 2019-07-29 16:51:40 +02:00
W.C.A. Wijngaards
7d5ab2f4de - Add verbose log message when auth zone file is written, at level 4. 2019-07-29 09:25:49 +02:00
W.C.A. Wijngaards
5f5c00203e - Fix question section mismatch in local zone redirect. 2019-07-23 14:01:59 +02:00
W.C.A. Wijngaards
c94e13220b - Fix #49: Set no renegotiation on the SSL context to stop client 
session renegotiation.
 2019-07-19 08:18:06 +02:00
W.C.A. Wijngaards
368386c011 - Fix #48: Unbound returns additional records on NODATA response, 
if minimal-responses is enabled, also the additional for negative
  responses is removed.
 2019-07-12 14:34:35 +02:00
Ralph Dolmans
d5ebc63add - Fix in respip addrtree selection. Absence of addr_tree_init_parents() call 
made it impossible to go up the tree when the matching netmask is too
   specific.
 2019-07-09 14:58:36 +02:00
Ralph Dolmans
d323e1bda8 - Fix for possible assertion failure when answering respip CNAME from cache. 2019-07-05 16:52:03 +02:00
W.C.A. Wijngaards
da46ea24d5 - For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf 
when do-not-query-localhost is turned on, or at default on,
  unbound-checkconf prints a warning if it is found in forward-addr or
  stub-addr statements.
 2019-06-25 14:50:49 +02:00
W.C.A. Wijngaards
1aa1facabc - Fix memleak in unit test, reported from the clang 8.0 static analyzer. 2019-06-24 10:53:27 +02:00
W.C.A. Wijngaards
78b2f1cc20 - Fix python dict reference and double free in config. 2019-06-18 17:25:08 +02:00
W.C.A. Wijngaards
164f302011 - Merge PR #6: Python module: support multiple instances 
- Merge PR #5: Python module: define constant MODULE_RESTART_NEXT
- Merge PR #4: Python module: assign something useful to the
  per-query data store 'qdata'
Noted in Changelog.
 2019-06-18 17:11:31 +02:00
W.C.A. Wijngaards
63b2628a18 Merge branch 'dev/all-merged/master' of git://github.com/episource/unbound into episource-dev/all-merged/master 2019-06-18 17:07:57 +02:00
W.C.A. Wijngaards
0f3eac4a0e - Added documentation to the ipset files (for doxygen output). 2019-06-18 16:25:11 +02:00
W.C.A. Wijngaards
72738471f1 - make depend 2019-06-18 15:59:10 +02:00
W.C.A. Wijngaards
c1e75c0369 - Fix to make unbound-control with ipset, remove unused variable, 
use unsigned type because of comparison, and assign null instead
  of compare with it.  Remade lex and yacc output.
 2019-06-18 15:57:28 +02:00
W.C.A. Wijngaards
b16c872a60 - PR #28: IPSet module, by Kevin Chou. Created a module to support 
the ipset that could add the domain's ip to a list easily.
  Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md.
- Fix to omit RRSIGs from addition to the ipset.
 2019-06-18 15:38:37 +02:00
W.C.A. Wijngaards
ed95b07764 Merge branch 'master' of git://github.com/k9982874/unbound into k9982874-master 2019-06-18 13:52:52 +02:00
W.C.A. Wijngaards
bf2307ca97 - Fix for #24: Fix abort due to scan of auth zone masters using old 
address from previous scan.
 2019-06-17 14:15:36 +02:00
W.C.A. Wijngaards
1ec96d8f07 - Fix #39: In libunbound, leftover logfile is close()d unpredictably. 2019-06-17 12:13:12 +02:00
W.C.A. Wijngaards
3499d3c647 - Master contains version 1.9.3 in development. 2019-06-17 11:42:19 +02:00
W.C.A. Wijngaards
ee06aaaad9 - 1.9.2rc3 release candidate tag. 2019-06-14 08:38:37 +02:00
W.C.A. Wijngaards
af6c5dea43 - Fix another spoolbuf storage code point, in prefetch. 2019-06-12 08:32:45 +02:00
W.C.A. Wijngaards
b57771d42b - 1.9.2rc1 release candidate tag. 2019-06-11 12:46:44 +02:00
W.C.A. Wijngaards
6067ce6d2b - Fix that fixes the Fix that spoolbuf is not used to store tcp 
pipelined response between mesh send and callback end, this fixes
  error cases that did not use the correct spoolbuf.
 2019-06-11 12:15:43 +02:00
W.C.A. Wijngaards
081fd4fdae - 1.9.2rc1 release candidate tag. 2019-06-06 09:32:53 +02:00
Ralph Dolmans
a77c35ef50 Add RPZ config options to unbound.conf man page. 2019-06-04 15:39:08 +02:00
Ralph Dolmans
bc83e0b016 fix double free issue 2019-06-04 12:38:44 +02:00
W.C.A. Wijngaards
09a0e6ee30 - iana portlist updated. 2019-06-04 12:21:21 +02:00
W.C.A. Wijngaards
a4f4d7b6ba - Fix to guard _OPENBSD_SOURCE from redefinition. 2019-05-29 13:28:03 +02:00
W.C.A. Wijngaards
e2a2dcdfd5 - gitignore config.h.in~. 2019-05-28 11:12:41 +02:00
W.C.A. Wijngaards
14b11384a4 - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD. 2019-05-28 11:12:05 +02:00
W.C.A. Wijngaards
a03f0a388e - Fix double file close in tcp pipelined response code. 2019-05-27 11:23:41 +02:00
Wouter Wijngaards
0b77c9d676 - Fix that spoolbuf is not used to store tcp pipelined response 
between mesh send and callback end.
 2019-05-24 09:35:38 +02:00
W.C.A. Wijngaards
1c3ba0cef7 - Note that so-reuseport at extreme load is better turned off, 
otherwise queries are not distributed evenly, on Linux 4.4.x.
 2019-05-20 11:57:09 +02:00