upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-15 00:33:46 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
5318 commits 26 branches 209 tags 136 MiB
Commit graph

3785 commits

Author SHA1 Message Date
W.C.A. Wijngaards
72d348de6a - Fix Out-of-Bounds Read in dname_valid(), 
reported by X41 D-Sec.
 2019-11-20 11:38:11 +01:00
W.C.A. Wijngaards
7646c96259 - Fix Randomness Error not Handled Properly, 
reported by X41 D-Sec.
 2019-11-20 11:35:07 +01:00
W.C.A. Wijngaards
d8809c672a - Fix Weak Entropy Used For Nettle, 
reported by X41 D-Sec.
 2019-11-20 11:28:53 +01:00
W.C.A. Wijngaards
7e3da817c3 - Adjust unbound-control to make stats_shm a read only operation. 2019-11-20 11:18:03 +01:00
W.C.A. Wijngaards
c54fe82886 - Fix Shared Memory World Writeable, 
reported by X41 D-Sec.
 2019-11-20 11:13:45 +01:00
W.C.A. Wijngaards
1fa40654d2 - Fix Race Condition in autr_tp_create(), 
reported by X41 D-Sec.
 2019-11-20 11:01:56 +01:00
W.C.A. Wijngaards
d79d75538b - Fix Out of Bounds Read in rrinternal_get_owner(), 
reported by X41 D-Sec.
 2019-11-20 08:28:12 +01:00
W.C.A. Wijngaards
fa23ee8f31 - Fix Out of Bounds Write in sldns_bget_token_par(), 
reported by X41 D-Sec.
 2019-11-19 16:54:44 +01:00
W.C.A. Wijngaards
51c23b0209 - Fix Out of Bounds Read in sldns_str2wire_dname(), 
reported by X41 D-Sec.
 2019-11-19 16:46:33 +01:00
W.C.A. Wijngaards
a3545867fc - Fix Integer Overflow to Buffer Overflow in 
sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
 2019-11-19 16:42:17 +01:00
W.C.A. Wijngaards
02080f6b18 - Fix Integer Overflows in Size Calculations, 
reported by X41 D-Sec.
 2019-11-19 16:32:40 +01:00
W.C.A. Wijngaards
07156bd5ea - Fix Out-of-bounds Read in rr_comment_dnskey(), 
reported by X41 D-Sec.
 2019-11-19 16:17:06 +01:00
W.C.A. Wijngaards
2a4e840be4 - Fix Unchecked NULL Pointer in dns64_inform_super() 
and ipsecmod_new(), reported by X41 D-Sec.
 2019-11-19 15:48:18 +01:00
W.C.A. Wijngaards
226298bbd3 - Fix Integer Overflow in Regional Allocator, 
reported by X41 D-Sec.
 2019-11-19 15:38:05 +01:00
W.C.A. Wijngaards
79a6e9fbe2 - Fixes to please lint checks. 2019-11-19 12:10:03 +01:00
W.C.A. Wijngaards
16bbfc3461 - Fix authzone printout buffer length check. 2019-11-19 10:09:44 +01:00
W.C.A. Wijngaards
d8090b8cae - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. 2019-11-19 10:06:12 +01:00
W.C.A. Wijngaards
09845779d5 - Fix CVE-2019-18934, shell execution in ipsecmod. 2019-11-19 10:05:18 +01:00
W.C.A. Wijngaards
cb8374cce5 - gitignore .source tempfile used for compatible make. 2019-11-18 15:58:19 +01:00
W.C.A. Wijngaards
442e95620e - Portable grep usage for reuseport configure test. 
- Check return type of HMAC_Init_ex for openssl 0.9.8.
 2019-11-18 15:53:47 +01:00
W.C.A. Wijngaards
af6f5a3f54 - Provide a prototype for compat malloc to remove compile warning. 2019-11-18 13:52:17 +01:00
W.C.A. Wijngaards
253d95a8ef - update to bison output of 3.4.1 in code repository. 2019-11-18 10:50:54 +01:00
W.C.A. Wijngaards
57f2582790 - In unbound-host use separate variable for get_option to please 
code checkers.
 2019-11-18 10:45:47 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
W.C.A. Wijngaards
d4c904d091 - contrib/fastrpz.patch updated to apply for current code. 2019-11-13 11:40:56 +01:00
W.C.A. Wijngaards
5ac9bf3f9b - iana portlist updated. 2019-11-13 11:37:06 +01:00
W.C.A. Wijngaards
f759fc5839 Changelog note and configure autoconf generated. 
- Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.
 2019-11-11 14:46:24 +01:00
W.C.A. Wijngaards
29b90c6e58 - Fix #109: check number of arguments for stdin-pipes in 
unbound-control and fail if too many arguments.
 2019-11-11 12:02:51 +01:00
W.C.A. Wijngaards
7dfbcdf276 - Fix #99: Memory leak in ub_ctx (event_base will never be freed). 2019-10-24 09:58:45 +02:00
George Thessalonikefs
941b324187 Add new configure option --enable-fully-static to enable full static build if 
requested; in relation to #91.
 2019-10-23 16:10:07 +02:00
W.C.A. Wijngaards
21472c2393 Changelog note for #97. 
- Merge #97: manpage: Add missing word on unbound.conf,
  from Erethon.
 2019-10-23 07:56:17 +02:00
Dionysis Grigoropoulos
e8b8d42f8b
manpage: Add missing word on unbound.conf 2019-10-23 00:35:49 +03:00
W.C.A. Wijngaards
e6a179e27a - drop-tld.diff: adds option drop-tld: yesno that drops 2 label 
queries, to stop random floods.  Apply with
  patch -p1 < contrib/drop-tld.diff and compile.
  From Saksham Manchanda (Secure64).  Please note that we think this
  will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
  lookups for downstream clients.
 2019-10-22 10:32:37 +02:00
W.C.A. Wijngaards
eb2283332b - Add doxygen comments to unbound-anchor source address code, in #86. 2019-10-07 09:50:04 +02:00
W.C.A. Wijngaards
b2c3b4758b For #86, note credit for Lukas Wunner. 2019-10-03 16:29:45 +02:00
W.C.A. Wijngaards
8bfbd81fec Changelog entry for #86 and whitespace fix. 
- Merge #86 from psquarejho: Added -b source address option to
  smallapp/unbound-anchor.c.
 2019-10-03 16:22:42 +02:00
Wouter Wijngaards
3d91a9fd56
Merge pull request #86 from psquarejho/master 
Added -b / source address option to smallapp/unbound-anchor.c
 2019-10-03 16:19:58 +02:00
W.C.A. Wijngaards
facc6c6541 - Merge 1.9.4 release with fix for vulnerability CVE-2019-16866. 
- Continue with development of 1.9.5.
 2019-10-03 11:40:13 +02:00
W.C.A. Wijngaards
82dffb1023 Changelog entry for Merge #90. 
- Merge #90 from vcunat: fix build with nettle-3.5.
 2019-10-03 08:59:16 +02:00
W.C.A. Wijngaards
7963c9f463 Changelog note for #87. 
- Merge #87 from hardfalcon: Fix contrib/unbound.service.in,
  Drop CAP_KILL, use + prefix for ExecReload= instead.
 2019-09-26 13:17:46 +02:00
W.C.A. Wijngaards
55bb4c1275 - The unbound.conf includes are sorted ascending, for include 
statements with a '*' from glob.
 2019-09-25 16:50:30 +02:00
Jens Hoffrichter
b966dd8e06 Added -b / source address option to smallapp/unbound-anchor.c 2019-09-24 14:42:36 +00:00
W.C.A. Wijngaards
06a91b0eaa Changelog entry for fix #84 and #85. 
- Merge #85 for #84 from sam-lunt: Add kill capability to systemd
  service file to fix that systemctl reload fails.
 2019-09-23 09:20:12 +02:00
W.C.A. Wijngaards
f635b47ade Changelog entry for #83 
- Merge #83 from Maryse47: contrib/unbound.service.in: do not fork
  into the background.
 2019-09-20 12:59:41 +02:00
W.C.A. Wijngaards
1b62399a6e Changelog entry for #81. 
- Merge #81 from Maryse47: Consistently use /dev/urandom instead
  of /dev/random in scripts and docs.
 2019-09-20 07:44:43 +02:00
Wouter Wijngaards
e1e71eac3e
Merge pull request #81 from Maryse47/urandom 
Consistently use /dev/urandom instead of /dev/random in scripts and docs
 2019-09-20 07:44:22 +02:00
W.C.A. Wijngaards
aefd2df51f (Changelog entry for #82). 
- Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW
  in unbound.service.
 2019-09-20 07:38:34 +02:00
Maryse47
ce0e9bef45 Consistently use /dev/urandom instead of /dev/random in scripts and docs 
Unbound code call /dev/urandom (see below)  but various docs and scripts
mention /dev/random which may be confusing.

https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/arc4random.c#L107
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_linux.c#L251
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_osx.c
https://github.com/NLnetLabs/unbound/blob/release-1.9.3/compat/getentropy_solaris.c#L116
 2019-09-19 17:40:49 +02:00
W.C.A. Wijngaards
1dcc88b6e8 - Merge #80 from stasic: Improve wording in man page. 
(Changelog entry for merge)
 2019-09-19 16:56:14 +02:00
Arsen Stasic
9303292b7f
Improve wording in man page 
Make it more consistent throughout the man page.
If a config option can either be *yes* or *no* use exact these terms and not something like *on* which could be easily read as *no*.
 2019-09-19 14:51:54 +00:00
W.C.A. Wijngaards
9f0b260c49 - Fix wrong response ttl for prepended short CNAME ttls, this would 
create a wrong zero_ttl response count with serve-expired enabled.
 2019-09-19 16:29:51 +02:00
W.C.A. Wijngaards
ab53baa6f5 - Fix for oss-fuzz build warning. 2019-09-19 10:09:49 +02:00
W.C.A. Wijngaards
554e4a939c - Fix fix for #78 to also free service callback struct. 2019-09-19 10:03:47 +02:00
W.C.A. Wijngaards
45b3215594 - oss-fuzz badge on README.md. 2019-09-19 09:55:23 +02:00
W.C.A. Wijngaards
3cb1cdeebd - Merge pull request #76 from Maryse47: Improvements and fixes for 
systemd unbound.service.
(Changelog note for merge of #76).
 2019-09-19 09:53:21 +02:00
W.C.A. Wijngaards
1a4eaaabc5 - Fix #78: Memory leak in outside_network.c. 2019-09-19 09:11:23 +02:00
W.C.A. Wijngaards
13d96540de - Use explicit bzero for wiping clear buffer of hash in cachedb, 
reported by Eric Sesterhenn from X41 D-Sec.
 2019-09-11 15:31:03 +02:00
Ralph Dolmans
f3dfb4d537 Typo fix, reported by jpmens 2019-09-09 18:54:23 +02:00
Ralph Dolmans
9843b836ee Merge branch 'master' into rpz 2019-09-09 17:17:43 +02:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
W.C.A. Wijngaards
e45e9f1ce0 - Fix #72: configure --with-syslog-facility=LOCAL0-7 with default 
LOG_DAEMON (as before) can set the syslog facility that the server
  uses to log messages.
 2019-09-09 14:27:55 +02:00
W.C.A. Wijngaards
05b9f4fd28 - Fix #71: fix openssl error squelch commit compilation error. 2019-09-04 08:44:19 +02:00
W.C.A. Wijngaards
1089fd6dc1 - squelch DNS over TLS errors 'ssl handshake failed crypto error' 
on low verbosity, they show on verbosity 3 (query details), because
  there is a high volume and the operator cannot do anything for the
  remote failure.  Specifically filters the high volume errors.
 2019-09-03 09:47:27 +02:00
W.C.A. Wijngaards
366296ec14 - updated Makefile dependencies. 2019-09-02 15:56:24 +02:00
W.C.A. Wijngaards
7f9aa6734a - ipset: refactor long routine into three smaller ones. 2019-09-02 15:17:25 +02:00
W.C.A. Wijngaards
9902a5f81d - ipset module #28: log that an address is added, when verbosity high. 2019-09-02 13:50:42 +02:00
W.C.A. Wijngaards
cd0a2b1af1 - Master is 1.9.4 in development. 2019-08-27 09:56:20 +02:00
W.C.A. Wijngaards
a374dfb669 - Fix contrib/fastrpz.patch asprintf return value checks. 2019-08-23 08:41:46 +02:00
W.C.A. Wijngaards
79fa94834e - 1.9.3rc2 release candidate tag. 2019-08-22 14:50:49 +02:00
W.C.A. Wijngaards
06847ff3be - Fix that pkg-config is setup before --enable-systemd needs it. 2019-08-22 12:22:25 +02:00
W.C.A. Wijngaards
80c2c69fa7 - Fix log_dns_msg to log irrespective of minimal responses config. 2019-08-21 17:41:29 +02:00
Ralph Dolmans
8b752e359e - Document limitation of pidfile removal outside of chroot directory. 2019-08-19 13:27:19 +02:00
W.C.A. Wijngaards
d3b3d64ef3 - Remove warning about unknown cast-function-type warning pragma. 2019-08-16 12:52:58 +02:00
W.C.A. Wijngaards
c602ba7319 - Fixup contrib/fastrpz.patch 2019-08-16 12:37:13 +02:00
W.C.A. Wijngaards
bdb6c153e4 - Please doxygen's parser for "@" occurrence in doxygen comment. 2019-08-16 12:21:40 +02:00
W.C.A. Wijngaards
d8a8730cac - Fix unittest valgrind false positive uninitialised value report, 
where if gcc 9.1.1 uses -O2 (but not -O1) then valgrind 3.15.0
  issues an uninitialised value for the token buffer at the str2wire.c
  rrinternal_get_owner() strcmp with the '@' value.  Rewritten to use
  straight character comparisons removes the false positive.  Also
  valgrinds --expensive-definedness-checks=yes can stop this false
  positive.
 2019-08-16 12:18:23 +02:00
W.C.A. Wijngaards
0532cdd357 - (for later release): -V prints if TCP fastopen is available. 2019-08-15 17:04:38 +02:00
W.C.A. Wijngaards
e84b913585 - 1.9.3rc1 release candidate tag. 2019-08-15 15:49:15 +02:00
W.C.A. Wijngaards
a5027f5f56 - Fix character buffer size in ub_ctx_hosts. 2019-08-15 15:11:04 +02:00
W.C.A. Wijngaards
06a58ca248 - escape commandline contents for -V. 2019-08-15 15:05:02 +02:00
W.C.A. Wijngaards
4700d79024 - avoid warning about upcast on 32bit systems for autotrust. 2019-08-15 14:25:46 +02:00
W.C.A. Wijngaards
9d9884c442 - Fix autotrust temp file uniqueness windows compile. 2019-08-15 14:02:14 +02:00
W.C.A. Wijngaards
c1c75929fa - iana portlist updated. 2019-08-15 13:07:26 +02:00
W.C.A. Wijngaards
8cb3656b3e - Fix warning for unused variable for compilation without systemd. 2019-08-14 16:08:19 +02:00
George Thessalonikefs
a90f173875 - Fix #59, when compiled with systemd support check that we can properly 
communicate with systemd through the `NOTIFY_SOCKET`.
 2019-08-14 15:51:28 +02:00
gthess
fd415d8833
Merge branch 'master' into show-build-options 2019-08-14 11:45:41 +02:00
W.C.A. Wijngaards
b5a52f8c86 - Generate configlexer with newer flex. 2019-08-14 11:40:35 +02:00
George Thessalonikefs
008813f0a2 - Introduce -V option to print the version number and build options. 
Previously reported build options like linked libs and linked modules
  are now moved from `-h` to `-V` as well for consistency.
- PACKAGE_BUGREPORT now also includes link to GitHub issues.
 2019-08-12 17:52:43 +02:00
Ralph Dolmans
abbb5c0f6d Update RPZ man page and example.conf 2019-08-07 14:53:23 +02:00
W.C.A. Wijngaards
fa506e3cda - Check repinfo in worker_handle_request, if null, drop it. 2019-08-01 16:57:36 +02:00
W.C.A. Wijngaards
df0c844eed - Fix to timeval_add for remaining second in microseconds. 2019-08-01 16:48:41 +02:00
W.C.A. Wijngaards
199e6c586b - Fix to return after failed auth zone http chunk write. 
- Fix to remove unused test for task_probe existance.
 2019-08-01 16:40:52 +02:00
W.C.A. Wijngaards
21f740d313 - Fix #52 #53, fix for example fail program. 2019-08-01 09:34:44 +02:00
W.C.A. Wijngaards
e860d39f54 - For #52 #53, second context does not close logfile override. 2019-08-01 09:15:33 +02:00
W.C.A. Wijngaards
27811ffaa9 - Add hex print of trust anchor pointer to trust anchor file temp 
name to make it unique, for libunbound created multiple contexts.
 2019-07-29 16:51:40 +02:00
W.C.A. Wijngaards
7d5ab2f4de - Add verbose log message when auth zone file is written, at level 4. 2019-07-29 09:25:49 +02:00
W.C.A. Wijngaards
5f5c00203e - Fix question section mismatch in local zone redirect. 2019-07-23 14:01:59 +02:00
W.C.A. Wijngaards
c94e13220b - Fix #49: Set no renegotiation on the SSL context to stop client 
session renegotiation.
 2019-07-19 08:18:06 +02:00
W.C.A. Wijngaards
368386c011 - Fix #48: Unbound returns additional records on NODATA response, 
if minimal-responses is enabled, also the additional for negative
  responses is removed.
 2019-07-12 14:34:35 +02:00
Ralph Dolmans
d5ebc63add - Fix in respip addrtree selection. Absence of addr_tree_init_parents() call 
made it impossible to go up the tree when the matching netmask is too
   specific.
 2019-07-09 14:58:36 +02:00
Ralph Dolmans
d323e1bda8 - Fix for possible assertion failure when answering respip CNAME from cache. 2019-07-05 16:52:03 +02:00
W.C.A. Wijngaards
da46ea24d5 - For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf 
when do-not-query-localhost is turned on, or at default on,
  unbound-checkconf prints a warning if it is found in forward-addr or
  stub-addr statements.
 2019-06-25 14:50:49 +02:00
W.C.A. Wijngaards
1aa1facabc - Fix memleak in unit test, reported from the clang 8.0 static analyzer. 2019-06-24 10:53:27 +02:00
W.C.A. Wijngaards
78b2f1cc20 - Fix python dict reference and double free in config. 2019-06-18 17:25:08 +02:00
W.C.A. Wijngaards
164f302011 - Merge PR #6: Python module: support multiple instances 
- Merge PR #5: Python module: define constant MODULE_RESTART_NEXT
- Merge PR #4: Python module: assign something useful to the
  per-query data store 'qdata'
Noted in Changelog.
 2019-06-18 17:11:31 +02:00
W.C.A. Wijngaards
63b2628a18 Merge branch 'dev/all-merged/master' of git://github.com/episource/unbound into episource-dev/all-merged/master 2019-06-18 17:07:57 +02:00
W.C.A. Wijngaards
0f3eac4a0e - Added documentation to the ipset files (for doxygen output). 2019-06-18 16:25:11 +02:00
W.C.A. Wijngaards
72738471f1 - make depend 2019-06-18 15:59:10 +02:00
W.C.A. Wijngaards
c1e75c0369 - Fix to make unbound-control with ipset, remove unused variable, 
use unsigned type because of comparison, and assign null instead
  of compare with it.  Remade lex and yacc output.
 2019-06-18 15:57:28 +02:00
W.C.A. Wijngaards
b16c872a60 - PR #28: IPSet module, by Kevin Chou. Created a module to support 
the ipset that could add the domain's ip to a list easily.
  Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md.
- Fix to omit RRSIGs from addition to the ipset.
 2019-06-18 15:38:37 +02:00
W.C.A. Wijngaards
ed95b07764 Merge branch 'master' of git://github.com/k9982874/unbound into k9982874-master 2019-06-18 13:52:52 +02:00
W.C.A. Wijngaards
bf2307ca97 - Fix for #24: Fix abort due to scan of auth zone masters using old 
address from previous scan.
 2019-06-17 14:15:36 +02:00
W.C.A. Wijngaards
1ec96d8f07 - Fix #39: In libunbound, leftover logfile is close()d unpredictably. 2019-06-17 12:13:12 +02:00
W.C.A. Wijngaards
3499d3c647 - Master contains version 1.9.3 in development. 2019-06-17 11:42:19 +02:00
W.C.A. Wijngaards
ee06aaaad9 - 1.9.2rc3 release candidate tag. 2019-06-14 08:38:37 +02:00
W.C.A. Wijngaards
af6c5dea43 - Fix another spoolbuf storage code point, in prefetch. 2019-06-12 08:32:45 +02:00
W.C.A. Wijngaards
b57771d42b - 1.9.2rc1 release candidate tag. 2019-06-11 12:46:44 +02:00
W.C.A. Wijngaards
6067ce6d2b - Fix that fixes the Fix that spoolbuf is not used to store tcp 
pipelined response between mesh send and callback end, this fixes
  error cases that did not use the correct spoolbuf.
 2019-06-11 12:15:43 +02:00
W.C.A. Wijngaards
081fd4fdae - 1.9.2rc1 release candidate tag. 2019-06-06 09:32:53 +02:00
Ralph Dolmans
a77c35ef50 Add RPZ config options to unbound.conf man page. 2019-06-04 15:39:08 +02:00
Ralph Dolmans
bc83e0b016 fix double free issue 2019-06-04 12:38:44 +02:00
W.C.A. Wijngaards
09a0e6ee30 - iana portlist updated. 2019-06-04 12:21:21 +02:00
W.C.A. Wijngaards
a4f4d7b6ba - Fix to guard _OPENBSD_SOURCE from redefinition. 2019-05-29 13:28:03 +02:00
W.C.A. Wijngaards
e2a2dcdfd5 - gitignore config.h.in~. 2019-05-28 11:12:41 +02:00
W.C.A. Wijngaards
14b11384a4 - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD. 2019-05-28 11:12:05 +02:00
W.C.A. Wijngaards
a03f0a388e - Fix double file close in tcp pipelined response code. 2019-05-27 11:23:41 +02:00
Wouter Wijngaards
0b77c9d676 - Fix that spoolbuf is not used to store tcp pipelined response 
between mesh send and callback end.
 2019-05-24 09:35:38 +02:00
W.C.A. Wijngaards
1c3ba0cef7 - Note that so-reuseport at extreme load is better turned off, 
otherwise queries are not distributed evenly, on Linux 4.4.x.
 2019-05-20 11:57:09 +02:00
W.C.A. Wijngaards
310396190b - Fix #31: swig 4.0 and python module. 2019-05-16 11:06:01 +02:00
W.C.A. Wijngaards
a08fe8ca60 - Attempt to fix malformed tcp response. 2019-05-13 15:39:59 +02:00
W.C.A. Wijngaards
a95f5fd5cb - Squelch log messages from tcp send about connection reset by peer. 
They can be enabled with verbosity at higher values for diagnosing
  network connectivity issues.
 2019-05-13 10:39:39 +02:00
W.C.A. Wijngaards
a922a19d70 - Revert fix for oss-fuzz, error is in that build script that 
unconditionally includes .o files detected by configure, also
  when the machine architecture uses different LIBOBJS files.
 2019-05-09 17:07:01 +02:00
W.C.A. Wijngaards
a8d0177b36 - Attempt to fix build failure in oss-fuzz 
because of reallocarray.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14648.
Does not omit compile flags from commandline.
 2019-05-08 14:43:56 +02:00
W.C.A. Wijngaards
779b86fb22 - Fix doxygen output error on readme markdown vignettes. 2019-05-07 16:11:15 +02:00
W.C.A. Wijngaards
e3453711e5 - Fix edns-subnet locks, in error cases the lock was not unlocked. 2019-05-07 16:10:22 +02:00
W.C.A. Wijngaards
f1c23891ab - Fix #30: AddressSanitizer finding in lookup3.c. 
This sets the hash function to use a slower but better auditable code
that does not read beyond array boundaries.  This makes code better
security checkable, and is better for security.  It is fixed to be
slower, but not read outside of the array.
 2019-05-06 09:44:01 +02:00
W.C.A. Wijngaards
9b7843f879 - Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64. 2019-05-06 09:26:23 +02:00
Kevin Chu
56af87e2f3 edit config parser to support ipset 2019-05-03 17:45:34 +08:00
W.C.A. Wijngaards
bd5eeff364 - And gitignore unit test generated files, and generated doc files. 2019-05-02 16:14:03 +02:00
W.C.A. Wijngaards
2fea5663bd - Fix .gitignore, add pythonmod and dnstap generated files. 2019-05-02 16:01:56 +02:00
W.C.A. Wijngaards
f46c238552 - contrib/fastrpz.patch updated for code changes, and with git diff. 2019-05-02 11:17:41 +02:00
W.C.A. Wijngaards
ee0087d5c7 - PR #16: XoT support, AXFR over TLS 
Turn it on with master: <ip>#<authname> in unbound.conf.  This uses TLS to
download the AXFR (or IXFR).
 2019-05-01 16:41:09 +02:00
Willem Toorop
d4f697f160 Merge branch 'master' into features/XoT 2019-05-01 16:24:52 +02:00
W.C.A. Wijngaards
5c5ddbe859 - Nicer travis output for clang analysis. 2019-05-01 13:34:45 +02:00
W.C.A. Wijngaards
c6db87d81d - Update makedist for git. 2019-05-01 12:27:19 +02:00
Wouter Wijngaards
ff026a1f3c
Merge branch 'master' into features/XoT 2019-04-29 10:32:27 +02:00
W.C.A. Wijngaards
af11b54071 Review changes for the XoT branch 
With doc, SSL setup function, and function parameter doc.
 2019-04-29 10:25:19 +02:00
Wouter Wijngaards
2a78803049 - Fix wrong query name in local zone redirect answers with a CNAME, 
the copy of the local alias is in unpacked form.


git-svn-id: file:///svn/unbound/trunk@5175 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-25 14:07:42 +00:00
Ralph Dolmans
edf1ad369a - Scrub RRs from answer section when reusing NXDOMAIN message for subdomain 
answers.
 - For harden-below-nxdomain: do not consider a name to be non-exitent when
   message contains a CNAME record.


git-svn-id: file:///svn/unbound/trunk@5174 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-18 15:09:15 +00:00
Wouter Wijngaards
99f36a4e1e - travis build file. 
git-svn-id: file:///svn/unbound/trunk@5162 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-18 09:30:35 +00:00