upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-22 07:41:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6058 commits 23 branches 209 tags 123 MiB
Commit graph

3886 commits

Author SHA1 Message Date
Ralph Dolmans
99fd6cf711 - Cache ECS answers with longest scope of CNAME chain. 2020-05-15 13:13:49 +02:00
George Thessalonikefs
a269db3828 - Explicitly use 'rrset-roundrobin: no' for test cases. 2020-04-22 19:27:20 +02:00
George Thessalonikefs
584c2cf804 - Fix tests for new rrset-roundrobin default. 2020-04-21 22:02:56 +02:00
W.C.A. Wijngaards
6320776b25 Changelog note for PR #225 
- Merge #225 from akhait: KSK-2010 has been revoked. It removes the
  KSK-2010 from the default list in unbound-anchor, now that the
  revocation period is over.  KSK-2017 is the only trust anchor in
  the shipped default now.
 2020-04-21 15:11:02 +02:00
George Thessalonikefs
226d66ca92 - Change default value for 'rrset-roundrobin' to yes. 2020-04-21 12:58:48 +02:00
W.C.A. Wijngaards
cee3098e87 - Remove unneeded was_mesh_reply check. 2020-04-20 15:35:45 +02:00
W.C.A. Wijngaards
00323b71d7 - Fix for count of reply states in the mesh. 2020-04-20 14:24:05 +02:00
W.C.A. Wijngaards
5151190dbc Fix that it is --enable-rpath, for #222. 2020-04-20 10:08:08 +02:00
W.C.A. Wijngaards
52ebdd85da - Fix #222: --with-rpath, fails to rpath python lib. 2020-04-20 10:04:34 +02:00
George Thessalonikefs
a4dcd5eb91 - Update Changelog for PR #221. 2020-04-17 11:41:47 +02:00
George Thessalonikefs
e18ab07c62 - Add doxygen documentation for DSCP. 2020-04-16 13:58:35 +02:00
W.C.A. Wijngaards
963cfb58be - Fix for posix shell syntax for trap in run_msg.sh test script. 2020-04-16 13:17:33 +02:00
W.C.A. Wijngaards
3cd288a9f2 - Fix for posix shell syntax for trap in nsd-control-setup. 2020-04-16 13:14:50 +02:00
W.C.A. Wijngaards
2193d06af6 Merge branch 'master' of github.com:NLnetLabs/unbound 2020-04-16 11:48:53 +02:00
W.C.A. Wijngaards
eed157d36e - Fix help return code in unbound-control-setup script. 2020-04-16 11:47:27 +02:00
George Thessalonikefs
8a87fc6ae7 - Fix #220: auth-zone section in config may lead to segfault. 2020-04-15 17:57:02 +02:00
W.C.A. Wijngaards
c7f1d2d889 - Merge PR #214 from gearnode: unbound-control-setup recreate 
certificates.  With the -r option the certificates are created
  again, without it, only the files that do not exist are created.
 2020-04-07 13:49:25 +02:00
Ralph Dolmans
03a37d1ff6 - Keep track of number of timeouts. Use this counter to determine if capsforid 
fallback should be started.
 2020-04-06 18:00:06 +02:00
George Thessalonikefs
33a2613a49 - More documentation for redis-expire-records option. 2020-04-06 13:46:45 +02:00
George Thessalonikefs
a601fd6d3c Merge branch 'Talkabout-redis-expire-records' 2020-04-01 17:24:07 +02:00
W.C.A. Wijngaards
94e92b197a - Merge PR #208: Fix uncached CLIENT_RESPONSE'es on stateful 
transports.
 2020-03-30 14:55:00 +02:00
W.C.A. Wijngaards
e9e2871f18 - Merge PR #207: Clarify if-automatic listens on 0.0.0.0 and :: 2020-03-30 10:27:44 +02:00
W.C.A. Wijngaards
8dc35cfce3 Changelog note for PR #203. 
- Merge PR #203 from noloader: Update README-Travis.md with current
  procedures.
 2020-03-27 16:07:03 +01:00
Ralph Dolmans
51593d47ac Make unbound-control error returned on missing domain name more user friendly. 2020-03-27 11:27:12 +01:00
Ralph Dolmans
e4eb76a5f3 - Fix RPZ concurrency issue when using auth_zone_reload. 2020-03-26 19:11:57 +01:00
George Thessalonikefs
40ed82f522 Changelog entry for #201 
- Merge PR #201 from noloader: Fix OpenSSL cross-compaile warnings.
 2020-03-25 14:10:27 +01:00
W.C.A. Wijngaards
2889be5e90 - Travis fix for ios by omitting tools from install. 2020-03-24 10:23:00 +01:00
W.C.A. Wijngaards
bcdc13514a - Fixes on #200. and rerun autoconf. 2020-03-24 09:32:04 +01:00
W.C.A. Wijngaards
311f163aed Changelog for #200 and bison, flex regenerate. 
- Merge PR #200 from yarikk: add ip-dscp option to specify the DSCP
  tag for outgoing packets.
 2020-03-24 09:25:05 +01:00
W.C.A. Wijngaards
cca5cfc88f - Fix compile on Solaris for unbound-checkconf. 2020-03-23 17:26:06 +01:00
George Thessalonikefs
ce7fd591c6 - Changelog note for PR #198: Declare lz_enter_rr_into_zone() static, 
it's only used in this file, by fobser.
 2020-03-20 13:06:43 +01:00
W.C.A. Wijngaards
e8aab3f3f4 Changelog note for #197. 
- Merge PR #197 from fobser: Make log_ident_revert_to_default() a
  proper prototype.
 2020-03-20 11:54:57 +01:00
Ralph Dolmans
7fa2b19389 - Fix .travis.yml error, missing 'env' option. 2020-03-19 18:11:22 +01:00
Ralph Dolmans
5f7d73ae88 - Merge PR#194: Add libevent testing to Travis, by Jeffrey Walton. 2020-03-19 17:59:08 +01:00
Ralph Dolmans
d0ee8c1cbd Add changelog entries for PR#134. 2020-03-19 17:37:27 +01:00
Ralph Dolmans
2c03028fa3 - Fix #158: open tls-session-ticket-keys as binary, for Windows. By Daisuke 
HIGASHI.
 2020-03-19 14:00:33 +01:00
Ralph Dolmans
acfa55713c - Merge PR#191: Update iOS testing on Travis, by Jeffrey Walton. 2020-03-19 10:55:39 +01:00
W.C.A. Wijngaards
e4268663e6 - Fix #192: In the unbound-checkconf tool, the module config of 
dns64 subnetcache respip validator iterator is whitelisted, it was
  reported it seems to work.
 2020-03-16 09:44:38 +01:00
Wouter Wijngaards
59fe188954 - Fix compile of test tools without protobuf. 2020-03-12 10:49:24 +01:00
Ralph Dolmans
28e6c86e61 - Add check to make sure RPZ records are subdomain of configured zone origin. 2020-03-11 17:37:50 +01:00
George Thessalonikefs
67b4ab2c90 - Changelog entry for (Fix #189, Merge PR #190). 2020-03-11 11:50:38 +01:00
W.C.A. Wijngaards
50bc604586 Changelog for #188 and configure script created. Removed unneeded whitespace. 2020-03-11 08:41:56 +01:00
George Thessalonikefs
730aa097f8 - Changelog note for PR #186: Fix unrecognized 'echo -n' option on OS X, 
by noloader.
 2020-03-06 11:59:13 +01:00
W.C.A. Wijngaards
93c92eeabb Fix changelog note, it is #182, not #184. 2020-03-05 17:03:28 +01:00
W.C.A. Wijngaards
b8540e1e70 Changelog note for #184. 
- Fix PR #184 from noloader: Add iOS testing to Travis.
 2020-03-05 17:02:20 +01:00
Ralph Dolmans
cd6bb00f2c - Update README-Travis.md (from PR #179), by Jeffrey Walton. 2020-03-04 12:02:10 +01:00
George Thessalonikefs
a1b2261b7b - Merge PR #180 from noloader: Avoid calling exit in Travis script. 2020-03-04 10:25:04 +01:00
W.C.A. Wijngaards
779d65208e Changelog note for PR#180 . 
- Merge PR#180 from noloader: Avoid calling exit in Travis script.
 2020-03-04 08:18:00 +01:00
George Thessalonikefs
114d650d32 - Upgrade config.guess(2020-01-01) and config.sub(2020-01-01). 2020-03-03 18:29:11 +01:00
George Thessalonikefs
f4eaf6c0ff - Merge PR #174: Add Android to Travis testing, by noloader. 
- Move android build scripts to contrib/ and allow android tests to fail.
 2020-03-02 15:17:59 +01:00
Ralph Dolmans
26f057d668 Merge branch 'noloader-openssl' 2020-03-02 14:14:25 +01:00
Ralph Dolmans
868ce6372d - Add github reference in changelog (Fix #175, Merge PR #176) 2020-03-02 14:13:20 +01:00
Ralph Dolmans
90040b24ce - Fix link error when OpenSSL is configured with no-engine, thanks noloader. 2020-03-02 14:06:10 +01:00
W.C.A. Wijngaards
4207b58700 - Fix #177: dnstap does not build on macOS. 2020-03-02 13:33:34 +01:00
George Thessalonikefs
c5897dc058 - Fix compiler warning in dns64/dns64.c. 2020-03-02 11:52:33 +01:00
W.C.A. Wijngaards
93189d3083 Changelog note for PR #164 and text for release explanation. 
- Merge PR #164: Framestreams, this branch implements dnstap
  unidirectional connectivity in unbound. This has a number of
  new features.

  The dependency on libfstrm is removed. The fstrm protocol code
  resides in dnstap/dnstap_fstrm.h and dnstap/dnstap_fstrm.c. This
  contains a brief definition of what unbound needs.

  The make unbound-dnstap-socket builds a debug tool,
  unbound-dnstap-socket. It can listen, accept multiple DNSTAP
  streams and print information. Commandline options control it.

  Unbound can reconnect if the unix domain socket file socket is
  closed. This uses exponential backoff after which it uses a
  one second timer to throttle cpu down. There is also support
  to use TCP and TLS for connecting to the log server. There
  are new config options to turn them on, in the dnstap section
  in the man page and example config file. dnstap-ip with IP
  address of server for TCP or TLS use. dnstap-tls to turn
  on TLS. And dnstap-tls-server-name, dnstap-tls-cert-bundle,
  dnstap-tls-client-key-file and dnstap-tls-client-cert-file
  to configure the certificates for server authentication and
  client authentication, or leave at "" to not use that.
 2020-02-28 15:23:54 +01:00
Ralph Dolmans
8f1cb41725 Merge PR #172: Add IBM s390x arch for testing, by noloader. 2020-02-28 11:42:17 +01:00
W.C.A. Wijngaards
d68c1e29b6 Changelog note for PR #173. 
- Merge PR #173: updated makedist.sh for config.guess and
  config.sub and sha256 digest for gpg, by noloader.
 2020-02-28 10:15:57 +01:00
George Thessalonikefs
9efe85fb4c - Merge PR #171: Add additional compilers and platforms to Travis 
testing, by noloader.
 2020-02-27 18:13:22 +01:00
W.C.A. Wijngaards
6f4818ebcb - Fix more undefined sanitizer issues, in respip copy_rrset null 
dname, and in the client_info_compare routine for null memcmp.
 2020-02-27 15:43:27 +01:00
W.C.A. Wijngaards
57bbbfc0e6 - Fix #170: Fix gcc undefined sanitizer signed integer overflow 
warning in signature expiry RFC1982 serial number arithmetic.
 2020-02-27 15:22:35 +01:00
W.C.A. Wijngaards
348e246b66 - Fix #169: Fix warning for daemon/remote.c output may be truncated 
from snprintf.
 2020-02-27 15:08:10 +01:00
W.C.A. Wijngaards
f469049198 - iana portlist updated. 2020-02-26 14:32:14 +01:00
W.C.A. Wijngaards
318d4e91cc - Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for 
using ipv4 filters, because the hosts ip6 netblock /64 is not owned
  by one operator, and thus reputation is shared.
 2020-02-25 09:55:59 +01:00
George Thessalonikefs
f99dd8f6dc Changelog note for PR #166. 
- Merge PR #166: Fix typo in unbound.service.in, by glitsj16.
 2020-02-24 12:01:20 +01:00
W.C.A. Wijngaards
d2a843b422 - master branch has 1.10.1 version. 2020-02-20 14:42:58 +01:00
W.C.A. Wijngaards
6d7e0d68cf Note tag position in Changelog. 2020-02-20 14:41:39 +01:00
W.C.A. Wijngaards
ec0d6f196e - Updated contrib/unbound_smf23.tar.gz with Solaris SMF service for 
Unbound from Yuri Voinov.
 2020-02-20 09:17:24 +01:00
W.C.A. Wijngaards
6accd3d681 - protect X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS with ifdef for 
different openssl versions.
 2020-02-18 08:31:38 +01:00
W.C.A. Wijngaards
85fd23769f - changelog point where the tag for 1.10.0rc2 release is. 2020-02-17 15:24:29 +01:00
Ralph Dolmans
fe5370a98a - Add respip to supported module-config options in unbound-checkconf. 2020-02-17 13:36:30 +01:00
George Thessalonikefs
4b354d38c1 - Remove unused variable. 2020-02-17 12:56:20 +01:00
W.C.A. Wijngaards
a9b7638f4b Neater changelog 2020-02-17 10:10:44 +01:00
W.C.A. Wijngaards
42fdfd8121 - contrib/drop2rpz: perl script that converts the Spamhaus DROP-List 
in RPZ-Format, contributed by Andreas Schulze.
 2020-02-17 10:09:46 +01:00
W.C.A. Wijngaards
2665ae0414 - Stop unbound-checkconf from insisting that auth-zone and rpz 
zonefiles have to exist.  They can not exist, and download later.
 2020-02-14 07:57:57 +01:00
W.C.A. Wijngaards
77bdbc6e98 - Fix spelling in unbound.conf.5.in. 2020-02-14 07:54:49 +01:00
W.C.A. Wijngaards
00d622bed7 - updated version number to 1.10.0. 2020-02-12 12:51:35 +01:00
W.C.A. Wijngaards
9e193be648 - Fix compile warning when threads disabled. 2020-02-12 11:55:02 +01:00
W.C.A. Wijngaards
7dcfe531e4 - Fix to clean memory leak of respip_addr.lock when ip_tree deleted. 2020-02-12 11:49:26 +01:00
W.C.A. Wijngaards
e965775064 - Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale 
fixes, but it does not compile, conflicts with new rpz code.
 2020-02-12 11:29:55 +01:00
W.C.A. Wijngaards
6e13c6f401 - Fix contrib/fastrpz.patch to apply cleanly. 2020-02-12 11:24:59 +01:00
W.C.A. Wijngaards
2916cfb3b0 - Fix with libnettle make test with dsa disabled. 2020-02-12 11:15:24 +01:00
George Thessalonikefs
adda4f6ace - Fix use after free on log-identity after a reload; Fixes #163. 2020-02-10 13:56:22 +01:00
George Thessalonikefs
c316b1d7d5 - Document 'ub_result.was_ratelimited' in libunbound. 2020-02-10 10:31:47 +01:00
W.C.A. Wijngaards
aee3706f66 - Fix to put braces around empty if body when threading is disabled. 2020-02-06 15:33:02 +01:00
George Thessalonikefs
8e135d5f59 - Document in unbound.conf manpage that configuration clauses can be repeated in the configuration file. 2020-02-06 14:39:58 +01:00
George Thessalonikefs
5d6358b66d - Cleaner code for mesh_serve_expired_lookup. 2020-02-06 14:38:01 +01:00
W.C.A. Wijngaards
4089147351 - Fix to lock and release once in mesh_serve_expired_lookup. 2020-02-06 14:01:45 +01:00
W.C.A. Wijngaards
18ea62e369 - Fix to lock zone before adding rpz qname trigger. 2020-02-06 12:22:15 +01:00
W.C.A. Wijngaards
d000523b00 - Fix to create and destroy rpz_lock in auth_zones structure. 2020-02-06 11:51:17 +01:00
George Thessalonikefs
0758d29324 - Fix num_reply_states and num_detached_states counting with 
serve_expired_callback.
 2020-02-06 11:44:48 +01:00
W.C.A. Wijngaards
af7abd4dfd - Fix num_reply_addr counting in mesh and tcp drop due to size 
after serve_stale commit.
 2020-02-06 11:09:30 +01:00
gthess
f7fe95ad7b
Serve stale (#159) 
- Added serve-stale functionality as described in
  draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
  to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
  come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
 2020-02-05 14:20:27 +01:00
Ralph Dolmans
8c88ab4747 - Add assertion to please static analyzer 2020-02-03 16:44:21 +01:00
W.C.A. Wijngaards
7495b25f94 - Fix fclose on error in TLS session ticket code. 2020-01-31 07:49:14 +01:00
Ralph Dolmans
810862dc65 - Stop working on socket when socket() call returns an error. 
- Check malloc return values in TLS session ticket code
 2020-01-30 19:15:58 +01:00
W.C.A. Wijngaards
a4244e79ca - Add getentropy_freebsd.o to Makefile dependencies. 2020-01-30 16:15:51 +01:00
W.C.A. Wijngaards
833021d84d - Add build rule for ipset to Makefile 2020-01-30 16:12:39 +01:00
Ralph Dolmans
2c459443da - Add changelog entry for RPZ merge 2020-01-30 16:04:27 +01:00
Ralph Dolmans
d69ba6f39f - Add changelog entry for memory leak fix 2020-01-30 15:47:49 +01:00
Ralph Dolmans
5dc6798e75 Merge branch 'master' of github.com:NLnetLabs/unbound 2020-01-30 14:58:25 +01:00
Ralph Dolmans
4f5b934688 - Fix small memory leak in error condition remote.c 
- Fix double free in error condition view.c
 2020-01-30 14:56:48 +01:00
W.C.A. Wijngaards
a5f133ef2f - updated .gitignore for added contrib file. 2020-01-30 14:20:08 +01:00
W.C.A. Wijngaards
de5c0d4228 Changelog note for PR#151. 
- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
  and Frzk.  Updates the unbound.service systemd file and adds
  a portable systemd service file.
 2020-01-30 14:11:41 +01:00
W.C.A. Wijngaards
20a2574da1 - Update contrib/fastrpz.patch for clean diff with current code. 2020-01-30 13:05:35 +01:00
W.C.A. Wijngaards
bf13191b87 - Fix subnet tests for disabled DSA algorithm by default. 2020-01-30 09:08:19 +01:00
Ralph Dolmans
4326b10169 - Add PR#156 merge to changelog (Added unbound-control view_local_datas_remove 
command)
 2020-01-29 15:46:05 +01:00
W.C.A. Wijngaards
079de39b46 - Fix #157: undefined reference to `htobe64'. 2020-01-29 11:56:29 +01:00
W.C.A. Wijngaards
6c0a863584 - Fix to silence the tls handshake errors for broken pipe and reset 
by peer, unless verbosity is set to 2 or higher.
 2020-01-28 14:32:06 +01:00
Ralph Dolmans
a930b94658 - Add PR#147 merge to changelog 2020-01-28 13:41:26 +01:00
W.C.A. Wijngaards
f6287fc718 - iana portlist updated. 2020-01-28 12:25:37 +01:00
Ralph Dolmans
0feee99055 - Add changelog entry for PR#148. 2020-01-27 16:06:06 +01:00
Ralph Dolmans
41621fb1df - Add changelog entry for RP#154 
- autoconf after PR#154
 2020-01-27 15:50:12 +01:00
W.C.A. Wijngaards
68ff1730ac - Fix #153: Disable validation for DSA algorithms. RFC 8624 
compliance.
 2020-01-27 09:40:18 +01:00
W.C.A. Wijngaards
82a6a2f8cc Changelog note for PR#155. 
- Merge PR#155 from Rober Edmonds: contrib/libunbound.pc.in: Fixes
  to Libs/Requires for crypto library dependencies.
 2020-01-27 09:31:07 +01:00
W.C.A. Wijngaards
61456ff81d Changelog and contrib/README note for PR#150. 
- Merge PR#150 from Frzk: Systemd unit without chroot.  It add
  contrib/unbound_nochroot.service.in, a systemd file for use with
  chroot: "", see comments in the file, it uses systemd protections
  instead.
 2020-01-23 16:16:52 +01:00
W.C.A. Wijngaards
1e0c957dcd - Fix auth zone support for NSEC3 records without salt. 2020-01-14 16:03:29 +01:00
W.C.A. Wijngaards
ea26e5038e - Fix for memory leak when edns subnet config options are read when 
compiled without edns subnet support.
 2020-01-14 15:48:27 +01:00
W.C.A. Wijngaards
2c4be0c201 - Fix crash after reload where a stats lookup could reference old key 
cache and neg cache structures.
 2020-01-14 15:18:52 +01:00
W.C.A. Wijngaards
9b3f3101e3 - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, 
because dnscrypt-proxy (2.0.36) does not support the test setup
  any more, and also the config file format does not seem to have
  the appropriate keys to recreate that setup.
 2020-01-14 14:40:44 +01:00
W.C.A. Wijngaards
e149bc7046 - Fix unreachable code in ssl set options code. 2020-01-10 11:28:01 +01:00
W.C.A. Wijngaards
a8db52120b - Fix the relationship between serve-expired and prefetch options, 
patch from Saksham Manchanda from Secure64.
 2020-01-10 10:04:50 +01:00
Ralph Dolmans
92a525225b - Add changelog entry for fix #138 (stop binding pidfile inside chroot dir in 
systemd service file).
 2020-01-08 16:36:18 +01:00
W.C.A. Wijngaards
c4e199ecca - And update for more spare space. 2020-01-08 12:58:07 +01:00
W.C.A. Wijngaards
5ae1544583 - Updated sldns_bget_token_par fix for also space for the zero 
delimiter after the character.
 2020-01-08 11:55:42 +01:00
W.C.A. Wijngaards
05a5dc2d0d - Fix out-of-bounds null-byte write in sldns_bget_token_par while 
parsing type WKS, reported by Luis Merino from X41 D-Sec.
 2020-01-08 11:08:16 +01:00
W.C.A. Wijngaards
19473d95eb - Fix 'make test' to work for --disable-sha1 configure option. 2020-01-08 09:23:46 +01:00
George Thessalonikefs
8686b0abbf - Changes to compat/getentropy_solaris.c for, 
ifdef stdint.h inclusion for older systems.
  ifdef sha2.h inclusion for older systems.
 2020-01-07 15:19:15 +02:00
George Thessalonikefs
d68ece28c4 - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. 
The dl_iterate_phdr() function introduced in newer versions raises
  compilation errors on solaris 10.
 2020-01-07 15:06:14 +02:00
W.C.A. Wijngaards
453c84b237 - Fix #140: Document slave not downloading new zonefile upon update. 2020-01-06 16:36:44 +01:00
W.C.A. Wijngaards
20a3d3be5f (Changelog note for #135). 
- Merge #135 from Florian Obser: Use passed in neg and key cache
  if non-NULL.
 2020-01-06 16:18:46 +01:00
George Thessalonikefs
1d45b4a1e0 - Update mailing list URL. 2019-12-16 16:03:31 +01:00
Ralph Dolmans
90b42b56b6 - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by 
Florian Obser
 2019-12-12 13:05:09 +01:00
Ralph Dolmans
f1d5d5d682 Make master 1.9.7 in development. 2019-12-12 12:48:29 +01:00
W.C.A. Wijngaards
41d3e2027c - Fix to make auth zone IXFR to fallback to AXFR if a single 
response RR is received over TCP with the SOA in it.
 2019-12-10 13:09:50 +01:00
W.C.A. Wijngaards
e828d678ba - Fix Makefile.in for ipset module compile, from Adi Prasaja. 2019-12-06 11:31:34 +01:00
W.C.A. Wijngaards
f3c2d05728 - Fix ipsecmod compile. 2019-12-06 07:59:55 +01:00
W.C.A. Wijngaards
4b73b5f299 - tag for 1.9.6rc1. 2019-12-05 11:21:46 +01:00
W.C.A. Wijngaards
ff7d68ca53 - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 
replacements for unbound-fuzzme.c that gets created after applying
  the contrib/unbound-fuzzme.patch.  They are contributed by
  Eric Sesterhenn from X41 D-Sec.
 2019-12-05 09:10:49 +01:00
W.C.A. Wijngaards
3fb98a72d2 - Fix Make Test Fails when Configured With --enable-alloc-nonregional, 
reported by X41 D-Sec.
 2019-12-04 16:23:52 +01:00
W.C.A. Wijngaards
6e8b4a7796 - update contrib/fastrpz.patch to apply more cleanly. 2019-12-04 11:41:13 +01:00
W.C.A. Wijngaards
6f7eb3ea9f - Fix testbound for alloccheck runs, memory purify and lock checks. 2019-12-04 11:37:24 +01:00
W.C.A. Wijngaards
216747bb17 - Fix lock type for memory purify log lock deletion. 2019-12-04 09:44:31 +01:00
W.C.A. Wijngaards
8f79119826 - make depend 2019-12-03 17:28:51 +01:00
W.C.A. Wijngaards
4106308bd5 - Fix Hardcoded Constant, reported by X41 D-Sec. 2019-12-03 17:23:38 +01:00
W.C.A. Wijngaards
c4c1f9e5ef - Fix _vfixed not Used, removed from sbuffer code, 
reported by X41 D-Sec.
 2019-12-03 17:07:35 +01:00
W.C.A. Wijngaards
b6f0b1af86 - Fix compile error in dnscrypt. 2019-12-03 16:44:24 +01:00
W.C.A. Wijngaards
68027ab145 - Fix Client NONCE Generation used for Server NONCE, 
reported by X41 D-Sec.
 2019-12-03 16:42:14 +01:00
W.C.A. Wijngaards
4a7ebfabcf - Fix Bad Indentation, in dnscrypt.c, 
reported by X41 D-Sec.
 2019-12-03 16:34:53 +01:00
W.C.A. Wijngaards
9ce6119513 - Fix snprintf() supports the n-specifier, 
reported by X41 D-Sec.
 2019-12-03 16:29:18 +01:00
W.C.A. Wijngaards
534eac6ae5 Note what it did, lower to 256 max count. 2019-12-03 16:21:04 +01:00
W.C.A. Wijngaards
d3ff930b06 - Fix Hang in sldns_wire2str_pkt_scan(), 
reported by X41 D-Sec.
 2019-12-03 16:20:24 +01:00
W.C.A. Wijngaards
6c3a0b54ed - Fix Out of Bound Write Compressed Names in rdata_copy(), 
reported by X41 D-Sec.
 2019-12-03 16:18:47 +01:00
W.C.A. Wijngaards
2d444a5037 - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), 
reported by X41 D-Sec.
 2019-12-03 16:17:03 +01:00
W.C.A. Wijngaards
c99438c6a1 - Fix Out of Bounds Write in sldns_b64_pton(), 
fixed by check in sldns_str2wire_int16_data_buf(),
  reported by X41 D-Sec.
 2019-12-03 16:10:34 +01:00
W.C.A. Wijngaards
3f3cadd416 - Fix Out of Bounds Write in sldns_str2wire_str_buf(), 
reported by X41 D-Sec.
 2019-12-03 16:01:31 +01:00
W.C.A. Wijngaards
e183a66d60 - Fix OOB Read in sldns_wire2str_dname_scan(), 
reported by X41 D-Sec.
 2019-12-03 15:42:34 +01:00
W.C.A. Wijngaards
d2eb78e871 - Fix Assert Causing DoS in dname_pkt_copy(), 
reported by X41 D-Sec.
 2019-12-03 15:20:48 +01:00
W.C.A. Wijngaards
5a66aecef9 - Fix similar code in auth_zone synth cname to add the extra checks. 2019-12-03 15:11:22 +01:00
W.C.A. Wijngaards
f5e06689d1 - Fix Assert Causing DoS in synth_cname(), 
reported by X41 D-Sec.
 2019-12-03 15:10:36 +01:00
W.C.A. Wijngaards
5a00b31f86 - Fix text around serial arithmatic used for RRSIG times to refer 
to correct RFC number.
 2019-12-03 12:58:09 +01:00
W.C.A. Wijngaards
cdbf091c0d Changelog entry for merge of #124. 
- Merge pull request #124 from rmetrich: Changed log lock
  from 'quick' to 'basic' because this is an I/O lock.
 2019-12-03 10:03:44 +01:00
W.C.A. Wijngaards
aa64c58368 Changelog entry for #122. 
- Merge pull request #122 from he32: In tcp_callback_writer(),
  don't disable time-out when changing to read.
 2019-12-02 13:59:43 +01:00
W.C.A. Wijngaards
f82f971997 - Add make distclean that removes everything configure produced, 
and make maintainer-clean that removes bison and flex output.
 2019-11-22 15:10:02 +01:00
George Thessalonikefs
30b0fa1e8e Fix compiler warnings. 2019-11-22 14:30:56 +01:00
W.C.A. Wijngaards
1718a8e6b5 - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. 2019-11-22 14:23:00 +01:00
W.C.A. Wijngaards
ebad5416d7 - Fix comments for doxygen in dns64. 2019-11-20 15:22:20 +01:00
W.C.A. Wijngaards
8833d44d01 - Fix python examples/calc.py for eval, reported by X41 D-Sec. 2019-11-20 15:07:09 +01:00
W.C.A. Wijngaards
da4d6ffee3 - Fix Bad Randomness in Seed, reported by X41 D-Sec. 2019-11-20 14:40:50 +01:00
W.C.A. Wijngaards
981fedea0e - Fix NULL Pointer Dereference via Control Port, 
reported by X41 D-Sec.
 2019-11-20 14:37:13 +01:00
W.C.A. Wijngaards
3a49e683ed - Fix Enum Name not Used, reported by X41 D-Sec. 2019-11-20 14:22:06 +01:00
W.C.A. Wijngaards
3907876eac - Fix Unrequired Checks, reported by X41 D-Sec. 2019-11-20 14:05:54 +01:00
W.C.A. Wijngaards
fcd9b34bb5 - Fix Useless memset() in validator, reported by X41 D-Sec. 2019-11-20 14:02:58 +01:00
W.C.A. Wijngaards
d63ec2dfcb - Fix Terminating Quotes not Written, reported by X41 D-Sec. 2019-11-20 14:01:01 +01:00
W.C.A. Wijngaards
6139943428 - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. 2019-11-20 13:51:10 +01:00
W.C.A. Wijngaards
a76e43341f - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. 2019-11-20 13:30:27 +01:00
W.C.A. Wijngaards
d63536289c - Changes to compat/getentropy files for, 
no link to openssl if using nettle, and hence config.h for
  HAVE_NETTLE variable.
  compat definition of MAP_ANON, for older systems.
  ifdef stdint.h inclusion for older systems.
  ifdef sha2.h inclusion for older systems.
 2019-11-20 13:28:49 +01:00
W.C.A. Wijngaards
d085a0039b - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD. 2019-11-20 13:12:36 +01:00
W.C.A. Wijngaards
3ebc480690 - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. 2019-11-20 13:11:05 +01:00
W.C.A. Wijngaards
20dd979d00 - Synchronize compat/getentropy_win.c with version 1.5 from 
OpenBSD, no changes but makes the file, comments, identical.
 2019-11-20 13:08:43 +01:00
W.C.A. Wijngaards
623dba975a - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. 2019-11-20 13:05:10 +01:00
W.C.A. Wijngaards
09707fc403 - Fix Integer Underflow in Regional Allocator, 
reported by X41 D-Sec.
 2019-11-20 13:00:56 +01:00
W.C.A. Wijngaards
2dcc7016ac - Fix Local Memory Leak in cachedb_init(), 
reported by X41 D-Sec.
 2019-11-20 12:56:39 +01:00
W.C.A. Wijngaards
f887552763 - Fix Config Injection in create_unbound_ad_servers.sh, 
reported by X41 D-Sec.
 2019-11-20 12:02:19 +01:00
W.C.A. Wijngaards
72d348de6a - Fix Out-of-Bounds Read in dname_valid(), 
reported by X41 D-Sec.
 2019-11-20 11:38:11 +01:00
W.C.A. Wijngaards
7646c96259 - Fix Randomness Error not Handled Properly, 
reported by X41 D-Sec.
 2019-11-20 11:35:07 +01:00
W.C.A. Wijngaards
d8809c672a - Fix Weak Entropy Used For Nettle, 
reported by X41 D-Sec.
 2019-11-20 11:28:53 +01:00
W.C.A. Wijngaards
7e3da817c3 - Adjust unbound-control to make stats_shm a read only operation. 2019-11-20 11:18:03 +01:00
W.C.A. Wijngaards
c54fe82886 - Fix Shared Memory World Writeable, 
reported by X41 D-Sec.
 2019-11-20 11:13:45 +01:00
W.C.A. Wijngaards
1fa40654d2 - Fix Race Condition in autr_tp_create(), 
reported by X41 D-Sec.
 2019-11-20 11:01:56 +01:00
W.C.A. Wijngaards
d79d75538b - Fix Out of Bounds Read in rrinternal_get_owner(), 
reported by X41 D-Sec.
 2019-11-20 08:28:12 +01:00
W.C.A. Wijngaards
fa23ee8f31 - Fix Out of Bounds Write in sldns_bget_token_par(), 
reported by X41 D-Sec.
 2019-11-19 16:54:44 +01:00
W.C.A. Wijngaards
51c23b0209 - Fix Out of Bounds Read in sldns_str2wire_dname(), 
reported by X41 D-Sec.
 2019-11-19 16:46:33 +01:00
W.C.A. Wijngaards
a3545867fc - Fix Integer Overflow to Buffer Overflow in 
sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec.
 2019-11-19 16:42:17 +01:00
W.C.A. Wijngaards
02080f6b18 - Fix Integer Overflows in Size Calculations, 
reported by X41 D-Sec.
 2019-11-19 16:32:40 +01:00
W.C.A. Wijngaards
07156bd5ea - Fix Out-of-bounds Read in rr_comment_dnskey(), 
reported by X41 D-Sec.
 2019-11-19 16:17:06 +01:00
W.C.A. Wijngaards
2a4e840be4 - Fix Unchecked NULL Pointer in dns64_inform_super() 
and ipsecmod_new(), reported by X41 D-Sec.
 2019-11-19 15:48:18 +01:00
W.C.A. Wijngaards
226298bbd3 - Fix Integer Overflow in Regional Allocator, 
reported by X41 D-Sec.
 2019-11-19 15:38:05 +01:00
W.C.A. Wijngaards
79a6e9fbe2 - Fixes to please lint checks. 2019-11-19 12:10:03 +01:00
W.C.A. Wijngaards
16bbfc3461 - Fix authzone printout buffer length check. 2019-11-19 10:09:44 +01:00
W.C.A. Wijngaards
d8090b8cae - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. 2019-11-19 10:06:12 +01:00
W.C.A. Wijngaards
09845779d5 - Fix CVE-2019-18934, shell execution in ipsecmod. 2019-11-19 10:05:18 +01:00
W.C.A. Wijngaards
cb8374cce5 - gitignore .source tempfile used for compatible make. 2019-11-18 15:58:19 +01:00
W.C.A. Wijngaards
442e95620e - Portable grep usage for reuseport configure test. 
- Check return type of HMAC_Init_ex for openssl 0.9.8.
 2019-11-18 15:53:47 +01:00
W.C.A. Wijngaards
af6f5a3f54 - Provide a prototype for compat malloc to remove compile warning. 2019-11-18 13:52:17 +01:00
W.C.A. Wijngaards
253d95a8ef - update to bison output of 3.4.1 in code repository. 2019-11-18 10:50:54 +01:00
W.C.A. Wijngaards
57f2582790 - In unbound-host use separate variable for get_option to please 
code checkers.
 2019-11-18 10:45:47 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
W.C.A. Wijngaards
d4c904d091 - contrib/fastrpz.patch updated to apply for current code. 2019-11-13 11:40:56 +01:00
W.C.A. Wijngaards
5ac9bf3f9b - iana portlist updated. 2019-11-13 11:37:06 +01:00
W.C.A. Wijngaards
f759fc5839 Changelog note and configure autoconf generated. 
- Merge #102 from jrtc27: Add getentropy emulation for FreeBSD.
 2019-11-11 14:46:24 +01:00
W.C.A. Wijngaards
29b90c6e58 - Fix #109: check number of arguments for stdin-pipes in 
unbound-control and fail if too many arguments.
 2019-11-11 12:02:51 +01:00
W.C.A. Wijngaards
7dfbcdf276 - Fix #99: Memory leak in ub_ctx (event_base will never be freed). 2019-10-24 09:58:45 +02:00
George Thessalonikefs
941b324187 Add new configure option --enable-fully-static to enable full static build if 
requested; in relation to #91.
 2019-10-23 16:10:07 +02:00
W.C.A. Wijngaards
21472c2393 Changelog note for #97. 
- Merge #97: manpage: Add missing word on unbound.conf,
  from Erethon.
 2019-10-23 07:56:17 +02:00
W.C.A. Wijngaards
e6a179e27a - drop-tld.diff: adds option drop-tld: yesno that drops 2 label 
queries, to stop random floods.  Apply with
  patch -p1 < contrib/drop-tld.diff and compile.
  From Saksham Manchanda (Secure64).  Please note that we think this
  will drop DNSKEY and DS lookups for tlds and hence break DNSSEC
  lookups for downstream clients.
 2019-10-22 10:32:37 +02:00
W.C.A. Wijngaards
eb2283332b - Add doxygen comments to unbound-anchor source address code, in #86. 2019-10-07 09:50:04 +02:00
W.C.A. Wijngaards
b2c3b4758b For #86, note credit for Lukas Wunner. 2019-10-03 16:29:45 +02:00
W.C.A. Wijngaards
8bfbd81fec Changelog entry for #86 and whitespace fix. 
- Merge #86 from psquarejho: Added -b source address option to
  smallapp/unbound-anchor.c.
 2019-10-03 16:22:42 +02:00
W.C.A. Wijngaards
facc6c6541 - Merge 1.9.4 release with fix for vulnerability CVE-2019-16866. 
- Continue with development of 1.9.5.
 2019-10-03 11:40:13 +02:00
W.C.A. Wijngaards
82dffb1023 Changelog entry for Merge #90. 
- Merge #90 from vcunat: fix build with nettle-3.5.
 2019-10-03 08:59:16 +02:00
W.C.A. Wijngaards
7963c9f463 Changelog note for #87. 
- Merge #87 from hardfalcon: Fix contrib/unbound.service.in,
  Drop CAP_KILL, use + prefix for ExecReload= instead.
 2019-09-26 13:17:46 +02:00
W.C.A. Wijngaards
55bb4c1275 - The unbound.conf includes are sorted ascending, for include 
statements with a '*' from glob.
 2019-09-25 16:50:30 +02:00
W.C.A. Wijngaards
06a91b0eaa Changelog entry for fix #84 and #85. 
- Merge #85 for #84 from sam-lunt: Add kill capability to systemd
  service file to fix that systemctl reload fails.
 2019-09-23 09:20:12 +02:00
W.C.A. Wijngaards
f635b47ade Changelog entry for #83 
- Merge #83 from Maryse47: contrib/unbound.service.in: do not fork
  into the background.
 2019-09-20 12:59:41 +02:00
W.C.A. Wijngaards
1b62399a6e Changelog entry for #81. 
- Merge #81 from Maryse47: Consistently use /dev/urandom instead
  of /dev/random in scripts and docs.
 2019-09-20 07:44:43 +02:00
W.C.A. Wijngaards
aefd2df51f (Changelog entry for #82). 
- Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW
  in unbound.service.
 2019-09-20 07:38:34 +02:00
W.C.A. Wijngaards
1dcc88b6e8 - Merge #80 from stasic: Improve wording in man page. 
(Changelog entry for merge)
 2019-09-19 16:56:14 +02:00
W.C.A. Wijngaards
9f0b260c49 - Fix wrong response ttl for prepended short CNAME ttls, this would 
create a wrong zero_ttl response count with serve-expired enabled.
 2019-09-19 16:29:51 +02:00
W.C.A. Wijngaards
ab53baa6f5 - Fix for oss-fuzz build warning. 2019-09-19 10:09:49 +02:00
W.C.A. Wijngaards
554e4a939c - Fix fix for #78 to also free service callback struct. 2019-09-19 10:03:47 +02:00
W.C.A. Wijngaards
45b3215594 - oss-fuzz badge on README.md. 2019-09-19 09:55:23 +02:00
W.C.A. Wijngaards
3cb1cdeebd - Merge pull request #76 from Maryse47: Improvements and fixes for 
systemd unbound.service.
(Changelog note for merge of #76).
 2019-09-19 09:53:21 +02:00
W.C.A. Wijngaards
1a4eaaabc5 - Fix #78: Memory leak in outside_network.c. 2019-09-19 09:11:23 +02:00
W.C.A. Wijngaards
13d96540de - Use explicit bzero for wiping clear buffer of hash in cachedb, 
reported by Eric Sesterhenn from X41 D-Sec.
 2019-09-11 15:31:03 +02:00
W.C.A. Wijngaards
e45e9f1ce0 - Fix #72: configure --with-syslog-facility=LOCAL0-7 with default 
LOG_DAEMON (as before) can set the syslog facility that the server
  uses to log messages.
 2019-09-09 14:27:55 +02:00
W.C.A. Wijngaards
05b9f4fd28 - Fix #71: fix openssl error squelch commit compilation error. 2019-09-04 08:44:19 +02:00
W.C.A. Wijngaards
1089fd6dc1 - squelch DNS over TLS errors 'ssl handshake failed crypto error' 
on low verbosity, they show on verbosity 3 (query details), because
  there is a high volume and the operator cannot do anything for the
  remote failure.  Specifically filters the high volume errors.
 2019-09-03 09:47:27 +02:00
W.C.A. Wijngaards
366296ec14 - updated Makefile dependencies. 2019-09-02 15:56:24 +02:00
W.C.A. Wijngaards
7f9aa6734a - ipset: refactor long routine into three smaller ones. 2019-09-02 15:17:25 +02:00
W.C.A. Wijngaards
9902a5f81d - ipset module #28: log that an address is added, when verbosity high. 2019-09-02 13:50:42 +02:00
W.C.A. Wijngaards
cd0a2b1af1 - Master is 1.9.4 in development. 2019-08-27 09:56:20 +02:00
W.C.A. Wijngaards
a374dfb669 - Fix contrib/fastrpz.patch asprintf return value checks. 2019-08-23 08:41:46 +02:00
W.C.A. Wijngaards
79fa94834e - 1.9.3rc2 release candidate tag. 2019-08-22 14:50:49 +02:00
W.C.A. Wijngaards
06847ff3be - Fix that pkg-config is setup before --enable-systemd needs it. 2019-08-22 12:22:25 +02:00
W.C.A. Wijngaards
80c2c69fa7 - Fix log_dns_msg to log irrespective of minimal responses config. 2019-08-21 17:41:29 +02:00
Ralph Dolmans
8b752e359e - Document limitation of pidfile removal outside of chroot directory. 2019-08-19 13:27:19 +02:00
W.C.A. Wijngaards
d3b3d64ef3 - Remove warning about unknown cast-function-type warning pragma. 2019-08-16 12:52:58 +02:00
W.C.A. Wijngaards
c602ba7319 - Fixup contrib/fastrpz.patch 2019-08-16 12:37:13 +02:00
W.C.A. Wijngaards
bdb6c153e4 - Please doxygen's parser for "@" occurrence in doxygen comment. 2019-08-16 12:21:40 +02:00