upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-01 12:29:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
5099 commits 23 branches 209 tags 124 MiB
Commit graph

5099 commits

This branch
This branch
All branches
Author SHA1 Message Date
W.C.A. Wijngaards
af6f5a3f54 - Provide a prototype for compat malloc to remove compile warning. 2019-11-18 13:52:17 +01:00
W.C.A. Wijngaards
253d95a8ef - update to bison output of 3.4.1 in code repository. 2019-11-18 10:50:54 +01:00
W.C.A. Wijngaards
57f2582790 - In unbound-host use separate variable for get_option to please 
code checkers.
 2019-11-18 10:45:47 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
W.C.A. Wijngaards
d4c904d091 - contrib/fastrpz.patch updated to apply for current code. 2019-11-13 11:40:56 +01:00
W.C.A. Wijngaards
5ac9bf3f9b - iana portlist updated. 2019-11-13 11:37:06 +01:00
W.C.A. Wijngaards
f759fc5839 Changelog note and configure autoconf generated. 
- Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.
 2019-11-11 14:46:24 +01:00
Wouter Wijngaards
8903dc779f
Merge pull request #102 from jrtc27/freebsd-getentropy 
Add getentropy emulation for FreeBSD
 2019-11-11 14:45:18 +01:00
W.C.A. Wijngaards
29b90c6e58 - Fix #109: check number of arguments for stdin-pipes in 
unbound-control and fail if too many arguments.
 2019-11-11 12:02:51 +01:00
James Clarke
9b310f4084 Add getentropy emulation for FreeBSD 2019-11-02 18:08:23 +00:00
W.C.A. Wijngaards
7dfbcdf276 - Fix #99: Memory leak in ub_ctx (event_base will never be freed). 2019-10-24 09:58:45 +02:00
George Thessalonikefs
941b324187 Add new configure option --enable-fully-static to enable full static build if 
requested; in relation to #91.
 2019-10-23 16:10:07 +02:00
W.C.A. Wijngaards
21472c2393 Changelog note for #97. 
- Merge #97: manpage: Add missing word on unbound.conf,
  from Erethon.
 2019-10-23 07:56:17 +02:00
Wouter Wijngaards
488e4c66cd
Merge pull request #97 from Erethon/master 
manpage: Add missing word on unbound.conf
 2019-10-23 07:54:57 +02:00
Dionysis Grigoropoulos
e8b8d42f8b
manpage: Add missing word on unbound.conf 2019-10-23 00:35:49 +03:00
W.C.A. Wijngaards
e6a179e27a - drop-tld.diff: adds option drop-tld: yesno that drops 2 label 
queries, to stop random floods.  Apply with
  patch -p1 < contrib/drop-tld.diff and compile.
  From Saksham Manchanda (Secure64).  Please note that we think this
  will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
  lookups for downstream clients.
 2019-10-22 10:32:37 +02:00
W.C.A. Wijngaards
eb2283332b - Add doxygen comments to unbound-anchor source address code, in #86. 2019-10-07 09:50:04 +02:00
W.C.A. Wijngaards
b2c3b4758b For #86, note credit for Lukas Wunner. 2019-10-03 16:29:45 +02:00
W.C.A. Wijngaards
8bfbd81fec Changelog entry for #86 and whitespace fix. 
- Merge #86 from psquarejho: Added -b source address option to
  smallapp/unbound-anchor.c.
 2019-10-03 16:22:42 +02:00
Wouter Wijngaards
3d91a9fd56
Merge pull request #86 from psquarejho/master 
Added -b / source address option to smallapp/unbound-anchor.c
 2019-10-03 16:19:58 +02:00
W.C.A. Wijngaards
facc6c6541 - Merge 1.9.4 release with fix for vulnerability CVE-2019-16866. 
- Continue with development of 1.9.5.
 2019-10-03 11:40:13 +02:00
W.C.A. Wijngaards
380b87e21a Merge remote-tracking branch 'origin/branch-1.9.4' 2019-10-03 11:37:22 +02:00
W.C.A. Wijngaards
b60c4a472c Branch 1.9.4 prepares for 1.9.4 release from 1.9.3 2019-10-03 10:34:40 +02:00
W.C.A. Wijngaards
82dffb1023 Changelog entry for Merge #90. 
- Merge #90 from vcunat: fix build with nettle-3.5.
 2019-10-03 08:59:16 +02:00
Wouter Wijngaards
dc30e66ddc
Merge pull request #90 from vcunat/p/nettle-3.5 
fix build with nettle-3.5
 2019-10-03 08:58:47 +02:00
Vladimír Čunát
ec021e0d4b
fix build with nettle-3.5 
https://git.lysator.liu.se/nettle/nettle/commit/8bf4747d9
 2019-10-02 20:05:03 +02:00
W.C.A. Wijngaards
7963c9f463 Changelog note for #87. 
- Merge #87 from hardfalcon: Fix contrib/unbound.service.in,
  Drop CAP_KILL, use + prefix for ExecReload= instead.
 2019-09-26 13:17:46 +02:00
Wouter Wijngaards
710851e69a
Merge pull request #87 from hardfalcon/patch-1 
Drop CAP_KILL, use + prefix for ExecReload= instead
 2019-09-26 13:17:24 +02:00
Pascal Ernster
11f22074a9
Drop CAP_KILL, use + prefix for ExecReload= instead 
CAP_KILL seems a bit too much privileges for the sole purpose of being able to make ExecReload= work.
Use the + prefix on ExecReload= instead to run "/bin/kill -HUP $MAINPID" with full privileges, ignoring the restrictions from CapabilityBoundingSet=.

See https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= for further details about the + prefix in ExecReload=.
 2019-09-26 08:41:37 +00:00
W.C.A. Wijngaards
55bb4c1275 - The unbound.conf includes are sorted ascending, for include 
statements with a '*' from glob.
 2019-09-25 16:50:30 +02:00
Jens Hoffrichter
b966dd8e06 Added -b / source address option to smallapp/unbound-anchor.c 2019-09-24 14:42:36 +00:00
W.C.A. Wijngaards
06a91b0eaa Changelog entry for fix #84 and #85. 
- Merge #85 for #84 from sam-lunt: Add kill capability to systemd
  service file to fix that systemctl reload fails.
 2019-09-23 09:20:12 +02:00
Wouter Wijngaards
3df64cc677
Merge pull request #85 from sam-lunt/add-cap-kill 
Add kill capability to systemd service file
 2019-09-23 09:18:36 +02:00
sam-lunt
6943cab670
Add kill capability to systemd service file 
The ExecReload command calls kills on a process owned by the unbound user (or whatever user is configured). To do so, it needs the CAP_KILL capability.
 2019-09-21 14:36:12 -05:00
W.C.A. Wijngaards
f635b47ade Changelog entry for #83 
- Merge #83 from Maryse47: contrib/unbound.service.in: do not fork
  into the background.
 2019-09-20 12:59:41 +02:00
Wouter Wijngaards
eb7f9a50f2
Merge pull request #83 from Maryse47/nofork 
unbound.service.in: do not fork into the background
 2019-09-20 12:59:21 +02:00
Maryse47
acdd4058d2
unbound.service.in: do not fork into the background 
This is needed when unbound config doesn't set "do-daemonize: no" by itself otherwise starting service fails with:
 systemd[1]: unbound.service: Got notification message from PID <PID>, but reception only permitted for main PID which is currently not known

https://github.com/NLnetLabs/unbound/blob/release-1.9.3/doc/example.conf.in#L236
 2019-09-20 10:07:37 +00:00
W.C.A. Wijngaards
1b62399a6e Changelog entry for #81. 
- Merge #81 from Maryse47: Consistently use /dev/urandom instead
  of /dev/random in scripts and docs.
 2019-09-20 07:44:43 +02:00
Wouter Wijngaards
e1e71eac3e
Merge pull request #81 from Maryse47/urandom 
Consistently use /dev/urandom instead of /dev/random in scripts and docs
 2019-09-20 07:44:22 +02:00
W.C.A. Wijngaards
aefd2df51f (Changelog entry for #82). 
- Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW
  in unbound.service.
 2019-09-20 07:38:34 +02:00
Wouter Wijngaards
15020f7666
Merge pull request #82 from hardfalcon/patch-1 
Downgrade CAP_NET_ADMIN to CAP_NET_RAW in unbound.service
 2019-09-20 07:37:32 +02:00
Pascal Ernster
ae2d5276d2
Downgrade CAP_NET_ADMIN to CAP_NET_RAW in unbound.service 
Since kernel 3.2, CAP_NET_RAW instead of CAP_NET_ADMIN is sufficient to allow for the usage of the IP_TRANSPARENT socket option. CAP_NET_ADMIN allows far more mayhem then CAP_NET_RAW, so prefer the safer, more restrictive solution.
 2019-09-20 04:47:56 +00:00
Maryse47
ce0e9bef45 Consistently use /dev/urandom instead of /dev/random in scripts and docs 
Unbound code call /dev/urandom (see below)  but various docs and scripts
mention /dev/random which may be confusing.

https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/arc4random.c#L107
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_linux.c#L251
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_osx.c
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_solaris.c#L116
 2019-09-19 17:40:49 +02:00
W.C.A. Wijngaards
1dcc88b6e8 - Merge #80 from stasic: Improve wording in man page. 
(Changelog entry for merge)
 2019-09-19 16:56:14 +02:00
Wouter Wijngaards
faa9dd7bf6
Merge pull request #80 from stasic/patch-1 
Improve wording in man page
 2019-09-19 16:54:42 +02:00
Arsen Stasic
9303292b7f
Improve wording in man page 
Make it more consistent throughout the man page.
If a config option can either be *yes* or *no* use exact these terms and not something like *on* which could be easily read as *no*.
 2019-09-19 14:51:54 +00:00
W.C.A. Wijngaards
9f0b260c49 - Fix wrong response ttl for prepended short CNAME ttls, this would 
create a wrong zero_ttl response count with serve-expired enabled.
 2019-09-19 16:29:51 +02:00
W.C.A. Wijngaards
ab53baa6f5 - Fix for oss-fuzz build warning. 2019-09-19 10:09:49 +02:00
W.C.A. Wijngaards
554e4a939c - Fix fix for #78 to also free service callback struct. 2019-09-19 10:03:47 +02:00
W.C.A. Wijngaards
45b3215594 - oss-fuzz badge on README.md. 2019-09-19 09:55:23 +02:00